Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
* Add introspection for math build.
* Raise build error if more than one multi-precision math library used.
* Fix ESP32 to support using any multi-precision math option.
* Refactor math headers to use `wolfmath.h`
* Refactor of the opaque math variable type `MATH_INT_T` used by crypto hardware (QuickAssist, SE050, ESP32 and STM32).
* Cleanups for building with `WOLFCRYPT_ONLY` and `NO_BIG_INT`.
* Stop forcing use of fast math by default for platforms in settings.h. Note: For users that still want to use fast math (tfm.c) they will need to add USE_FAST_MATH to their build settings.
Applies To:
```
WOLFSSL_ESPWROOM32
WOLFSSL_ESPWROOM32SE
MICROCHIP_PIC32
WOLFSSL_PICOTCP_DEMO
WOLFSSL_UTASKER
WOLFSSL_NRF5x
FREERTOS_TCP
WOLFSSL_TIRTOS
EBSNET
FREESCALE_COMMON
FREESCALE_KSDK_BM
WOLFSSL_DEOS
MICRIUM
WOLFSSL_SGX
```
* wolfcrypt/test/test.{c,h}: refactor to capture and encode error retvals using WC_TEST_RET_*() macros (based on line numbers), and print line and return code in err_sys().
* wolfcrypt/test/test.h: cast back to int in WC_TEST_RET_ENC(), to fix MSVC warning.
* configure.ac: add shake128 and shake256 to enable-all and enable-all-crypto;
* wolfcrypt/benchmark/benchmark.c: fix gating for bench_shake128() from !defined(WOLFSSL_NO_SHAKE128) to defined(WOLFSSL_SHAKE128).
* wolfcrypt/test/test.h: add WC_TEST_RET_TAG_* and WC_TEST_RET_DEC_TAG(), and refactor WC_TEST_RET_{ENC,DEC}_*() macros to implement the tag mechanism;
* add render_error_message() with tag-specific rendering of error strings;
* wolfcrypt/test/test.c: smallstack refactor of shake128_test() and shake128_absorb_test();
* wolfcrypt/test/test.c: change gating around mp_test() and related routines from defined(HAVE_VALGRIND) to defined(WOLFSSL_PUBLIC_MP);
* smallstack refactor of mp_test();
* refactor a slew of WC_TEST_RET_ENC_NC associated with XFOPEN/XFREAD to be WC_TEST_RET_ENC_ERRNO, and add error detection for XFREAD (previously silently tolerating zero retvals).
* wolfcrypt/test/test.c: build mp_test() only if WOLFSSL_SP_MATH_ALL or USE_FAST_MATH (in addition to WOLFSSL_PUBLIC_MP), because many general purpose functions such as sp_mulmod() are gated out in SP builds without WOLFSSL_SP_MATH_ALL.
* wolfcrypt/test/test.c: fix array bounds flubs in shake128_test();
* don't print_fiducials() in wolfcrypt_test() header, but rather, after render_error_message() in err_sys().
* wolfcrypt/test/test.{c,h}: wrap some overlong lines, and fix an unused-variable warning in mp_test_set_is_bit().
* wolfcrypt/test/test.c: fixes for several misplaced and several missing WC_TEST_RET_ENC_EC()s.
fflush stdout after each scenario for line-buffered pipelining;
refactor csv_header_count into sym_header_printed, asym_header_printed, and pqasym_header_printed;
move SAKKE tests to precede PQ tests;
rename bench_stats_sym_check() to bench_stats_check();
add bench_stats_asym_finish_ex() accepting a "desc_extra" arg, and use it to disambiguate otherwise-homonymous SAKKE runs;
fix bench_aesecb_internal() to not check time (syscall) for every 3 blocks processed.
Ed25519 and Ed448 need to enable certs.
If no system CA certs can't be parsed,
wolfSSL_CTX_load_system_CA_certs() will fail. Don't try test if RSA and
ECC are not enabled.
Fix benchmark.c so that e is defined when WOLFSSL_BENCHMARK_ALL defined.
MAX_LENGTH_SZ is 4 and supports lengths up to 2^24 - one byte for length
and 3 bytes of length.
(new gcc compiler fix)
* add option to run benchmarks with and w/o AAD
This adds the possibility to benchmark AES-GCM and AES-CCM both with and
w/o AAD, with the option to also run both.
The default behavior when wolfSSL provides the `main()` function is
unchanged.
The default behavior when wolfSSL doesn't provide the `main()` function has
been changed to "run both benchmarks - with and w/o ADD".
* add option to run benchmarks against 4096bit RSA&DH keys
* remove `BENCH_SIZE` macro from benchmark.c
* pre-define benchmark sizes in a single place, before it had to be done in two places
* improve `benchmark_static_init()`
- static variable doesn't need to be in global scope
- add option to force re-init
- add more static variables to be reset
* add `-blocks` option to benchmarks
* expose benchmark `main()` as `wolfcrypt_benchmark_main()`
* fix benchmark `-?` output
* use correct SI/Binary prefix in benchmarks
* use a separate column per detail in CSV output of benchmark
* add `-aad_size` option to benchmark
* don't always print symmetric CSV headers
* always use M[i]B/s when output format is CSV
* Versal specific patches for benchmarks
This also removes the default define for `COUNTS_PER_SECOND` for Xilinx
targets, since I prefer to have a build failure over wrongly calculated
output.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
* PSA: set AES key bits, define PSA_ALG_NONE/PSA_KEY_ID_NULL if needed
* Zephyr: add TimeNowInMilliseconds() for tls13.c, clock_settime() for test.c, update CMakeLists.txt
* Skip including unistd.h for Zephyr in benchmark.c
* Zephyr: update README, add nRF5340dk support to wolfssl_test sample app
* Zephyr: add wolfCrypt benchmark sample app
* Zephyr: add nRF5340 support to tls_thread sample app
* PSA: use specific hash algo with psa_sign/verify_hash()
* Zephyr: add support for PSA Crypto API with PK callbacks to wolfssl_tls_threaded sample app
* Zephyr: add new files to zephyr/include.am
Also:
* added HAVE_FALCON guards as needed.
* corrected minor falcon bugs as I found them.
* handling OID sum collision between DILITHIUM_LEVEL5 and DILITHIUM_AES_LEVEL3
Tested with the following commands:
examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
-c ~/tmp/dilithium_aes_level5_entity_cert.pem \
-k ~/tmp/dilithium_aes_level5_entity_key.pem \
-A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5
examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
-c ~/tmp/dilithium_aes_level5_entity_cert.pem \
-k ~/tmp/dilithium_aes_level5_entity_key.pem \
-A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5
with permutations of SHAKE,AES variants and levels 2,3,5
add wolfCrypt error codes IO_FAILED_E "Input/output failure" and SYSLIB_FAILED_E "System/library call failed";
tests/api.c and tests/unit.c: flush stdout for error message in Fail() macro, add fflush(stdout) after printf()s, print success message at end of unit_test(), and send several error messages to stderr instead of stdout;
wolfcrypt/test/test.c: add fallthrough macro definition of printf() that pairs it with fflush(stdout);
unit.h: in definition of macro AssertPtr(), add PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"");
sp_int.c: refactor several lingering instances of "if (0) { ... }" code pattern to #if 0 ... #endif.
* PKCS7 should use allocated buffer for RSA.
* PKCS7 small stack typo for `keyAlgArray` size in `wc_PKCS7_AddRecipient_KTRI`.
* Fix for use of `free`, which should be `XFREE` in api.c.
* Cleanup old RSA benchmarking MDK5/WINCE code no longer needed with `WC_DECLARE_ARRAY_DYNAMIC_DEC` and `WC_DECLARE_ARRAY_DYNAMIC_EXE`.
Change Karatsuba implementations for x86_64.
Fix ECC code to better handle corner cases.
Add 'lower' versions of functions wehn an input is known to be less than m.
Add mont_add/dbl/tpl/sub for P384.
Change ECC point add to be cache-attack resistant.
Change mod_exp to be cache-attack resistant.
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
as a default callback.
2. Modify all the tests and examples to use the default seed callback if
the seed callback is enabled.
Fix no new line
Change comment style in testsuite.c
Add include for proper socket header in wolfio.h
Add dc_log_printf support to benchmark application
Pull in changes for examples
Refector NETOS check in test.c
Fix format and remove settings used only for validation testing
Implement peer review feedback
Address last items noted in peer review
Add new README to include.am
Adjust comment style on TODO
Gate changes in client and server properly
Add static on customer feedback
Fix settings include
Update latest peer feedback
* Remove NTRU and OQS
* Keep the DTLS serialization format backwards compatible.
* Remove n from mygetopt_long() call.
* Fix over-zealous deletion.
* Resolve problems found by @SparkiDev
* Fix for sniffer to better handle spurious retransmission edge case. ZD 12852
* Fix for sniffer to not send alerts during application data processing.
* Fix for missing semi-colon on XFREE.
* Fix for `bench_stats_print` with stack variable name used in `bench_ecc`. Improve benchmark thread cleanup, CPU count calcuation and stat blocking logic.
Faster small code and fast code.
Allow fixed 4096-bit FFDHE parameters in benchmark.
Convert [u]int[32|64|128]*_t types to sp_[u]int[32|64|128].
Add a div for when top bits are all 1
WOLFSSL_SP_FAST_LARGE_CODE added to make mul_add function faster on
non-embedded platforms.
Change mod_exp window sizes for same performance but less memory.
P256 with c32 now 9 words instead of 10.
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
configure option. `--enable-fips=ready`. It will treat FIPS
Ready as the next kind of FIPS release. FIPS Ready will be
treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
checks for not version 2, with respect to ECC Timing Resistance
and FIPS builds.
An RNG is required for shared secret calculation now.
Use wc_ecc_set_rng() to set an RNG against the ECC object.
ECC verification does not need timing resistance and does not randomize
z ordinates.
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
* Fix for key gen macro name in benchmark.c
* Fix for possible RSA fall-through warning.
* Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`.
* Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`.
* Added options.h includes for test.c and benchmark.c.
* Added printf warning on the math size mismatch in test.c.
* Added support for benchmarking larger sizes.
* TLS benchmarks for HiFive unleashed.
For the sync QAT, the QAT headers are included into the library after it
has been built and is being used. The actual headers should only be used
when building wolfSSL and should be hidden from the user.
1. Most of the functions in the sync QAT and OCTEON headers don't need
to be exported. Move all of that into the source files. Only export the
init and deinit functions.
2. Remove inline from the OCTEON support functions.
3. Remove the AES-ECB files for sync OCTEON as unused.
4. Configure defaults to OCTEON2 build, can be overridden with variable.
1. Switched the IntelQa sync API back to local.
2. Added two functions to setup and cleanup the IntelQA device.
3. Changed the Octeon functions to match the IntelQa functions.
4. Updated sniffer, wolfcryptest, and benchmark.
1. Add configure option for sync IntelQA that uses the crypto callback API.
2. Make a synchonous copy of the quickassist files.
3. Tie in the crypto device to the sniffer.
4. When making a sniffer build, define static DH enabled.
5. The readme files in the Cavium were being added to the distro optionally, changed to always add the readme files.
6. Added an include of the cavium_octeon header in the wc_ports.c.
7. Updated the Cavium OCTEON callback for AES-GCM.
8. Add the global tag to the list of crypto callback function pointers.
9. Add an accessor to the OCTEON crypto callback module to return the device ID of the OCTEON device.
10. Add a new version of ssl_SetWatchKeyCallback which takes an additional parameter of a device ID. This ID is used to set up the wolfSSL_CTXs in the sniffer session trackers.
11. Update the benchmark to use sync OCTEON and QAT.
This allows SP to support:
- DH parameter checking
- DH parameter generation
- RSA key generation
Improved performance of sp_mod operation.
Reworked some functions to have one exit point (return statement).
Fixed sp_sub_d().
Changed tests to perform 2048-bit RSA key generation only when using SP
math.
Fixed Intel x86_64 C file to not have DH specific functions available
unless WOLFSSL_HAVE_SP_DH is defined.
Fixed tfm to return an error when t is not the correct size in
fp_isprime_ex().
* Added new `WOLFSSL_TELIT_M2MB` build option to enable support for RNG, Time, Mutex, FileSystem and Directory.
* Added `XTIME_MS` macro to simplify the tls13.c layer time requirement.
* Cleanup of the wolfCrypt benchmark and test printf remapping.
* Added wolfCrypt optional memory test enabled with `COMPLEX_MEM_TEST`.
* Added wolfCrypt test / benchmark feature for allowing "sleep" between long operations using `TEST_SLEEP()`.
* Fix for extern with `sp_ModExp_2048` when building with `--cpp` option.
hardware acceleration with RSA
add AES-GCM hardware acceleration
refactor setting RSA IV flag
check and set AF_ALG flags
fix for default AF_ALG use
set buffer alignment with Xilinx RSA
macro guard after rebase
use ALIGN64
clean up test cases
Sean Parkinson
David Garske
Daniel Pouzzner
Tim Weller
gojimmypi
Jacob Barthelmeh
Anthony Hu
Andras Fekete
András Fekete
Anthony Tatowicz
Steffen Jaeckel
Chris Conlon
Hayden Roche
Eric Blankenhorn
John Safranek
Juliusz Sosinowicz
Hideki Miyazaki
kaleb-himes
Kareem
Anthony Hu
Elms
Daniele Lacamera
toddouska
Tesfa Mael
Takashi Kojo