diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml new file mode 100644 index 0000000000..6d63f3bf11 --- /dev/null +++ b/.github/workflows/coverity-scan-fixes.yml @@ -0,0 +1,53 @@ +name: Coverity Scan master branch + +on: + workflow_dispatch: + schedule: + - cron: '0 0 * * 1-5' + - cron: '0 0 * * 0' + - cron: '0 12 * * 0' + +jobs: + coverity: + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: master + + - name: Configure wolfSSL with enable-all M-F + if: github.event.schedule == '0 0 * * 1-5' + run: | + ./autogen.sh + ./configure --enable-all + + - name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00 + if: github.event.schedule == '0 0 * * 0' + run: | + ./autogen.sh + ./configure --enable-all --enable-smallstack + + - name: Configure wolfSSL with bigendian Sun at 12:00 + if: github.event.schedule == '0 12 * * 0' + run: | + ./autogen.sh + ./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER" + + - name: Check secrets + env: + token_var: ${{ secrets.COVERITY_SCAN_TOKEN }} + email_var: ${{ secrets.COVERITY_SCAN_EMAIL }} + run: | + token_len=${#token_var} + echo "$token_len" + email_len=${#email_var} + echo "$email_len" + + - uses: vapier/coverity-scan-action@v1 + with: + build_language: 'cxx' + project: "wolfSSL/wolfssl" + token: ${{ secrets.COVERITY_SCAN_TOKEN }} + email: ${{ secrets.COVERITY_SCAN_EMAIL }} + command: "make" diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 06cd338cb0..b6fe4cc2d3 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -52,8 +52,7 @@ jobs: - name: Install test dependencies run: | sudo apt-get update - sudo apt-get install nghttp2 libpsl5 libpsl-dev - sudo pip install impacket + sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket - name: Download lib uses: actions/download-artifact@v4 diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index 94f305d1f6..4c52175d46 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -196,8 +196,7 @@ jobs: # hostap dependencies sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \ libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \ - libnl-route-3-dev libdbus-1-dev bridge-utils tshark - sudo pip3 install pycryptodome + libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome - name: Checkout hostap uses: actions/checkout@v4 diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml index 36411261cf..1dc2c18e58 100644 --- a/.github/workflows/ipmitool.yml +++ b/.github/workflows/ipmitool.yml @@ -51,6 +51,8 @@ jobs: runs-on: ubuntu-latest needs: build_wolfssl steps: + - name: Install dependencies + run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8 - name: Download lib uses: actions/download-artifact@v4 with: diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index 2b82ca6b3a..3b8348ad77 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -41,13 +41,17 @@ jobs: retention-days: 5 build_pam-ipmi: + if: github.repository_owner == 'wolfssl' strategy: fail-fast: false matrix: - ref: [ 0.6.0 ] - name: ${{ matrix.ref }} - if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-latest + config: + - ref: 0.7.0 + runner: ubuntu-latest + - ref: 0.6.0 + runner: ubuntu-22.04 + name: ${{ matrix.config.ref }} + runs-on: ${{ matrix.config.runner }} needs: build_wolfssl steps: - name: Install dependencies @@ -76,12 +80,12 @@ jobs: with: repository: Thalhammer/jwt-cpp path: jwt-cpp - ref: v${{ matrix.ref }} + ref: v${{ matrix.config.ref }} - name: Build pam-ipmi working-directory: jwt-cpp run: | - patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch + patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \ cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON . make -j -C build diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index 44a47ce920..6d9961cc9e 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -68,8 +68,7 @@ jobs: run: | export DEBIAN_FRONTEND=noninteractive sudo apt-get update - sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make - sudo pip install --upgrade psutil + sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil - name: Checkout mosquitto uses: actions/checkout@v4 diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml index 3edf533f2d..0606833025 100644 --- a/.github/workflows/multi-compiler.yml +++ b/.github/workflows/multi-compiler.yml @@ -51,6 +51,8 @@ jobs: # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: + - name: Install dependencies + run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }} - uses: actions/checkout@v4 - name: Build env: diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 97274daf88..b9ae65114e 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -43,7 +43,7 @@ jobs: fail-fast: false matrix: # List of refs to test - ref: [ release/2.6, v2.6.0, master ] + ref: [ release/2.6, master ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml index af127651fa..ec254d6f3d 100644 --- a/.github/workflows/pam-ipmi.yml +++ b/.github/workflows/pam-ipmi.yml @@ -56,8 +56,7 @@ jobs: # Don't prompt for anything export DEBIAN_FRONTEND=noninteractive sudo apt-get update - sudo apt-get install libpam-dev ninja-build - sudo pip3 install meson + sudo apt-get install libpam-dev ninja-build meson - name: Download lib uses: actions/download-artifact@v4 diff --git a/.github/workflows/softhsm.yml b/.github/workflows/softhsm.yml new file mode 100644 index 0000000000..1f30a7cff6 --- /dev/null +++ b/.github/workflows/softhsm.yml @@ -0,0 +1,94 @@ +name: SoftHSMv2 Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + if: github.repository_owner == 'wolfssl' + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024 + install: true + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-softhsm + path: build-dir.tgz + retention-days: 5 + + softhsm_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 2.6.1 ] + name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y libcppunit-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-softhsm + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout SoftHSMv2 + uses: actions/checkout@v4 + with: + repository: opendnssec/SoftHSMv2 + path: softhsm + ref: ${{ matrix.ref }} + + # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work + - name: Build softhsm + working-directory: softhsm + run: | + patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch + autoreconf -if + ./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir + make -j + + - name: Test softhsm + working-directory: softhsm + run: make -j check diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index 31011e1874..7ab859133a 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -14,6 +14,7 @@ concurrency: jobs: build_wolfssl: + if: github.repository_owner == 'wolfssl' name: Build wolfSSL # Just to keep it the same as the testing target runs-on: ubuntu-latest @@ -39,6 +40,7 @@ jobs: retention-days: 5 sssd_check: + if: github.repository_owner == 'wolfssl' strategy: fail-fast: false matrix: diff --git a/.github/workflows/win-csharp-test.yml b/.github/workflows/win-csharp-test.yml new file mode 100644 index 0000000000..12b294b6b2 --- /dev/null +++ b/.github/workflows/win-csharp-test.yml @@ -0,0 +1,58 @@ +name: Windows CSharp Build Test + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +jobs: + build: + + if: github.repository_owner == 'wolfssl' + runs-on: windows-latest + + # This should be a safe limit for the tests to run. + timeout-minutes: 6 + + env: + # Path to the solution file relative to the root of the project. + SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln + + # Configuration type to build. + # You can convert this to a build matrix if you need coverage of multiple configuration types. + # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix + BUILD_CONFIGURATION: Debug + BUILD_PLATFORM: x64 + + steps: + - name: Pull wolfssl + uses: actions/checkout@master + with: + repository: wolfssl/wolfssl + path: wolfssl + + - name: Create FIPS stub files (autogen) + working-directory: wolfssl + run: | + echo $null >> wolfcrypt\src\fips.c + echo $null >> wolfcrypt\src\fips_test.c + echo $null >> wolfcrypt\src\wolfcrypt_first.c + echo $null >> wolfcrypt\src\wolfcrypt_last.c + + - name: Add MSBuild to PATH + uses: microsoft/setup-msbuild@v1 + + - name: Build + working-directory: ${{env.GITHUB_WORKSPACE}} + # Add additional options to the MSBuild command line here (like platform or verbosity level). + # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference + run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}} + + - name: Run wolfCrypt test + working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\ + run: ./wolfCrypt-test.exe + + - name: Run wolfSSL client/server example + working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\ + run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 52f1a21eb9..0582154c8f 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -46,7 +46,7 @@ jobs: libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \ libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \ net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \ - python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \ + python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \ texinfo unzip wget ovmf xz-utils - name: Install west diff --git a/.gitignore b/.gitignore index 8ef6f71b1b..87ff413b3f 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ ctaocrypt/src/src/ *.cache .dirstamp *.user +!*-VS2022.vcxproj.user configure config.* !cmake/config.in diff --git a/CMakeLists.txt b/CMakeLists.txt index a581df8146..72e6550b5c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") You must delete them, or cmake will refuse to work.") endif() -project(wolfssl VERSION 5.7.2 LANGUAGES C ASM) +project(wolfssl VERSION 5.7.4 LANGUAGES C ASM) # Set WOLFSSL_ROOT if not already defined if ("${WOLFSSL_ROOT}" STREQUAL "") @@ -53,7 +53,7 @@ set(WOLFSSL_LIBRARY_VERSION_FIRST 42) # increment if interfaces have been added # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented -set(WOLFSSL_LIBRARY_VERSION_SECOND 2) +set(WOLFSSL_LIBRARY_VERSION_SECOND 3) # increment if source code has changed # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or diff --git a/ChangeLog.md b/ChangeLog.md index bee6e614ee..a0585b3c26 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,196 @@ +# wolfSSL Release 5.7.4 (Oct 24, 2024) + +Release 5.7.4 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 + +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. + + +## Vulnerabilities +* [Low] When the OpenSSL compatibility layer is enabled, certificate + verification behaved differently in wolfSSL than OpenSSL, in the + X509_STORE_add_cert() and X509_STORE_load_locations() implementations. + Previously, in cases where an application explicitly loaded an intermediate + certificate, wolfSSL was verifying only up to that intermediate certificate, + rather than verifying up to the root CA. This only affects use cases where the + API is called directly, and does not affect TLS connections. Users that call + the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their + applications are recommended to update the version of wolfSSL used or to have + additional sanity checks on certificates loaded into the X509_STORE when + verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) + + +## PQC TLS Experimental Build Fix +* When using TLS with post quantum algorithms enabled, the connection uses a + smaller EC curve than agreed on. Users building with --enable-experimental and + enabling PQC cipher suites with TLS connections are recommended to update the + version of wolfSSL used. Thanks to Daniel Correa for the report. + (https://github.com/wolfSSL/wolfssl/pull/8084) + + +## New Feature Additions +* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, + Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) +* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) +* Add support for (DevkitPro)libnds (PR 7990) +* Add port for Mosquitto OSP (Open Source Project) (PR 6460) +* Add port for init sssd (PR 7781) +* Add port for eXosip2 (PR 7648) +* Add support for STM32G4 (PR 7997) +* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback + Support (PR 7777) +* Add support for building wolfSSL to be used in libspdm (PR 7869) +* Add port for use with Nucleus Plus 2.3 (PR 7732) +* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with + --enable-acert (PR 7926) +* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS + (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). + (PR 7750) +* Added “new” and “delete” style functions for heap/pool allocation and freeing + of low level crypto structures (PR 3166 and 8089) + + +## Enhancements and Optimizations +* Increase default max alt. names from 128 to 1024 (PR 7762) +* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) +* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) +* Add option to disable cryptocb test software test using + --disable-cryptocb-sw-test (PR 7862) +* Add a call to certificate verify callback before checking certificate dates + (PR 7895) +* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding + support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and + Hashing (PR 3166) +* Expand MMCAU support for use with DES ECB (PR 7960) +* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) +* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) +* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) +* Added support for wolfSSL to be used as the default TLS in the zephyr kernel + (PR 7731) +* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) +* Renesas RX TSIP ECDSA support (PR 7685) +* Support DTLS1.3 downgrade when the server supports CID (PR 7841) +* Server-side checks OCSP even if it uses v2 multi (PR 7828) +* Add handling of absent hash params in PKCS7 bundle parsing and creation + (PR 7845) +* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in + environments that do not have a word64 type (PR 7759) +* Update to the maxq10xx support (PR 7824) +* Add support for parsing over optional PKCS8 attributes (PR 7944) +* Add support for either side method with DTLS 1.3 (PR 8012) +* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) +* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) +* Add left-most wildcard matching support to X509_check_host() (PR 7966) +* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) +* Building wolfSSL as a library with Ada and corrections to Alire manifest + (PR 7303,7940) +* Renesas RX72N support updated (PR 7849) +* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object + (PR 8005) +* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each + SSL object (PR 7867) +* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. + Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) +* Memory usage improvements in wc_PRF, sha256 (for small code when many + registers are available) and sp_int objects (PR 7901) +* Change in the configure script to work around ">>" with no command. In older + /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) +* Don't attempt to include system headers when not required (PR 7813) +* Certificates: DER encoding of ECC signature algorithm parameter is now + allowed to be NULL with a define (PR 7903) +* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) +* Update rx64n support on gr-rose (PR 7889) +* Update FSP version to v5.4.0 for RA6M4 (PR 7994) +* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) +* Add a new crypto callback for RSA with padding (PR 7907) +* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA + (PR 7924) +* Modernized memory fence support for C11 and clang (PR 7938) +* Add a CRL error override callback (PR 7986) +* Extend the X509 unknown extension callback for use with a user context + (PR 7730) +* Additional debug error tracing added with TLS (PR 7917) +* Added runtime support for library call stack traces with + –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) +* Expanded C89 conformance (PR 8077) +* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) +* Added support for cross-compilation of Linux kernel module (PR 7746) +* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) +* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a + serial number of 0 (PR 7893) +* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) + +### Espressif / Arduino Updates +* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) +* Update Espressif sha, util, mem, time helpers (PR 7955) +* Espressif _thread_local_start and _thread_local_end fix (PR 8030) +* Improve benchmark for Espressif devices (PR 8037) +* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) +* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF + (PR 7936) +* Update wolfssl Release for Arduino (PR 7775) + +### Post Quantum Crypto Updates +* Dilithium: support fixed size arrays in dilithium_key (PR 7727) +* Dilithium: add option to use precalc with small sign (PR 7744) +* Allow Kyber to be built with FIPS (PR 7788) +* Allow Kyber asm to be used in the Linux kernel module (PR 7872) +* Dilithium, Kyber: Update to final specification (PR 7877) +* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) + +### ARM Assembly Optimizations +* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) +* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) +* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) +* Adding ARM ASM build option to STM32CubePack (PR 7747) +* Add ARM64 to Visual Studio Project (PR 8010) +* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) +* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) + + +## Fixes +* ECC key load: fixes for certificates with parameters that are not default for + size (PR 7751) +* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) +* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret + (PR 7812) +* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) +* Fix for detecting older versions of Mac OS when trying to link with + libdispatch (PR 7932) +* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake + packets combined into a single transmission. (PR 7840) +* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest + (PR 7779) +* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) +* Fix for staticmemory and singlethreaded build (PR 7737) +* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) +* Fix to support PKCS11 without RSA key generation (PR 7738) +* Fix not calling the signing callback when using PK callbacks + TLS 1.3 + (PR 7761) +* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) +* Fix with PKCS11 to iterate correctly over slotId (PR 7736) +* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) +* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value + (PR 7742) +* Use max key length for PSK encrypt buffer size (PR 7707) +* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) +* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) +* Fix CMake build error for curl builds (PR 8021) +* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) +* SSL loading of keys/certs: testing and fixes (PR 7789) +* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) +* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) +* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) +* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) +* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member + (PR 8099) + + # wolfSSL Release 5.7.2 (July 08, 2024) Release 5.7.2 has been developed according to wolfSSL's development and QA diff --git a/Docker/Dockerfile b/Docker/Dockerfile index e6c3cd35d3..d2c01b05d3 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git" ARG DEPS_UDP_PROXY="wget libevent-dev" ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq" -ARG DEPS_TOOLS="ccache clang-tidy maven" +ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck" RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \ && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \ && apt clean -y && rm -rf /var/lib/apt/lists/* diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md index cc1a1d661d..01a860fd9d 100644 --- a/IDE/Espressif/ESP-IDF/README.md +++ b/IDE/Espressif/ESP-IDF/README.md @@ -1,11 +1,12 @@ # ESP-IDF Port These Espressif examples have been created and tested with the latest stable release branch of -[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html). +ESP-IDF v5.2, v5.3 and the master branch + The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended. -Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html). +Espressif has [a list of all ESP-IDF versions](Espressifversions.html). -See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html). +See the latest Espressif Migration Guides. ## Examples @@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below. ### File: `sdkconfig.h` The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig` -file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html) +file at [build](Espressif api-guides/build-system.html) time, should be included before any other files. ### File: `user_settings.h` @@ -101,7 +102,7 @@ of your source code, particularly before the `#include git clone -b v5.0.2 --recursive https://github.com/espre - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715 - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777) - WSL 1 Ubuntu 22.04.3 LTS - - ESP-IDF: ESP-IDF v5.1 - - SoC Module : all those supported in ESP-IDF v5.1 + - ESP-IDF: ESP-IDF v5.2 + - SoC Module : all those supported in ESP-IDF v5.2 ## JTAG Debugging Notes @@ -226,3 +235,15 @@ ftdi layout_signal nSRST -data 0x0020 reset_config srst_push_pull trst_push_pull ``` + +## Windows long paths + +Check "Long Paths Enabled" in Windows registry. + +Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1. + +The operation requires Administrator privileges. Command: + +```powershell +powershell -Command "&{ Start-Process -FilePath reg 'ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f' -Verb runAs}" +``` diff --git a/IDE/Espressif/ESP-IDF/README_32se.md b/IDE/Espressif/ESP-IDF/README_32se.md index af440a8b5a..438723c6b2 100644 --- a/IDE/Espressif/ESP-IDF/README_32se.md +++ b/IDE/Espressif/ESP-IDF/README_32se.md @@ -10,7 +10,7 @@ Including the following examples: The `user_settings.h` file enables some of the hardened settings. ## Requirements -1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/ +1. ESP-IDF development framework: https://github.com/espressif/esp-idf 2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md index d4a0ad696a..a25289432c 100644 --- a/IDE/Espressif/ESP-IDF/examples/README.md +++ b/IDE/Espressif/ESP-IDF/examples/README.md @@ -78,7 +78,7 @@ wolfSSL to be installed. If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux) and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux). -The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl) +The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) also installs source code locally, instead of pointing to a source repository. ## VisualGDB @@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've - esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058) -See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf). - - - +See also the `ESP-FAQ Handbook`. diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt index 2f3e1630a3..54971360fc 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt @@ -1,12 +1,12 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.2 +# v1.3 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) # Optional no watchdog typically used for test & benchmark -# add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) +add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) # The wolfSSL CMake file should be able to find the source code. # Otherwise, assign an environment variable or set it here: @@ -71,6 +71,10 @@ else() message(STATUS "No conflicting wolfSSL components found.") endif() +# Ensure the this wolfSSL component directory is included +set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl") +list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) + # Not only is a project-level "set(COMPONENTS" not needed here, this will cause # an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". include($ENV{IDF_PATH}/tools/cmake/project.cmake) diff --git a/IDE/Espressif/ESP-IDF/examples/template/README.md b/IDE/Espressif/ESP-IDF/examples/template/README.md index 8d9ebbe49a..9e82e72806 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/README.md +++ b/IDE/Espressif/ESP-IDF/examples/template/README.md @@ -7,7 +7,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ### Prerequisites -It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/) has been installed. +It is assumed the [ESP-IDF environment](Espressifget-started/) has been installed. ### Files Included @@ -19,7 +19,7 @@ It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp- - The [components/wolfssl/CMakeLists.txt](./components/wolfssl/CMakeLists.txt) typically does not need to be changed. -- Optional [VisualGDB Project](./VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj) for Visual Studio using ESP32 and ESP-IDF v5.1. +- Optional [VisualGDB Project](./VisualGDB/README.md) for Visual Studio using ESP32 and ESP-IDF v5.2. See also [template](../template/VisualGDB/README.md) for other devices. - Edit the project [CMakeLists.txt](./CMakeLists.txt) to optionally point this project's wolfSSL component source code at a different directory: @@ -30,12 +30,12 @@ set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") ## Getting Started: -Here's an example using the command-line [idf.py](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-py.html). +Here's an example using the command-line [idf.py](Espressifapi-guides/tools/idf-py.html). Edit your `WRK_IDF_PATH`to point to your ESP-IDF install directory. ``` -WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 echo "Run export.sh from ${WRK_IDF_PATH}" . ${WRK_IDF_PATH}/export.sh @@ -53,7 +53,7 @@ idf.py flash -p /dev/ttyS19 -b 115200 idf.py flash -p /dev/ttyS19 -b 115200 monitor ``` -Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-monitor.html). +Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](Espressifapi-guides/tools/idf-monitor.html). ## Other Examples: diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt index 8c678fbf3b..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt @@ -28,6 +28,9 @@ cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") # function: IS_ESP_IDF_COMPONENT # output: RESULT = 1 (true) if this component is located in the ESP-IDF components @@ -153,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -404,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -420,6 +428,7 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support + "${THIS_ESP_TLS}" "${THIS_INCLUDE_TIMER}" "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) @@ -757,6 +766,7 @@ else() REQUIRES "${COMPONENT_REQUIRES}" EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" PRIV_REQUIRES + "${THIS_ESP_TLS}" "${THIS_INCLUDE_TIMER}" "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) @@ -768,7 +778,10 @@ else() endif() # function(WOLFSSL_INIT_CERT_BUNDLE) -if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) if (CMAKE_BUILD_EARLY_EXPANSION) message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") endif() @@ -1001,10 +1014,13 @@ if(WOLFSSL_ROOT) set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") - file(WRITE "tada.txt" "${WOLFSSL_ROOT}\n") # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE if(CONFIG_ESP_TLS_USING_WOLFSSL) - message(STATUS "wolfSSL will be used for ESP-TLS") + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() else() message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") endif() diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig index 5e21683b32..cdd039d73f 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig @@ -382,6 +382,24 @@ menu "wolfSSL" Hardware acceleration enabled by default. Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + endmenu # wolfSSL Hardware Acceleration # ----------------------------------------------------------------------------------------------------------------- @@ -410,6 +428,13 @@ menu "wolfSSL" default n help Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + endmenu # wolfSSL Debug Options # ----------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk new file mode 100644 index 0000000000..45a1aa08fb --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk @@ -0,0 +1,296 @@ +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +$(info *********** wolfssl component ************) + +# +# Component Makefile +# +# +# The Espressif Managed Components are only for newer versions of the ESP-IDF +# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later: +# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html +# https://components.espressif.com/ +# +# Usage: +# +# make flash +# +# make flash ESPPORT=/dev/ttyS55 +# +# make flash ESPBAUD=9600 +# +# make monitor ESPPORT=COM1 +# +# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200 +# +# export ESPPORT=/dev/ttyS55 +# +# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html +# + +# Although the project should define WOLFSSL_USER_SETTINGS, we'll also +# define it here: +CFLAGS +=-DWOLFSSL_USER_SETTINGS + +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here (the location of of this component.mk): +WOLFSSL_ROOT := ../../../../../../.. + +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is +# located HERE in THIS project, and *not* in the wolfSSL root. +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif +# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos +# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" + +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src + +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o + + +## +## wolfSSL +## +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o +# COMPONENT_OBJS += src/conf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o +# COMPONENT_OBJS += src/pk.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o +# COMPONENT_OBJS += src/ssl_asn1.o +# COMPONENT_OBJS += src/ssl_bn.o +# COMPONENT_OBJS += src/ssl_certman.o +# COMPONENT_OBJS += src/ssl_crypto.o +# COMPONENT_OBJS += src/ssl_misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o +# COMPONENT_OBJS += src/x509.o +# COMPONENT_OBJS += src/x509_str.o + +## +## wolfcrypt +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o + +## +## Espressif +## +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o + +## +## wolfcrypt benchmark (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + + +## +## wolfcrypt test (optional) +## +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test + +## +## wolfcrypt +## +## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index 3939302b98..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -85,6 +85,9 @@ /* Turn on messages that are useful to see only in examples. */ #define WOLFSSL_EXAMPLE_VERBOSITY +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + /* wolfSSL Examples: set macros used in example applications. * * These Settings NOT available in ESP-IDF (e.g. esp-tls) @@ -153,8 +156,13 @@ /* Other applications detected by cmake */ #elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) - /* The wolfSSL Version */ - #define FP_MAX_BITS (8192 * 2) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif #define HAVE_ALPN #define HAVE_SNI #define OPENSSL_EXTRA_X509_SMALL @@ -240,9 +248,23 @@ /* Used by ESP-IDF components: */ #if defined(CONFIG_ESP_TLS_USING_WOLFSSL) /* The ESP-TLS */ - #define FP_MAX_BITS (8192 * 2) + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif #define HAVE_ALPN - #define HAVE_SNI + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif #define OPENSSL_EXTRA_X509_SMALL #define HAVE_TLS_EXTENSIONS @@ -349,18 +371,25 @@ /* Required for RSA */ #define WC_RSA_PSS - /* TLS 1.3 normally requires HAVE_FFDHE. For now just syntax highlight: */ + /* TLS 1.3 normally requires HAVE_FFDHE */ #if defined(HAVE_FFDHE_2048) || \ defined(HAVE_FFDHE_3072) || \ defined(HAVE_FFDHE_4096) || \ defined(HAVE_FFDHE_6144) || \ defined(HAVE_FFDHE_8192) #else + #define HAVE_FFDHE_2048 /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ #endif #endif - +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -477,8 +506,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -733,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -791,7 +827,7 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options optionally increase error message size for very long paths. #define WOLFSSL_MAX_ERROR_SZ 500 -Turn debugging on/off: +Turn wolfSSL debugging on/off: wolfSSL_Debugging_ON(); wolfSSL_Debugging_OFF(); @@ -801,6 +837,7 @@ Turn debugging on/off: #define DEBUG_WOLFSSL_SHA_MUTEX #define WOLFSSL_DEBUG_IGNORE_ASN_TIME #define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC @@ -809,6 +846,8 @@ Turn debugging on/off: #define WOLFSSL_ESP32_HW_LOCK_DEBUG #define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK #define ESP_MONITOR_HW_TASK_LOCK #define USE_ESP_DPORT_ACCESS_READ_BUFFER diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt index a038d035bc..3d72464657 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt @@ -1,5 +1,5 @@ # wolfSSL Espressif Example Project/main CMakeLists.txt -# v1.0 +# v1.1 # # wolfssl template # diff --git a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h index 94d9132358..ec666f37dc 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults index d14a51ee0c..c3b5367a69 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults @@ -1,30 +1,142 @@ # Set the known example app config to template example (see user_settings.h) CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y -# Set the known example app config to TLS Client (see user_settings.h) -CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y # -# Default main stack size +# Default main stack size. See user_settings.h # -# This is typically way bigger than needed for stack size. See user_settings.h +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h # -CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 - +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=3584 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=10500 +CONFIG_MAIN_TASK_STACK_SIZE=3584 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Ensure mbedTLS options are disabled +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n +# CONFIG_MBEDTLS_TLS_SERVER=n +# CONFIG_MBEDTLS_TLS_CLIENT=n +# CONFIG_MBEDTLS_HARDWARE_AES=n +# CONFIG_MBEDTLS_HARDWARE_MPI=n +# CONFIG_MBEDTLS_HARDWARE_SHA=n +# CONFIG_MBEDTLS_ROM_MD5=n +# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n +# CONFIG_MBEDTLS_SSL_ALPN=n +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n + +# The same-name config is used for both WiFi and client/server TLS, so we cannot disable: +# CONFIG_MBEDTLS_TLS_ENABLED=n +# CONFIG_MBEDTLS_TLS_DISABLED=y # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt index 8c66ae2695..f11fcd13e2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt @@ -1,11 +1,13 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.0 +# v1.3 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) +# Optional no watchdog typically used for test & benchmark add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) + # The wolfSSL CMake file should be able to find the source code. # Otherwise, assign an environment variable or set it here: # @@ -20,19 +22,58 @@ add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) # Linux: ~/workspace # Windows: C:\workspace # +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME -# Optionally specify a location for wolfSSL component source code -# set(WOLFSSL_ROOT "c:/mydir/wolfssl" ) -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -# -#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") -# message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") -# set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") -#else() -# message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") -#endif() +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + +# Ensure the this wolfSSL component directory is included +set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl") +list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) # Not only is a project-level "set(COMPONENTS" not needed here, this will cause # an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md index 143a6a6991..e760db5f99 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md @@ -7,8 +7,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## Espressif ESP Component Registry -See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl) +See the wolfSSL namespace and additional details: +https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ ## Windows COM Port @@ -38,9 +39,7 @@ using the VisualGDB extension. The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project. - --------- |------------- |------------- | -ChipSet | ESP-IDF v4.4 | ESP-IDF v5.1 | +ChipSet | ESP-IDF v4.4 | ESP-IDF v5.2 | -------- |------------- |------------- | ESP32 | x | | ESP32-S2 | | | @@ -66,7 +65,8 @@ See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-sh 1-1. Example Configuration -> BENCH_ARG : argument that you want to use. Default is "-lng 0" - The list of argument can be find in help. + The list of arguments can be found in help. See [benchmark/README.md](https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/benchmark/README.md) + Features to be benchmarked are enabled in the `user_settings.h`. When you want to run the benchmark program @@ -89,14 +89,34 @@ git fetch git pull git submodule update --init --recursive -cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +# pick your workspace location +# cd ~/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +# cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark +cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark -# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB +# The ESP8266 uses a completely different toolchain: +WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4 -WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 -WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1 +# Pick ESP-IDF toolchain install directory WRK_IDF_PATH=~/esp/esp-idf +# ESP-IDF v4.x uses toolchain v8.4 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1 + +# ESP-IDF v5.0 with toolchain v12.4 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0 + +# ESP-IDF v5.0 to v5.2.1 uses toolchain v12.4 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.1 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.2.1 + +# The most recent version: +# ESP-IDF v5.2 uses toolchain v13.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 + + . $WRK_IDF_PATH/export.sh # Set target SoC diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt index f0bef7fc31..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt @@ -19,17 +19,67 @@ # # cmake for wolfssl Espressif projects # -# Version 5.7.0 template update + THIS_IDF_PATH +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + # The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") set(CMAKE_CURRENT_SOURCE_DIR ".") # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component @@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "") endif() if( "$ENV{IDF_PATH}" STREQUAL "" ) - message(FATAL_ERROR "IDF_PATH Environment variable not set!") + message(FATAL_ERROR "IDF_PATH Environment variable not set!") else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() @@ -106,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -130,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -147,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -166,26 +236,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") - else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) - if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank + else() + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. else() - get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via prior specification.") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() @@ -286,6 +386,11 @@ endfunction() message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") + +# Optional variable inspection if (0) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) @@ -302,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -318,8 +428,9 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - ${THIS_INCLUDE_TIMER} - ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -328,6 +439,15 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) @@ -341,7 +461,9 @@ else() # Abort CMake after fatal error. endif() else() - message(STATUS "Searching for wolfSL source code...") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) endif() @@ -349,11 +471,18 @@ else() if(WOLFSSL_ROOT) message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") else() - message(STATUS "Failed: wolfssl directory not found.") + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" - "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") - # Abort CMake after fatal error. + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) @@ -379,22 +508,24 @@ else() endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") - # wolfSSL user_settings.h is in the local project. + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") - + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) @@ -427,8 +558,7 @@ else() message(STATUS "**************************************************************************************") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") - # Abort CMake after fatal error. + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -536,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -552,7 +684,7 @@ else() message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" @@ -601,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -622,15 +755,120 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES - "${THIS_INCLUDE_TIMER}" - "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark - ) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE # Some optional diagnostics. Verbose ones are truncated. if (VERBOSE_COMPONENT_MESSAGES) @@ -662,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -717,33 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig new file mode 100644 index 0000000000..cdd039d73f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk index 54ae8041fd..95a5a4723c 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk @@ -18,6 +18,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # +$(info *********** wolfssl component ************) + # # Component Makefile # @@ -48,193 +50,246 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS -# In the wolfSSL GitHub examples for Espressif, -# the root is 7 directories up from here: -WOLFSSL_ROOT := ../../../../../../../ +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here (the location of of this component.mk): +WOLFSSL_ROOT := ../../../../../../.. -# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. COMPONENT_ADD_INCLUDEDIRS := . COMPONENT_ADD_INCLUDEDIRS += include -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src -# WOLFSSL_ROOT := "" -COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test -COMPONENT_SRCDIRS += include +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src -COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o ## ## wolfSSL ## -COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # COMPONENT_OBJS += src/conf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o # COMPONENT_OBJS += src/pk.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o # COMPONENT_OBJS += src/ssl_asn1.o # COMPONENT_OBJS += src/ssl_bn.o # COMPONENT_OBJS += src/ssl_certman.o # COMPONENT_OBJS += src/ssl_crypto.o # COMPONENT_OBJS += src/ssl_misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o # COMPONENT_OBJS += src/x509.o # COMPONENT_OBJS += src/x509_str.o ## ## wolfcrypt ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o ## ## Espressif ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o ## ## wolfcrypt benchmark (optional) ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + ## ## wolfcrypt test (optional) ## -## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test ## ## wolfcrypt ## +# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index 1c30597da9..0ce13530b2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,19 +18,52 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* This user_settings.h is for Espressif ESP-IDF * * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 * - * Do not include any wolfssl headers here + * Do not include any wolfssl headers here. * * When editing this file: - * ensure wolfssl_test and wolfssl_benchmark settings match. + * ensure all examples match. The template example is the reference. */ -/* The Espressif project config file. See also sdkconfig.defaults */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ /* The Espressif sdkconfig will have chipset info. ** @@ -46,33 +79,250 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF -/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ -#define NO_ESP_SDK_WIFI +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE + #endif +#endif + +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 + +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES #endif +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN + + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ + /* * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 + * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif /* See below for chipset detection from sdkconfig.h */ /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ -/* #define SINGLE_THREADED */ +#define SINGLE_THREADED -/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. +/* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) * When really desperate or no TLS used, try NO_SESSION_CACHE. */ @@ -92,130 +342,6 @@ /* RSA_LOW_MEM: Half as much memory but twice as slow. */ #define RSA_LOW_MEM -/* Uncommon settings for testing only */ -#define TEST_ESPIDF_ALL_WOLFSSL -#ifdef TEST_ESPIDF_ALL_WOLFSSL - #define WOLFSSL_MD2 - #define HAVE_BLAKE2 - #define HAVE_BLAKE2B - #define HAVE_BLAKE2S - - #define WC_RC2 - #define WOLFSSL_ALLOW_RC4 - - #define HAVE_POLY1305 - - #define WOLFSSL_AES_128 - #define WOLFSSL_AES_OFB - #define WOLFSSL_AES_CFB - #define WOLFSSL_AES_XTS - - /* #define WC_SRTP_KDF */ - /* TODO Causes failure with Espressif AES HW Enabled */ - /* #define HAVE_AES_ECB */ - /* #define HAVE_AESCCM */ - /* TODO sanity check when missing HAVE_AES_ECB */ - #define WOLFSSL_WOLFSSH - - #define HAVE_AESGCM - #define WOLFSSL_AES_COUNTER - - #define HAVE_FFDHE - #define HAVE_FFDHE_2048 - #if defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO Full size SRP is disabled on the ESP8266 at this time. - * Low memory issue? */ - #define WOLFCRYPT_HAVE_SRP - /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ - #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS - #elif defined(CONFIG_IDF_TARGET_ESP32) || \ - defined(CONFIG_IDF_TARGET_ESP32S2) || \ - defined(CONFIG_IDF_TARGET_ESP32S3) - /* TODO: SRP Not enabled, known to fail on this target - * See https://github.com/wolfSSL/wolfssl/issues/7210 */ - #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) - /* SRP Known to be working on this target::*/ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #else - /* For everything else, give a try and see if SRP working: */ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #endif - - #define HAVE_DH - - /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. - * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ - /* #define HAVE_CAMELLIA */ - - /* DSA requires old SHA */ - #define HAVE_DSA - - /* Needs SHA512 ? */ - #define HAVE_HPKE - - /* Not for Espressif? */ - #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ - defined(CONFIG_IDF_TARGET_ESP8684) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) || \ - defined(CONFIG_IDF_TARGET_ESP8266) - - #if defined(CONFIG_IDF_TARGET_ESP8266) - #undef HAVE_ECC - #undef HAVE_ECC_CDH - #undef HAVE_CURVE25519 - - /* TODO does CHACHA also need alignment? Failing on ESP8266 - * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ - #ifdef HAVE_CHACHA - #error "HAVE_CHACHA not supported on ESP8266" - #endif - #ifdef HAVE_XCHACHA - #error "HAVE_XCHACHA not supported on ESP8266" - #endif - #else - #define HAVE_XCHACHA - #define HAVE_CHACHA - /* TODO Not enabled at this time, needs further testing: - * #define WC_SRTP_KDF - * #define HAVE_COMP_KEY - * #define WOLFSSL_HAVE_XMSS - */ - #endif - /* TODO AES-EAX not working on this platform */ - - /* Optionally disable DH - * #undef HAVE_DH - * #undef HAVE_FFDHE - */ - - /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ - #ifndef HAVE_ECC - #define ECC_SHAMIR - #endif - #else - #define WOLFSSL_AES_EAX - - #define ECC_SHAMIR - #endif - - /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ - /* #define WOLFSSL_CAAM */ - /* #define WOLFSSL_CAAM_BLOB */ - - #define WOLFSSL_AES_SIV - #define WOLFSSL_CMAC - - #define WOLFSSL_CERT_PIV - - /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ - /* #define HAVE_SCRYPT */ - #define SCRYPT_TEST_ALL - #define HAVE_X963_KDF -#endif - /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ @@ -230,14 +356,40 @@ #define BENCH_EMBEDDED /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF + + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -254,32 +406,67 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -#define WOLFSSL_SHA512 - -/* when you want to use SHA3 */ -#define WOLFSSL_SHA3 - - /* ED25519 requires SHA512 */ -#define HAVE_ED25519 - /* Some features not enabled for ESP8266: */ #if defined(CONFIG_IDF_TARGET_ESP8266) || \ defined(CONFIG_IDF_TARGET_ESP32C2) + /* Some known low-memory devices have features not enabled by default. */ /* TODO determine low memory configuration for ECC. */ #else - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 + + /* when you want to use SHA3 */ + /* #define WOLFSSL_SHA3 */ + + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 #endif -#define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif -/* Optional OPENSSL compatibility */ -#define OPENSSL_EXTRA +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ /* #Optional HAVE_PKCS7 */ -#define HAVE_PKCS7 +/* #define HAVE_PKCS7 */ #if defined(HAVE_PKCS7) /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ @@ -319,8 +506,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -329,7 +519,7 @@ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ /* #define WOLFSSL_SP_RISCV32 */ @@ -338,6 +528,14 @@ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif #define WOLFSSL_SMALL_STACK @@ -345,18 +543,32 @@ #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS + + #define WOLFSSL_CERT_TEXT -#define WOLFSSL_CERT_TEXT + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -376,10 +588,62 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 /* Alternatively, if there's an ECC Secure Element present: */ /* #define WOLFSSL_ESPWROOM32SE */ @@ -501,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -556,18 +824,33 @@ /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER See wolfcrypt/benchmark/benchmark.c for debug and other settings: @@ -579,7 +862,8 @@ Turn on timer debugging (used when CPU cycles not available) */ /* Pause in a loop rather than exit. */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ #define WOLFSSL_HW_METRICS @@ -628,6 +912,12 @@ Turn on timer debugging (used when CPU cycles not available) * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -705,6 +995,7 @@ Turn on timer debugging (used when CPU cycles not available) #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_2048 @@ -726,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available) #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_1024 @@ -750,3 +1042,34 @@ Turn on timer debugging (used when CPU cycles not available) #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt index 6614af4fcc..bb71f4b282 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt @@ -1,3 +1,5 @@ +# wolfSSL Espressif Example Project/main CMakeLists.txt +# v1.1 # # wolfssl benchmark test # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h index cae03b4a93..30c2289f3a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h @@ -1,4 +1,4 @@ -/* benchmark main.h +/* wolfssl_benchmark main.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -19,12 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifndef _MAIN_ -#define _MAIN_ +#ifndef _MAIN_H_ +#define _MAIN_H_ void app_main(void); -/* see wolfssl/wolfcrypt/benchmark/benchmark.h */ -extern void wolf_benchmark_task(); - #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c index 3381f25fe7..02c2771815 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c @@ -27,20 +27,27 @@ /* The wolfSSL user_settings.h file is automatically included by the settings.h * file and should never be explicitly included in any other source files. * The settings.h should also be listed above wolfssl library include files. */ -#include -#include -#include -#include -#ifndef WOLFSSL_ESPIDF - #error "Problem with wolfSSL user_settings. " \ - "Check components/wolfssl/include " \ - "and confirm WOLFSSL_USER_SETTINGS is defined, " \ - "typically in the component CMakeLists.txt" +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include -#include - /* Hardware; include after other libraries, * particularly after freeRTOS from settings.h */ #include @@ -152,6 +159,7 @@ char* __argv[WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS]; int construct_argv() { + #define ARG_BUFF_SIZE 16 int cnt = 0; int i = 0; int len = 0; @@ -212,15 +220,16 @@ int construct_argv() /* entry point */ void app_main(void) { - int stack_start = 0; - uart_config_t uart_config = { .baud_rate = THIS_MONITOR_UART_BAUD_DATE, .data_bits = UART_DATA_8_BITS, .parity = UART_PARITY_DISABLE, .stop_bits = UART_STOP_BITS_1, }; + int stack_start = 0; + word32 loops = 0; esp_err_t ret = 0; + stack_start = esp_sdk_stack_pointer(); /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, @@ -270,7 +279,7 @@ void app_main(void) ESP_LOGI(TAG, "NO_CRYPT_BENCHMARK defined, skipping wolf_benchmark_task") #else - /* although wolfCrypt_Init() may be explicitly called above, + /* Although wolfCrypt_Init() may be explicitly called above, ** note it is still always called in wolf_benchmark_task. */ stack_start = uxTaskGetStackHighWaterMark(NULL); @@ -278,36 +287,41 @@ void app_main(void) do { ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); - wolf_benchmark_task(); /* TODO capture return value! */ +#ifdef WOLFSSL_BENCH_ARGV + ret = benchmark_test(__argv); +#else + ret = benchmark_test(NULL); +#endif ESP_LOGI(TAG, "Stack used: %d\n", stack_start - uxTaskGetStackHighWaterMark(NULL)); - #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) - esp_hw_show_metrics(); - #endif - } while (BENCHMARK_LOOP); - /* Reminder: wolfCrypt_Cleanup should always be called at completion, + esp_hw_show_metrics(); + + loops++; /* count of the number of tests run before fail. */ + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "loops = %d", loops); + + } while (BENCHMARK_LOOP && (ret == 0)); + + /* Reminder: wolfCrypt_Cleanup() should always be called at completion, ** and is called in wolf_benchmark_task(). */ +#if defined BENCHMARK_LOOP && (BENCHMARK_LOOP == 1) + /* If BENCHMARK_LOOP enabled and we get here, there was likely an error. */ + ESP_LOGI(TAG, "Benchmark loops completed: %d", loops); +#endif + #if defined(SINGLE_THREADED) /* need stack monitor for single thread */ #else ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); #endif - /* note wolfCrypt_Cleanup() should always be called when finished. - ** This is called at the end of wolf_test_task(); - */ - -#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) - esp_hw_show_mp_metrics(); -#endif - #ifdef INCLUDE_uxTaskGetStackHighWaterMark - ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); - ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - (uxTaskGetStackHighWaterMark(NULL))); + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL))); #endif #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE @@ -318,19 +332,19 @@ void app_main(void) ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret)); } #elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE) - ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); + ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE); #else ESP_LOGI(TAG, "\n\nDone!\n\n" "If running from idf.py monitor, press twice: Ctrl+]"); #endif - /* after the test, we'll just wait */ + /* After completion, we'll just wait */ while (1) { - /* do something other than nothing to help next program/debug session*/ -#ifndef SINGLE_THREADED - vTaskDelay(1000); +#if defined(SINGLE_THREADED) + while (1); +#else + vTaskDelay(60000); #endif - } - + } /* done while */ #endif /* NO_CRYPT_BENCHMARK */ -} /* main */ +} diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv index a9c373bec7..0b2fcd1a9f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv @@ -1,31 +1,31 @@ -# to view: idf.py partition-table -# -# ESP-IDF Partition Table -# Name, Type, SubType, Offset, Size, Flags -nvs, data, nvs, 0x9000, 24K, -phy_init,data, phy, 0xf000, 4K, -factory, app, factory, 0x10000, 1500K, - - -# For other settings, see: -# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables -# -# Here is the summary printed for the "Single factory app, no OTA" configuration: -# -# # ESP-IDF Partition Table -# # Name, Type, SubType, Offset, Size, Flags -# nvs, data, nvs, 0x9000, 0x6000, -# phy_init, data, phy, 0xf000, 0x1000, -# factory, app, factory, 0x10000, 1M, -# -# -# Here is the summary printed for the "Factory app, two OTA definitions" configuration: -# -# # ESP-IDF Partition Table -# # Name, Type, SubType, Offset, Size, Flags -# nvs, data, nvs, 0x9000, 0x4000, -# otadata, data, ota, 0xd000, 0x2000, -# phy_init, data, phy, 0xf000, 0x1000, -# factory, app, factory, 0x10000, 1M, -# ota_0, app, ota_0, 0x110000, 1M, -# ota_1, app, ota_1, 0x210000, 1M, +# to view: idf.py partition-table +# +# ESP-IDF Partition Table +# Name, Type, SubType, Offset, Size, Flags +nvs, data, nvs, 0x9000, 24K, +phy_init,data, phy, 0xf000, 4K, +factory, app, factory, 0x10000, 1500K, + + +# For other settings, see: +# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables +# +# Here is the summary printed for the "Single factory app, no OTA" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x6000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# +# +# Here is the summary printed for the "Factory app, two OTA definitions" configuration: +# +# # ESP-IDF Partition Table +# # Name, Type, SubType, Offset, Size, Flags +# nvs, data, nvs, 0x9000, 0x4000, +# otadata, data, ota, 0xd000, 0x2000, +# phy_init, data, phy, 0xf000, 0x1000, +# factory, app, factory, 0x10000, 1M, +# ota_0, app, ota_0, 0x110000, 1M, +# ota_1, app, ota_1, 0x210000, 1M, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults index e7f3037365..5dd65ae9d4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults @@ -1,18 +1,31 @@ +# Set the known example app config to template example (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_BENCHMARK=y + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# sdkconfig.defaults for ESP8266 + ESP32 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults CONFIG_BENCH_ARGV="-lng 0" +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # # Default main stack size. See user_settings.h # +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h +# # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others -CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 +# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app. +CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=10500 +CONFIG_MAIN_TASK_STACK_SIZE=28672 # # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled @@ -30,6 +43,10 @@ CONFIG_ESP_TASK_WDT_EN=n CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y CONFIG_ESP_INT_WDT=n +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + # ESP8266 WDT # CONFIG_ESP_PANIC_PRINT_REBOOT is not set CONFIG_ESP_PANIC_PRINT_REBOOT=n @@ -45,6 +62,36 @@ CONFIG_HEAP_DISABLE_IRAM=y # Performance # CONFIG_COMPILER_OPTIMIZATION_PERF=y +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + # Set max COU frequency (falls back as needed for lower maximum) CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt index 14d08bf9f9..0518aedc2e 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt @@ -3,6 +3,8 @@ # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly +message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") + cmake_minimum_required(VERSION 3.16) # The wolfSSL CMake file should be able to find the source code. @@ -48,7 +50,8 @@ endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common") if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") @@ -80,17 +83,20 @@ else() endif() -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +message(STATUS "begin include") +if(0) + # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. + set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") - message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") - set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") -else() - message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") + else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + endif() endif() - include($ENV{IDF_PATH}/tools/cmake/project.cmake) - +message(STATUS "end include") project(wolfssl_client) +message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md index 43961ec9be..ff275c7117 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md @@ -10,9 +10,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## Quick Start -Use the [ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html) -for ESP32 or [RTOS SDK](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html) -for the ESP8266. +Use the `ESP-IDF` for ESP32 or `RTOS SDK` for the ESP8266. Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266) and set the various parameters for the target device, along with local WiFi settings: @@ -49,7 +47,7 @@ Difficulty flashing: * Check that quality USB cables are being used. * Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable. * Review board specifications: some require manual boot mode via on-board buttons. -* See [Espressif ESP Frequently Asked Questions](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf) +* See Espressif ESP Frequently Asked Questions `esp-faq-en-master.pdf`. ## ESP-IDF Commandline v5.x diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt index c3c09ca532..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt @@ -19,16 +19,145 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -51,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -68,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -76,27 +225,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + else() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank + else() + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -114,16 +307,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -143,7 +367,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -154,17 +379,58 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") +# Optional variable inspection +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() + +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - # esp_timer - # driver # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -173,48 +439,99 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() else() - message(STATUS "NEW wolfssl directory not found.") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") + else() + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") - + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -237,11 +554,12 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -291,6 +609,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -347,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -360,21 +681,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers - ${THIS_IDF_PATH}/components/esp_event/include - ${THIS_IDF_PATH}/components/esp_netif/include - ${THIS_IDF_PATH}/components/esp_wifi/include + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -399,8 +721,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default - "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -411,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -432,22 +755,144 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark - ) - # some optional diagnostics - if (1) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -455,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -510,31 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + +endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig new file mode 100644 index 0000000000..cdd039d73f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk index 1008e04afe..45a1aa08fb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk @@ -20,7 +20,7 @@ $(info *********** wolfssl component ************) - # +# # Component Makefile # # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index 325e54b6a4..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,18 +18,195 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 -/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" -/* This user_settings.h is for Espressif ESP-IDF */ +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here. + * + * When editing this file: + * ensure all examples match. The template example is the reference. + */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ -/* #define DEBUG_WOLFSSL */ -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +#undef WOLFSSL_ESPIDF +#define WOLFSSL_ESPIDF + +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER + /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER @@ -58,14 +235,72 @@ ** CONFIG_IDF_TARGET_ESP32C6 */ -#undef WOLFSSL_ESPIDF -#define WOLFSSL_ESPIDF +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES +#endif + +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN -/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ -#define NO_ESP_SDK_WIFI + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ /* - * ONE of these Espressif chipsets should be defined: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE @@ -84,11 +319,28 @@ #endif /* See below for chipset detection from sdkconfig.h */ +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +#define SINGLE_THREADED + /* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) - * When really desperate, try NO_SESSION_CACHE. */ -#define MICRO_SESSION_CACHE + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -103,19 +355,41 @@ #define BENCH_EMBEDDED -#define WOLFSSL_SMALL_STACK -#define HAVE_ECC -#define RSA_LOW_MEM - /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF + + /* May be required */ + #ifndef HAVE_AEAD + #endif -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -132,30 +406,72 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -#if defined(CONFIG_IDF_TARGET_ESP8266) +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) /* Some known low-memory devices have features not enabled by default. */ + /* TODO determine low memory configuration for ECC. */ #else /* when you want to use SHA512 */ #define WOLFSSL_SHA512 /* when you want to use SHA3 */ - #define WOLFSSL_SHA3 + /* #define WOLFSSL_SHA3 */ /* ED25519 requires SHA512 */ #define HAVE_ED25519 +#endif - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL - #define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif + +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" #endif /* Optional OpenSSL compatibility */ /* #define OPENSSL_EXTRA */ -/* when you want to use pkcs7 */ +/* #Optional HAVE_PKCS7 */ /* #define HAVE_PKCS7 */ + #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT @@ -175,25 +491,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 - - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ - #endif -#endif +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -204,23 +506,40 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif + +#define WOLFSSL_SMALL_STACK + + #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ @@ -230,13 +549,26 @@ /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS -#define WOLFSSL_CERT_TEXT + + #define WOLFSSL_CERT_TEXT + + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -256,11 +588,66 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -378,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -403,29 +794,84 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -466,6 +912,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -543,6 +995,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -562,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -584,3 +1042,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt index 621eb8702e..e339d25093 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt @@ -3,6 +3,7 @@ # # wolfssl client test # +message("Begin wolfSSL main CMakeLists.txt") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") if(WIN32) @@ -83,24 +84,27 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") else() # if we get here, check the execute_process command and parameters. - message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") + message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.") + message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"") set(${VAR_OUPUT} "Unknown") endif() endfunction() # LIBWOLFSSL_SAVE_INFO +# Save some project-specific details. Repo may be different than component, or may not even be a repo at all: if(NOT CMAKE_BUILD_EARLY_EXPANSION) - # LIBWOLFSSL_VERSION_GIT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_SHORT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_HASH_DATE + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") endif() message(STATUS "") +message("End wolfSSL main CMakeLists.txt") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild index 83dcd64398..061d0aa5a4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild @@ -1,4 +1,83 @@ -menu "Example Configuration" +menu "Example wolfSSL Configuration" + +choice WOLFSSL_EXAMPLE_CHOOSE + prompt "Choose Example (See wolfssl/include/user_settings.h)" + default WOLFSSL_EXAMPLE_NAME_NONE + help + The user settings file can be adjusted to specific wolfSSL examples. + + config WOLFSSL_EXAMPLE_NAME_TEMPLATE + bool "wolfSSL Template" + help + The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more. + + config WOLFSSL_EXAMPLE_NAME_TEST + bool "wolfSSL Test" + help + This app tests all cryptographic functions currently enabled. See also Benchmark performance app. + + config WOLFSSL_EXAMPLE_NAME_BENCHMARK + bool "wolfSSL Benchmark" + help + Benchmark performance app. See also cryptographic test. + + config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT + bool "TLS Client" + help + TLS Client Example app. Needs WiFi and a listening server on port 11111. + + config WOLFSSL_EXAMPLE_NAME_TLS_SERVER + bool "TLS Server" + help + TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE + bool "SSH Template App" + help + Bare-bones Hellow World app that only compiles in wolfSSL and wolfSSH. + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER + bool "SSH to UART Server for the ESP32" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER + bool "SSH to UART Server for the ESP8266" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE + bool "MQTT Template" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT + bool "MQTT AWS IoT" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFTPM_EXAMPLE_NAME_ESPRESSIF + bool "TPM Test Example for the ESP32" + help + See wolfSSL/wolfTPM on GitHub. + + config WOLFSSL_EXAMPLE_NAME_NONE + bool "Other" + help + A specific example app is not defined. + +endchoice config WOLFSSL_TARGET_HOST string "Target host" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 638fdf343d..2883f2f25d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -18,6 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #include "client-tls.h" /* Espressif FreeRTOS */ @@ -36,6 +37,8 @@ /* wolfSSL */ #include +/* This project not yet using the library */ +#undef USE_WOLFSSL_ESP_SDK_WIFI #include #if defined(WOLFSSL_WC_KYBER) @@ -204,7 +207,6 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) size_t len; - wolfSSL_Debugging_ON(); WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME); doPeerCheck = 1; @@ -238,8 +240,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) /* Create and initialize WOLFSSL_CTX */ ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SSL 3.0 - TLS 1.3. */ /* options: */ - /* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); only TLS 1.2 */ - /* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); only TLS 1.3 */ + /* ctx = wolfSSL_CTX_new(wolfSSLv1_2_client_method()); only TLS 1.2 */ + /* ctx = wolfSSL_CTX_new(wolfSSLv1_3_client_method()); only TLS 1.3 */ /* wolfSSL_CTX_NoTicketTLSv12(); */ /* wolfSSL_NoTicketTLSv12(); */ if (ctx == NULL) { @@ -460,6 +462,9 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args) } ESP_LOGI(TAG, "Connect to wolfSSL server..."); + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif ret_i = wolfSSL_connect(ssl); #ifdef DEBUG_WOLFSSL this_heap = esp_get_free_heap_size(); @@ -570,7 +575,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #else xTaskHandle _handle; #endif - /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions */ + /* See Espressif api-reference/system/freertos_idf.html#functions */ if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) { /* Observed approximately 6KB limit for the RTOS task stack size. * Reminder parameter is bytes, not words as with generic FreeRTOS. */ @@ -582,8 +587,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here. - * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ + * Espressif uses BYTES for the task stack size here. */ ret = xTaskCreate(tls_smp_client_task, TLS_SMP_CLIENT_TASK_NAME, TLS_SMP_CLIENT_TASK_BYTES, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h index b016f29a61..80802af508 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h @@ -29,9 +29,9 @@ /* See main/Kconfig.projbuild for default configuration settings */ #ifdef CONFIG_WOLFSSL_TARGET_HOST - #define TLS_SMP_TARGET_HOST "192.168.1.36" + #define TLS_SMP_TARGET_HOST CONFIG_WOLFSSL_TARGET_HOST #else - #define TLS_SMP_TARGET_HOST "192.168.1.41" + #define TLS_SMP_TARGET_HOST "192.168.1.37" #endif #ifdef CONFIG_WOLFSSL_TARGET_PORT diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h index 12c452d6e2..fee34cbc43 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h index 3586ac65a8..ab73b24391 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h @@ -24,8 +24,8 @@ #ifndef _TIME_HELPER_H_ #define _TIME_HELPER_H_ -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0 See Espressif api-reference/system/system_time */ #ifdef __cplusplus diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h index 6888228f3f..404efc0d37 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h @@ -106,20 +106,26 @@ /* tyically from ESP32 with ESP-IDF v4 ot v5 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID #elif defined(CONFIG_EXAMPLE_WIFI_SSID) - /* tyically from ESP8266 rtos-sdk/v3.4 */ + /* typically from ESP8266 rtos-sdk/v3.4 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID #else - #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_SSID + #define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT" + #endif #endif #if defined(CONFIG_ESP_WIFI_PASSWORD) /* tyically from ESP32 with ESP-IDF v4 or v5 */ #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD #elif defined(CONFIG_EXAMPLE_WIFI_SSID) - /* tyically from ESP8266 rtos-sdk/v3.4 */ + /* typically from ESP8266 rtos-sdk/v3.4 */ #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD #else - #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + /* See new esp-sdk-lib.h helpers: */ + #ifndef EXAMPLE_ESP_WIFI_PASS + #define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT" + #endif #endif #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c index 838ad66bd4..376c853fc2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c @@ -28,22 +28,32 @@ /* wolfSSL */ /* Always include wolfcrypt/settings.h before any other wolfSSL file. */ -/* Reminder: settings.h pulls in user_settings.h; don't include it here */ -#include -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif /* this project */ #include "client-tls.h" #include "time_helper.h" -#ifndef CONFIG_IDF_TARGET_ESP32H2 +#ifdef CONFIG_IDF_TARGET_ESP32H2 /* There's no WiFi on ESP32-H2. * For wired ethernet, see: * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */ +#else #include "wifi_connect.h" /* * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4 @@ -123,8 +133,12 @@ void my_atmel_free(int slotId) /* Entry for FreeRTOS */ void app_main(void) { +#if !defined(SINGLE_THREADED) && INCLUDE_uxTaskGetStackHighWaterMark int stack_start = 0; +#endif +#if !defined(SINGLE_THREADED) int this_heap = 0; +#endif esp_err_t ret = 0; ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); @@ -132,6 +146,9 @@ void app_main(void) ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); +#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig."); +#endif #ifdef ESP_SDK_MEM_LIB_VERSION sdk_init_meminfo(); #endif @@ -155,7 +172,7 @@ void app_main(void) * the minimum free stack space there has been (in bytes not words, unlike * vanilla FreeRTOS) since the task started. The smaller the returned * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + * see Espressif api-reference/system/freertos_idf */ stack_start = uxTaskGetStackHighWaterMark(NULL); #ifdef ESP_SDK_MEM_LIB_VERSION @@ -172,7 +189,15 @@ void app_main(void) #ifdef HAVE_VERSION_EXTENDED_INFO esp_ShowExtendedSystemInfo(); #endif - +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_OFF(); +#endif +#ifdef CONFIG_IDF_TARGET_ESP32H2 + ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported"); + while (1) { + vTaskDelay(60000); + } +#endif /* Set time for cert validation. * Some lwIP APIs, including SNTP functions, are not thread safe. */ ret = set_time(); /* need to setup NTP before WiFi */ @@ -267,7 +292,6 @@ void app_main(void) - (uxTaskGetStackHighWaterMark(NULL)) ); ESP_LOGI(TAG, "Starting TLS Client task ...\n"); - ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d", &this_heap, this_heap); tls_smp_client_init(args); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c index 0adfefcbce..1ff6af4174 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c @@ -19,11 +19,29 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* See https://tf.nist.gov/tf-cgi/servers.cgi */ +/* common Espressif time_helper */ +#include "time_helper.h" + -/* common Espressif time_helper v5.6.6.001 */ #include "sdkconfig.h" -#include "time_helper.h" +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif #include #include @@ -41,8 +59,8 @@ /* TODO Consider non ESP-IDF environments */ #endif -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0. See: Espressif api-reference/system/system_time */ /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ @@ -285,7 +303,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference/system/system_time * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c index 19ced33011..f2e13afc19 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c @@ -31,12 +31,22 @@ #include /* wolfSSL */ -#include -#include -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif /* When there's too little heap, WiFi quietly refuses to connect */ @@ -198,7 +208,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference/system/freertos_idf */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults index 765df0fe6b..146dabf0f1 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults @@ -1,12 +1,21 @@ -# sdkconfig.defaults for ESP8266 + ESP32 -# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. -# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults -CONFIG_BENCH_ARGV="-lng 0" +# Set the known example app config to TLS Client (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y +# CONFIG_EXAMPLE_WIFI_SSID="myssid" +# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword" + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # -# Default main stack size. See user_settings.h +# Default main stack size +# +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h # # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others @@ -50,12 +59,43 @@ CONFIG_HEAP_DISABLE_IRAM=y # Performance # CONFIG_COMPILER_OPTIMIZATION_PERF=y -# Set max COU frequency (falls back as needed for lower maximum) +# Set max CPU frequency (falls back as needed for lower maximum) CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y -# FreeRTOS ticks at 1ms interval -CONFIG_FREERTOS_UNICORE=y -CONFIG_FREERTOS_HZ=1000 +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + + +# Ensure mbedTLS options are disabled +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n +# CONFIG_MBEDTLS_TLS_SERVER=n +# CONFIG_MBEDTLS_TLS_CLIENT=n +# CONFIG_MBEDTLS_HARDWARE_AES=n +# CONFIG_MBEDTLS_HARDWARE_MPI=n +# CONFIG_MBEDTLS_HARDWARE_SHA=n +# CONFIG_MBEDTLS_ROM_MD5=n +# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n +# CONFIG_MBEDTLS_SSL_ALPN=n +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n + +# The same-name config is used for both WiFi and client/server TLS, so we cannot disable: +# CONFIG_MBEDTLS_TLS_ENABLED=n +# CONFIG_MBEDTLS_TLS_DISABLED=y # # Compiler options diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 new file mode 100644 index 0000000000..a24d9302e6 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 @@ -0,0 +1,7 @@ +# +# Main XTAL Config +# +CONFIG_XTAL_FREQ_26=y +# CONFIG_XTAL_FREQ_40 is not set +CONFIG_XTAL_FREQ=26 +# end of Main XTAL Config diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt index 11a9e467a9..e4ce3d8a0d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt @@ -3,6 +3,8 @@ # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly +message(STATUS "Begin project ${CMAKE_PROJECT_NAME}") + cmake_minimum_required(VERSION 3.16) # The wolfSSL CMake file should be able to find the source code. @@ -48,7 +50,8 @@ endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common") if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") @@ -80,17 +83,20 @@ else() endif() -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) +message(STATUS "begin include") +if(0) + # This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. + set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) -if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") - message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") - set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") -else() - message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + if (EXISTS "${PROTOCOL_EXAMPLES_DIR}") + message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR") + else() + message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}") + endif() endif() - include($ENV{IDF_PATH}/tools/cmake/project.cmake) - +message(STATUS "end include") project(wolfssl_server) +message(STATUS "end project") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md index 6baa41aa7a..0b88c035fa 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md @@ -39,7 +39,7 @@ See the README.md file in the upper level 'examples' directory for more informat ``` # . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh -. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh +. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server # optionally erase diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt index b809a17142..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt @@ -19,16 +19,145 @@ # # cmake for wolfssl Espressif projects # -# Version 5.6.0.011 for detect test/benchmark +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) + +set(VERBOSE_COMPONENT_MESSAGES 1) + +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + +# The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") + set(CMAKE_CURRENT_SOURCE_DIR ".") -set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component -set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + +# Optionally set your source to wolfSSL in your project CMakeLists.txt like this: +# set(WOLFSSL_ROOT "c:/test/my_wolfssl" ) + +if ( "${WOLFSSL_ROOT}" STREQUAL "") + set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" ) +endif() + +if( "$ENV{IDF_PATH}" STREQUAL "" ) + message(FATAL_ERROR "IDF_PATH Environment variable not set!") +else() + string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") +endif() + +# Optional compiler definitions to help with system name detection (typically printed by app diagnostics) +if(VERBOSE_COMPONENT_MESSAGES) + if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") + endif() + if(CMAKE_HOST_UNIX) + message("Detected UNIX") + endif() + if(APPLE) + message("Detected APPLE") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") + endif() + if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") + endif() + if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") + endif() +endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + + +# Don't include lwip requirement for benchmark and test apps. +if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") ) + message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") +else() + # benchmark and test do not need wifi, everything else probably does: + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component +endif() # find the user name to search for possible "wolfssl-username" message(STATUS "USERNAME = $ENV{USERNAME}") @@ -51,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -68,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -76,27 +225,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) endif() endfunction() +# ********************************************************************************************* # function: FIND_WOLFSSL_DIRECTORY # parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank # +# Example usage: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# ********************************************************************************************* function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) - message(STATUS "Starting FIND_WOLFSSL_DIRECTORY") - set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + + if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) + set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + else() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank + else() + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) - message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() + # we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) @@ -114,16 +307,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) return() endif() + # Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT if( THIS_USER ) # Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER}) - message(STATUS "Looking in ${CURRENT_SEARCH_DIR}") + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl-master" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") - #if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src") IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) if ( FOUND_WOLFSSL ) - message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") - set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE) + message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() + endif() + endif() + + if ( FOUND_WOLFSSL ) + # if we already found the source, skip attempt of "wolfssl" + else() + set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl) + message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}") + + IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL ) + if ( FOUND_WOLFSSL ) + message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}") + set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) return() endif() endif() @@ -143,7 +367,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY) message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" ) - # when the search directory is empty, we'll give up + # When the parent is current directory, cannot go any further. We didn't find wolfssl. + # When the search directory is empty, we'll give up. set(CURRENT_SEARCH_DIR "") endif() endwhile() @@ -154,17 +379,58 @@ endfunction() # Example usage: +# +# Simply find the WOLFSSL_DIRECTORY by searching parent directories: +# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) +# + +message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") +# Optional variable inspection +if (0) + get_cmake_property(_variableNames VARIABLES) + list (SORT _variableNames) + message(STATUS "") + message(STATUS "ALL VARIABLES BEGIN") + message(STATUS "") + foreach (_variableName ${_variableNames}) + message(STATUS "${_variableName}=${${_variableName}}") + endforeach() + message(STATUS "") + message(STATUS "ALL VARIABLES END") + message(STATUS "") +endif() +if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + # There's no esp_timer, no driver components for the ESP8266 + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") +else() + message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") +endif() if(CMAKE_BUILD_EARLY_EXPANSION) message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:") idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - # esp_timer - # driver # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -173,48 +439,99 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) - message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}") + IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL) + if(FOUND_WOLFSSL) + message(STATUS "Found WOLFSSL_ROOT via CMake specification.") + else() + # WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path + message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n" + "Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.") + # Abort CMake after fatal error. + endif() + else() + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") + FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) + endif() + + + if(WOLFSSL_ROOT) + message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") else() - message(STATUS "NEW wolfssl directory not found.") + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n" - "Try setting WOLFSSL_ROOT environment variable or git clone.") + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/") - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") - endif() + # During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1) + set(USE_LOCAL_TEST_BENCH 0) + if(NOT USE_LOCAL_TEST_BENCH) + if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() - if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" ) - set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark") + endif() + + if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" ) + message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test") + set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test") + endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") - + string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) # get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa file(GLOB EXCLUDE_ASM *.S) - file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") + file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S") message(STATUS "IDF_PATH = $ENV{IDF_PATH}") message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}") @@ -237,11 +554,12 @@ else() message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ") message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") message(STATUS "") message(STATUS "**************************************************************************************") message(STATUS "") + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") + # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -291,6 +609,7 @@ else() message(FATAL_ERROR "Found stray wolfSSL user_settings.h in " "${WOLFSSL_ROOT}/include/user_settings.h " " (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )") + # Abort CMake after fatal error. else() # we won't overwrite an existing user settings file, just note that we already have one: if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" ) @@ -347,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -360,21 +681,22 @@ else() message(STATUS "Could not find RTOS path") endif() endif() - - + message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") + # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\"" "\"${RTOS_IDF_PATH}/\"" # wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers - ${THIS_IDF_PATH}/components/esp_event/include - ${THIS_IDF_PATH}/components/esp_netif/include - ${THIS_IDF_PATH}/components/esp_wifi/include + "${THIS_IDF_PATH}/components/esp_event/include" + "${THIS_IDF_PATH}/components/esp_netif/include" + "${THIS_IDF_PATH}/components/esp_wifi/include" ) - + # Optionally include cryptoauthlib if present if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib) list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib") endif() @@ -383,7 +705,7 @@ else() list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"") - + # Some files are known to be included elsewhere, or not used for Espressif set(COMPONENT_SRCEXCLUDE "\"${WOLFSSL_ROOT}/src/bio.c\"" "\"${WOLFSSL_ROOT}/src/conf.c\"" @@ -399,8 +721,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default - "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -411,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -432,22 +755,144 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark - ) - # some optional diagnostics - if (1) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE + + # Some optional diagnostics. Verbose ones are truncated. + if (VERBOSE_COMPONENT_MESSAGES) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) message(STATUS "") message(STATUS "ALL VARIABLES BEGIN") message(STATUS "") foreach (_variableName ${_variableNames}) - message(STATUS "${_variableName}=${${_variableName}}") + if ( ("${_variableName}" STREQUAL "bootloader_binary_files") + OR ("${_variableName}" STREQUAL "Component paths") + OR ("${_variableName}" STREQUAL "component_targets") + OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS") + OR ("${_variableName}" STREQUAL "CONFIGS_LIST") + OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES") + OR ("${_variableName}" STREQUAL "val") + OR ("${_variableName}" MATCHES "^__idf_") + ) + # Truncate the displayed value: + string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue) + message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)") + else() + message(STATUS "${_variableName}=${${_variableName}}") + endif() endforeach() message(STATUS "") message(STATUS "ALL VARIABLES END") @@ -455,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -510,31 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") + LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") + +endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig new file mode 100644 index 0000000000..cdd039d73f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk index 02c36849b9..45a1aa08fb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk @@ -18,6 +18,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # +$(info *********** wolfssl component ************) + # # Component Makefile # @@ -48,17 +50,61 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + # NOTICE: the WOLFSSL_ROOT setting MUST be relative! # See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables # In the wolfSSL GitHub examples for Espressif: # https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples # When this wolfssl component.mk makefile is in [project]/components/wolfssl -# The root is 7 directories up from here: +# The root is 7 directories up from here (the location of of this component.mk): WOLFSSL_ROOT := ../../../../../../.. -# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) + +# NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. -COMPONENT_ADD_INCLUDEDIRS := ./include +COMPONENT_ADD_INCLUDEDIRS := . +COMPONENT_ADD_INCLUDEDIRS += include COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt @@ -118,7 +164,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o @@ -142,7 +188,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o @@ -174,7 +220,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o @@ -211,8 +257,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o @@ -244,5 +290,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib. ## ## wolfcrypt ## -# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src +## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src + +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index 380da3e691..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,18 +18,195 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 -/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */ +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" -/* This user_settings.h is for Espressif ESP-IDF */ +/* This user_settings.h is for Espressif ESP-IDF + * + * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 + * + * Do not include any wolfssl headers here. + * + * When editing this file: + * ensure all examples match. The template example is the reference. + */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ -#define DEBUG_WOLFSSL -/* #define DEBUG_WOLFSSL_VERBOSE */ +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +#undef WOLFSSL_ESPIDF +#define WOLFSSL_ESPIDF + +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER + /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER @@ -38,6 +215,7 @@ /* With limited RAM, we'll disable some of the Kyber sizes: */ #define WOLFSSL_NO_KYBER1024 #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE #endif #endif @@ -57,14 +235,72 @@ ** CONFIG_IDF_TARGET_ESP32C6 */ -#undef WOLFSSL_ESPIDF -#define WOLFSSL_ESPIDF +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES +#endif + +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN -/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */ -#define NO_ESP_SDK_WIFI + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ /* - * ONE of these Espressif chipsets should be defined: + * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 * WOLFSSL_ESPWROOM32SE @@ -83,11 +319,28 @@ #endif /* See below for chipset detection from sdkconfig.h */ +/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ +#define SINGLE_THREADED + /* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) - * When really desperate, try NO_SESSION_CACHE. */ -#define MICRO_SESSION_CACHE + * When really desperate or no TLS used, try NO_SESSION_CACHE. */ +#define NO_SESSION_CACHE + +/* Small Stack uses more heap. */ +#define WOLFSSL_SMALL_STACK + +/* Full debugging turned off, but show malloc failure detail */ +/* #define DEBUG_WOLFSSL */ +#define DEBUG_WOLFSSL_MALLOC + +/* See test.c that sets cert buffers; we'll set them here: */ +#define USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_2048 + +/* RSA_LOW_MEM: Half as much memory but twice as slow. */ +#define RSA_LOW_MEM /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ @@ -102,19 +355,41 @@ #define BENCH_EMBEDDED -#define WOLFSSL_SMALL_STACK -#define HAVE_ECC -#define RSA_LOW_MEM - /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -131,30 +406,72 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -#if defined(CONFIG_IDF_TARGET_ESP8266) +/* Some features not enabled for ESP8266: */ +#if defined(CONFIG_IDF_TARGET_ESP8266) || \ + defined(CONFIG_IDF_TARGET_ESP32C2) /* Some known low-memory devices have features not enabled by default. */ + /* TODO determine low memory configuration for ECC. */ #else /* when you want to use SHA512 */ #define WOLFSSL_SHA512 /* when you want to use SHA3 */ - #define WOLFSSL_SHA3 + /* #define WOLFSSL_SHA3 */ /* ED25519 requires SHA512 */ #define HAVE_ED25519 +#endif - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL - #define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif + +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" #endif /* Optional OpenSSL compatibility */ /* #define OPENSSL_EXTRA */ -/* when you want to use pkcs7 */ +/* #Optional HAVE_PKCS7 */ /* #define HAVE_PKCS7 */ + #if defined(HAVE_PKCS7) + /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ + #define NO_PBKDF2 + #define HAVE_AES_KEYWRAP #define HAVE_X963_KDF #define WOLFSSL_AES_DIRECT @@ -174,25 +491,11 @@ /* #define CUSTOM_SLOT_ALLOCATION */ #endif -/* RSA primitive specific definition */ -#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) - /* Define USE_FAST_MATH and SMALL_STACK */ - #define ESP32_USE_RSA_PRIMITIVE - - #if defined(CONFIG_IDF_TARGET_ESP32) - - /* NOTE HW unreliable for small values! */ - /* threshold for performance adjustment for HW primitive use */ - /* X bits of G^X mod P greater than */ - #undef ESP_RSA_EXPT_XBITS - #define ESP_RSA_EXPT_XBITS 32 +/* WC_NO_CACHE_RESISTANT: slower but more secure */ +/* #define WC_NO_CACHE_RESISTANT */ - /* X and Y of X * Y mod P greater than */ - #undef ESP_RSA_MULM_BITS - #define ESP_RSA_MULM_BITS 16 - - #endif -#endif +/* TFM_TIMING_RESISTANT: slower but more secure */ +/* #define TFM_TIMING_RESISTANT */ /* #define WOLFSSL_ATECC508A_DEBUG */ @@ -203,37 +506,69 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x249F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif -#define HASH_SIZE_LIMIT /* for test.c */ +/* hash limit for test.c */ +#define HASH_SIZE_LIMIT /* USE_FAST_MATH is default */ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ +/* #define WOLFSSL_SP_RISCV32 */ /***** Use Integer Heap Math *****/ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif + +#define WOLFSSL_SMALL_STACK + + #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS -#define WOLFSSL_CERT_TEXT + + #define WOLFSSL_CERT_TEXT + + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ + +#endif #define WOLFSSL_ASN_TEMPLATE @@ -253,11 +588,66 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 + /* Alternatively, if there's an ECC Secure Element present: */ + /* #define WOLFSSL_ESPWROOM32SE */ + /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */ /* #define NO_ESP32_CRYPT */ /* #define NO_WOLFSSL_ESP32_CRYPT_HASH */ @@ -375,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -400,29 +794,84 @@ #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI #endif /* CONFIG_IDF_TARGET Check */ +/* RSA primitive specific definition, listed AFTER the Chipset detection */ +#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + /* Consider USE_FAST_MATH and SMALL_STACK */ + + #ifndef NO_RSA + #define ESP32_USE_RSA_PRIMITIVE + + #if defined(CONFIG_IDF_TARGET_ESP32) + #ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE + #if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500 + #warning "RSA may be difficult with less than 10KB Stack "/ + #endif + #endif + + /* NOTE HW unreliable for small values! */ + /* threshold for performance adjustment for HW primitive use */ + /* X bits of G^X mod P greater than */ + #undef ESP_RSA_EXPT_XBITS + #define ESP_RSA_EXPT_XBITS 32 + + /* X and Y of X * Y mod P greater than */ + #undef ESP_RSA_MULM_BITS + #define ESP_RSA_MULM_BITS 16 + #endif + #endif +#endif + /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER + +See wolfcrypt/benchmark/benchmark.c for debug and other settings: + +Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) +#define DEBUG_WOLFSSL_BENCHMARK_TIMING + +Turn on timer debugging (used when CPU cycles not available) +#define WOLFSSL_BENCHMARK_TIMER_DEBUG */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */ +/* Pause in a loop rather than exit. */ +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ + #define WOLFSSL_HW_METRICS -/* #define HASH_SIZE_LIMIT */ /* for test.c */ +/* for test.c */ +/* #define HASH_SIZE_LIMIT */ -/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */ +/* Optionally turn off HW math checks */ +/* #define NO_HW_MATH_TEST */ /* Optionally include alternate HW test library: alt_hw_test.h */ /* When enabling, the ./components/wolfssl/CMakeLists.txt file @@ -463,6 +912,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -540,6 +995,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_2048 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -559,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 + /* Be sure to include in app when using example certs: */ + /* #include */ #define CTX_CA_CERT ca_cert_der_1024 #define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024 #define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1 @@ -581,3 +1042,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024" #endif #endif /* Conditional key and cert constant names */ + +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt index 798cecceb7..9b1e29369c 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt @@ -3,6 +3,7 @@ # # wolfssl server test # +message("Begin wolfSSL main CMakeLists.txt") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") if(WIN32) @@ -83,24 +84,27 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT ) add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\") else() # if we get here, check the execute_process command and parameters. - message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT") + message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.") + message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"") set(${VAR_OUPUT} "Unknown") endif() endfunction() # LIBWOLFSSL_SAVE_INFO +# Save some project-specific details. Repo may be different than component, or may not even be a repo at all: if(NOT CMAKE_BUILD_EARLY_EXPANSION) - # LIBWOLFSSL_VERSION_GIT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_SHORT_HASH + # WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") - # LIBWOLFSSL_VERSION_GIT_HASH_DATE + # WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) - LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") + LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") endif() message(STATUS "") +message("End wolfSSL main CMakeLists.txt") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild index 64406069d4..061d0aa5a4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild @@ -1,9 +1,94 @@ -menu "Example Configuration" +menu "Example wolfSSL Configuration" + +choice WOLFSSL_EXAMPLE_CHOOSE + prompt "Choose Example (See wolfssl/include/user_settings.h)" + default WOLFSSL_EXAMPLE_NAME_NONE + help + The user settings file can be adjusted to specific wolfSSL examples. + + config WOLFSSL_EXAMPLE_NAME_TEMPLATE + bool "wolfSSL Template" + help + The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more. + + config WOLFSSL_EXAMPLE_NAME_TEST + bool "wolfSSL Test" + help + This app tests all cryptographic functions currently enabled. See also Benchmark performance app. + + config WOLFSSL_EXAMPLE_NAME_BENCHMARK + bool "wolfSSL Benchmark" + help + Benchmark performance app. See also cryptographic test. + + config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT + bool "TLS Client" + help + TLS Client Example app. Needs WiFi and a listening server on port 11111. + + config WOLFSSL_EXAMPLE_NAME_TLS_SERVER + bool "TLS Server" + help + TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE + bool "SSH Template App" + help + Bare-bones Hellow World app that only compiles in wolfSSL and wolfSSH. + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER + bool "SSH Echo Server" + help + See wolfSSL/wolfssh on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER + bool "SSH to UART Server for the ESP32" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER + bool "SSH to UART Server for the ESP8266" + help + See wolfSSL/wolfssh-examples on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE + bool "MQTT Template" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT + bool "MQTT AWS IoT" + help + See wolfSSL/wolfmqtt on GitHub. + + config WOLFTPM_EXAMPLE_NAME_ESPRESSIF + bool "TPM Test Example for the ESP32" + help + See wolfSSL/wolfTPM on GitHub. + + config WOLFSSL_EXAMPLE_NAME_NONE + bool "Other" + help + A specific example app is not defined. + +endchoice + +config WOLFSSL_TARGET_HOST + string "Target host" + default "127.0.0.1" + help + host address for the example to connect config WOLFSSL_TARGET_PORT int "Target port" default 11111 help - Host listening port for the example to connect. + host port for the example to connect endmenu diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk index 44bd2b5273..c59edbee41 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk @@ -1,3 +1,8 @@ # -# Main Makefile. This is basically the same as a component makefile. +# Main component makefile. +# +# This Makefile can be left empty. By default, it will take the sources in the +# src/ directory, compile them and link them into lib(subdirectory_name).a +# in the build directory. This behavior is entirely configurable, +# please read the ESP-IDF documents if you need to do this. # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h index 94d9132358..9e0096839f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h @@ -1,4 +1,4 @@ -/* template main.h +/* wolfssl_server main.h * * Copyright (C) 2006-2024 wolfSSL Inc. * diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h index b3574b66b8..3d335c652a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h @@ -1,4 +1,5 @@ -/* +/* time_helper.h + * * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. @@ -20,11 +21,11 @@ /* common Espressif time_helper v5.6.3.001 */ -#ifndef _TIME_HELPER_H -#define _TIME_HELPER_H +#ifndef _TIME_HELPER_H_ +#define _TIME_HELPER_H_ -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0 See: Espressif api-reference/system/system_time */ #ifdef __cplusplus @@ -32,7 +33,7 @@ extern "C" { #endif /* a function to show the current data and time */ -int esp_show_current_datetime(); +int esp_show_current_datetime(void); /* worst case, if GitHub time not available, used fixed time */ int set_fixed_default_time(void); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h index b5debf3641..668f6b8e99 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -21,9 +21,6 @@ #ifndef _WIFI_CONNECT_H_ #define _WIFI_CONNECT_H_ -#include -#include - /* ESP lwip */ #define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY @@ -31,8 +28,10 @@ #define TLS_SMP_SERVER_TASK_BYTES 22240 #define TLS_SMP_SERVER_TASK_PRIORITY 8 +/* Optionally use ESP-IDF config settings #define TLS_SMP_WIFI_SSID CONFIG_WIFI_SSID #define TLS_SMP_WIFI_PASS CONFIG_WIFI_PASSWORD +*/ #define USE_WIFI_EXAMPLE #ifdef USE_WIFI_EXAMPLE @@ -52,18 +51,53 @@ * file my_private_config.h should be excluded from git updates */ /* #define USE_MY_PRIVATE_CONFIG */ -#ifdef USE_MY_PRIVATE_CONFIG +/* Note that IntelliSense may not work properly in the next section for the + * Espressif SDK 3.4 on the ESP8266. Macros should still be defined. + * See the project-level Makefile. Example found in: + * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template + * + * The USE_MY_PRIVATE_[OS]_CONFIG is typically an environment variable that + * triggers the make (not cmake) to add compiler defines. + */ +#if defined(USE_MY_PRIVATE_WINDOWS_CONFIG) + #include "/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_WSL_CONFIG) + #include "/mnt/c/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_LINUX_CONFIG) + #include "~/workspace/my_private_config.h" +#elif defined(USE_MY_PRIVATE_MAC_CONFIG) + #include "~/Documents/my_private_config.h" +#elif defined(USE_MY_PRIVATE_CONFIG) + /* This section works best with cmake & non-environment variable setting */ #if defined(WOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_CMAKE + #include "/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WINDOWS) + #define WOLFSSL_MAKE #include "/workspace/my_private_config.h" #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_CMAKE + #include "/mnt/c/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_WSL) + #define WOLFSSL_MAKE #include "/mnt/c/workspace/my_private_config.h" #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_CMAKE + #include "~/workspace/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_LINUX) + #define WOLFSSL_MAKE #include "~/workspace/my_private_config.h" #elif defined(WOLFSSL_CMAKE_SYSTEM_NAME_APPLE) #include "~/Documents/my_private_config.h" + #elif defined(WOLFSSL_MAKE_SYSTEM_NAME_APPLE) + #define WOLFSSL_MAKE + #include "~/Documents/my_private_config.h" + #elif defined(OS_WINDOWS) + #include "/workspace/my_private_config.h" #else - #warning "did not detect environment. using ~/my_private_config.h" - #include "~/my_private_config.h" + /* Edit as needed for your private config: */ + #warning "default private config using /workspace/my_private_config.h" + #include "/workspace/my_private_config.h" #endif #else @@ -74,8 +108,12 @@ ** If you'd rather not, just change the below entries to strings with ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" */ - #ifdef CONFIG_ESP_WIFI_SSID + #if defined(CONFIG_ESP_WIFI_SSID) + /* tyically from ESP32 with ESP-IDF v4 ot v5 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID #else /* See new esp-sdk-lib.h helpers: */ #ifndef EXAMPLE_ESP_WIFI_SSID @@ -83,8 +121,12 @@ #endif #endif - #ifdef CONFIG_ESP_WIFI_PASSWORD + #if defined(CONFIG_ESP_WIFI_PASSWORD) + /* tyically from ESP32 with ESP-IDF v4 or v5 */ #define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD + #elif defined(CONFIG_EXAMPLE_WIFI_SSID) + /* typically from ESP8266 rtos-sdk/v3.4 */ + #define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD #else /* See new esp-sdk-lib.h helpers: */ #ifndef EXAMPLE_ESP_WIFI_PASS diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c index b25991ca2b..e8195416f4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c @@ -27,29 +27,43 @@ #include /* wolfSSL */ -#include /* includes wolfSSL user-settings.h */ -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif /* this project */ #include "server-tls.h" #include "time_helper.h" -#ifndef CONFIG_IDF_TARGET_ESP32H2 +#ifdef CONFIG_IDF_TARGET_ESP32H2 /* There's no WiFi on ESP32-H2. * For wired ethernet, see: * https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */ +#else #include "wifi_connect.h" + /* + * Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4 + * See https://github.com/espressif/esp-modbus/issues/2 + */ #endif #ifdef WOLFSSL_TRACK_MEMORY #include #endif -static const char* const TAG = "TLS Client"; +static const char* TAG = "main"; #if defined(WOLFSSL_ESPWROOM32SE) && defined(HAVE_PK_CALLBACKS) \ && defined(WOLFSSL_ATECC508A) @@ -114,10 +128,11 @@ void my_atmel_free(int slotId) #endif /* CUSTOM_SLOT_ALLOCATION */ #endif /* WOLFSSL_ESPWROOM32SE && HAVE_PK_CALLBACK && WOLFSSL_ATECC508A */ -/* for FreeRTOS */ +/* Entry for FreeRTOS */ void app_main(void) { int stack_start = 0; + int this_heap = 0; esp_err_t ret = 0; ESP_LOGI(TAG, "---------------- wolfSSL TLS Server Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); @@ -125,31 +140,58 @@ void app_main(void) ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); +#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig."); +#endif +#ifdef ESP_SDK_MEM_LIB_VERSION + sdk_init_meminfo(); +#endif #ifdef ESP_TASK_MAIN_STACK ESP_LOGI(TAG, "ESP_TASK_MAIN_STACK: %d", ESP_TASK_MAIN_STACK); #endif #ifdef TASK_EXTRA_STACK_SIZE ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE); #endif -#ifdef INCLUDE_uxTaskGetStackHighWaterMark + +#ifdef SINGLE_THREADED + ESP_LOGI(TAG, "Single threaded"); +#else ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)", CONFIG_ESP_MAIN_TASK_STACK_SIZE, - (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*))); + (int)(CONFIG_ESP_MAIN_TASK_STACK_SIZE / sizeof(void*))); + + #ifdef INCLUDE_uxTaskGetStackHighWaterMark + { + /* Returns the high water mark of the stack associated with xTask. That is, + * the minimum free stack space there has been (in bytes not words, unlike + * vanilla FreeRTOS) since the task started. The smaller the returned + * number the closer the task has come to overflowing its stack. + * see Espressif api-reference/system/freertos_idf + */ + stack_start = uxTaskGetStackHighWaterMark(NULL); + #ifdef ESP_SDK_MEM_LIB_VERSION + { + sdk_var_whereis("stack_start", &stack_start); + } + #endif - /* Returns the high water mark of the stack associated with xTask. That is, - * the minimum free stack space there has been (in bytes not words, unlike - * vanilla FreeRTOS) since the task started. The smaller the returned - * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html - */ - stack_start = uxTaskGetStackHighWaterMark(NULL); - ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); -#endif + ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); + } + #endif /* INCLUDE_uxTaskGetStackHighWaterMark */ +#endif /* SINGLE_THREADED */ #ifdef HAVE_VERSION_EXTENDED_INFO esp_ShowExtendedSystemInfo(); #endif - +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_OFF(); +#endif +#ifdef CONFIG_IDF_TARGET_ESP32H2 + ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported"); + while (1) { + vTaskDelay(60000); + } +#endif /* Set time for cert validation. * Some lwIP APIs, including SNTP functions, are not thread safe. */ ret = set_time(); /* need to setup NTP before WiFi */ @@ -183,11 +225,23 @@ void app_main(void) /* Initialize NVS */ ret = nvs_flash_init(); - if (ret == ESP_ERR_NVS_NO_FREE_PAGES || - ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { - ESP_ERROR_CHECK(nvs_flash_erase()); - ret = nvs_flash_init(); + #if defined(CONFIG_IDF_TARGET_ESP8266) + { + if (ret == ESP_ERR_NVS_NO_FREE_PAGES) { + ESP_ERROR_CHECK(nvs_flash_erase()); + ret = nvs_flash_init(); + } + } + #else + { + /* Non-ESP8266 initialization is slightly different */ + if (ret == ESP_ERR_NVS_NO_FREE_PAGES || + ret == ESP_ERR_NVS_NEW_VERSION_FOUND) { + ESP_ERROR_CHECK(nvs_flash_erase()); + ret = nvs_flash_init(); + } } + #endif /* else not CONFIG_IDF_TARGET_ESP8266 */ ESP_ERROR_CHECK(ret); #if defined(CONFIG_IDF_TARGET_ESP32H2) @@ -202,8 +256,8 @@ void app_main(void) ESP_LOGI(TAG, "Trying WiFi again..."); ret = wifi_init_sta(); } - #endif -#endif + #endif /* else not CONFIG_IDF_TARGET_ESP32H2 */ +#endif /* else FOUND_PROTOCOL_EXAMPLES_DIR not found */ /* Once we are connected to the network, start & wait for NTP time */ ret = set_time_wait_for_ntp(); @@ -215,34 +269,46 @@ void app_main(void) esp_show_current_datetime(); } +#if defined(SINGLE_THREADED) + /* just call the task */ + tls_smp_server_task((void*)NULL); +#else + tls_args args[1] = {0}; + /* start a thread with the task */ /* HWM is maximum amount of stack space that has been unused, in bytes * not words (unlike vanilla freeRTOS). */ + this_heap = esp_get_free_heap_size(); ESP_LOGI(TAG, "Initial Stack Used (before wolfSSL Server): %d bytes", CONFIG_ESP_MAIN_TASK_STACK_SIZE - (uxTaskGetStackHighWaterMark(NULL)) ); - ESP_LOGI(TAG, "Starting TLS Server...\n"); + ESP_LOGI(TAG, "Starting TLS Server task...\n"); + ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d", + &this_heap, this_heap); + + -#if defined(SINGLE_THREADED) - /* just call the task */ - tls_smp_server_task((void*)NULL); -#else - tls_args args[1] = {0}; - /* start a thread with the task */ tls_smp_server_init(args); /* NULL will use the DEFAULT_PORT value */ #endif + /* Done */ +#ifdef SINGLE_THREADED + ESP_LOGV(TAG, "\n\nDone!\n\n"); + while (1); +#else + ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); + vTaskDelete(NULL); /* done */ while (1) { + ESP_LOGV(TAG, "\n\nLoop...\n\n"); + #ifdef INCLUDE_uxTaskGetStackHighWaterMark + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); -#if defined(SINGLE_THREADED) - ESP_LOGV(TAG, "\n\nDone!\n\n"); - while (1); -#else - /* Delete this main task to free up memory */ - ESP_LOGV(TAG, "\n\nvTaskDelete...\n\n"); - vTaskDelete(NULL); -#endif + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL) )); + #endif + vTaskDelay(60000); } /* done while */ +#endif /* else not SINGLE_THREADED */ } /* app_main */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index b966e4e17b..8e1a14e91d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -39,10 +39,28 @@ #endif /* wolfSSL */ -#include -#include -#include - +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +#if defined(WOLFSSL_WC_KYBER) + #include + #include +#endif +#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + #include +#endif #ifdef WOLFSSL_TRACK_MEMORY #include #endif @@ -286,15 +304,19 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) my_atmel_slotInit(); atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free); #endif +#endif +#ifdef WOLFSSL_EXAMPLE_VERBOSITY + ESP_LOGI(TAG, "Initial stack used: %d\n", + TLS_SMP_SERVER_TASK_BYTES - uxTaskGetStackHighWaterMark(NULL) ); #endif ESP_LOGI(TAG, "accept clients..."); /* Continue to accept clients until shutdown is issued */ while (!shutdown) { - ESP_LOGI(TAG, "Stack used: %d\n", TLS_SMP_SERVER_TASK_BYTES - - uxTaskGetStackHighWaterMark(NULL) ); WOLFSSL_MSG("Waiting for a connection..."); +#if ESP_IDF_VERSION_MAJOR >=4 + /* TODO: IP Address is problematic in RTOS SDK 3.4 */ wifi_show_ip(); - +#endif /* Accept client socket connections */ if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) { @@ -319,7 +341,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) } } #else - ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled"); + ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled, not using PQ."); #endif /* show what cipher connected for this WOLFSSL* object */ ShowCiphers(ssl); @@ -363,6 +385,10 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args) /* Cleanup after this connection */ wolfSSL_free(ssl); /* Free the wolfSSL object */ close(connd); /* Close the connection to the client */ +#ifdef WOLFSSL_EXAMPLE_VERBOSITY + ESP_LOGI(TAG, "Stack used: %d\n", + TLS_SMP_SERVER_TASK_BYTES - uxTaskGetStackHighWaterMark(NULL)); +#endif } /* !shutdown */ /* Cleanup and return */ wolfSSL_free(ssl); /* Free the wolfSSL object */ @@ -398,8 +424,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) xTaskHandle _handle; #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here. - * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ + * Espressif uses BYTES for the task stack size here. */ ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d", TLS_SMP_SERVER_TASK_BYTES); ret_i = xTaskCreate(tls_smp_server_task, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c index 41a0e09751..75ab617b41 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c @@ -19,7 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* common Espressif time_helper v5.6.3.002 */ +/* See https://tf.nist.gov/tf-cgi/servers.cgi */ + +/* common Espressif time_helper v5.6.6.001 */ #include "sdkconfig.h" #include "time_helper.h" @@ -36,25 +38,23 @@ #include #endif #else - /* TODO Consider pre IDF v5? */ + /* TODO Consider non ESP-IDF environments */ #endif -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues - */ -const static char* TAG = "time_helper"; +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0. See: Espressif api-reference/system/system_time */ /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ #ifndef TIME_ZONE -/* - * PST represents Pacific Standard Time. - * +8 specifies the offset from UTC (Coordinated Universal Time), indicating - * that Pacific Time is UTC-8 during standard time. - * PDT represents Pacific Daylight Time. - * M3.2.0 indicates that Daylight Saving Time (DST) starts on the - * second (2) Sunday (0) of March (3). - * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11) - */ + /* + * PST represents Pacific Standard Time. + * +8 specifies the offset from UTC (Coordinated Universal Time), indicating + * that Pacific Time is UTC-8 during standard time. + * PDT represents Pacific Daylight Time. + * M3.2.0 indicates that Daylight Saving Time (DST) starts on the + * second (2) Sunday (0) of March (3). + * M11.1.0 indicates that DST ends on the first (1) Sunday (0) of November (11) + */ #define TIME_ZONE "PST+8PDT,M3.2.0,M11.1.0" #endif /* not defined: TIME_ZONE, so we are setting our own */ @@ -87,11 +87,13 @@ const static char* TAG = "time_helper"; char* ntpServerList[NTP_SERVER_COUNT] = NTP_SERVER_LIST; +const static char* TAG = "time_helper"; + /* our NTP server list is global info */ extern char* ntpServerList[NTP_SERVER_COUNT]; /* Show the current date and time */ -int esp_show_current_datetime() +int esp_show_current_datetime(void) { time_t now; char strftime_buf[64]; @@ -104,7 +106,7 @@ int esp_show_current_datetime() localtime_r(&now, &timeinfo); strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); - return 0; + return ESP_OK; } /* the worst-case scenario is a hard-coded date/time */ @@ -113,9 +115,9 @@ int set_fixed_default_time(void) /* ideally, we'd like to set time from network, * but let's set a default time, just in case */ struct tm timeinfo = { - .tm_year = 2023 - 1900, + .tm_year = 2024 - 1900, .tm_mon = 10, - .tm_mday = 02, + .tm_mday = 11, .tm_hour = 13, .tm_min = 01, .tm_sec = 05 @@ -130,7 +132,38 @@ int set_fixed_default_time(void) ESP_LOGI(TAG, "Adjusting time from fixed value"); now = (struct timeval){ .tv_sec = interim_time }; ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "settimeofday result = %d", ret); + return ret; +} +/* probably_valid_time_string(s) + * + * some sanity checks on time string before calling sscanf() + * + * returns 0 == ESP_OK == Success if str is likely a valid time. + * -1 == ESP_FAIL otherwise + */ +int probably_valid_time_string(const char* str) +{ + int ret = ESP_OK; + size_t length = 0; + size_t spaces = 0; + size_t colons = 0; + + while (str[length] != '\0') { + if (str[length] == ' ') { + spaces++; + } + if (str[length] == ':') { + colons++; + } + length++; + } + + if ((length > 32) || (spaces < 4) || (spaces > 5) || (colons > 2)) { + ret = ESP_FAIL; + ESP_LOGE(TAG, "ERROR, failed time sanity check: %s", str); + } return ret; } @@ -138,60 +171,67 @@ int set_fixed_default_time(void) * * returns 0 = success if able to set the time from the provided string * error for any other value, typically -1 */ -int set_time_from_string(char* time_buffer) +int set_time_from_string(const char* time_buffer) { /* expecting github default formatting: 'Thu Aug 31 12:41:45 2023 -0700' */ + char offset[28]; /* large arrays, just in case there's still bad data */ + char day_str[28]; + char month_str[28]; const char *format = "%3s %3s %d %d:%d:%d %d %s"; struct tm this_timeinfo; struct timeval now; time_t interim_time; - char offset[6]; /* expecting trailing single quote, not used */ - char day_str[4]; - char month_str[4]; int day, year, hour, minute, second; int quote_offset = 0; int ret = 0; - /* we are expecting the string to be encapsulated in single quotes */ - if (*time_buffer == 0x27) { - quote_offset = 1; - } + /* perform some basic sanity checkes */ + ret = probably_valid_time_string(time_buffer); + if (ret == ESP_OK) { + /* we are expecting the string to be encapsulated in single quotes */ + if (*time_buffer == 0x27) { + quote_offset = 1; + } - ret = sscanf(time_buffer + quote_offset, - format, - day_str, month_str, - &day, &hour, &minute, &second, &year, &offset); + ret = sscanf(time_buffer + quote_offset, + format, + day_str, month_str, + &day, &hour, &minute, &second, &year, &offset); - if (ret == 8) { - /* we found a match for all componets */ + if (ret == 8) { + /* we found a match for all componets */ - const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; + const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" + }; - for (int i = 0; i < 12; i++) { - if (strcmp(month_str, months[i]) == 0) { - this_timeinfo.tm_mon = i; - break; + for (int i = 0; i < 12; i++) { + if (strcmp(month_str, months[i]) == 0) { + this_timeinfo.tm_mon = i; + break; + } } - } - this_timeinfo.tm_mday = day; - this_timeinfo.tm_hour = hour; - this_timeinfo.tm_min = minute; - this_timeinfo.tm_sec = second; - this_timeinfo.tm_year = year - 1900; /* Number of years since 1900 */ + this_timeinfo.tm_mday = day; + this_timeinfo.tm_hour = hour; + this_timeinfo.tm_min = minute; + this_timeinfo.tm_sec = second; + this_timeinfo.tm_year = year - 1900; /* Years since 1900 */ - interim_time = mktime(&this_timeinfo); - now = (struct timeval){ .tv_sec = interim_time }; - ret = settimeofday(&now, NULL); - ESP_LOGI(TAG, "Time updated to %s", time_buffer); - } - else { - ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", time_buffer); - ESP_LOGI(TAG, "Trying fixed date that was hard-coded."); - set_fixed_default_time(); - ret = -1; + interim_time = mktime(&this_timeinfo); + now = (struct timeval){ .tv_sec = interim_time }; + ret = settimeofday(&now, NULL); + ESP_LOGI(TAG, "Time updated to %s", time_buffer); + } + else { + ESP_LOGE(TAG, "Failed to convert \"%s\" to a tm date.", + time_buffer); + ESP_LOGI(TAG, "Trying fixed date that was hard-coded...."); + set_fixed_default_time(); + ret = ESP_FAIL; + } } + return ret; } @@ -224,14 +264,16 @@ int set_time(void) #ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE /* initialy set a default approximate time from recent git commit */ - ESP_LOGI(TAG, "Found git hash date, attempting to set system date."); - set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE); + ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s", + LIBWOLFSSL_VERSION_GIT_HASH_DATE); + set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0"); esp_show_current_datetime(); ret = -4; #else /* otherwise set a fixed time that was hard coded */ set_fixed_default_time(); + esp_show_current_datetime(); ret = -3; #endif @@ -242,7 +284,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressifapi-reference/system/system_time.html#sntp-time-synchronization * * WARNING: do not set operating mode while SNTP client is running! */ @@ -262,6 +304,7 @@ int set_time(void) } ESP_LOGI(TAG, "%s", thisServer); sntp_setservername(i, thisServer); + ret = ESP_OK; } #ifdef HAS_ESP_NETIF_SNTP ret = esp_netif_sntp_init(&config); @@ -289,6 +332,9 @@ int set_time(void) ESP_LOGW(TAG, "No sntp time servers found."); ret = -1; } + + esp_show_current_datetime(); + ESP_LOGI(TAG, "time helper existing with result = %d", ret); return ret; } @@ -303,6 +349,8 @@ int set_time_wait_for_ntp(void) ret = esp_netif_sntp_start(); ret = esp_netif_sntp_sync_wait(500 / portTICK_PERIOD_MS); +#else + ESP_LOGW(TAG, "HAS_ESP_NETIF_SNTP not defined"); #endif /* HAS_ESP_NETIF_SNTP */ esp_show_current_datetime(); @@ -322,7 +370,7 @@ int set_time_wait_for_ntp(void) #endif if (ret == ESP_OK) { - ESP_LOGI(TAG, "Successfuly set time via NTP servers."); + ESP_LOGI(TAG, "Successfully set time via NTP servers."); } else { ESP_LOGW(TAG, "Warning: Failed to set time with NTP: " diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 1b33f98052..2c66126d97 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -18,24 +18,42 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - #include "wifi_connect.h" +#include "wifi_connect.h" +/* FreeRTOS */ #include #include #include -#include + +/* Espressif */ #include +#include +#include /* wolfSSL */ -#include -#include -#include -#ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#if ESP_IDF_VERSION_MAJOR >= 5 +/* When there's too little heap, WiFi quietly refuses to connect */ +#define WIFI_LOW_HEAP_WARNING 21132 + +#if defined(CONFIG_IDF_TARGET_ESP8266) +#elif ESP_IDF_VERSION_MAJOR >= 5 + /* example path set in cmake file */ #elif ESP_IDF_VERSION_MAJOR >= 4 #include "protocol_examples_common.h" #else @@ -43,7 +61,9 @@ static EventGroupHandle_t wifi_event_group; #endif -#if defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) +#if defined(CONFIG_IDF_TARGET_ESP8266) + +#elif defined(ESP_IDF_VERSION_MAJOR) && defined(ESP_IDF_VERSION_MINOR) #if ESP_IDF_VERSION_MAJOR >= 4 /* likely using examples, see wifi_connect.h */ #else @@ -63,7 +83,114 @@ /* breadcrumb prefix for logging */ const static char *TAG = "wifi_connect"; -#if ESP_IDF_VERSION_MAJOR < 4 +#if defined(CONFIG_IDF_TARGET_ESP8266) +#ifndef CONFIG_ESP_MAX_STA_CONN + #define CONFIG_ESP_MAX_STA_CONN 4 +#endif +#define EXAMPLE_MAX_STA_CONN CONFIG_ESP_MAX_STA_CONN + +#define WIFI_CONNECTED_BIT BIT0 +#define WIFI_FAIL_BIT BIT1 +#ifndef CONFIG_ESP_MAXIMUM_RETRY + #define CONFIG_ESP_MAXIMUM_RETRY 5 +#endif +/* FreeRTOS event group to signal when we are connected*/ +static EventGroupHandle_t s_wifi_event_group; +static int s_retry_num = 0; + +#define EXAMPLE_ESP_MAXIMUM_RETRY CONFIG_ESP_MAXIMUM_RETRY +static void event_handler(void* arg, esp_event_base_t event_base, + int32_t event_id, void* event_data) +{ + if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_START) { + esp_wifi_connect(); + } else if (event_base == WIFI_EVENT && event_id == WIFI_EVENT_STA_DISCONNECTED) { + if (s_retry_num < EXAMPLE_ESP_MAXIMUM_RETRY) { + esp_wifi_connect(); + s_retry_num++; + ESP_LOGI(TAG, "retry to connect to the AP"); + } else { + xEventGroupSetBits(s_wifi_event_group, WIFI_FAIL_BIT); + } + ESP_LOGI(TAG,"connect to the AP fail"); + } else if (event_base == IP_EVENT && event_id == IP_EVENT_STA_GOT_IP) { + ip_event_got_ip_t* event = (ip_event_got_ip_t*) event_data; + ESP_LOGI(TAG, "got ip:%s", + ip4addr_ntoa(&event->ip_info.ip)); + s_retry_num = 0; + xEventGroupSetBits(s_wifi_event_group, WIFI_CONNECTED_BIT); + } +} + +int wifi_init_sta(void) +{ + word32 this_heap; + + s_wifi_event_group = xEventGroupCreate(); + + tcpip_adapter_init(); + + ESP_ERROR_CHECK(esp_event_loop_create_default()); + + wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); + ESP_ERROR_CHECK(esp_wifi_init(&cfg)); + + ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler, NULL)); + ESP_ERROR_CHECK(esp_event_handler_register(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler, NULL)); + + wifi_config_t wifi_config = { + .sta = { + .ssid = EXAMPLE_ESP_WIFI_SSID, + .password = EXAMPLE_ESP_WIFI_PASS + }, + }; + + /* Setting a password implies station will connect to all security modes including WEP/WPA. + * However these modes are deprecated and not advisable to be used. Incase your Access point + * doesn't support WPA2, these mode can be enabled by commenting below line */ + + if (strlen((char *)wifi_config.sta.password)) { + wifi_config.sta.threshold.authmode = WIFI_AUTH_WPA2_PSK; + } + + ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA) ); + ESP_ERROR_CHECK(esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) ); + ESP_ERROR_CHECK(esp_wifi_start() ); + + ESP_LOGI(TAG, "wifi_init_sta finished. Connecting..."); + this_heap = esp_get_free_heap_size(); + ESP_LOGI(TAG, "this heap = %d", this_heap); + if (this_heap < WIFI_LOW_HEAP_WARNING) { + ESP_LOGW(TAG, "Warning: WiFi low heap: %d", WIFI_LOW_HEAP_WARNING); + } + /* Waiting until either the connection is established (WIFI_CONNECTED_BIT) or connection failed for the maximum + * number of re-tries (WIFI_FAIL_BIT). The bits are set by event_handler() (see above) */ + EventBits_t bits = xEventGroupWaitBits(s_wifi_event_group, + WIFI_CONNECTED_BIT | WIFI_FAIL_BIT, + pdFALSE, + pdFALSE, + portMAX_DELAY); + + ESP_LOGI(TAG, "xEventGroupWaitBits finished."); + /* xEventGroupWaitBits() returns the bits before the call returned, hence we can test which event actually + * happened. */ + if (bits & WIFI_CONNECTED_BIT) { + ESP_LOGI(TAG, "connected to ap SSID:%s", + EXAMPLE_ESP_WIFI_SSID); + } else if (bits & WIFI_FAIL_BIT) { + ESP_LOGI(TAG, "Failed to connect to SSID:%s, password:%s", + EXAMPLE_ESP_WIFI_SSID, EXAMPLE_ESP_WIFI_PASS); + } else { + ESP_LOGE(TAG, "UNEXPECTED EVENT"); + } + + ESP_ERROR_CHECK(esp_event_handler_unregister(IP_EVENT, IP_EVENT_STA_GOT_IP, &event_handler)); + ESP_ERROR_CHECK(esp_event_handler_unregister(WIFI_EVENT, ESP_EVENT_ANY_ID, &event_handler)); + vEventGroupDelete(s_wifi_event_group); + return ESP_OK; +} + +#elif ESP_IDF_VERSION_MAJOR < 4 /* event handler for wifi events */ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) { @@ -80,7 +207,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference/system/freertos_idf.html */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: @@ -269,7 +396,8 @@ int wifi_init_sta(void) int wifi_show_ip(void) { - /* ESP_LOGI(TAG, "got ip:" IPSTR, IP2STR(&event->ip_info.ip)); */ - return 0; + /* TODO Causes panic: ESP_LOGI(TAG, "got ip:" IPSTR, + * IP2STR(&event->ip_info.ip)); */ + return ESP_OK; } #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults index f8bce25ff3..2734899437 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults @@ -1,25 +1,133 @@ +# Set the known example app config to TLS Server (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER=y + +# CONFIG_EXAMPLE_WIFI_SSID="myssid" +# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword" + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # # Default main stack size # -# This is typically way bigger than needed for stack size. See user_settings.h +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h # -CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500 +# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. +# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others +CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=55500 +CONFIG_MAIN_TASK_STACK_SIZE=10500 + +# +# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled +CONFIG_NEWLIB_NANO_FORMAT=n +# +# Watchdog Timers +# +# We don't want to have the watchdog timeout during tests & benchmarks +# +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n +CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n +# Panic & Watchdog +CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000 +CONFIG_ESP_TASK_WDT_EN=n +CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y +CONFIG_ESP_INT_WDT=n + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + + +# Ensure mbedTLS options are disabled +# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n +# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n +# CONFIG_MBEDTLS_TLS_SERVER=n +# CONFIG_MBEDTLS_TLS_CLIENT=n +# CONFIG_MBEDTLS_HARDWARE_AES=n +# CONFIG_MBEDTLS_HARDWARE_MPI=n +# CONFIG_MBEDTLS_HARDWARE_SHA=n +# CONFIG_MBEDTLS_ROM_MD5=n +# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n +# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n +# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n +# CONFIG_MBEDTLS_SSL_ALPN=n +# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n +# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n + +# The same-name config is used for both WiFi and client/server TLS, so we cannot disable: +# CONFIG_MBEDTLS_TLS_ENABLED=n +# CONFIG_MBEDTLS_TLS_DISABLED=y # # Compiler options # CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y +# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set +# CONFIG_COMPILER_OPTIMIZATION_PERF is not set +# CONFIG_COMPILER_OPTIMIZATION_NONE is not set CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set +# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set +CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2 +# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set CONFIG_COMPILER_HIDE_PATHS_MACROS=y +# CONFIG_COMPILER_CXX_EXCEPTIONS is not set +# CONFIG_COMPILER_CXX_RTTI is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set +# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set CONFIG_COMPILER_STACK_CHECK=y +# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set +# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set +# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set +# CONFIG_COMPILER_DUMP_RTL_FILES is not set +# end of Compiler options + +# We don't know that the min is actually v2, +# but this is the earliest tested. +CONFIG_ESP32C3_REV_MIN_2=y # # Partition Table diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 new file mode 100644 index 0000000000..a24d9302e6 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 @@ -0,0 +1,7 @@ +# +# Main XTAL Config +# +CONFIG_XTAL_FREQ_26=y +# CONFIG_XTAL_FREQ_40 is not set +CONFIG_XTAL_FREQ=26 +# end of Main XTAL Config diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt index 6e70b4a626..4260db5ca3 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt @@ -1,15 +1,82 @@ # wolfSSL Espressif Example Project CMakeLists.txt -# v1.1 +# v1.3 # # The following lines of boilerplate have to be in your project's # CMakeLists in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) +cmake_minimum_required(VERSION 3.16) +# Optional no watchdog typically used for test & benchmark add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1) -include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# The wolfSSL CMake file should be able to find the source code. +# Otherwise, assign an environment variable or set it here: +# +# set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") +# +# Optional WOLFSSL_CMAKE_SYSTEM_NAME detection to find +# USE_MY_PRIVATE_CONFIG path for my_private_config.h +# +# Expected path varies: +# +# WSL: /mnt/c/workspace +# Linux: ~/workspace +# Windows: C:\workspace +# +if(WIN32) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") + message("Detected Windows") +endif() +if(CMAKE_HOST_UNIX) + message("Detected UNIX") +endif() +if(APPLE) + message("Detected APPLE") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") + message("Detected WSL") +endif() +if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") + message("Detected Linux") +endif() +if(APPLE) + # Windows-specific configuration here + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") + message("Detected Apple") +endif() +# End optional WOLFSSL_CMAKE_SYSTEM_NAME + +# Check that there are not conflicting wolfSSL components +# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl +# The local component wolfSSL directory will be in ./components/wolfssl +if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) + # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) + # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL) + # So we'll error out and let the user decide how to proceed: + message(WARNING "\nFound wolfSSL components in\n" + "./managed_components/wolfssl__wolfssl\n" + "and\n" + "./components/wolfssl\n" + "in project directory: \n" + "${CMAKE_HOME_DIRECTORY}") + message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" + "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " + "or rename the idf_component.yml file typically found in ./main/") +else() + message(STATUS "No conflicting wolfSSL components found.") +endif() + +# Ensure the this wolfSSL component directory is included +set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl") +list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) # Not only is a project-level "set(COMPONENTS" not needed here, this will cause # an unintuitive error about Unknown CMake command "esptool_py_flash_project_args". +include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(wolfssl_test) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md index ee66039f04..298ea015ce 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md @@ -1,5 +1,6 @@ # wolfSSL Crypt Test Example + This is the ESP32 Version of the [wolfSSL wolfcrypt test application](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). For general information on [wolfSSL examples for Espressif](../README.md), see the @@ -8,7 +9,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## ESP Registry The easiest way to get started with wolfSSL is by using the -[ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples. +[ESP Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) examples. ``` . ~/esp/esp-idf/export.sh @@ -22,13 +23,13 @@ idf.py -b 115200 flash monitor Open the VisualGDB Visual Studio Project file in the [VisualGDB directory](./VisualGDB/README.md) and click the "Start" button. No wolfSSL setup is needed. You may need to adjust your specific COM port. The default is `COM20`. -## ESP-IDF Commandline +## ESP-IDF Commandline (version 4.4 or greater for the ESP32) 1. `idf.py menuconfig` to configure the program. 1-1. Example Configuration -> - TEST_ARG : argument that you want to use. Default is "-lng 0" - The list of argument can be find in help. + There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). + All features enabled in the `user_settings.h` will be tested. When you want to run the test program @@ -42,16 +43,17 @@ Reminder than when building on WSL in `/mnt/c` there will be a noticeable perfor Example build on WSL, assuming `git clone` from `c:\workspace`: ``` -WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +# WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/master echo "Run export.sh from ${WRK_IDF_PATH}" . ${WRK_IDF_PATH}/export.sh # switch to test example -cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test +cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_test -# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB -. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh +# Pick ESP-IDF install directory, this one for v5.2 in VisualGDB +. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh # set target chipset idf.py set-target esp32s3 @@ -65,6 +67,33 @@ idf.py idf.py build flash -p /dev/ttyS24 -b 115200 monitor ``` +## ESP-IDF Commandline (version 3.5 or earlier for the ESP8266) + + +``` +WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4 +. $WRK_IDF_PATH/export.sh + +# install as needed / prompted +/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4/install.sh + +cd IDE/Espressif/ESP-IDF/examples/ESP8266 + +# adjust settings as desired +idf.py menuconfig + +idf.py build flash -p /dev/ttyS55 -b 115200 +``` + +## Putty (via WSL) + +Define a non-blank value for `ESPIDF_PUTTY_MONITOR` to launch `testMonitor.sh` output in putty.exe sessions from Windows. +Assumes `PUTTY_EXE="/mnt/c/tools/putty.exe"`. + +```bash +export ESPIDF_PUTTY_MONITOR=true +``` + ## Example Output Note the default wolfSSL `user_settings.h` is configured by default to be the most diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt index 5f42ad3452..8b90966f9b 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt @@ -19,17 +19,67 @@ # # cmake for wolfssl Espressif projects # -# Version 5.7.0 template update + THIS_IDF_PATH +# Version 5.7.2 Espressif ESP-IDF integration # # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html # - +message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") cmake_minimum_required(VERSION 3.16) set(VERBOSE_COMPONENT_MESSAGES 1) +# Optional requires include: +# set(THIS_ESP_TLS "esp-tls") +set(THIS_ESP_TLS "") + +# function: IS_ESP_IDF_COMPONENT +# output: RESULT = 1 (true) if this component is located in the ESP-IDF components +# otherwise 0 (false) +function( IS_ESP_IDF_COMPONENT RESULT ) + # NOTE: Component location is based on the location of the CMakeList.txt + # and *not* the location of the wolfSSL source code. (which may be anywhere) + + # Normalize the paths to remove any trailing slashes + get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH) + get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH) + + # Check if the test path starts with the IDF_PATH + string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos) + + if(${pos} EQUAL 0) + message(STATUS "${COMPONENT_DIR} is within IDF_PATH.") + set(${RESULT} 1 PARENT_SCOPE) + else() + message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.") + set(${RESULT} 0 PARENT_SCOPE) + endif() +endfunction() + +# Determine if this cmake file is located in the ESP-IDF component directory or not, +# and if so, if it is being ignored (allowing the use of a local project one, instead). +IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT ) +if( IS_WOLSSL_ESP_IDF_COMPONENT ) + message(STATUS "This wolfSSL is a component in ESP-IDF.") + if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT ) + idf_component_register() + message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.") + return() + endif() +endif() + + +if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" ) + # nothing to do +else() + # Only forward slashes, or double backslashes are supported. + # By the time we get here the sdkconfig file has a value for wolfSSL source code root. + string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") +endif() + # The scope of this CMAKE_C_FLAGS is just this component: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS") set(CMAKE_CURRENT_SOURCE_DIR ".") # set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component @@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "") endif() if( "$ENV{IDF_PATH}" STREQUAL "" ) - message(FATAL_ERROR "IDF_PATH Environment variable not set!") + message(FATAL_ERROR "IDF_PATH Environment variable not set!") else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() @@ -106,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_ message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}") else() # benchmark and test do not need wifi, everything else probably does: - set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component + set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component endif() # find the user name to search for possible "wolfssl-username" @@ -130,6 +180,25 @@ else() string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}") endif() +# ENVIRONMENT_VAR_TO_MACRO +# Check environment variable name EVARPARAM as [name] +# If defined, and has a value of EVARVALUE as [value], +# then assign a compiler definition "-D[name]=[value]" +function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE) + # If the EVARPARAM environment variable name is set to EVARVALUE, + # set the compiler flag definition to enable CSV output. + if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}") + message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}") + else() + if(DEFINED ENV{${EVARPARAM}}) + message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.") + else() + message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.") + endif() + endif() +endfunction() + # COMPONENT_NAME = wolfssl # The component name is the directory name. "No feature to change this". # See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685 @@ -147,7 +216,8 @@ endif() # function: IS_WOLFSSL_SOURCE # parameter: DIRECTORY_PARAMETER - the directory to test # output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank. -function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT) +function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER + RESULT ) if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src") set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE) else() @@ -166,26 +236,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY) message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" ) + # The parameter is empty, so we certainly need to search. + # First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above) set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}") if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...") - else() - get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE) - IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) - if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via Environment Variable:") + # Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig + if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT) + set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) + message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") else() - message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:") - message(STATUS "$ENV{WOLFSSL_ROOT}") - endif() - endif() + message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...") + # If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY: + # This wolfSSL component CMakeLists.txt may be found EITHER in: + # 1) local project component + # 2) ESP-IDF share components + # We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl + # That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components) + # Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent. + message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}") + get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE) + message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}") + string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH) + endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT + endif() # check environment var blank + else() + message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY") + message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + endif() # parameter empty + + # Check to see if we found a path in environment or config settings, above. + if( "${CURRENT_SEARCH_DIR}" STREQUAL "" ) + message(STATUS "Source for wolfSSL not specified in path nor config settings.") + # We'll continue the search by recursing up the directory tree, below. else() - get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE) + # Setting found! Does it contain a valid path? + string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR}) + get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE) IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL) if( FOUND_WOLFSSL ) - message(STATUS "Found WOLFSSL_ROOT via prior specification.") + message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}") + set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE) + return() else() - message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}") + if(WIN32) + message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.") + endif() + message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}") + message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}") endif() endif() @@ -286,6 +386,11 @@ endfunction() message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}") +# Check for environment variable that may be assigned to macros +ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1") +ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1") + +# Optional variable inspection if (0) get_cmake_property(_variableNames VARIABLES) list (SORT _variableNames) @@ -302,15 +407,20 @@ endif() if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) # There's no esp_timer, no driver components for the ESP8266 - message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}") - message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}") + message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}") + message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "") set(THIS_INCLUDE_DRIVER "") + set(THIS_ESP_TLS "") else() message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}") message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}") set(THIS_INCLUDE_TIMER "esp_timer") set(THIS_INCLUDE_DRIVER "driver") + set(THIS_ESP_TLS "esp-tls") + # Let the app know that we've included the esp-tls component requirement. + # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1") endif() if(CMAKE_BUILD_EARLY_EXPANSION) @@ -318,8 +428,9 @@ if(CMAKE_BUILD_EARLY_EXPANSION) idf_component_register( REQUIRES "${COMPONENT_REQUIRES}" PRIV_REQUIRES # esp_hw_support - ${THIS_INCLUDE_TIMER} - ${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark ) else() @@ -328,6 +439,15 @@ else() message(STATUS "wolfssl component config:") message(STATUS "************************************************************************************************") + if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + # There's no esp_timer, no driver components for the ESP8266 + set(THIS_INCLUDE_TIMER "") + set(THIS_INCLUDE_DRIVER "") + else() + set(THIS_INCLUDE_TIMER "esp_timer") + set(THIS_INCLUDE_DRIVER "driver") + endif() + # search for wolfSSL FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) if(WOLFSSL_ROOT) @@ -341,7 +461,9 @@ else() # Abort CMake after fatal error. endif() else() - message(STATUS "Searching for wolfSL source code...") + message(STATUS "Source code for wolfSSL still not found.") + message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...") + set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}") FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT) endif() @@ -349,11 +471,18 @@ else() if(WOLFSSL_ROOT) message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}") else() - message(STATUS "Failed: wolfssl directory not found.") + # Try to allow a more intuitive error that the source code was not found in cmake: + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND") + + message(STATUS "Failed: wolfssl source code directory not found.") # Abort. We need wolfssl _somewhere_. - message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" - "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") - # Abort CMake after fatal error. + message(STATUS "") + message(STATUS "") + message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n" + "Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.") + message(STATUS "") + message(STATUS "") + # Abort CMake after fatal error. (or not?) endif() set(INCLUDE_PATH ${WOLFSSL_ROOT}) @@ -379,22 +508,24 @@ else() endif() endif() + message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}") set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\"" + "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\"" "\"${WOLFSSL_EXTRA_PROJECT_DIR}\"" ) # COMPONENT_SRCDIRS message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}") - # wolfSSL user_settings.h is in the local project. + # wolfSSL user_settings.h may be in the local project. + # TODO check if exists and possibly set to ESP-IDF set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl") - # add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h") string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}") - add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h") - + add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h") + message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"") # Espressif may take several passes through this makefile. Check to see if we found IDF string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF) @@ -427,8 +558,7 @@ else() message(STATUS "**************************************************************************************") message(STATUS "") - message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.") - # Abort CMake after fatal error. + message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.") # Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition: set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING") @@ -536,7 +666,9 @@ else() # depending on the environment, we may need to swap backslashes with forward slashes string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos") - string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + if(WOLFSSL_ROOT) + string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT}) + endif() if(IS_DIRECTORY "${RTOS_IDF_PATH}") message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}") @@ -552,7 +684,7 @@ else() message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH") # wolfSSL-specific include directories set(COMPONENT_ADD_INCLUDEDIRS - "./include" # this is the location of wolfssl user_settings.h + "./include" # this is the location of local project wolfssl user_settings.h "\"${WOLFSSL_ROOT}/\"" "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"" @@ -589,8 +721,8 @@ else() "\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c "\"${WOLFSSL_ROOT}/src/x509.c\"" "\"${WOLFSSL_ROOT}/src/x509_str.c\"" - "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default - "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default + "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default "\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\"" @@ -601,6 +733,7 @@ else() "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\"" "\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\"" + "\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project. "\"${EXCLUDE_ASM}\"" ) @@ -622,15 +755,120 @@ else() # see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path # set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}") - idf_component_register( - SRC_DIRS "${COMPONENT_SRCDIRS}" - INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" - REQUIRES "${COMPONENT_REQUIRES}" - EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" - PRIV_REQUIRES - "${THIS_INCLUDE_TIMER}" - "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark - ) + + if(WOLFSSL_ROOT) + # Only register the component if we found wolfSSL source. + # This is important to allow Cmake to finish to completion, otherwise the UI + # may not be able to display the Kconfig settings to fix a bad or missing source. + idf_component_register( + SRC_DIRS "${COMPONENT_SRCDIRS}" + INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}" + REQUIRES "${COMPONENT_REQUIRES}" + EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}" + PRIV_REQUIRES + "${THIS_ESP_TLS}" + "${THIS_INCLUDE_TIMER}" + "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark + ) + else() + # Register the component simply to allow CMake to complete, but there's no wolfSSL source. + # Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings. + idf_component_register() + message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)") + endif() + +# function(WOLFSSL_INIT_CERT_BUNDLE) +if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") + ) + if (CMAKE_BUILD_EARLY_EXPANSION) + message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION") + endif() + # reminder: we need a value for wolfSSL root first! + if( "${WOLFSSL_ROOT}" STREQUAL "" ) + message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT") + endif() + set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle) + message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + set(bundle_name "x509_crt_bundle_wolfssl") + + # For now the certs are in the same directory + set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + + # Generate custom certificate bundle using the generate_cert_bundle utility + set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py) + + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem) + list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv) + endif() + + # Add deprecated root certs if enabled. This config is not visible if the default cert + # bundle is not selected + if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST) + list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem) + endif() + + if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE) + get_filename_component(custom_bundle_path + ${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}") + list(APPEND crt_paths ${custom_bundle_path}) + message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}") + else() + message(STATUS "Not using a custom wolfSSL bundle path.") + endif() + list(APPEND args --input ${crt_paths} -q) + + message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}") + get_filename_component(crt_bundle + ${bundle_name} + ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") + + message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}") + message(STATUS "Depends on custom bundle path: ${custom_bundle_path}") + message(STATUS "crt_bundle ${crt_bundle}") + message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}") + message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}") + message(STATUS "args ${args}") + message(STATUS "cert_bundle ${cert_bundle}") + + # Generate bundle according to config + # File is generated at build time, not cmake load + add_custom_command(OUTPUT ${crt_bundle} + COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args} + DEPENDS ${custom_bundle_path} + VERBATIM) + + if(EXISTS "${crt_bundle}") + message(STATUS "Bundle file exists from prior build: ${crt_bundle}") + else() + message(STATUS "Bundle file expected during next build: ${crt_bundle}") + endif() + + # Reminder the file is generated at build time, not cmake load time. + message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}") + + add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle}) + + # the wolfSSL crtificate bundle is baked into wolfSSL + add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle) + + # COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc + # target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY) + target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY) + set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + APPEND PROPERTY ADDITIONAL_CLEAN_FILES + "${crt_bundle}") + else() + message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}") + endif() +endif() + +# endfunction() # WOLFSSL_INIT_CERT_BUNDLE # Some optional diagnostics. Verbose ones are truncated. if (VERBOSE_COMPONENT_MESSAGES) @@ -662,6 +900,12 @@ else() endif() # target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"") + message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}") + message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}") + target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}") + if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" ) + target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y") + endif() endif() # CMAKE_BUILD_EARLY_EXPANSION @@ -717,33 +961,80 @@ endfunction() # LIBWOLFSSL_SAVE_INFO # create some programmatic #define values that will be used by ShowExtendedSystemInfo(). # see wolfcrypt\src\port\Espressif\esp32_utl.c -if(NOT CMAKE_BUILD_EARLY_EXPANSION) +if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT) set (git_cmd "git") message(STATUS "Adding macro definitions:") # LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}") # LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\' - execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) + execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} + "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" + OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ) LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}") LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}") - message(STATUS "************************************************************************************************") - message(STATUS "wolfssl component config complete!") - message(STATUS "************************************************************************************************") endif() + +# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project +string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF) + +if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1) + # Flag not found, append it + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") +endif() + +if(WOLFSSL_ROOT) + message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}") + + # PlatformIO does not process script from from the Espressif cmake process. + # We need to know where wolfSSL source code was found, so save it in the + # PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py + + set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}") + message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}") + message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}") + # See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE + if(CONFIG_ESP_TLS_USING_WOLFSSL) + if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") ) + message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config") + else() + message(STATUS "wolfSSL will be used for ESP-TLS") + endif() + else() + message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.") + endif() +else() + message(STATUS "") + message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.") + message(STATUS "") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "ERROR: Could not find wolfSSL Source Code") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") + message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!") +endif() + +message(STATUS "************************************************************************************************") +message(STATUS "wolfSSL component config complete!") +message(STATUS "************************************************************************************************") diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig new file mode 100644 index 0000000000..cdd039d73f --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig @@ -0,0 +1,523 @@ +# Kconfig template +# +# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# + +# Kconfig File Version 5.7.2.001 for esp-idf integration + +# Kconfig Format Rules +# +# See: +# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html +# +# Format rules for Kconfig files are as follows: +# +# Option names in any menus should have consistent prefixes. The prefix +# currently should have at least 3 characters. +# +# The unit of indentation should be 4 spaces. All sub-items belonging to a +# parent item are indented by one level deeper. For example, menu is indented +# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the +# text under help by 12 spaces. +# +# No trailing spaces are allowed at the end of the lines. +# +# The maximum length of options is NOT 50 characters as documented. +# kconfcheck will complain that options should be 40 at most. +# +# Fix option lengths first. Superflous errors on other lines may occur. +# +# The maximum length of lines is 120 characters. +# +# python -m kconfcheck +# +# --------------------------------------------------------------------------------------------------------------------- +# Begin main wolfSSL configuration menu +# --------------------------------------------------------------------------------------------------------------------- +# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL + +menu "wolfSSL" + + menu "Hardening" + config ESP_WOLFSSL_WC_NO_HARDEN + bool "Disable wolfSSL hardening" + default n + help + Sets WC_NO_HARDEN + + config ESP_WOLFSSL_TFM_TIMING_RESISTANT + bool "Enable TFM Timing Resistant Code" + default n + help + Sets TFM_TIMING_RESISTANT. + + endmenu # Hardening + + config ESP_WOLFSSL_ENABLE_BENCHMARK + bool "Enable wolfSSL Benchmark Library" + default n + help + Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK. + + + menu "Benchmark Debug" + config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + bool "Enable benchmark timing debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc). + + config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + bool "Enable benchmark timer debug" + depends on ESP_WOLFSSL_ENABLE_BENCHMARK + default n + help + Turn on timer debugging (used when CPU cycles not available) + + endmenu # Benchmark Debug + + # ----------------------------------------------------------------------------------------------------------------- + # wolfCrypt Test + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ENABLE_TEST + bool "Enable wolfCrypt Test Library" + default n + help + Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST. + + menu "wolfCrypt tests" + config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + bool "Enable wolfCrypt Test Options" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables HAVE_WOLFCRYPT_TEST_OPTIONS + + config TEST_ESPIDF_ALL_WOLFSSL + bool "Enable all features to use in tests" + depends on ESP_WOLFSSL_ENABLE_TEST + default n + help + Enables TEST_ESPIDF_ALL_WOLFSSL + + endmenu # wolfCrypt tests + + # ----------------------------------------------------------------------------------------------------------------- + # Apple HomeKit Options + # ----------------------------------------------------------------------------------------------------------------- + menu "Apple HomeKit" + config WOLFSSL_APPLE_HOMEKIT + bool "Enable Apple HomeKit options" + default n + help + Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit. + endmenu # Apple HomeKit + # ----------------------------------------------------------------------------------------------------------------- + + config ESP_WOLFSSL_DISABLE_MY_ECC + bool "Disable ECC in my project" + default "n" + help + ECC is enabled by default. Select this option to disable. + + config ESP_WOLFSSL_ENABLE_MY_USE_RSA + bool "Enable RSA in my project" + default "n" + help + RSA is disabled by default. Select this option to enable. + + config ESP_WOLFSSL_BENCHMARK + bool "Enable wolfSSL Benchmark" + default n + help + Enables user settings relevant to benchmark code + + config ESP_TLS_USING_WOLFSSL_SPECIFIED + bool "Use the specified wolfssl for ESP-TLS" + default Y + help + Includes wolfSSL from specified directory (not using esp-wolfssl). + + config ESP_WOLFSSL_NO_USE_FAST_MATH + bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration" + select ESP_WOLFSSL_NO_HW + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + + menu "Protocol Config" + config WOLFSSL_HAVE_ALPN + bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL" + default y + + config WOLFSSL_ALLOW_TLS13 + bool "Allow TLS 1.3" + default y + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_ALLOW_TLS12 + bool "Allow TLS 1.2" + default n + help + Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2. + When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted. + + config WOLFSSL_HAVE_TLS_EXTENSIONS + bool "Enable TLS Extensions" + default y + help + Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more. + + config WOLFSSL_ALT_CERT_CHAINS + bool "Enable Alternate Certificate Chains" + default n + help + The option relaxes the default strict wolfSSL certificate chain processing. This + will typically need to be enabled when loading only a CA file. Typically solves + the -188 ASN_NO_SIGNER_E error. Use with caution. + + config WOLFSSL_HAVE_OCSP + bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL" + default n + help + Sets HAVE_OCSP + + endmenu # Protocol Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config TLS_STACK_WOLFSSL + # Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL + bool + default n + select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY + help + Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library. + Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE. + + menu "wolfSSL ESP-TLS" + depends on ESP_TLS_USING_WOLFSSL + + menu "Certificate Bundle" + depends on ESP_TLS_USING_WOLFSSL + + config WOLFSSL_CERTIFICATE_BUNDLE + bool "Enable trusted root certificate bundle" + default y if ESP_TLS_USING_WOLFSSL + default n + depends on ESP_TLS_USING_WOLFSSL + help + Enable support for large number of default root certificates + + When enabled this option allows user to store default as well + as customer specific root certificates in compressed format rather + than storing full certificate. For the root certificates the public key and the subject name + will be stored. + + config WOLFSSL_NO_ASN_STRICT + bool "Relax Certificate ASN Strict Checks" + default n + depends on ESP_TLS_USING_WOLFSSL + help + Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues, + it is recommended to NOT enable this. + + config WOLFSSL_ASN_ALLOW_0_SERIAL + bool "Allow cert missing an ASN Serial Number" + default y + depends on ESP_TLS_USING_WOLFSSL + help + Although not recommended, there may be certificates in the bundle that are missing + a serial number. This option allows the missing value without having to fully + disable strict ASN checking with WOLFSSL_NO_ASN_STRICT. + + choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE + bool "Default certificate bundle options" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL + bool "Use the full default certificate bundle" + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN + bool "Use only the most common certificates from the default bundles" + help + Use only the most common certificates from the default bundles, reducing the size with 50%, + while still having around 99% coverage. + config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + bool "Do not use the default certificate bundle" + endchoice + + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + default n + bool "Add custom certificates to the default bundle" + config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH + depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + string "Custom certificate bundle path" + help + Name of the custom certificate directory or file. This path is evaluated + relative to the project root directory. + + config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST + bool "Add deprecated root certificates" + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE + help + Include the deprecated list of root certificates in the bundle. + This list gets updated when a certificate is removed from the Mozilla's + NSS root certificate store. This config can be enabled if you would like + to ensure that none of the certificates that were deployed in the product + are affected because of the update to bundle. In turn, enabling this + config keeps expired, retracted certificates in the bundle and it may + pose a security risk. + + - Deprecated cert list may grow based based on sync with upstream bundle + - Deprecated certs would be be removed in ESP-IDF (next) major release + + config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS + int "Maximum no of certificates allowed in certificate bundle" + default 200 + depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL + + endmenu + endmenu # wolfSSL ESP-TLS + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + bool "Modify default hardware acceleration settings" + default n + help + When disabling all hardware acceleration for smaller memory footprint, + disabling TFM fast math provides faster wolfSSL software algorithms in an + even smaller flash memory footprint. + Typically used for debugging, analysis, or optimizations. The default + hardware acceleration features can be each manually adjusted. + + menu "wolfSSL Hardware Acceleration" + + config ESP_WOLFSSL_NO_ESP32_CRYPT + bool "Disable all ESP32 Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_AES + select ESP_WOLFSSL_NO_HW_HASH + select ESP_WOLFSSL_NO_HW_RSA_PRI + select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT. + Consider disabling FASTMATH (other libraries are faster in software and smaller) + + config ESP_WOLFSSL_NO_HW_AES + bool "Disable all ESP32 AES Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default.When selected defines: NO_HW_AES + + config ESP_WOLFSSL_NO_HW_HASH + bool "Disable all ESP32 SHA Hash Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_HASH + + config ESP_WOLFSSL_NO_HW_RSA_PRI + bool "Disable all ESP32 RSA Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + select ESP_WOLFSSL_NO_HW_PRI_MP_MUL + select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + bool "Disable all ESP32 Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL + + config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + bool "Disable all ESP32 Modular Multiplication Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD + + config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration" + depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION + default n + help + Hardware acceleration enabled by default. + Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD + + config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + bool "Enable debugging of RSA Multiplication operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + multiplication operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + bool "Enable debugging of RSA Modular operand length" + default n + help + Prints an esp log warning to the default console UART when one of the + modular math operands exceeds the maximum size supported by hardware, + requiring fallback to software. This can be helpful to pick key sizes + when performance is critical. See also metrics for counting instances. + + endmenu # wolfSSL Hardware Acceleration + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Experimental Options" + + config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS + bool "Enable wolfSSL Experimental Settings" + default n + help + Enables experimental settings for wolfSSL. See documentation. + + config ESP_WOLFSSL_ENABLE_KYBER + bool "Enable wolfSSL Kyber" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + endmenu # wolfSSL Experimental Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Debug Options" + config ESP_WOLFSSL_DEBUG_WOLFSSL + bool "Enable wolfSSL Debugging" + default n + help + Enable debugging messages for wolfSSL. See user_settings.h for additional debug options. + + config ESP_WOLFSSL_TEST_LOOP + bool "Run test apps in a loop until failure" + default y + help + Enable a loop wrapper for benchmark, http_client, and wolfssl test apps. + + endmenu # wolfSSL Debug Options + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "wolfSSL Customization" + config CUSTOM_SETTING_WOLFSSL_ROOT + string "Enter a path for wolfSSL source code" + default "~/workspace/wolfssl" + help + This option lets you specify a directory for the wolfSSL source code (typically a git clone). + Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes + (e.g., C:\\myfolder\\mysubfolder). + + endmenu # wolfSSL Customization + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Component Config" + config IGNORE_ESP_IDF_WOLFSSL_COMPONENT + bool "Ignore the ESP-IDF component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component. + + config IGNORE_LOCAL_WOLFSSL_COMPONENT + bool "Ignore the local component of wolfSSL (if present)" + default n + help + Ignores wolfSSL present in the local project components directory. + Requires wolfssl as a ESP-IDF component. + + endmenu # Component Config + # ----------------------------------------------------------------------------------------------------------------- + + # ----------------------------------------------------------------------------------------------------------------- + menu "Utility Config" + config USE_WOLFSSL_ESP_SDK_TIME + bool "Enable wolfSSL time helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + config USE_WOLFSSL_ESP_SDK_WIFI + bool "Enable wolfSSL WiFi helper functions" + default n + help + Enables use of various time and date setting functions found in the esp-sdk-lib.h file. + + endmenu # Utility Config +endmenu # wolfSSL +# --------------------------------------------------------------------------------------------------------------------- + + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfSSH" + config ESP_ENABLE_WOLFSSH + bool "Enable wolfSSH options" + default n + help + Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING + + config ESP_WOLFSSL_DEBUG_WOLFSSH + bool "Enable wolfSSH debugging" + default n + help + Enable wolfSSH debugging macro. See user_settings.h + +endmenu # wolfSSH +# --------------------------------------------------------------------------------------------------------------------- + +# --------------------------------------------------------------------------------------------------------------------- +menu "wolfMQTT" + config ESP_ENABLE_WOLFMQTT + bool "Enable wolfMQTT options" + default n + help + Enables WOLFMQTT + + config ESP_WOLFSSL_DEBUG_WOLFMQTT + bool "Enable wolfMQTT debugging" + default n + help + Enable wolfMQTT debugging macro. See user_settings.h + +endmenu # wolfMQTT +# --------------------------------------------------------------------------------------------------------------------- diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk index 2540584c8f..bab08b5522 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk @@ -18,6 +18,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # +$(info *********** wolfssl component ************) + # # Component Makefile # @@ -48,193 +50,246 @@ # define it here: CFLAGS +=-DWOLFSSL_USER_SETTINGS -# In the wolfSSL GitHub examples for Espressif, -# the root is 7 directories up from here: -WOLFSSL_ROOT := ../../../../../../../ +# Note that 4 source files created by autogen are excluded here. +# +# See these files commented out, below. Adjust as needed for your application: +# +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o + + +# NOTICE: the WOLFSSL_ROOT setting MUST be relative! +# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables +# In the wolfSSL GitHub examples for Espressif: +# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples +# When this wolfssl component.mk makefile is in [project]/components/wolfssl +# The root is 7 directories up from here (the location of of this component.mk): +WOLFSSL_ROOT := ../../../../../../.. + +# To set the location of a different location, it is best to use relative paths. +# +# Set WOLFSSL_ROOT to a relative path from the current component directory. +# For example, if the wolfssl_client is copied from the examples to test: +# +# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo +# +# we run make in /mnt/c/test/demo +# component is in /mnt/c/test/demo/components/wolfssl +# wolfssl is in /mnt/c/workspace/wolfssl-master +# +# "/mnt/c" is 4 directories up: +# 2 for `./test/demo` from where we run `make`, plus +# 2 more from the location of `component.mk` located +# in `[currect directory]/components/wolfssl`. +# +# Thus we need 4 parent reference to find the relative path to wolfSSL: +# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master + +# Optional CFLAGS (make works without these; for reference only) +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt +# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif + +abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT)) + +# print-wolfssl-path-value: +# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)" +# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)" + +$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)) +$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)) # NOTE: The wolfSSL include directory (e.g. user_settings.h) is # located HERE in THIS project, and *not* in the wolfSSL root. COMPONENT_ADD_INCLUDEDIRS := . COMPONENT_ADD_INCLUDEDIRS += include -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT). -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif -COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/. +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt +COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif # COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos # COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc" +# wolfSSL +COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src -# WOLFSSL_ROOT := "" -COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark -COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test -COMPONENT_SRCDIRS += include +# wolfcrypt +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src -COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o -COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o +# Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel + +COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o +COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o ## ## wolfSSL ## -COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o +COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # COMPONENT_OBJS += src/conf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o # COMPONENT_OBJS += src/pk.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o # COMPONENT_OBJS += src/ssl_asn1.o # COMPONENT_OBJS += src/ssl_bn.o # COMPONENT_OBJS += src/ssl_certman.o # COMPONENT_OBJS += src/ssl_crypto.o # COMPONENT_OBJS += src/ssl_misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o # COMPONENT_OBJS += src/x509.o # COMPONENT_OBJS += src/x509_str.o ## ## wolfcrypt ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o -# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion +# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o ## ## Espressif ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o ## ## wolfcrypt benchmark (optional) ## -## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o +## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o +## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark +## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark + ## ## wolfcrypt test (optional) ## -COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o +COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o +COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test ## ## wolfcrypt ## +# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src +$(info ********** end wolfssl component **********) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index 9cf87e8fdb..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -1,4 +1,4 @@ -/* user_settings.h +/* wolfssl-component include/user_settings.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,19 +18,52 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01 + +/* The Espressif project config file. See also sdkconfig.defaults */ +#include "sdkconfig.h" /* This user_settings.h is for Espressif ESP-IDF * * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1 * - * Do not include any wolfssl headers here + * Do not include any wolfssl headers here. * * When editing this file: - * ensure wolfssl_test and wolfssl_benchmark settings match. + * ensure all examples match. The template example is the reference. */ -/* The Espressif project config file. See also sdkconfig.defaults */ -#include "sdkconfig.h" +/* Naming convention: (see also esp32-crypt.h for the reference source). + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ /* The Espressif sdkconfig will have chipset info. ** @@ -46,33 +79,250 @@ #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF -/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ -#define NO_ESP_SDK_WIFI +/* Test various user_settings between applications by selecting example apps + * in `idf.py menuconfig` for Example wolfSSL Configuration settings: */ + +/* Turn on messages that are useful to see only in examples. */ +#define WOLFSSL_EXAMPLE_VERBOSITY + +/* Paths can be long, ensure the entire value printed during debug */ +#define WOLFSSL_MAX_ERROR_SZ 500 + +/* wolfSSL Examples: set macros used in example applications. + * + * These Settings NOT available in ESP-IDF (e.g. esp-tls) + * + * Any settings needed by ESP-IDF components should be explicitly set, + * and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n + * + * ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */ +#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define TEST_ESPIDF_ALL_WOLFSSL + +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */ + /* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */ + /* #define USE_WOLFSSL_ESP_SDK_WIFI */ + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER) + /* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfSSH Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER) + /* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER) + /* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfMQTT Examples */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */ + #define USE_WOLFSSL_ESP_SDK_WIFI +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT) + /* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* wolfTPM Examples */ +#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF) + /* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Apple HomeKit Examples */ +#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* See https://github.com/AchimPieters/esp32-homekit-demo */ + +/* no example selected */ +#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE) + /* We'll assume the app needs to use wolfSSL sdk lib function */ + #define USE_WOLFSSL_ESP_SDK_WIFI + +/* Other applications detected by cmake */ +#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE) + /* The wolfSSL Version of the client example */ + #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2) + /* Less memory available, so smaller key sizes: */ + #define FP_MAX_BITS (4096 * 2) + #else + #define FP_MAX_BITS (8192 * 2) + #endif + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif + +#elif defined(APP_ESP_HTTP_CLIENT) + /* The ESP-IDF Version */ + #define FP_MAX_BITS (8192 * 2) + #define HAVE_ALPN + #define HAVE_SNI + #define OPENSSL_EXTRA_X509_SMALL + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define OPENSSL_EXTRA + #ifndef WOLFSSL_ALWAYS_VERIFY_CB + #define WOLFSSL_ALWAYS_VERIFY_CB + #endif + #ifndef WOLFSSL_VERIFY_CB_ALL_CERTS + #define WOLFSSL_VERIFY_CB_ALL_CERTS + #endif + #ifndef KEEP_PEER_CERT + #define KEEP_PEER_CERT + #endif +#else + #ifdef WOLFSSL_ESPIDF + /* #warning "App config undetected" */ + #endif + /* the code is older or does not have application name defined. */ +#endif /* Example wolfSSL Configuration app settings */ /* Experimental Kyber */ -#if 0 +#ifdef CONFIG_WOLFSSL_ENABLE_KYBER /* Kyber typically needs a minimum 10K stack */ #define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE + #endif +#endif + +/* Pick a cert buffer size: */ +/* #define USE_CERT_BUFFERS_2048 */ +/* #define USE_CERT_BUFFERS_1024 */ +#define USE_CERT_BUFFERS_2048 + +/* The Espressif sdkconfig will have chipset info. +** +** Some possible values: +** +** CONFIG_IDF_TARGET_ESP32 +** CONFIG_IDF_TARGET_ESP32S2 +** CONFIG_IDF_TARGET_ESP32S3 +** CONFIG_IDF_TARGET_ESP32C3 +** CONFIG_IDF_TARGET_ESP32C6 +*/ + +/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #endif /* Apple HomeKit settings */ + +/* Used by ESP-IDF components: */ +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) + /* The ESP-TLS */ + #ifndef FP_MAX_BITS + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + /* Optionally set smaller size here */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #else + #define FP_MAX_BITS (4096 * 2) + #endif + #endif + #define HAVE_ALPN + #ifndef CONFIG_IDF_TARGET_ESP8266 + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ + #define HAVE_SNI + #endif + #define OPENSSL_EXTRA_X509_SMALL + + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES #endif +/* Optionally enable some wolfSSH settings */ +#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + /* optional debug */ + /* #undef DEBUG_WOLFSSH */ + /* #define DEBUG_WOLFSSH */ + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN + + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING +#endif /* ESP_ENABLE_WOLFSSH */ + + +/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */ +/* #define USE_WOLFSSL_ESP_SDK_WIFI */ + /* * ONE of these Espressif chip families will be detected from sdkconfig: * * WOLFSSL_ESP32 + * WOLFSSL_ESPWROOM32SE * WOLFSSL_ESP8266 + * + * following ifdef detection only for syntax highlighting: */ -#undef WOLFSSL_ESPWROOM32SE -#undef WOLFSSL_ESP8266 -#undef WOLFSSL_ESP32 +#ifdef WOLFSSL_ESPWROOM32SE + #undef WOLFSSL_ESPWROOM32SE +#endif +#ifdef WOLFSSL_ESP8266 + #undef WOLFSSL_ESP8266 +#endif +#ifdef WOLFSSL_ESP32 + #undef WOLFSSL_ESP32 +#endif /* See below for chipset detection from sdkconfig.h */ /* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */ -/* #define SINGLE_THREADED */ +#define SINGLE_THREADED -/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache. +/* Small session cache saves a lot of RAM for ClientCache and SessionCache. * Memory requirement is about 5KB, otherwise 20K is needed when not specified. * If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K) * When really desperate or no TLS used, try NO_SESSION_CACHE. */ @@ -92,130 +342,6 @@ /* RSA_LOW_MEM: Half as much memory but twice as slow. */ #define RSA_LOW_MEM -/* Uncommon settings for testing only */ -#define TEST_ESPIDF_ALL_WOLFSSL -#ifdef TEST_ESPIDF_ALL_WOLFSSL - #define WOLFSSL_MD2 - #define HAVE_BLAKE2 - #define HAVE_BLAKE2B - #define HAVE_BLAKE2S - - #define WC_RC2 - #define WOLFSSL_ALLOW_RC4 - - #define HAVE_POLY1305 - - #define WOLFSSL_AES_128 - #define WOLFSSL_AES_OFB - #define WOLFSSL_AES_CFB - #define WOLFSSL_AES_XTS - - /* #define WC_SRTP_KDF */ - /* TODO Causes failure with Espressif AES HW Enabled */ - /* #define HAVE_AES_ECB */ - /* #define HAVE_AESCCM */ - /* TODO sanity check when missing HAVE_AES_ECB */ - #define WOLFSSL_WOLFSSH - - #define HAVE_AESGCM - #define WOLFSSL_AES_COUNTER - - #define HAVE_FFDHE - #define HAVE_FFDHE_2048 - #if defined(CONFIG_IDF_TARGET_ESP8266) - /* TODO Full size SRP is disabled on the ESP8266 at this time. - * Low memory issue? */ - #define WOLFCRYPT_HAVE_SRP - /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ - #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS - #elif defined(CONFIG_IDF_TARGET_ESP32) || \ - defined(CONFIG_IDF_TARGET_ESP32S2) || \ - defined(CONFIG_IDF_TARGET_ESP32S3) - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) - /* SRP Known to be working on this target::*/ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #else - /* For everything else, give a try and see if SRP working: */ - #define WOLFCRYPT_HAVE_SRP - #define FP_MAX_BITS (8192 * 2) - #endif - - #define HAVE_DH - - /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. - * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ - /* #define HAVE_CAMELLIA */ - - /* DSA requires old SHA */ - #define HAVE_DSA - - /* Needs SHA512 ? */ - #define HAVE_HPKE - - /* Not for Espressif? */ - #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ - defined(CONFIG_IDF_TARGET_ESP8684) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) || \ - defined(CONFIG_IDF_TARGET_ESP8266) - - #if defined(CONFIG_IDF_TARGET_ESP8266) - #undef HAVE_ECC - #undef HAVE_ECC_CDH - #undef HAVE_CURVE25519 - - /* TODO does CHACHA also need alignment? Failing on ESP8266 - * See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */ - #ifdef HAVE_CHACHA - #error "HAVE_CHACHA not supported on ESP8266" - #endif - #ifdef HAVE_XCHACHA - #error "HAVE_XCHACHA not supported on ESP8266" - #endif - #else - #define HAVE_XCHACHA - #define HAVE_CHACHA - /* TODO Not enabled at this time, needs further testing: - * #define WC_SRTP_KDF - * #define HAVE_COMP_KEY - * #define WOLFSSL_HAVE_XMSS - */ - #endif - /* TODO AES-EAX not working on this platform */ - - /* Optionally disable DH - * #undef HAVE_DH - * #undef HAVE_FFDHE - */ - - /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ - #ifndef HAVE_ECC - #define ECC_SHAMIR - #endif - #else - #define WOLFSSL_AES_EAX - - #define ECC_SHAMIR - #endif - - /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ - /* #define WOLFSSL_CAAM */ - /* #define WOLFSSL_CAAM_BLOB */ - - #define WOLFSSL_AES_SIV - #define WOLFSSL_CMAC - - #define WOLFSSL_CERT_PIV - - /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ - /* #define HAVE_SCRYPT */ - #define SCRYPT_TEST_ALL - #define HAVE_X963_KDF -#endif - /* optionally turn off SHA512/224 SHA512/256 */ /* #define WOLFSSL_NOSHA512_224 */ /* #define WOLFSSL_NOSHA512_256 */ @@ -230,14 +356,40 @@ #define BENCH_EMBEDDED /* TLS 1.3 */ -#define WOLFSSL_TLS13 -#define HAVE_TLS_EXTENSIONS -#define WC_RSA_PSS -#define HAVE_HKDF -#define HAVE_AEAD -#define HAVE_SUPPORTED_CURVES +#ifdef CONFIG_WOLFSSL_ALLOW_TLS13 + #define WOLFSSL_TLS13 + #define HAVE_TLS_EXTENSIONS + #define HAVE_HKDF -#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + /* May be required */ + #ifndef HAVE_AEAD + #endif + + /* Required for ECC */ + #define HAVE_SUPPORTED_CURVES + + /* Required for RSA */ + #define WC_RSA_PSS + + /* TLS 1.3 normally requires HAVE_FFDHE */ + #if defined(HAVE_FFDHE_2048) || \ + defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) || \ + defined(HAVE_FFDHE_6144) || \ + defined(HAVE_FFDHE_8192) + #else + #define HAVE_FFDHE_2048 + /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */ + #endif +#endif + +#if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) + /* Optionally set smaller size here */ + #define HAVE_FFDHE_4096 +#else + #define HAVE_FFDHE_4096 +#endif #define NO_FILESYSTEM @@ -254,32 +406,67 @@ /* when you want to use SHA384 */ #define WOLFSSL_SHA384 -/* when you want to use SHA512 */ -#define WOLFSSL_SHA512 - -/* when you want to use SHA3 */ -#define WOLFSSL_SHA3 - - /* ED25519 requires SHA512 */ -#define HAVE_ED25519 - /* Some features not enabled for ESP8266: */ #if defined(CONFIG_IDF_TARGET_ESP8266) || \ defined(CONFIG_IDF_TARGET_ESP32C2) + /* Some known low-memory devices have features not enabled by default. */ /* TODO determine low memory configuration for ECC. */ #else - #define HAVE_ECC - #define HAVE_CURVE25519 - #define CURVE25519_SMALL + /* when you want to use SHA512 */ + #define WOLFSSL_SHA512 + + /* when you want to use SHA3 */ + /* #define WOLFSSL_SHA3 */ + + /* ED25519 requires SHA512 */ + #define HAVE_ED25519 #endif -#define HAVE_ED25519 +#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2) + #define MY_USE_ECC 0 + #define MY_USE_RSA 1 +#else + #define MY_USE_ECC 1 + #define MY_USE_RSA 0 +#endif -/* Optional OPENSSL compatibility */ -#define OPENSSL_EXTRA +/* We can use either or both ECC and RSA, but must use at least one. */ +#if MY_USE_ECC || MY_USE_RSA + #if MY_USE_ECC + /* ---- ECDSA / ECC ---- */ + #define HAVE_ECC + #define HAVE_CURVE25519 + #define HAVE_ED25519 + #define WOLFSSL_SHA512 + /* + #define HAVE_ECC384 + #define CURVE25519_SMALL + */ + #else + #define WOLFSSH_NO_ECC + /* WOLFSSH_NO_ECDSA is typically defined automatically, + * here for clarity: */ + #define WOLFSSH_NO_ECDSA + #endif + + #if MY_USE_RSA + /* ---- RSA ----- */ + /* #define RSA_LOW_MEM */ + + /* DH disabled by default, needed if ECDSA/ECC also turned off */ + #define HAVE_DH + #else + #define WOLFSSH_NO_RSA + #endif +#else + #error "Either RSA or ECC must be enabled" +#endif + +/* Optional OpenSSL compatibility */ +/* #define OPENSSL_EXTRA */ /* #Optional HAVE_PKCS7 */ -#define HAVE_PKCS7 +/* #define HAVE_PKCS7 */ #if defined(HAVE_PKCS7) /* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */ @@ -319,8 +506,11 @@ /* #define XTIME time */ -/* adjust wait-timeout count if you see timeout in RSA HW acceleration */ -#define ESP_RSA_TIMEOUT_CNT 0x349F00 +/* Adjust wait-timeout count if you see timeout in RSA HW acceleration. + * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0xFF0000 +#endif /* hash limit for test.c */ #define HASH_SIZE_LIMIT @@ -329,7 +519,7 @@ #define USE_FAST_MATH /***** Use SP_MATH *****/ -/* #undef USE_FAST_MATH */ +/* #undef USE_FAST_MATH */ /* #define SP_MATH */ /* #define WOLFSSL_SP_MATH_ALL */ /* #define WOLFSSL_SP_RISCV32 */ @@ -338,6 +528,14 @@ /* #undef USE_FAST_MATH */ /* #define USE_INTEGER_HEAP_MATH */ +/* Just syntax highlighting to check math libraries: */ +#if defined(SP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_INTEGER_HEAP_MATH) || \ + defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_RISCV32) +#endif #define WOLFSSL_SMALL_STACK @@ -345,18 +543,32 @@ #define HAVE_VERSION_EXTENDED_INFO /* #define HAVE_WC_INTROSPECTION */ -#define HAVE_SESSION_TICKET +#ifndef NO_SESSION_CACHE + #define HAVE_SESSION_TICKET +#endif /* #define HAVE_HASHDRBG */ +#if 0 +/* Example for additional cert functions */ #define WOLFSSL_KEY_GEN -#define WOLFSSL_CERT_REQ -#define WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_EXT -#define WOLFSSL_SYS_CA_CERTS + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_EXT + #define WOLFSSL_SYS_CA_CERTS + + + #define WOLFSSL_CERT_TEXT + /* command-line options + --enable-keygen + --enable-certgen + --enable-certreq + --enable-certext + --enable-asn-template + */ -#define WOLFSSL_CERT_TEXT +#endif #define WOLFSSL_ASN_TEMPLATE @@ -376,10 +588,62 @@ --enable-asn-template */ +/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */ +/* +#define WOLFSSL_SM2 +#define WOLFSSL_SM3 +#define WOLFSSL_SM4 +*/ + +#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4) + /* SM settings, possible cipher suites: + + TLS13-AES128-GCM-SHA256 + TLS13-CHACHA20-POLY1305-SHA256 + TLS13-SM4-GCM-SM3 + TLS13-SM4-CCM-SM3 + + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3" + #define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \ + "TLS13-SM4-CCM-SM3:" + */ + + #undef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */ + + #undef WOLFSSL_SM4_ECB + #define WOLFSSL_SM4_ECB + + #undef WOLFSSL_SM4_CBC + #define WOLFSSL_SM4_CBC + + #undef WOLFSSL_SM4_CTR + #define WOLFSSL_SM4_CTR + + #undef WOLFSSL_SM4_GCM + #define WOLFSSL_SM4_GCM + + #undef WOLFSSL_SM4_CCM + #define WOLFSSL_SM4_CCM + + #define HAVE_POLY1305 + #define HAVE_CHACHA + + #undef HAVE_AESGCM + #define HAVE_AESGCM +#else + /* default settings */ + #define USE_CERT_BUFFERS_2048 +#endif + /* Chipset detection from sdkconfig.h * Default is HW enabled unless turned off. * Uncomment lines to force SW instead of HW acceleration */ -#if defined(CONFIG_IDF_TARGET_ESP32) +#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) #define WOLFSSL_ESP32 /* Alternatively, if there's an ECC Secure Element present: */ /* #define WOLFSSL_ESPWROOM32SE */ @@ -501,12 +765,16 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #ifndef FP_MAX_BITS + /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */ + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #endif /***** END CONFIG_IDF_TARGET_ESP266 *****/ #elif defined(CONFIG_IDF_TARGET_ESP8684) @@ -556,18 +824,33 @@ /* Debug options: See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options +optionally increase error message size for very long paths. +#define WOLFSSL_MAX_ERROR_SZ 500 + +Turn wolfSSL debugging on/off: + wolfSSL_Debugging_ON(); + wolfSSL_Debugging_OFF(); + #define ESP_VERIFY_MEMBLOCK #define DEBUG_WOLFSSL #define DEBUG_WOLFSSL_VERBOSE #define DEBUG_WOLFSSL_SHA_MUTEX +#define WOLFSSL_DEBUG_IGNORE_ASN_TIME +#define WOLFSSL_DEBUG_CERT_BUNDLE +#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME #define WOLFSSL_ESP32_CRYPT_DEBUG #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG #define NO_RECOVER_SOFTWARE_CALC #define WOLFSSL_TEST_STRAY 1 #define USE_ESP_DPORT_ACCESS_READ_BUFFER #define WOLFSSL_ESP32_HW_LOCK_DEBUG +#define WOLFSSL_DEBUG_MUTEX #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS +#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS #define ESP_DISABLE_HW_TASK_LOCK +#define ESP_MONITOR_HW_TASK_LOCK +#define USE_ESP_DPORT_ACCESS_READ_BUFFER See wolfcrypt/benchmark/benchmark.c for debug and other settings: @@ -579,7 +862,8 @@ Turn on timer debugging (used when CPU cycles not available) */ /* Pause in a loop rather than exit. */ -#define WOLFSSL_ESPIDF_ERROR_PAUSE +/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */ +/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */ #define WOLFSSL_HW_METRICS @@ -628,6 +912,12 @@ Turn on timer debugging (used when CPU cycles not available) * There are various certificate examples in this header file: * https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h * + * To use the sample certificates in code (not recommended for production!): + * + * #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024) + * #include + * #endif + * * To use the sets of macros below, define *one* of these: * * USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1 @@ -705,6 +995,7 @@ Turn on timer debugging (used when CPU cycles not available) #define WOLFSSL_BASE16 #else #if defined(USE_CERT_BUFFERS_2048) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_2048 @@ -726,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available) #define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1 #elif defined(USE_CERT_BUFFERS_1024) + #define USE_CERT_BUFFERS_256 /* Be sure to include in app when using example certs: */ /* #include */ #define CTX_CA_CERT ca_cert_der_1024 @@ -773,3 +1065,11 @@ Turn on timer debugging (used when CPU cycles not available) #else #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" #endif +/* See settings.h for some of the possible hardening options: + * + * #define NO_ESPIDF_DEFAULT + * #define WC_NO_CACHE_RESISTANT + * #define WC_AES_BITSLICED + * #define HAVE_AES_ECB + * #define HAVE_AES_DIRECT + */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt index 2fe1790be0..3690d140f4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt @@ -1,3 +1,5 @@ +# wolfSSL Espressif Example Project/main CMakeLists.txt +# v1.1 # # wolfssl crypt test # diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk index df684f1e0b..d9b752f161 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk @@ -6,4 +6,4 @@ # in the build directory. This behavior is entirely configurable, # please read the ESP-IDF documents if you need to do this. # -# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.) +# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h index 94d9132358..ac09e78437 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h @@ -1,4 +1,4 @@ -/* template main.h +/* wolfssl_test main.h * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c index 315ff304c9..0e18bedcc7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c @@ -1,4 +1,4 @@ -/* main.c +/* test main.c * * Copyright (C) 2006-2024 wolfSSL Inc. * @@ -26,17 +26,20 @@ /* wolfSSL */ /* Always include wolfcrypt/settings.h before any other wolfSSL file. */ /* Reminder: settings.h pulls in user_settings.h; don't include it here. */ -#ifdef WOLFSSL_USER_SETTINGS +#if defined(WOLFSSL_USER_SETTINGS) #include - #ifndef WOLFSSL_ESPIDF - #warning "Problem with wolfSSL user_settings." - #warning "Check components/wolfssl/include" + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" #endif - #include - #include - #include - #include - #include #else /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ @@ -44,8 +47,9 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include "driver/uart.h" - +/* Hardware; include after other libraries, + * particularly after freeRTOS from settings.h */ +#include /* set to 0 for one test, ** set to 1 for continuous test loop */ @@ -76,9 +80,13 @@ /* ** although the wolfcrypt/test includes a default time setting, -** see wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h */ - +** see the enclosed optional time helper for adding NNTP. +** be sure to add "time_helper.c" in main/CMakeLists.txt +*/ #undef WOLFSSL_USE_TIME_HELPER +#if defined(WOLFSSL_USE_TIME_HELPER) + #include "time_helper.h" +#endif /* see wolfssl/wolfcrypt/test/test.h */ extern void wolf_crypt_task(); @@ -155,13 +163,16 @@ void app_main(void) .parity = UART_PARITY_DISABLE, .stop_bits = UART_STOP_BITS_1, }; + int stack_start = 0; + int loops = 0; esp_err_t ret = 0; - wc_ptr_t stack_start = esp_sdk_stack_pointer(); + + stack_start = esp_sdk_stack_pointer(); /* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN, * UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */ - /* Some targets may need to have UART speed set. TODO: which? */ + /* Some targets may need to have UART speed set, such as ESP8266 */ ESP_LOGI(TAG, "UART init"); uart_param_config(UART_NUM_0, &uart_config); uart_driver_install(UART_NUM_0, @@ -186,6 +197,7 @@ void app_main(void) #ifdef TASK_EXTRA_STACK_SIZE ESP_LOGI(TAG, "TASK_EXTRA_STACK_SIZE: %d", TASK_EXTRA_STACK_SIZE); #endif + #ifdef INCLUDE_uxTaskGetStackHighWaterMark ESP_LOGI(TAG, "CONFIG_ESP_MAIN_TASK_STACK_SIZE = %d bytes (%d words)", CONFIG_ESP_MAIN_TASK_STACK_SIZE, @@ -195,13 +207,13 @@ void app_main(void) * the minimum free stack space there has been (in bytes not words, unlike * vanilla FreeRTOS) since the task started. The smaller the returned * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + * see Espressif esp32/api-reference/system/freertos_idf.html */ stack_start = uxTaskGetStackHighWaterMark(NULL); ESP_LOGI(TAG, "Stack Start HWM: %d bytes", stack_start); #endif -#ifdef HAVE_VERSION_EXTENDED_INFO +#if defined(HAVE_VERSION_EXTENDED_INFO) esp_ShowExtendedSystemInfo(); #endif @@ -230,38 +242,45 @@ void app_main(void) ESP_LOGI(TAG, "NO_CRYPT_TEST defined, skipping wolf_test_task"); #else /* Although wolfCrypt_Init() may be explicitly called above, - ** Note it is still always called in wolf_test_task. + ** note it is still always called in wolf_test_task. */ - int loops = 0; + stack_start = uxTaskGetStackHighWaterMark(NULL); + do { - #if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS) + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); + + ret = wolf_test_task(); + #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS) esp_hw_show_metrics(); #endif - ret = wolf_test_task(); + loops++; /* count of the number of tests run before fail. */ ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); ESP_LOGI(TAG, "loops = %d", loops); - loops++; - } - while (TEST_LOOP && (ret == 0)); + } while (TEST_LOOP && (ret == 0)); + + /* Reminder: wolfCrypt_Cleanup() should always be called at completion, + ** and is called in wolf_test_task(). */ #if defined TEST_LOOP && (TEST_LOOP == 1) ESP_LOGI(TAG, "Test loops completed: %d", loops); #endif - /* note wolfCrypt_Cleanup() should always be called when finished. - ** This is called at the end of wolf_test_task(); - */ +#if defined(SINGLE_THREADED) + /* need stack monitor for single thread */ +#else + ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL)); +#endif #if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) esp_hw_show_mp_metrics(); #endif #ifdef INCLUDE_uxTaskGetStackHighWaterMark - ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); + ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL)); - ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE - - (uxTaskGetStackHighWaterMark(NULL))); + ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE + - (uxTaskGetStackHighWaterMark(NULL))); #endif #ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE @@ -278,7 +297,7 @@ void app_main(void) "If running from idf.py monitor, press twice: Ctrl+]"); #endif - /* done */ + /* After completion, we'll just wait */ while (1) { #if defined(SINGLE_THREADED) while (1); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults index 2a5ad756d7..6f5dcdb8f1 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults @@ -1,19 +1,32 @@ -# sdkconfig.defaults for ESP8266 + ESP32 +# Set the known example app config to template example (see user_settings.h) +CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_TEST=y + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y + +# sdkconfig.defaults for ESP32. +# See separate sdkconfig.defaults.esp8266 # Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig. # See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults CONFIG_BENCH_ARGV="-lng 0" +# FreeRTOS ticks at 1ms interval +CONFIG_FREERTOS_UNICORE=y CONFIG_FREERTOS_HZ=1000 CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y # # Default main stack size. See user_settings.h # +# This is typically bigger than needed for stack size. +# Units are words, not bytes. See user_settings.h +# # For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app. # When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others -CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500 +# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app. +CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672 # Legacy stack size for older ESP-IDF versions -CONFIG_MAIN_TASK_STACK_SIZE=10500 +CONFIG_MAIN_TASK_STACK_SIZE=28672 # # Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled @@ -31,6 +44,10 @@ CONFIG_ESP_TASK_WDT_EN=n CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y CONFIG_ESP_INT_WDT=n +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + # ESP8266 WDT # CONFIG_ESP_PANIC_PRINT_REBOOT is not set CONFIG_ESP_PANIC_PRINT_REBOOT=n @@ -46,6 +63,36 @@ CONFIG_HEAP_DISABLE_IRAM=y # Performance # CONFIG_COMPILER_OPTIMIZATION_PERF=y +# Set max CPU frequency (falls back as needed for lower maximum) +CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y + +# Enable wolfSSL TLS in esp-tls +CONFIG_ESP_TLS_USING_WOLFSSL=y +CONFIG_TLS_STACK_WOLFSSL=y + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=n +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# Some wolfSSL helpers +CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n + +# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set +CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# Performance +# CONFIG_COMPILER_OPTIMIZATION_PERF=y + # Set max COU frequency (falls back as needed for lower maximum) CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 new file mode 100644 index 0000000000..77299dfe4a --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 @@ -0,0 +1,30 @@ +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y + +# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4 +CONFIG_ESP_TLS_USING_WOLFSSL=n +CONFIG_TLS_STACK_WOLFSSL=n + +# Bundles take up flash space and are disabled unless otherwise known to be needed +CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n +# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y +# CONFIG_ESP_TLS_INSECURE=y + +# Disable mbedTLS +CONFIG_ESP_TLS_USING_MBEDTLS=y +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n + +# ESP8266 Memory +CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y +CONFIG_HEAP_DISABLE_IRAM=y + +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md index f8ec01cec6..7d0988aafb 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md @@ -15,8 +15,8 @@ Open the VisualGDB Visual Studio Project file in the VisualGDB directory and cli 1. `idf.py menuconfig` to configure the program. 1-1. Example Configuration -> - TEST_ARG : argument that you want to use. Default is "-lng 0" - The list of argument can be find in help. + There are no parametric arguments. See [wolfcrypt/test](https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/test). + All features enabled in the `user_settings.h` will be tested. When you want to run the test program diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c index ba8c82a76e..4c29ecc97a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c @@ -24,15 +24,26 @@ #include "sdkconfig.h" /* wolfSSL */ -#include -#include -#include -#ifndef WOLFSSL_ESPIDF -#warning "problem with wolfSSL user settings. Check components/wolfssl/include" +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + /* Unlike other examples with wolfSSL as a local component, this */ + /* example tests wolSSL *in* the ESP-IDF. If you get an error: */ + /* wolfssl/wolfcrypt/settings.h: No such file or directory */ + /* Then wolfSSL is missing from the ESP-IDF components */ + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + #include + #include + #include +#else + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile: \ +CFLAGS +=-DWOLFSSL_USER_SETTINGS" #endif -#include - /* ** the wolfssl component can be installed in either: ** @@ -152,8 +163,8 @@ void app_main(void) /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ -#if defined(CONFIG_IDF_TARGET_ESP32C3) - /* not available for C3 at this time */ +#if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3) + /* TODO CPU_FREQ_MHZ not available for C2/C3 at this time */ #elif defined(CONFIG_IDF_TARGET_ESP32S3) ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ @@ -173,7 +184,7 @@ void app_main(void) #if defined(NO_ESP32_CRYPT) ESP_LOGI(TAG, "NO_ESP32_CRYPT defined! HW acceleration DISABLED."); #else - #if defined(CONFIG_IDF_TARGET_ESP32C3) + #if defined(CONFIG_IDF_TARGET_ESP32C2) || defined(CONFIG_IDF_TARGET_ESP32C3) #error "ESP32_CRYPT not yet supported on ESP32-C3" #elif defined(CONFIG_IDF_TARGET_ESP32S2) #error "ESP32_CRYPT not yet supported on ESP32-S2" diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c index 70a6cb816e..95977ee9c1 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c @@ -94,7 +94,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference/system/system_time */ sntp_setoperatingmode(SNTP_OPMODE_POLL); diff --git a/IDE/Espressif/ESP-IDF/test/README.md b/IDE/Espressif/ESP-IDF/test/README.md index 8a12a50fea..e499c970e0 100644 --- a/IDE/Espressif/ESP-IDF/test/README.md +++ b/IDE/Espressif/ESP-IDF/test/README.md @@ -7,4 +7,4 @@ When you want to run the app 2. `idf.py menuconfig` to configure unit test app. 3. `idf.py -T wolfssl build` to build wolfssl unit test app. -See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app. +See Espressif for more information about unit test app. diff --git a/IDE/Espressif/README.md b/IDE/Espressif/README.md index 5bb1622f3c..530c1012cb 100644 --- a/IDE/Espressif/README.md +++ b/IDE/Espressif/README.md @@ -28,18 +28,16 @@ resource. ## Requirements The wolfSSL Espressif code requires the ESP-IDF to be installed for -[Windows](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/windows-setup.html) -or [Linux / MacOS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/linux-macos-setup.html). +Windows or Linux / MacOS. -See the [Espressif Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/). +See the Espressif Getting Started Guide. -Any editor can be used. See also the [Espressif Third-Party Tools](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/resources.html) -for a list of feature-rich Integrated Development Environments. +Any editor can be used. The [wolfSSL examples](./ESP-IDF/examples/README.md) all include a `./VisualGDB` directory with SoC-specific configurations to help get started quickly. -Although not required, a [JTAG Adapter](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/jtag-debugging/index.html) -can be helpful for development. When not using a built-in JTAG from Espressif, the examples typically +Although not required, a JTAG Adapter can be helpful for development. +When not using a built-in JTAG from Espressif, the examples typically use the open source [Tigard board](https://github.com/tigard-tools/tigard#readme). ## Examples: @@ -52,7 +50,7 @@ There are a variety of examples to help get started: The wolfSSL library can be installed as a managed component: -* [Espressif Managed Component Registry](https://components.espressif.com/components/wolfssl/wolfssl) +* [Espressif Managed Component Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) ## Notes: @@ -145,7 +143,6 @@ the reset-program hardware properly, causing devices to not be programmed with t Connecting...................................... A fatal error occurred: Failed to connect to ESP32: Wrong boot mode detected (0x13)! The chip needs to be in download mode. -For troubleshooting steps visit: https://docs.espressif.com/projects/esptool/en/latest/troubleshooting.html CMake Error at run_serial_tool.cmake:56 (message): /home/gojimmypi/.espressif/python_env/idf4.4_py3.8_env/bin/python /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/components/esptool_py/esptool/esptool.py @@ -188,7 +185,7 @@ Task watchdog got triggered. Guru Meditation Error: Core 0 panic'ed (unknown). Exception was unhandled. ``` -The watchdog needs to be [fed](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-reference/system/wdts.html?highlight=watchdog#_CPPv418esp_task_wdt_resetv) on a regular basis +The watchdog needs to be fed on a regular basis with `void esp_task_wdt_reset(void)` from `esp8266/include/esp_task_wdt.h`. Try turning off the WDT in menuconfig, or for Makefiles: @@ -199,4 +196,4 @@ EXTRA_CFLAGS += -DNO_WATCHDOG #### Other Solutions -See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf) +See also Espressif `esp-faq-en-master.pdf` diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am index ab57c84ab7..eea296f2c2 100644 --- a/IDE/Espressif/include.am +++ b/IDE/Espressif/include.am @@ -22,17 +22,21 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h # Template EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c @@ -43,23 +47,27 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_ # Benchmark EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v4.4_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32C3.sln @@ -72,17 +80,18 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_ # TLS Client EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk @@ -95,6 +104,10 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-t EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj @@ -105,18 +118,15 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_cli EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include @@ -129,6 +139,14 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln @@ -139,24 +157,28 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h + +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln @@ -174,7 +196,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/tigard.cfg -# Other test +# Other test for wolfSSL installed in the ESP-IDF EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/README.md diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c index 3e4c1e56ea..987436d93a 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c @@ -21,15 +21,32 @@ #include -#define YEAR 2024 -#define MON 7 - static int tick = 0; +#define YEAR ( \ + ((__DATE__)[7] - '0') * 1000 + \ + ((__DATE__)[8] - '0') * 100 + \ + ((__DATE__)[9] - '0') * 10 + \ + ((__DATE__)[10] - '0') * 1 \ +) + +#define MONTH ( \ + __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \ + : __DATE__[2] == 'b' ? 2 \ + : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \ + : __DATE__[2] == 'y' ? 5 \ + : __DATE__[2] == 'l' ? 7 \ + : __DATE__[2] == 'g' ? 8 \ + : __DATE__[2] == 'p' ? 9 \ + : __DATE__[2] == 't' ? 10 \ + : __DATE__[2] == 'v' ? 11 \ + : 12 \ + ) + time_t time(time_t *t) { (void)t; - return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++; + return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++; } #include diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c index 276ab79a7f..e9869f7db2 100644 --- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c +++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c @@ -65,6 +65,7 @@ extern "C" { static long tick; static void timeTick(void *pdata) { + (void)pdata; tick++; } diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl index 6041dc90a1..3c77d687d9 100644 --- a/IDE/STM32Cube/default_conf.ftl +++ b/IDE/STM32Cube/default_conf.ftl @@ -539,7 +539,7 @@ extern ${variable.value} ${variable.name}; //#define USE_SLOW_SHA512 #define WOLFSSL_SHA512 - #define HAVE_SHA512 /* freeRTOS settings.h requires this */ + #define HAVE_SHA512 /* old freeRTOS settings.h requires this */ #endif /* Sha2-384 */ diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc index 956269fb67..b85f44bb9a 100644 --- a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc +++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,7,0,0 - PRODUCTVERSION 5,7,0,0 + FILEVERSION 5,7,4,0 + PRODUCTVERSION 5,7,4,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.7.0.0" + VALUE "FileVersion", "5.7.4.0" VALUE "InternalName", "wolfssl-fips" VALUE "LegalCopyright", "Copyright (C) 2023" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.7.0.0" + VALUE "ProductVersion", "5.7.4.0" END END BLOCK "VarFileInfo" diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc index aa46cb8a9b..86fe62d976 100644 --- a/IDE/WIN10/wolfssl-fips.rc +++ b/IDE/WIN10/wolfssl-fips.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,7,2,0 - PRODUCTVERSION 5,7,2,0 + FILEVERSION 5,7,4,0 + PRODUCTVERSION 5,7,4,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.7.2.0" + VALUE "FileVersion", "5.7.4.0" VALUE "InternalName", "wolfssl-fips" VALUE "LegalCopyright", "Copyright (C) 2024" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.7.2.0" + VALUE "ProductVersion", "5.7.4.0" END END BLOCK "VarFileInfo" diff --git a/IDE/iotsafe/user_settings.h b/IDE/iotsafe/user_settings.h index 368a76ed43..a03361a008 100644 --- a/IDE/iotsafe/user_settings.h +++ b/IDE/iotsafe/user_settings.h @@ -150,8 +150,10 @@ static inline long XTIME(long *x) { return jiffies;} #define WOLFSSL_AES_DIRECT /* Hashing */ -#define HAVE_SHA384 -#define HAVE_SHA512 +#define WOLFSSL_SHA384 +#define HAVE_SHA384 /* old freeRTOS settings.h requires this */ +#define WOLFSSL_SHA512 +#define HAVE_SHA512 /* old freeRTOS settings.h requires this */ #define HAVE_HKDF /* TLS */ diff --git a/Makefile.am b/Makefile.am index 1d4f26c6b4..d8e4b6ddf3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -141,6 +141,7 @@ ACLOCAL_AMFLAGS= -I m4 EXTRA_DIST+= .cyignore EXTRA_DIST+= wolfssl.vcproj EXTRA_DIST+= wolfssl.vcxproj +EXTRA_DIST+= wolfssl-VS2022.vcxproj EXTRA_DIST+= wolfssl64.sln EXTRA_DIST+= valgrind-error.sh EXTRA_DIST+= valgrind-bash.supp diff --git a/README b/README index 261eb200d6..2b462bc517 100644 --- a/README +++ b/README @@ -70,112 +70,197 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.7.2 (July 08, 2024) +# wolfSSL Release 5.7.4 (Oct 24, 2024) -Release 5.7.2 has been developed according to wolfSSL's development and QA +Release 5.7.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 -## Vulnerabilities -* [Medium] CVE-2024-1544 -Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24. -Fixed https://github.com/wolfSSL/wolfssl/pull/7020 - - -* [Medium] CVE-2024-5288 -A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute) -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416 - - -* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597 +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. -* [Low] CVE-2024-5991 -In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604 -* [Medium] CVE-2024-5814 -A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619 - -* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 - -* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 +## Vulnerabilities +* [Low] When the OpenSSL compatibility layer is enabled, certificate + verification behaved differently in wolfSSL than OpenSSL, in the + X509_STORE_add_cert() and X509_STORE_load_locations() implementations. + Previously, in cases where an application explicitly loaded an intermediate + certificate, wolfSSL was verifying only up to that intermediate certificate, + rather than verifying up to the root CA. This only affects use cases where the + API is called directly, and does not affect TLS connections. Users that call + the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their + applications are recommended to update the version of wolfSSL used or to have + additional sanity checks on certificates loaded into the X509_STORE when + verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) + + +## PQC TLS Experimental Build Fix +* When using TLS with post quantum algorithms enabled, the connection uses a + smaller EC curve than agreed on. Users building with --enable-experimental and + enabling PQC cipher suites with TLS connections are recommended to update the + version of wolfSSL used. Thanks to Daniel Correa for the report. + (https://github.com/wolfSSL/wolfssl/pull/8084) ## New Feature Additions -* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622) -* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569) -* Added CUDA support for AES encryption (PR 7436) -* Added support for gRPC (PR 7445) -* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608) -* Added crypto callback for SHA-3 (PR 7670) -* Support for Infineon Modus Toolbox with wolfSSL (PR 7369) -* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590) -* C# wrapper SNI support added (PR 7610) -* Quantum-safe algorithm support added to the Linux kernel module (PR 7574) -* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) -* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) -* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) +* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, + Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) +* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) +* Add support for (DevkitPro)libnds (PR 7990) +* Add port for Mosquitto OSP (Open Source Project) (PR 6460) +* Add port for init sssd (PR 7781) +* Add port for eXosip2 (PR 7648) +* Add support for STM32G4 (PR 7997) +* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback + Support (PR 7777) +* Add support for building wolfSSL to be used in libspdm (PR 7869) +* Add port for use with Nucleus Plus 2.3 (PR 7732) +* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with + --enable-acert (PR 7926) +* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS + (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). + (PR 7750) +* Added “new” and “delete” style functions for heap/pool allocation and freeing + of low level crypto structures (PR 3166 and 8089) ## Enhancements and Optimizations -* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578) -* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393) -* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379) -* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667) -* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612) -* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594) -* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380) -* Improvements for Renesas RZ support (PR 7474) -* Improvements to dual algorithm certificates for post-quantum keys (PR 7286) -* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430) -* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446) -* Changed subject name comparison to match different upper and lower cases (PR 7420) -* Support for DTLS 1.3 downgrade when using PSK (PR 7367) -* Update to static memory build for more generic memory pools used (PR 7418) -* Improved performance of Kyber C implementation (PR 7654) -* Support for ECC_CACHE_CURVE with no malloc (PR 7490) -* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634) -* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362) -* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319) -* Cortex-M inline assembly labels with unique number appended (PR 7649) -* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372) -* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386) -* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315) -* Added stubs required for latest nginx (1.25.5) (PR 7449) -* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552) -* Added PQ files for Windows (PR 7419) -* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597) -* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557) -* Exposed DTLS in Ada wrapper and updated examples (PR 7397) -* Added additional minimum TLS extension size sanity checks (PR 7602) -* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535) -* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599) -* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295) -* XCODE support for v5.2.3 of the FIPS module (PR 7140) -* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) +* Increase default max alt. names from 128 to 1024 (PR 7762) +* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) +* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) +* Add option to disable cryptocb test software test using + --disable-cryptocb-sw-test (PR 7862) +* Add a call to certificate verify callback before checking certificate dates + (PR 7895) +* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding + support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and + Hashing (PR 3166) +* Expand MMCAU support for use with DES ECB (PR 7960) +* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) +* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) +* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) +* Added support for wolfSSL to be used as the default TLS in the zephyr kernel + (PR 7731) +* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) +* Renesas RX TSIP ECDSA support (PR 7685) +* Support DTLS1.3 downgrade when the server supports CID (PR 7841) +* Server-side checks OCSP even if it uses v2 multi (PR 7828) +* Add handling of absent hash params in PKCS7 bundle parsing and creation + (PR 7845) +* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in + environments that do not have a word64 type (PR 7759) +* Update to the maxq10xx support (PR 7824) +* Add support for parsing over optional PKCS8 attributes (PR 7944) +* Add support for either side method with DTLS 1.3 (PR 8012) +* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) +* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) +* Add left-most wildcard matching support to X509_check_host() (PR 7966) +* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) +* Building wolfSSL as a library with Ada and corrections to Alire manifest + (PR 7303,7940) +* Renesas RX72N support updated (PR 7849) +* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object + (PR 8005) +* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each + SSL object (PR 7867) +* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. + Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) +* Memory usage improvements in wc_PRF, sha256 (for small code when many + registers are available) and sp_int objects (PR 7901) +* Change in the configure script to work around ">>" with no command. In older + /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) +* Don't attempt to include system headers when not required (PR 7813) +* Certificates: DER encoding of ECC signature algorithm parameter is now + allowed to be NULL with a define (PR 7903) +* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) +* Update rx64n support on gr-rose (PR 7889) +* Update FSP version to v5.4.0 for RA6M4 (PR 7994) +* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) +* Add a new crypto callback for RSA with padding (PR 7907) +* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA + (PR 7924) +* Modernized memory fence support for C11 and clang (PR 7938) +* Add a CRL error override callback (PR 7986) +* Extend the X509 unknown extension callback for use with a user context + (PR 7730) +* Additional debug error tracing added with TLS (PR 7917) +* Added runtime support for library call stack traces with + –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) +* Expanded C89 conformance (PR 8077) +* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) +* Added support for cross-compilation of Linux kernel module (PR 7746) +* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) +* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a + serial number of 0 (PR 7893) +* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) + +### Espressif / Arduino Updates +* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) +* Update Espressif sha, util, mem, time helpers (PR 7955) +* Espressif _thread_local_start and _thread_local_end fix (PR 8030) +* Improve benchmark for Espressif devices (PR 8037) +* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) +* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF + (PR 7936) +* Update wolfssl Release for Arduino (PR 7775) + +### Post Quantum Crypto Updates +* Dilithium: support fixed size arrays in dilithium_key (PR 7727) +* Dilithium: add option to use precalc with small sign (PR 7744) +* Allow Kyber to be built with FIPS (PR 7788) +* Allow Kyber asm to be used in the Linux kernel module (PR 7872) +* Dilithium, Kyber: Update to final specification (PR 7877) +* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) + +### ARM Assembly Optimizations +* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) +* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) +* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) +* Adding ARM ASM build option to STM32CubePack (PR 7747) +* Add ARM64 to Visual Studio Project (PR 8010) +* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) +* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) + ## Fixes -* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report -* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) -* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) -* Fixed use of %rip with SHA-256 x64 assembly (PR 7409) -* Fixed OCSP response message build for DTLS (PR 7671) -* Handled edge case in wc_ecc_mulmod() with zero (PR 7532) -* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375) -* Added sanity check on record header with QUIC use (PR 7638) -* Added sanity check for empty directory strings in X.509 when parsing (PR 7669) -* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625) -* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693) -* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577) -* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388) -* Added sanity check that the ed25519 signature is smaller than the order (PR 7513) -* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581) +* ECC key load: fixes for certificates with parameters that are not default for + size (PR 7751) +* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) +* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret + (PR 7812) +* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) +* Fix for detecting older versions of Mac OS when trying to link with + libdispatch (PR 7932) +* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake + packets combined into a single transmission. (PR 7840) +* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest + (PR 7779) +* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) +* Fix for staticmemory and singlethreaded build (PR 7737) +* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) +* Fix to support PKCS11 without RSA key generation (PR 7738) +* Fix not calling the signing callback when using PK callbacks + TLS 1.3 + (PR 7761) +* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) +* Fix with PKCS11 to iterate correctly over slotId (PR 7736) +* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) +* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value + (PR 7742) +* Use max key length for PSK encrypt buffer size (PR 7707) +* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) +* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) +* Fix CMake build error for curl builds (PR 8021) +* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) +* SSL loading of keys/certs: testing and fixes (PR 7789) +* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) +* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) +* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) +* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) +* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member + (PR 8099) diff --git a/README.md b/README.md index 28aac26695..11f82fb357 100644 --- a/README.md +++ b/README.md @@ -75,112 +75,197 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.7.2 (July 08, 2024) +# wolfSSL Release 5.7.4 (Oct 24, 2024) -Release 5.7.2 has been developed according to wolfSSL's development and QA +Release 5.7.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 -## Vulnerabilities -* [Medium] CVE-2024-1544 -Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24. -Fixed https://github.com/wolfSSL/wolfssl/pull/7020 - - -* [Medium] CVE-2024-5288 -A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute) -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416 - - -* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597 +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. -* [Low] CVE-2024-5991 -In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604 -* [Medium] CVE-2024-5814 -A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619 - -* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 - -* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 +## Vulnerabilities +* [Low] When the OpenSSL compatibility layer is enabled, certificate + verification behaved differently in wolfSSL than OpenSSL, in the + X509_STORE_add_cert() and X509_STORE_load_locations() implementations. + Previously, in cases where an application explicitly loaded an intermediate + certificate, wolfSSL was verifying only up to that intermediate certificate, + rather than verifying up to the root CA. This only affects use cases where the + API is called directly, and does not affect TLS connections. Users that call + the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their + applications are recommended to update the version of wolfSSL used or to have + additional sanity checks on certificates loaded into the X509_STORE when + verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) + + +## PQC TLS Experimental Build Fix +* When using TLS with post quantum algorithms enabled, the connection uses a + smaller EC curve than agreed on. Users building with --enable-experimental and + enabling PQC cipher suites with TLS connections are recommended to update the + version of wolfSSL used. Thanks to Daniel Correa for the report. + (https://github.com/wolfSSL/wolfssl/pull/8084) ## New Feature Additions -* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622) -* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569) -* Added CUDA support for AES encryption (PR 7436) -* Added support for gRPC (PR 7445) -* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608) -* Added crypto callback for SHA-3 (PR 7670) -* Support for Infineon Modus Toolbox with wolfSSL (PR 7369) -* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590) -* C# wrapper SNI support added (PR 7610) -* Quantum-safe algorithm support added to the Linux kernel module (PR 7574) -* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) -* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) -* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) +* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, + Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) +* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) +* Add support for (DevkitPro)libnds (PR 7990) +* Add port for Mosquitto OSP (Open Source Project) (PR 6460) +* Add port for init sssd (PR 7781) +* Add port for eXosip2 (PR 7648) +* Add support for STM32G4 (PR 7997) +* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback + Support (PR 7777) +* Add support for building wolfSSL to be used in libspdm (PR 7869) +* Add port for use with Nucleus Plus 2.3 (PR 7732) +* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with + --enable-acert (PR 7926) +* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS + (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). + (PR 7750) +* Added “new” and “delete” style functions for heap/pool allocation and freeing + of low level crypto structures (PR 3166 and 8089) ## Enhancements and Optimizations -* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578) -* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393) -* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379) -* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667) -* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612) -* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594) -* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380) -* Improvements for Renesas RZ support (PR 7474) -* Improvements to dual algorithm certificates for post-quantum keys (PR 7286) -* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430) -* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446) -* Changed subject name comparison to match different upper and lower cases (PR 7420) -* Support for DTLS 1.3 downgrade when using PSK (PR 7367) -* Update to static memory build for more generic memory pools used (PR 7418) -* Improved performance of Kyber C implementation (PR 7654) -* Support for ECC_CACHE_CURVE with no malloc (PR 7490) -* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634) -* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362) -* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319) -* Cortex-M inline assembly labels with unique number appended (PR 7649) -* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372) -* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386) -* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315) -* Added stubs required for latest nginx (1.25.5) (PR 7449) -* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552) -* Added PQ files for Windows (PR 7419) -* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597) -* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557) -* Exposed DTLS in Ada wrapper and updated examples (PR 7397) -* Added additional minimum TLS extension size sanity checks (PR 7602) -* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535) -* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599) -* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295) -* XCODE support for v5.2.3 of the FIPS module (PR 7140) -* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) +* Increase default max alt. names from 128 to 1024 (PR 7762) +* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) +* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) +* Add option to disable cryptocb test software test using + --disable-cryptocb-sw-test (PR 7862) +* Add a call to certificate verify callback before checking certificate dates + (PR 7895) +* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding + support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and + Hashing (PR 3166) +* Expand MMCAU support for use with DES ECB (PR 7960) +* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) +* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) +* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) +* Added support for wolfSSL to be used as the default TLS in the zephyr kernel + (PR 7731) +* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) +* Renesas RX TSIP ECDSA support (PR 7685) +* Support DTLS1.3 downgrade when the server supports CID (PR 7841) +* Server-side checks OCSP even if it uses v2 multi (PR 7828) +* Add handling of absent hash params in PKCS7 bundle parsing and creation + (PR 7845) +* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in + environments that do not have a word64 type (PR 7759) +* Update to the maxq10xx support (PR 7824) +* Add support for parsing over optional PKCS8 attributes (PR 7944) +* Add support for either side method with DTLS 1.3 (PR 8012) +* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) +* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) +* Add left-most wildcard matching support to X509_check_host() (PR 7966) +* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) +* Building wolfSSL as a library with Ada and corrections to Alire manifest + (PR 7303,7940) +* Renesas RX72N support updated (PR 7849) +* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object + (PR 8005) +* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each + SSL object (PR 7867) +* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. + Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) +* Memory usage improvements in wc_PRF, sha256 (for small code when many + registers are available) and sp_int objects (PR 7901) +* Change in the configure script to work around ">>" with no command. In older + /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) +* Don't attempt to include system headers when not required (PR 7813) +* Certificates: DER encoding of ECC signature algorithm parameter is now + allowed to be NULL with a define (PR 7903) +* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) +* Update rx64n support on gr-rose (PR 7889) +* Update FSP version to v5.4.0 for RA6M4 (PR 7994) +* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) +* Add a new crypto callback for RSA with padding (PR 7907) +* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA + (PR 7924) +* Modernized memory fence support for C11 and clang (PR 7938) +* Add a CRL error override callback (PR 7986) +* Extend the X509 unknown extension callback for use with a user context + (PR 7730) +* Additional debug error tracing added with TLS (PR 7917) +* Added runtime support for library call stack traces with + –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) +* Expanded C89 conformance (PR 8077) +* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) +* Added support for cross-compilation of Linux kernel module (PR 7746) +* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) +* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a + serial number of 0 (PR 7893) +* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) + +### Espressif / Arduino Updates +* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) +* Update Espressif sha, util, mem, time helpers (PR 7955) +* Espressif _thread_local_start and _thread_local_end fix (PR 8030) +* Improve benchmark for Espressif devices (PR 8037) +* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) +* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF + (PR 7936) +* Update wolfssl Release for Arduino (PR 7775) + +### Post Quantum Crypto Updates +* Dilithium: support fixed size arrays in dilithium_key (PR 7727) +* Dilithium: add option to use precalc with small sign (PR 7744) +* Allow Kyber to be built with FIPS (PR 7788) +* Allow Kyber asm to be used in the Linux kernel module (PR 7872) +* Dilithium, Kyber: Update to final specification (PR 7877) +* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) + +### ARM Assembly Optimizations +* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) +* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) +* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) +* Adding ARM ASM build option to STM32CubePack (PR 7747) +* Add ARM64 to Visual Studio Project (PR 8010) +* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) +* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) + ## Fixes -* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report -* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) -* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) -* Fixed use of %rip with SHA-256 x64 assembly (PR 7409) -* Fixed OCSP response message build for DTLS (PR 7671) -* Handled edge case in wc_ecc_mulmod() with zero (PR 7532) -* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375) -* Added sanity check on record header with QUIC use (PR 7638) -* Added sanity check for empty directory strings in X.509 when parsing (PR 7669) -* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625) -* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693) -* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577) -* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388) -* Added sanity check that the ed25519 signature is smaller than the order (PR 7513) -* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581) +* ECC key load: fixes for certificates with parameters that are not default for + size (PR 7751) +* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) +* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret + (PR 7812) +* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) +* Fix for detecting older versions of Mac OS when trying to link with + libdispatch (PR 7932) +* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake + packets combined into a single transmission. (PR 7840) +* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest + (PR 7779) +* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) +* Fix for staticmemory and singlethreaded build (PR 7737) +* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) +* Fix to support PKCS11 without RSA key generation (PR 7738) +* Fix not calling the signing callback when using PK callbacks + TLS 1.3 + (PR 7761) +* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) +* Fix with PKCS11 to iterate correctly over slotId (PR 7736) +* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) +* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value + (PR 7742) +* Use max key length for PSK encrypt buffer size (PR 7707) +* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) +* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) +* Fix CMake build error for curl builds (PR 8021) +* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) +* SSL loading of keys/certs: testing and fixes (PR 7789) +* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) +* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) +* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) +* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) +* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member + (PR 8099) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST index 03f5cf6a8a..f99b7ce1a8 100644 --- a/SCRIPTS-LIST +++ b/SCRIPTS-LIST @@ -35,6 +35,7 @@ scripts/ google.test - example client test against google, part of tests resume.test - example sessoin resume test, part of tests ocsp-stapling.test - example client test against globalsign, part of tests + ocsp-stapling1_tls13multi.text - example client test against example server, part of tests ocsp-stapling2.test - example client test against example server, part of tests sniffer-testsuite.test - runs snifftest on a pcap of testsuite, part of tests in sniffer mode diff --git a/configure.ac b/configure.ac index f9122fb6e2..67298c4cd1 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ # AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.]) AC_PREREQ([2.69]) -AC_INIT([wolfssl],[5.7.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) +AC_INIT([wolfssl],[5.7.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) # The following sets CFLAGS to empty if unset on command line. We do not @@ -51,7 +51,7 @@ WOLFSSL_LIBRARY_VERSION_FIRST=42 # increment if interfaces have been added # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented -WOLFSSL_LIBRARY_VERSION_SECOND=2 +WOLFSSL_LIBRARY_VERSION_SECOND=3 # increment if source code has changed # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or @@ -573,16 +573,15 @@ then AM_CFLAGS="$AM_CFLAGS -ffile-prefix-map=\$(abs_top_srcdir)/= -ffile-prefix-map=\$(top_srcdir)/=" fi - # opportunistically use linker option --build-id=none - - if "$CC" -Wl,--build-id=none -x c - -o /dev/null >/dev/null 2>&1 <<' EOF' + # opportunistically force linker option --build-id=sha1 (usually the default) + if "$CC" -Wl,--build-id=sha1 -x c - -o /dev/null >/dev/null 2>&1 <<' EOF' #include int main(int argc, char **argv) { (void)argc; (void)argv; return 0; } EOF then - AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=none" + AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=sha1" fi fi @@ -1156,7 +1155,8 @@ then test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes - test "$enable_brainpool" = "" && enable_brainpool=yes + test "$enable_ecccustcurves" != "no" && test "$enable_brainpool" = "" && enable_brainpool=yes + test "$enable_ecccustcurves" != "no" && AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH -DHAVE_ECC_KOBLITZ -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3" fi test "$enable_srp" = "" && enable_srp=yes fi @@ -1195,6 +1195,7 @@ then if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then test "$enable_des3" = "" && enable_des3=yes + test "$enable_des3" != "no" && AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB" fi AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES" @@ -1545,6 +1546,12 @@ do small) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS_SMALL" ;; + no-sha256-256) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_LMS_SHA256_256" + ;; + sha256-192) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_SHA256_192" + ;; *) AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.]) break;; @@ -3024,7 +3031,8 @@ then ;; armv7m*) # QEMU doesn't work with armv7-m - AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2" + AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7" # Include options.h AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN" ENABLED_ARMASM_CRYPTO=no @@ -5217,6 +5225,12 @@ AC_ARG_ENABLE([aeskeywrap], ) # FIPS feature and macro setup + +AS_IF([test "$FIPS_VERSION" = "dev"], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"]) +AS_IF([test "$FIPS_VERSION" = "ready"], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"]) + AS_CASE([$FIPS_VERSION], [v6|ready|dev],[ # FIPS 140-3 SRTP-KDF AM_CFLAGS="$AM_CFLAGS \ @@ -5995,10 +6009,27 @@ fi # Certificate Status Request : a.k.a. OCSP Stapling AC_ARG_ENABLE([ocspstapling], - [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])], + [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling ((options: yes, no-multi, no, disabled default: disabled)])], [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) +AS_CASE([$ENABLED_CERTIFICATE_STATUS_REQUEST], + [no],[ + ENABLED_CERTIFICATE_STATUS_REQUEST="no" + ENABLED_TLS_OCSP_MULTI="no" + ], + [disabled],[ + ENABLED_CERTIFICATE_STATUS_REQUEST="no" + ENABLED_TLS_OCSP_MULTI="no" + ], + [yes],[ + ENABLED_CERTIFICATE_STATUS_REQUEST="yes" + ENABLED_TLS_OCSP_MULTI="yes" + ], + [no-multi],[ + ENABLED_CERTIFICATE_STATUS_REQUEST="yes" + ENABLED_TLS_OCSP_MULTI="no" + ]) if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || \ test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || \ @@ -8359,7 +8390,8 @@ if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then ;; *cortex* | *armv7m*) if test "$ENABLED_ARMASM" = "no"; then - AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -DWOLFSSL_ARM_ARCH=7" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2" + AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -DWOLFSSL_ARM_ARCH=7" fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM" AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM" @@ -9580,7 +9612,17 @@ if test "$ENABLED_DH" != "no" && test "$ENABLED_DH" != "const"; then LT_LIB_M fi - +# mulitple OCSP stapling for TLS 1.3 Certificate extension +if test "$ENABLED_CERTIFICATE_STATUS_REQUEST" = "yes" +then + if test "$ENABLED_TLS13" = "yes" + then + if test "$ENABLED_TLS_OCSP_MULTI" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_OCSP_MULTI" + fi + fi +fi ################################################################################ # USER SETTINGS @@ -9835,6 +9877,7 @@ AM_CONDITIONAL([BUILD_SM4],[test "x$ENABLED_SM4" != "xno" || test "x$ENABLED_USE AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"]) AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"]) +AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" && test "x$ENABLED_TLS13" = "xyes" && test "x$ENABLED_TLS_OCSP_MULTI" = "xyes"]) AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"]) AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"]) diff --git a/doc/dox_comments/header_files/ed25519.h b/doc/dox_comments/header_files/ed25519.h index 41705ce33a..9ab61de62c 100644 --- a/doc/dox_comments/header_files/ed25519.h +++ b/doc/dox_comments/header_files/ed25519.h @@ -188,8 +188,7 @@ int wc_ed25519ctx_sign_msg(const byte* in, word32 inlen, byte* out, \brief This function signs a message digest using an ed25519_key object to guarantee authenticity. The context is included as part of the data - signed. The message is pre-hashed before signature calculation. The hash - algorithm used to create message digest must be SHAKE-256. + signed. The message is pre-hashed before signature calculation. \return 0 Returned upon successfully generating a signature for the message digest. diff --git a/doc/dox_comments/header_files/ed448.h b/doc/dox_comments/header_files/ed448.h index a3ea82088a..2f186b56b1 100644 --- a/doc/dox_comments/header_files/ed448.h +++ b/doc/dox_comments/header_files/ed448.h @@ -133,7 +133,6 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out, \brief This function signs a message digest using an ed448_key object to guarantee authenticity. The context is included as part of the data signed. The hash is the pre-hashed message before signature calculation. - The hash algorithm used to create message digest must be SHAKE-256. \return 0 Returned upon successfully generating a signature for the message digest. @@ -162,7 +161,7 @@ int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out, byte sig[114]; // will hold generated signature sigSz = sizeof(sig); - byte hash[] = { initialize with SHAKE-256 hash of message }; + byte hash[] = { initialize hash of message }; byte context[] = { initialize with context of signing }; wc_InitRng(&rng); // initialize rng @@ -297,7 +296,6 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg, \brief This function verifies the Ed448 signature of the digest of a message to ensure authenticity. The context is included as part of the data verified. The hash is the pre-hashed message before signature calculation. - The hash algorithm used to create message digest must be SHAKE-256. The answer is returned through res, with 1 corresponding to a valid signature, and 0 corresponding to an invalid signature. @@ -325,7 +323,7 @@ int wc_ed448_verify_msg(const byte* sig, word32 siglen, const byte* msg, int ret, verified = 0; byte sig[] { initialize with received signature }; - byte hash[] = { initialize with SHAKE-256 hash of message }; + byte hash[] = { initialize hash of message }; byte context[] = { initialize with context of signature }; // initialize key with received public key ret = wc_ed448ph_verify_hash(sig, sizeof(sig), hash, sizeof(hash), diff --git a/examples/client/client.c b/examples/client/client.c index 89c0f975bc..f50f67fbb4 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1124,7 +1124,7 @@ static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz, /* 4. add the same message into Japanese section */ /* (will be translated later) */ /* 5. add printf() into suitable position of Usage() */ -static const char* client_usage_msg[][78] = { +static const char* client_usage_msg[][77] = { /* English */ { " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ @@ -1242,28 +1242,32 @@ static const char* client_usage_msg[][78] = { || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) "-W Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */ " With 'm' at end indicates MUST staple\n", /* 42 */ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI) + " -W 1 -v 4, Perform multi OCSP stapling for TLS13\n", + /* 43 */ +#endif #endif #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) - "-U Atomic User Record Layer Callbacks\n", /* 43 */ + "-U Atomic User Record Layer Callbacks\n", /* 44 */ #endif #ifdef HAVE_PK_CALLBACKS - "-P Public Key Callbacks\n", /* 44 */ + "-P Public Key Callbacks\n", /* 45 */ #endif #ifdef HAVE_ANON - "-a Anonymous client\n", /* 45 */ + "-a Anonymous client\n", /* 46 */ #endif #ifdef HAVE_CRL - "-C Disable CRL\n", /* 46 */ + "-C Disable CRL\n", /* 47 */ #endif #ifdef WOLFSSL_TRUST_PEER_CERT - "-E Path to load trusted peer cert\n", /* 47 */ + "-E Path to load trusted peer cert\n", /* 48 */ #endif #ifdef HAVE_WNR - "-q Whitewood config file, defaults\n", /* 48 */ + "-q Whitewood config file, defaults\n", /* 49 */ #endif "-H Internal tests" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */ - " loadSSL, disallowETM]\n", /* 50 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ #ifdef WOLFSSL_TLS13 "-J Use HelloRetryRequest to choose group for KE\n", /* 51 */ "-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */ @@ -1299,55 +1303,55 @@ static const char* client_usage_msg[][78] = { #ifdef HAVE_TRUSTED_CA "-5 Use Trusted CA Key Indication\n", /* 63 */ #endif - "-6 Simulate WANT_WRITE errors on every other IO send\n", + "-6 Simulate WANT_WRITE errors on every other IO send\n", /* 64 */ #ifdef HAVE_CURVE448 - "-8 Use X448 for key exchange\n", /* 66 */ + "-8 Use X448 for key exchange\n", /* 65 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) "-9 Use hash dir look up for certificate loading\n" - " loading from /certs folder\n" - " files in the folder would have the form \"hash.N\" file name\n" - " e.g symbolic link to the file at certs folder\n" - " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", - /* 67 */ + " loading from /certs folder\n" + " files in the folder would have the form \"hash.N\" file name\n" + " e.g symbolic link to the file at certs folder\n" + " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", + /* 66 */ #endif #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ !defined(WOLFSENTRY_NO_JSON) "--wolfsentry-config Path for JSON wolfSentry config\n", - /* 68 */ + /* 67 */ #endif #ifndef WOLFSSL_TLS13 "-7 Set minimum downgrade protocol version [0-3] " " SSLv3(0) - TLS1.2(3)\n", #else "-7 Set minimum downgrade protocol version [0-4] " - " SSLv3(0) - TLS1.3(4)\n", /* 69 */ + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ #endif #ifdef HAVE_PQC "--pqc Key Share with specified post-quantum algorithm only [KYBER_LEVEL1, KYBER_LEVEL3,\n" - " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */ + " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ #endif #ifdef WOLFSSL_SRTP - "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 71 */ + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */ #endif #ifdef WOLFSSL_SYS_CA_CERTS - "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */ + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ #endif #ifdef HAVE_SUPPORTED_CURVES - "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ #endif #ifndef NO_PSK - "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */ + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ #endif #ifdef HAVE_RPK - "--rpk Use RPK for the defined certificates\n", /* 75 */ + "--rpk Use RPK for the defined certificates\n", /* 74 */ #endif - "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */ + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ "\n" "For simpler wolfSSL TLS client examples, visit\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */ NULL, }, #ifndef NO_MULTIBYTE_PRINT @@ -1469,30 +1473,34 @@ static const char* client_usage_msg[][78] = { || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) "-W OCSP Staplingを使用する" " (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */ - " 'm' を最後に指定すると必ず staple を使用する\n" /* 42 */ + " 'm' を最後に指定すると必ず staple を使用する\n" /* 42 */ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI) + " -W 1 -v 4, " + "TLS13 使用時に複数(Multi)の OCSP を実施します\n" /* 43 */ +#endif #endif #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) "-U アトミック・ユーザー記録の" - "コールバックを利用する\n", /* 43 */ + "コールバックを利用する\n", /* 44 */ #endif #ifdef HAVE_PK_CALLBACKS - "-P 公開鍵コールバック\n", /* 44 */ + "-P 公開鍵コールバック\n", /* 45 */ #endif #ifdef HAVE_ANON - "-a 匿名クライアント\n", /* 45 */ + "-a 匿名クライアント\n", /* 46 */ #endif #ifdef HAVE_CRL - "-C CRLを無効\n", /* 46 */ + "-C CRLを無効\n", /* 47 */ #endif #ifdef WOLFSSL_TRUST_PEER_CERT - "-E 信頼出来るピアの証明書ロードの為のパス\n", /* 47 */ + "-E 信頼出来るピアの証明書ロードの為のパス\n", /* 48 */ #endif #ifdef HAVE_WNR - "-q Whitewood コンフィグファイル, 既定値\n", /* 48 */ + "-q Whitewood コンフィグファイル, 既定値\n", /* 49 */ #endif "-H 内部テスト" - " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 49 */ - " loadSSL, disallowETM]\n", /* 50 */ + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ #ifdef WOLFSSL_TLS13 "-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 51 */ "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 52 */ @@ -1529,9 +1537,9 @@ static const char* client_usage_msg[][78] = { #ifdef HAVE_TRUSTED_CA "-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */ #endif - "-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", + "-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", /* 64 */ #ifdef HAVE_CURVE448 - "-8 鍵交換に X448 を使用する\n", /* 66 */ + "-8 鍵交換に X448 を使用する\n", /* 65 */ #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ @@ -1541,44 +1549,44 @@ static const char* client_usage_msg[][78] = { " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n" " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n" " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", - /* 67 */ + /* 66 */ #endif #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ !defined(WOLFSENTRY_NO_JSON) "--wolfsentry-config wolfSentry コンフィグファイル\n", - /* 68 */ + /* 67 */ #endif #ifndef WOLFSSL_TLS13 "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] " " SSLv3(0) - TLS1.2(3)\n", #else "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] " - " SSLv3(0) - TLS1.3(4)\n", /* 69 */ + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ #endif #ifdef HAVE_PQC "--pqc post-quantum 名前付きグループとの鍵共有のみ [KYBER_LEVEL1, KYBER_LEVEL3,\n" - " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 70 */ + " KYBER_LEVEL5, P256_KYBER_LEVEL1, P384_KYBER_LEVEL3, P521_KYBER_LEVEL5]\n", /* 69 */ #endif #ifdef WOLFSSL_SRTP - "--srtp (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 71 */ + "--srtp (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */ #endif #ifdef WOLFSSL_SYS_CA_CERTS - "--sys-ca-certs Load system CA certs for server cert verification\n", /* 72 */ + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ #endif #ifdef HAVE_SUPPORTED_CURVES - "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 73 */ + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ #endif #ifndef NO_PSK - "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 74 */ + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ #endif #ifdef HAVE_RPK - "--rpk Use RPK for the defined certificates\n", /* 75 */ + "--rpk Use RPK for the defined certificates\n", /* 74 */ #endif - "--files-are-der Specified files are in DER, not PEM format\n", /* 76 */ + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ "\n" "より簡単なwolfSSL TLS クライアントの例については" "下記にアクセスしてください\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 76 */ NULL, }, #endif diff --git a/examples/configs/user_settings_platformio.h b/examples/configs/user_settings_platformio.h index 25babd2113..020a81b468 100644 --- a/examples/configs/user_settings_platformio.h +++ b/examples/configs/user_settings_platformio.h @@ -513,8 +513,7 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES diff --git a/examples/configs/user_settings_stm32.h b/examples/configs/user_settings_stm32.h index b0182ae447..eb7822f27d 100644 --- a/examples/configs/user_settings_stm32.h +++ b/examples/configs/user_settings_stm32.h @@ -602,7 +602,7 @@ extern "C" { //#define USE_SLOW_SHA512 #define WOLFSSL_SHA512 - #define HAVE_SHA512 /* freeRTOS settings.h requires this */ + #define HAVE_SHA512 /* old freeRTOS settings.h requires this */ #endif /* Sha2-384 */ diff --git a/mcapi/crypto.h b/mcapi/crypto.h index dd95c1ca93..f11184916a 100644 --- a/mcapi/crypto.h +++ b/mcapi/crypto.h @@ -173,9 +173,9 @@ enum { typedef struct CRYPT_AES_CTX { /* big enough to hold internal, but check on init */ #ifdef WOLF_PRIVATE_KEY_ID - int holder[110]; + int holder[114]; #else - int holder[92]; + int holder[96]; #endif } CRYPT_AES_CTX; diff --git a/scripts/include.am b/scripts/include.am index f4f925a080..c42fce2a7e 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -27,6 +27,9 @@ endif if BUILD_OCSP_STAPLING dist_noinst_SCRIPTS+= scripts/ocsp-stapling.test +if BUILD_OCSP_STAPLING_MULTI +dist_noinst_SCRIPTS+= scripts/ocsp-stapling_tls13multi.test +endif if !BUILD_OCSP_STAPLING_V2 testsuite/testsuite.log: scripts/ocsp-stapling.log scripts/ocsp-stapling-with-ca-as-responder.log endif @@ -34,6 +37,9 @@ scripts/ocsp-stapling.log: scripts/ocsp.log dist_noinst_SCRIPTS+= scripts/ocsp-stapling-with-ca-as-responder.test scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp.log scripts/ocsp-stapling-with-ca-as-responder.log: scripts/ocsp-stapling.log +if BUILD_OCSP_STAPLING_MULTI +scripts/ocsp-stapling_tls13multi.log: scripts/ocsp-stapling-with-ca-as-responder.log +endif endif if BUILD_OCSP_STAPLING_V2 diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 731334c3da..8065ac2c63 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -27,6 +27,20 @@ if ./examples/client/client '-#' | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then exit 77 fi +if ./examples/client/client -V | grep -q 4; then + tls13=yes +fi +if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then + dtls13=yes +fi +./examples/client/client '-?' 2>&1 | grep -- 'Perform multi OCSP stapling for TLS13' +if [ $? -eq 0 ]; then + tls13multi=yes +else + tls13multi=no +fi + + if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then IPV6_SUPPORTED=yes else @@ -346,7 +360,7 @@ RESULT=$? printf '%s\n\n' "Test successfully REVOKED!" -if ./examples/client/client -V | grep -q 4; then + if [[ ("$tls13" == "yes") && ("$tls13multi" == "no") ]]; then printf '%s\n\n' "------------- TEST CASE 3 SHOULD PASS --------------------" # client test against our own server - GOOD CERT remove_single_rF "$ready_file2" @@ -412,7 +426,7 @@ if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.2'; then printf '%s\n\n' "Test PASSED!" fi -if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then + if [[ ("$dtls13" == "yes") && ("$tls13multi" == "no") ]]; then printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD PASS -------------------" # client test against our own server, must staple - GOOD CERT ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index f18ee1a7c4..dea1af61b5 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -43,7 +43,7 @@ fi if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then if [[ "$IPV6_SUPPORTED" == "no" ]]; then echo 'Skipping IPV6 test in environment lacking IPV6 support.' - exit 0 + exit 77 fi LOCALHOST='[::1]' LOCALHOST_FOR_NC='-6 ::1' diff --git a/scripts/ocsp-stapling_tls13multi.test b/scripts/ocsp-stapling_tls13multi.test new file mode 100755 index 0000000000..27ef90031f --- /dev/null +++ b/scripts/ocsp-stapling_tls13multi.test @@ -0,0 +1,522 @@ +#!/bin/bash + +# ocsp-stapling_tls13multi.test +# Test requires HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +SCRIPT_DIR="$(dirname "$0")" + +# if we can, isolate the network namespace to eliminate port collisions. +if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then + if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then + export NETWORK_UNSHARE_HELPER_CALLED=yes + exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $? + fi +elif [ "${AM_BWRAPPED-}" != "yes" ]; then + bwrap_path="$(command -v bwrap)" + if [ -n "$bwrap_path" ]; then + export AM_BWRAPPED=yes + exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" + fi + unset AM_BWRAPPED +fi + +if [[ -z "${RETRIES_REMAINING-}" ]]; then + export RETRIES_REMAINING=2 +fi + +if ! ./examples/client/client -V | grep -q 4; then + tls13=no + +else + tls13=yes +fi + +if ! ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then + dtls13=no +else + dtls13=yes +fi + +if [[ ("$tls13" == "no") && ("$dtls13" == "no") ]]; then + echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2 + exit 77 +fi + +if ! ./examples/client/client -V | grep -q 4; then + tls13=no + echo 'skipping ocsp-stapling_tls13multi.test because TLS1.3 is not available.' 1>&2 + exit 77 +else + tls13=yes +fi + +if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then + IPV6_SUPPORTED=yes +else + IPV6_SUPPORTED=no +fi + +if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then + if [[ "$IPV6_SUPPORTED" == "no" ]]; then + echo 'Skipping IPV6 test in environment lacking IPV6 support.' + exit 77 + fi + LOCALHOST='[::1]' + LOCALHOST_FOR_NC='-6 ::1' +else + LOCALHOST='127.0.0.1' + LOCALHOST_FOR_NC='127.0.0.1' +fi + +PARENTDIR="$PWD" + +# create a unique workspace directory ending in PID for the script instance ($$) +# to make this instance orthogonal to any others running, even on same repo. +# TCP ports are also carefully formed below from the PID, to minimize conflicts. + +#WORKSPACE="${PARENTDIR}/workspace.pid$$" +#mkdir "${WORKSPACE}" || exit $? + +WORKSPACE="$(mktemp -d -p ${PARENTDIR})" + +cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $? +cd "$WORKSPACE" || exit $? +ln -s ../examples + +CERT_DIR="certs/ocsp" + + +ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$ +ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$ +ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$ +ready_file4="$WORKSPACE"/wolf_ocsp_s2_readyF4$$ +ready_file5="$WORKSPACE"/wolf_ocsp_s2_readyF5$$ +printf '%s\n' "ready file 1: $ready_file1" +printf '%s\n' "ready file 2: $ready_file2" +printf '%s\n' "ready file 3: $ready_file3" +printf '%s\n' "ready file 4: $ready_file4" +printf '%s\n' "ready file 5: $ready_file5" + +test_cnf="ocsp_s2.cnf" + +wait_for_readyFile(){ + + counter=0 + + while [ ! -s $1 -a "$counter" -lt 20 ]; do + if [[ -n "${2-}" ]]; then + if ! kill -0 $2 2>&-; then + echo "pid $2 for port ${3-} exited before creating ready file. bailing..." + exit 1 + fi + fi + echo -e "waiting for ready file..." + sleep 0.1 + counter=$((counter+ 1)) + done + + if test -e $1; then + echo -e "found ready file, starting client..." + else + echo -e "NO ready file at $1 -- ending test..." + exit 1 + fi + +} + +remove_single_rF(){ + if test -e $1; then + printf '%s\n' "removing ready file: $1" + rm $1 + fi +} +#create a configure file for cert generation with the port 0 solution +create_new_cnf() { + echo "Random Ports Selected: $1 $2 $3 $4" + + cat <<- EOF > $test_cnf + # + # openssl configuration file for OCSP certificates + # + + # Extensions to add to a certificate request (intermediate1-ca) + [ v3_req1 ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$1 + + # Extensions to add to a certificate request (intermediate2-ca) + [ v3_req2 ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$2 + + # Extensions to add to a certificate request (intermediate3-ca) + [ v3_req3 ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$3 + + # Extensions for a typical CA + [ v3_ca ] + basicConstraints = CA:true + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = keyCertSign, cRLSign + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$4 + + # OCSP extensions. + [ v3_ocsp ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + extendedKeyUsage = OCSPSigning +EOF + + mv $test_cnf $CERT_DIR/$test_cnf + cd $CERT_DIR + CURR_LOC="$PWD" + printf '%s\n' "echo now in $CURR_LOC" + ./renewcerts-for-test.sh $test_cnf + cd $WORKSPACE +} + +remove_ready_file(){ + if test -e $ready_file1; then + printf '%s\n' "removing ready file: $ready_file1" + rm $ready_file1 + fi + if test -e $ready_file2; then + printf '%s\n' "removing ready file: $ready_file2" + rm $ready_file2 + fi + if test -e $ready_file3; then + printf '%s\n' "removing ready file: $ready_file3" + rm $ready_file3 + fi + if test -e $ready_file4; then + printf '%s\n' "removing ready file: $ready_file4" + rm $ready_file4 + fi + if test -e $ready_file5; then + printf '%s\n' "removing ready file: $ready_file5" + rm $ready_file5 + fi +} + +cleanup() +{ + exit_status=$? + for i in $(jobs -pr) + do + kill -s KILL "$i" + done + remove_ready_file + rm $CERT_DIR/$test_cnf + cd "$PARENTDIR" || return 1 + rm -r "$WORKSPACE" || return 1 + + if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then + echo "retrying..." + RETRIES_REMAINING=$((RETRIES_REMAINING - 1)) + exec $0 "$@" + fi +} +trap cleanup EXIT INT TERM HUP + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# check if supported key size is large enough to handle 4096 bit RSA +size="$(./examples/client/client '-?' | grep "Max RSA key")" +size="${size//[^0-9]/}" +if [ ! -z "$size" ]; then + printf 'check on max key size of %d ...' $size + if [ $size -lt 4096 ]; then + printf '%s\n' "4096 bit RSA keys not supported" + exit 0 + fi + printf 'OK\n' +fi + +#get four unique ports + +# choose consecutive ports based on the PID, skipping any that are +# already bound, to avoid the birthday problem in case other +# instances are sharing this host. + +get_first_free_port() { + local ret="$1" + while :; do + if [[ "$ret" -ge 65536 ]]; then + ret=1024 + fi + if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then + break + fi + ret=$((ret+1)) + done + echo "$ret" + return 0 +} + +base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) +port1=$(get_first_free_port $base_port) +port2=$(get_first_free_port $((port1 + 1))) +port3=$(get_first_free_port $((port2 + 1))) +port4=$(get_first_free_port $((port3 + 1))) +port5=$(get_first_free_port $((port4 + 1))) + +# 1: +./examples/server/server -R $ready_file1 -p $port1 & +server_pid1=$! +wait_for_readyFile $ready_file1 $server_pid1 $port1 +if [ ! -f $ready_file1 ]; then + printf '%s\n' "Failed to create ready file1: \"$ready_file1\"" + exit 1 +fi +# 2: +./examples/server/server -R $ready_file2 -p $port2 & +server_pid2=$! +wait_for_readyFile $ready_file2 $server_pid2 $port2 +if [ ! -f $ready_file2 ]; then + printf '%s\n' "Failed to create ready file2: \"$ready_file2\"" + exit 1 +fi +# 3: +./examples/server/server -R $ready_file3 -p $port3 & +server_pid3=$! +wait_for_readyFile $ready_file3 $server_pid3 $port3 +if [ ! -f $ready_file3 ]; then + printf '%s\n' "Failed to create ready file3: \"$ready_file3\"" + exit 1 +fi +# 4: +./examples/server/server -R $ready_file4 -p $port4 & +server_pid4=$! +wait_for_readyFile $ready_file4 $server_pid4 $port4 +if [ ! -f $ready_file4 ]; then + printf '%s\n' "Failed to create ready file4: \"$ready_file4\"" + exit 1 +fi + +printf '%s\n' "------------- PORTS ---------------" +printf '%s' "Random ports selected: $port1 $port2" +printf '%s\n' " $port3 $port4" +printf '%s\n' "-----------------------------------" +# Use client connections to cleanly shutdown the servers +./examples/client/client -p $port1 +./examples/client/client -p $port2 +./examples/client/client -p $port3 +./examples/client/client -p $port4 +create_new_cnf $port1 $port2 $port3 \ + $port4 + +sleep 0.1 + +# setup ocsp responders +# OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port $port1 -nmin 1 \ + -index certs/ocsp/index-ca-and-intermediate-cas.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/root-ca-cert.pem \ + "$@" \ + & + +# OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port $port2 -nmin 1 \ + -index certs/ocsp/index-intermediate2-ca-issued-certs.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate2-ca-cert.pem \ + "$@" \ + & + +# OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh & +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port $port3 -nmin 1 \ + -index certs/ocsp/index-intermediate3-ca-issued-certs.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/intermediate3-ca-cert.pem \ + "$@" \ + & + +# NEW: openssl isn't being cleaned up, invoke directly in script for cleanup +# purposes! +openssl ocsp -port $port4 -nmin 1 \ + -index certs/ocsp/index-ca-and-intermediate-cas.txt \ + -rsigner certs/ocsp/ocsp-responder-cert.pem \ + -rkey certs/ocsp/ocsp-responder-key.pem \ + -CA certs/ocsp/root-ca-cert.pem \ + "$@" \ + & + +sleep 0.1 +# "jobs" is not portable for posix. Must use bash interpreter! +[ $(jobs -r | wc -l) -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0 + +printf '\n\n%s\n\n' "All OCSP responders started successfully!" + +if [ "$tls13" == "yes" ]; then + printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" + # client test against our own server - GOOD CERTS + ./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" + # client test against our own server - REVOKED SERVER CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + + printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 & + sleep 0.1 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + + printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ------------------------" + # client test against our own server - REVOKED INTERMEDIATE CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server5-cert.pem \ + -k certs/ocsp/server5-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + + printf '%s\n\n' "------------- TEST CASE 5 SHOULD REVOKE ----------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server5-cert.pem \ + -k certs/ocsp/server5-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + + printf '%s\n\n' "------------- TEST CASE 6 LOAD CERT IN SSL -------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server1-cert.pem \ + -k certs/ocsp/server1-key.pem -R $ready_file5 -v 4 \ + -p $port5 -H loadSSL & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1 + wait $server_pid5 + if [ $? -ne 0 ]; then + printf '%s\n' "Unexpected server result" + exit 1 + fi + printf '%s\n\n' "Test successful" + printf '%s\n\n' "------------- TEST CASE 7 SHOULD REVOKE ----------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 -H loadSSL -v 4 & + server_pid5=$! + sleep 0.1 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + wait $server_pid5 + if [ $? -ne 1 ]; then + printf '%s\n' "Unexpected server result" + exit 1 + fi + printf '%s\n\n' "Test successfully REVOKED!" +fi + +if [ "$dtls13" == "yes" ]; then + printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS ---------------" + # client test against our own server - GOOD CERTS + ./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ \ + -p $port5 -u -v 4 & + server_pid5=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD REVOKE --------------" + # client test against our own server - REVOKED SERVER CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + +fi + +# need a unique port since may run the same time as testsuite +generate_port() { + #-------------------------------------------------------------------------# + # Generate a random port number + #-------------------------------------------------------------------------# + + if [[ "$OSTYPE" == "linux"* ]]; then + port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) + elif [[ "$OSTYPE" == "darwin"* ]]; then + port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) + else + echo "Unknown OS TYPE" + exit 1 + fi +} + +printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------" + +exit 0 diff --git a/src/bio.c b/src/bio.c index 61235e3d66..569abfbd97 100644 --- a/src/bio.c +++ b/src/bio.c @@ -834,7 +834,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) (const char*)data, len, 0, ret); } - XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (front != NULL) { + XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); + } #ifdef WOLFSSL_BASE64_ENCODE if (retB64 > 0 && ret > 0) diff --git a/src/dtls13.c b/src/dtls13.c index aa630d3d57..5011f7d85b 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -71,7 +71,7 @@ typedef struct Dtls13HandshakeHeader { byte fragmentLength[3]; } Dtls13HandshakeHeader; -static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ); +wc_static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ); /** * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3 @@ -260,7 +260,8 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask, if (c->aes == NULL) return BAD_STATE_E; #if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \ + || defined(WOLFSSL_LINUXKM)) return wc_AesEncryptDirect(c->aes, mask, ciphertext); #else wc_AesEncryptDirect(c->aes, mask, ciphertext); @@ -341,9 +342,17 @@ static void Dtls13MsgWasProcessed(WOLFSSL* ssl, enum HandShakeType hs) if (ssl->options.dtlsStateful) ssl->keys.dtls_expected_peer_handshake_number++; - /* we need to send ACKs on the last message of a flight that needs explicit - acknowledgment */ - ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs); +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) +#endif + { + /* we need to send ACKs on the last message of a flight that needs + * explicit acknowledgment */ + ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs); + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } } int Dtls13ProcessBufferedMessages(WOLFSSL* ssl) @@ -487,22 +496,25 @@ int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, int* hashSz, wc_HashAlg hashCtx; int type = wolfSSL_GetHmacType_ex(specs); + if (type < 0) + return type; + header[0] = (byte)client_hello; c32to24(length, header + 1); - ret = wc_HashInit_ex(&hashCtx, type, ssl->heap, ssl->devId); + ret = wc_HashInit_ex(&hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId); if (ret == 0) { - ret = wc_HashUpdate(&hashCtx, type, header, OPAQUE32_LEN); + ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN); if (ret == 0) - ret = wc_HashUpdate(&hashCtx, type, body, length); + ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, body, length); if (ret == 0) - ret = wc_HashFinal(&hashCtx, type, hash); + ret = wc_HashFinal(&hashCtx, (enum wc_HashType)type, hash); if (ret == 0) { - *hashSz = wc_HashGetDigestSize(type); + *hashSz = wc_HashGetDigestSize((enum wc_HashType)type); if (*hashSz < 0) ret = *hashSz; } - wc_HashFree(&hashCtx, type); + wc_HashFree(&hashCtx, (enum wc_HashType)type); } return ret; } @@ -560,9 +572,6 @@ static int Dtls13SendFragment(WOLFSSL* ssl, byte* output, word16 output_size, else { msg = output + recordHeaderLength; - if (length <= recordHeaderLength) - return BUFFER_ERROR; - if (hashOutput) { ret = Dtls13HashHandshake(ssl, msg, recordLength); if (ret != 0) @@ -654,8 +663,17 @@ static void Dtls13RtxRecordUnlink(WOLFSSL* ssl, Dtls13RtxRecord** prevNext, Dtls13RtxRecord* r) { /* if r was at the tail of the list, update the tail pointer */ - if (r->next == NULL) - ssl->dtls13Rtx.rtxRecordTailPtr = prevNext; + if (r->next == NULL) { + #ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) + #endif + { + ssl->dtls13Rtx.rtxRecordTailPtr = prevNext; + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } + } /* unlink */ *prevNext = r->next; @@ -712,12 +730,20 @@ static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq) WOLFSSL_ENTER("Dtls13RtxAddAck"); - rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap); - if (rn == NULL) - return MEMORY_E; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) +#endif + { + rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap); + if (rn == NULL) + return MEMORY_E; - rn->next = ssl->dtls13Rtx.seenRecords; - ssl->dtls13Rtx.seenRecords = rn; + rn->next = ssl->dtls13Rtx.seenRecords; + ssl->dtls13Rtx.seenRecords = rn; + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } return 0; } @@ -730,15 +756,23 @@ static void Dtls13RtxFlushAcks(WOLFSSL* ssl) WOLFSSL_ENTER("Dtls13RtxFlushAcks"); - list = ssl->dtls13Rtx.seenRecords; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) +#endif + { + list = ssl->dtls13Rtx.seenRecords; - while (list != NULL) { - rn = list; - list = rn->next; - XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); - } + while (list != NULL) { + rn = list; + list = rn->next; + XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); + } - ssl->dtls13Rtx.seenRecords = NULL; + ssl->dtls13Rtx.seenRecords = NULL; + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } } static int Dtls13DetectDisruption(WOLFSSL* ssl, word32 fragOffset) @@ -1680,7 +1714,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, isFirst = fragOff == 0; isComplete = isFirst && fragLength == messageLength; - if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) { + if (!isComplete && !Dtls13AcceptFragmented(ssl, (enum HandShakeType)handshakeType)) { #ifdef WOLFSSL_DTLS_CH_FRAG byte tls13 = 0; /* check if the first CH fragment contains a valid cookie */ @@ -2519,13 +2553,25 @@ static void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch, int Dtls13DoScheduledWork(WOLFSSL* ssl) { int ret; + int sendAcks; WOLFSSL_ENTER("Dtls13DoScheduledWork"); ssl->dtls13SendingAckOrRtx = 1; - if (ssl->dtls13Rtx.sendAcks) { +#ifdef WOLFSSL_RW_THREADED + ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) + return ret; +#endif + sendAcks = ssl->dtls13Rtx.sendAcks; + if (sendAcks) { ssl->dtls13Rtx.sendAcks = 0; + } +#ifdef WOLFSSL_RW_THREADED + ret = wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif + if (sendAcks) { ret = SendDtls13Ack(ssl); if (ret != 0) return ret; @@ -2601,13 +2647,28 @@ static int Dtls13RtxHasKeyUpdateBuffered(WOLFSSL* ssl) return 0; } +int DoDtls13KeyUpdateAck(WOLFSSL* ssl) +{ + int ret = 0; + + if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) { + /* we removed the KeyUpdate message because it was ACKed */ + ssl->dtls13WaitKeyUpdateAck = 0; + ret = Dtls13KeyUpdateAckReceived(ssl); + } + + return ret; +} + int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, word32* processedSize) { const byte* ackMessage; w64wrapper epoch, seq; word16 length; +#ifndef WOLFSSL_RW_THREADED int ret; +#endif int i; if (inputSize < OPAQUE16_LEN) @@ -2639,15 +2700,13 @@ int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, ssl->options.serverState = SERVER_FINISHED_ACKED; } +#ifndef WOLFSSL_RW_THREADED if (ssl->dtls13WaitKeyUpdateAck) { - if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) { - /* we removed the KeyUpdate message because it was ACKed */ - ssl->dtls13WaitKeyUpdateAck = 0; - ret = Dtls13KeyUpdateAckReceived(ssl); - if (ret != 0) - return ret; - } + ret = DoDtls13KeyUpdateAck(ssl); + if (ret != 0) + return ret; } +#endif *processedSize = length + OPAQUE16_LEN; @@ -2698,9 +2757,17 @@ int SendDtls13Ack(WOLFSSL* ssl) if (ret != 0) return ret; - ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length); - if (ret != 0) +#ifdef WOLFSSL_RW_THREADED + ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) return ret; +#endif + ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length); +#ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif + if (ret != 0) + return ret; output = GetOutputBuffer(ssl); diff --git a/src/include.am b/src/include.am index 8e1f16f896..0900bbec39 100644 --- a/src/include.am +++ b/src/include.am @@ -1192,6 +1192,21 @@ endif if BUILD_WC_KYBER src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_poly.c +if BUILD_ARMASM +if BUILD_ARM_THUMB +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/thumb2-kyber-asm.S +endif !BUILD_ARMASM_INLINE +else +if BUILD_ARMASM_INLINE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c +else +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-kyber-asm.S +endif !BUILD_ARMASM_INLINE +endif !BUILD_ARM_THUMB +endif BUILD_ARMASM if !BUILD_X86_ASM if BUILD_INTELASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S diff --git a/src/internal.c b/src/internal.c index 317015c298..8d1e45719a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2885,95 +2885,73 @@ void InitCiphers(WOLFSSL* ssl) } - -/* Free ciphers */ -void FreeCiphers(WOLFSSL* ssl) +static void FreeCiphersSide(Ciphers *cipher, void* heap) { - (void)ssl; #ifdef BUILD_ARC4 - wc_Arc4Free(ssl->encrypt.arc4); - wc_Arc4Free(ssl->decrypt.arc4); - XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.arc4 = NULL; - ssl->decrypt.arc4 = NULL; + wc_Arc4Free(cipher->arc4); + XFREE(cipher->arc4, heap, DYNAMIC_TYPE_CIPHER); + cipher->arc4 = NULL; #endif #ifdef BUILD_DES3 - wc_Des3Free(ssl->encrypt.des3); - wc_Des3Free(ssl->decrypt.des3); - XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.des3 = NULL; - ssl->decrypt.des3 = NULL; + wc_Des3Free(cipher->des3); + XFREE(cipher->des3, heap, DYNAMIC_TYPE_CIPHER); + cipher->des3 = NULL; #endif #if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA) - /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, dec->aes) */ - wc_AesFree(ssl->encrypt.aes); - wc_AesFree(ssl->decrypt.aes); - XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.aes = NULL; - ssl->decrypt.aes = NULL; + /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, + * dec->aes) */ + wc_AesFree(cipher->aes); + XFREE(cipher->aes, heap, DYNAMIC_TYPE_CIPHER); + cipher->aes = NULL; #endif #if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) - wc_Sm4Free(ssl->encrypt.sm4); - wc_Sm4Free(ssl->decrypt.sm4); - XFREE(ssl->encrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.sm4 = NULL; - ssl->decrypt.sm4 = NULL; + wc_Sm4Free(cipher->sm4); + XFREE(cipher->sm4, heap, DYNAMIC_TYPE_CIPHER); + cipher->sm4 = NULL; #endif #if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \ !defined(WOLFSSL_NO_TLS12) - XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.additional = NULL; - ssl->decrypt.additional = NULL; + XFREE(cipher->additional, heap, DYNAMIC_TYPE_CIPHER); + cipher->additional = NULL; #endif #ifdef CIPHER_NONCE - XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.nonce = NULL; - ssl->decrypt.nonce = NULL; + XFREE(cipher->nonce, heap, DYNAMIC_TYPE_CIPHER); + cipher->nonce = NULL; #endif #ifdef HAVE_ARIA - wc_AriaFreeCrypt(ssl->encrypt.aria); - wc_AriaFreeCrypt(ssl->decrypt.aria); - XFREE(ssl->encrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.aria = NULL; - ssl->decrypt.aria = NULL; + wc_AriaFreeCrypt(cipher->aria); + XFREE(cipher->aria, heap, DYNAMIC_TYPE_CIPHER); + cipher->aria = NULL; #endif #ifdef HAVE_CAMELLIA - XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.cam = NULL; - ssl->decrypt.cam = NULL; + XFREE(cipher->cam, heap, DYNAMIC_TYPE_CIPHER); + cipher->cam = NULL; #endif #ifdef HAVE_CHACHA - if (ssl->encrypt.chacha) - ForceZero(ssl->encrypt.chacha, sizeof(ChaCha)); - if (ssl->decrypt.chacha) - ForceZero(ssl->decrypt.chacha, sizeof(ChaCha)); - XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.chacha = NULL; - ssl->decrypt.chacha = NULL; + if (cipher->chacha) + ForceZero(cipher->chacha, sizeof(ChaCha)); + XFREE(cipher->chacha, heap, DYNAMIC_TYPE_CIPHER); + cipher->chacha = NULL; #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) + wc_HmacFree(cipher->hmac); + XFREE(cipher->hmac, heap, DYNAMIC_TYPE_CIPHER); + cipher->hmac = NULL; +#endif +} + +/* Free ciphers */ +void FreeCiphers(WOLFSSL* ssl) +{ + FreeCiphersSide(&ssl->encrypt, ssl->heap); + FreeCiphersSide(&ssl->decrypt, ssl->heap); + #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH) if (ssl->auth.poly1305) ForceZero(ssl->auth.poly1305, sizeof(Poly1305)); XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); ssl->auth.poly1305 = NULL; #endif -#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) - wc_HmacFree(ssl->encrypt.hmac); - wc_HmacFree(ssl->decrypt.hmac); - XFREE(ssl->encrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->encrypt.hmac = NULL; - ssl->decrypt.hmac = NULL; -#endif #ifdef WOLFSSL_DTLS13 #ifdef BUILD_AES @@ -2993,7 +2971,6 @@ void FreeCiphers(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 */ } - void InitCipherSpecs(CipherSpecs* cs) { XMEMSET(cs, 0, sizeof(CipherSpecs)); @@ -6849,10 +6826,14 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ssl->buffers.key != NULL) { FreeDer(&ssl->buffers.key); } - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + return ret; + } ssl->buffers.weOwnKey = 1; + ret = WOLFSSL_SUCCESS; } else { ssl->buffers.key = ctx->privateKey; @@ -6862,9 +6843,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #endif #else if (ctx->privateKey != NULL) { - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + return ret; + } ssl->buffers.weOwnKey = 1; /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask); @@ -6885,9 +6869,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.altKey = ctx->altPrivateKey; #else if (ctx->altPrivateKey != NULL) { - AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, ctx->altPrivateKey->length, ctx->altPrivateKey->type, ctx->altPrivateKey->heap); + if (ret != 0) { + return ret; + } /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, @@ -6895,6 +6882,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ret != 0) { return ret; } + ret = WOLFSSL_SUCCESS; } #endif ssl->buffers.altKeyType = ctx->altPrivateKeyType; @@ -7382,6 +7370,15 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; +#ifdef WOLFSSL_THREADED_CRYPT + { + int i; + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + ssl->buffers.encrypt[i].avail = 1; + } + } +#endif + #ifdef KEEP_PEER_CERT InitX509(&ssl->peerCert, 0, ssl->heap); #endif @@ -7719,6 +7716,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->dtls13DecryptEpoch = &ssl->dtls13Epochs[0]; ssl->options.dtls13SendMoreAcks = WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT; ssl->dtls13Rtx.rtxRecordTailPtr = &ssl->dtls13Rtx.rtxRecords; + +#ifdef WOLFSSL_RW_THREADED + ret = wc_InitMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) { + return ret; + } +#endif #endif /* WOLFSSL_DTLS13 */ #ifdef WOLFSSL_QUIC @@ -7746,6 +7750,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->sigSpec = ctx->sigSpec; ssl->sigSpecSz = ctx->sigSpecSz; #endif /* WOLFSSL_DUAL_ALG_CERTS */ +#ifdef HAVE_OCSP +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ssl->response_idx = 0; +#endif +#endif /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */ WOLFSSL_MSG_EX("InitSSL done. return 0 (success)"); return 0; @@ -8244,6 +8253,25 @@ void SSL_ResourceFree(WOLFSSL* ssl) ShrinkInputBuffer(ssl, FORCED_FREE); if (ssl->buffers.outputBuffer.dynamicFlag) ShrinkOutputBuffer(ssl); +#ifdef WOLFSSL_THREADED_CRYPT + { + int i; + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + bufferStatic* buff = &ssl->buffers.encrypt[i].buffer; + + ssl->buffers.encrypt[i].stop = 1; + FreeCiphersSide(&ssl->buffers.encrypt[i].encrypt, ssl->heap); + if (buff->dynamicFlag) { + XFREE(buff->buffer - buff->offset, ssl->heap, + DYNAMIC_TYPE_OUT_BUFFER); + buff->buffer = buff->staticBuffer; + buff->bufferSize = STATIC_BUFFER_LEN; + buff->offset = 0; + buff->dynamicFlag = 0; + } + } + } +#endif #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) if (ssl->buffers.tls13CookieSecret.buffer != NULL) { ForceZero(ssl->buffers.tls13CookieSecret.buffer, @@ -8496,6 +8524,10 @@ void SSL_ResourceFree(WOLFSSL* ssl) #endif #ifdef WOLFSSL_DTLS13 Dtls13FreeFsmResources(ssl); + +#ifdef WOLFSSL_RW_THREADED + wc_FreeMutex(&ssl->dtls13Rtx.mutex); +#endif #endif /* WOLFSSL_DTLS13 */ #ifdef WOLFSSL_QUIC wolfSSL_quic_free(ssl); @@ -10755,6 +10787,69 @@ int SendBuffered(WOLFSSL* ssl) return 0; } +#ifdef WOLFSSL_THREADED_CRYPT +static WC_INLINE int GrowAnOutputBuffer(WOLFSSL* ssl, + bufferStatic* outputBuffer, int size) +{ + byte* tmp; +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ : + RECORD_HEADER_SZ; + byte align = WOLFSSL_GENERAL_ALIGNMENT; +#else + const byte align = WOLFSSL_GENERAL_ALIGNMENT; +#endif + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + /* the encrypted data will be offset from the front of the buffer by + the header, if the user wants encrypted alignment they need + to define their alignment requirement */ + + while (align < hdrSz) + align *= 2; +#endif + + tmp = (byte*)XMALLOC(size + outputBuffer->length + align, + ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); + WOLFSSL_MSG("growing output buffer"); + + if (tmp == NULL) + return MEMORY_E; + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + if (align) + tmp += align - hdrSz; +#endif + +#ifdef WOLFSSL_STATIC_MEMORY + /* can be from IO memory pool which does not need copy if same buffer */ + if (outputBuffer->length && tmp == outputBuffer->buffer) { + outputBuffer->bufferSize = size + outputBuffer->length; + return 0; + } +#endif + + if (outputBuffer->length) + XMEMCPY(tmp, outputBuffer->buffer, outputBuffer->length); + + if (outputBuffer->dynamicFlag) { + XFREE(outputBuffer->buffer - outputBuffer->offset, ssl->heap, + DYNAMIC_TYPE_OUT_BUFFER); + } + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + if (align) + outputBuffer->offset = align - hdrSz; + else +#endif + outputBuffer->offset = 0; + + outputBuffer->buffer = tmp; + outputBuffer->dynamicFlag = 1; + outputBuffer->bufferSize = size + outputBuffer->length; + return 0; +} +#endif /* returns the current location in the output buffer to start writing to */ byte* GetOutputBuffer(WOLFSSL* ssl) @@ -11377,8 +11472,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, if (ssl->options.tls1_3) { ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size); if (ret == 0 || - ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR) || - ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)) + ((ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR)) && + (ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)))) return ret; } @@ -12509,16 +12604,20 @@ int CipherRequires(byte first, byte second, int requirement) #ifndef NO_CERTS - /* Match names with wildcards, each wildcard can represent a single name component or fragment but not multiple names, i.e., *.z.com matches y.z.com but not x.y.z.com + If flags contains WOLFSSL_LEFT_MOST_WILDCARD_ONLY, wildcard only applies + to left-most name component, compatible with RFC 2830 identity checking. + return 1 on success */ int MatchDomainName(const char* pattern, int patternLen, const char* str, - word32 strLen) + word32 strLen, unsigned int flags) { int ret = 0; + byte wildcardEligible = 1; + byte leftWildcardOnly = flags & WOLFSSL_LEFT_MOST_WILDCARD_ONLY; if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0) return 0; @@ -12531,11 +12630,16 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, pattern++; - if (p == '*') { + if ((p == '*') && wildcardEligible) { char s; /* We will always match '*' */ patternLen--; + /* Only single wildcard allowed with strict left only */ + if (leftWildcardOnly) { + wildcardEligible = 0; + } + /* Consume any extra '*' chars until the next non '*' char. */ while (patternLen > 0) { p = (char)XTOLOWER((unsigned char)*pattern); @@ -12544,6 +12648,10 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, return 0; if (p != '*') break; + if (leftWildcardOnly && (p == '*')) { + /* RFC2830 only allows single left-most wildcard */ + return 0; + } patternLen--; } @@ -12575,6 +12683,11 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, } } else { + /* Past left-most wildcard location, not eligible if flag set*/ + if (leftWildcardOnly && wildcardEligible) { + wildcardEligible = 0; + } + /* Simple case, pattern match exactly */ if (p != (char)XTOLOWER((unsigned char) *str)) return 0; @@ -12606,7 +12719,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, * -1 : No matches and wild pattern match failed. */ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, - int* checkCN) + int* checkCN, unsigned int flags) { int match = 0; DNS_entry* altName = NULL; @@ -12637,7 +12750,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, len = (word32)altName->len; } - if (MatchDomainName(buf, (int)len, domain, domainLen)) { + if (MatchDomainName(buf, (int)len, domain, domainLen, flags)) { match = 1; if (checkCN != NULL) { *checkCN = 0; @@ -12666,13 +12779,14 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, * domainNameLen The length of the domain name. * returns DOMAIN_NAME_MISMATCH when no match found and 0 on success. */ -int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen) +int CheckHostName(DecodedCert* dCert, const char *domainName, + size_t domainNameLen, unsigned int flags) { int checkCN; int ret = WC_NO_ERR_TRACE(DOMAIN_NAME_MISMATCH); if (CheckForAltNames(dCert, domainName, (word32)domainNameLen, - &checkCN) != 1) { + &checkCN, flags) != 1) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_MSG("DomainName match on alt names failed"); } @@ -12683,7 +12797,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY if (checkCN == 1) { if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen, - domainName, (word32)domainNameLen) == 1) { + domainName, (word32)domainNameLen, flags) == 1) { ret = 0; } else { @@ -12700,7 +12814,7 @@ int CheckIPAddr(DecodedCert* dCert, const char* ipasc) { WOLFSSL_MSG("Checking IPAddr"); - return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc)); + return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc), 0); } @@ -13417,12 +13531,17 @@ int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert) #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12)) -static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, - word32 status_length) +static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, + word32 status_length, int idx) { int ret = 0; OcspRequest* request; - +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + TLSX* ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + CertificateStatusRequest* csr; +#else + (void)idx; +#endif #ifdef WOLFSSL_SMALL_STACK CertStatus* status; OcspEntry* single; @@ -13434,11 +13553,19 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif WOLFSSL_ENTER("ProcessCSR"); - +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + if (ext) { + /* status request */ + csr = (CertificateStatusRequest*)ext->data; + if (csr && !csr->ssl) + csr->ssl = ssl; + } +#endif do { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { - request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); + request = (OcspRequest*)TLSX_CSR_GetRequest_ex(ssl->extensions, + idx); ssl->status_request = 0; break; } @@ -13461,21 +13588,28 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef WOLFSSL_SMALL_STACK status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap, - DYNAMIC_TYPE_OCSP_STATUS); + DYNAMIC_TYPE_OCSP_STATUS); single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), ssl->heap, - DYNAMIC_TYPE_OCSP_ENTRY); + DYNAMIC_TYPE_OCSP_ENTRY); response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap, - DYNAMIC_TYPE_OCSP_REQUEST); + DYNAMIC_TYPE_OCSP_REQUEST); if (status == NULL || single == NULL || response == NULL) { - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + if (status != NULL) { + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + } + if (single != NULL) { + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + } + if (response != NULL) { + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + } return MEMORY_ERROR; } #endif + /* InitOcspResponse sets single and status to response struct. */ InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap); if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0) @@ -13496,17 +13630,25 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx += status_length; + /* FreeOcspResponse frees status and single only if + * single->isDynamic is set. */ FreeOcspResponse(response); #ifdef WOLFSSL_SMALL_STACK - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); #endif WOLFSSL_LEAVE("ProcessCSR", ret); return ret; } + +static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, + word32 status_length) +{ + return ProcessCSR_ex(ssl, input, inOutIdx, status_length, 0); +} #endif @@ -13844,7 +13986,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err, /* If altNames names is present, then subject common name is ignored */ if (args->dCert->altNames != NULL) { if (CheckForAltNames(args->dCert, ssl->param->hostName, - (word32)XSTRLEN(ssl->param->hostName), NULL) != 1) { + (word32)XSTRLEN(ssl->param->hostName), NULL, 0) != 1) { if (cert_err == 0) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); @@ -13858,7 +14000,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err, args->dCert->subjectCN, args->dCert->subjectCNLen, ssl->param->hostName, - (word32)XSTRLEN(ssl->param->hostName)) == 0) { + (word32)XSTRLEN(ssl->param->hostName), 0) == 0) { if (cert_err == 0) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); @@ -14563,6 +14705,52 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) return ret; } +#if defined(HAVE_OCSP) && defined(WOLFSSL_TLS13) \ + && defined(HAVE_CERTIFICATE_STATUS_REQUEST) +static int ProcessPeerCertsChainOCSPStatusCheck(WOLFSSL* ssl) +{ + int ret = 0; + word32 i; + word32 idx = 0; + TLSX* ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + CertificateStatusRequest* csr; + + if (ext) { + csr = (CertificateStatusRequest*)ext->data; + if (csr == NULL) { + return 0; + } + } else + return 0; + + /* error when leaf cert doesn't have certificate status */ + if (csr->requests < 1 || csr->responses[0].length == 0) { + WOLFSSL_MSG("Leaf cert doesn't have certificate status."); + return BAD_CERTIFICATE_STATUS_ERROR; + } + + for (i = 0; i < csr->requests; i++) { + if (csr->responses[i].length != 0) { + ssl->status_request = 1; + idx = 0; + ret = ProcessCSR_ex(ssl, + csr->responses[i].buffer, + &idx, csr->responses[i].length, i); + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); + break; + } + } + else { + WOLFSSL_MSG("Intermediate cert doesn't have certificate status."); + } + } + + return ret; +} + +#endif + #ifdef HAVE_CRL static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args) { @@ -14845,8 +15033,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->idx += extSz; listSz -= extSz + OPAQUE16_LEN; WOLFSSL_MSG_EX("\tParsing %d bytes of cert extensions", - args->exts[args->totalCerts].length); + args->exts[args->totalCerts].length); #if !defined(NO_TLS) + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ssl->response_idx = args->totalCerts; + #endif ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer, (word16)args->exts[args->totalCerts].length, certificate, NULL); @@ -15041,6 +15232,19 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } else /* skips OCSP and force CRL check */ #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + if (IsAtLeastTLSv1_3(ssl->version) && + ssl->options.side == WOLFSSL_CLIENT_END && + ssl->status_request) { + /* We check CSR in Certificate message sent from + * Server. Server side will check client + * certificates by traditional OCSP if enabled + */ + ret = TLSX_CSR_InitRequest_ex(ssl->extensions, + args->dCert, ssl->heap, args->certIdx); + } + else + #endif if (SSL_CM(ssl)->ocspEnabled && SSL_CM(ssl)->ocspCheckAll) { WOLFSSL_MSG("Doing Non Leaf OCSP check"); @@ -15521,24 +15725,17 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.side == WOLFSSL_CLIENT_END) { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { - args->fatal = (TLSX_CSR_InitRequest(ssl->extensions, - args->dCert, ssl->heap) != 0); + args->fatal = (TLSX_CSR_InitRequest_ex( + ssl->extensions, args->dCert, + ssl->heap, args->certIdx) != 0); doLookup = 0; WOLFSSL_MSG("\tHave status request"); #if defined(WOLFSSL_TLS13) if (ssl->options.tls1_3) { - TLSX* ext = TLSX_Find(ssl->extensions, - TLSX_STATUS_REQUEST); - if (ext != NULL) { - word32 idx = 0; - CertificateStatusRequest* csr = - (CertificateStatusRequest*)ext->data; - ret = ProcessCSR(ssl, csr->response.buffer, - &idx, csr->response.length); - if (ret < 0) { - WOLFSSL_ERROR_VERBOSE(ret); - goto exit_ppc; - } + ret = ProcessPeerCertsChainOCSPStatusCheck(ssl); + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); + goto exit_ppc; } } #endif @@ -15748,7 +15945,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN( (const char *)ssl->buffers.domainName.buffer)), - NULL) != 1) { + NULL, 0) != 1) { WOLFSSL_MSG("DomainName match on alt names failed"); /* try to get peer key still */ ret = DOMAIN_NAME_MISMATCH; @@ -15763,7 +15960,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN( (const char *)ssl->buffers.domainName.buffer) - )) == 0) + ), 0) == 0) { WOLFSSL_MSG("DomainName match on common name failed"); ret = DOMAIN_NAME_MISMATCH; @@ -15776,14 +15973,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->dCert->subjectCNLen, (char*)ssl->buffers.domainName.buffer, (ssl->buffers.domainName.buffer == NULL ? 0 : - (word32)XSTRLEN(ssl->buffers.domainName.buffer))) == 0) + (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0) { WOLFSSL_MSG("DomainName match on common name failed"); if (CheckForAltNames(args->dCert, (char*)ssl->buffers.domainName.buffer, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN(ssl->buffers.domainName.buffer)), - NULL) != 1) { + NULL, 0) != 1) { WOLFSSL_MSG( "DomainName match on alt names failed too"); /* try to get peer key still */ @@ -17281,6 +17478,18 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, case certificate_request: case server_hello_done: if (ssl->options.resuming) { + /* Client requested resumption, but server is doing a + * full handshake */ + + /* The server's decision to resume isn't known until after the + * "server_hello". If subsequent handshake messages like + * "certificate" or "server_key_exchange" are recevied then we + * are doing a full handshake */ + + /* If the server included a session id then we + * treat this as a fatal error, since the server said it was + * doing resumption, but did not. */ + /* https://www.rfc-editor.org/rfc/rfc5077.html#section-3.4 * Alternatively, the client MAY include an empty Session ID * in the ClientHello. In this case, the client ignores the @@ -17289,7 +17498,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, * messages. */ #ifndef WOLFSSL_WPAS - if (ssl->session->sessionIDSz != 0) { + if (ssl->arrays->sessionIDSz != 0) { /* Fatal error. Only try to send an alert. RFC 5246 does not * allow for reverting back to a full handshake after the * server has indicated the intention to do a resumption. */ @@ -22108,6 +22317,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #endif } #endif + #ifndef WOLFSSL_RW_THREADED #ifdef WOLFSSL_TLS13 if (ssl->keys.keyUpdateRespond) { WOLFSSL_MSG("No KeyUpdate from peer seen"); @@ -22115,6 +22325,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) return SANITY_MSG_E; } #endif + #endif if ((ret = DoApplicationData(ssl, ssl->buffers.inputBuffer.buffer, &ssl->buffers.inputBuffer.idx, @@ -23085,6 +23296,29 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->keys.dtls_prev_sequence_number_lo; } #endif + +#ifdef WOLFSSL_THREADED_CRYPT + if (asyncOkay) { + WOLFSSL_MSG("Not encrypting\n"); + /* make sure build message state is reset */ + ssl->options.buildMsgState = BUILD_MSG_BEGIN; + + /* return sz on success */ + if (ret == 0) { + ret = args->sz; + } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } + + /* Final cleanup */ + FreeBuildMsgArgs(ssl, args); + + return ret; + } + else +#endif + { #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) if (ssl->options.startedETMWrite) { ret = Encrypt(ssl, output + args->headerSz, @@ -23107,6 +23341,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo; } #endif + } } if (ret != 0) { @@ -23399,7 +23634,7 @@ int SendFinished(WOLFSSL* ssl) * * Returns 0 on success */ -static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, +int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, DecodedCert* cert, byte* certData, word32 length, byte *ctxOwnsRequest) { @@ -24285,7 +24520,6 @@ int SendCertificateStatus(WOLFSSL* ssl) if (idx > chain->length) break; - ret = CreateOcspRequest(ssl, request, cert, der.buffer, der.length, &ctxOwnsRequest); if (ret == 0) { @@ -24535,6 +24769,50 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl) } #endif /* WOLFSSL_TLS13 && !WOLFSSL_TLS13_IGNORE_AEAD_LIMITS */ +#ifdef WOLFSSL_THREADED_CRYPT +int SendAsyncData(WOLFSSL* ssl) +{ + int i; + + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + ThreadCrypt* encrypt = &ssl->buffers.encrypt[i]; + + if (encrypt->done) { + int error; + + GrowOutputBuffer(ssl, encrypt->buffer.length); + XMEMCPY(ssl->buffers.outputBuffer.buffer, encrypt->buffer.buffer, + encrypt->buffer.length); + ssl->buffers.outputBuffer.length = encrypt->buffer.length; + ssl->buffers.outputBuffer.idx = 0; + encrypt->done = 0; + encrypt->avail = 1; + if ((error = SendBuffered(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(ssl->error); + /* store for next call if WANT_WRITE or user embedSend() that + doesn't present like WANT_WRITE */ + ssl->buffers.plainSz = encrypt->buffer.length; + ssl->buffers.prevSent = encrypt->buffer.length; + if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { + return SOCKET_PEER_CLOSED_E; /* peer reset or closed */ + } + return ssl->error; + } + + /* only one message per attempt */ + if (ssl->options.partialWrite == 1) { + WOLFSSL_MSG("Partial Write on, only sending one record"); + break; + } + } + } + + return 0; +} +#endif + /** * ssl_in_handshake(): * Invoked in wolfSSL_read/wolfSSL_write to check if wolfSSL_negotiate() is @@ -24589,18 +24867,20 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP) int groupMsgs = 0; #endif + int error = ssl->error; - if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE) + if (error == WC_NO_ERR_TRACE(WANT_WRITE) #ifdef WOLFSSL_ASYNC_CRYPT - || ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) + || error == WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { + error = 0; ssl->error = 0; } /* don't allow write after decrypt or mac error */ - if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || - ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) { + if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || + error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) { /* For DTLS allow these possible errors and allow the session to continue despite them */ if (ssl->options.dtls) { @@ -24643,9 +24923,32 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) return WOLFSSL_CBIO_ERR_WANT_WRITE; } #endif - return err; + return err; + } + } + +#ifdef WOLFSSL_RW_THREADED +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */ + if ((error = Dtls13DoScheduledWork(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } } +#endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_TLS13 + if (ssl->options.sendKeyUpdate) { + ssl->options.sendKeyUpdate = 0; + ret = SendTls13KeyUpdate(ssl); + if (ret != 0) { + ssl->error = BUILD_MSG_ERROR; + return WOLFSSL_FATAL_ERROR; + } + } +#endif +#endif /* last time system socket output buffer was full, try again to send */ if (ssl->buffers.outputBuffer.length > 0 @@ -24654,15 +24957,16 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #endif ) { WOLFSSL_MSG("output buffer was full, trying to send again"); - if ( (ssl->error = SendBuffered(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && - (ssl->options.connReset || ssl->options.isClosed)) { - ssl->error = SOCKET_PEER_CLOSED_E; - WOLFSSL_ERROR(ssl->error); + if ( (error = SendBuffered(ssl)) < 0) { + WOLFSSL_ERROR(error); + if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { + error = SOCKET_PEER_CLOSED_E; + ssl->error = error; + WOLFSSL_ERROR(error); return 0; /* peer reset or closed */ } - return ssl->error; + return (ssl->error = error); } else { /* advance sent to previous sent + plain size just sent */ @@ -24671,7 +24975,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) if (sent > sz) { WOLFSSL_MSG("error: write() after WANT_WRITE with short size"); - return ssl->error = BAD_FUNC_ARG; + return (ssl->error = BAD_FUNC_ARG); } } } @@ -24682,6 +24986,19 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) return WOLFSSL_FATAL_ERROR; } +#ifdef WOLFSSL_THREADED_CRYPT + ret = SendAsyncData(ssl); + if (ret != 0) { + ssl->error = ret; + return WOLFSSL_FATAL_ERROR; + } + if (ssl->dtls13WaitKeyUpdateAck) { + ret = DoDtls13KeyUpdateAck(ssl); + if (ret != 0) + return ret; + } +#endif + for (;;) { byte* out; byte* sendBuffer = (byte*)data + sent; /* may switch on comp */ @@ -24690,6 +25007,10 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #ifdef HAVE_LIBZ byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif +#ifdef WOLFSSL_THREADED_CRYPT + int i; + ThreadCrypt* encrypt = NULL; +#endif #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) if (IsAtLeastTLSv1_3(ssl->version)) { @@ -24754,9 +25075,10 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK) if (ssl->options.dtls && (buffSz < sz - sent)) { - ssl->error = DTLS_SIZE_ERROR; - WOLFSSL_ERROR(ssl->error); - return ssl->error; + error = DTLS_SIZE_ERROR; + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } #endif outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ; @@ -24773,10 +25095,33 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) /* check for available size */ if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) - return ssl->error = ret; + return (ssl->error = ret); /* get output buffer */ +#ifndef WOLFSSL_THREADED_CRYPT out = GetOutputBuffer(ssl); +#else + do { + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + if (ssl->buffers.encrypt[i].avail) { + encrypt = &ssl->buffers.encrypt[i]; + break; + } + } + if (encrypt == NULL) { + ret = SendAsyncData(ssl); + if (ret != 0) { + ssl->error = ret; + return WOLFSSL_FATAL_ERROR; + } + } + } + while (encrypt == NULL); + encrypt->done = 0; + encrypt->avail = 0; + GrowAnOutputBuffer(ssl, &encrypt->buffer, outputSz); + out = encrypt->buffer.buffer; +#endif #ifdef HAVE_LIBZ if (ssl->options.usingCompression) { @@ -24820,21 +25165,70 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #ifdef WOLFSSL_ASYNC_CRYPT FreeAsyncCtx(ssl, 0); #endif +#ifdef WOLFSSL_THREADED_CRYPT + if (!encrypt->init) { + SetKeys(&encrypt->encrypt, NULL, &ssl->keys, &ssl->specs, + ssl->options.side, ssl->heap, ssl->devId, ssl->rng, + ssl->options.tls1_3); + encrypt->init = 1; + } + encrypt->buffer.length = sendSz; + encrypt->offset = RECORD_HEADER_SZ; + if (ssl->options.dtls) { + encrypt->offset += DTLS_RECORD_EXTRA; + } + encrypt->cryptLen = outputSz - encrypt->offset; + #ifdef HAVE_TRUNCATED_HMAC + if (ssl->truncated_hmac) { + encrypt->cryptLen -= min(TRUNCATED_HMAC_SZ, ssl->specs.hash_size); + } + else + #endif + { + encrypt->cryptLen -= ssl->specs.hash_size; + } + +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + XMEMCPY(encrypt->nonce, ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ); + XMEMCPY(encrypt->nonce + AESGCM_IMP_IV_SZ, ssl->keys.aead_exp_IV, + AESGCM_EXP_IV_SZ); +#endif + XMEMSET(encrypt->additional, 0, AEAD_AUTH_DATA_SZ); + WriteSEQ(ssl, CUR_ORDER, encrypt->additional); + XMEMCPY(encrypt->additional + AEAD_TYPE_OFFSET, encrypt->buffer.buffer, + 3); + c16toa(sendSz - encrypt->offset - AESGCM_EXP_IV_SZ - + ssl->specs.aead_mac_size, encrypt->additional + AEAD_LEN_OFFSET); + + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) + DtlsSEQIncrement(ssl, CUR_ORDER); + #endif + + if (encrypt->signal != NULL) { + encrypt->signal(encrypt->signalCtx, ssl); + } + return sendSz; +#else ssl->buffers.outputBuffer.length += (word32)sendSz; - if ( (ssl->error = SendBuffered(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); + if ( (error = SendBuffered(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(error); /* store for next call if WANT_WRITE or user embedSend() that doesn't present like WANT_WRITE */ ssl->buffers.plainSz = buffSz; ssl->buffers.prevSent = sent; - if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && - (ssl->options.connReset || ssl->options.isClosed)) { + if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { + error = SOCKET_PEER_CLOSED_E; ssl->error = SOCKET_PEER_CLOSED_E; - WOLFSSL_ERROR(ssl->error); + WOLFSSL_ERROR(error); return 0; /* peer reset or closed */ } - return ssl->error; + return error; } sent += buffSz; @@ -24844,6 +25238,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) WOLFSSL_MSG("Partial Write on, only sending one record"); break; } +#endif } return sent; @@ -24853,13 +25248,14 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) { int size; + int error = ssl->error; WOLFSSL_ENTER("ReceiveData"); /* reset error state */ - if (ssl->error == WC_NO_ERR_TRACE(WANT_READ) || - ssl->error == WOLFSSL_ERROR_WANT_READ) - { + if (error == WC_NO_ERR_TRACE(WANT_READ) || + error == WOLFSSL_ERROR_WANT_READ) { + error = 0; ssl->error = 0; } @@ -24867,25 +25263,26 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) if (ssl->options.dtls) { /* In DTLS mode, we forgive some errors and allow the session * to continue despite them. */ - if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || - ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR) || - ssl->error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) { + if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || + error == WC_NO_ERR_TRACE(DECRYPT_ERROR) || + error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) { + error = 0; ssl->error = 0; } } #endif /* WOLFSSL_DTLS */ - if (ssl->error != 0 && ssl->error != WC_NO_ERR_TRACE(WANT_WRITE) + if (error != 0 && error != WC_NO_ERR_TRACE(WANT_WRITE) #ifdef WOLFSSL_ASYNC_CRYPT - && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) + && error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13) - && ssl->error != WC_NO_ERR_TRACE(APP_DATA_READY) + && error != WC_NO_ERR_TRACE(APP_DATA_READY) #endif ) { WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed"); - return ssl->error; + return error; } #ifdef WOLFSSL_EARLY_DATA @@ -24923,32 +25320,39 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) #endif while (ssl->buffers.clearOutputBuffer.length == 0) { - if ( (ssl->error = ProcessReply(ssl)) < 0) { - if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) { + if ( (error = ProcessReply(ssl)) < 0) { + if (error == WC_NO_ERR_TRACE(ZERO_RETURN)) { + ssl->error = error; WOLFSSL_MSG("Zero return, no more data coming"); return 0; /* no more data coming */ } - if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { + if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { if (ssl->options.connReset || ssl->options.isClosed) { WOLFSSL_MSG("Peer reset or closed, connection done"); - ssl->error = SOCKET_PEER_CLOSED_E; - WOLFSSL_ERROR(ssl->error); + error = SOCKET_PEER_CLOSED_E; + ssl->error = error; + WOLFSSL_ERROR(error); return 0; /* peer reset or closed */ } } - WOLFSSL_ERROR(ssl->error); - return ssl->error; + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } -#ifdef WOLFSSL_DTLS13 +#ifndef WOLFSSL_RW_THREADED + #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */ - if ((ssl->error = Dtls13DoScheduledWork(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - return ssl->error; + if ((error = Dtls13DoScheduledWork(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } } -#endif /* WOLFSSL_DTLS13 */ + #endif /* WOLFSSL_DTLS13 */ +#endif + #ifdef HAVE_SECURE_RENEGOTIATION if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { @@ -25486,6 +25890,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case MAX_CHAIN_ERROR: return "Maximum Chain Depth Exceeded"; + case MAX_CERT_EXTENSIONS_ERR: + return "Maximum Cert Extension Exceeded"; + case COOKIE_ERROR: return "DTLS Cookie Error"; @@ -34122,6 +34529,29 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifndef WOLFSSL_NO_TLS12 + static int getSessionID(WOLFSSL* ssl) + { + int sessIdSz = 0; + (void)ssl; +#ifndef NO_SESSION_CACHE + /* if no session cache don't send a session ID */ + if (!ssl->options.sessionCacheOff) + sessIdSz = ID_LEN; +#endif +#ifdef HAVE_SESSION_TICKET + /* we may be echoing an ID as part of session tickets */ + if (ssl->options.useTicket) { + /* echo session id sz can be 0,32 or bogus len in between */ + sessIdSz = ssl->arrays->sessionIDSz; + if (sessIdSz > ID_LEN) { + WOLFSSL_MSG("Bad bogus session id len"); + return BUFFER_ERROR; + } + } +#endif /* HAVE_SESSION_TICKET */ + return sessIdSz; + } + /* handle generation of server_hello (2) */ int SendServerHello(WOLFSSL* ssl) { @@ -34130,17 +34560,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word16 length; word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; int sendSz; - byte sessIdSz = ID_LEN; - #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET) - byte echoId = 0; /* ticket echo id flag */ - #endif - byte cacheOff = 0; /* session cache off flag */ + byte sessIdSz; WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND); WOLFSSL_ENTER("SendServerHello"); + ret = getSessionID(ssl); + if (ret < 0) + return ret; + sessIdSz = (byte)ret; + length = VERSION_SZ + RAN_LEN - + ID_LEN + ENUM_LEN + + ENUM_LEN + sessIdSz + SUITE_LEN + ENUM_LEN; @@ -34148,45 +34579,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = TLSX_GetResponseSize(ssl, server_hello, &length); if (ret != 0) return ret; - #ifdef HAVE_SESSION_TICKET - if (ssl->options.useTicket) { - /* echo session id sz can be 0,32 or bogus len in between */ - sessIdSz = ssl->arrays->sessionIDSz; - if (sessIdSz > ID_LEN) { - WOLFSSL_MSG("Bad bogus session id len"); - return BUFFER_ERROR; - } - if (!IsAtLeastTLSv1_3(ssl->version)) - length -= (ID_LEN - sessIdSz); /* adjust ID_LEN assumption */ - echoId = 1; - } - #endif /* HAVE_SESSION_TICKET */ #else if (ssl->options.haveEMS) { length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ; } #endif - /* is the session cache off at build or runtime */ -#ifdef NO_SESSION_CACHE - cacheOff = 1; -#else - if (ssl->options.sessionCacheOff == 1) { - cacheOff = 1; - } -#endif - - /* if no session cache don't send a session ID unless we're echoing - * an ID as part of session tickets */ - if (cacheOff == 1 - #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET) - && echoId == 0 - #endif - ) { - length -= ID_LEN; /* adjust ID_LEN assumption */ - sessIdSz = 0; - } - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { @@ -34217,11 +34615,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* then random and session id */ if (!ssl->options.resuming) { - /* generate random part and session id */ - ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, - RAN_LEN + sizeof(sessIdSz) + sessIdSz); - if (ret != 0) - return ret; + word32 genRanLen = RAN_LEN; #ifdef WOLFSSL_TLS13 if (TLSv1_3_Capable(ssl)) { @@ -34229,6 +34623,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1), tls13Downgrade, TLS13_DOWNGRADE_SZ); output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl); + genRanLen -= TLS13_DOWNGRADE_SZ + 1; } else #endif @@ -34240,12 +34635,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1), tls13Downgrade, TLS13_DOWNGRADE_SZ); output[idx + RAN_LEN - 1] = 0; + genRanLen -= TLS13_DOWNGRADE_SZ + 1; } - /* store info in SSL for later */ + /* generate random part */ + ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, genRanLen); + if (ret != 0) + return ret; XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN); idx += RAN_LEN; + + /* generate session id */ output[idx++] = sessIdSz; + ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, sessIdSz); + if (ret != 0) + return ret; XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz); ssl->arrays->sessionIDSz = sessIdSz; } diff --git a/src/keys.c b/src/keys.c index 3123a610e0..b5b982c1b3 100644 --- a/src/keys.c +++ b/src/keys.c @@ -2371,7 +2371,7 @@ static int SetPrefix(byte* sha_input, int idx) #endif -static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, +int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng, int tls13) { (void)rng; @@ -3318,9 +3318,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, DYNAMIC_TYPE_CIPHER); if (enc->hmac == NULL) return MEMORY_E; - } - if (enc) { if (wc_HmacInit(enc->hmac, heap, devId) != 0) { WOLFSSL_MSG("HmacInit failed in SetKeys"); XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER); @@ -3334,9 +3332,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, DYNAMIC_TYPE_CIPHER); if (dec->hmac == NULL) return MEMORY_E; - } - if (dec) { if (wc_HmacInit(dec->hmac, heap, devId) != 0) { WOLFSSL_MSG("HmacInit failed in SetKeys"); XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER); diff --git a/src/ocsp.c b/src/ocsp.c index 41c038fd12..493d8268f7 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -536,6 +536,9 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { ret = OCSP_WANT_READ; } + else if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT)){ + ret = HTTP_TIMEOUT; + } XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); diff --git a/src/pk.c b/src/pk.c index 3064633f47..01bcecfcf5 100644 --- a/src/pk.c +++ b/src/pk.c @@ -354,7 +354,7 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, int ret = 0; int paddingSz = 0; word32 idx; - word32 cipherInfoSz; + word32 cipherInfoSz = 0; #ifdef WOLFSSL_SMALL_STACK EncryptedInfo* info = NULL; #else @@ -2598,6 +2598,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) } if (key->type == RSA_PRIVATE) { + #ifndef WOLFSSL_RSA_PUBLIC_ONLY if (ret == 1) { /* Copy private exponent. */ ret = wolfssl_bn_set_value(&rsa->d, &key->d); @@ -2619,7 +2620,8 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa q error"); } } - #ifndef RSA_LOW_MEM + #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM) if (ret == 1) { /* Copy d mod p-1. */ ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP); @@ -2641,7 +2643,11 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa u error"); } } - #endif /* !RSA_LOW_MEM */ + #endif + #else + WOLFSSL_ERROR_MSG("rsa private key not compiled in "); + ret = 0; + #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ } } if (ret == 1) { @@ -2696,6 +2702,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) /* Enough numbers for public key */ key->type = RSA_PUBLIC; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY /* Copy down private exponent if available. */ if ((ret == 1) && (rsa->d != NULL)) { if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) { @@ -2722,7 +2729,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) ret = WOLFSSL_FATAL_ERROR; } - #ifndef RSA_LOW_MEM +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) /* Copy down d mod p-1 if available. */ if ((ret == 1) && (rsa->dmp1 != NULL) && (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) { @@ -2743,7 +2750,8 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa u key error"); ret = WOLFSSL_FATAL_ERROR; } - #endif /* !RSA_LOW_MEM */ +#endif +#endif if (ret == 1) { /* All available numbers have been set down. */ @@ -3300,7 +3308,7 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits, #endif int initTmpRng = 0; WC_RNG* rng = NULL; - long en; + long en = 0; #endif (void)cb; @@ -3523,12 +3531,15 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e, * @param [out] em Encoded message. * @param [in[ mHash Message hash. * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. * @param [in] saltLen Length of salt to generate. * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, - const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) + +int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, int saltLen) { int ret = 1; enum wc_HashType hashType; @@ -3551,6 +3562,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, ret = 0; } + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + if (ret == 1) { /* Get/create an RNG. */ rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); @@ -3576,7 +3590,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, } if (ret == 1) { /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - mgf = wc_hash2mgf(hashType); + mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash)); if (mgf == WC_MGF1NONE) { WOLFSSL_ERROR_MSG("wc_hash2mgf error"); ret = 0; @@ -3647,6 +3661,13 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, return ret; } +int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) +{ + return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL, + saltLen); +} + /* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message. * * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram. @@ -3654,14 +3675,15 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, * @param [in] rsa RSA key. * @param [in[ mHash Message hash. * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. * @param [in] em Encoded message. * @param [in] saltLen Length of salt to generate. * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, - const WOLFSSL_EVP_MD *hashAlg, - const unsigned char *em, int saltLen) +int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen) { int ret = 1; int hashLen = 0; @@ -3679,6 +3701,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, ret = 0; } + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + /* TODO: use wolfCrypt RSA key to get emLen and bits? */ /* Set the external data from the wolfCrypt RSA key if not done. */ if ((ret == 1) && (!rsa->exSet)) { @@ -3741,7 +3766,7 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, if (ret == 1) { /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) { WOLFSSL_ERROR_MSG("wc_hash2mgf error"); ret = 0; } @@ -3784,6 +3809,14 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } + +int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, + const unsigned char *em, int saltLen) +{ + return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em, + saltLen); +} #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */ #endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || * WOLFSSL_NGINX) */ @@ -5434,11 +5467,11 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig, return ret; } -#endif /* HAVE_SELFTEST */ -/* return 1 on success, < 0 otherwise */ -int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, - WOLFSSL_DSA* dsa) +#endif /* !HAVE_SELFTEST */ + +static int dsa_do_sign(const unsigned char* d, int dLen, unsigned char* sigRet, + WOLFSSL_DSA* dsa) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int initTmpRng = 0; @@ -5449,8 +5482,6 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WC_RNG tmpRng[1]; #endif - WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); - if (d == NULL || sigRet == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FATAL_ERROR; @@ -5486,10 +5517,18 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, } if (rng) { - if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { - WOLFSSL_MSG("DsaSign failed"); +#ifdef HAVE_SELFTEST + if (dLen != WC_SHA_DIGEST_SIZE || + wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { + WOLFSSL_MSG("wc_DsaSign failed or dLen wrong length"); + ret = WOLFSSL_FATAL_ERROR; + } +#else + if (wc_DsaSign_ex(d, dLen, sigRet, (DsaKey*)dsa->internal, rng) < 0) { + WOLFSSL_MSG("wc_DsaSign_ex failed"); ret = WOLFSSL_FATAL_ERROR; } +#endif else ret = WOLFSSL_SUCCESS; } @@ -5503,6 +5542,15 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, return ret; } +/* return 1 on success, < 0 otherwise */ +int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, + WOLFSSL_DSA* dsa) +{ + WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); + + return dsa_do_sign(d, WC_SHA_DIGEST_SIZE, sigRet, dsa); +} + #ifndef HAVE_SELFTEST WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, int inLen, WOLFSSL_DSA* dsa) @@ -5513,12 +5561,12 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex"); - if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) { + if (!digest || !dsa) { WOLFSSL_MSG("Bad function arguments"); return NULL; } - if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != 1) { + if (dsa_do_sign(digest, inLen, sigBin, dsa) != 1) { WOLFSSL_MSG("wolfSSL_DSA_do_sign error"); return NULL; } @@ -5537,15 +5585,13 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, /* 2 * sigLen for the two points r and s */ return wolfSSL_d2i_DSA_SIG(NULL, &tmp, 2 * sigLen); } -#endif /* !HAVE_SELFTEST */ +#endif -int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, +static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck) { int ret; - WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); - if (d == NULL || sig == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FATAL_ERROR; @@ -5560,13 +5606,30 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, } } - ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck); - if (ret != 0 || *dsacheck != 1) { +#ifdef HAVE_SELFTEST + ret = dLen == WC_SHA_DIGEST_SIZE ? + wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG; +#else + ret = wc_DsaVerify_ex(d, dLen, sig, (DsaKey*)dsa->internal, dsacheck); +#endif + if (ret != 0) { WOLFSSL_MSG("DsaVerify failed"); - return ret; + return WOLFSSL_FATAL_ERROR; + } + if (*dsacheck != 1) { + WOLFSSL_MSG("DsaVerify sig failed"); + return WOLFSSL_FAILURE; } - return 1; + return WOLFSSL_SUCCESS; +} + +int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, + WOLFSSL_DSA* dsa, int *dsacheck) +{ + WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); + + return dsa_do_verify(d, WC_SHA_DIGEST_SIZE, sig, dsa, dsacheck); } @@ -5591,7 +5654,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex"); - if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) { + if (!digest || !sig || !dsa) { WOLFSSL_MSG("Bad function arguments"); return 0; } @@ -5643,14 +5706,14 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == -1) return 0; - if ((wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck) + if ((dsa_do_verify(digest, digest_len, sigBin, dsa, &dsacheck) != 1) || dsacheck != 1) { return 0; } return 1; } -#endif /* !HAVE_SELFTEST */ +#endif int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa, unsigned char** out) @@ -8606,6 +8669,10 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) /* Private key size can be as much as the size of the prime. */ if (dh->length) { privSz = (word32)(dh->length / 8); /* to bytes */ + /* Special case where priv key is larger than dh->length / 8 + * See GeneratePrivateDh */ + if (dh->length == 128) + privSz = 21; } else { privSz = pubSz; @@ -9373,6 +9440,47 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, { return wolfssl_ec_group_d2i(out, in, len); } + +int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) +{ + unsigned char* out = NULL; + int len = 0; + int idx; + const byte* oid = NULL; + word32 oidSz = 0; + + if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) || + grp->curve_idx < 0) + return WOLFSSL_FATAL_ERROR; + + /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid + * is just the numerical representation. */ + if (wc_ecc_get_oid(grp->curve_oid, &oid, &oidSz) < 0) + return WOLFSSL_FATAL_ERROR; + + len = SetObjectId(oidSz, NULL) + oidSz; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + idx = SetObjectId(oidSz, out); + XMEMCPY(out + idx, oid, oidSz); + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} #endif /* !NO_BIO */ #if defined(OPENSSL_ALL) && !defined(NO_CERTS) @@ -9663,6 +9771,12 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, ret = 0; } + if (ret == 1 && + (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx"); + ret = 0; + } + if (ret == 1) { mp = (mp_int*)order->internal; } @@ -15645,6 +15759,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, return pkey; } + + +PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg) +{ + return wolfSSL_PEM_read_bio_PrivateKey(bio, key, cb, arg); +} #endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) @@ -16278,8 +16399,6 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, #ifdef OPENSSL_ALL #if !defined(NO_PWDBASED) && defined(HAVE_PKCS8) -#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM)) /* Encrypt the key into a buffer using PKCS$8 and a password. * * @param [in] pkey Private key to encrypt. @@ -16292,7 +16411,7 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, * @return 0 on success. * @return BAD_FUNC_ARG when EVP cipher not supported. */ -static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, +int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, word32* keySz) { @@ -16356,12 +16475,12 @@ static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, * @param On out, size of encoded key in bytes. * @return 0 on success. */ -static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) +int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) { int ret = 0; - int algId; + int algId = 0; const byte* curveOid; - word32 oidSz; + word32 oidSz = 0; /* Get the details of the private key. */ #ifdef HAVE_ECC @@ -16379,6 +16498,34 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) curveOid = NULL; oidSz = 0; } + else if (pkey->type == EVP_PKEY_DSA) { + /* DSA has no curve information. */ + algId = DSAk; + curveOid = NULL; + oidSz = 0; + } + else if (pkey->type == EVP_PKEY_DH) { + if (pkey->dh == NULL) + return BAD_FUNC_ARG; + + if (pkey->dh->priv_key != NULL || pkey->dh->pub_key != NULL) { + /* Special case. DH buffer is always in PKCS8 format */ + if (keySz == NULL) + return BAD_FUNC_ARG; + + *keySz = pkey->pkey_sz; + if (key == NULL) + return LENGTH_ONLY_E; + + XMEMCPY(key, pkey->pkey.ptr, pkey->pkey_sz); + return pkey->pkey_sz; + } + + /* DH has no curve information. */ + algId = DHk; + curveOid = NULL; + oidSz = 0; + } else { ret = NOT_COMPILED_IN; } @@ -16392,6 +16539,8 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) return ret; } +#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM)) /* Write PEM encoded, PKCS#8 formatted private key to BIO. * * @param [out] pem Buffer holding PEM encoding. @@ -16424,7 +16573,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, if (res == 1) { /* Guestimate key size and PEM size. */ - if (pem_pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + if (pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { res = 0; } } @@ -16472,7 +16621,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, if (res == 1) { /* Encrypt the private key. */ - ret = pem_pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz); + ret = pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz); if (ret <= 0) { res = 0; } @@ -16488,7 +16637,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, type = PKCS8_PRIVATEKEY_TYPE; /* Encode private key in PKCS#8 format. */ - ret = pem_pkcs8_encode(pkey, key, &keySz); + ret = pkcs8_encode(pkey, key, &keySz); if (ret < 0) { res = 0; } @@ -16554,6 +16703,13 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); return res; } + +int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO* keyInfo) +{ + return wolfSSL_PEM_write_bio_PKCS8PrivateKey(bio, keyInfo, NULL, NULL, 0, + NULL, NULL); +} #endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) diff --git a/src/sniffer.c b/src/sniffer.c index 1299c2ad0a..eed3216808 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -4292,8 +4292,8 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz, char* error) { int ret; - Sha256 sha; - byte digest[SHA256_DIGEST_SIZE]; + wc_Sha256 sha; + byte digest[WC_SHA256_DIGEST_SIZE]; if (WatchCb == NULL) { SetError(WATCH_CB_MISSING_STR, error, session, FATAL_ERROR_STATE); @@ -5006,6 +5006,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz, return NULL; } + ssl->curSize = sz; ssl->keys.encryptSz = sz; if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) { output += ssl->specs.block_size; /* go past TLSv1.1 IV */ @@ -6022,8 +6023,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo, /* returns 0 on success (continue), -1 on error, 1 on success (end) */ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte** sslFrame, SnifferSession** pSession, - int* sslBytes, const byte** end, - void* vChain, word32 chainSz, char* error) + int* sslBytes, const byte** end, char* error) { word32 length; SnifferSession* session = *pSession; @@ -6093,53 +6093,12 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, return WOLFSSL_FATAL_ERROR; } } - if (vChain == NULL) { - XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], - *sslFrame, *sslBytes); - *sslBytes += length; - ssl->buffers.inputBuffer.length = *sslBytes; - *sslFrame = ssl->buffers.inputBuffer.buffer; - *end = *sslFrame + *sslBytes; - } - else { - #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT - struct iovec* chain = (struct iovec*)vChain; - word32 i, offset, headerSz, qty, remainder; - - Trace(CHAIN_INPUT_STR); - headerSz = (word32)((const byte*)*sslFrame - (const byte*)chain[0].iov_base); - remainder = *sslBytes; - - if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) { - if (GrowInputBuffer(ssl, *sslBytes, length) < 0) { - SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return WOLFSSL_FATAL_ERROR; - } - } - - qty = min(*sslBytes, (word32)chain[0].iov_len - headerSz); - XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], - (byte*)chain[0].iov_base + headerSz, qty); - offset = length; - for (i = 1; i < chainSz; i++) { - offset += qty; - remainder -= qty; - - if (chain[i].iov_len > remainder) - qty = remainder; - else - qty = (word32)chain[i].iov_len; - XMEMCPY(ssl->buffers.inputBuffer.buffer + offset, - chain[i].iov_base, qty); - } - - *sslBytes += length; - ssl->buffers.inputBuffer.length = *sslBytes; - *sslFrame = ssl->buffers.inputBuffer.buffer; - *end = *sslFrame + *sslBytes; - #endif - (void)chainSz; - } + XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], + *sslFrame, *sslBytes); + *sslBytes += length; + ssl->buffers.inputBuffer.length = *sslBytes; + *sslFrame = ssl->buffers.inputBuffer.buffer; + *end = *sslFrame + *sslBytes; } if (session->flags.clientHello == 0 && **sslFrame != handshake) { @@ -6615,27 +6574,33 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, { TcpInfo tcpInfo; IpInfo ipInfo; + byte* tmpPacket = NULL; /* Assemble the chain */ const byte* sslFrame; const byte* end; int sslBytes; /* ssl bytes unconsumed */ int ret; SnifferSession* session = NULL; - void* vChain = NULL; - word32 chainSz = 0; if (isChain) { #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT struct iovec* chain; word32 i; - vChain = (void*)packet; - chainSz = (word32)length; + word32 chainSz = (word32)length; - chain = (struct iovec*)vChain; + chain = (struct iovec*)packet; length = 0; - for (i = 0; i < chainSz; i++) + for (i = 0; i < chainSz; i++) length += chain[i].iov_len; + + tmpPacket = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER); + if (tmpPacket == NULL) return MEMORY_E; + + length = 0; + for (i = 0; i < chainSz; i++) { + XMEMCPY(tmpPacket+length,chain[i].iov_base,chain[i].iov_len); length += chain[i].iov_len; - packet = (const byte*)chain[0].iov_base; + } + packet = (const byte*)tmpPacket; #else SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_SNIFFER_ERROR; @@ -6644,18 +6609,27 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes, error, 1, 1) != 0) { - return WOLFSSL_SNIFFER_ERROR; + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; } end = sslFrame + sslBytes; ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } #ifdef WOLFSSL_ASYNC_CRYPT - else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return WC_PENDING_E; + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = WC_PENDING_E; + goto exit_decode; + } #endif - else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; + else if (ret == -1) { + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; + } else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS if (sslBytes > 0) { @@ -6668,7 +6642,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, INC_STAT(SnifferStats.sslDecryptedPackets); } #endif - return 0; /* done for now */ + ret = 0; + goto exit_decode; /* done for now */ } #ifdef WOLFSSL_ASYNC_CRYPT @@ -6676,30 +6651,41 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, #endif ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; - else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } + else if (ret == -1) { + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; + } else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS INC_STAT(SnifferStats.sslDecryptedPackets); #endif - return 0; /* done for now */ + ret = 0; + goto exit_decode; /* done for now */ } else if (ret != 0) { - /* return specific error case */ - return ret; + goto exit_decode; /* return specific error case */ } ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes, - &end, vChain, chainSz, error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; - else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; + &end, error); + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } + else if (ret == -1) { + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; + } else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS INC_STAT(SnifferStats.sslDecryptedPackets); #endif - return 0; /* done for now */ + ret = 0; + goto exit_decode; /* done for now */ } #ifdef WOLFSSL_ASYNC_CRYPT @@ -6707,7 +6693,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, if (asyncOkay && session->sslServer->error == WC_NO_ERR_TRACE(WC_PENDING_E) && !session->flags.wasPolled) { - return WC_PENDING_E; + ret = WC_PENDING_E; + goto exit_decode; } #endif @@ -6744,7 +6731,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, wolfSSL_AsyncPoll(session->sslServer, WOLF_POLL_FLAG_CHECK_HW); } else { - return ret; /* return to caller */ + goto exit_decode; /* return to caller */ } } else { @@ -6755,12 +6742,18 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, (void)asyncOkay; #endif - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } if (CheckFinCapture(&ipInfo, &tcpInfo, session) == 0) { CopySessionInfo(session, sslInfo); } +exit_decode: + if (isChain) { + XFREE(tmpPacket, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER); + } return ret; } @@ -6867,11 +6860,15 @@ int ssl_Trace(const char* traceFile, char* error) if (traceFile) { /* Don't try to reopen the file */ if (TraceFile == NULL) { - TraceFile = XFOPEN(traceFile, "a"); - if (!TraceFile) { - SetError(BAD_TRACE_FILE_STR, error, NULL, 0); - return WOLFSSL_FATAL_ERROR; - } + if (XSTRCMP(traceFile, "-") == 0) { + TraceFile = stdout; + } else { + TraceFile = XFOPEN(traceFile, "a"); + if (!TraceFile) { + SetError(BAD_TRACE_FILE_STR, error, NULL, 0); + return WOLFSSL_FATAL_ERROR; + } + } TraceOn = 1; } } diff --git a/src/ssl.c b/src/ssl.c index 244b85eef5..626a68bdeb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5535,13 +5535,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) } } - if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) { + if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA && + type != WOLFSSL_TEMP_CA) { WOLFSSL_MSG("\tCan't add as CA if not actually one"); ret = NOT_CA_ERROR; } #ifndef ALLOW_INVALID_CERTSIGN else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA && - !cert->selfSigned && (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { + type != WOLFSSL_TEMP_CA && !cert->selfSigned && + (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { /* Intermediate CA certs are required to have the keyCertSign * extension set. User loaded root certs are not. */ WOLFSSL_MSG("\tDoesn't have key usage certificate signing"); @@ -5567,6 +5569,29 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) row = HashSigner(signer->subjectNameHash); #endif + #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) + /* Verify CA by TSIP so that generated tsip key is going to */ + /* be able to be used for peer's cert verification */ + /* TSIP is only able to handle USER CA, and only one CA. */ + /* Therefore, it doesn't need to call TSIP again if there is already */ + /* verified CA. */ + if ( ret == 0 && signer != NULL ) { + signer->cm_idx = row; + if (type == WOLFSSL_USER_CA) { + if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, + cert->maxIdx, + cert->sigCtx.CertAtt.pubkey_n_start, + cert->sigCtx.CertAtt.pubkey_n_len - 1, + cert->sigCtx.CertAtt.pubkey_e_start, + cert->sigCtx.CertAtt.pubkey_e_len - 1, + row/* cm index */)) + < 0) + WOLFSSL_MSG("Renesas_RootCertVerify() failed"); + else + WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped"); + } + } + #endif /* TSIP or SCE */ if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) { signer->next = cm->caTable[row]; @@ -5580,28 +5605,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) ret = BAD_MUTEX_E; } } -#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) - /* Verify CA by TSIP so that generated tsip key is going to be able to */ - /* be used for peer's cert verification */ - /* TSIP is only able to handle USER CA, and only one CA. */ - /* Therefore, it doesn't need to call TSIP again if there is already */ - /* verified CA. */ - if ( ret == 0 && signer != NULL ) { - signer->cm_idx = row; - if (type == WOLFSSL_USER_CA) { - if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx, - cert->sigCtx.CertAtt.pubkey_n_start, - cert->sigCtx.CertAtt.pubkey_n_len - 1, - cert->sigCtx.CertAtt.pubkey_e_start, - cert->sigCtx.CertAtt.pubkey_e_len - 1, - row/* cm index */)) - < 0) - WOLFSSL_MSG("Renesas_RootCertVerify() failed"); - else - WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped"); - } - } -#endif /* TSIP or SCE */ WOLFSSL_MSG("\tFreeing Parsed CA"); FreeDecodedCert(cert); @@ -6347,7 +6350,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLF_PRIVATE_KEY_ID */ { - ret = wc_CheckPrivateKeyCert(buff, size, der, 0); + ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap); ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } @@ -6407,7 +6410,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLF_PRIVATE_KEY_ID */ { - ret = wc_CheckPrivateKeyCert(buff, size, der, 1); + ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap); ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } } @@ -7241,29 +7244,51 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; #ifdef WOLFSSL_PEM_TO_DER int ret; - DerBuffer* der = NULL; + DerBuffer* pkcs8Der = NULL; + DerBuffer rawDer; + EncryptedInfo info; + int advanceLen = 0; + + XMEMSET(&info, 0, sizeof(info)); + XMEMSET(&rawDer, 0, sizeof(rawDer)); if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { WOLFSSL_MSG("Bad key PEM/DER args"); return NULL; } - ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL); + ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info, + NULL); if (ret < 0) { WOLFSSL_MSG("Not PEM format"); - ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); + ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); if (ret == 0) { XMEMCPY(der->buffer, *keyBuf, (size_t)keyLen); } } + else { + advanceLen = (int)info.consumed; + } if (ret == 0) { /* Verify this is PKCS8 Key */ word32 inOutIdx = 0; word32 algId; - ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, - &algId); + ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx, + pkcs8Der->length, &algId); if (ret >= 0) { + if (advanceLen == 0) /* Set only if not PEM */ + advanceLen = inOutIdx + ret; + if (algId == DHk) { + /* Special case for DH as we expect the DER buffer to be always + * be in PKCS8 format */ + rawDer.buffer = pkcs8Der->buffer; + rawDer.length = inOutIdx + ret; + } + else { + rawDer.buffer = pkcs8Der->buffer + inOutIdx; + rawDer.length = ret; + } ret = 0; /* good DER */ } } @@ -7274,21 +7299,24 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( ret = MEMORY_E; } if (ret == 0) { - pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL, + pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (pkcs8->pkey.ptr == NULL) ret = MEMORY_E; } if (ret == 0) { - XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length); - pkcs8->pkey_sz = (int)der->length; + XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length); + pkcs8->pkey_sz = (int)rawDer.length; } - FreeDer(&der); + FreeDer(&pkcs8Der); if (ret != 0) { wolfSSL_EVP_PKEY_free(pkcs8); pkcs8 = NULL; } + else { + *keyBuf += advanceLen; + } if (pkey != NULL) { *pkey = pkcs8; } @@ -7301,6 +7329,48 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( return pkcs8; } +#ifdef OPENSSL_ALL +int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp) +{ + word32 keySz = 0; + unsigned char* out; + int len; + + WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY"); + + if (key == NULL) + return WOLFSSL_FATAL_ERROR; + + if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WOLFSSL_FATAL_ERROR; + len = (int)keySz; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + if (pkcs8_encode(key, out, &keySz) != len) { + if (*pp == NULL) + XFREE(out, NULL, DYNAMIC_TYPE_ASN1); + return WOLFSSL_FATAL_ERROR; + } + + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} +#endif #ifndef NO_BIO /* put SSL type in extra for now, not very common */ @@ -13213,7 +13283,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #ifdef WOLFSSL_QUIC wolfSSL_quic_clear(ssl); #endif - +#ifdef HAVE_OCSP +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ssl->response_idx = 0; +#endif +#endif return WOLFSSL_SUCCESS; } @@ -15041,7 +15115,7 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac) macStr = "SHA1"; break; #endif -#ifdef HAVE_SHA224 +#ifdef WOLFSSL_SHA224 case sha224_mac: macStr = "SHA224"; break; @@ -15051,12 +15125,12 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac) macStr = "SHA256"; break; #endif -#ifdef HAVE_SHA384 +#ifdef WOLFSSL_SHA384 case sha384_mac: macStr = "SHA384"; break; #endif -#ifdef HAVE_SHA512 +#ifdef WOLFSSL_SHA512 case sha512_mac: macStr = "SHA512"; break; @@ -16142,11 +16216,14 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) else { /* Only preserve overlapping suites */ Suites tmpSuites; - word16 in, out, haveECDSAsig = 0; - word16 haveStaticECC = ssl->options.haveStaticECC; + word16 in, out; + word16 haveECDSAsig, haveStaticECC; #ifdef NO_RSA haveECDSAsig = 1; haveStaticECC = 1; +#else + haveECDSAsig = 0; + haveStaticECC = ssl->options.haveStaticECC; #endif XMEMSET(&tmpSuites, 0, sizeof(Suites)); /* Get all possible ciphers and sigalgs for the version. Following @@ -19794,11 +19871,15 @@ void wolfSSL_certs_clear(WOLFSSL* ssl) return; /* ctx still owns certificate, certChain, key, dh, and cm */ - if (ssl->buffers.weOwnCert) + if (ssl->buffers.weOwnCert) { FreeDer(&ssl->buffers.certificate); + ssl->buffers.weOwnCert = 0; + } ssl->buffers.certificate = NULL; - if (ssl->buffers.weOwnCertChain) + if (ssl->buffers.weOwnCertChain) { FreeDer(&ssl->buffers.certChain); + ssl->buffers.weOwnCertChain = 0; + } ssl->buffers.certChain = NULL; #ifdef WOLFSSL_TLS13 ssl->buffers.certChainCnt = 0; @@ -19808,6 +19889,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl) #ifdef WOLFSSL_BLIND_PRIVATE_KEY FreeDer(&ssl->buffers.keyMask); #endif + ssl->buffers.weOwnKey = 0; } ssl->buffers.key = NULL; #ifdef WOLFSSL_BLIND_PRIVATE_KEY @@ -19824,6 +19906,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl) #ifdef WOLFSSL_BLIND_PRIVATE_KEY FreeDer(&ssl->buffers.altKeyMask); #endif + ssl->buffers.weOwnAltKey = 0; } ssl->buffers.altKey = NULL; #ifdef WOLFSSL_BLIND_PRIVATE_KEY @@ -20404,30 +20487,32 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) if (ctx->certificate != NULL) { if (ssl->buffers.certificate != NULL) { FreeDer(&ssl->buffers.certificate); + ssl->buffers.certificate = NULL; } ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer, ctx->certificate->length, ctx->certificate->type, ctx->certificate->heap); if (ret != 0) { + ssl->buffers.weOwnCert = 0; return NULL; } ssl->buffers.weOwnCert = 1; - ret = WOLFSSL_SUCCESS; } if (ctx->certChain != NULL) { if (ssl->buffers.certChain != NULL) { FreeDer(&ssl->buffers.certChain); + ssl->buffers.certChain = NULL; } ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer, ctx->certChain->length, ctx->certChain->type, ctx->certChain->heap); if (ret != 0) { + ssl->buffers.weOwnCertChain = 0; return NULL; } ssl->buffers.weOwnCertChain = 1; - ret = WOLFSSL_SUCCESS; } #else /* ctx owns certificate, certChain and key */ @@ -20442,10 +20527,15 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) if (ctx->privateKey != NULL) { if (ssl->buffers.key != NULL) { FreeDer(&ssl->buffers.key); + ssl->buffers.key = NULL; } - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + ssl->buffers.weOwnKey = 0; + return NULL; + } ssl->buffers.weOwnKey = 1; } else { @@ -20456,15 +20546,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #endif #else if (ctx->privateKey != NULL) { - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + return NULL; + } /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, &ssl->buffers.keyMask); if (ret != 0) { - return ret; + return NULL; } } #endif @@ -20486,15 +20579,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->buffers.altKey = ctx->altPrivateKey; #else if (ctx->altPrivateKey != NULL) { - AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, ctx->altPrivateKey->length, ctx->altPrivateKey->type, ctx->altPrivateKey->heap); + if (ret != 0) { + return NULL; + } /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, &ssl->buffers.altKeyMask); if (ret != 0) { - return ret; + return NULL; } } #endif @@ -21813,12 +21909,12 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { #endif #ifdef WOLFSSL_HAVE_KYBER {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1}, - {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL1}, - {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL1}, + {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3}, + {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5}, #if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1}, - {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P256_KYBER_LEVEL1}, - {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1}, + {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P384_KYBER_LEVEL3}, + {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P521_KYBER_LEVEL5}, #endif #endif #ifdef WOLFSSL_SM2 @@ -21971,9 +22067,9 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, #endif /* HAVE_SUPPORTED_CURVES */ } - if (ssl) + if (ssl != NULL) ssl->disabledCurves = disabled; - else + else if (ctx != NULL) ctx->disabledCurves = disabled; ret = WOLFSSL_SUCCESS; @@ -23655,7 +23751,86 @@ wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback( #endif /* OPENSSL_EXTRA */ -#ifndef NO_CERTS +#ifdef WOLFSSL_THREADED_CRYPT +int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx) +{ + ThreadCrypt* encrypt; + + if (ssl == NULL) { + return 0; + } + + encrypt = &ssl->buffers.encrypt[idx]; + return (encrypt->avail == 0) && (encrypt->done == 0); +} + +int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx) +{ + ThreadCrypt* encrypt; + + if (ssl == NULL) { + return 1; + } + + encrypt = &ssl->buffers.encrypt[idx]; + return encrypt->stop; +} + +int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx) +{ + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + ThreadCrypt* encrypt = &ssl->buffers.encrypt[idx]; + + if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) { + unsigned char* out = encrypt->buffer.buffer + encrypt->offset; + unsigned char* input = encrypt->buffer.buffer + encrypt->offset; + word32 encSz = encrypt->buffer.length - encrypt->offset; + + ret = +#if !defined(NO_GCM_ENCRYPT_EXTRA) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + wc_AesGcmEncrypt_ex +#else + wc_AesGcmEncrypt +#endif + (encrypt->encrypt.aes, + out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, + encSz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, + encrypt->nonce, AESGCM_NONCE_SZ, + out + encSz - ssl->specs.aead_mac_size, + ssl->specs.aead_mac_size, + encrypt->additional, AEAD_AUTH_DATA_SZ); +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + XMEMCPY(out, encrypt->nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ); +#endif + encrypt->done = 1; + } + + return ret; +} + +int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx, + WOLFSSL_THREAD_SIGNAL signal, void* ctx) +{ + int ret = 0; + + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ssl->buffers.encrypt[idx].signal = signal; + ssl->buffers.encrypt[idx].signalCtx = ctx; + } + + return ret; +} +#endif + + +#ifndef NO_CERT #define WOLFSSL_X509_INCLUDED #include "src/x509.c" #endif diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index d9d1eec4aa..f9e335d856 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -282,7 +282,7 @@ static int wolfssl_i2d_asn1_items(const void* obj, byte* buf, len = 0; break; } - if (buf != NULL && !mem->ex && mem->tag >= 0) { + if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) { /* Encode the implicit tag */ byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ]; SetImplicit(tmp[0], mem->tag, 0, imp, 0); @@ -580,6 +580,7 @@ static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem, if (impBuf != NULL) { tmp = *src + (tmp - impBuf); /* for the next calculation */ XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + impBuf = NULL; } if (asnLen >= 0 && (int)(tmp - *src) != asnLen) { WOLFSSL_MSG("ptr not advanced enough"); diff --git a/src/ssl_bn.c b/src/ssl_bn.c index e45e19da50..227fc71606 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -516,12 +516,14 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len, ret = NULL; } else { - /* Don't free bn as we may be returning it. */ + /* Don't free bn as we are returning it. */ bn = NULL; } } else if (data == NULL) { wolfSSL_BN_zero(ret); + /* Don't free bn as we are returning it. */ + bn = NULL; } } @@ -1310,7 +1312,7 @@ static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w, #endif /* Validate parameters. */ - if (BN_IS_NULL(bn)) { + if (ret == 1 && BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); ret = 0; } @@ -1417,6 +1419,85 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w) return ret; } +int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) +{ + int ret = 1; +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) +#ifdef WOLFSSL_SMALL_STACK + mp_int* w_mp = NULL; +#else + mp_int w_mp[1]; +#endif /* WOLFSSL_SMALL_STACK */ +#endif + + WOLFSSL_ENTER("wolfSSL_BN_mul_word"); + +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) +#ifdef WOLFSSL_SMALL_STACK + /* Allocate temporary MP integer. */ + w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (w_mp == NULL) { + ret = 0; + } + else +#endif /* WOLFSSL_SMALL_STACK */ + { + /* Clear out MP integer so it can be freed. */ + XMEMSET(w_mp, 0, sizeof(*w_mp)); + } +#endif + + /* Validate parameters. */ + if (ret == 1 && BN_IS_NULL(bn)) { + WOLFSSL_MSG("bn NULL error"); + ret = 0; + } + + if (ret == 1) { + int rc = 0; +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) + if (w > (WOLFSSL_BN_ULONG)MP_MASK) { + /* Initialize temporary MP integer. */ + if (mp_init(w_mp) != MP_OKAY) { + ret = 0; + } + /* Set value into temporary MP integer. */ + if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) { + ret = 0; + } + if (ret == 1) { + rc = mp_mul((mp_int*)bn->internal, w_mp, + (mp_int*)bn->internal); + if (rc != MP_OKAY) { + WOLFSSL_MSG("mp_mul error"); + ret = 0; + } + } + } + else +#endif + { + rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w, + (mp_int*)bn->internal); + if (rc != MP_OKAY) { + WOLFSSL_MSG("mp_mul_d error"); + ret = 0; + } + } + } + +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) + mp_free(w_mp); +#ifdef WOLFSSL_SMALL_STACK + XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_SMALL_STACK */ +#endif + + WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret); + + return ret; +} + #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \ !defined(NO_DSA)) /* Calculate bn modulo word w. bn % w diff --git a/src/ssl_certman.c b/src/ssl_certman.c index a5b622dede..346904eef0 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -455,11 +455,12 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm) return ret; } -int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) +static int wolfSSL_CertManagerUnloadIntermediateCertsEx( + WOLFSSL_CERT_MANAGER* cm, byte type) { int ret = WOLFSSL_SUCCESS; - WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts"); + WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCertsEx"); /* Validate parameter. */ if (cm == NULL) { @@ -471,7 +472,7 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) } if (ret == WOLFSSL_SUCCESS) { /* Dispose of CA table. */ - FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, WOLFSSL_CHAIN_CA, + FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, type, cm->heap); /* Unlock CA table. */ @@ -481,6 +482,22 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) return ret; } +#if defined(OPENSSL_EXTRA) +static int wolfSSL_CertManagerUnloadTempIntermediateCerts( + WOLFSSL_CERT_MANAGER* cm) +{ + WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts"); + return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_TEMP_CA); +} +#endif + +int wolfSSL_CertManagerUnloadIntermediateCerts( + WOLFSSL_CERT_MANAGER* cm) +{ + WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts"); + return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_CHAIN_CA); +} + #ifdef WOLFSSL_TRUST_PEER_CERT /* Unload the trusted peers table. * diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c index 01f08afff9..c1123c5a1e 100644 --- a/src/ssl_crypto.c +++ b/src/ssl_crypto.c @@ -2924,8 +2924,7 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out, static int wolfssl_aes_set_key(const unsigned char *key, const int bits, AES_KEY *aes, int enc) { - typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1]; - (void)sizeof(aes_test); + wc_static_assert(sizeof(AES_KEY) >= sizeof(Aes)); /* Validate parameters. */ if ((key == NULL) || (aes == NULL)) { @@ -3004,7 +3003,8 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output, } else #if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \ + || defined(WOLFSSL_LINUXKM)) /* Encrypt a block with wolfCrypt AES. */ if (wc_AesEncryptDirect((Aes*)key, output, input) != 0) { WOLFSSL_MSG("wc_AesEncryptDirect failed"); @@ -3439,8 +3439,7 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len, const unsigned char* data) { - typedef char rc4_test[sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4) ? 1 : -1]; - (void)sizeof(rc4_test); + wc_static_assert(sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4)); WOLFSSL_ENTER("wolfSSL_RC4_set_key"); diff --git a/src/tls.c b/src/tls.c index 3f20380bb3..879243e9d9 100644 --- a/src/tls.c +++ b/src/tls.c @@ -3184,51 +3184,64 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap) static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap) { + int i; + switch (csr->status_type) { case WOLFSSL_CSR_OCSP: - FreeOcspRequest(&csr->request.ocsp); + for (i = 0; i <= csr->requests; i++) { + FreeOcspRequest(&csr->request.ocsp[i]); + } break; } - #ifdef WOLFSSL_TLS13 - if (csr->response.buffer != NULL) { - XFREE(csr->response.buffer, csr->ssl->heap, + for (i = 0; i < MAX_CERT_EXTENSIONS; i++) { + if (csr->responses[i].buffer != NULL) { + XFREE(csr->responses[i].buffer, heap, DYNAMIC_TYPE_TMP_BUFFER); + } } #endif XFREE(csr, heap, DYNAMIC_TYPE_TLSX); (void)heap; } -static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) +word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest, + int idx) { word16 size = 0; /* shut up compiler warnings */ (void) csr; (void) isRequest; - #ifndef NO_WOLFSSL_CLIENT if (isRequest) { switch (csr->status_type) { case WOLFSSL_CSR_OCSP: size += ENUM_LEN + 2 * OPAQUE16_LEN; - if (csr->request.ocsp.nonceSz) + if (csr->request.ocsp[0].nonceSz) size += OCSP_NONCE_EXT_SZ; break; } } #endif #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) - if (!isRequest && csr->ssl->options.tls1_3) - return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length; + if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) { + return (word16)(OPAQUE8_LEN + OPAQUE24_LEN + + csr->responses[idx].length); + } +#else + (void)idx; #endif - return size; } -static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, - byte isRequest) +static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) +{ + return TLSX_CSR_GetSize_ex(csr, isRequest, 0); +} + +int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output, + byte isRequest, int idx) { /* shut up compiler warnings */ (void) csr; (void) output; (void) isRequest; @@ -3249,8 +3262,8 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, offset += OPAQUE16_LEN; /* request extensions */ - if (csr->request.ocsp.nonceSz) { - ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp, + if (csr->request.ocsp[0].nonceSz) { + ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp[0], output + offset + OPAQUE16_LEN, OCSP_NONCE_EXT_SZ); @@ -3272,20 +3285,112 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, } #endif #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) - if (!isRequest && csr->ssl->options.tls1_3) { + if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) { word16 offset = 0; output[offset++] = csr->status_type; - c32to24(csr->response.length, output + offset); + c32to24(csr->responses[idx].length, output + offset); offset += OPAQUE24_LEN; - XMEMCPY(output + offset, csr->response.buffer, csr->response.length); - offset += csr->response.length; + XMEMCPY(output + offset, csr->responses[idx].buffer, + csr->responses[idx].length); + offset += (word16)csr->responses[idx].length; return offset; } +#else + (void)idx; #endif return 0; } +static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, + byte isRequest) +{ + return TLSX_CSR_Write_ex(csr, output, isRequest, 0); +} + +#if !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_TLS_OCSP_MULTI) +/* Process OCSP request certificate chain + * + * ssl SSL/TLS object. + * returns 0 on success, otherwise failure. + */ +static int ProcessChainOCSPRequest(WOLFSSL* ssl) +{ + DecodedCert* cert; + OcspRequest* request; + TLSX* extension; + CertificateStatusRequest* csr; + DerBuffer* chain; + word32 pos = 0; + buffer der; + int i = 1; + int ret = 0; + byte ctxOwnsRequest = 0; + + /* use certChain if available, otherwise use peer certificate */ + chain = ssl->buffers.certChain; + if (chain == NULL) { + chain = ssl->buffers.certificate; + } + + extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + csr = extension ? + (CertificateStatusRequest*)extension->data : NULL; + if (csr == NULL) + return MEMORY_ERROR; + + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, + DYNAMIC_TYPE_DCERT); + if (cert == NULL) { + return MEMORY_E; + } + + if (chain && chain->buffer) { + while (ret == 0 && pos + OPAQUE24_LEN < chain->length) { + c24to32(chain->buffer + pos, &der.length); + pos += OPAQUE24_LEN; + der.buffer = chain->buffer + pos; + pos += der.length; + + if (pos > chain->length) + break; + request = &csr->request.ocsp[i]; + if (ret == 0) { + ret = CreateOcspRequest(ssl, request, cert, + der.buffer, der.length, &ctxOwnsRequest); + if (ctxOwnsRequest) { + wolfSSL_Mutex* ocspLock = + &SSL_CM(ssl)->ocsp_stapling->ocspLock; + if (wc_LockMutex(ocspLock) == 0) { + /* the request is ours */ + ssl->ctx->certOcspRequest = NULL; + } + wc_UnLockMutex(ocspLock); + } + } + + if (ret == 0) { + request->ssl = ssl; + ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling, + request, &csr->responses[i], ssl->heap); + /* Suppressing, not critical */ + if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) || + ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) || + ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) { + ret = 0; + } + i++; + csr->requests++; + } + } + } + XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); + + return ret; +} +#endif + static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte isRequest) { @@ -3340,7 +3445,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, switch (csr->status_type) { case WOLFSSL_CSR_OCSP: /* propagate nonce */ - if (csr->request.ocsp.nonceSz) { + if (csr->request.ocsp[0].nonceSz) { request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); @@ -3378,14 +3483,21 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, ret = BUFFER_ERROR; } if (ret == 0) { - csr->response.buffer = (byte*)XMALLOC(resp_length, ssl->heap, + if (ssl->response_idx < (1 + MAX_CHAIN_DEPTH)) + csr->responses[ssl->response_idx].buffer = + (byte*)XMALLOC(resp_length, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (csr->response.buffer == NULL) + else + ret = BAD_FUNC_ARG; + + if (ret == 0 && + csr->responses[ssl->response_idx].buffer == NULL) ret = MEMORY_ERROR; } if (ret == 0) { - XMEMCPY(csr->response.buffer, input + offset, resp_length); - csr->response.length = resp_length; + XMEMCPY(csr->responses[ssl->response_idx].buffer, + input + offset, resp_length); + csr->responses[ssl->response_idx].length = resp_length; } return ret; @@ -3450,6 +3562,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, #if defined(WOLFSSL_TLS13) if (ssl->options.tls1_3) { + if (ssl->buffers.certificate == NULL) { WOLFSSL_MSG("Certificate buffer not set!"); return BUFFER_ERROR; @@ -3480,19 +3593,33 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, } FreeDecodedCert(cert); XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); - extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); csr = extension ? (CertificateStatusRequest*)extension->data : NULL; if (csr == NULL) return MEMORY_ERROR; - request = &csr->request.ocsp; - ret = CreateOcspResponse(ssl, &request, &csr->response); + request = &csr->request.ocsp[0]; + ret = CreateOcspResponse(ssl, &request, &csr->responses[0]); + if (request != &csr->request.ocsp[0] && + ssl->buffers.weOwnCert) { + /* request will be allocated in CreateOcspResponse() */ + FreeOcspRequest(request); + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + } if (ret != 0) return ret; - if (csr->response.buffer) + + if (csr->responses[0].buffer) TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); + #if defined(WOLFSSL_TLS_OCSP_MULTI) + /* process OCSP request in certificate chain */ + if ((ret = ProcessChainOCSPRequest(ssl)) != 0) { + WOLFSSL_MSG("Process Cert Chain OCSP request failed"); + WOLFSSL_ERROR_VERBOSE(ret); + return ret; + } + #endif } else #endif @@ -3504,9 +3631,10 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, return 0; } -int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) +int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, + void* heap, int idx) { - TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); + TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); CertificateStatusRequest* csr = extension ? (CertificateStatusRequest*)extension->data : NULL; int ret = 0; @@ -3515,18 +3643,33 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) switch (csr->status_type) { case WOLFSSL_CSR_OCSP: { byte nonce[MAX_OCSP_NONCE_SZ]; - int nonceSz = csr->request.ocsp.nonceSz; - + int req_cnt = idx == -1 ? csr->requests : idx; + int nonceSz = csr->request.ocsp[0].nonceSz; + OcspRequest* request; + + request = &csr->request.ocsp[req_cnt]; + if (request->serial != NULL) { + /* clear request contents before re-use */ + FreeOcspRequest(request); + if (csr->requests > 0) + csr->requests--; + } /* preserve nonce */ XMEMCPY(nonce, csr->request.ocsp.nonce, (size_t)nonceSz); - if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap)) - != 0) - return ret; + if (req_cnt < MAX_CERT_EXTENSIONS) { + if ((ret = InitOcspRequest(request, cert, 0, heap)) != 0) + return ret; - /* restore nonce */ - XMEMCPY(csr->request.ocsp.nonce, nonce, (size_t)nonceSz); - csr->request.ocsp.nonceSz = nonceSz; + /* restore nonce */ + XMEMCPY(csr->request.ocsp.nonce, nonce, (size_t)nonceSz); + request->nonceSz = nonceSz; + csr->requests++; + } + else { + WOLFSSL_ERROR_VERBOSE(MAX_CERT_EXTENSIONS_ERR); + return MAX_CERT_EXTENSIONS_ERR; + } } break; } @@ -3535,22 +3678,37 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) return ret; } -void* TLSX_CSR_GetRequest(TLSX* extensions) +int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) +{ + return TLSX_CSR_InitRequest_ex(extensions, cert, heap, -1); +} + +void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); CertificateStatusRequest* csr = extension ? (CertificateStatusRequest*)extension->data : NULL; - if (csr) { + if (csr && csr->ssl) { switch (csr->status_type) { case WOLFSSL_CSR_OCSP: - return &csr->request.ocsp; + if (IsAtLeastTLSv1_3(csr->ssl->version)) { + return idx < csr->requests ? &csr->request.ocsp[idx] : NULL; + } + else { + return idx == 0 ? &csr->request.ocsp[0] : NULL; + } } } return NULL; } +void* TLSX_CSR_GetRequest(TLSX* extensions) +{ + return TLSX_CSR_GetRequest_ex(extensions, 0); +} + int TLSX_CSR_ForceRequest(WOLFSSL* ssl) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); @@ -3561,9 +3719,9 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) switch (csr->status_type) { case WOLFSSL_CSR_OCSP: if (SSL_CM(ssl)->ocspEnabled) { - csr->request.ocsp.ssl = ssl; + csr->request.ocsp[0].ssl = ssl; return CheckOcspRequest(SSL_CM(ssl)->ocsp, - &csr->request.ocsp, NULL, NULL); + &csr->request.ocsp[0], NULL, NULL); } else { WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL); @@ -3591,7 +3749,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, return MEMORY_E; ForceZero(csr, sizeof(CertificateStatusRequest)); - +#if defined(WOLFSSL_TLS13) + XMEMSET(csr->responses, 0, sizeof(csr->responses)); +#endif csr->status_type = status_type; csr->options = options; csr->ssl = ssl; @@ -3608,9 +3768,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, (void)devId; #endif if (ret == 0) { - if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce, + if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp[0].nonce, MAX_OCSP_NONCE_SZ) == 0) - csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; + csr->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; wc_FreeRng(&rng); } @@ -5746,14 +5906,25 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input, /* SERVER: ticket is peer auth. */ ssl->options.peerAuthGood = 1; } - } else if (ret == WOLFSSL_TICKET_RET_REJECT) { + } else if (ret == WOLFSSL_TICKET_RET_REJECT || + ret == WC_NO_ERR_TRACE(VERSION_ERROR)) { WOLFSSL_MSG("Process client ticket rejected, not using"); - ssl->options.rejectTicket = 1; + if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) + WOLFSSL_MSG("\tbad TLS version"); ret = 0; /* not fatal */ - } else if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) { - WOLFSSL_MSG("Process client ticket rejected, bad TLS version"); + ssl->options.rejectTicket = 1; - ret = 0; /* not fatal */ + /* If we have session tickets enabled then send a new ticket */ + if (!TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET)) { + ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) { + ret = 0; + TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); + ssl->options.createTicket = 1; + ssl->options.useTicket = 1; + } + } } else if (ret == WOLFSSL_TICKET_RET_FATAL) { WOLFSSL_MSG("Process client ticket fatal error, not using"); } else if (ret < 0) { @@ -9787,6 +9958,16 @@ int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length, } } + /* This could be a situation where the client tried to start with TLS 1.3 + * when it sent ClientHello and the server down-graded to TLS 1.2. In that + * case, erroring out because it is TLS 1.2 is not a reasonable thing to do. + * In the case of TLS 1.2, the CKS values will be ignored. */ + if (!IsAtLeastTLSv1_3(ssl->version)) { + ssl->sigSpec = NULL; + ssl->sigSpecSz = 0; + return 0; + } + /* Extension data is valid, but if we are the server and we don't have an * alt private key, do not respond with CKS extension. */ if (wolfSSL_is_server(ssl) && ssl->buffers.altKey == NULL) { @@ -14868,9 +15049,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, #ifdef WOLFSSL_DUAL_ALG_CERTS case TLSX_CKS: WOLFSSL_MSG("CKS extension received"); - if (!IsAtLeastTLSv1_3(ssl->version) || - (msgType != client_hello && - msgType != encrypted_extensions)) { + if (msgType != client_hello && + msgType != encrypted_extensions) { WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } diff --git a/src/tls13.c b/src/tls13.c index b5a382c083..44ea575ac7 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2534,7 +2534,6 @@ static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output, /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); - return ret; } #endif @@ -2930,7 +2929,6 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output, /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); - return ret; } #endif @@ -3612,7 +3610,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz, macSz = WC_SHA256_DIGEST_SIZE; #endif /* NO_SHA256 */ - ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID); + ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId); if (ret == 0) { ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, @@ -6394,7 +6392,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz) return HRR_COOKIE_ERROR; cookieSz -= macSz; - ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID); + ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId); if (ret == 0) { ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, @@ -8421,6 +8419,75 @@ static word32 NextCert(byte* data, word32 length, word32* idx) return len; } +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER) +/* Write certificate status request into certificate to buffer. + * + * ssl SSL/TLS object. + * certExts DerBuffer array. buffers written + * extSz word32 array. + * Length of the certificate status request data for the certificate. + * extSz_num number of the CSR written + * extIdx The index number of certificate status request data + * for the certificate. + * offset index offset + * returns Total number of bytes written. + */ +static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, + word16* extSz, word16 extSz_num) +{ + int ret = 0; + TLSX* ext; + CertificateStatusRequest* csr; + word32 ex_offset = HELLO_EXT_TYPE_SZ + OPAQUE16_LEN /* extension type */ + + OPAQUE16_LEN /* extension length */; + word32 totalSz = 0; + word32 tmpSz; + word32 extIdx; + DerBuffer* der; + + ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + csr = ext ? (CertificateStatusRequest*)ext->data : NULL; + + if (csr) { + for (extIdx = 0; extIdx < (word16)(extSz_num); extIdx++) { + tmpSz = TLSX_CSR_GetSize_ex(csr, 0, extIdx); + + if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) && + certExts[extIdx] == NULL) { + /* csr extension is not zero */ + extSz[extIdx] = tmpSz; + + ret = AllocDer(&certExts[extIdx], extSz[extIdx] + ex_offset, + CERT_TYPE, ssl->heap); + if (ret < 0) + return ret; + der = certExts[extIdx]; + + /* write extension type */ + c16toa(ext->type, der->buffer + + OPAQUE16_LEN); + /* writes extension data length. */ + c16toa(extSz[extIdx], der->buffer + + HELLO_EXT_TYPE_SZ + OPAQUE16_LEN); + /* write extension data */ + extSz[extIdx] = (word16)TLSX_CSR_Write_ex(csr, + der->buffer + ex_offset, 0, extIdx); + /* add extension offset */ + extSz[extIdx] += (word16)ex_offset; + /* extension length */ + c16toa(extSz[extIdx] - OPAQUE16_LEN, + der->buffer); + } + totalSz += extSz[extIdx]; + } + } + else { + /* chain cert empty extension size */ + totalSz += OPAQUE16_LEN * extSz_num; + } + return totalSz; +} +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ /* Add certificate data and empty extension to output up to the fragment size. * * ssl SSL/TLS object. @@ -8430,10 +8497,11 @@ static word32 NextCert(byte* data, word32 length, word32* idx) * idx The start of the certificate data to write out. * fragSz The maximum size of this fragment. * output The buffer to write to. + * extIdx The index number of the extension data with the certificate * returns the number of bytes written. */ static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz, - word32 idx, word32 fragSz, byte* output) + word32 idx, word32 fragSz, byte* output, word16 extIdx) { word32 i = 0; word32 copySz = min(len - idx, fragSz); @@ -8454,7 +8522,7 @@ static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz, } } else { - byte* certExts = ssl->buffers.certExts->buffer + idx + i - len; + byte* certExts = ssl->buffers.certExts[extIdx]->buffer + idx + i - len; /* Put out as much of the extensions' data as will fit in fragment. */ if (copySz > fragSz - i) copySz = fragSz - i; @@ -8476,8 +8544,10 @@ static int SendTls13Certificate(WOLFSSL* ssl) { int ret = 0; word32 certSz, certChainSz, headerSz, listSz, payloadSz; - word16 extSz = 0; + word16 extSz[MAX_CERT_EXTENSIONS]; + word16 extIdx = 0; word32 maxFragment; + word32 totalextSz = 0; word32 len = 0; word32 idx = 0; word32 offset = OPAQUE16_LEN; @@ -8496,6 +8566,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND); WOLFSSL_ENTER("SendTls13Certificate"); + XMEMSET(extSz, 0, sizeof(extSz)); + ssl->options.buildingMsg = 1; #ifdef WOLFSSL_POST_HANDSHAKE_AUTH @@ -8538,35 +8610,42 @@ static int SendTls13Certificate(WOLFSSL* ssl) /* Cert Req Ctx Len | Cert Req Ctx | Cert List Len | Cert Data Len */ headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ + CERT_HEADER_SZ; - - ret = TLSX_GetResponseSize(ssl, certificate, &extSz); - if (ret < 0) - return ret; - - /* Create extensions' data if none already present. */ - if (extSz > OPAQUE16_LEN && ssl->buffers.certExts == NULL) { - ret = AllocDer(&ssl->buffers.certExts, extSz, CERT_TYPE, ssl->heap); - if (ret < 0) - return ret; - - extSz = 0; - ret = TLSX_WriteResponse(ssl, ssl->buffers.certExts->buffer, - certificate, &extSz); + /* set empty extension as default */ + for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++) + extSz[extIdx] = OPAQUE16_LEN; + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER) + /* We only send CSR on the server side. On client side, the CSR data + * is populated with the server response. We would be sending the server + * its own stapling data. */ + if (ssl->options.side == WOLFSSL_SERVER_END) { + ret = WriteCSRToBuffer(ssl, &ssl->buffers.certExts[0], &extSz[0], + 1 /* +1 for leaf */ + ssl->buffers.certChainCnt); if (ret < 0) return ret; + totalextSz += ret; + ret = 0; /* Clear to signal no error */ + } + else + #endif + { + /* Leaf cert empty extension size */ + totalextSz += OPAQUE16_LEN; + /* chain cert empty extension size */ + totalextSz += OPAQUE16_LEN * ssl->buffers.certChainCnt; } /* Length of message data with one certificate and extensions. */ - length = (sword32)(headerSz + certSz + extSz); + length = (sword32)(headerSz + certSz + totalextSz); /* Length of list data with one certificate and extensions. */ - listSz = CERT_HEADER_SZ + certSz + extSz; + listSz = CERT_HEADER_SZ + certSz + totalextSz; /* Send rest of chain if sending cert (chain has leading size/s). */ if (certSz > 0 && ssl->buffers.certChainCnt > 0) { p = ssl->buffers.certChain->buffer; /* Chain length including extensions. */ - certChainSz = ssl->buffers.certChain->length + - OPAQUE16_LEN * (word32)ssl->buffers.certChainCnt; + certChainSz = ssl->buffers.certChain->length; + length += certChainSz; listSz += certChainSz; } @@ -8581,6 +8660,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); + extIdx = 0; + while (length > 0 && ret == 0) { byte* output = NULL; word32 fragSz = 0; @@ -8595,15 +8676,15 @@ static int SendTls13Certificate(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 */ if (ssl->fragOffset == 0) { - if (headerSz + certSz + extSz + certChainSz <= + if (headerSz + certSz + totalextSz + certChainSz <= maxFragment - HANDSHAKE_HEADER_SZ) { - fragSz = headerSz + certSz + extSz + certChainSz; + fragSz = headerSz + certSz + totalextSz + certChainSz; } #ifdef WOLFSSL_DTLS13 else if (ssl->options.dtls){ /* short-circuit the fragmentation logic here. DTLS fragmentation will be done in dtls13HandshakeSend() */ - fragSz = headerSz + certSz + extSz + certChainSz; + fragSz = headerSz + certSz + totalextSz + certChainSz; } #endif /* WOLFSSL_DTLS13 */ else { @@ -8662,20 +8743,23 @@ static int SendTls13Certificate(WOLFSSL* ssl) else AddTls13RecordHeader(output, fragSz, handshake, ssl); - if (certSz > 0 && ssl->fragOffset < certSz + extSz) { - /* Put in the leaf certificate with extensions. */ - word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer, - certSz, extSz, ssl->fragOffset, fragSz, output + i); - i += copySz; - ssl->fragOffset += copySz; - length -= copySz; - fragSz -= copySz; - if (ssl->fragOffset == certSz + extSz) - FreeDer(&ssl->buffers.certExts); + if (extIdx == 0) { + if (certSz > 0 && ssl->fragOffset < certSz + extSz[0]) { + /* Put in the leaf certificate with extensions. */ + word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer, + certSz, extSz[0], ssl->fragOffset, fragSz, + output + i, 0); + i += copySz; + ssl->fragOffset += copySz; + length -= copySz; + fragSz -= copySz; + if (ssl->fragOffset == certSz + extSz[0]) + FreeDer(&ssl->buffers.certExts[0]); + } } if (certChainSz > 0 && fragSz > 0) { - /* Put in the CA certificates with empty extensions. */ - while (fragSz > 0) { + /* Put in the CA certificates with extensions. */ + while (fragSz > 0) { word32 l; if (offset == len + OPAQUE16_LEN) { @@ -8684,19 +8768,30 @@ static int SendTls13Certificate(WOLFSSL* ssl) /* Point to the start of current cert in chain buffer. */ p = ssl->buffers.certChain->buffer + idx; len = NextCert(ssl->buffers.certChain->buffer, - ssl->buffers.certChain->length, &idx); + ssl->buffers.certChain->length, &idx); if (len == 0) break; + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(NO_WOLFSSL_SERVER) + if (MAX_CERT_EXTENSIONS > extIdx) + extIdx++; + #endif } - - /* Write out certificate and empty extension. */ - l = AddCertExt(ssl, p, len, OPAQUE16_LEN, offset, fragSz, - output + i); + /* Write out certificate and extension. */ + l = AddCertExt(ssl, p, len, extSz[extIdx], offset, fragSz, + output + i, extIdx); i += l; ssl->fragOffset += l; length -= l; fragSz -= l; offset += l; + + if (extIdx != 0 && extIdx < MAX_CERT_EXTENSIONS && + ssl->buffers.certExts[extIdx] != NULL && + offset == len + extSz[extIdx]) + FreeDer(&ssl->buffers.certExts[extIdx]); + /* for next chain cert */ + len += extSz[extIdx] - OPAQUE16_LEN; } } @@ -11113,7 +11208,7 @@ static int SendTls13Finished(WOLFSSL* ssl) * ssl The SSL/TLS object. * returns 0 on success, otherwise failure. */ -static int SendTls13KeyUpdate(WOLFSSL* ssl) +int SendTls13KeyUpdate(WOLFSSL* ssl) { byte* input; byte* output; @@ -11290,7 +11385,12 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLFSSL_DTLS13 */ +#ifndef WOLFSSL_RW_THREADED return SendTls13KeyUpdate(ssl); +#else + ssl->options.sendKeyUpdate = 1; + return 0; +#endif } WOLFSSL_LEAVE("DoTls13KeyUpdate", ret); diff --git a/src/wolfio.c b/src/wolfio.c index 228fd6316e..8ae419cb65 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -650,6 +650,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) #elif !defined(DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER) word32 invalidPeerPackets = 0; #endif + int newPeer = 0; WOLFSSL_ENTER("EmbedReceiveFrom"); @@ -677,8 +678,13 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) dtlsCtx->peer.bufSz = sizeof(SOCKADDR_S); else dtlsCtx->peer.bufSz = 0; + newPeer = 1; + peer = (SOCKADDR_S*)dtlsCtx->peer.sa; + } + else { + peer = &lclPeer; + XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer)); } - peer = (SOCKADDR_S*)dtlsCtx->peer.sa; peerSz = dtlsCtx->peer.bufSz; } @@ -688,9 +694,20 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { - doDtlsTimeout = - doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL || + doDtlsTimeout = doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL; +#ifdef WOLFSSL_RW_THREADED + { + int ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) { + return ret; + } + } +#endif + doDtlsTimeout = doDtlsTimeout || (ssl->dtls13FastTimeout && ssl->dtls13Rtx.seenRecords != NULL); +#ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif } #endif /* WOLFSSL_DTLS13 */ @@ -822,8 +839,16 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) } } else { - /* Store size of saved address */ - dtlsCtx->peer.sz = peerSz; + if (newPeer) { + /* Store size of saved address */ + dtlsCtx->peer.sz = peerSz; + } +#ifndef WOLFSSL_PEER_ADDRESS_CHANGES + else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) || + (XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) { + return WOLFSSL_CBIO_ERR_GENERAL; + } +#endif } #ifndef NO_ASN_TIME ssl->dtls_start_timeout = 0; diff --git a/src/x509.c b/src/x509.c index be1d36f2b5..18feff0225 100644 --- a/src/x509.c +++ b/src/x509.c @@ -562,7 +562,6 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, /* Create a WOLFSSL_ASN1_STRING from the DER. */ str = wolfSSL_ASN1_STRING_type_new(tag); if (str == NULL) { - wolfSSL_ASN1_OBJECT_free(obj); goto err; } wolfSSL_ASN1_STRING_set(str, p, (int)len); @@ -2446,6 +2445,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, sk = NULL; } } + obj = wolfSSL_ASN1_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); @@ -2456,6 +2456,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, obj->grp = oidCertExtType; obj->obj = (byte*)(x509->certPolicies[i]); obj->objSz = MAX_CERTPOL_SZ; + + if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) { + WOLFSSL_MSG("Error pushing ASN1 object onto stack"); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); + sk = NULL; + } + + obj = NULL; } else { WOLFSSL_MSG("No Cert Policy set"); @@ -5550,7 +5559,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) * size of this subset and its memory usage */ #endif /* OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || SESSION_CERTS */ -#if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) /* * Converts a and b to DER and then does an XMEMCMP to check if they match. * Returns 0 when certificates match and WOLFSSL_FATAL_ERROR when they don't. @@ -6049,25 +6058,6 @@ static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio, return ret; } -/* Sets buf pointer and len to raw Attribute buffer and buffer len - * in X509 struct. - * - * Returns WOLFSSL_SUCCESS on success. - * Returns BAD_FUNC_ARG if input pointers are null. - * */ -WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, - const byte ** rawAttr, - word32 * rawAttrLen) -{ - if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) { - return BAD_FUNC_ARG; - } - - *rawAttr = x509->rawAttr; - *rawAttrLen = x509->rawAttrLen; - - return WOLFSSL_SUCCESS; -} #endif /* if WOLFSSL_ACERT*/ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, @@ -7220,168 +7210,6 @@ int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) } #if defined(WOLFSSL_ACERT) -WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer( - const unsigned char* buf, int sz, int format) -{ - int ret = 0; - WOLFSSL_X509_ACERT * x509 = NULL; - DerBuffer * der = NULL; - #ifdef WOLFSSL_SMALL_STACK - DecodedAcert * acert = NULL; - #else - DecodedAcert acert[1]; - #endif - - WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer"); - - if (format == WOLFSSL_FILETYPE_PEM) { - #ifdef WOLFSSL_PEM_TO_DER - ret = PemToDer(buf, sz, ACERT_TYPE, &der, NULL, NULL, NULL); - - if (ret != 0 || der == NULL || der->buffer == NULL) { - WOLFSSL_ERROR(ret); - - if (der != NULL) { - FreeDer(&der); - } - - return NULL; - } - #else - WOLFSSL_ERROR(NOT_COMPILED_IN); - return NULL; - #endif - } - else { - ret = AllocDer(&der, (word32)sz, ACERT_TYPE, NULL); - - if (ret != 0 || der == NULL || der->buffer == NULL) { - WOLFSSL_ERROR(ret); - return NULL; - } - - XMEMCPY(der->buffer, buf, sz); - } - - #ifdef WOLFSSL_SMALL_STACK - acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (acert == NULL) { - WOLFSSL_ERROR(MEMORY_ERROR); - FreeDer(&der); - return NULL; - } - #endif - - InitDecodedAcert(acert, der->buffer, der->length, NULL); - - ret = ParseX509Acert(acert, VERIFY_SKIP_DATE); - - if (ret == 0) { - x509 = (WOLFSSL_X509_ACERT*)XMALLOC(sizeof(WOLFSSL_X509_ACERT), NULL, - DYNAMIC_TYPE_X509_ACERT); - if (x509 != NULL) { - wolfSSL_X509_ACERT_init(x509, NULL); - ret = CopyDecodedAcertToX509(x509, acert); - - if (ret != 0) { - wolfSSL_X509_ACERT_free(x509); - x509 = NULL; - } - } - else { - ret = MEMORY_ERROR; - } - } - - FreeDecodedAcert(acert); - - #ifdef WOLFSSL_SMALL_STACK - XFREE(acert, NULL, DYNAMIC_TYPE_DCERT); - #endif - - FreeDer(&der); - - if (ret != 0) { - WOLFSSL_ERROR(ret); - } - - return x509; -} - -void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, void* heap) -{ - if (x509 == NULL) { - WOLFSSL_MSG("error: InitX509Acert: null parameter"); - return; - } - - XMEMSET(x509, 0, sizeof(*x509)); - - x509->heap = heap; -} - -void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509) -{ - if (x509 == NULL) { - WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter"); - return; - } - - /* Free holder and att cert issuer structures. */ - if (x509->holderIssuerName) { - FreeAltNames(x509->holderIssuerName, x509->heap); - x509->holderIssuerName = NULL; - } - - if (x509->AttCertIssuerName) { - FreeAltNames(x509->AttCertIssuerName, x509->heap); - x509->AttCertIssuerName = NULL; - } - - if (x509->rawAttr != NULL) { - XFREE(x509->rawAttr, x509->heap, DYNAMIC_TYPE_X509_EXT); - x509->rawAttr = NULL; - x509->rawAttrLen = 0; - } - - /* Free derCert source and signature buffer. */ - FreeDer(&x509->derCert); - - if (x509->sig.buffer != NULL) { - XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE); - x509->sig.buffer = NULL; - } - - /* Finally memset and free x509 acert structure. */ - XMEMSET(x509, 0, sizeof(*x509)); - XFREE(x509, NULL, DYNAMIC_TYPE_X509_ACERT); - - return; -} - -long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509) -{ - int version = 0; - - if (x509 == NULL) { - return 0L; - } - - version = x509->version; - - return version != 0 ? (long)version - 1L : 0L; -} - -int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509) -{ - if (x509 == NULL) { - return 0; - } - - return x509->version; -} - /* Retrieve sig NID from an ACERT. * * returns NID on success @@ -7396,43 +7224,6 @@ int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT *x509) return oid2nid((word32)x509->sigOID, oidSigType); } -/* Retrieve the signature from an ACERT. - * - * @param [in] x509 the x509 attribute certificate - * @param [in, out] buf the signature buffer pointer - * @param [in, out] bufSz the signature buffer size pointer - * - * buf may be null, but bufSz is required. On success, sets - * bufSz pointer to signature length, and copies signature - * to buf if provided. - * - * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. - * Returns WOLFSSL_SUCCESS on success. - */ -int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509, - unsigned char* buf, int* bufSz) -{ - WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature"); - - if (x509 == NULL || bufSz == NULL) { - return WOLFSSL_FATAL_ERROR; - } - - /* If buf array is provided, it must be long enough. */ - if (buf != NULL && *bufSz < (int)x509->sig.length) { - return WOLFSSL_FATAL_ERROR; - } - - if (buf != NULL) { - /* Copy in buffer if provided. */ - XMEMCPY(buf, x509->sig.buffer, x509->sig.length); - } - - *bufSz = (int)x509->sig.length; - - return WOLFSSL_SUCCESS; -} - static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509, int algOnly, int indent) { @@ -7475,43 +7266,6 @@ static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509, return WOLFSSL_SUCCESS; } -/* Retrieve the serial number from an ACERT. - * - * @param [in] x509 the x509 attribute certificate - * @param [in, out] buf the serial number buffer pointer - * @param [in, out] bufSz the serial number buffer size pointer - * - * buf may be null, but bufSz is required. On success, sets - * bufSz pointer to signature length, and copies signature - * to buf if provided. - * - * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. - * Returns WOLFSSL_SUCCESS on success. - */ -int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509, - byte* buf, int* bufSz) -{ - WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number"); - - if (x509 == NULL || bufSz == NULL) { - WOLFSSL_MSG("error: null argument passed in"); - return BAD_FUNC_ARG; - } - - if (buf != NULL) { - if (*bufSz < x509->serialSz) { - WOLFSSL_MSG("error: serial buffer too small"); - return BUFFER_E; - } - - XMEMCPY(buf, x509->serial, x509->serialSz); - } - - *bufSz = x509->serialSz; - - return WOLFSSL_SUCCESS; -} - static int X509AcertPrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509, int indent) { @@ -7782,7 +7536,6 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, byte* pem = NULL; byte* curr = NULL; byte* prev = NULL; - WOLFSSL_X509* x509; const char* header = NULL; const char* footer = NULL; @@ -7843,12 +7596,8 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, } else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { - x509 = wolfSSL_X509_load_certificate_buffer(curr, (int)sz, - WOLFSSL_FILETYPE_PEM); - if (x509 == NULL) - goto end; - ret = wolfSSL_X509_STORE_add_cert(lookup->store, x509); - wolfSSL_X509_free(x509); + ret = X509StoreLoadCertBuffer(lookup->store, curr, + (word32)sz, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) goto end; curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz); @@ -8385,101 +8134,12 @@ int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey) } #endif /* WOLFSSL_CERT_REQ */ -#if defined(WOLFSSL_ACERT) - -#ifndef NO_WOLFSSL_STUB -WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, - WOLFSSL_EVP_PKEY * pkey, - const WOLFSSL_EVP_MD * md) -{ - WOLFSSL_STUB("X509_ACERT_sign"); - (void) x509; - (void) pkey; - (void) md; - return WOLFSSL_NOT_IMPLEMENTED; -} -#endif /* NO_WOLFSSL_STUB */ - -/* Helper function for ACERT_verify. - * - * @param [in] x509 the x509 attribute certificate - * @param [in, out] outSz the x509 der length - * - * @return der buffer on success - * @return NULL on error - * */ -static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz) -{ - if (x509 == NULL || x509->derCert == NULL || outSz == NULL) { - return NULL; - } - - *outSz = (int)x509->derCert->length; - return x509->derCert->buffer; -} - -/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature. - * - * @param [in] x509 the x509 attribute certificate - * @param [in] pkey the evp_pkey - * - * @return WOLFSSL_SUCCESS on verify success - * @return < 0 on error - * */ -int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey) -{ - int ret = 0; - const byte * der = NULL; - int derSz = 0; - int pkey_type; - - if (x509 == NULL || pkey == NULL) { - WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg"); - return WOLFSSL_FATAL_ERROR; - } - - WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify"); - - der = acert_get_der(x509, &derSz); - - if (der == NULL || derSz <= 0) { - WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed"); - return WOLFSSL_FATAL_ERROR; - } - - switch (pkey->type) { - case EVP_PKEY_RSA: - pkey_type = RSAk; - break; - - case EVP_PKEY_EC: - pkey_type = ECDSAk; - break; - - case EVP_PKEY_DSA: - pkey_type = DSAk; - break; - - default: - WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type"); - return WOLFSSL_FATAL_ERROR; - } - - - ret = VerifyX509Acert(der, (word32)derSz, - (const byte *)pkey->pkey.ptr, pkey->pkey_sz, - pkey_type, x509->heap); - - return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} -#endif /* WOLFSSL_ACERT */ - -#if !defined(NO_FILESYSTEM) -static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) -{ - void *newx509 = NULL; - byte *fileBuffer = NULL; - long sz = 0; +#if !defined(NO_FILESYSTEM) +static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) +{ + void *newx509 = NULL; + byte *fileBuffer = NULL; + long sz = 0; /* init variable */ if (x509) @@ -13329,7 +12989,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( #ifndef NO_CHECK_PRIVATE_KEY return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz, x509->pubKey.buffer, x509->pubKey.length, - (enum Key_Sum)x509->pubKeyOID) == 1 ? + (enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; #else /* not compiled in */ @@ -14338,7 +13998,6 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, WOLFSSL_ENTER("wolfSSL_X509_check_host"); /* flags and peername not needed for Nginx. */ - (void)flags; (void)peername; if ((x == NULL) || (chk == NULL)) { @@ -14390,7 +14049,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, chklen--; } - ret = CheckHostName(dCert, (char *)chk, chklen); + ret = CheckHostName(dCert, (char *)chk, chklen, flags); out: @@ -14457,7 +14116,9 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, } #ifdef WOLFSSL_SMALL_STACK - XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT); + if (x != NULL) { + XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT); + } #endif return ret; @@ -14544,6 +14205,9 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +#if defined(OPENSSL_EXTRA) && \ + ((defined(SESSION_CERTS) && !defined(WOLFSSL_QT)) || \ + defined(WOLFSSL_SIGNER_DER_CERT)) /** * Find the issuing cert of the input cert. On a self-signed cert this @@ -14614,6 +14278,8 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, return WOLFSSL_SUCCESS; } +#endif /* if defined(OPENSSL_EXTRA) && (defined(SESSION_CERTS) || \ + defined(WOLFSSL_SIGNER_DER_CERT)) */ void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk) { @@ -15432,12 +15098,14 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR; } } - if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR) { + if ((req->reqAttributes != NULL) && + (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)) { ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } - else + else { ret = WOLFSSL_FAILURE; + } if (ret != WOLFSSL_SUCCESS) wolfSSL_X509_ATTRIBUTE_free(attr); } @@ -15589,7 +15257,417 @@ void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr) XFREE(attr, NULL, DYNAMIC_TYPE_OPENSSL); } } -#endif +#endif /* (OPENSSL_ALL || OPENSSL_EXTRA) && + (WOLFSSL_CERT_GEN || WOLFSSL_CERT_REQ) */ + +#if defined(WOLFSSL_ACERT) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + +/* Allocate and return a new WOLFSSL_X509_ACERT struct pointer. + * + * @param [in] heap heap hint + * + * @return pointer on success + * @return NULL on error + * */ +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void* heap) +{ + WOLFSSL_X509_ACERT* x509; + + x509 = (WOLFSSL_X509_ACERT*) XMALLOC(sizeof(WOLFSSL_X509_ACERT), heap, + DYNAMIC_TYPE_X509_ACERT); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_init(x509, 1, heap); + } + + return x509; +} + +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void) +{ + return wolfSSL_X509_ACERT_new_ex(NULL); +} + +/* Initialize a WOLFSSL_X509_ACERT struct. + * + * If dynamic == 1, then the x509 pointer will be freed + * in wolfSSL_X509_ACERT_free. + * + * @param [in] x509 x509 acert pointer + * @param [in] dynamic dynamic mem flag + * @param [in] heap heap hint + * + * @return void + * */ +void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, int dynamic, void* heap) +{ + if (x509 == NULL) { + WOLFSSL_MSG("error: InitX509Acert: null parameter"); + return; + } + + XMEMSET(x509, 0, sizeof(*x509)); + + x509->heap = heap; + x509->dynamic = dynamic; +} + +/* Free a WOLFSSL_X509_ACERT struct and its sub-fields. + * + * If this ACERT was initialized with dynamic == 1, then + * the x509 pointer itself will be freed as well. + * + * @param [in] x509 x509 acert pointer + * + * @return void + * */ +void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT * x509) +{ + int dynamic = 0; + void * heap = NULL; + + if (x509 == NULL) { + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter"); + return; + } + + dynamic = x509->dynamic; + heap = x509->heap; + + /* Free holder and att cert issuer structures. */ + if (x509->holderIssuerName) { + FreeAltNames(x509->holderIssuerName, heap); + x509->holderIssuerName = NULL; + } + + if (x509->AttCertIssuerName) { + FreeAltNames(x509->AttCertIssuerName, heap); + x509->AttCertIssuerName = NULL; + } + + if (x509->rawAttr != NULL) { + XFREE(x509->rawAttr, heap, DYNAMIC_TYPE_X509_EXT); + x509->rawAttr = NULL; + x509->rawAttrLen = 0; + } + + /* Free derCert source and signature buffer. */ + FreeDer(&x509->derCert); + + if (x509->sig.buffer != NULL) { + XFREE(x509->sig.buffer, heap, DYNAMIC_TYPE_SIGNATURE); + x509->sig.buffer = NULL; + } + + /* Finally memset and free x509 acert structure. */ + XMEMSET(x509, 0, sizeof(*x509)); + + if (dynamic == 1) { + XFREE(x509, heap, DYNAMIC_TYPE_X509_ACERT); + } + + return; +} + +#if defined(OPENSSL_EXTRA) +long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509) +{ + int version = 0; + + if (x509 == NULL) { + return 0L; + } + + version = x509->version; + + return version != 0 ? (long)version - 1L : 0L; +} +#endif /* OPENSSL_EXTRA */ + +int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509) +{ + if (x509 == NULL) { + return 0; + } + + return x509->version; +} + +/* Retrieve the serial number from an ACERT. + * + * @param [in] x509 the x509 attribute certificate + * @param [in, out] buf the serial number buffer pointer + * @param [in, out] bufSz the serial number buffer size pointer + * + * buf may be null, but bufSz is required. On success, sets + * bufSz pointer to signature length, and copies signature + * to buf if provided. + * + * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. + * Returns WOLFSSL_SUCCESS on success. + */ +int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509, + byte* buf, int* bufSz) +{ + WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number"); + + if (x509 == NULL || bufSz == NULL) { + WOLFSSL_MSG("error: null argument passed in"); + return BAD_FUNC_ARG; + } + + if (buf != NULL) { + if (*bufSz < x509->serialSz) { + WOLFSSL_MSG("error: serial buffer too small"); + return BUFFER_E; + } + + XMEMCPY(buf, x509->serial, x509->serialSz); + } + + *bufSz = x509->serialSz; + + return WOLFSSL_SUCCESS; +} + +/* Sets buf pointer and len to raw Attribute buffer and buffer len + * in X509 struct. + * + * Returns WOLFSSL_SUCCESS on success. + * Returns BAD_FUNC_ARG if input pointers are null. + * */ +WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, + const byte ** rawAttr, + word32 * rawAttrLen) +{ + if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) { + return BAD_FUNC_ARG; + } + + *rawAttr = x509->rawAttr; + *rawAttrLen = x509->rawAttrLen; + + return WOLFSSL_SUCCESS; +} + +#ifndef NO_WOLFSSL_STUB +WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, + WOLFSSL_EVP_PKEY * pkey, + const WOLFSSL_EVP_MD * md) +{ + WOLFSSL_STUB("X509_ACERT_sign"); + (void) x509; + (void) pkey; + (void) md; + return WOLFSSL_NOT_IMPLEMENTED; +} +#endif /* NO_WOLFSSL_STUB */ + +/* Helper function for ACERT_verify. + * + * @param [in] x509 the x509 attribute certificate + * @param [in, out] outSz the x509 der length + * + * @return der buffer on success + * @return NULL on error + * */ +static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz) +{ + if (x509 == NULL || x509->derCert == NULL || outSz == NULL) { + return NULL; + } + + *outSz = (int)x509->derCert->length; + return x509->derCert->buffer; +} + +/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature. + * + * @param [in] x509 the x509 attribute certificate + * @param [in] pkey the evp_pkey + * + * @return WOLFSSL_SUCCESS on verify success + * @return < 0 on error + * */ +int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey) +{ + int ret = 0; + const byte * der = NULL; + int derSz = 0; + int pkey_type; + + if (x509 == NULL || pkey == NULL) { + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg"); + return WOLFSSL_FATAL_ERROR; + } + + WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify"); + + der = acert_get_der(x509, &derSz); + + if (der == NULL || derSz <= 0) { + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed"); + return WOLFSSL_FATAL_ERROR; + } + + switch (pkey->type) { + case EVP_PKEY_RSA: + pkey_type = RSAk; + break; + + case EVP_PKEY_EC: + pkey_type = ECDSAk; + break; + + case EVP_PKEY_DSA: + pkey_type = DSAk; + break; + + default: + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type"); + return WOLFSSL_FATAL_ERROR; + } + + + ret = VerifyX509Acert(der, (word32)derSz, + (const byte *)pkey->pkey.ptr, pkey->pkey_sz, + pkey_type, x509->heap); + + return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} + +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex( + const unsigned char* buf, int sz, int format, void * heap) +{ + int ret = 0; + WOLFSSL_X509_ACERT * x509 = NULL; + DerBuffer * der = NULL; + #ifdef WOLFSSL_SMALL_STACK + DecodedAcert * acert = NULL; + #else + DecodedAcert acert[1]; + #endif + + WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer"); + + if (format == WOLFSSL_FILETYPE_PEM) { + #ifdef WOLFSSL_PEM_TO_DER + ret = PemToDer(buf, sz, ACERT_TYPE, &der, heap, NULL, NULL); + + if (ret != 0 || der == NULL || der->buffer == NULL) { + WOLFSSL_ERROR(ret); + + if (der != NULL) { + FreeDer(&der); + } + + return NULL; + } + #else + WOLFSSL_ERROR(NOT_COMPILED_IN); + return NULL; + #endif + } + else { + ret = AllocDer(&der, (word32)sz, ACERT_TYPE, heap); + + if (ret != 0 || der == NULL || der->buffer == NULL) { + WOLFSSL_ERROR(ret); + return NULL; + } + + XMEMCPY(der->buffer, buf, sz); + } + + #ifdef WOLFSSL_SMALL_STACK + acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), heap, + DYNAMIC_TYPE_DCERT); + if (acert == NULL) { + WOLFSSL_ERROR(MEMORY_ERROR); + FreeDer(&der); + return NULL; + } + #endif + + InitDecodedAcert(acert, der->buffer, der->length, heap); + + ret = ParseX509Acert(acert, VERIFY_SKIP_DATE); + + if (ret == 0) { + x509 = wolfSSL_X509_ACERT_new_ex(heap); + + if (x509 != NULL) { + ret = CopyDecodedAcertToX509(x509, acert); + + if (ret != 0) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } + } + else { + ret = MEMORY_ERROR; + } + } + + FreeDecodedAcert(acert); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(acert, heap, DYNAMIC_TYPE_DCERT); + #endif + + FreeDer(&der); + + if (ret != 0) { + WOLFSSL_ERROR(ret); + } + + return x509; +} + +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer( + const unsigned char* buf, int sz, int format) +{ + return wolfSSL_X509_ACERT_load_certificate_buffer_ex(buf, sz, format, NULL); +} + +/* Retrieve the signature from an ACERT. + * + * @param [in] x509 the x509 attribute certificate + * @param [in, out] buf the signature buffer pointer + * @param [in, out] bufSz the signature buffer size pointer + * + * buf may be null, but bufSz is required. On success, sets + * bufSz pointer to signature length, and copies signature + * to buf if provided. + * + * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. + * Returns WOLFSSL_SUCCESS on success. + */ +int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509, + unsigned char* buf, int* bufSz) +{ + WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature"); + + if (x509 == NULL || bufSz == NULL) { + return WOLFSSL_FATAL_ERROR; + } + + /* If buf array is provided, it must be long enough. */ + if (buf != NULL && *bufSz < (int)x509->sig.length) { + return WOLFSSL_FATAL_ERROR; + } + + if (buf != NULL) { + /* Copy in buffer if provided. */ + XMEMCPY(buf, x509->sig.buffer, x509->sig.length); + } + + *bufSz = (int)x509->sig.length; + + return WOLFSSL_SUCCESS; +} +#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */ #endif /* !NO_CERTS */ diff --git a/src/x509_str.c b/src/x509_str.c index 9b90c4b72c..c3d33b85fb 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -36,9 +36,21 @@ #ifndef NO_CERTS -/******************************************************************************* +#ifdef OPENSSL_EXTRA +static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer, + WOLFSSL_STACK *certs, WOLFSSL_X509 *x); +static int X509StoreAddCa(WOLFSSL_X509_STORE* store, + WOLFSSL_X509* x509, int type); +#endif + +/* Based on OpenSSL default max depth */ +#ifndef WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH +#define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100 +#endif + +/****************************************************************************** * START OF X509_STORE_CTX APIs - ******************************************************************************/ + *****************************************************************************/ /* This API is necessary outside of OPENSSL_EXTRA because it is used in * SetupStoreCtxCallback */ @@ -53,11 +65,16 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap) XMEMSET(ctx, 0, sizeof(WOLFSSL_X509_STORE_CTX)); ctx->heap = heap; #ifdef OPENSSL_EXTRA - if (wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != - WOLFSSL_SUCCESS) { + if ((ctx->owned = wolfSSL_sk_X509_new_null()) == NULL) { XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX); ctx = NULL; } + if (ctx != NULL && + wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != + WOLFSSL_SUCCESS) { + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; + } #endif } @@ -78,6 +95,17 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) #ifdef OPENSSL_EXTRA XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); ctx->param = NULL; + + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + } + if (ctx->owned != NULL) { + wolfSSL_sk_X509_pop_free(ctx->owned, NULL); + } + + if (ctx->current_issuer != NULL) { + wolfSSL_X509_free(ctx->current_issuer); + } #endif XFREE(ctx, ctx->heap, DYNAMIC_TYPE_X509_CTX); @@ -96,8 +124,6 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk) { - int ret = 0; - (void)sk; WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init"); if (ctx != NULL) { @@ -106,51 +132,21 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, ctx->current_cert = x509; #else if(x509 != NULL){ - ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer, - x509->derCert->length, x509->heap); + ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, + x509->derCert->buffer, + x509->derCert->length, + x509->heap); if(ctx->current_cert == NULL) return WOLFSSL_FAILURE; } else ctx->current_cert = NULL; #endif - ctx->chain = sk; - /* Add intermediate certs, that verify to a loaded CA, to the store */ - if (sk != NULL) { - byte addedAtLeastOne = 1; - WOLF_STACK_OF(WOLFSSL_X509)* head = wolfSSL_shallow_sk_dup(sk); - if (head == NULL) - return WOLFSSL_FAILURE; - while (addedAtLeastOne) { - WOLF_STACK_OF(WOLFSSL_X509)* cur = head; - WOLF_STACK_OF(WOLFSSL_X509)** prev = &head; - addedAtLeastOne = 0; - while (cur) { - WOLFSSL_X509* cert = cur->data.x509; - if (cert != NULL && cert->derCert != NULL && - wolfSSL_CertManagerVerifyBuffer(store->cm, - cert->derCert->buffer, - cert->derCert->length, - WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) { - ret = wolfSSL_X509_STORE_add_cert(store, cert); - if (ret < 0) { - wolfSSL_sk_free(head); - return WOLFSSL_FAILURE; - } - addedAtLeastOne = 1; - *prev = cur->next; - wolfSSL_sk_free_node(cur); - cur = *prev; - } - else { - prev = &cur->next; - cur = cur->next; - } - } - } - wolfSSL_sk_free(head); + ctx->ctxIntermediates = sk; + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + ctx->chain = NULL; } - ctx->sesChain = NULL; ctx->domain = NULL; #ifdef HAVE_EX_DATA @@ -192,10 +188,11 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx) } -void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk) +void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, + WOLF_STACK_OF(WOLFSSL_X509) *sk) { if (ctx != NULL) { - ctx->chain = sk; + ctx->setTrustedSk = sk; } } @@ -255,22 +252,19 @@ static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret) wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth); } -/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX - * returns 0 on success or < 0 on failure. - */ -int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) +static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) { - WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); - - if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL - && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { - int ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, - ctx->current_cert->derCert->buffer, - ctx->current_cert->derCert->length, - WOLFSSL_FILETYPE_ASN1); + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + WOLFSSL_ENTER("X509StoreVerifyCert"); + + if (ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { + ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, + ctx->current_cert->derCert->buffer, + ctx->current_cert->derCert->length, + WOLFSSL_FILETYPE_ASN1); SetupStoreCtxError(ctx, ret); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - if (ctx->store && ctx->store->verify_cb) + if (ctx->store->verify_cb) ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : ret; #endif @@ -278,9 +272,9 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) && ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or - ASN_BEFORE_DATE_E if there are no additional errors found in the - cert. Therefore, check if the cert is expired or not yet valid - in order to return the correct expected error. */ + * ASN_BEFORE_DATE_E if there are no additional errors found in the + * cert. Therefore, check if the cert is expired or not yet valid + * in order to return the correct expected error. */ byte *afterDate = ctx->current_cert->notAfter.data; byte *beforeDate = ctx->current_cert->notBefore.data; @@ -294,23 +288,203 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } SetupStoreCtxError(ctx, ret); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - if (ctx->store && ctx->store->verify_cb) + if (ctx->store->verify_cb) ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : -1; #endif } #endif + } + + return ret; +} - return ret >= 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +static int addAllButSelfSigned(WOLF_STACK_OF(WOLFSSL_X509)*to, + WOLF_STACK_OF(WOLFSSL_X509)*from, int *numAdded) +{ + int ret = WOLFSSL_SUCCESS; + int i = 0; + int cnt = 0; + WOLFSSL_X509 *x = NULL; + + for (i = 0; i < wolfSSL_sk_X509_num(from); i++) { + x = wolfSSL_sk_X509_value(from, i); + if (wolfSSL_X509_NAME_cmp(&x->issuer, &x->subject) != 0) { + if (wolfSSL_sk_X509_push(to, x) <= 0) { + ret = WOLFSSL_FAILURE; + goto exit; + } + cnt++; + } } - return WOLFSSL_FATAL_ERROR; + +exit: + if (numAdded != NULL) { + *numAdded = cnt; + } + return ret; +} + +/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX + * returns 0 on success or < 0 on failure. + */ +int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + int done = 0; + int added = 0; + int i = 0; + int numInterAdd = 0; + int depth = 0; + WOLFSSL_X509 *issuer = NULL; + WOLFSSL_X509 *orig = NULL; + WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL; + WOLF_STACK_OF(WOLFSSL_X509)* certsToUse = NULL; + WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); + + if (ctx == NULL || ctx->store == NULL || ctx->store->cm == NULL + || ctx->current_cert == NULL || ctx->current_cert->derCert == NULL) { + return WOLFSSL_FATAL_ERROR; + } + + certs = ctx->store->certs; + if (ctx->setTrustedSk != NULL) { + certs = ctx->setTrustedSk; + } + + if (certs == NULL && + wolfSSL_sk_X509_num(ctx->ctxIntermediates) > 0) { + certsToUse = wolfSSL_sk_X509_new_null(); + ret = addAllButSelfSigned(certsToUse, ctx->ctxIntermediates, NULL); + } + else { + /* Add the intermediates provided on init to the list of untrusted + * intermediates to be used */ + ret = addAllButSelfSigned(certs, ctx->ctxIntermediates, &numInterAdd); + } + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + } + ctx->chain = wolfSSL_sk_X509_new_null(); + + if (ctx->depth > 0) { + depth = ctx->depth + 1; + } + else { + depth = WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH + 1; + } + + orig = ctx->current_cert; + while(done == 0 && depth > 0) { + issuer = NULL; + + /* Try to find an untrusted issuer first */ + ret = X509StoreGetIssuerEx(&issuer, certs, + ctx->current_cert); + if (ret == WOLFSSL_SUCCESS) { + if (ctx->current_cert == issuer) { + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + break; + } + + /* We found our issuer in the non-trusted cert list, add it + * to the CM and verify the current cert against it */ + ret = X509StoreAddCa(ctx->store, issuer, + WOLFSSL_TEMP_CA); + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + added = 1; + + ret = X509StoreVerifyCert(ctx); + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + /* Add it to the current chain and look at the issuer cert next */ + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + ctx->current_cert = issuer; + } + else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { + /* Could not find in untrusted list, only place left is + * a trusted CA in the CM */ + ret = X509StoreVerifyCert(ctx); + if (ret != WOLFSSL_SUCCESS) { + if (((ctx->flags & WOLFSSL_PARTIAL_CHAIN) || + (ctx->store->param->flags & WOLFSSL_PARTIAL_CHAIN)) && + (added == 1)) { + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + ret = WOLFSSL_SUCCESS; + } + goto exit; + } + + /* Cert verified, finish building the chain */ + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + issuer = NULL; + #ifdef WOLFSSL_SIGNER_DER_CERT + x509GetIssuerFromCM(&issuer, ctx->store->cm, ctx->current_cert); + if (issuer != NULL && ctx->owned != NULL) { + wolfSSL_sk_X509_push(ctx->owned, issuer); + } + #else + if (ctx->setTrustedSk == NULL) { + X509StoreGetIssuerEx(&issuer, + ctx->store->trusted, ctx->current_cert); + } + else { + X509StoreGetIssuerEx(&issuer, + ctx->setTrustedSk, ctx->current_cert); + } + #endif + if (issuer != NULL) { + wolfSSL_sk_X509_push(ctx->chain, issuer); + } + + done = 1; + } + else { + goto exit; + } + + depth--; + } + +exit: + /* Remove additional intermediates from init from the store */ + if (ctx != NULL && numInterAdd > 0) { + for (i = 0; i < numInterAdd; i++) { + wolfSSL_sk_X509_pop(ctx->store->certs); + } + } + /* Remove intermediates that were added to CM */ + if (ctx != NULL) { + if (ctx->store != NULL) { + if (added == 1) { + wolfSSL_CertManagerUnloadTempIntermediateCerts(ctx->store->cm); + } + } + if (orig != NULL) { + ctx->current_cert = orig; + } + } + if (certsToUse != NULL) { + wolfSSL_sk_X509_free(certsToUse); + } + + return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( - WOLFSSL_X509_STORE_CTX* ctx) + WOLFSSL_X509_STORE_CTX* ctx) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert"); if (ctx) @@ -408,14 +582,6 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_purpose (not implemented)"); return 0; } - -void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, - unsigned long flags) -{ - (void)ctx; - (void)flags; - WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_flags (not implemented)"); -} #endif /* !NO_WOLFSSL_STUB */ #endif /* WOLFSSL_QT || OPENSSL_ALL */ @@ -423,6 +589,14 @@ void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, #ifdef OPENSSL_EXTRA +void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, + unsigned long flags) +{ + if ((ctx != NULL) && (flags & WOLFSSL_PARTIAL_CHAIN)){ + ctx->flags |= WOLFSSL_PARTIAL_CHAIN; + } +} + /* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS * on success, WOLFSSL_FAILURE on error. */ int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx, @@ -454,8 +628,8 @@ int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup( WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup"); if (ctx != NULL) { - return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data, - cleanup_routine); + return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, + data, cleanup_routine); } return WOLFSSL_FAILURE; } @@ -470,22 +644,24 @@ void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth) } #endif - WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer( WOLFSSL_X509_STORE_CTX* ctx) { - int ret; - WOLFSSL_X509* issuer; - + WOLFSSL_STACK* node; WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_current_issuer"); - if (ctx == NULL) { + if (ctx == NULL) return NULL; - } - ret = wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, ctx->current_cert); - if (ret == WOLFSSL_SUCCESS) { - return issuer; + /* get0 only checks currently built chain */ + if (ctx->chain != NULL) { + for (node = ctx->chain; node != NULL; node = node->next) { + if (wolfSSL_X509_check_issued(node->data.x509, + ctx->current_cert) == + WOLFSSL_X509_V_OK) { + return node->data.x509; + } + } } return NULL; @@ -505,7 +681,7 @@ void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er) /* Set the error depth in the X509 STORE CTX */ void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx, - int depth) + int depth) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error_depth"); @@ -533,7 +709,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) if (sk == NULL) return NULL; -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(OPENSSL_EXTRA) /* add CA used to verify top of chain to the list */ if (c->count > 0) { WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1); @@ -734,34 +911,63 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x) { - WOLFSSL_STACK* node; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get1_issuer"); if (issuer == NULL || ctx == NULL || x == NULL) return WOLFSSL_FATAL_ERROR; - if (ctx->chain != NULL) { - for (node = ctx->chain; node != NULL; node = node->next) { - if (wolfSSL_X509_check_issued(node->data.x509, x) == - WOLFSSL_X509_V_OK) { - *issuer = x; + ret = X509StoreGetIssuerEx(issuer, ctx->store->certs, x); + if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { + return wolfSSL_X509_up_ref(*issuer); + } + +#ifdef WOLFSSL_SIGNER_DER_CERT + ret = x509GetIssuerFromCM(issuer, ctx->store->cm, x); +#else + ret = X509StoreGetIssuerEx(issuer, ctx->store->trusted, x); + if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { + return wolfSSL_X509_up_ref(*issuer); + } +#endif + + return ret; +} +#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ + +#ifdef OPENSSL_EXTRA + +static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer, + WOLFSSL_STACK * certs, WOLFSSL_X509 *x) +{ + int i; + + if (issuer == NULL || x == NULL) + return WOLFSSL_FATAL_ERROR; + + if (certs != NULL) { + for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) { + if (wolfSSL_X509_check_issued( + wolfSSL_sk_X509_value(certs, i), x) == + WOLFSSL_X509_V_OK) { + *issuer = wolfSSL_sk_X509_value(certs, i); return WOLFSSL_SUCCESS; } } } - /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */ - - return x509GetIssuerFromCM(issuer, ctx->store->cm, x); + return WOLFSSL_FAILURE; } -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ -/******************************************************************************* +#endif + +/****************************************************************************** * END OF X509_STORE_CTX APIs - ******************************************************************************/ + *****************************************************************************/ -/******************************************************************************* +/****************************************************************************** * START OF X509_STORE APIs - ******************************************************************************/ + *****************************************************************************/ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) @@ -789,10 +995,25 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) if ((store->cm = wolfSSL_CertManagerNew()) == NULL) goto err_exit; +#ifdef OPENSSL_EXTRA + if ((store->certs = wolfSSL_sk_X509_new_null()) == NULL) + goto err_exit; + + if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL) + goto err_exit; + +#if !defined(WOLFSSL_SIGNER_DER_CERT) + if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL) + goto err_exit; +#endif +#endif + #ifdef HAVE_CRL store->crl = store->cm->crl; #endif + store->numAdded = 0; + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* Link store's new Certificate Manager to self by default */ @@ -827,6 +1048,30 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) return NULL; } +#ifdef OPENSSL_ALL +static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, + WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* objs) +{ + int i; + WOLFSSL_X509_OBJECT *obj = NULL; + int cnt = store->numAdded; + + i = wolfSSL_sk_X509_OBJECT_num(objs) - 1; + while (cnt > 0 && i > 0) { + /* The inner X509 is owned by somebody else, NULL out the reference */ + obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i); + if (obj != NULL) { + obj->type = (WOLFSSL_X509_LOOKUP_TYPE)0; + obj->data.ptr = NULL; + } + cnt--; + i--; + } + + wolfSSL_sk_X509_OBJECT_pop_free(objs, NULL); +} +#endif + void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) { int doFree = 0; @@ -849,9 +1094,25 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) wolfSSL_CertManagerFree(store->cm); store->cm = NULL; } +#if defined(OPENSSL_EXTRA) + if (store->certs != NULL) { + wolfSSL_sk_X509_free(store->certs); + store->certs = NULL; + } + if (store->owned != NULL) { + wolfSSL_sk_X509_pop_free(store->owned, wolfSSL_X509_free); + store->owned = NULL; + } +#if !defined(WOLFSSL_SIGNER_DER_CERT) + if (store->trusted != NULL) { + wolfSSL_sk_X509_free(store->trusted); + store->trusted = NULL; + } +#endif +#endif #ifdef OPENSSL_ALL if (store->objs != NULL) { - wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL); + X509StoreFreeObjList(store, store->objs); } #endif #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) @@ -861,7 +1122,8 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) if (store->lookup.dirs != NULL) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (store->lookup.dirs->dir_entry) { - wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry); + wolfSSL_sk_BY_DIR_entry_free( + store->lookup.dirs->dir_entry); } #endif wc_FreeMutex(&store->lookup.dirs->lock); @@ -869,6 +1131,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) store->lookup.dirs = NULL; } #endif + wolfSSL_RefFree(&store->ref); XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); } } @@ -922,7 +1185,7 @@ int wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store) * @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure */ int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx, - void *data) + void *data) { WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data"); #ifdef HAVE_EX_DATA @@ -1009,22 +1272,68 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, return &store->lookup; } -int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) +static int X509StoreAddCa(WOLFSSL_X509_STORE* store, + WOLFSSL_X509* x509, int type) { int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); + DerBuffer* derCert = NULL; - WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert"); - if (store != NULL && store->cm != NULL && x509 != NULL - && x509->derCert != NULL) { - DerBuffer* derCert = NULL; - + WOLFSSL_ENTER("X509StoreAddCa"); + if (store != NULL && x509 != NULL && x509->derCert != NULL) { result = AllocDer(&derCert, x509->derCert->length, x509->derCert->type, NULL); if (result == 0) { /* AddCA() frees the buffer. */ XMEMCPY(derCert->buffer, x509->derCert->buffer, x509->derCert->length); - result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, VERIFY); + result = AddCA(store->cm, &derCert, type, VERIFY); + } + } + + return result; +} + + +int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) +{ + int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); + + WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert"); + if (store != NULL && store->cm != NULL && x509 != NULL + && x509->derCert != NULL) { + /* Mimic the openssl behavior, must be self signed to be considered + * trusted, addCA() internals will do additional checks for + * CA=TRUE */ + if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) { + result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA); + #if !defined(WOLFSSL_SIGNER_DER_CERT) + if (result == WOLFSSL_SUCCESS && store->trusted != NULL) { + result = wolfSSL_sk_X509_push(store->trusted, x509); + if (result > 0) { + result = WOLFSSL_SUCCESS; + } + else { + result = WOLFSSL_FATAL_ERROR; + } + } + #endif + } + else { + if (store->certs != NULL) { + result = wolfSSL_sk_X509_push(store->certs, x509); + if (result > 0) { + result = WOLFSSL_SUCCESS; + } + else { + result = WOLFSSL_FATAL_ERROR; + } + } + else { + /* If store->certs is NULL, this is an X509_STORE managed by an + * SSL_CTX, preserve behavior and always add as USER_CA */ + result = X509StoreAddCa( + store, x509, WOLFSSL_USER_CA); + } } } @@ -1054,6 +1363,9 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) ret = wolfSSL_CertManagerDisableCRL(store->cm); } #endif + if (flag & WOLFSSL_PARTIAL_CHAIN) { + store->param->flags |= WOLFSSL_PARTIAL_CHAIN; + } return ret; } @@ -1064,13 +1376,107 @@ int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store) return WOLFSSL_SUCCESS; } +int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, + byte *buf, word32 bufLen, int type) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + WOLFSSL_X509 *x509 = NULL; + + if (str == NULL || buf == NULL) { + return WOLFSSL_FAILURE; + } + + /* OpenSSL X509_STORE_load_file fails on DER file, we will as well */ + x509 = wolfSSL_X509_load_certificate_buffer(buf, bufLen, type); + if (str->owned != NULL) { + wolfSSL_sk_X509_push(str->owned, x509); + } + ret = wolfSSL_X509_STORE_add_cert(str, x509); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to load file"); + ret = WOLFSSL_FAILURE; + } + if (str->owned == NULL) { + wolfSSL_X509_free(x509); + } + + return ret; +} + #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + +static int X509StoreReadFile(const char *fname, + StaticBuffer *content, word32 *bytesRead, int *type) +{ + int ret = -1; + long sz = 0; +#ifdef HAVE_CRL + const char* header = NULL; + const char* footer = NULL; +#endif + + ret = wolfssl_read_file_static(fname, content, NULL, DYNAMIC_TYPE_FILE, + &sz); + if (ret == 0) { + *type = CERT_TYPE; + *bytesRead = (word32)sz; +#ifdef HAVE_CRL + /* Look for CRL header and footer. */ + if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && + (XSTRNSTR((char*)content->buffer, header, (word32)sz) != + NULL)) { + *type = CRL_TYPE; + } +#endif + } + + return (ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE); +} + +static int X509StoreLoadFile(WOLFSSL_X509_STORE *str, + const char *fname) +{ + int ret = WOLFSSL_SUCCESS; + int type = 0; +#ifndef WOLFSSL_SMALL_STACK + byte stackBuffer[FILE_BUFFER_SIZE]; +#endif + StaticBuffer content; + word32 contentLen = 0; + +#ifdef WOLFSSL_SMALL_STACK + static_buffer_init(&content); +#else + static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE); +#endif + + ret = X509StoreReadFile(fname, &content, &contentLen, &type); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to load file"); + ret = WOLFSSL_FAILURE; + } + + if ((ret == WOLFSSL_SUCCESS) && (type == CERT_TYPE)) { + ret = X509StoreLoadCertBuffer(str, content.buffer, + contentLen, WOLFSSL_FILETYPE_PEM); + } +#ifdef HAVE_CRL + else if ((ret == WOLFSSL_SUCCESS) && (type == CRL_TYPE)) { + ret = BufferLoadCRL(str->cm->crl, content.buffer, contentLen, + WOLFSSL_FILETYPE_PEM, 0); + } +#endif + + static_buffer_free(&content, NULL, DYNAMIC_TYPE_FILE); + return ret; +} + /* Loads certificate(s) files in pem format into X509_STORE struct from either * a file or directory. * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs. */ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, - const char *file, const char *dir) + const char *file, const char *dir) { WOLFSSL_CTX* ctx; char *name = NULL; @@ -1110,10 +1516,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, /* Load individual file */ if (file) { - /* Try to process file with type DETECT_CERT_TYPE to parse the - correct certificate header and footer type */ - ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE, - NULL, 0, str->cm->crl, 0); + ret = X509StoreLoadFile(str, file); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to load file"); ret = WOLFSSL_FAILURE; @@ -1126,7 +1529,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, #ifdef WOLFSSL_SMALL_STACK readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (readCtx == NULL) { WOLFSSL_MSG("Memory error"); wolfSSL_CTX_free(ctx); @@ -1138,10 +1541,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, ret = wc_ReadDirFirst(readCtx, dir, &name); while (ret == 0 && name) { WOLFSSL_MSG(name); - /* Try to process file with type DETECT_CERT_TYPE to parse the - correct certificate header and footer type */ - ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE, - NULL, 0, str->cm->crl, 0); + + ret = X509StoreLoadFile(str, name); /* Not failing on load errors */ if (ret != WOLFSSL_SUCCESS) WOLFSSL_MSG("Failed to load file in path, continuing"); @@ -1184,17 +1585,23 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) } table = store->cm->caTable; - if (table){ + if (table || (store->certs != NULL)){ if (wc_LockMutex(&store->cm->caLock) == 0){ - int i = 0; - for (i = 0; i < CA_TABLE_SIZE; i++) { - Signer* signer = table[i]; - while (signer) { - Signer* next = signer->next; - cnt_ret++; - signer = next; + if (table) { + int i = 0; + for (i = 0; i < CA_TABLE_SIZE; i++) { + Signer* signer = table[i]; + while (signer) { + Signer* next = signer->next; + cnt_ret++; + signer = next; + } } } + + if (store->certs != NULL) { + cnt_ret += wolfSSL_sk_X509_num(store->certs); + } wc_UnLockMutex(&store->cm->caLock); } } @@ -1203,7 +1610,8 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) } /****************************************************************************** -* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx +* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate +* store ctx * * This API can be used in SSL verify callback function to view cert chain * See examples/client/client.c and myVerify() function in test.h @@ -1234,7 +1642,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s) /* get certificate buffer */ cert = &s->certs[certIdx]; - dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); + dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_DCERT); if (dCert == NULL) { goto error; @@ -1297,7 +1706,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( { WOLFSSL_STACK* ret = NULL; WOLFSSL_STACK* cert_stack = NULL; +#if ((defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)) || \ + (defined(HAVE_CRL))) + WOLFSSL_X509_OBJECT* obj = NULL; +#endif +#if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) WOLFSSL_X509* x509 = NULL; + int i = 0; +#endif WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects"); if (store == NULL || store->cm == NULL) { @@ -1308,7 +1724,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( if (store->objs != NULL) { #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) /* want to update objs stack by cm stack again before returning it*/ - wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL); + X509StoreFreeObjList(store, store->objs); store->objs = NULL; #else if (wolfSSL_sk_X509_OBJECT_num(store->objs) == 0) { @@ -1328,9 +1744,17 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) cert_stack = wolfSSL_CertManagerGetCerts(store->cm); - /* wolfSSL_sk_X509_pop checks for NULL */ - while ((x509 = wolfSSL_sk_X509_pop(cert_stack)) != NULL) { - WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new(); + store->numAdded = 0; + for (i = 0; i < wolfSSL_sk_X509_num(store->certs); i++) { + wolfSSL_sk_X509_push(cert_stack, + wolfSSL_sk_X509_value(store->certs, i)); + store->numAdded++; + } + /* Do not modify stack until after we guarantee success to + * simplify cleanup logic handling cert merging above */ + for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) { + x509 = (WOLFSSL_X509 *)wolfSSL_sk_value(cert_stack, i); + obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); goto err_cleanup; @@ -1342,13 +1766,16 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( } obj->type = WOLFSSL_X509_LU_X509; obj->data.x509 = x509; - x509 = NULL; + } + + while (wolfSSL_sk_X509_num(cert_stack) > 0) { + wolfSSL_sk_X509_pop(cert_stack); } #endif #ifdef HAVE_CRL if (store->cm->crl != NULL) { - WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new(); + obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); goto err_cleanup; @@ -1369,11 +1796,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( return ret; err_cleanup: if (ret != NULL) - wolfSSL_sk_X509_OBJECT_pop_free(ret, NULL); - if (cert_stack != NULL) + X509StoreFreeObjList(store, ret); + if (cert_stack != NULL) { + while (store->numAdded > 0) { + wolfSSL_sk_X509_pop(cert_stack); + store->numAdded--; + } wolfSSL_sk_X509_pop_free(cert_stack, NULL); - if (x509 != NULL) - wolfSSL_X509_free(x509); + } return NULL; } #endif /* OPENSSL_ALL */ @@ -1399,9 +1829,9 @@ int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx, #endif #endif -/******************************************************************************* +/****************************************************************************** * END OF X509_STORE APIs - ******************************************************************************/ + *****************************************************************************/ #endif /* NO_CERTS */ diff --git a/sslSniffer/README.md b/sslSniffer/README.md index 27a6f52781..dbf68955ed 100644 --- a/sslSniffer/README.md +++ b/sslSniffer/README.md @@ -197,7 +197,7 @@ Frees all resources consumed by the wolfSSL sniffer and should be called when us int ssl_Trace(const char* traceFile, char* error); ``` -Enables Tracing when a file is passed in. Disables Tracing if previously on and a NULL value is passed in for the file. +Enables Tracing when a file is passed in. When `traceFile` is "-", then the trace will be printed to STDOUT. Disables Tracing if previously on and a NULL value is passed in for the file. Returns Values: diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 0cfb388597..de586f9595 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -145,7 +145,7 @@ enum { #endif #define DEFAULT_SERVER_IP "127.0.0.1" -#define DEFAULT_SERVER_PORT (443) +#define DEFAULT_SERVER_PORT (11111) #ifdef WOLFSSL_SNIFFER_WATCH static const byte rsaHash[] = { @@ -166,6 +166,7 @@ static const byte eccHash[] = { static pcap_t* pcap = NULL; static pcap_if_t* alldevs = NULL; static struct bpf_program pcap_fp; +static const char *traceFile = "./tracefile.txt"; static void FreeAll(void) { @@ -377,7 +378,6 @@ static int load_key(const char* name, const char* server, int port, if (loadCount == 0) { printf("Failed loading private key %s: ret %d\n", keyFile, ret); - printf("Please run directly from wolfSSL root dir\n"); ret = -1; } else { @@ -843,7 +843,7 @@ static void* snifferWorker(void* arg) char err[PCAP_ERRBUF_SIZE]; ssl_InitSniffer_ex2(worker->id); - ssl_Trace("./tracefile.txt", err); + ssl_Trace(traceFile, err); ssl_EnableRecovery(1, -1, err); #ifdef WOLFSSL_SNIFFER_WATCH ssl_SetWatchKeyCallback(myWatchCb, err); @@ -951,39 +951,90 @@ int main(int argc, char** argv) int i = 0, defDev = 0; int packetNumber = 0; int frame = ETHER_IF_FRAME_LEN; + char cmdLineArg[128]; + char *pcapFile = NULL; + char *deviceName = NULL; char err[PCAP_ERRBUF_SIZE]; - char filter[32]; + char filter[128]; const char *keyFilesSrc = NULL; #ifdef WOLFSSL_SNIFFER_KEYLOGFILE const char *sslKeyLogFile = NULL; #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ char keyFilesBuf[MAX_FILENAME_SZ]; char keyFilesUser[MAX_FILENAME_SZ]; - const char *server = DEFAULT_SERVER_IP; - int port = DEFAULT_SERVER_PORT; + const char *server = NULL; + int port = -1; const char *sniName = NULL; const char *passwd = NULL; pcap_if_t *d; pcap_addr_t *a; #ifdef THREADED_SNIFFTEST int workerThreadCount; -#ifdef HAVE_SESSION_TICKET - /* Multiple threads on resume not yet supported */ - workerThreadCount = 1; -#else - workerThreadCount = 5; #endif + +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); #endif show_appinfo(); signal(SIGINT, sig_handler); + for (i = 1; i < argc; i++) { + if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) { + pcapFile = argv[++i]; + } + else if (strcmp(argv[i], "-deviceName") == 0 && i + 1 < argc) { + deviceName = argv[++i]; + } + else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) { + keyFilesSrc = argv[++i]; + } + else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) { + server = argv[++i]; + } + else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) { + port = XATOI(argv[++i]); + } + else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) { + passwd = argv[++i]; + } + else if (strcmp(argv[i], "-tracefile") == 0 && i + 1 < argc) { + traceFile = argv[++i]; + } +#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) + else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) { + sslKeyLogFile = argv[++i]; + } +#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ +#if defined(THREADED_SNIFFTEST) + else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) { + workerThreadCount = XATOI(argv[++i]); + } +#endif /* THREADED_SNIFFTEST */ + else { + fprintf(stderr, "Error parsing: %s\n", argv[i]); + fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg" + " [-deviceName deviceName_arg]" + " [-password password_arg] [-server server_arg]" + " [-port port_arg]" + " [-tracefile tracefile_arg]" +#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) + " [-keylogfile keylogfile_arg]" +#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ +#if defined(THREADED_SNIFFTEST) + " [-threads threads_arg]" +#endif /* THREADED_SNIFFTEST */ + "\n", argv[0]); + exit(EXIT_FAILURE); + } + } + #ifndef THREADED_SNIFFTEST #ifndef _WIN32 ssl_InitSniffer(); /* dll load on Windows */ #endif - ssl_Trace("./tracefile.txt", err); + ssl_Trace(traceFile, err); ssl_EnableRecovery(1, -1, err); #ifdef WOLFSSL_SNIFFER_WATCH ssl_SetWatchKeyCallback(myWatchCb, err); @@ -991,101 +1042,175 @@ int main(int argc, char** argv) #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB ssl_SetStoreDataCallback(myStoreDataCb); #endif +#else +#ifdef HAVE_SESSION_TICKET + /* Multiple threads on resume not yet supported */ + workerThreadCount = 1; +#else + workerThreadCount = 5; #endif +#endif + SNPRINTF(filter, sizeof(filter), "(ip6 or ip) and tcp"); + - if (argc == 1) { - char cmdLineArg[128]; + if (pcapFile == NULL) { /* normal case, user chooses device and port */ if (pcap_findalldevs(&alldevs, err) == -1) err_sys("Error in pcap_findalldevs"); - for (d = alldevs; d; d=d->next) { - printf("%d. %s", ++i, d->name); - if (strcmp(d->name, "lo0") == 0) { - defDev = i; + if (deviceName == NULL) { + for (d = alldevs, i = 0; d; d=d->next) { + printf("%d. %s", ++i, d->name); + if (strcmp(d->name, "lo0") == 0) { + defDev = i; + } + if (d->description) + printf(" (%s)\n", d->description); + else + printf(" (No description available)\n"); } - if (d->description) - printf(" (%s)\n", d->description); - else - printf(" (No description available)\n"); - } - if (i == 0) - err_sys("No interfaces found! Make sure pcap or WinPcap is" - " installed correctly and you have sufficient permissions"); - - printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev); - XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg)); - if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) - inum = XATOI(cmdLineArg); - if (inum == 0) - inum = defDev; - else if (inum < 1 || inum > i) - err_sys("Interface number out of range"); - - /* Jump to the selected adapter */ - for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++); + if (i == 0) + err_sys("No interfaces found! Make sure pcap or WinPcap is" + " installed correctly and you have sufficient permissions"); + + printf("Enter the interface number (1-%d) [default: %d]: ", i, defDev); + XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg)); + if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) + inum = XATOI(cmdLineArg); + if (inum == 0) + inum = defDev; + else if (inum < 1 || inum > i) + err_sys("Interface number out of range"); + + /* Jump to the selected adapter */ + for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++); + } else { + int deviceNameSz = (int)XSTRLEN(deviceName); + for (d = alldevs; d; d = d->next) { + if (XSTRNCMP(d->name,deviceName,deviceNameSz) == 0) { + fprintf(stderr, "%s == %s\n", d->name, deviceName); + break; + } + } + if (d == NULL) { + err_sys("Can't find the device you're looking for"); + } + } + printf("Selected %s\n", d->name); pcap = pcap_create(d->name, err); - - if (pcap == NULL) printf("pcap_create failed %s\n", err); - - /* print out addresses for selected interface */ - for (a = d->addresses; a; a = a->next) { - if (a->addr->sa_family == AF_INET) { - server = - iptos(&((struct sockaddr_in *)a->addr)->sin_addr); - printf("server = %s\n", server); - } - else if (a->addr->sa_family == AF_INET6) { - server = - ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr); - printf("server = %s\n", server); + if (pcap == NULL) fprintf(stderr, "pcap_create failed %s\n", err); + + if (server == NULL) { + /* print out addresses for selected interface */ + for (a = d->addresses; a; a = a->next) { + if (a->addr->sa_family == AF_INET) { + server = + iptos(&((struct sockaddr_in *)a->addr)->sin_addr); + printf("server = %s\n", server); + } + else if (a->addr->sa_family == AF_INET6) { + server = + ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr); + printf("server = %s\n", server); + } } } - if (server == NULL) - err_sys("Unable to get device IPv4 or IPv6 address"); ret = pcap_set_snaplen(pcap, 65536); - if (ret != 0) printf("pcap_set_snaplen failed %s\n", pcap_geterr(pcap)); + if (ret != 0) + fprintf(stderr, "pcap_set_snaplen failed %s\n", pcap_geterr(pcap)); ret = pcap_set_timeout(pcap, 1000); - if (ret != 0) printf("pcap_set_timeout failed %s\n", pcap_geterr(pcap)); + if (ret != 0) + fprintf(stderr, "pcap_set_timeout failed %s\n", pcap_geterr(pcap)); ret = pcap_set_buffer_size(pcap, 1000000); if (ret != 0) - printf("pcap_set_buffer_size failed %s\n", pcap_geterr(pcap)); + fprintf(stderr, "pcap_set_buffer_size failed %s\n", + pcap_geterr(pcap)); ret = pcap_set_promisc(pcap, 1); - if (ret != 0) printf("pcap_set_promisc failed %s\n", pcap_geterr(pcap)); + if (ret != 0) + fprintf(stderr,"pcap_set_promisc failed %s\n", pcap_geterr(pcap)); ret = pcap_activate(pcap); - if (ret != 0) printf("pcap_activate failed %s\n", pcap_geterr(pcap)); + if (ret != 0) + fprintf(stderr, "pcap_activate failed %s\n", pcap_geterr(pcap)); + + } + else { + saveFile = 1; + pcap = pcap_open_offline(pcapFile , err); + if (pcap == NULL) { + fprintf(stderr, "pcap_open_offline failed %s\n", err); + err_sys(err); + } + } - printf("Enter the port to scan [default: 11111]: "); + if (server == NULL) { + server = DEFAULT_SERVER_IP; + } + + if (port < 0) { + printf("Enter the port to scan [default: %d, '0' for all]: ", + DEFAULT_SERVER_PORT); XMEMSET(cmdLineArg, 0, sizeof(cmdLineArg)); if (XFGETS(cmdLineArg, sizeof(cmdLineArg), stdin)) { port = XATOI(cmdLineArg); } - if (port <= 0) - port = 11111; + if ((port < 0) || (cmdLineArg[0] == '\n')) + port = DEFAULT_SERVER_PORT; - SNPRINTF(filter, sizeof(filter), "tcp and port %d", port); + } + if (port > 0) { + SNPRINTF(cmdLineArg, sizeof(filter), " and port %d", port); + XSTRLCAT(filter, cmdLineArg, sizeof(filter)); + } - ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0); - if (ret != 0) printf("pcap_compile failed %s\n", pcap_geterr(pcap)); +#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) + /* If we offer keylog support, then user must provide EITHER a pubkey + * OR a keylog file but NOT both */ + if (keyFilesSrc && sslKeyLogFile) { + fprintf(stderr, + "Error: either -key OR -keylogfile option but NOT both.\n"); + exit(EXIT_FAILURE); + } - ret = pcap_setfilter(pcap, &pcap_fp); - if (ret != 0) printf("pcap_setfilter failed %s\n", pcap_geterr(pcap)); + if (sslKeyLogFile != NULL) { + ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err); + if (ret != 0) { + fprintf(stderr, + "ERROR=%d, unable to load secrets from keylog file\n",ret); + err_sys(err); + } + ret = ssl_CreateKeyLogSnifferServer(server, port, err); + if (ret != 0) { + fprintf(stderr, + "ERROR=%d, unable to create keylog sniffer server\n",ret); + err_sys(err); + } + } + else +#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ + if (keyFilesSrc) { + ret = load_key(NULL, server, port, keyFilesSrc, passwd, err); + if (ret != 0) { + fprintf(stderr, "Failed to load key\n"); + err_sys(err); + } + } + else { /* optionally enter the private key to use */ - #if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY) +#if defined(WOLFSSL_STATIC_EPHEMERAL) && defined(DEFAULT_SERVER_EPH_KEY) keyFilesSrc = DEFAULT_SERVER_EPH_KEY; - #else +#else keyFilesSrc = DEFAULT_SERVER_KEY; - #endif +#endif printf("Enter the server key [default: %s]: ", keyFilesSrc); XMEMSET(keyFilesBuf, 0, sizeof(keyFilesBuf)); XMEMSET(keyFilesUser, 0, sizeof(keyFilesUser)); @@ -1109,137 +1234,24 @@ int main(int argc, char** argv) } #endif /* !WOLFSSL_SNIFFER_WATCH && HAVE_SNI */ - /* get IPv4 or IPv6 addresses for selected interface */ - for (a = d->addresses; a; a = a->next) { - server = NULL; - if (a->addr->sa_family == AF_INET) { - server = - iptos(&((struct sockaddr_in *)a->addr)->sin_addr); - } - else if (a->addr->sa_family == AF_INET6) { - server = - ip6tos(&((struct sockaddr_in6 *)a->addr)->sin6_addr); - } - - if (server) { - XSTRNCPY(keyFilesBuf, keyFilesSrc, sizeof(keyFilesBuf)); - ret = load_key(sniName, server, port, keyFilesBuf, NULL, err); - if (ret != 0) { - exit(EXIT_FAILURE); - } - } - } - } - else { - char *pcapFile = NULL; - - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-pcap") == 0 && i + 1 < argc) { - pcapFile = argv[++i]; - } - else if (strcmp(argv[i], "-key") == 0 && i + 1 < argc) { - keyFilesSrc = argv[++i]; - } - else if (strcmp(argv[i], "-server") == 0 && i + 1 < argc) { - server = argv[++i]; - } - else if (strcmp(argv[i], "-port") == 0 && i + 1 < argc) { - port = XATOI(argv[++i]); - } - else if (strcmp(argv[i], "-password") == 0 && i + 1 < argc) { - passwd = argv[++i]; - } -#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) - else if (strcmp(argv[i], "-keylogfile") == 0 && i + 1 < argc) { - sslKeyLogFile = argv[++i]; - } -#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ -#if defined(THREADED_SNIFFTEST) - else if (strcmp(argv[i], "-threads") == 0 && i + 1 < argc) { - workerThreadCount = XATOI(argv[++i]); - } -#endif /* THREADED_SNIFFTEST */ - else { - fprintf(stderr, "Invalid option or missing argument: %s\n", argv[i]); - fprintf(stderr, "Usage: %s -pcap pcap_arg -key key_arg" - " [-password password_arg] [-server server_arg] [-port port_arg]" -#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) - " [-keylogfile keylogfile_arg]" -#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ -#if defined(THREADED_SNIFFTEST) - " [-threads threads_arg]" -#endif /* THREADED_SNIFFTEST */ - "\n", argv[0]); - exit(EXIT_FAILURE); - } - } - - if (!pcapFile) { - fprintf(stderr, "Error: -pcap option is required.\n"); + ret = load_key(sniName, server, port, keyFilesBuf, NULL, err); + if (ret != 0) { exit(EXIT_FAILURE); } + } -#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) - /* If we offer keylog support, then user must provide EITHER a pubkey - * OR a keylog file but NOT both */ - if ((!keyFilesSrc && !sslKeyLogFile) || (keyFilesSrc && sslKeyLogFile)) { - fprintf(stderr, "Error: either -key OR -keylogfile option required but NOT both.\n"); - exit(EXIT_FAILURE); - } -#else - if (!keyFilesSrc) { - fprintf(stderr, "Error: -key option is required.\n"); - exit(EXIT_FAILURE); - } -#endif - - saveFile = 1; - pcap = pcap_open_offline(pcapFile , err); - if (pcap == NULL) { - fprintf(stderr, "pcap_open_offline failed %s\n", err); - err_sys(err); - } - else { -#if defined(WOLFSSL_SNIFFER_KEYLOGFILE) - if (sslKeyLogFile != NULL) { - ret = ssl_LoadSecretsFromKeyLogFile(sslKeyLogFile, err); - if (ret != 0) { - fprintf(stderr, "ERROR=%d, unable to load secrets from keylog file\n",ret); - err_sys(err); - } - - ret = ssl_CreateKeyLogSnifferServer(server, port, err); - if (ret != 0) { - fprintf(stderr, "ERROR=%d, unable to create keylog sniffer server\n",ret); - err_sys(err); - } - } - else -#endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ - { - ret = load_key(NULL, server, port, keyFilesSrc, passwd, err); - if (ret != 0) { - fprintf(stderr, "Failed to load key\n"); - err_sys(err); - } - } - - - /* Only let through TCP/IP packets */ - ret = pcap_compile(pcap, &pcap_fp, "(ip6 or ip) and tcp", 0, 0); - if (ret != 0) { - fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap)); - exit(EXIT_FAILURE); - } - - ret = pcap_setfilter(pcap, &pcap_fp); - if (ret != 0) { - fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap)); - exit(EXIT_FAILURE); - } - + /* Only let through TCP/IP packets */ + printf("Using packet filter: %s\n", filter); + ret = pcap_compile(pcap, &pcap_fp, filter, 0, 0); + if (ret != 0) { + fprintf(stderr, "pcap_compile failed %s\n", pcap_geterr(pcap)); + exit(EXIT_FAILURE); + } - } + ret = pcap_setfilter(pcap, &pcap_fp); + if (ret != 0) { + fprintf(stderr, "pcap_setfilter failed %s\n", pcap_geterr(pcap)); + exit(EXIT_FAILURE); } if (ret != 0) @@ -1263,7 +1275,7 @@ int main(int argc, char** argv) #endif while (1) { - struct pcap_pkthdr header; + struct pcap_pkthdr *header; const unsigned char* packet = NULL; byte* data = NULL; /* pointer to decrypted data */ #ifdef THREADED_SNIFFTEST @@ -1290,22 +1302,28 @@ int main(int argc, char** argv) if (data == NULL) { /* grab next pcap packet */ packetNumber++; - packet = pcap_next(pcap, &header); + if(pcap_next_ex(pcap, &header, &packet) < 0) { + break; + } } if (packet) { - if (header.caplen > 40) { /* min ip(20) + min tcp(20) */ + if (header->caplen > 40) { /* min ip(20) + min tcp(20) */ packet += frame; - header.caplen -= frame; + header->caplen -= frame; } else { /* packet doesn't contain minimum ip/tcp header */ continue; } + if (pcap_datalink(pcap) == DLT_LINUX_SLL) { + packet += 2; + header->caplen -= 2; + } #ifdef THREADED_SNIFFTEST XMEMSET(&info, 0, sizeof(SnifferStreamInfo)); - ret = ssl_DecodePacket_GetStream(&info, packet, header.caplen, err); + ret = ssl_DecodePacket_GetStream(&info, packet, header->caplen, err); /* calculate SnifferStreamInfo checksum */ infoSum = 0; @@ -1328,7 +1346,7 @@ int main(int argc, char** argv) /* add the packet to the worker's linked list */ if (SnifferWorkerPacketAdd(&workers[threadNum], ret, (byte*)packet, - header.caplen, packetNumber)) { + header->caplen, packetNumber)) { printf("Unable to add packet %d to worker", packetNumber); break; } @@ -1337,7 +1355,7 @@ int main(int argc, char** argv) #else /* Decode Packet, ret value will indicate whether a * bad packet was encountered */ - hadBadPacket = DecodePacket((byte*)packet, header.caplen, + hadBadPacket = DecodePacket((byte*)packet, header->caplen, packetNumber,err); #endif } diff --git a/tests/api.c b/tests/api.c index ed0306b5e9..7e672a8b4b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -225,6 +225,7 @@ #include #include #include + #include #ifdef OPENSSL_ALL #include #include @@ -5031,7 +5032,7 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) WOLFSSL* ssl = NULL; const char* cert = "./certs/server-cert.pem"; unsigned char* buf = NULL; - size_t len; + size_t len = 0; ExpectIntEQ(load_file(cert, &buf, &len), 0); @@ -13738,7 +13739,7 @@ static int test_wolfSSL_X509_verify(void) } #if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) /* Given acert file and its pubkey file, read them and then * attempt to verify signed acert. * @@ -14004,6 +14005,154 @@ static int test_wolfSSL_X509_ACERT_misc_api(void) return EXPECT_RESULT(); } +static int test_wolfSSL_X509_ACERT_buffer(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + X509_ACERT * x509 = NULL; + int rc = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + byte serial[64]; + int serial_len = sizeof(serial); + const byte * raw_attr = NULL; + word32 attr_len = 0; + + x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf, + sizeof(acert_ietf), + WOLFSSL_FILETYPE_PEM, + HEAP_HINT); + + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + ExpectIntEQ(serial_len, 20); + ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); + + /* Get the attributes buffer. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 65); + + ExpectNotNull(x509); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } +#endif + return EXPECT_RESULT(); +} + +/* Test ACERT support, but with ASN functions only. + * */ +static int test_wolfSSL_X509_ACERT_asn(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + int rc = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + DerBuffer * der = NULL; + #ifdef WOLFSSL_SMALL_STACK + DecodedAcert * acert = NULL; + #else + DecodedAcert acert[1]; + #endif + + rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der, + HEAP_HINT, NULL, NULL); + + ExpectIntEQ(rc, 0); + ExpectNotNull(der); + + if (der != NULL) { + ExpectNotNull(der->buffer); + } + + #ifdef WOLFSSL_SMALL_STACK + acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT, + DYNAMIC_TYPE_DCERT); + ExpectNotNull(acert); + #endif + + #ifdef WOLFSSL_SMALL_STACK + if (acert != NULL) + #endif + { + if (der != NULL && der->buffer != NULL) { + wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT); + rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE); + ExpectIntEQ(rc, 0); + } + + ExpectIntEQ(acert->serialSz, 20); + ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)), + 0); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(acert->rawAttr); + ExpectIntEQ(acert->rawAttrLen, 65); + + wc_FreeDecodedAcert(acert); + } + + #ifdef WOLFSSL_SMALL_STACK + if (acert != NULL) { + XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT); + acert = NULL; + } + #endif + + if (der != NULL) { + wc_FreeDer(&der); + } + +#endif + return EXPECT_RESULT(); +} + #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \ defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) @@ -20866,7 +21015,7 @@ static int test_RsaDecryptBoundsCheck(void) WC_RNG rng; RsaKey key; byte flatC[256]; - word32 flatCSz; + word32 flatCSz = 0; byte out[256]; word32 outSz = sizeof(out); @@ -23284,7 +23433,7 @@ static int test_wc_DsaSignVerify(void) byte hash[WC_SHA_DIGEST_SIZE]; word32 idx = 0; word32 bytes; - int answer; + int answer = 0; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; @@ -25630,7 +25779,7 @@ static int test_wc_ecc_params(void) #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) /* Test for SECP256R1 curve */ int curve_id = ECC_SECP256R1; - int curve_idx; + int curve_idx = 0; ExpectIntNE(curve_idx = wc_ecc_get_curve_idx(curve_id), ECC_CURVE_INVALID); ExpectNotNull(ecc_set = wc_ecc_get_curve_params(curve_idx)); @@ -27665,7 +27814,7 @@ static int test_wc_EccPrivateKeyToDer(void) byte output[ONEK_BUF]; ecc_key eccKey; WC_RNG rng; - word32 inLen; + word32 inLen = 0; word32 outLen = 0; int ret; @@ -27681,12 +27830,13 @@ static int test_wc_EccPrivateKeyToDer(void) #endif ExpectIntEQ(ret, 0); - inLen = (word32)sizeof(output); /* Bad Cases */ ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, NULL, inLen), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + inLen = wc_EccPrivateKeyToDer(&eccKey, NULL, 0); + ExpectIntGT(inLen, 0); ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Good Case */ ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen), 0); @@ -34818,15 +34968,6 @@ static int test_wc_dilithium_der(void) ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, 1), pubDerLen); idx = 0; -{ - fprintf(stderr, "\n"); - for (int ii = 0; ii < pubDerLen; ii++) { - if ((ii % 8) == 0) fprintf(stderr, " "); - fprintf(stderr, "0x%02x,", der[ii]); - if ((ii % 8) == 7) fprintf(stderr, "\n"); - else fprintf(stderr, " "); - } -} ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0); ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, @@ -49033,6 +49174,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) word32 badOutSz = 0; byte data[] = "Test data to encode."; #ifndef NO_RSA + int encryptOid = RSAk; #if defined(USE_CERT_BUFFERS_2048) byte key[sizeof(client_key_der_2048)]; byte cert[sizeof(client_cert_der_2048)]; @@ -49075,6 +49217,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) XFCLOSE(fp); #endif #elif defined(HAVE_ECC) + int encryptOid = ECDSAk; #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; @@ -49122,7 +49265,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); - pkcs7->encryptOID = RSAk; + pkcs7->encryptOID = encryptOid; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else @@ -49139,8 +49282,9 @@ static int test_wc_PKCS7_EncodeSignedData(void) ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); -#ifdef ASN_BER_TO_DER +#if defined(ASN_BER_TO_DER) && !defined(NO_RSA) wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; /* reinitialize and test setting stream mode */ { @@ -49157,7 +49301,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); - pkcs7->encryptOID = RSAk; + pkcs7->encryptOID = encryptOid; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else @@ -49180,7 +49324,8 @@ static int test_wc_PKCS7_EncodeSignedData(void) ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); /* use exact signed buffer size since BER encoded */ - ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)signedSz), + 0); wc_PKCS7_Free(pkcs7); /* now try with using callbacks for IO */ @@ -49193,7 +49338,7 @@ static int test_wc_PKCS7_EncodeSignedData(void) pkcs7->contentSz = FOURK_BUF*2; pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); - pkcs7->encryptOID = RSAk; + pkcs7->encryptOID = encryptOid; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else @@ -51550,10 +51695,10 @@ static int test_wc_PKCS7_BER(void) byte decoded[2048]; #endif word32 derSz = 0; -#ifndef NO_PKCS7_STREAM +#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA) word32 z; int ret; -#endif /* !NO_PKCS7_STREAM */ +#endif /* !NO_PKCS7_STREAM && !NO_RSA */ ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE); ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0); @@ -52516,7 +52661,7 @@ static int test_wolfSSL_ASN1_INTEGER(void) ASN1_INTEGER_free(a); a = NULL; - p = longDer; + p = invalidLenDer; ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer))); p = longDer; @@ -54922,8 +55067,14 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) group_obj = OBJ_nid2obj(NID_secp256k1); ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj, V_ASN1_OBJECT, group_obj), 1); - ec_obj = NULL; - group_obj = NULL; + if (EXPECT_SUCCESS()) { + ec_obj = NULL; + group_obj = NULL; + } + else { + wolfSSL_ASN1_OBJECT_free(ec_obj); + wolfSSL_ASN1_OBJECT_free(group_obj); + } ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1), 1); /* nested_asn1->asn1_obj->key */ @@ -54931,8 +55082,14 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) group_obj = OBJ_nid2obj(NID_secp256k1); ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj, V_ASN1_OBJECT, group_obj), 1); - ec_obj = NULL; - group_obj = NULL; + if (EXPECT_SUCCESS()) { + ec_obj = NULL; + group_obj = NULL; + } + else { + wolfSSL_ASN1_OBJECT_free(ec_obj); + wolfSSL_ASN1_OBJECT_free(group_obj); + } ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key, 500, 1), 1); /* nested_asn1->asn1_obj->asnNum */ @@ -54950,13 +55107,18 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) ExpectIntGT( sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList, genStr), 0); + if (EXPECT_FAIL()) { + ASN1_GENERALSTRING_free(genStr); + } } /* nested_asn1->asn1_obj->str */ ExpectNotNull(nested_asn1->asn1_obj->str->d.str2 = ASN1_BIT_STRING_new()); ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2, 150, 1), 1); - nested_asn1->asn1_obj->str->type = 2; + if (nested_asn1 != NULL) { + nested_asn1->asn1_obj->str->type = 2; + } der = NULL; ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285); @@ -54987,6 +55149,9 @@ static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) ExpectNotNull(asn1_num = ASN1_INTEGER_new()); ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1); ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0); + if (EXPECT_FAIL()) { + ASN1_INTEGER_free(asn1_num); + } } der = NULL; @@ -55014,8 +55179,8 @@ static int test_wolfSSL_i2d_ASN1_TYPE(void) #if defined(OPENSSL_EXTRA) /* Taken from one of sssd's certs othernames */ unsigned char str_bin[] = { - 0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d, - 0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93 + 0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d, + 0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93 }; ASN1_TYPE* asn1type = NULL; unsigned char* der = NULL; @@ -55026,7 +55191,12 @@ static int test_wolfSSL_i2d_ASN1_TYPE(void) ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE)); ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1); ExpectNotNull(asn1type = ASN1_TYPE_new()); - ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str); + if (asn1type != NULL) { + ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str); + } + else { + ASN1_STRING_free(str); + } } ExpectIntEQ(i2d_ASN1_TYPE(asn1type, NULL), sizeof(str_bin)); @@ -55652,20 +55822,42 @@ static int test_wolfSSL_X509_check_host(void) && !defined(NO_SHA) && !defined(NO_RSA) X509* x509 = NULL; const char altName[] = "example.com"; + const char badAltName[] = "a.example.com"; + /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */ ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_check_host(x509, NULL, 0, + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + X509_free(x509); ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); #endif return EXPECT_RESULT(); } @@ -57225,13 +57417,22 @@ static int test_wolfSSL_PEM_PrivateKey_dsa(void) ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) +#ifdef WOLFSSL_ASN_TEMPLATE ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 0); + NULL), 1216); +#else + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 1212); +#endif #endif #ifdef WOLFSSL_KEY_GEN ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1); - ExpectIntEQ(BIO_pending(bio), 1178); +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(BIO_pending(bio), 2394); +#else + ExpectIntEQ(BIO_pending(bio), 2390); +#endif BIO_reset(bio); #endif @@ -57260,6 +57461,7 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) BIO* bio = NULL; EVP_PKEY* pkey = NULL; + int expectedBytes = 0; ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb")); /* Private DH EVP_PKEY */ @@ -57271,8 +57473,9 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void) ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + expectedBytes += 806; ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 0); + NULL), expectedBytes); #endif #ifdef WOLFSSL_KEY_GEN ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0); @@ -57280,7 +57483,8 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void) ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), 1); - ExpectIntEQ(BIO_pending(bio), 806); + expectedBytes += 806; + ExpectIntEQ(BIO_pending(bio), expectedBytes); BIO_free(bio); bio = NULL; @@ -59352,8 +59556,12 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void) ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); issuer = X509_STORE_CTX_get0_current_issuer(ctx); - ExpectNotNull(issuer); + ExpectNull(issuer); + + ExpectIntEQ(X509_verify_cert(ctx), 1); + issuer = X509_STORE_CTX_get0_current_issuer(ctx); + ExpectNotNull(issuer); caName = X509_get_subject_name(x509Ca); ExpectNotNull(caName); issuerName = X509_get_subject_name(issuer); @@ -59362,7 +59570,6 @@ static int test_wolfSSL_X509_LOOKUP_ctrl_file(void) ExpectIntEQ(cmp, 0); /* load der format */ - X509_free(issuer); issuer = NULL; X509_STORE_CTX_free(ctx); ctx = NULL; @@ -59440,7 +59647,7 @@ static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void) return res; } -static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void) +static int test_wolfSSL_X509_STORE_CTX_get_issuer(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) @@ -59462,16 +59669,23 @@ static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void) ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); + /* Issuer0 is not set until chain is built for verification */ ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); - ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + /* Issuer1 will use the store to make a new issuer */ + ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1); + ExpectNotNull(issuer); + X509_free(issuer); + + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); ExpectNotNull(caName = X509_get_subject_name(x509Ca)); ExpectNotNull(issuerName = X509_get_subject_name(issuer)); #ifdef WOLFSSL_SIGNER_DER_CERT ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0); #endif - X509_free(issuer); X509_STORE_CTX_free(ctx); X509_free(x509Svr); X509_STORE_free(str); @@ -59618,11 +59832,9 @@ static int test_wolfSSL_X509_STORE_CTX(void) ExpectNotNull((ctx = X509_STORE_CTX_new())); ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1); ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL))); - ExpectNotNull((sk2 = X509_STORE_CTX_get_chain(ctx))); - ExpectIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */ + ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx))); ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL))); - ExpectNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); - ExpectIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */ + ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); X509_STORE_CTX_free(ctx); ctx = NULL; X509_STORE_free(str); @@ -59689,6 +59901,424 @@ static int test_wolfSSL_X509_STORE_CTX(void) return EXPECT_RESULT(); } +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + +typedef struct { + const char *caFile; + const char *caIntFile; + const char *caInt2File; + const char *leafFile; + X509 *x509Ca; + X509 *x509CaInt; + X509 *x509CaInt2; + X509 *x509Leaf; + STACK_OF(X509)* expectedChain; +} X509_STORE_test_data; + +static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file) +{ + XFILE fp = XBADFILE; + X509 *x = NULL; + + fp = XFOPEN(file, "rb"); + if (fp == NULL) { + return NULL; + } + x = PEM_read_X509(fp, 0, 0, 0); + XFCLOSE(fp); + + return x; +} + +static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 1, add X509 certs to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 2, add certs by filename to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caIntFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caInt2File, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 3, mix and match X509 with files */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 4, CA loaded by file, intermediates passed on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + int i = 0; + + /* Test case 5, manually set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 6, manually set trusted stack will be unified with + * any intermediates provided on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 7, certs added to store after ctx init are still used */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 8, Only full chain verifies */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE_CTX* ctx2 = NULL; + STACK_OF(X509)* trusted = NULL; + + /* Test case 9, certs added to store should not be reflected in ctx that + * has been manually set with a trusted stack, but are reflected in ctx + * that has not set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ctx2 = X509_STORE_CTX_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + /* CTX1 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + /* CTX2 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_free(ctx); + X509_STORE_CTX_free(ctx2); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 10, ensure partial chain flag works */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 11, test partial chain flag on ctx itself */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_X509_STORE_CTX_ex(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_test_data testData; + XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data)); + testData.caFile = "./certs/ca-cert.pem"; + testData.caIntFile = "./certs/intermediate/ca-int-cert.pem"; + testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem"; + testData.leafFile = "./certs/intermediate/server-chain.pem"; + + ExpectNotNull(testData.x509Ca = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile)); + ExpectNotNull(testData.x509CaInt = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile)); + ExpectNotNull(testData.x509CaInt2 = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File)); + ExpectNotNull(testData.x509Leaf = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile)); + ExpectNotNull(testData.expectedChain = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1); + + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1); + + if(testData.x509Ca) { + X509_free(testData.x509Ca); + } + if(testData.x509CaInt) { + X509_free(testData.x509CaInt); + } + if(testData.x509CaInt2) { + X509_free(testData.x509CaInt2); + } + if(testData.x509Leaf) { + X509_free(testData.x509Leaf); + } + if (testData.expectedChain) { + sk_X509_free(testData.expectedChain); + } + +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + + return EXPECT_RESULT(); +} + + #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename, STACK_OF(X509)* chain) @@ -59791,9 +60421,15 @@ static int test_X509_STORE_untrusted(void) /* Succeeds because path to loaded CA is available. */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1), TEST_SUCCESS); - /* Fails because root CA is in the untrusted stack */ + /* Root CA in untrusted chain is OK so long as CA has been loaded + * properly */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), + TEST_SUCCESS); + /* Still needs properly loaded CA, while including it in untrusted + * list is not an error, it also doesnt count for verify */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), TEST_SUCCESS); + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), + TEST_SUCCESS); /* Succeeds because path to loaded CA is available. */ ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), TEST_SUCCESS); @@ -61435,8 +62071,14 @@ static int test_wolfSSL_BN_enc_dec(void) ExpectNull(BN_bn2dec(NULL)); ExpectNull(BN_bn2dec(&emptyBN)); + ExpectNotNull(c = BN_bin2bn(NULL, 0, NULL)); + BN_clear(c); + BN_free(c); + c = NULL; + ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a)); BN_free(a); + a = NULL; ExpectNotNull(a = BN_new()); ExpectIntEQ(BN_set_word(a, 2), 1); ExpectNull(BN_bin2bn(binNum, -1, a)); @@ -63359,6 +64001,12 @@ static int test_wolfSSL_X509_bad_altname(void) * name of "a*\0*". Ensure that it does not match "aaaaa" */ ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + + /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), 1); + X509_free(x509); #endif @@ -63479,6 +64127,26 @@ static int test_wolfSSL_X509_name_match(void) ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*' alt name does not have wildcard left-most */ + + /* Ensure that "a*" does not match "aaaaa" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "a" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "abbbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "bbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); #endif @@ -63601,6 +64269,21 @@ static int test_wolfSSL_X509_name_match2(void) ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*b*' alt name does not have wildcard left-most */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + /* Ensure that "a*b*" matches "ab", testing openssl behavior replication * on check len input handling, 0 for len is OK as it should then use * strlen(name1) */ @@ -63714,6 +64397,8 @@ static int test_wolfSSL_X509_name_match3(void) int nameLen1 = (int)(XSTRLEN(name1)); const char *name2 = "x.y.example.com"; int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "example.com"; + int nameLen3 = (int)(XSTRLEN(name3)); ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); @@ -63724,6 +64409,22 @@ static int test_wolfSSL_X509_name_match3(void) /* Ensure that "*.example.com" does NOT match "x.y.example.com" */ ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "*.example.com" does NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "x.y.example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); @@ -64938,6 +65639,7 @@ static int test_wolfSSL_PKCS8_Compat(void) #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) && \ !defined(NO_BIO) PKCS8_PRIV_KEY_INFO* pt = NULL; + PKCS8_PRIV_KEY_INFO* pt2 = NULL; BIO* bio = NULL; XFILE f = XBADFILE; int bytes = 0; @@ -64960,13 +65662,14 @@ static int test_wolfSSL_PKCS8_Compat(void) ExpectIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC); /* gets PKCS8 pointer to pkey */ - ExpectNotNull(EVP_PKEY2PKCS8(pkey)); + ExpectNotNull(pt2 = EVP_PKEY2PKCS8(pkey)); EVP_PKEY_free(pkey); #endif BIO_free(bio); PKCS8_PRIV_KEY_INFO_free(pt); + PKCS8_PRIV_KEY_INFO_free(pt2); #endif return EXPECT_RESULT(); } @@ -65465,7 +66168,9 @@ static int test_wolfSSL_ERR_print_errors(void) defined(DEBUG_WOLFSSL) static int test_wolfSSL_error_cb(const char *str, size_t len, void *u) { - wolfSSL_BIO_write((BIO*)u, str, (int)len); + if (u != NULL) { + wolfSSL_BIO_write((BIO*)u, str, (int)len); + } return 0; } #endif @@ -68248,7 +68953,7 @@ static int test_GENERAL_NAME_set0_othername(void) { defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \ - defined(WOLFSSL_FPKI) + defined(WOLFSSL_FPKI) && !defined(NO_RSA) /* ./configure --enable-opensslall --enable-certgen --enable-certreq * --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID * -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */ @@ -68328,11 +69033,11 @@ static int test_GENERAL_NAME_set0_othername(void) { /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */ static int test_othername_and_SID_ext(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \ - defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE) + defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_RSA) /* ./configure --enable-opensslall --enable-certgen --enable-certreq * --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID * -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */ @@ -68444,6 +69149,7 @@ static int test_othername_and_SID_ext(void) { exts = NULL; ASN1_OBJECT_free(upn_oid); ASN1_OBJECT_free(sid_oid); + sid_oid = NULL; ASN1_OCTET_STRING_free(sid_data); X509_REQ_free(x509); EVP_PKEY_free(priv); @@ -75457,7 +76163,8 @@ static int test_wolfSSL_OCSP_parse_url(void) } #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \ - defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) + defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \ + !defined(NO_ASN_TIME) static time_t test_wolfSSL_OCSP_REQ_CTX_time_cb(time_t* t) { if (t != NULL) { @@ -75679,10 +76386,12 @@ static int test_wolfSSL_OCSP_REQ_CTX(void) ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), -1); ExpectIntEQ(BIO_write(bio2, ocspRespBin, sizeof(ocspRespBin)), sizeof(ocspRespBin)); +#ifndef NO_ASN_TIME ExpectIntEQ(wc_SetTimeCb(test_wolfSSL_OCSP_REQ_CTX_time_cb), 0); ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), 1); ExpectIntEQ(wc_SetTimeCb(NULL), 0); ExpectNotNull(rsp); +#endif OCSP_REQ_CTX_free(ctx); OCSP_REQUEST_free(req); @@ -79871,7 +80580,7 @@ static int test_wolfSSL_X509_load_crl_file(void) #ifdef WC_RSA_PSS ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM), - WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); #endif } /* once feeing store */ @@ -82208,6 +82917,14 @@ static int test_wolfSSL_RSA(void) unsigned char hash[SHA256_DIGEST_LENGTH]; unsigned char signature[2048/8]; unsigned int signatureLen = 0; + BIGNUM* n2 = NULL; + BIGNUM* e2 = NULL; + BIGNUM* d2 = NULL; + BIGNUM* p2 = NULL; + BIGNUM* q2 = NULL; + BIGNUM* dmp12 = NULL; + BIGNUM* dmq12 = NULL; + BIGNUM* iqmp2 = NULL; XMEMSET(hash, 0, sizeof(hash)); RSA_get0_key(rsa, &n, &e, &d); @@ -82221,42 +82938,121 @@ static int test_wolfSSL_RSA(void) signatureLen, rsa), 1); /* Verifying */ + ExpectNotNull(n2 = BN_dup(n)); + ExpectNotNull(e2 = BN_dup(e)); + ExpectNotNull(p2 = BN_dup(p)); + ExpectNotNull(q2 = BN_dup(q)); + ExpectNotNull(dmp12 = BN_dup(dmp1)); + ExpectNotNull(dmq12 = BN_dup(dmq1)); + ExpectNotNull(iqmp2 = BN_dup(iqmp)); + ExpectNotNull(rsa2 = RSA_new()); - ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), NULL), 1); + ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, NULL), 1); + if (EXPECT_SUCCESS()) { + n2 = NULL; + e2 = NULL; + } ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa2), 1); - ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1); + ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1); + if (EXPECT_SUCCESS()) { + p2 = NULL; + q2 = NULL; + } ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa2), 1); - ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1), - BN_dup(iqmp)), 1); + ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1); + if (EXPECT_SUCCESS()) { + dmp12 = NULL; + dmq12 = NULL; + iqmp2 = NULL; + } ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa2), 1); RSA_free(rsa2); rsa2 = NULL; + BN_free(iqmp2); + iqmp2 = NULL; + BN_free(dmq12); + dmq12 = NULL; + BN_free(dmp12); + dmp12 = NULL; + BN_free(q2); + q2 = NULL; + BN_free(p2); + p2 = NULL; + BN_free(e2); + e2 = NULL; + BN_free(n2); + n2 = NULL; + + ExpectNotNull(n2 = BN_dup(n)); + ExpectNotNull(e2 = BN_dup(e)); + ExpectNotNull(d2 = BN_dup(d)); + ExpectNotNull(p2 = BN_dup(p)); + ExpectNotNull(q2 = BN_dup(q)); + ExpectNotNull(dmp12 = BN_dup(dmp1)); + ExpectNotNull(dmq12 = BN_dup(dmq1)); + ExpectNotNull(iqmp2 = BN_dup(iqmp)); + /* Signing */ XMEMSET(signature, 0, sizeof(signature)); ExpectNotNull(rsa2 = RSA_new()); - ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), BN_dup(d)), 1); + ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, d2), 1); + if (EXPECT_SUCCESS()) { + n2 = NULL; + e2 = NULL; + d2 = NULL; + } +#if defined(WOLFSSL_SP_MATH) && !defined(RSA_LOW_MEM) + /* SP is not support signing without CRT parameters. */ + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 0); + ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1); + if (EXPECT_SUCCESS()) { + p2 = NULL; + q2 = NULL; + } + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 0); +#else ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa2), 1); ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa), 1); - ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1); + ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1); + if (EXPECT_SUCCESS()) { + p2 = NULL; + q2 = NULL; + } XMEMSET(signature, 0, sizeof(signature)); ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa2), 1); ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa), 1); - ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1), - BN_dup(iqmp)), 1); +#endif + ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1); + if (EXPECT_SUCCESS()) { + dmp12 = NULL; + dmq12 = NULL; + iqmp2 = NULL; + } ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa2), 1); ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa), 1); RSA_free(rsa2); rsa2 = NULL; + + BN_free(iqmp2); + BN_free(dmq12); + BN_free(dmp12); + BN_free(q2); + BN_free(p2); + BN_free(d2); + BN_free(e2); + BN_free(n2); } #endif @@ -83374,10 +84170,11 @@ static int test_wolfSSL_RSA_GenAdd(void) ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1); -#ifndef RSA_LOW_MEM +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM) ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1); #else - /* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */ + /* dmp1 and dmq1 are not set (allocated) in this config */ ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1); #endif @@ -84970,6 +85767,28 @@ static int test_wolfSSL_PEM_read_bio_ECPKParameters(void) return EXPECT_RESULT(); } +static int test_wolfSSL_i2d_ECPKParameters(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + EC_GROUP* grp = NULL; + unsigned char p256_oid[] = { + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 + }; + unsigned char *der = p256_oid; + unsigned char out_der[sizeof(p256_oid)]; + + XMEMSET(out_der, 0, sizeof(out_der)); + ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der, + sizeof(p256_oid))); + der = out_der; + ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid)); + ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid)); + EC_GROUP_free(grp); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_EC_POINT(void) { EXPECT_DECLS; @@ -87298,6 +88117,7 @@ static void test_AEAD_limit_client(WOLFSSL* ssl) /* Test the sending limit for AEAD ciphers */ Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit; test_AEAD_seq_num = 1; + XMEMSET(msgBuf, 0, sizeof(msgBuf)); ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf)); AssertIntGT(ret, 0); didReKey = 0; @@ -89018,7 +89838,6 @@ static int error_test(void) { -346, -349 }, { -356, -356 }, { -358, -358 }, - { -372, -372 }, { -384, -384 }, { -466, -499 }, { WOLFSSL_LAST_E-1, WOLFSSL_LAST_E-1 } @@ -90464,12 +91283,13 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void) XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + ExpectNotNull(ssl_s); ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c)); ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8), WOLFSSL_SUCCESS); wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); - if (ssl_s != NULL) { + if (EXPECT_SUCCESS()) { max_fragment = ssl_s->max_fragment; } /* send CH */ @@ -91950,7 +92770,7 @@ static int test_override_alt_cert_chain_ocsp_cb(void* ioCtx, const char* url, (void)request; (void)requestSz; (void)response; - return -1; + return WOLFSSL_CBIO_ERR_GENERAL; } static int test_override_alt_cert_chain_client_ctx_ready(WOLFSSL_CTX* ctx) @@ -92431,8 +93251,7 @@ static int test_tls13_rpk_handshake(void) * expecting default settings works and no negotiation performed. */ - if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) - return TEST_FAIL; + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); /* confirm no negotiation occurred */ ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), @@ -92489,8 +93308,7 @@ static int test_tls13_rpk_handshake(void) * expecting default settings works and no negotiation performed. */ - if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) - return TEST_FAIL; + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); /* confirm no negotiation occurred */ ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), @@ -92559,8 +93377,7 @@ static int test_tls13_rpk_handshake(void) ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), WOLFSSL_SUCCESS); - if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) - return TEST_FAIL; + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), WOLFSSL_SUCCESS); @@ -94106,9 +94923,11 @@ static int test_dtls_client_hello_timeout_downgrade(void) /* Drop the SH */ dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff); len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]); - XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff + + if (EXPECT_SUCCESS()) { + XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff + sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len - (sizeof(DtlsRecordLayerHeader) + len)); + } test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len; /* Read the remainder of the flight */ ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); @@ -94137,9 +94956,11 @@ static int test_dtls_client_hello_timeout_downgrade(void) /* Drop the SH */ dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.c_buff); len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]); - XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff + + if (EXPECT_SUCCESS()) { + XMEMMOVE(test_ctx.c_buff, test_ctx.c_buff + sizeof(DtlsRecordLayerHeader) + len, test_ctx.c_len - (sizeof(DtlsRecordLayerHeader) + len)); + } test_ctx.c_len -= sizeof(DtlsRecordLayerHeader) + len; /* Read the remainder of the flight */ ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); @@ -94824,11 +95645,12 @@ static int test_dtls_frag_ch(void) /* Limit options to make the CH a fixed length */ /* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2 * ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */ - ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384" #ifdef OPENSSL_EXTRA - ":DHE-RSA-AES256-GCM-SHA384" + ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384" + ":DHE-RSA-AES256-GCM-SHA384")); +#else + ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384")); #endif - )); /* CH1 */ ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); @@ -96456,7 +97278,7 @@ static int test_ocsp_callback_fails_cb(void* ctx, const char* url, int urlSz, (void)ocspReqBuf; (void)ocspReqSz; (void)ocspRespBuf; - return -1; + return WOLFSSL_CBIO_ERR_GENERAL; } static int test_ocsp_callback_fails(void) { @@ -97170,9 +97992,10 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_TBS), TEST_DECL(test_wolfSSL_X509_STORE_CTX), + TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex), TEST_DECL(test_X509_STORE_untrusted), TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_current_issuer), + TEST_DECL(test_wolfSSL_X509_STORE_CTX_get_issuer), TEST_DECL(test_wolfSSL_X509_STORE_set_flags), TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file), TEST_DECL(test_wolfSSL_X509_Name_canon), @@ -97240,6 +98063,8 @@ TEST_CASE testCases[] = { /* X509 ACERT tests */ TEST_DECL(test_wolfSSL_X509_ACERT_verify), TEST_DECL(test_wolfSSL_X509_ACERT_misc_api), + TEST_DECL(test_wolfSSL_X509_ACERT_buffer), + TEST_DECL(test_wolfSSL_X509_ACERT_asn), #ifndef NO_BIO TEST_DECL(test_wolfSSL_X509_INFO_multiple_info), @@ -97494,6 +98319,7 @@ TEST_CASE testCases[] = { #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK) TEST_DECL(test_wolfSSL_EC_GROUP), + TEST_DECL(test_wolfSSL_i2d_ECPKParameters), TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters), TEST_DECL(test_wolfSSL_EC_POINT), TEST_DECL(test_wolfSSL_SPAKE), diff --git a/wolfcrypt/benchmark/benchmark-VS2022.sln b/wolfcrypt/benchmark/benchmark-VS2022.sln new file mode 100644 index 0000000000..2831db510a --- /dev/null +++ b/wolfcrypt/benchmark/benchmark-VS2022.sln @@ -0,0 +1,87 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.11.35327.3 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "benchmark-VS2022", "benchmark-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}" + ProjectSection(SolutionItems) = preProject + ..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h + ..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h + EndProjectSection +EndProject +Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|ARM64 = Debug|ARM64 + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + DLL Debug|ARM64 = DLL Debug|ARM64 + DLL Debug|x64 = DLL Debug|x64 + DLL Debug|x86 = DLL Debug|x86 + DLL Release|ARM64 = DLL Release|ARM64 + DLL Release|x64 = DLL Release|x64 + DLL Release|x86 = DLL Release|x86 + Release|ARM64 = Release|ARM64 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA} + EndGlobalSection +EndGlobal diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj new file mode 100644 index 0000000000..ce5937e29c --- /dev/null +++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj @@ -0,0 +1,162 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + 17.0 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21} + Win32Proj + + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>17.0.35327.3 + + + Debug\ + Debug\ + true + + + true + + + Release\ + Release\ + true + + + true + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + EditAndContinue + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + MachineX86 + + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + MachineX86 + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + + + + {12226dbe-7278-4dfa-a119-5a0294cf0b33} + + + + + + diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user new file mode 100644 index 0000000000..2219efc160 --- /dev/null +++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user @@ -0,0 +1,7 @@ + + + + $(ProjectDir)../../ + WindowsLocalDebugger + + diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 60f500c432..a242ad9f2b 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -322,6 +322,11 @@ #error "Nano newlib formatting must not be enabled for benchmark" #endif #endif + #if ESP_IDF_VERSION_MAJOR >= 5 + #define TFMT "%lu" + #else + #define TFMT "%d" + #endif #ifdef configTICK_RATE_HZ /* Define CPU clock cycles per tick of FreeRTOS clock @@ -337,6 +342,27 @@ #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ configCPU_CLOCK_HZ #endif #endif + #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ + /* This section is for pre-v5 ESP-IDF */ + #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ + #else + /* TODO unsupported */ + #endif /* older CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ */ + #endif #define CPU_TICK_CYCLES ( \ (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \ / configTICK_RATE_HZ \ @@ -354,9 +380,12 @@ #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) #include - #include "driver/gptimer.h" + #if ESP_IDF_VERSION_MAJOR >= 5 + #include + #endif #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG #define RESOLUTION_SCALE 100 + /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160 */ static gptimer_handle_t esp_gptimer = NULL; static gptimer_config_t esp_timer_config = { .clk_src = GPTIMER_CLK_SRC_DEFAULT, @@ -375,6 +404,9 @@ #elif defined(CONFIG_IDF_TARGET_ESP8266) /* no CPU HAL for ESP8266, we'll use RTOS tick calc estimates */ #include + #include + #include + #include #elif defined(CONFIG_IDF_TARGET_ESP32H2) /* TODO add ESP32-H2 benchmark support */ #else @@ -1446,10 +1478,16 @@ static const char* bench_result_words3[][5] = { thisTimerVal = thisTimerVal * RESOLUTION_SCALE; #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ - thisVal = esp_cpu_get_cycle_count(); + #if ESP_IDF_VERSION_MAJOR >= 5 + thisVal = esp_cpu_get_cycle_count(); + #else + thisVal = cpu_hal_get_cycle_count(); + #endif #elif defined(CONFIG_IDF_TARGET_ESP32H2) thisVal = esp_cpu_get_cycle_count(); + #elif defined(CONFIG_IDF_TARGET_ESP8266) + thisVal = esp_timer_get_time(); #else /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa? * Calling current_time(1) to reset time causes thisVal overflow, @@ -1478,7 +1516,7 @@ static const char* bench_result_words3[][5] = { expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */ ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES); ESP_LOGV(TAG, "tickCount = %llu", tickCount); - ESP_LOGV(TAG, "last_tickCount = %u", last_tickCount); + ESP_LOGV(TAG, "last_tickCount = " TFMT, last_tickCount); ESP_LOGV(TAG, "tickDiff = %llu", tickDiff); ESP_LOGV(TAG, "expected_diff1 = %llu", expected_diff); } @@ -1514,9 +1552,16 @@ static const char* bench_result_words3[][5] = { /* double check expected diff calc */ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) - * tickDiff / configTICK_RATE_HZ; - ESP_LOGI(TAG, "expected_diff2 = %llu", expected_diff); + #if defined(CONFIG_IDF_TARGET_ESP8266) + expected_diff = (CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ + * MILLION_VALUE) + * tickDiff / configTICK_RATE_HZ; + #else + expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) + * tickDiff / configTICK_RATE_HZ; + + #endif + ESP_LOGI(TAG, "expected_diff2 = %llu", expected_diff); #endif if (expected_diff > UINT_MAX) { /* The number of cycles expected from FreeRTOS ticks is @@ -1540,7 +1585,7 @@ static const char* bench_result_words3[][5] = { ESP_LOGI(TAG, "expected_diff = %llu", expected_diff); ESP_LOGI(TAG, "tickBeginDiff = %llu", tickBeginDiff); - ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); } #endif } @@ -1593,7 +1638,13 @@ static const char* bench_result_words3[][5] = { ESP_LOGI(TAG, "diffDiff = %llu", diffDiff); ESP_LOGI(TAG, "_xthal_get_ccount_exDiff = %llu", _xthal_get_ccount_exDiff); #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ - _esp_cpu_count_last = esp_cpu_get_cycle_count(); + + #if ESP_IDF_VERSION_MAJOR >= 5 + _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #else + _esp_cpu_count_last = cpu_hal_get_cycle_count(); + #endif + ESP_LOGV(TAG, "_xthal_get_ccount_last = %llu", _esp_cpu_count_last); } #elif defined(CONFIG_IDF_TARGET_ESP32H2) @@ -1692,7 +1743,8 @@ static const char* bench_result_words3[][5] = { defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ defined(HAVE_ECC) || !defined(NO_DH) || \ !defined(NO_RSA) || defined(HAVE_SCRYPT) || \ - defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \ + defined(WOLFSSL_HAVE_LMS) #define BENCH_ASYM #endif @@ -1700,7 +1752,8 @@ static const char* bench_result_words3[][5] = { #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \ + defined(WOLFSSL_HAVE_LMS) static const char* bench_result_words2[][5] = { #ifdef BENCH_MICROSECOND { "ops took", "μsec" , "avg" , "ops/μsec", NULL }, /* 0 English @@ -2243,8 +2296,9 @@ static WC_INLINE void bench_stats_start(int* count, double* start) #ifdef WOLFSSL_ESPIDF #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu, start=" FLT_FMT, - total_cycles, FLT_FMT_ARGS(*start) ); + ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu" + ", start=" FLT_FMT, + total_cycles, FLT_FMT_ARGS(*start) ); #endif BEGIN_ESP_CYCLES #else @@ -2264,12 +2318,14 @@ static WC_INLINE void bench_stats_start(int* count, double* start) static WC_INLINE int bench_stats_check(double start) { int ret = 0; - double this_current_time; + double this_current_time = 0.0; this_current_time = current_time(0); /* get the timestamp, no reset */ #if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) && defined(WOLFSSL_ESPIDF) - ESP_LOGV(TAG, "bench_stats_check: Current time %f, start %f", - this_current_time, start ); + #if defined(WOLFSSL_ESPIDF) + ESP_LOGI(TAG, "bench_stats_check Current time = %f, start = %f", + this_current_time, start ); + #endif #endif ret = ((this_current_time - start) < BENCH_MIN_RUNTIME_SEC @@ -2656,7 +2712,8 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID, #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) + defined(WOLFSSL_HAVE_KYBER) || defined(HAVE_DILITHIUM) || \ + defined(WOLFSSL_HAVE_LMS) static void bench_stats_asym_finish_ex(const char* algo, int strength, const char* desc, const char* desc_extra, int useDeviceID, int count, double start, int ret) @@ -9442,6 +9499,7 @@ void bench_kyber(int type) #endif #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) +#ifndef WOLFSSL_NO_LMS_SHA256_256 /* WC_LMS_PARM_L2_H10_W2 * signature length: 9300 */ static const byte lms_priv_L2_H10_W2[64] = @@ -9597,6 +9655,7 @@ static const byte lms_pub_L4_H5_W8[60] = 0x85,0x1A,0x7A,0xD8,0xD5,0x46,0x74,0x3B, 0x74,0x24,0x12,0xC8 }; +#endif static int lms_write_key_mem(const byte* priv, word32 privSz, void* context) { @@ -9757,6 +9816,7 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) } switch (parm) { +#ifndef WOLFSSL_NO_LMS_SHA256_256 case WC_LMS_PARM_L2_H10_W2: XMEMCPY(lms_priv, lms_priv_L2_H10_W2, sizeof(lms_priv_L2_H10_W2)); XMEMCPY(key.pub, lms_pub_L2_H10_W2, HSS_MAX_PUBLIC_KEY_LEN); @@ -9817,6 +9877,28 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) case WC_LMS_PARM_L4_H5_W4: case WC_LMS_PARM_L4_H10_W4: case WC_LMS_PARM_L4_H10_W8: +#endif + +#ifdef WOLFSSL_LMS_SHA256_192 + case WC_LMS_PARM_SHA256_192_L1_H5_W1: + case WC_LMS_PARM_SHA256_192_L1_H5_W2: + case WC_LMS_PARM_SHA256_192_L1_H5_W4: + case WC_LMS_PARM_SHA256_192_L1_H5_W8: + case WC_LMS_PARM_SHA256_192_L1_H10_W2: + case WC_LMS_PARM_SHA256_192_L1_H10_W4: + case WC_LMS_PARM_SHA256_192_L1_H10_W8: + case WC_LMS_PARM_SHA256_192_L1_H15_W2: + case WC_LMS_PARM_SHA256_192_L1_H15_W4: + case WC_LMS_PARM_SHA256_192_L2_H10_W2: + case WC_LMS_PARM_SHA256_192_L2_H10_W4: + case WC_LMS_PARM_SHA256_192_L2_H10_W8: + case WC_LMS_PARM_SHA256_192_L3_H5_W2: + case WC_LMS_PARM_SHA256_192_L3_H5_W4: + case WC_LMS_PARM_SHA256_192_L3_H5_W8: + case WC_LMS_PARM_SHA256_192_L3_H10_W4: + case WC_LMS_PARM_SHA256_192_L4_H5_W8: +#endif + default: XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN); break; @@ -9991,6 +10073,7 @@ void bench_lms(void) { byte pub[HSS_MAX_PUBLIC_KEY_LEN]; +#ifndef WOLFSSL_NO_LMS_SHA256_256 #ifdef BENCH_LMS_SLOW_KEYGEN #if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub); @@ -10036,6 +10119,55 @@ void bench_lms(void) bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub); bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub); #endif +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ + +#ifdef WOLFSSL_LMS_SHA256_192 +#ifdef BENCH_LMS_SLOW_KEYGEN +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#endif +#endif +#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \ + (LMS_MAX_HEIGHT >= 10)) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#ifdef BENCH_LMS_SLOW_KEYGEN + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub); +#endif +#endif +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#endif +#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \ + (LMS_MAX_HEIGHT >= 10)) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); +#endif +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); +#endif + +#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); +#endif +#endif /* WOLFSSL_LMS_SHA256_192 */ return; } @@ -14179,8 +14311,13 @@ void bench_sphincsKeySign(byte level, byte optim) #ifdef __XTENSA__ _esp_cpu_count_last = xthal_get_ccount(); #else - esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0); - _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #if ESP_IDF_VERSION_MAJOR >= 5 + esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0); + _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #else + cpu_hal_set_cycle_count((uint32_t)0); + _esp_cpu_count_last = cpu_hal_get_cycle_count(); + #endif #endif } #endif @@ -14191,9 +14328,9 @@ void bench_sphincsKeySign(byte level, byte optim) typiclly in app_startup.c */ #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGV(TAG, "tickCount = %d", tickCount); + ESP_LOGV(TAG, "tickCount = " TFMT, tickCount); if (tickCount == last_tickCount) { - ESP_LOGW(TAG, "last_tickCount unchanged? %d", tickCount); + ESP_LOGW(TAG, "last_tickCount unchanged?" TFMT, tickCount); } if (tickCount < last_tickCount) { @@ -14203,13 +14340,13 @@ void bench_sphincsKeySign(byte level, byte optim) if (reset) { #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGW(TAG, "Assign last_tickCount = %d", tickCount); + ESP_LOGW(TAG, "Assign last_tickCount = " TFMT, tickCount); #endif last_tickCount = tickCount; } else { #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING - ESP_LOGV(TAG, "No Reset last_tickCount = %d", tickCount); + ESP_LOGV(TAG, "No Reset last_tickCount = " TFMT, tickCount); #endif } diff --git a/wolfcrypt/benchmark/include.am b/wolfcrypt/benchmark/include.am index dc2b71c416..22cecbdaef 100644 --- a/wolfcrypt/benchmark/include.am +++ b/wolfcrypt/benchmark/include.am @@ -23,5 +23,8 @@ endif EXTRA_DIST += wolfcrypt/benchmark/benchmark.sln EXTRA_DIST += wolfcrypt/benchmark/benchmark.vcproj +EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.sln +EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj +EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user EXTRA_DIST += wolfcrypt/benchmark/README.md DISTCLEANFILES+= wolfcrypt/benchmark/.libs/benchmark diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index e76f66f135..1cb98431aa 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2917,7 +2917,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( outBlock, (unsigned int)keySize); } #endif -#ifdef MAX3266X_CB /* Can do a basic ECB block */ +#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */ #ifndef WOLF_CRYPTO_CB_FIND if (aes->devId != INVALID_DEVID) #endif @@ -3668,7 +3668,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( } #endif -#ifdef MAX3266X_CB /* Can do a basic ECB block */ +#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */ #ifndef WOLF_CRYPTO_CB_FIND if (aes->devId != INVALID_DEVID) #endif @@ -3726,8 +3726,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( #if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2) ByteReverseWords(rk, rk, keylen); #endif - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -3807,8 +3807,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( if (iv) XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3838,8 +3838,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3890,8 +3890,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( if (rk == NULL) return BAD_FUNC_ARG; - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3971,8 +3971,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( XMEMCPY(aes->key, userKey, keylen); ret = nrf51_aes_set_key(userKey); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -4028,7 +4028,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - #if defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -4520,8 +4521,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif } - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -8062,6 +8063,8 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz) GHASH_LEN_BLOCK(aes); /* Copy the result into s. */ XMEMCPY(s, AES_TAG(aes), sSz); + /* reset aes->gcm.H in case of re-use */ + GHASH_INIT_EXTRA(aes); } #endif /* WOLFSSL_AESGCM_STREAM */ @@ -10026,7 +10029,8 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) if ((ret == 0) && (aes->streamData == NULL)) { /* Allocate buffers for streaming. */ - aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap, + aes->streamData_sz = 5 * AES_BLOCK_SIZE; + aes->streamData = (byte*)XMALLOC(aes->streamData_sz, aes->heap, DYNAMIC_TYPE_AES); if (aes->streamData == NULL) { ret = MEMORY_E; @@ -10513,7 +10517,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, WC_RNG* rng) { #ifdef WOLFSSL_SMALL_STACK - Aes *aes = NULL; + Aes *aes; #else Aes aes[1]; #endif @@ -10526,24 +10530,24 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, } #ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) - return MEMORY_E; + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else + ret = wc_AesInit(aes, NULL, INVALID_DEVID); #endif + if (ret != 0) + return ret; - ret = wc_AesInit(aes, NULL, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesGcmSetKey(aes, key, keySz); - if (ret == 0) - ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng); - if (ret == 0) - ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, + ret = wc_AesGcmSetKey(aes, key, keySz); + if (ret == 0) + ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng); + if (ret == 0) + ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); - wc_AesFree(aes); - } - ForceZero(aes, sizeof *aes); + #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); #endif return ret; @@ -10569,22 +10573,21 @@ int wc_GmacVerify(const byte* key, word32 keySz, } #ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) - return MEMORY_E; -#endif - + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif if (ret == 0) { ret = wc_AesGcmSetKey(aes, key, keySz); if (ret == 0) ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); - wc_AesFree(aes); + } - ForceZero(aes, sizeof *aes); #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); #endif #else (void)key; @@ -11296,8 +11299,41 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ +#ifndef WC_NO_CONSTRUCTORS +Aes* wc_AesNew(void* heap, int devId, int *result_code) +{ + int ret; + Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); + if (aes == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_AesInit(aes, heap, devId); + if (ret != 0) { + XFREE(aes, heap, DYNAMIC_TYPE_AES); + aes = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return aes; +} + +int wc_AesDelete(Aes *aes, Aes** aes_p) +{ + if (aes == NULL) + return BAD_FUNC_ARG; + wc_AesFree(aes); + XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + if (aes_p != NULL) + *aes_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ -/* Initialize Aes for use with async hardware */ +/* Initialize Aes */ int wc_AesInit(Aes* aes, void* heap, int devId) { int ret = 0; @@ -11305,17 +11341,12 @@ int wc_AesInit(Aes* aes, void* heap, int devId) if (aes == NULL) return BAD_FUNC_ARG; - aes->heap = heap; - aes->rounds = 0; + XMEMSET(aes, 0, sizeof(*aes)); -#ifdef WOLFSSL_AESNI - /* clear here for the benefit of wc_AesGcmInit(). */ - aes->use_aesni = 0; -#endif + aes->heap = heap; #ifdef WOLF_CRYPTO_CB aes->devId = devId; - aes->devCtx = NULL; #else (void)devId; #endif @@ -11328,51 +11359,18 @@ int wc_AesInit(Aes* aes, void* heap, int devId) aes->alFd = WC_SOCK_NOTSET; aes->rdFd = WC_SOCK_NOTSET; #endif -#ifdef WOLFSSL_KCAPI_AES - aes->handle = NULL; - aes->init = 0; -#endif #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) aes->ctx.cfd = -1; #endif -#if defined(WOLFSSL_CRYPTOCELL) && defined(WOLFSSL_CRYPTOCELL_AES) - XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); -#endif #if defined(WOLFSSL_IMXRT_DCP) DCPAesInit(aes); #endif -#ifdef WOLFSSL_MAXQ10XX_CRYPTO - XMEMSET(&aes->maxq_ctx, 0, sizeof(aes->maxq_ctx)); -#endif - -#ifdef HAVE_AESGCM -#ifdef OPENSSL_EXTRA - XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH)); - aes->gcm.aadLen = 0; -#endif -#endif - -#ifdef WOLFSSL_AESGCM_STREAM -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) - aes->streamData = NULL; -#endif - aes->keylen = 0; - aes->nonceSz = 0; - aes->gcmKeySet = 0; - aes->nonceSet = 0; - aes->ctrSet = 0; -#endif - #if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) ret = wc_psa_aes_init(aes); #endif -#if defined(WOLFSSL_RENESAS_FSPSM) - XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); -#endif - #ifdef WC_DEBUG_CIPHER_LIFECYCLE if (ret == 0) ret = wc_debug_CipherLifecycleInit(&aes->CipherLifecycleTag, aes->heap); @@ -11427,11 +11425,12 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) } #endif -/* Free Aes from use with async hardware */ +/* Free Aes resources */ void wc_AesFree(Aes* aes) { - if (aes == NULL) + if (aes == NULL) { return; + } #ifdef WC_DEBUG_CIPHER_LIFECYCLE (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1); @@ -11472,8 +11471,11 @@ void wc_AesFree(Aes* aes) #endif #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \ !defined(WOLFSSL_AESNI) - XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); - aes->streamData = NULL; + if (aes->streamData != NULL) { + ForceZero(aes->streamData, aes->streamData_sz); + XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); + aes->streamData = NULL; + } #endif #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) @@ -11496,6 +11498,8 @@ void wc_AesFree(Aes* aes) wc_fspsm_Aesfree(aes); #endif + ForceZero(aes, sizeof(Aes)); + #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(aes, sizeof(Aes)); #endif @@ -13987,17 +13991,12 @@ static WARN_UNUSED_RESULT int AesSivCipher( } } -#ifdef WOLFSSL_SMALL_STACK - if (ret == 0) { - aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES); - if (aes == NULL) { - ret = MEMORY_E; - } - } -#endif - if (ret == 0) { +#ifdef WOLFSSL_SMALL_STACK + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif if (ret != 0) { WOLFSSL_MSG("Failed to initialized AES object."); } @@ -14032,9 +14031,10 @@ static WARN_UNUSED_RESULT int AesSivCipher( } } - wc_AesFree(aes); #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); #endif return ret; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4d04998654..0c520027bc 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7174,6 +7174,15 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz, ret = ASN_PARSE_E; } break; + #endif + #ifndef NO_DH + case DHk: + /* Neither NULL item nor OBJECT_ID item allowed. */ + if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) || + (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) { + ret = ASN_PARSE_E; + } + break; #endif /* DSAk not supported. */ /* Falcon, Dilithium and Sphincs not supported. */ @@ -7446,9 +7455,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, * privKeySz : size of private key buffer * pubKey : buffer holding DER format public key * pubKeySz : size of public key buffer - * ks : type of key */ + * ks : type of key + * heap : heap hint to use */ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, - const byte* pubKey, word32 pubKeySz, enum Key_Sum ks) + const byte* pubKey, word32 pubKeySz, enum Key_Sum ks, + void* heap) { int ret; (void)privKeySz; @@ -7485,14 +7496,14 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } #endif - if ((ret = wc_InitRsaKey(a, NULL)) < 0) { + if ((ret = wc_InitRsaKey(a, heap)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(b, NULL, DYNAMIC_TYPE_RSA); XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return ret; } - if ((ret = wc_InitRsaKey(b, NULL)) < 0) { + if ((ret = wc_InitRsaKey(b, heap)) < 0) { wc_FreeRsaKey(a); #ifdef WOLFSSL_SMALL_STACK XFREE(b, NULL, DYNAMIC_TYPE_RSA); @@ -7553,7 +7564,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } #endif - if ((ret = wc_ecc_init(key_pair)) < 0) { + if ((ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC); @@ -7571,7 +7582,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz); #endif wc_ecc_free(key_pair); - ret = wc_ecc_init(key_pair); + ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID); if (ret == 0) { ret = wc_ecc_import_private_key(privDer, privSz, pubKey, @@ -7622,7 +7633,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return MEMORY_E; #endif - if ((ret = wc_ed25519_init(key_pair)) < 0) { + if ((ret = wc_ed25519_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519); #endif @@ -7672,7 +7683,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return MEMORY_E; #endif - if ((ret = wc_ed448_init(key_pair)) < 0) { + if ((ret = wc_ed448_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448); #endif @@ -7919,6 +7930,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, ret = 0; } (void)ks; + (void)heap; return ret; } @@ -7933,7 +7945,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, * checkAlt : indicate if we check primary or alternative key */ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, - int checkAlt) + int checkAlt, void* heap) { int ret = 0; @@ -7947,7 +7959,7 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, word32 idx = 0; /* Dilithium has the largest public key at the moment */ word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; - byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, NULL, + byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, DYNAMIC_TYPE_PUBLIC_KEY); if (decodedPubKey == NULL) { ret = MEMORY_E; @@ -7966,15 +7978,15 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, } if (ret == 0) { ret = wc_CheckPrivateKey(key, keySz, decodedPubKey, pubKeyLen, - (enum Key_Sum) der->sapkiOID); + (enum Key_Sum) der->sapkiOID, heap); } - XFREE(decodedPubKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); } else #endif { ret = wc_CheckPrivateKey(key, keySz, der->publicKey, - der->pubKeySize, (enum Key_Sum) der->keyOID); + der->pubKeySize, (enum Key_Sum) der->keyOID, heap); } (void)checkAlt; @@ -20858,7 +20870,7 @@ static const ASNItem subjDirAttrASN[] = { enum { SUBJDIRATTRASN_IDX_SEQ = 0, SUBJDIRATTRASN_IDX_OID, - SUBJDIRATTRASN_IDX_SET, + SUBJDIRATTRASN_IDX_SET }; /* Number of items in ASN.1 template for BasicConstraints. */ @@ -22659,7 +22671,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt) { DECL_ASNGETDATA(dataASN, certReqASN_Length); int ret = 0; - byte version; + byte version = 0; word32 idx; CALLOC_ASNGETDATA(dataASN, certReqASN_Length, ret, cert->heap); @@ -23526,9 +23538,9 @@ typedef struct DecodeInstr { /* Tag expected. */ byte tag; /* Operation to perform: step in or go over */ - byte op:1; + WC_BITFIELD op:1; /* ASN.1 item is optional. */ - byte optional:1; + WC_BITFIELD optional:1; } DecodeInstr; /* Step into ASN.1 item. */ @@ -23552,7 +23564,7 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz, const unsigned char** pubKey, word32* pubKeySz) { int ret = 0; - int l; + int l = 0; word32 o = 0; int i; static DecodeInstr ops[] = { @@ -25402,9 +25414,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type, { const char* header = NULL; const char* footer = NULL; - const char* headerEnd; - const char* footerEnd; - const char* consumedEnd; + const char* headerEnd = NULL; + const char* footerEnd = NULL; + const char* consumedEnd = NULL; const char* bufferEnd = (const char*)(buff + longSz); long neededSz; int ret = 0; @@ -27841,7 +27853,7 @@ static int SetCertificatePolicies(byte *output, byte oid[MAX_OID_SZ]; word32 oidSz; word32 sz = 0; - int piSz; + int piSz = 0; if ((input == NULL) || (nb_certpol > MAX_CERTPOL_NB)) { ret = BAD_FUNC_ARG; @@ -30186,7 +30198,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, case CERTSIGN_STATE_DO: certSignCtx->state = CERTSIGN_STATE_DO; - ret = ALGO_ID_E; /* default to error */ + ret = -1; /* default to error, reassigned to ALGO_ID_E below. */ #ifndef NO_RSA if (rsaKey) { @@ -30269,6 +30281,9 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, } #endif /* HAVE_SPHINCS */ + if (ret == -1) + ret = ALGO_ID_E; + break; } @@ -30399,8 +30414,8 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, return (int)(idx + seqSz); #else DECL_ASNSETDATA(dataASN, sigASN_Length); - word32 seqSz; - int sz; + word32 seqSz = 0; + int sz = 0; int ret = 0; CALLOC_ASNSETDATA(dataASN, sigASN_Length, ret, NULL); @@ -35106,6 +35121,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, /* Write a Private ecc key, including public to DER format, * length on success else < 0 */ +/* Note: use wc_EccKeyDerSize to get length only */ WOLFSSL_ABI int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) { @@ -35117,10 +35133,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) int wc_EccKeyDerSize(ecc_key* key, int pub) { word32 sz = 0; - int ret; - - ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1); - + int ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1); if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return ret; } @@ -35131,7 +35144,11 @@ int wc_EccKeyDerSize(ecc_key* key, int pub) * length on success else < 0 */ int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen) { - return wc_BuildEccKeyDer(key, output, &inLen, 0, 1); + int ret = wc_BuildEccKeyDer(key, output, &inLen, 0, 1); + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + return (int)inLen; + } + return ret; } #ifdef HAVE_PKCS8 @@ -35673,7 +35690,7 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz; #else DECL_ASNSETDATA(dataASN, edKeyASN_Length); - int sz; + int sz = 0; #endif /* validate parameters */ @@ -40759,7 +40776,7 @@ enum { HOLDER_IDX_ISSUERSERIAL_SEQ, HOLDER_IDX_GN_SEQ, HOLDER_IDX_SERIAL_INT, - HOLDER_IDX_GN_SEQ_OPT1, + HOLDER_IDX_GN_SEQ_OPT1 }; /* Number of items in ASN template for an X509 Acert. */ @@ -40883,7 +40900,7 @@ static const ASNItem AttCertIssuerASN[] = }; enum { - ATTCERTISSUER_IDX_GN_SEQ, + ATTCERTISSUER_IDX_GN_SEQ }; /* Number of items in ASN template for an X509 Acert. */ @@ -41442,6 +41459,31 @@ int VerifyX509Acert(const byte* der, word32 derSz, FREE_ASNGETDATA(dataASN, heap); return ret; } + +void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, + void* heap) +{ + InitDecodedAcert(acert, source, inSz, heap); +} + +void wc_FreeDecodedAcert(DecodedAcert * acert) +{ + FreeDecodedAcert(acert); +} + +int wc_ParseX509Acert(DecodedAcert* acert, int verify) +{ + return ParseX509Acert(acert, verify); +} + +int wc_VerifyX509Acert(const byte* acert, word32 acertSz, + const byte* pubKey, word32 pubKeySz, + int pubKeyOID, void * heap) +{ + return VerifyX509Acert(acert, acertSz, pubKey, pubKeySz, + pubKeyOID, heap); +} + #endif /* WOLFSSL_ACERT && WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_SEP diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index e24034222f..7641055b44 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -655,6 +655,40 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, #endif /* HAVE_CURVE25519_KEY_IMPORT */ +#ifndef WC_NO_CONSTRUCTORS +curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code) +{ + int ret; + curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap, + DYNAMIC_TYPE_CURVE25519); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_curve25519_init_ex(key, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} + +int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p) { + if (key == NULL) + return BAD_FUNC_ARG; + wc_curve25519_free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_CURVE25519); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId) { if (key == NULL) @@ -698,11 +732,8 @@ void wc_curve25519_free(curve25519_key* key) se050_curve25519_free_key(key); #endif - key->dp = NULL; - ForceZero(key->k, sizeof(key->k)); - XMEMSET(&key->p, 0, sizeof(key->p)); - key->pubSet = 0; - key->privSet = 0; + ForceZero(key, sizeof(*key)); + #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(key, sizeof(curve25519_key)); #endif diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index c830d7a91a..610b4b69db 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2979,7 +2979,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) primeCheckCount = 0; int primeCheck = MP_NO, ret = 0; +#ifdef WOLFSSL_NO_MALLOC + unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE]; +#else unsigned char *buf = NULL; +#endif #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) XMEMSET(tmp, 0, sizeof(tmp)); @@ -3029,11 +3033,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (ret == 0) { bufSz = (word32)modSz - groupSz; +#ifdef WOLFSSL_NO_MALLOC + if (bufSz > sizeof(buf)) + ret = MEMORY_E; +#else /* allocate ram */ buf = (unsigned char *)XMALLOC(bufSz, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) ret = MEMORY_E; +#endif } /* make a random string that will be multiplied against q */ @@ -3167,11 +3176,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) RESTORE_VECTOR_REGISTERS(); - if (buf != NULL) { +#ifndef WOLFSSL_NO_MALLOC + if (buf != NULL) +#endif + { ForceZero(buf, bufSz); +#ifndef WOLFSSL_NO_MALLOC if (dh != NULL) { XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); } +#endif } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index a938805cb5..ce01042c86 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -70,7 +70,7 @@ * but is slower. * WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 Default: OFF * Compiles the small memory implementations to use a 64-bit polynomial. - * Uses 2KB of memory but is slighlty quicker (2.75-7%). + * Uses 2KB of memory but is slightly quicker (2.75-7%). * * WOLFSSL_DILITHIUM_ALIGNMENT Default: 8 * Use to indicate whether loading and storing of words needs to be aligned. diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ee031a6aa9..da6505cc6b 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1426,7 +1426,13 @@ size_t wc_ecc_get_sets_count(void) { byte oid[ECC_MAX_OID_LEN]; } oid_cache_t; static oid_cache_t ecc_oid_cache[ECC_SET_COUNT]; + + static wolfSSL_Mutex ecc_oid_cache_lock + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_oid_cache_lock); +#ifndef WOLFSSL_MUTEX_INITIALIZER + static volatile int eccOidLockInit = 0; #endif +#endif /* HAVE_OID_ENCODING */ /* Forward declarations */ #if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT) @@ -2911,7 +2917,7 @@ int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct) if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) { err = sp_ecc_map_sm2_256(P->x, P->y, P->z); } -#elif defined(WOLFSSL_SP_NO_256) +#elif !defined(WOLFSSL_SP_NO_256) if (mp_count_bits(modulus) == 256) { err = sp_ecc_map_256(P->x, P->y, P->z); } @@ -4086,24 +4092,24 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap) } p = *point; -#ifndef WOLFSSL_NO_MALLOC if (p == NULL) { p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC); } -#endif if (p == NULL) { return MEMORY_E; } XMEMSET(p, 0, sizeof(ecc_point)); + if (*point == NULL) + p->isAllocated = 1; + #ifndef ALT_ECC_SIZE err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL); if (err != MP_OKAY) { WOLFSSL_MSG("mp_init_multi failed."); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - return err; + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); + p = NULL; } #else p->x = (mp_int*)&p->xyz[0]; @@ -4142,9 +4148,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap) mp_clear(p->x); mp_clear(p->y); mp_clear(p->z); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); } (void)heap; } @@ -4257,7 +4262,7 @@ int wc_ecc_get_curve_idx(int curve_id) int wc_ecc_get_curve_id(int curve_idx) { - if (wc_ecc_is_valid_idx(curve_idx)) { + if (wc_ecc_is_valid_idx(curve_idx) && curve_idx >= 0) { return ecc_sets[curve_idx].id; } return ECC_CURVE_INVALID; @@ -4549,13 +4554,11 @@ int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len) } #endif -#if !defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING) if (len == 0) { /* SAKKE has zero oidSz and will otherwise match with len==0. */ WOLFSSL_MSG("zero oidSz"); return ECC_CURVE_INVALID; } -#endif for (curve_idx = 0; ecc_sets[curve_idx].size != 0; curve_idx++) { #if defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING) @@ -12435,6 +12438,9 @@ static const struct { /* find a hole and free as required, return -1 if no hole found */ static int find_hole(void) { +#ifdef WOLFSSL_NO_MALLOC + return -1; +#else int x, y, z; for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) { if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) { @@ -12463,6 +12469,7 @@ static int find_hole(void) fp_cache[z].lru_count = 0; } return z; +#endif /* !WOLFSSL_NO_MALLOC */ } /* determine if a base is already in the cache and if so, where */ @@ -13908,15 +13915,25 @@ int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz) if (ctx == NULL || (salt == NULL && sz != 0)) return BAD_FUNC_ARG; - ctx->kdfSalt = salt; - ctx->kdfSaltSz = sz; + /* truncate salt if exceeds max */ + if (sz > EXCHANGE_SALT_SZ) + sz = EXCHANGE_SALT_SZ; + /* using a custom kdf salt, so borrow clientSalt/serverSalt for it, + * since wc_ecc_ctx_set_peer_salt will set kdf and mac salts */ if (ctx->protocol == REQ_RESP_CLIENT) { ctx->cliSt = ecCLI_SALT_SET; + ctx->kdfSalt = ctx->clientSalt; } else if (ctx->protocol == REQ_RESP_SERVER) { ctx->srvSt = ecSRV_SALT_SET; + ctx->kdfSalt = ctx->serverSalt; + } + + if (salt != NULL) { + XMEMCPY((byte*)ctx->kdfSalt, salt, sz); } + ctx->kdfSaltSz = sz; return 0; } @@ -14764,8 +14781,9 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, if (ret == 0) ret = wc_HmacFinal(hmac, verify); if ((ret == 0) && (XMEMCMP(verify, msg + msgSz - digestSz, - digestSz) != 0)) { - ret = -1; + digestSz) != 0)) { + ret = HASH_TYPE_E; + WOLFSSL_MSG("ECC Decrypt HMAC Check failed!"); } wc_HmacFree(hmac); @@ -15418,22 +15436,57 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen #endif /* HAVE_ECC_KEY_EXPORT */ #endif /* HAVE_COMP_KEY */ +#ifdef HAVE_OID_ENCODING +int wc_ecc_oid_cache_init(void) +{ + int ret = 0; +#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) + ret = wc_InitMutex(&ecc_oid_cache_lock); +#endif + return ret; +} + +void wc_ecc_oid_cache_free(void) +{ +#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) + wc_FreeMutex(&ecc_oid_cache_lock); +#endif +} +#endif /* HAVE_OID_ENCODING */ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) { int x; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); +#ifdef HAVE_OID_ENCODING + oid_cache_t* o = NULL; +#endif if (oidSum == 0) { return BAD_FUNC_ARG; } +#ifdef HAVE_OID_ENCODING + #ifndef WOLFSSL_MUTEX_INITIALIZER + /* extra sanity check if wolfCrypt_Init not called */ + if (eccOidLockInit == 0) { + wc_InitMutex(&ecc_oid_cache_lock); + eccOidLockInit = 1; + } + #endif + + if (wc_LockMutex(&ecc_oid_cache_lock) != 0) { + return BAD_MUTEX_E; + } +#endif + /* find matching OID sum (based on encoded value) */ for (x = 0; ecc_sets[x].size != 0; x++) { if (ecc_sets[x].oidSum == oidSum) { #ifdef HAVE_OID_ENCODING - int ret = 0; /* check cache */ - oid_cache_t* o = &ecc_oid_cache[x]; + ret = 0; + o = &ecc_oid_cache[x]; if (o->oidSz == 0) { o->oidSz = sizeof(o->oid); ret = EncodeObjectId(ecc_sets[x].oid, ecc_sets[x].oidSz, @@ -15445,11 +15498,12 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) if (oid) { *oid = o->oid; } + /* on success return curve id */ if (ret == 0) { ret = ecc_sets[x].id; } - return ret; + break; #else if (oidSz) { *oidSz = ecc_sets[x].oidSz; @@ -15457,12 +15511,17 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) if (oid) { *oid = ecc_sets[x].oid; } - return ecc_sets[x].id; + ret = ecc_sets[x].id; + break; #endif } } - return NOT_COMPILED_IN; +#ifdef HAVE_OID_ENCODING + wc_UnLockMutex(&ecc_oid_cache_lock); +#endif + + return ret; } #ifdef WOLFSSL_CUSTOM_CURVES diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index 86f594dd79..09777dde76 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -968,6 +968,39 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, } #endif /* HAVE_ED25519_VERIFY */ +#ifndef WC_NO_CONSTRUCTORS +ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code) +{ + int ret; + ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, + DYNAMIC_TYPE_ED25519); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_ed25519_init_ex(key, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_ED25519); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} + +int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p) { + if (key == NULL) + return BAD_FUNC_ARG; + wc_ed25519_free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_ED25519); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ /* initialize information and memory for key */ int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index d0e07b84a9..e6bc6b7c82 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -9051,7 +9051,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Get size of DER buffer only */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); } else { ret = wc_DhParamsToDer(dhkey,NULL,&derSz); @@ -9071,7 +9071,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Fill DER buffer */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); } else { ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); @@ -9770,7 +9770,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8) /* this function just casts and returns pointer */ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey) { - return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey; + if (pkey == NULL || pkey->pkey.ptr == NULL) { + return NULL; + } + + return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr, + pkey->pkey_sz); } #endif @@ -10495,6 +10500,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* md) { int ret = WOLFSSL_SUCCESS; + #ifdef WOLFSSL_ASYNC_CRYPT + wc_static_assert(WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV)); + #endif WOLFSSL_ENTER("EVP_DigestInit"); @@ -10502,13 +10510,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return WOLFSSL_FAILURE; } - - #ifdef WOLFSSL_ASYNC_CRYPT - /* compile-time validation of ASYNC_CTX_SIZE */ - typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ? - 1 : -1]; - (void)sizeof(async_test); - #endif + wolfSSL_EVP_MD_CTX_init(ctx); /* Set to 0 if no match */ ctx->macType = EvpMd2MacType(md); diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c index ede162a5e2..bbf31f6a7a 100644 --- a/wolfcrypt/src/fe_448.c +++ b/wolfcrypt/src/fe_448.c @@ -1437,56 +1437,56 @@ void fe448_to_bytes(unsigned char* b, const sword32* a) b[ 0] = (byte)(in0 >> 0); b[ 1] = (byte)(in0 >> 8); b[ 2] = (byte)(in0 >> 16); - b[ 3] = (byte)((in0 >> 24) + ((in1 >> 0) << 4)); + b[ 3] = (byte)(in0 >> 24) + (byte)((in1 >> 0) << 4); b[ 4] = (byte)(in1 >> 4); b[ 5] = (byte)(in1 >> 12); b[ 6] = (byte)(in1 >> 20); b[ 7] = (byte)(in2 >> 0); b[ 8] = (byte)(in2 >> 8); b[ 9] = (byte)(in2 >> 16); - b[10] = (byte)((in2 >> 24) + ((in3 >> 0) << 4)); + b[10] = (byte)(in2 >> 24) + (byte)((in3 >> 0) << 4); b[11] = (byte)(in3 >> 4); b[12] = (byte)(in3 >> 12); b[13] = (byte)(in3 >> 20); b[14] = (byte)(in4 >> 0); b[15] = (byte)(in4 >> 8); b[16] = (byte)(in4 >> 16); - b[17] = (byte)((in4 >> 24) + ((in5 >> 0) << 4)); + b[17] = (byte)(in4 >> 24) + (byte)((in5 >> 0) << 4); b[18] = (byte)(in5 >> 4); b[19] = (byte)(in5 >> 12); b[20] = (byte)(in5 >> 20); b[21] = (byte)(in6 >> 0); b[22] = (byte)(in6 >> 8); b[23] = (byte)(in6 >> 16); - b[24] = (byte)((in6 >> 24) + ((in7 >> 0) << 4)); + b[24] = (byte)(in6 >> 24) + (byte)((in7 >> 0) << 4); b[25] = (byte)(in7 >> 4); b[26] = (byte)(in7 >> 12); b[27] = (byte)(in7 >> 20); b[28] = (byte)(in8 >> 0); b[29] = (byte)(in8 >> 8); b[30] = (byte)(in8 >> 16); - b[31] = (byte)((in8 >> 24) + ((in9 >> 0) << 4)); + b[31] = (byte)(in8 >> 24) + (byte)((in9 >> 0) << 4); b[32] = (byte)(in9 >> 4); b[33] = (byte)(in9 >> 12); b[34] = (byte)(in9 >> 20); b[35] = (byte)(in10 >> 0); b[36] = (byte)(in10 >> 8); b[37] = (byte)(in10 >> 16); - b[38] = (byte)((in10 >> 24) + ((in11 >> 0) << 4)); + b[38] = (byte)(in10 >> 24) + (byte)((in11 >> 0) << 4); b[39] = (byte)(in11 >> 4); b[40] = (byte)(in11 >> 12); b[41] = (byte)(in11 >> 20); b[42] = (byte)(in12 >> 0); b[43] = (byte)(in12 >> 8); b[44] = (byte)(in12 >> 16); - b[45] = (byte)((in12 >> 24) + ((in13 >> 0) << 4)); + b[45] = (byte)(in12 >> 24) + (byte)((in13 >> 0) << 4); b[46] = (byte)(in13 >> 4); b[47] = (byte)(in13 >> 12); b[48] = (byte)(in13 >> 20); b[49] = (byte)(in14 >> 0); b[50] = (byte)(in14 >> 8); b[51] = (byte)(in14 >> 16); - b[52] = (byte)((in14 >> 24) + ((in15 >> 0) << 4)); + b[52] = (byte)(in14 >> 24) + (byte)((in15 >> 0) << 4); b[53] = (byte)(in15 >> 4); b[54] = (byte)(in15 >> 12); b[55] = (byte)(in15 >> 20); @@ -1770,6 +1770,8 @@ void fe448_mul39081(sword32* r, const sword32* a) static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b) { sword64 t; + sword64 o; + sword64 t15; sword64 t0 = (sword64)a[ 0] * b[ 0]; sword64 t1 = (sword64)a[ 0] * b[ 1]; sword64 t101 = (sword64)a[ 1] * b[ 0]; @@ -1834,7 +1836,6 @@ static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b sword64 t13 = (sword64)a[ 6] * b[ 7]; sword64 t113 = (sword64)a[ 7] * b[ 6]; sword64 t14 = (sword64)a[ 7] * b[ 7]; - sword64 o, t15; t1 += t101; t2 += t102; t2 += t202; t3 += t103; t3 += t203; t3 += t303; diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c index 415928f97f..13d5ffccb4 100644 --- a/wolfcrypt/src/ge_448.c +++ b/wolfcrypt/src/ge_448.c @@ -5453,56 +5453,56 @@ void sc448_reduce(byte* b) b[ 0] = (byte)(d[0 ] >> 0); b[ 1] = (byte)(d[0 ] >> 8); b[ 2] = (byte)(d[0 ] >> 16); - b[ 3] = (byte)((d[0 ] >> 24) + ((d[1 ] >> 0) << 4)); + b[ 3] = (byte)(d[0 ] >> 24) + ((d[1 ] >> 0) << 4); b[ 4] = (byte)(d[1 ] >> 4); b[ 5] = (byte)(d[1 ] >> 12); b[ 6] = (byte)(d[1 ] >> 20); b[ 7] = (byte)(d[2 ] >> 0); b[ 8] = (byte)(d[2 ] >> 8); b[ 9] = (byte)(d[2 ] >> 16); - b[10] = (byte)((d[2 ] >> 24) + ((d[3 ] >> 0) << 4)); + b[10] = (byte)(d[2 ] >> 24) + ((d[3 ] >> 0) << 4); b[11] = (byte)(d[3 ] >> 4); b[12] = (byte)(d[3 ] >> 12); b[13] = (byte)(d[3 ] >> 20); b[14] = (byte)(d[4 ] >> 0); b[15] = (byte)(d[4 ] >> 8); b[16] = (byte)(d[4 ] >> 16); - b[17] = (byte)((d[4 ] >> 24) + ((d[5 ] >> 0) << 4)); + b[17] = (byte)(d[4 ] >> 24) + ((d[5 ] >> 0) << 4); b[18] = (byte)(d[5 ] >> 4); b[19] = (byte)(d[5 ] >> 12); b[20] = (byte)(d[5 ] >> 20); b[21] = (byte)(d[6 ] >> 0); b[22] = (byte)(d[6 ] >> 8); b[23] = (byte)(d[6 ] >> 16); - b[24] = (byte)((d[6 ] >> 24) + ((d[7 ] >> 0) << 4)); + b[24] = (byte)(d[6 ] >> 24) + ((d[7 ] >> 0) << 4); b[25] = (byte)(d[7 ] >> 4); b[26] = (byte)(d[7 ] >> 12); b[27] = (byte)(d[7 ] >> 20); b[28] = (byte)(d[8 ] >> 0); b[29] = (byte)(d[8 ] >> 8); b[30] = (byte)(d[8 ] >> 16); - b[31] = (byte)((d[8 ] >> 24) + ((d[9 ] >> 0) << 4)); + b[31] = (byte)(d[8 ] >> 24) + ((d[9 ] >> 0) << 4); b[32] = (byte)(d[9 ] >> 4); b[33] = (byte)(d[9 ] >> 12); b[34] = (byte)(d[9 ] >> 20); b[35] = (byte)(d[10] >> 0); b[36] = (byte)(d[10] >> 8); b[37] = (byte)(d[10] >> 16); - b[38] = (byte)((d[10] >> 24) + ((d[11] >> 0) << 4)); + b[38] = (byte)(d[10] >> 24) + ((d[11] >> 0) << 4); b[39] = (byte)(d[11] >> 4); b[40] = (byte)(d[11] >> 12); b[41] = (byte)(d[11] >> 20); b[42] = (byte)(d[12] >> 0); b[43] = (byte)(d[12] >> 8); b[44] = (byte)(d[12] >> 16); - b[45] = (byte)((d[12] >> 24) + ((d[13] >> 0) << 4)); + b[45] = (byte)(d[12] >> 24) + ((d[13] >> 0) << 4); b[46] = (byte)(d[13] >> 4); b[47] = (byte)(d[13] >> 12); b[48] = (byte)(d[13] >> 20); b[49] = (byte)(d[14] >> 0); b[50] = (byte)(d[14] >> 8); b[51] = (byte)(d[14] >> 16); - b[52] = (byte)((d[14] >> 24) + ((d[15] >> 0) << 4)); + b[52] = (byte)(d[14] >> 24) + ((d[15] >> 0) << 4); b[53] = (byte)(d[15] >> 4); b[54] = (byte)(d[15] >> 12); b[55] = (byte)(d[15] >> 20); @@ -6206,56 +6206,56 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) r[ 0] = (byte)(rd[0 ] >> 0); r[ 1] = (byte)(rd[0 ] >> 8); r[ 2] = (byte)(rd[0 ] >> 16); - r[ 3] = (byte)((rd[0 ] >> 24) + ((rd[1 ] >> 0) << 4)); + r[ 3] = (byte)(rd[0 ] >> 24) + ((rd[1 ] >> 0) << 4); r[ 4] = (byte)(rd[1 ] >> 4); r[ 5] = (byte)(rd[1 ] >> 12); r[ 6] = (byte)(rd[1 ] >> 20); r[ 7] = (byte)(rd[2 ] >> 0); r[ 8] = (byte)(rd[2 ] >> 8); r[ 9] = (byte)(rd[2 ] >> 16); - r[10] = (byte)((rd[2 ] >> 24) + ((rd[3 ] >> 0) << 4)); + r[10] = (byte)(rd[2 ] >> 24) + ((rd[3 ] >> 0) << 4); r[11] = (byte)(rd[3 ] >> 4); r[12] = (byte)(rd[3 ] >> 12); r[13] = (byte)(rd[3 ] >> 20); r[14] = (byte)(rd[4 ] >> 0); r[15] = (byte)(rd[4 ] >> 8); r[16] = (byte)(rd[4 ] >> 16); - r[17] = (byte)((rd[4 ] >> 24) + ((rd[5 ] >> 0) << 4)); + r[17] = (byte)(rd[4 ] >> 24) + ((rd[5 ] >> 0) << 4); r[18] = (byte)(rd[5 ] >> 4); r[19] = (byte)(rd[5 ] >> 12); r[20] = (byte)(rd[5 ] >> 20); r[21] = (byte)(rd[6 ] >> 0); r[22] = (byte)(rd[6 ] >> 8); r[23] = (byte)(rd[6 ] >> 16); - r[24] = (byte)((rd[6 ] >> 24) + ((rd[7 ] >> 0) << 4)); + r[24] = (byte)(rd[6 ] >> 24) + ((rd[7 ] >> 0) << 4); r[25] = (byte)(rd[7 ] >> 4); r[26] = (byte)(rd[7 ] >> 12); r[27] = (byte)(rd[7 ] >> 20); r[28] = (byte)(rd[8 ] >> 0); r[29] = (byte)(rd[8 ] >> 8); r[30] = (byte)(rd[8 ] >> 16); - r[31] = (byte)((rd[8 ] >> 24) + ((rd[9 ] >> 0) << 4)); + r[31] = (byte)(rd[8 ] >> 24) + ((rd[9 ] >> 0) << 4); r[32] = (byte)(rd[9 ] >> 4); r[33] = (byte)(rd[9 ] >> 12); r[34] = (byte)(rd[9 ] >> 20); r[35] = (byte)(rd[10] >> 0); r[36] = (byte)(rd[10] >> 8); r[37] = (byte)(rd[10] >> 16); - r[38] = (byte)((rd[10] >> 24) + ((rd[11] >> 0) << 4)); + r[38] = (byte)(rd[10] >> 24) + ((rd[11] >> 0) << 4); r[39] = (byte)(rd[11] >> 4); r[40] = (byte)(rd[11] >> 12); r[41] = (byte)(rd[11] >> 20); r[42] = (byte)(rd[12] >> 0); r[43] = (byte)(rd[12] >> 8); r[44] = (byte)(rd[12] >> 16); - r[45] = (byte)((rd[12] >> 24) + ((rd[13] >> 0) << 4)); + r[45] = (byte)(rd[12] >> 24) + ((rd[13] >> 0) << 4); r[46] = (byte)(rd[13] >> 4); r[47] = (byte)(rd[13] >> 12); r[48] = (byte)(rd[13] >> 20); r[49] = (byte)(rd[14] >> 0); r[50] = (byte)(rd[14] >> 8); r[51] = (byte)(rd[14] >> 16); - r[52] = (byte)((rd[14] >> 24) + ((rd[15] >> 0) << 4)); + r[52] = (byte)(rd[14] >> 24) + ((rd[15] >> 0) << 4); r[53] = (byte)(rd[15] >> 4); r[54] = (byte)(rd[15] >> 12); r[55] = (byte)(rd[15] >> 20); diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index db3a047998..b16c47dcb1 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -686,6 +686,44 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, NULL, INVALID_DEVID); } +#ifndef WC_NO_CONSTRUCTORS +wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId, + int *result_code) +{ + int ret; + wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, + DYNAMIC_TYPE_HASHES); + if (hash == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_HashInit_ex(hash, type, heap, devId); + if (ret != 0) { + XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + hash = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return hash; +} + +int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p) { + int ret; + if (hash == NULL) + return BAD_FUNC_ARG; + ret = wc_HashFree(hash, hash->type); + if (ret < 0) + return ret; + XFREE(hash, hash->heap, DYNAMIC_TYPE_HASHES); + if (hash_p != NULL) + *hash_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId) { @@ -694,42 +732,50 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, if (hash == NULL) return BAD_FUNC_ARG; + hash->type = type; + +#ifdef WC_NO_CONSTRUCTORS + (void)heap; +#else + hash->heap = heap; +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_InitMd5_ex(&hash->md5, heap, devId); + ret = wc_InitMd5_ex(&hash->alg.md5, heap, devId); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_InitSha_ex(&hash->sha, heap, devId); + ret = wc_InitSha_ex(&hash->alg.sha, heap, devId); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_InitSha224_ex(&hash->sha224, heap, devId); + ret = wc_InitSha224_ex(&hash->alg.sha224, heap, devId); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_InitSha256_ex(&hash->sha256, heap, devId); + ret = wc_InitSha256_ex(&hash->alg.sha256, heap, devId); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_InitSha384_ex(&hash->sha384, heap, devId); + ret = wc_InitSha384_ex(&hash->alg.sha384, heap, devId); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wc_InitSha512_ex(&hash->sha512, heap, devId); + ret = wc_InitSha512_ex(&hash->alg.sha512, heap, devId); #endif break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - ret = wc_InitSha512_224_ex(&hash->sha512, heap, devId); + ret = wc_InitSha512_224_ex(&hash->alg.sha512, heap, devId); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; @@ -738,35 +784,35 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - ret = wc_InitSha512_256_ex(&hash->sha512, heap, devId); + ret = wc_InitSha512_256_ex(&hash->alg.sha512, heap, devId); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_InitSha3_224(&hash->sha3, heap, devId); + ret = wc_InitSha3_224(&hash->alg.sha3, heap, devId); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_InitSha3_256(&hash->sha3, heap, devId); + ret = wc_InitSha3_256(&hash->alg.sha3, heap, devId); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wc_InitSha3_384(&hash->sha3, heap, devId); + ret = wc_InitSha3_384(&hash->alg.sha3, heap, devId); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_InitSha3_512(&hash->sha3, heap, devId); + ret = wc_InitSha3_512(&hash->alg.sha3, heap, devId); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_InitSm3(&hash->sm3, heap, devId); + ret = wc_InitSm3(&hash->alg.sm3, heap, devId); break; #endif @@ -787,7 +833,6 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, ret = BAD_FUNC_ARG; }; - (void)heap; (void)devId; return ret; @@ -806,42 +851,49 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, if (hash == NULL || (data == NULL && dataSz > 0)) return BAD_FUNC_ARG; +#ifdef DEBUG_WOLFSSL + if (hash->type != type) { + WOLFSSL_MSG("Hash update type mismatch!"); + return BAD_FUNC_ARG; + } +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5Update(&hash->md5, data, dataSz); + ret = wc_Md5Update(&hash->alg.md5, data, dataSz); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaUpdate(&hash->sha, data, dataSz); + ret = wc_ShaUpdate(&hash->alg.sha, data, dataSz); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224Update(&hash->sha224, data, dataSz); + ret = wc_Sha224Update(&hash->alg.sha224, data, dataSz); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256Update(&hash->sha256, data, dataSz); + ret = wc_Sha256Update(&hash->alg.sha256, data, dataSz); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Update(&hash->sha384, data, dataSz); + ret = wc_Sha384Update(&hash->alg.sha384, data, dataSz); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wc_Sha512Update(&hash->sha512, data, dataSz); + ret = wc_Sha512Update(&hash->alg.sha512, data, dataSz); #endif break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - ret = wc_Sha512_224Update(&hash->sha512, data, dataSz); + ret = wc_Sha512_224Update(&hash->alg.sha512, data, dataSz); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; @@ -850,35 +902,35 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - ret = wc_Sha512_256Update(&hash->sha512, data, dataSz); + ret = wc_Sha512_256Update(&hash->alg.sha512, data, dataSz); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_Sha3_224_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_224_Update(&hash->alg.sha3, data, dataSz); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_Sha3_256_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_256_Update(&hash->alg.sha3, data, dataSz); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wc_Sha3_384_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_384_Update(&hash->alg.sha3, data, dataSz); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_Sha3_512_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_512_Update(&hash->alg.sha3, data, dataSz); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3Update(&hash->sm3, data, dataSz); + ret = wc_Sm3Update(&hash->alg.sm3, data, dataSz); break; #endif @@ -909,42 +961,49 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) if (hash == NULL || out == NULL) return BAD_FUNC_ARG; +#ifdef DEBUG_WOLFSSL + if (hash->type != type) { + WOLFSSL_MSG("Hash final type mismatch!"); + return BAD_FUNC_ARG; + } +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5Final(&hash->md5, out); + ret = wc_Md5Final(&hash->alg.md5, out); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaFinal(&hash->sha, out); + ret = wc_ShaFinal(&hash->alg.sha, out); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224Final(&hash->sha224, out); + ret = wc_Sha224Final(&hash->alg.sha224, out); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256Final(&hash->sha256, out); + ret = wc_Sha256Final(&hash->alg.sha256, out); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Final(&hash->sha384, out); + ret = wc_Sha384Final(&hash->alg.sha384, out); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wc_Sha512Final(&hash->sha512, out); + ret = wc_Sha512Final(&hash->alg.sha512, out); #endif break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - ret = wc_Sha512_224Final(&hash->sha512, out); + ret = wc_Sha512_224Final(&hash->alg.sha512, out); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; @@ -953,35 +1012,35 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - ret = wc_Sha512_256Final(&hash->sha512, out); + ret = wc_Sha512_256Final(&hash->alg.sha512, out); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_Sha3_224_Final(&hash->sha3, out); + ret = wc_Sha3_224_Final(&hash->alg.sha3, out); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_Sha3_256_Final(&hash->sha3, out); + ret = wc_Sha3_256_Final(&hash->alg.sha3, out); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wc_Sha3_384_Final(&hash->sha3, out); + ret = wc_Sha3_384_Final(&hash->alg.sha3, out); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_Sha3_512_Final(&hash->sha3, out); + ret = wc_Sha3_512_Final(&hash->alg.sha3, out); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3Final(&hash->sm3, out); + ret = wc_Sm3Final(&hash->alg.sm3, out); break; #endif @@ -1012,40 +1071,47 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) if (hash == NULL) return BAD_FUNC_ARG; +#ifdef DEBUG_WOLFSSL + if (hash->type != type) { + WOLFSSL_MSG("Hash free type mismatch!"); + return BAD_FUNC_ARG; + } +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - wc_Md5Free(&hash->md5); + wc_Md5Free(&hash->alg.md5); ret = 0; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - wc_ShaFree(&hash->sha); + wc_ShaFree(&hash->alg.sha); ret = 0; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - wc_Sha224Free(&hash->sha224); + wc_Sha224Free(&hash->alg.sha224); ret = 0; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - wc_Sha256Free(&hash->sha256); + wc_Sha256Free(&hash->alg.sha256); ret = 0; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - wc_Sha384Free(&hash->sha384); + wc_Sha384Free(&hash->alg.sha384); ret = 0; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - wc_Sha512Free(&hash->sha512); + wc_Sha512Free(&hash->alg.sha512); ret = 0; #endif break; @@ -1053,7 +1119,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - wc_Sha512_224Free(&hash->sha512); + wc_Sha512_224Free(&hash->alg.sha512); ret = 0; #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ @@ -1063,7 +1129,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - wc_Sha512_256Free(&hash->sha512); + wc_Sha512_256Free(&hash->alg.sha512); ret = 0; #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ @@ -1071,32 +1137,32 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - wc_Sha3_224_Free(&hash->sha3); + wc_Sha3_224_Free(&hash->alg.sha3); ret = 0; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wc_Sha3_256_Free(&hash->sha3); + wc_Sha3_256_Free(&hash->alg.sha3); ret = 0; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - wc_Sha3_384_Free(&hash->sha3); + wc_Sha3_384_Free(&hash->alg.sha3); ret = 0; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - wc_Sha3_512_Free(&hash->sha3); + wc_Sha3_512_Free(&hash->alg.sha3); ret = 0; #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - wc_Sm3Free(&hash->sm3); + wc_Sm3Free(&hash->alg.sm3); ret = 0; break; #endif @@ -1132,27 +1198,27 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5SetFlags(&hash->md5, flags); + ret = wc_Md5SetFlags(&hash->alg.md5, flags); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaSetFlags(&hash->sha, flags); + ret = wc_ShaSetFlags(&hash->alg.sha, flags); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224SetFlags(&hash->sha224, flags); + ret = wc_Sha224SetFlags(&hash->alg.sha224, flags); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256SetFlags(&hash->sha256, flags); + ret = wc_Sha256SetFlags(&hash->alg.sha256, flags); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384SetFlags(&hash->sha384, flags); + ret = wc_Sha384SetFlags(&hash->alg.sha384, flags); #endif break; case WC_HASH_TYPE_SHA512: @@ -1163,7 +1229,7 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) case WC_HASH_TYPE_SHA512_256: #endif #ifdef WOLFSSL_SHA512 - ret = wc_Sha512SetFlags(&hash->sha512, flags); + ret = wc_Sha512SetFlags(&hash->alg.sha512, flags); #endif break; @@ -1172,13 +1238,13 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) case WC_HASH_TYPE_SHA3_384: case WC_HASH_TYPE_SHA3_512: #ifdef WOLFSSL_SHA3 - ret = wc_Sha3_SetFlags(&hash->sha3, flags); + ret = wc_Sha3_SetFlags(&hash->alg.sha3, flags); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3SetFlags(&hash->sm3, flags); + ret = wc_Sm3SetFlags(&hash->alg.sm3, flags); break; #endif @@ -1211,27 +1277,27 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5GetFlags(&hash->md5, flags); + ret = wc_Md5GetFlags(&hash->alg.md5, flags); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaGetFlags(&hash->sha, flags); + ret = wc_ShaGetFlags(&hash->alg.sha, flags); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224GetFlags(&hash->sha224, flags); + ret = wc_Sha224GetFlags(&hash->alg.sha224, flags); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256GetFlags(&hash->sha256, flags); + ret = wc_Sha256GetFlags(&hash->alg.sha256, flags); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384GetFlags(&hash->sha384, flags); + ret = wc_Sha384GetFlags(&hash->alg.sha384, flags); #endif break; case WC_HASH_TYPE_SHA512: @@ -1242,7 +1308,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) case WC_HASH_TYPE_SHA512_256: #endif #ifdef WOLFSSL_SHA512 - ret = wc_Sha512GetFlags(&hash->sha512, flags); + ret = wc_Sha512GetFlags(&hash->alg.sha512, flags); #endif break; @@ -1251,13 +1317,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) case WC_HASH_TYPE_SHA3_384: case WC_HASH_TYPE_SHA3_512: #ifdef WOLFSSL_SHA3 - ret = wc_Sha3_GetFlags(&hash->sha3, flags); + ret = wc_Sha3_GetFlags(&hash->alg.sha3, flags); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3GetFlags(&hash->sm3, flags); + ret = wc_Sm3GetFlags(&hash->alg.sm3, flags); break; #endif diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 47f8f13824..e63aad8561 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -266,6 +266,7 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, return BAD_FUNC_ARG; } + heap = hmac->heap; #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) /* if set key has already been run then make sure and free existing */ /* This is for async and PIC32MZ situations, and just normally OK, @@ -273,7 +274,13 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, available in FIPS builds. In current FIPS builds, the hashes are not allocating resources. */ if (hmac->macType != WC_HASH_TYPE_NONE) { + #ifdef WOLF_CRYPTO_CB + int devId = hmac->devId; + #endif wc_HmacFree(hmac); + #ifdef WOLF_CRYPTO_CB + hmac->devId = devId; + #endif } #endif diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 164dc95717..75d03895e6 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -32,6 +32,7 @@ #endif #include +#include /* Possible memory options: diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index e4b53d91f1..4de791dbf8 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -209,6 +209,53 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, #endif } +WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) + return *(word32 *)in; + else { + word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */ + XMEMCPY(&out, in, sizeof(out)); + return out; + } +} + +WC_MISC_STATIC WC_INLINE word32 writeUnalignedWord32(void *out, word32 in) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) + *(word32 *)out = in; + else { + XMEMCPY(out, &in, sizeof(in)); + } + return in; +} + +WC_MISC_STATIC WC_INLINE void readUnalignedWords32(word32 *out, const byte *in, + size_t count) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) { + const word32 *in_word32 = (const word32 *)in; + while (count-- > 0) + *out++ = *in_word32++; + } + else { + XMEMCPY(out, in, count * sizeof(*out)); + } +} + +WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in, + size_t count) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) { + word32 *out_word32 = (word32 *)out; + while (count-- > 0) + *out_word32++ = *in++; + } + else { + XMEMCPY(out, in, count * sizeof(*in)); + } +} + #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS) WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in) @@ -216,8 +263,8 @@ WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in) if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) return *(word64 *)in; else { - word64 out; - XMEMCPY(&out, in, sizeof(word64)); + word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */ + XMEMCPY(&out, in, sizeof(out)); return out; } } @@ -227,7 +274,7 @@ WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in) if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) *(word64 *)out = in; else { - XMEMCPY(out, &in, sizeof(word64)); + XMEMCPY(out, &in, sizeof(in)); } return in; } @@ -241,7 +288,7 @@ WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in, *out++ = *in_word64++; } else { - XMEMCPY(out, in, count * sizeof(word64)); + XMEMCPY(out, in, count * sizeof(*out)); } } @@ -254,7 +301,7 @@ WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in, *out_word64++ = *in++; } else { - XMEMCPY(out, in, count * sizeof(word64)); + XMEMCPY(out, in, count * sizeof(*in)); } } diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 3cddc646b4..e8cc11e9eb 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -1112,7 +1112,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list, InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) { - if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) { + if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0, heap) == 1) { WOLFSSL_MSG("Key Pair found"); *cert = current->buffer; *certSz = current->bufferSz; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index b77e9de171..bb370540e1 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -118,12 +118,12 @@ struct PKCS7State { word32 peakUsed; /* most bytes used for struct at any one time */ word32 peakRead; /* most bytes used by read buffer */ #endif - byte multi:1; /* flag for if content is in multiple parts */ - byte flagOne:1; - byte detached:1; /* flag to indicate detached signature is present */ - byte noContent:1;/* indicates content isn't included in bundle */ - byte degenerate:1; - byte indefLen:1; /* flag to indicate indef-length encoding used */ + WC_BITFIELD multi:1; /* flag for if content is in multiple parts */ + WC_BITFIELD flagOne:1; + WC_BITFIELD detached:1; /* flag to indicate detached signature is present */ + WC_BITFIELD noContent:1;/* indicates content isn't included in bundle */ + WC_BITFIELD degenerate:1; + WC_BITFIELD indefLen:1; /* flag to indicate indef-length encoding used */ }; @@ -1523,7 +1523,7 @@ typedef struct ESD { wc_HashAlg hash; enum wc_HashType hashType; byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */ - byte contentDigestSet:1; + WC_BITFIELD contentDigestSet:1; byte contentAttribsDigest[WC_MAX_DIGEST_SIZE]; byte encContentDigest[MAX_ENCRYPTED_KEY_SZ]; @@ -4040,8 +4040,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, byte* digest; RsaKey* key; DecodedCert* dCert; +#else +#ifdef WOLFSSL_NO_MALLOC + byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size + * key->dataLen + */ #else byte digest[MAX_PKCS7_DIGEST_SZ]; +#endif RsaKey key[1]; DecodedCert stack_dCert; DecodedCert* dCert = &stack_dCert; @@ -6823,9 +6829,9 @@ typedef struct WC_PKCS7_KARI { word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ - byte decodedInit : 1; /* indicates decoded was initialized */ - byte recipKeyInit : 1; /* indicates recipKey was initialized */ - byte senderKeyInit : 1; /* indicates senderKey was initialized */ + WC_BITFIELD decodedInit:1; /* indicates decoded was initialized */ + WC_BITFIELD recipKeyInit:1; /* indicates recipKey was initialized */ + WC_BITFIELD senderKeyInit:1; /* indicates senderKey was initialized */ } WC_PKCS7_KARI; @@ -13692,6 +13698,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* free memory, zero out keys */ ForceZero(encryptedContent, (word32)encryptedContentSz); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encryptedContent = NULL; ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); #ifdef WOLFSSL_SMALL_STACK XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13720,8 +13727,11 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } #else if (ret < 0) { - ForceZero(encryptedContent, (word32)encryptedContentSz); - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + if (encryptedContent != NULL) { + ForceZero(encryptedContent, (word32)encryptedContentSz); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encryptedContent = NULL; + } ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); } #endif diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md index a95d86ff24..3c27d83739 100644 --- a/wolfcrypt/src/port/Espressif/README.md +++ b/wolfcrypt/src/port/Espressif/README.md @@ -14,18 +14,18 @@ Support for the ESP32 on-board cryptographic hardware acceleration for symmetric More details about ESP32 HW Acceleration can be found in: -* [ESP32 Technical Reference Manual](https://espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf) -* [ESP32-S2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s2_technical_reference_manual_en.pdf) -* [ESP32-S3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf) -* [ESP32-C2 (aka ESP8684 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp8684_technical_reference_manual_en.pdf) -* [ESP32-C3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf) -* [ESP32-C6 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c6_technical_reference_manual_en.pdf) -* [ESP32-H2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-h2_technical_reference_manual_en.pdf) +* `esp32_technical_reference_manual_en.pdf` +* `esp32-s2_technical_reference_manual_en.pdf` +* `esp32-s3_technical_reference_manual_en.pdf` +* `esp8684_technical_reference_manual_en.pdf` +* `esp32-c3_technical_reference_manual_en.pdf` +* `esp32-c6_technical_reference_manual_en.pdf` +* `esp32-h2_technical_reference_manual_en.pdf` ### Building Simply run `ESP-IDF.py` in any of the [Espressif/ESP-IDF/Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples). -See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). Hardware acceleration is enabled by default. All settings should be adjusted in the respective project component `user_settings.h` file. See the example in [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h). diff --git a/wolfcrypt/src/port/Espressif/esp32_aes.c b/wolfcrypt/src/port/Espressif/esp32_aes.c index e8c917c9ae..f85343ead6 100644 --- a/wolfcrypt/src/port/Espressif/esp32_aes.c +++ b/wolfcrypt/src/port/Espressif/esp32_aes.c @@ -637,7 +637,7 @@ int esp_hw_show_aes_metrics(void) #if defined(WOLFSSL_HW_METRICS) ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "------------- wolfSSL ESP HW AES Metrics----------------"); + ESP_LOGI(TAG, "------------- wolfSSL ESP HW AES Metrics -------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "esp_aes_unsupported_length_usage_ct = %lu", diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c index 952a12c1c1..458719d3eb 100644 --- a/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -3039,12 +3039,16 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) } /* 8. clear and release HW */ + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGI(TAG, "Unlock esp_mp_exptmod"); + #endif if (exptmod_lock_called) { ret = esp_mp_hw_unlock(); } else { + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGV(TAG, "Lock not called"); + #endif } /* end if CONFIG_IDF_TARGET_ESP32C6 */ diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index ad371c7603..6fa955a9dd 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -20,7 +20,7 @@ */ /* - * ESP32-C3: https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf + * ESP32-C3: esp32-c3_technical_reference_manual_en.pdf * see page 335: no SHA-512 * */ @@ -2384,7 +2384,7 @@ int esp_hw_show_sha_metrics(void) int ret = 0; #if defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics----------------"); + ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics -------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "esp_sha_hw_copy_ct = %lu", diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md index 55635e89ee..9f52338e9b 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md @@ -6,7 +6,7 @@ and with the intention of using Certificate Bundles in the esp-tls component. See the ESP-IDF `idf.py menuconfig`. A recent version of the [wolfSSL Kconfig](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig) file is needed. The [template example](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template) can be use for creating a project-specific [wolfSSL component](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl) -when not using a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +when not using a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). ## Getting Started diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c index c0a092b755..023b373a6a 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c @@ -61,13 +61,18 @@ esp_err_t esp_crt_bundle_attach(void *conf) #include #include -#include /* needed only for esp_tls_free_global_ca_store() */ +#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS + /* We're already here since CONFIG_ESP_TLS_USING_WOLFSSL is enabled, */ + /* but do we have a recent version of wolfSSL CMakeLists.txt to support */ + /* using wolfSSL in ESP-IDF? If so, include the esp-tls component here: */ + #include /* needed only for esp_tls_free_global_ca_store() */ +#endif /* There's a minimum version of wolfSSL needed for Certificate Bundle Support. * * See the latest code at: - * https://github.com/wolfSSL/wolfssl or - * https://components.espressif.com/components/wolfssl/wolfssl + * https://github.com/wolfSSL/wolfssl or Managed Components at + * https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ */ #if defined(WOLFSSL_ESPIDF_COMPONENT_VERSION) #if (WOLFSSL_ESPIDF_COMPONENT_VERSION > 0) @@ -186,12 +191,10 @@ typedef struct crt_bundle_t { static WOLFSSL_X509* store_cert = NULL; /* will point to existing param values*/ static WOLFSSL_X509* bundle_cert = NULL; /* the iterating cert being reviewed.*/ -static const uint8_t **crts = NULL; -static uint16_t num_certs = 0; - - -/* Found in */ -void esp_tls_free_global_ca_store(void); +#ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + static const uint8_t **crts = NULL; + static uint16_t num_certs = 0; +#endif #ifdef CONFIG_WOLFSSL_CERTIFICATE_BUNDLE static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle, @@ -1514,7 +1517,12 @@ esp_err_t wolfSSL_bundle_cleanup(void) s_crt_bundle.crts = NULL; } +#ifdef WOLFSSL_CMAKE_REQUIRED_ESP_TLS + /* When the esp-tls is linked as a requirement in CMake and used by the + * ESP-IDF in the esp-tls component, call at cleanup time: */ esp_tls_free_global_ca_store(); +#endif + /* Be sure to free the bundle_cert first, as it may be part of store. */ if (bundle_cert != NULL) { #ifdef DEBUG_WOLFSSL_MALLOC diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c index 443438f70a..81d88a6542 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -25,10 +25,10 @@ /* wolfSSL */ /* Always include wolfcrypt/settings.h before any other wolfSSL file. */ -/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ -#ifdef WOLFSSL_USER_SETTINGS - #include -#endif +/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ +#include #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ @@ -71,8 +71,6 @@ extern wc_ptr_t _rodata_start[]; extern wc_ptr_t _rodata_end[]; extern wc_ptr_t _bss_start[]; extern wc_ptr_t _bss_end[]; -extern wc_ptr_t _rtc_data_start[]; -extern wc_ptr_t _rtc_data_end[]; extern wc_ptr_t _rtc_bss_start[]; extern wc_ptr_t _rtc_bss_end[]; extern wc_ptr_t _iram_start[]; @@ -83,16 +81,24 @@ extern wc_ptr_t _init_end[]; #endif extern wc_ptr_t _iram_text_start[]; extern wc_ptr_t _iram_text_end[]; -extern wc_ptr_t _iram_bss_start[]; -extern wc_ptr_t _iram_bss_end[]; +#if defined(CONFIG_IDF_TARGET_ESP32S2) + /* TODO: Find ESP32-S2 equivalent */ +#else + extern wc_ptr_t _iram_bss_start[]; + extern wc_ptr_t _iram_bss_end[]; +#endif extern wc_ptr_t _noinit_start[]; extern wc_ptr_t _noinit_end[]; extern wc_ptr_t _text_start[]; extern wc_ptr_t _text_end[]; extern wc_ptr_t _heap_start[]; extern wc_ptr_t _heap_end[]; -extern wc_ptr_t _rtc_data_start[]; -extern wc_ptr_t _rtc_data_end[]; +#ifdef CONFIG_IDF_TARGET_ESP32C2 + /* no rtc_data on ESP32-C2*/ +#else + extern wc_ptr_t _rtc_data_start[]; + extern wc_ptr_t _rtc_data_end[]; +#endif #if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1 extern void* _thread_local_start; @@ -194,7 +200,11 @@ int sdk_init_meminfo(void) { #endif sdk_log_meminfo(data, _data_start, _data_end); sdk_log_meminfo(user_data_ram, USER_DATA_START, USER_DATA_END); +#if defined(CONFIG_IDF_TARGET_ESP32S2) + /* TODO: Find ESP32-S2 equivalent of bss */ +#else sdk_log_meminfo(bss, _bss_start, _bss_end); +#endif sdk_log_meminfo(noinit, _noinit_start, _noinit_end); sdk_log_meminfo(ets_system, ETS_SYS_START, ETS_SYS_END); sdk_log_meminfo(rodata, _rodata_start, _rodata_end); @@ -203,12 +213,20 @@ int sdk_init_meminfo(void) { sdk_log_meminfo(iramf2, IRAMF2_START, IRAMF2_END); sdk_log_meminfo(iram, _iram_start, _iram_end); sdk_log_meminfo(iram_text, _iram_text_start, _iram_text_end); +#if defined(CONFIG_IDF_TARGET_ESP32S2) + /* No iram_bss on ESP32-C2 at this time. TODO: something equivalent? */ +#else sdk_log_meminfo(iram_bss, _iram_bss_start, _iram_bss_end); +#endif #if defined(CONFIG_IDF_TARGET_ESP8266) sdk_log_meminfo(init, _init_start, _init_end); #endif sdk_log_meminfo(text, _text_start, _text_end); +#if defined(CONFIG_IDF_TARGET_ESP32C2) + /* No rtc_data on ESP32-C2 at this time. TODO: something equivalent? */ +#else sdk_log_meminfo(rtc_data, _rtc_data_start, _rtc_data_end); +#endif ESP_LOGI(TAG, "-----------------------------------------------------"); sample_heap_var = malloc(1); if (sample_heap_var == NULL) { diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c index 9c574451a6..678de3b9a7 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -74,10 +74,10 @@ esp_err_t esp_sdk_time_lib_init(void) /* ESP-IDF uses a 64-bit signed integer to represent time_t * starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + * See: Espressif api-reference system_time (year-2036-and-2038-overflow-issues) */ -/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ +/* see gnu TZ-Variable */ #ifndef TIME_ZONE /* * PST represents Pacific Standard Time. @@ -379,7 +379,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference system_time (sntp-time-synchronization) * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c index 06c9f81e8b..9a200a9217 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -23,12 +23,15 @@ #include #endif -/* Reminder: user_settings.h is needed and included from settings.h - * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ #include #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ -#if defined(USE_WOLFSSL_ESP_SDK_WIFI) +#if defined(USE_WOLFSSL_ESP_SDK_WIFI) && ESP_IDF_VERSION_MAJOR > 4 /* Espressif */ #include "sdkconfig.h" /* programmatically generated from sdkconfig */ @@ -59,8 +62,8 @@ esp_err_t esp_sdk_wifi_lib_init(void) #if defined(CONFIG_IDF_TARGET_ESP8266) #elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR) /* example path set in cmake file */ -#elif ESP_IDF_VERSION_MAJOR >= 4 - #include "protocol_examples_common.h" +#elif ESP_IDF_VERSION_MAJOR > 4 +/* #include "protocol_examples_common.h" */ #else const static int CONNECTED_BIT = BIT0; static EventGroupHandle_t wifi_event_group; @@ -266,7 +269,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference freertos_idf */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c index 0028786c57..e1ec04cc5e 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c @@ -795,7 +795,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, return BAD_FUNC_ARG; } -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S index 553acadc29..64a0f630a0 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_AES #ifdef HAVE_AES_DECRYPT @@ -5305,7 +5305,7 @@ L_AES_GCM_encrypt_end: .size AES_GCM_encrypt,.-AES_GCM_encrypt #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c index c21fbea524..1f0569a62e 100644 --- a/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +41,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -56,7 +53,7 @@ #include #ifdef HAVE_AES_DECRYPT -static const uint32_t L_AES_ARM32_td_data[] = { +static const word32 L_AES_ARM32_td_data[] = { 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, @@ -127,7 +124,7 @@ static const uint32_t L_AES_ARM32_td_data[] = { #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t L_AES_ARM32_te_data[] = { +static const word32 L_AES_ARM32_te_data[] = { 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b, @@ -197,12 +194,12 @@ static const uint32_t L_AES_ARM32_te_data[] = { #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT -static const uint32_t* L_AES_ARM32_td = L_AES_ARM32_td_data; +static const word32* L_AES_ARM32_td = L_AES_ARM32_td_data; #endif /* HAVE_AES_DECRYPT */ #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t* L_AES_ARM32_te = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te = L_AES_ARM32_te_data; #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT @@ -211,8 +208,8 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p) { register unsigned char* ks asm ("r0") = (unsigned char*)ks_p; register word32 rounds asm ("r1") = (word32)rounds_p; - register uint32_t* L_AES_ARM32_te_c asm ("r2") = (uint32_t*)L_AES_ARM32_te; - register uint32_t* L_AES_ARM32_td_c asm ("r3") = (uint32_t*)L_AES_ARM32_td; + register word32* L_AES_ARM32_te_c asm ("r2") = (word32*)L_AES_ARM32_te; + register word32* L_AES_ARM32_td_c asm ("r3") = (word32*)L_AES_ARM32_td; __asm__ __volatile__ ( "mov r12, %[L_AES_ARM32_te]\n\t" @@ -408,9 +405,9 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p) "str r8, [%[ks]], #4\n\t" "subs r11, r11, #1\n\t" "bne L_AES_invert_key_mix_loop_%=\n\t" - : [ks] "+r" (ks), [rounds] "+r" (rounds), - [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), - [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c) + : [ks] "+r" (ks), [rounds] "+r" (rounds), + [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), + [L_AES_ARM32_td] "+r" (L_AES_ARM32_td_c) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -418,7 +415,7 @@ void AES_invert_key(unsigned char* ks_p, word32 rounds_p) } #endif /* HAVE_AES_DECRYPT */ -static const uint32_t L_AES_ARM32_rcon[] = { +static const word32 L_AES_ARM32_rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000 @@ -432,9 +429,9 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, register const unsigned char* key asm ("r0") = (const unsigned char*)key_p; register word32 len asm ("r1") = (word32)len_p; register unsigned char* ks asm ("r2") = (unsigned char*)ks_p; - register uint32_t* L_AES_ARM32_te_c asm ("r3") = (uint32_t*)L_AES_ARM32_te; - register uint32_t* L_AES_ARM32_rcon_c asm ("r4") = - (uint32_t*)&L_AES_ARM32_rcon; + register word32* L_AES_ARM32_te_c asm ("r3") = (word32*)L_AES_ARM32_te; + register word32* L_AES_ARM32_rcon_c asm ("r4") = + (word32*)&L_AES_ARM32_rcon; __asm__ __volatile__ ( "mov r8, %[L_AES_ARM32_te]\n\t" @@ -935,23 +932,23 @@ void AES_set_encrypt_key(const unsigned char* key_p, word32 len_p, "bne L_AES_set_encrypt_key_loop_128_%=\n\t" "\n" "L_AES_set_encrypt_key_end_%=: \n\t" - : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), - [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), - [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c) + : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), + [L_AES_ARM32_te] "+r" (L_AES_ARM32_te_c), + [L_AES_ARM32_rcon] "+r" (L_AES_ARM32_rcon_c) : : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8" ); } -void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, - const uint32_t* ks_p); -void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, - const uint32_t* ks_p) +void AES_encrypt_block(const word32* te_p, int nr_p, int len_p, + const word32* ks_p); +void AES_encrypt_block(const word32* te_p, int nr_p, int len_p, + const word32* ks_p) { - register const uint32_t* te asm ("r0") = (const uint32_t*)te_p; + register const word32* te asm ("r0") = (const word32*)te_p; register int nr asm ("r1") = (int)nr_p; register int len asm ("r2") = (int)len_p; - register const uint32_t* ks asm ("r3") = (const uint32_t*)ks_p; + register const word32* ks asm ("r3") = (const word32*)ks_p; __asm__ __volatile__ ( "\n" @@ -1590,7 +1587,7 @@ void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, "eor r5, r5, r9\n\t" "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" - : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks) + : [te] "+r" (te), [nr] "+r" (nr), [len] "+r" (len), [ks] "+r" (ks) : : "memory", "cc", "lr" ); @@ -1598,7 +1595,7 @@ void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te_ecb = L_AES_ARM32_te_data; void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p); void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, @@ -1609,8 +1606,8 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, register unsigned long len asm ("r2") = (unsigned long)len_p; register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; - register uint32_t* L_AES_ARM32_te_ecb_c asm ("r5") = - (uint32_t*)L_AES_ARM32_te_ecb; + register word32* L_AES_ARM32_te_ecb_c asm ("r5") = + (word32*)L_AES_ARM32_te_ecb; __asm__ __volatile__ ( "mov lr, %[in]\n\t" @@ -1843,8 +1840,8 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, "\n" "L_AES_ECB_encrypt_end_%=: \n\t" "pop {%[ks]}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [L_AES_ARM32_te_ecb] "+r" (L_AES_ARM32_te_ecb_c) : : "memory", "cc", "r12", "lr", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -1853,7 +1850,7 @@ void AES_ECB_encrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || * WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_CBC -static const uint32_t* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te_cbc = L_AES_ARM32_te_data; void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p); @@ -1867,8 +1864,8 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* iv asm ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_ARM32_te_cbc_c asm ("r6") = - (uint32_t*)L_AES_ARM32_te_cbc; + register word32* L_AES_ARM32_te_cbc_c asm ("r6") = + (word32*)L_AES_ARM32_te_cbc; __asm__ __volatile__ ( "mov r8, r4\n\t" @@ -2116,9 +2113,9 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, "L_AES_CBC_encrypt_end_%=: \n\t" "pop {%[ks], r9}\n\t" "stm r9, {r4, r5, r6, r7}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [iv] "+r" (iv), - [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [iv] "+r" (iv), + [L_AES_ARM32_te_cbc] "+r" (L_AES_ARM32_te_cbc_c) : : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); @@ -2126,7 +2123,7 @@ void AES_CBC_encrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_COUNTER -static const uint32_t* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te_ctr = L_AES_ARM32_te_data; void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p); @@ -2140,8 +2137,8 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_ARM32_te_ctr_c asm ("r6") = - (uint32_t*)L_AES_ARM32_te_ctr; + register word32* L_AES_ARM32_te_ctr_c asm ("r6") = + (word32*)L_AES_ARM32_te_ctr; __asm__ __volatile__ ( "mov r12, r4\n\t" @@ -2391,9 +2388,9 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, "rev r7, r7\n\t" #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ "stm r8, {r4, r5, r6, r7}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [ctr] "+r" (ctr), - [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [ctr] "+r" (ctr), + [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c) : : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); @@ -2403,12 +2400,12 @@ void AES_CTR_encrypt(const unsigned char* in_p, unsigned char* out_p, #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ defined(HAVE_AES_CBC) -void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p); -void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p) +void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p); +void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p) { - register const uint32_t* td asm ("r0") = (const uint32_t*)td_p; + register const word32* td asm ("r0") = (const word32*)td_p; register int nr asm ("r1") = (int)nr_p; - register const uint8_t* td4 asm ("r2") = (const uint8_t*)td4_p; + register const byte* td4 asm ("r2") = (const byte*)td4_p; __asm__ __volatile__ ( "\n" @@ -3047,14 +3044,14 @@ void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p) "eor r5, r5, r9\n\t" "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" - : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4) + : [td] "+r" (td), [nr] "+r" (nr), [td4] "+r" (td4) : : "memory", "cc", "lr" ); } -static const uint32_t* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data; -static const unsigned char L_AES_ARM32_td4[] = { +static const word32* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data; +static const byte L_AES_ARM32_td4[] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, @@ -3100,10 +3097,9 @@ void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, register unsigned long len asm ("r2") = (unsigned long)len_p; register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; - register uint32_t* L_AES_ARM32_td_ecb_c asm ("r5") = - (uint32_t*)L_AES_ARM32_td_ecb; - register unsigned char* L_AES_ARM32_td4_c asm ("r6") = - (unsigned char*)&L_AES_ARM32_td4; + register word32* L_AES_ARM32_td_ecb_c asm ("r5") = + (word32*)L_AES_ARM32_td_ecb; + register byte* L_AES_ARM32_td4_c asm ("r6") = (byte*)&L_AES_ARM32_td4; __asm__ __volatile__ ( "mov r8, r4\n\t" @@ -3333,9 +3329,9 @@ void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, "bne L_AES_ECB_decrypt_loop_block_128_%=\n\t" "\n" "L_AES_ECB_decrypt_end_%=: \n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), - [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), + [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) : : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); @@ -3356,10 +3352,9 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* iv asm ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_ARM32_td_ecb_c asm ("r6") = - (uint32_t*)L_AES_ARM32_td_ecb; - register unsigned char* L_AES_ARM32_td4_c asm ("r7") = - (unsigned char*)&L_AES_ARM32_td4; + register word32* L_AES_ARM32_td_ecb_c asm ("r6") = + (word32*)L_AES_ARM32_td_ecb; + register byte* L_AES_ARM32_td4_c asm ("r7") = (byte*)&L_AES_ARM32_td4; __asm__ __volatile__ ( "mov r8, r4\n\t" @@ -3973,10 +3968,10 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, "\n" "L_AES_CBC_decrypt_end_%=: \n\t" "pop {%[ks]-r4}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [iv] "+r" (iv), - [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), - [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [iv] "+r" (iv), + [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), + [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) : : "memory", "cc", "r12", "lr", "r8", "r9", "r10", "r11" ); @@ -3986,7 +3981,7 @@ void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */ #endif /* HAVE_AES_DECRYPT */ #ifdef HAVE_AESGCM -static const uint32_t L_GCM_gmult_len_r[] = { +static const word32 L_GCM_gmult_len_r[] = { 0x00000000, 0x1c200000, 0x38400000, 0x24600000, 0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000, 0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000, @@ -4003,8 +3998,8 @@ void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, register const unsigned char* data asm ("r2") = (const unsigned char*)data_p; register unsigned long len asm ("r3") = (unsigned long)len_p; - register uint32_t* L_GCM_gmult_len_r_c asm ("r4") = - (uint32_t*)&L_GCM_gmult_len_r; + register word32* L_GCM_gmult_len_r_c asm ("r4") = + (word32*)&L_GCM_gmult_len_r; __asm__ __volatile__ ( "mov lr, %[L_GCM_gmult_len_r]\n\t" @@ -4578,15 +4573,15 @@ void GCM_gmult_len(unsigned char* x_p, const unsigned char** m_p, "subs %[len], %[len], #16\n\t" "add %[data], %[data], #16\n\t" "bne L_GCM_gmult_len_start_block_%=\n\t" - : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), - [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c) + : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), + [L_GCM_gmult_len_r] "+r" (L_GCM_gmult_len_r_c) : : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); } -static const uint32_t* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data; +static const word32* L_AES_ARM32_te_gcm = L_AES_ARM32_te_data; void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* ctr_p); @@ -4600,8 +4595,8 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, register const unsigned char* ks asm ("r3") = (const unsigned char*)ks_p; register int nr asm ("r4") = (int)nr_p; register unsigned char* ctr asm ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_ARM32_te_gcm_c asm ("r6") = - (uint32_t*)L_AES_ARM32_te_gcm; + register word32* L_AES_ARM32_te_gcm_c asm ("r6") = + (word32*)L_AES_ARM32_te_gcm; __asm__ __volatile__ ( "mov r12, r4\n\t" @@ -4842,9 +4837,9 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, "rev r7, r7\n\t" #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ "stm r8, {r4, r5, r6, r7}\n\t" - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [ctr] "+r" (ctr), - [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c) + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [ctr] "+r" (ctr), + [L_AES_ARM32_te_gcm] "+r" (L_AES_ARM32_te_gcm_c) : : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); @@ -4852,9 +4847,7 @@ void AES_GCM_encrypt(const unsigned char* in_p, unsigned char* out_p, #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S index b19bf515c2..f035fbe23d 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifdef HAVE_CHACHA .text @@ -514,7 +514,7 @@ L_chacha_arm32_over_done: .size wc_chacha_use_over,.-wc_chacha_use_over #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c index 201cf2ee31..d05d06b4a7 100644 --- a/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +41,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -73,13 +70,13 @@ void wc_chacha_setiv(word32* x_p, const byte* iv_p, word32 counter_p) "rev lr, lr\n\t" #endif /* BIG_ENDIAN_ORDER */ "stm r3, {r4, r12, lr}\n\t" - : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter) + : [x] "+r" (x), [iv] "+r" (iv), [counter] "+r" (counter) : : "memory", "cc", "r3", "r12", "lr", "r4" ); } -static const uint32_t L_chacha_arm32_constants[] = { +static const word32 L_chacha_arm32_constants[] = { 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574, 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574, }; @@ -89,8 +86,8 @@ void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p) register word32* x asm ("r0") = (word32*)x_p; register const byte* key asm ("r1") = (const byte*)key_p; register word32 keySz asm ("r2") = (word32)keySz_p; - register uint32_t* L_chacha_arm32_constants_c asm ("r3") = - (uint32_t*)&L_chacha_arm32_constants; + register word32* L_chacha_arm32_constants_c asm ("r3") = + (word32*)&L_chacha_arm32_constants; __asm__ __volatile__ ( "subs %[keySz], %[keySz], #16\n\t" @@ -121,8 +118,8 @@ void wc_chacha_setkey(word32* x_p, const byte* key_p, word32 keySz_p) "\n" "L_chacha_arm32_setkey_same_keyb_ytes_%=: \n\t" "stm %[x], {r4, r5, r12, lr}\n\t" - : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz), - [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c) + : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz), + [L_chacha_arm32_constants] "+r" (L_chacha_arm32_constants_c) : : "memory", "cc", "r12", "lr", "r4", "r5" ); @@ -486,7 +483,7 @@ void wc_chacha_crypt_bytes(ChaCha* ctx_p, byte* c_p, const byte* m_p, "\n" "L_chacha_arm32_crypt_done_%=: \n\t" "add sp, sp, #52\n\t" - : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len) + : [ctx] "+r" (ctx), [c] "+r" (c), [m] "+r" (m), [len] "+r" (len) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -559,8 +556,8 @@ void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, "b L_chacha_arm32_over_byte_loop_%=\n\t" "\n" "L_chacha_arm32_over_done_%=: \n\t" - : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input), - [len] "+r" (len) + : [over] "+r" (over), [output] "+r" (output), [input] "+r" (input), + [len] "+r" (len) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9" ); @@ -568,9 +565,7 @@ void wc_chacha_use_over(byte* over_p, byte* output_p, const byte* input_p, #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S index bf8daeec0e..3a5d8382b1 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) @@ -617,7 +617,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -1045,7 +1045,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -1474,7 +1474,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -1903,7 +1903,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -2346,7 +2346,7 @@ fe_cmov_table: #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) lsl r3, r2, #24 - asr r3, r2, #31 + asr r3, r3, #31 #else sbfx r3, r2, #7, #1 #endif @@ -3418,7 +3418,11 @@ fe_mul121666: #else mov r10, #0xdb42 #endif - movt r10, #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x10000 +#else + movt r10, #0x1 +#endif #endif umull r2, r12, r10, r2 umull r3, lr, r10, r3 @@ -3485,7 +3489,11 @@ fe_mul121666: #else mov lr, #0xdb42 #endif - movt lr, #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x10000 +#else + movt lr, #0x1 +#endif #endif umull r2, r10, lr, r2 sub r12, lr, #1 @@ -5479,8 +5487,13 @@ sc_reduce: #else mov r10, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xa3000000 + orr r10, r10, #0xa0000 +#else movt r10, #0xa30a #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xa7 lsl r11, r11, #8 @@ -5497,7 +5510,12 @@ sc_reduce: #else mov r11, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xa7000000 + orr r11, r11, #0xed0000 +#else movt r11, #0xa7ed +#endif #endif mov r1, #0 umlal r2, r1, r10, lr @@ -5521,8 +5539,13 @@ sc_reduce: #else mov r10, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5d000000 + orr r10, r10, #0x80000 +#else movt r10, #0x5d08 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xeb lsl r11, r11, #8 @@ -5539,7 +5562,12 @@ sc_reduce: #else mov r11, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xeb000000 + orr r11, r11, #0x210000 +#else movt r11, #0xeb21 +#endif #endif adds r4, r4, r1 mov r1, #0 @@ -5575,7 +5603,12 @@ sc_reduce: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0!, {r10, r11} @@ -5638,7 +5671,12 @@ sc_reduce: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -5695,7 +5733,12 @@ sc_reduce: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -5752,7 +5795,12 @@ sc_reduce: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -5836,8 +5884,13 @@ sc_reduce: #else mov r2, #0xba7d #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r2, r2, #0x4b000000 + orr r2, r2, #0x9e0000 +#else movt r2, #0x4b9e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r3, #0xcb lsl r3, r3, #8 @@ -5854,8 +5907,13 @@ sc_reduce: #else mov r3, #0x4c63 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r3, r3, #0xcb000000 + orr r3, r3, #0x20000 +#else movt r3, #0xcb02 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r4, #0xd4 lsl r4, r4, #8 @@ -5872,8 +5930,13 @@ sc_reduce: #else mov r4, #0xf39a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r4, r4, #0xd4000000 + orr r4, r4, #0x5e0000 +#else movt r4, #0xd45e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r5, #2 lsl r5, r5, #8 @@ -5890,8 +5953,13 @@ sc_reduce: #else mov r5, #0xdf3b #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r5, r5, #0x2000000 + orr r5, r5, #0x9b0000 +#else movt r5, #0x29b #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r9, #0x20000 lsl r9, r9, #8 @@ -5962,7 +6030,12 @@ sc_reduce: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0, {r6, r7, r8, r9} @@ -5998,7 +6071,12 @@ sc_reduce: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov r10, #0 ldm r0, {r6, r7, r8, r9} @@ -6034,7 +6112,12 @@ sc_reduce: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov r11, #0 ldm r0, {r6, r7, r8, r9} @@ -6070,7 +6153,12 @@ sc_reduce: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov r12, #0 ldm r0, {r6, r7, r8, r9} @@ -6124,8 +6212,13 @@ sc_reduce: #else mov r10, #0xd3ed #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5c000000 + orr r10, r10, #0xf50000 +#else movt r10, #0x5cf5 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0x58 lsl r11, r11, #8 @@ -6142,8 +6235,13 @@ sc_reduce: #else mov r11, #0x631a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x58000000 + orr r11, r11, #0x120000 +#else movt r11, #0x5812 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r12, #0xa2 lsl r12, r12, #8 @@ -6160,8 +6258,13 @@ sc_reduce: #else mov r12, #0x9cd6 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xa2000000 + orr r12, r12, #0xf70000 +#else movt r12, #0xa2f7 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov lr, #20 lsl lr, lr, #8 @@ -6178,7 +6281,12 @@ sc_reduce: #else mov lr, #0xf9de #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x14000000 + orr lr, lr, #0xde0000 +#else movt lr, #0x14de +#endif #endif and r10, r10, r1 and r11, r11, r1 @@ -6256,8 +6364,13 @@ sc_reduce: #else mov r10, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xa3000000 + orr r10, r10, #0xa0000 +#else movt r10, #0xa30a #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xa7 lsl r11, r11, #8 @@ -6274,7 +6387,12 @@ sc_reduce: #else mov r11, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xa7000000 + orr r11, r11, #0xed0000 +#else movt r11, #0xa7ed +#endif #endif mov r1, #0 umlal r2, r1, r10, lr @@ -6295,8 +6413,13 @@ sc_reduce: #else mov r10, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5d000000 + orr r10, r10, #0x80000 +#else movt r10, #0x5d08 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xeb lsl r11, r11, #8 @@ -6313,7 +6436,12 @@ sc_reduce: #else mov r11, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xeb000000 + orr r11, r11, #0x210000 +#else movt r11, #0xeb21 +#endif #endif umaal r4, r1, r10, lr umaal r5, r1, r11, lr @@ -6343,7 +6471,12 @@ sc_reduce: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0!, {r10, r11} @@ -6385,7 +6518,12 @@ sc_reduce: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -6421,7 +6559,12 @@ sc_reduce: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -6457,7 +6600,12 @@ sc_reduce: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -6520,8 +6668,13 @@ sc_reduce: #else mov r2, #0xba7d #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r2, r2, #0x4b000000 + orr r2, r2, #0x9e0000 +#else movt r2, #0x4b9e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r3, #0xcb lsl r3, r3, #8 @@ -6538,8 +6691,13 @@ sc_reduce: #else mov r3, #0x4c63 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r3, r3, #0xcb000000 + orr r3, r3, #0x20000 +#else movt r3, #0xcb02 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r4, #0xd4 lsl r4, r4, #8 @@ -6556,8 +6714,13 @@ sc_reduce: #else mov r4, #0xf39a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r4, r4, #0xd4000000 + orr r4, r4, #0x5e0000 +#else movt r4, #0xd45e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r5, #2 lsl r5, r5, #8 @@ -6574,8 +6737,13 @@ sc_reduce: #else mov r5, #0xdf3b #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r5, r5, #0x2000000 + orr r5, r5, #0x9b0000 +#else movt r5, #0x29b #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r9, #0x20000 lsl r9, r9, #8 @@ -6646,7 +6814,12 @@ sc_reduce: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0, {r6, r7, r8, r9} @@ -6673,7 +6846,12 @@ sc_reduce: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov r10, #0 ldm r0, {r6, r7, r8, r9} @@ -6700,7 +6878,12 @@ sc_reduce: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov r11, #0 ldm r0, {r6, r7, r8, r9} @@ -6727,7 +6910,12 @@ sc_reduce: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov r12, #0 ldm r0, {r6, r7, r8, r9} @@ -6772,8 +6960,13 @@ sc_reduce: #else mov r10, #0xd3ed #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5c000000 + orr r10, r10, #0xf50000 +#else movt r10, #0x5cf5 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0x58 lsl r11, r11, #8 @@ -6790,8 +6983,13 @@ sc_reduce: #else mov r11, #0x631a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x58000000 + orr r11, r11, #0x120000 +#else movt r11, #0x5812 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r12, #0xa2 lsl r12, r12, #8 @@ -6808,8 +7006,13 @@ sc_reduce: #else mov r12, #0x9cd6 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xa2000000 + orr r12, r12, #0xf70000 +#else movt r12, #0xa2f7 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov lr, #20 lsl lr, lr, #8 @@ -6826,7 +7029,12 @@ sc_reduce: #else mov lr, #0xf9de #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x14000000 + orr lr, lr, #0xde0000 +#else movt lr, #0x14de +#endif #endif and r10, r10, r1 and r11, r11, r1 @@ -7256,8 +7464,13 @@ sc_muladd: #else mov r10, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xa3000000 + orr r10, r10, #0xa0000 +#else movt r10, #0xa30a #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xa7 lsl r11, r11, #8 @@ -7274,7 +7487,12 @@ sc_muladd: #else mov r11, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xa7000000 + orr r11, r11, #0xed0000 +#else movt r11, #0xa7ed +#endif #endif mov r1, #0 umlal r2, r1, r10, lr @@ -7298,8 +7516,13 @@ sc_muladd: #else mov r10, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5d000000 + orr r10, r10, #0x80000 +#else movt r10, #0x5d08 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xeb lsl r11, r11, #8 @@ -7316,7 +7539,12 @@ sc_muladd: #else mov r11, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xeb000000 + orr r11, r11, #0x210000 +#else movt r11, #0xeb21 +#endif #endif adds r4, r4, r1 mov r1, #0 @@ -7352,7 +7580,12 @@ sc_muladd: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0!, {r10, r11} @@ -7415,7 +7648,12 @@ sc_muladd: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -7472,7 +7710,12 @@ sc_muladd: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -7529,7 +7772,12 @@ sc_muladd: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -7613,8 +7861,13 @@ sc_muladd: #else mov r2, #0xba7d #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r2, r2, #0x4b000000 + orr r2, r2, #0x9e0000 +#else movt r2, #0x4b9e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r3, #0xcb lsl r3, r3, #8 @@ -7631,8 +7884,13 @@ sc_muladd: #else mov r3, #0x4c63 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r3, r3, #0xcb000000 + orr r3, r3, #0x20000 +#else movt r3, #0xcb02 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r4, #0xd4 lsl r4, r4, #8 @@ -7649,8 +7907,13 @@ sc_muladd: #else mov r4, #0xf39a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r4, r4, #0xd4000000 + orr r4, r4, #0x5e0000 +#else movt r4, #0xd45e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r5, #2 lsl r5, r5, #8 @@ -7667,8 +7930,13 @@ sc_muladd: #else mov r5, #0xdf3b #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r5, r5, #0x2000000 + orr r5, r5, #0x9b0000 +#else movt r5, #0x29b #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r9, #0x20000 lsl r9, r9, #8 @@ -7739,7 +8007,12 @@ sc_muladd: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0, {r6, r7, r8, r9} @@ -7775,7 +8048,12 @@ sc_muladd: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov r10, #0 ldm r0, {r6, r7, r8, r9} @@ -7811,7 +8089,12 @@ sc_muladd: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov r11, #0 ldm r0, {r6, r7, r8, r9} @@ -7847,7 +8130,12 @@ sc_muladd: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov r12, #0 ldm r0, {r6, r7, r8, r9} @@ -7901,8 +8189,13 @@ sc_muladd: #else mov r10, #0xd3ed #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5c000000 + orr r10, r10, #0xf50000 +#else movt r10, #0x5cf5 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0x58 lsl r11, r11, #8 @@ -7919,8 +8212,13 @@ sc_muladd: #else mov r11, #0x631a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x58000000 + orr r11, r11, #0x120000 +#else movt r11, #0x5812 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r12, #0xa2 lsl r12, r12, #8 @@ -7937,8 +8235,13 @@ sc_muladd: #else mov r12, #0x9cd6 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xa2000000 + orr r12, r12, #0xf70000 +#else movt r12, #0xa2f7 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov lr, #20 lsl lr, lr, #8 @@ -7955,7 +8258,12 @@ sc_muladd: #else mov lr, #0xf9de #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x14000000 + orr lr, lr, #0xde0000 +#else movt lr, #0x14de +#endif #endif and r10, r10, r1 and r11, r11, r1 @@ -8163,8 +8471,13 @@ sc_muladd: #else mov r10, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xa3000000 + orr r10, r10, #0xa0000 +#else movt r10, #0xa30a #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xa7 lsl r11, r11, #8 @@ -8181,7 +8494,12 @@ sc_muladd: #else mov r11, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xa7000000 + orr r11, r11, #0xed0000 +#else movt r11, #0xa7ed +#endif #endif mov r1, #0 umlal r2, r1, r10, lr @@ -8202,8 +8520,13 @@ sc_muladd: #else mov r10, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5d000000 + orr r10, r10, #0x80000 +#else movt r10, #0x5d08 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xeb lsl r11, r11, #8 @@ -8220,7 +8543,12 @@ sc_muladd: #else mov r11, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0xeb000000 + orr r11, r11, #0x210000 +#else movt r11, #0xeb21 +#endif #endif umaal r4, r1, r10, lr umaal r5, r1, r11, lr @@ -8250,7 +8578,12 @@ sc_muladd: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0!, {r10, r11} @@ -8292,7 +8625,12 @@ sc_muladd: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -8328,7 +8666,12 @@ sc_muladd: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -8364,7 +8707,12 @@ sc_muladd: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov lr, #0 ldm r12, {r10, r11} @@ -8427,8 +8775,13 @@ sc_muladd: #else mov r2, #0xba7d #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r2, r2, #0x4b000000 + orr r2, r2, #0x9e0000 +#else movt r2, #0x4b9e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r3, #0xcb lsl r3, r3, #8 @@ -8445,8 +8798,13 @@ sc_muladd: #else mov r3, #0x4c63 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r3, r3, #0xcb000000 + orr r3, r3, #0x20000 +#else movt r3, #0xcb02 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r4, #0xd4 lsl r4, r4, #8 @@ -8463,8 +8821,13 @@ sc_muladd: #else mov r4, #0xf39a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r4, r4, #0xd4000000 + orr r4, r4, #0x5e0000 +#else movt r4, #0xd45e #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r5, #2 lsl r5, r5, #8 @@ -8481,8 +8844,13 @@ sc_muladd: #else mov r5, #0xdf3b #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r5, r5, #0x2000000 + orr r5, r5, #0x9b0000 +#else movt r5, #0x29b #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r9, #0x20000 lsl r9, r9, #8 @@ -8553,7 +8921,12 @@ sc_muladd: #else mov r1, #0x2c13 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa3000000 + orr r1, r1, #0xa0000 +#else movt r1, #0xa30a +#endif #endif mov lr, #0 ldm r0, {r6, r7, r8, r9} @@ -8580,7 +8953,12 @@ sc_muladd: #else mov r1, #0x9ce5 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xa7000000 + orr r1, r1, #0xed0000 +#else movt r1, #0xa7ed +#endif #endif mov r10, #0 ldm r0, {r6, r7, r8, r9} @@ -8607,7 +8985,12 @@ sc_muladd: #else mov r1, #0x6329 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0x5d000000 + orr r1, r1, #0x80000 +#else movt r1, #0x5d08 +#endif #endif mov r11, #0 ldm r0, {r6, r7, r8, r9} @@ -8634,7 +9017,12 @@ sc_muladd: #else mov r1, #0x621 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r1, r1, #0xeb000000 + orr r1, r1, #0x210000 +#else movt r1, #0xeb21 +#endif #endif mov r12, #0 ldm r0, {r6, r7, r8, r9} @@ -8679,8 +9067,13 @@ sc_muladd: #else mov r10, #0xd3ed #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0x5c000000 + orr r10, r10, #0xf50000 +#else movt r10, #0x5cf5 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0x58 lsl r11, r11, #8 @@ -8697,8 +9090,13 @@ sc_muladd: #else mov r11, #0x631a #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x58000000 + orr r11, r11, #0x120000 +#else movt r11, #0x5812 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r12, #0xa2 lsl r12, r12, #8 @@ -8715,8 +9113,13 @@ sc_muladd: #else mov r12, #0x9cd6 #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xa2000000 + orr r12, r12, #0xf70000 +#else movt r12, #0xa2f7 #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov lr, #20 lsl lr, lr, #8 @@ -8733,7 +9136,12 @@ sc_muladd: #else mov lr, #0xf9de #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0x14000000 + orr lr, lr, #0xde0000 +#else movt lr, #0x14de +#endif #endif and r10, r10, r1 and r11, r11, r1 @@ -8772,7 +9180,7 @@ sc_muladd: #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index d00916ec66..284b806862 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +41,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -337,7 +334,7 @@ void fe_sub(fe r_p, const fe a_p, const fe b_p) __asm__ __volatile__ ( "bl fe_sub_op\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -395,7 +392,7 @@ void fe_add(fe r_p, const fe a_p, const fe b_p) __asm__ __volatile__ ( "bl fe_add_op\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -430,7 +427,7 @@ void fe_frombytes(fe out_p, const unsigned char* in_p) "str r7, [%[out], #20]\n\t" "str r8, [%[out], #24]\n\t" "str r9, [%[out], #28]\n\t" - : [out] "+r" (out), [in] "+r" (in) + : [out] "+r" (out), [in] "+r" (in) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); @@ -474,7 +471,7 @@ void fe_tobytes(unsigned char* out_p, const fe n_p) "str r7, [%[out], #20]\n\t" "str r8, [%[out], #24]\n\t" "str r9, [%[out], #28]\n\t" - : [out] "+r" (out), [n] "+r" (n) + : [out] "+r" (out), [n] "+r" (n) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12" ); @@ -577,7 +574,7 @@ void fe_copy(fe r_p, const fe a_p) #else "strd r4, r5, [%[r], #24]\n\t" #endif - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5" ); @@ -604,7 +601,7 @@ void fe_neg(fe r_p, const fe a_p) "sbcs r4, lr, r4\n\t" "sbc r5, r12, r5\n\t" "stm %[r]!, {r2, r3, r4, r5}\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5", "r12", "lr" ); @@ -697,7 +694,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -1125,7 +1122,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -1554,7 +1551,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -1983,7 +1980,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -2409,7 +2406,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #else "strd r8, r9, [%[r], #88]\n\t" #endif - : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) + : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r3", "r10", "r11", "r12", "lr" @@ -2432,7 +2429,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "lsl r3, %[b], #24\n\t" - "asr r3, %[b], #31\n\t" + "asr r3, r3, #31\n\t" #else "sbfx r3, %[b], #7, #1\n\t" #endif @@ -2530,7 +2527,7 @@ void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) "and r7, r7, lr\n\t" "stm %[r]!, {r4, r5, r6, r7}\n\t" "sub %[base], %[base], %[b]\n\t" - : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) + : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -3076,7 +3073,7 @@ void fe_mul(fe r_p, const fe a_p, const fe b_p) __asm__ __volatile__ ( "bl fe_mul_op\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -3497,7 +3494,7 @@ void fe_sq(fe r_p, const fe a_p) __asm__ __volatile__ ( "bl fe_sq_op\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "r11" @@ -3528,7 +3525,11 @@ void fe_mul121666(fe r_p, fe a_p) #else "mov r10, #0xdb42\n\t" #endif - "movt r10, #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x10000\n\t" +#else + "movt r10, #0x1\n\t" +#endif #endif "umull r2, r12, r10, r2\n\t" "umull r3, lr, r10, r3\n\t" @@ -3570,7 +3571,7 @@ void fe_mul121666(fe r_p, fe a_p) "adcs r8, r8, #0\n\t" "adc r9, r9, #0\n\t" "stm %[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10" @@ -3600,7 +3601,11 @@ void fe_mul121666(fe r_p, fe a_p) #else "mov lr, #0xdb42\n\t" #endif - "movt lr, #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x10000\n\t" +#else + "movt lr, #0x1\n\t" +#endif #endif "umull r2, r10, lr, r2\n\t" "sub r12, lr, #1\n\t" @@ -3629,7 +3634,7 @@ void fe_mul121666(fe r_p, fe a_p) "adcs r8, r8, #0\n\t" "adc r9, r9, #0\n\t" "stm %[r], {r2, r3, r4, r5, r6, r7, r8, r9}\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10" @@ -4020,7 +4025,7 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p) "bl fe_mul_op\n\t" "mov r0, #0\n\t" "add sp, sp, #0xbc\n\t" - : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) + : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr" @@ -4334,7 +4339,7 @@ int curve25519(byte* r_p, const byte* n_p, const byte* a_p) "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "mov r0, #0\n\t" "add sp, sp, #0xc0\n\t" - : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) + : [r] "+r" (r), [n] "+r" (n), [a] "+r" (a) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "lr" @@ -4509,7 +4514,7 @@ void fe_invert(fe r_p, const fe a_p) "ldr %[a], [sp, #132]\n\t" "ldr %[r], [sp, #128]\n\t" "add sp, sp, #0x88\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -4830,7 +4835,7 @@ void fe_sq2(fe r_p, const fe a_p) "ldr r0, [sp, #64]\n\t" "stm r0, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x44\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "lr" ); @@ -5009,7 +5014,7 @@ void fe_sq2(fe r_p, const fe a_p) "stm r12, {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "mov r0, r12\n\t" "mov r1, lr\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "lr" ); @@ -5180,7 +5185,7 @@ void fe_pow22523(fe r_p, const fe a_p) "ldr %[a], [sp, #100]\n\t" "ldr %[r], [sp, #96]\n\t" "add sp, sp, #0x68\n\t" - : [r] "+r" (r), [a] "+r" (a) + : [r] "+r" (r), [a] "+r" (a) : : "memory", "cc", "lr", "r12", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -5211,7 +5216,7 @@ void ge_p1p1_to_p2(ge_p2 * r_p, const ge_p1p1 * p_p) "add r0, r0, #0x40\n\t" "bl fe_mul_op\n\t" "add sp, sp, #8\n\t" - : [r] "+r" (r), [p] "+r" (p) + : [r] "+r" (r), [p] "+r" (p) : : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -5247,7 +5252,7 @@ void ge_p1p1_to_p3(ge_p3 * r_p, const ge_p1p1 * p_p) "add r0, r0, #0x60\n\t" "bl fe_mul_op\n\t" "add sp, sp, #8\n\t" - : [r] "+r" (r), [p] "+r" (p) + : [r] "+r" (r), [p] "+r" (p) : : "memory", "cc", "lr", "r2", "r3", "r12", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" @@ -5295,7 +5300,7 @@ void ge_p2_dbl(ge_p1p1 * r_p, const ge_p2 * p_p) "mov r1, r0\n\t" "bl fe_sub_op\n\t" "add sp, sp, #8\n\t" - : [r] "+r" (r), [p] "+r" (p) + : [r] "+r" (r), [p] "+r" (p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -5382,7 +5387,7 @@ void ge_madd(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p) "add r1, r0, #32\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #12\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -5470,7 +5475,7 @@ void ge_msub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_precomp * q_p) "add r0, r0, #32\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #12\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -5558,7 +5563,7 @@ void ge_add(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p) "add r0, r0, #32\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #44\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -5646,7 +5651,7 @@ void ge_sub(ge_p1p1 * r_p, const ge_p3 * p_p, const ge_cached* q_p) "add r0, r0, #0x40\n\t" "bl fe_add_sub_op\n\t" "add sp, sp, #44\n\t" - : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) + : [r] "+r" (r), [p] "+r" (p), [q] "+r" (q) : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -5704,8 +5709,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xa3000000\n\t" + "orr r10, r10, #0xa0000\n\t" +#else "movt r10, #0xa30a\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xa7\n\t" "lsl r11, r11, #8\n\t" @@ -5722,7 +5732,12 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xa7000000\n\t" + "orr r11, r11, #0xed0000\n\t" +#else "movt r11, #0xa7ed\n\t" +#endif #endif "mov r1, #0\n\t" "umlal r2, r1, r10, lr\n\t" @@ -5746,8 +5761,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5d000000\n\t" + "orr r10, r10, #0x80000\n\t" +#else "movt r10, #0x5d08\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xeb\n\t" "lsl r11, r11, #8\n\t" @@ -5764,7 +5784,12 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xeb000000\n\t" + "orr r11, r11, #0x210000\n\t" +#else "movt r11, #0xeb21\n\t" +#endif #endif "adds r4, r4, r1\n\t" "mov r1, #0\n\t" @@ -5800,7 +5825,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa3000000\n\t" + "orr r1, r1, #0xa0000\n\t" +#else "movt r1, #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s]!, {r10, r11}\n\t" @@ -5863,7 +5893,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa7000000\n\t" + "orr r1, r1, #0xed0000\n\t" +#else "movt r1, #0xa7ed\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -5920,7 +5955,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0x5d000000\n\t" + "orr r1, r1, #0x80000\n\t" +#else "movt r1, #0x5d08\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -5977,7 +6017,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xeb000000\n\t" + "orr r1, r1, #0x210000\n\t" +#else "movt r1, #0xeb21\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -6061,8 +6106,13 @@ void sc_reduce(byte* s_p) #else "mov r2, #0xba7d\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r2, r2, #0x4b000000\n\t" + "orr r2, r2, #0x9e0000\n\t" +#else "movt r2, #0x4b9e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r3, #0xcb\n\t" "lsl r3, r3, #8\n\t" @@ -6079,8 +6129,13 @@ void sc_reduce(byte* s_p) #else "mov r3, #0x4c63\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r3, r3, #0xcb000000\n\t" + "orr r3, r3, #0x20000\n\t" +#else "movt r3, #0xcb02\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r4, #0xd4\n\t" "lsl r4, r4, #8\n\t" @@ -6097,8 +6152,13 @@ void sc_reduce(byte* s_p) #else "mov r4, #0xf39a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r4, r4, #0xd4000000\n\t" + "orr r4, r4, #0x5e0000\n\t" +#else "movt r4, #0xd45e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r5, #2\n\t" "lsl r5, r5, #8\n\t" @@ -6115,8 +6175,13 @@ void sc_reduce(byte* s_p) #else "mov r5, #0xdf3b\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r5, r5, #0x2000000\n\t" + "orr r5, r5, #0x9b0000\n\t" +#else "movt r5, #0x29b\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r9, #0x20000\n\t" "lsl r9, r9, #8\n\t" @@ -6187,7 +6252,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa3000000\n\t" + "orr r1, r1, #0xa0000\n\t" +#else "movt r1, #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6223,7 +6293,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa7000000\n\t" + "orr r1, r1, #0xed0000\n\t" +#else "movt r1, #0xa7ed\n\t" +#endif #endif "mov r10, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6259,7 +6334,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0x5d000000\n\t" + "orr r1, r1, #0x80000\n\t" +#else "movt r1, #0x5d08\n\t" +#endif #endif "mov r11, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6295,7 +6375,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xeb000000\n\t" + "orr r1, r1, #0x210000\n\t" +#else "movt r1, #0xeb21\n\t" +#endif #endif "mov r12, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6349,8 +6434,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0xd3ed\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5c000000\n\t" + "orr r10, r10, #0xf50000\n\t" +#else "movt r10, #0x5cf5\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0x58\n\t" "lsl r11, r11, #8\n\t" @@ -6367,8 +6457,13 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x631a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x58000000\n\t" + "orr r11, r11, #0x120000\n\t" +#else "movt r11, #0x5812\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r12, #0xa2\n\t" "lsl r12, r12, #8\n\t" @@ -6385,8 +6480,13 @@ void sc_reduce(byte* s_p) #else "mov r12, #0x9cd6\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xa2000000\n\t" + "orr r12, r12, #0xf70000\n\t" +#else "movt r12, #0xa2f7\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov lr, #20\n\t" "lsl lr, lr, #8\n\t" @@ -6403,7 +6503,12 @@ void sc_reduce(byte* s_p) #else "mov lr, #0xf9de\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x14000000\n\t" + "orr lr, lr, #0xde0000\n\t" +#else "movt lr, #0x14de\n\t" +#endif #endif "and r10, r10, r1\n\t" "and r11, r11, r1\n\t" @@ -6485,8 +6590,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xa3000000\n\t" + "orr r10, r10, #0xa0000\n\t" +#else "movt r10, #0xa30a\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xa7\n\t" "lsl r11, r11, #8\n\t" @@ -6503,7 +6613,12 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xa7000000\n\t" + "orr r11, r11, #0xed0000\n\t" +#else "movt r11, #0xa7ed\n\t" +#endif #endif "mov r1, #0\n\t" "umlal r2, r1, r10, lr\n\t" @@ -6524,8 +6639,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5d000000\n\t" + "orr r10, r10, #0x80000\n\t" +#else "movt r10, #0x5d08\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xeb\n\t" "lsl r11, r11, #8\n\t" @@ -6542,7 +6662,12 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xeb000000\n\t" + "orr r11, r11, #0x210000\n\t" +#else "movt r11, #0xeb21\n\t" +#endif #endif "umaal r4, r1, r10, lr\n\t" "umaal r5, r1, r11, lr\n\t" @@ -6572,7 +6697,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa3000000\n\t" + "orr r1, r1, #0xa0000\n\t" +#else "movt r1, #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s]!, {r10, r11}\n\t" @@ -6614,7 +6744,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa7000000\n\t" + "orr r1, r1, #0xed0000\n\t" +#else "movt r1, #0xa7ed\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -6650,7 +6785,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0x5d000000\n\t" + "orr r1, r1, #0x80000\n\t" +#else "movt r1, #0x5d08\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -6686,7 +6826,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xeb000000\n\t" + "orr r1, r1, #0x210000\n\t" +#else "movt r1, #0xeb21\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -6749,8 +6894,13 @@ void sc_reduce(byte* s_p) #else "mov r2, #0xba7d\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r2, r2, #0x4b000000\n\t" + "orr r2, r2, #0x9e0000\n\t" +#else "movt r2, #0x4b9e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r3, #0xcb\n\t" "lsl r3, r3, #8\n\t" @@ -6767,8 +6917,13 @@ void sc_reduce(byte* s_p) #else "mov r3, #0x4c63\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r3, r3, #0xcb000000\n\t" + "orr r3, r3, #0x20000\n\t" +#else "movt r3, #0xcb02\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r4, #0xd4\n\t" "lsl r4, r4, #8\n\t" @@ -6785,8 +6940,13 @@ void sc_reduce(byte* s_p) #else "mov r4, #0xf39a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r4, r4, #0xd4000000\n\t" + "orr r4, r4, #0x5e0000\n\t" +#else "movt r4, #0xd45e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r5, #2\n\t" "lsl r5, r5, #8\n\t" @@ -6803,8 +6963,13 @@ void sc_reduce(byte* s_p) #else "mov r5, #0xdf3b\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r5, r5, #0x2000000\n\t" + "orr r5, r5, #0x9b0000\n\t" +#else "movt r5, #0x29b\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r9, #0x20000\n\t" "lsl r9, r9, #8\n\t" @@ -6875,7 +7040,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa3000000\n\t" + "orr r1, r1, #0xa0000\n\t" +#else "movt r1, #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6902,7 +7072,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xa7000000\n\t" + "orr r1, r1, #0xed0000\n\t" +#else "movt r1, #0xa7ed\n\t" +#endif #endif "mov r10, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6929,7 +7104,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0x5d000000\n\t" + "orr r1, r1, #0x80000\n\t" +#else "movt r1, #0x5d08\n\t" +#endif #endif "mov r11, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -6956,7 +7136,12 @@ void sc_reduce(byte* s_p) #else "mov r1, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r1, r1, #0xeb000000\n\t" + "orr r1, r1, #0x210000\n\t" +#else "movt r1, #0xeb21\n\t" +#endif #endif "mov r12, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -7001,8 +7186,13 @@ void sc_reduce(byte* s_p) #else "mov r10, #0xd3ed\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5c000000\n\t" + "orr r10, r10, #0xf50000\n\t" +#else "movt r10, #0x5cf5\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0x58\n\t" "lsl r11, r11, #8\n\t" @@ -7019,8 +7209,13 @@ void sc_reduce(byte* s_p) #else "mov r11, #0x631a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x58000000\n\t" + "orr r11, r11, #0x120000\n\t" +#else "movt r11, #0x5812\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r12, #0xa2\n\t" "lsl r12, r12, #8\n\t" @@ -7037,8 +7232,13 @@ void sc_reduce(byte* s_p) #else "mov r12, #0x9cd6\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xa2000000\n\t" + "orr r12, r12, #0xf70000\n\t" +#else "movt r12, #0xa2f7\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov lr, #20\n\t" "lsl lr, lr, #8\n\t" @@ -7055,7 +7255,12 @@ void sc_reduce(byte* s_p) #else "mov lr, #0xf9de\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x14000000\n\t" + "orr lr, lr, #0xde0000\n\t" +#else "movt lr, #0x14de\n\t" +#endif #endif "and r10, r10, r1\n\t" "and r11, r11, r1\n\t" @@ -7492,8 +7697,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xa3000000\n\t" + "orr r10, r10, #0xa0000\n\t" +#else "movt r10, #0xa30a\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xa7\n\t" "lsl r11, r11, #8\n\t" @@ -7510,7 +7720,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xa7000000\n\t" + "orr r11, r11, #0xed0000\n\t" +#else "movt r11, #0xa7ed\n\t" +#endif #endif "mov %[a], #0\n\t" "umlal %[b], %[a], r10, lr\n\t" @@ -7534,8 +7749,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5d000000\n\t" + "orr r10, r10, #0x80000\n\t" +#else "movt r10, #0x5d08\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xeb\n\t" "lsl r11, r11, #8\n\t" @@ -7552,7 +7772,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xeb000000\n\t" + "orr r11, r11, #0x210000\n\t" +#else "movt r11, #0xeb21\n\t" +#endif #endif "adds r4, r4, %[a]\n\t" "mov %[a], #0\n\t" @@ -7588,7 +7813,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa3000000\n\t" + "orr %[a], %[a], #0xa0000\n\t" +#else "movt %[a], #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s]!, {r10, r11}\n\t" @@ -7651,7 +7881,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa7000000\n\t" + "orr %[a], %[a], #0xed0000\n\t" +#else "movt %[a], #0xa7ed\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -7708,7 +7943,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0x5d000000\n\t" + "orr %[a], %[a], #0x80000\n\t" +#else "movt %[a], #0x5d08\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -7765,7 +8005,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xeb000000\n\t" + "orr %[a], %[a], #0x210000\n\t" +#else "movt %[a], #0xeb21\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -7849,8 +8094,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[b], #0xba7d\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[b], %[b], #0x4b000000\n\t" + "orr %[b], %[b], #0x9e0000\n\t" +#else "movt %[b], #0x4b9e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov %[c], #0xcb\n\t" "lsl %[c], %[c], #8\n\t" @@ -7867,8 +8117,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[c], #0x4c63\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[c], %[c], #0xcb000000\n\t" + "orr %[c], %[c], #0x20000\n\t" +#else "movt %[c], #0xcb02\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r4, #0xd4\n\t" "lsl r4, r4, #8\n\t" @@ -7885,8 +8140,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r4, #0xf39a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r4, r4, #0xd4000000\n\t" + "orr r4, r4, #0x5e0000\n\t" +#else "movt r4, #0xd45e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r5, #2\n\t" "lsl r5, r5, #8\n\t" @@ -7903,8 +8163,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r5, #0xdf3b\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r5, r5, #0x2000000\n\t" + "orr r5, r5, #0x9b0000\n\t" +#else "movt r5, #0x29b\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r9, #0x20000\n\t" "lsl r9, r9, #8\n\t" @@ -7975,7 +8240,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa3000000\n\t" + "orr %[a], %[a], #0xa0000\n\t" +#else "movt %[a], #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8011,7 +8281,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa7000000\n\t" + "orr %[a], %[a], #0xed0000\n\t" +#else "movt %[a], #0xa7ed\n\t" +#endif #endif "mov r10, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8047,7 +8322,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0x5d000000\n\t" + "orr %[a], %[a], #0x80000\n\t" +#else "movt %[a], #0x5d08\n\t" +#endif #endif "mov r11, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8083,7 +8363,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xeb000000\n\t" + "orr %[a], %[a], #0x210000\n\t" +#else "movt %[a], #0xeb21\n\t" +#endif #endif "mov r12, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8137,8 +8422,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0xd3ed\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5c000000\n\t" + "orr r10, r10, #0xf50000\n\t" +#else "movt r10, #0x5cf5\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0x58\n\t" "lsl r11, r11, #8\n\t" @@ -8155,8 +8445,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x631a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x58000000\n\t" + "orr r11, r11, #0x120000\n\t" +#else "movt r11, #0x5812\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r12, #0xa2\n\t" "lsl r12, r12, #8\n\t" @@ -8173,8 +8468,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r12, #0x9cd6\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xa2000000\n\t" + "orr r12, r12, #0xf70000\n\t" +#else "movt r12, #0xa2f7\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov lr, #20\n\t" "lsl lr, lr, #8\n\t" @@ -8191,7 +8491,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov lr, #0xf9de\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x14000000\n\t" + "orr lr, lr, #0xde0000\n\t" +#else "movt lr, #0x14de\n\t" +#endif #endif "and r10, r10, %[a]\n\t" "and r11, r11, %[a]\n\t" @@ -8222,7 +8527,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "str r8, [%[s], #24]\n\t" "str r9, [%[s], #28]\n\t" "add sp, sp, #0x50\n\t" - : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) + : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -8406,8 +8711,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xa3000000\n\t" + "orr r10, r10, #0xa0000\n\t" +#else "movt r10, #0xa30a\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xa7\n\t" "lsl r11, r11, #8\n\t" @@ -8424,7 +8734,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xa7000000\n\t" + "orr r11, r11, #0xed0000\n\t" +#else "movt r11, #0xa7ed\n\t" +#endif #endif "mov %[a], #0\n\t" "umlal %[b], %[a], r10, lr\n\t" @@ -8445,8 +8760,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5d000000\n\t" + "orr r10, r10, #0x80000\n\t" +#else "movt r10, #0x5d08\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xeb\n\t" "lsl r11, r11, #8\n\t" @@ -8463,7 +8783,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0xeb000000\n\t" + "orr r11, r11, #0x210000\n\t" +#else "movt r11, #0xeb21\n\t" +#endif #endif "umaal r4, %[a], r10, lr\n\t" "umaal r5, %[a], r11, lr\n\t" @@ -8493,7 +8818,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa3000000\n\t" + "orr %[a], %[a], #0xa0000\n\t" +#else "movt %[a], #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s]!, {r10, r11}\n\t" @@ -8535,7 +8865,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa7000000\n\t" + "orr %[a], %[a], #0xed0000\n\t" +#else "movt %[a], #0xa7ed\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -8571,7 +8906,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0x5d000000\n\t" + "orr %[a], %[a], #0x80000\n\t" +#else "movt %[a], #0x5d08\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -8607,7 +8947,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xeb000000\n\t" + "orr %[a], %[a], #0x210000\n\t" +#else "movt %[a], #0xeb21\n\t" +#endif #endif "mov lr, #0\n\t" "ldm r12, {r10, r11}\n\t" @@ -8670,8 +9015,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[b], #0xba7d\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[b], %[b], #0x4b000000\n\t" + "orr %[b], %[b], #0x9e0000\n\t" +#else "movt %[b], #0x4b9e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov %[c], #0xcb\n\t" "lsl %[c], %[c], #8\n\t" @@ -8688,8 +9038,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[c], #0x4c63\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[c], %[c], #0xcb000000\n\t" + "orr %[c], %[c], #0x20000\n\t" +#else "movt %[c], #0xcb02\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r4, #0xd4\n\t" "lsl r4, r4, #8\n\t" @@ -8706,8 +9061,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r4, #0xf39a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r4, r4, #0xd4000000\n\t" + "orr r4, r4, #0x5e0000\n\t" +#else "movt r4, #0xd45e\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r5, #2\n\t" "lsl r5, r5, #8\n\t" @@ -8724,8 +9084,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r5, #0xdf3b\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r5, r5, #0x2000000\n\t" + "orr r5, r5, #0x9b0000\n\t" +#else "movt r5, #0x29b\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r9, #0x20000\n\t" "lsl r9, r9, #8\n\t" @@ -8796,7 +9161,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x2c13\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa3000000\n\t" + "orr %[a], %[a], #0xa0000\n\t" +#else "movt %[a], #0xa30a\n\t" +#endif #endif "mov lr, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8823,7 +9193,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x9ce5\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xa7000000\n\t" + "orr %[a], %[a], #0xed0000\n\t" +#else "movt %[a], #0xa7ed\n\t" +#endif #endif "mov r10, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8850,7 +9225,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x6329\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0x5d000000\n\t" + "orr %[a], %[a], #0x80000\n\t" +#else "movt %[a], #0x5d08\n\t" +#endif #endif "mov r11, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8877,7 +9257,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov %[a], #0x621\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr %[a], %[a], #0xeb000000\n\t" + "orr %[a], %[a], #0x210000\n\t" +#else "movt %[a], #0xeb21\n\t" +#endif #endif "mov r12, #0\n\t" "ldm %[s], {r6, r7, r8, r9}\n\t" @@ -8922,8 +9307,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r10, #0xd3ed\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0x5c000000\n\t" + "orr r10, r10, #0xf50000\n\t" +#else "movt r10, #0x5cf5\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0x58\n\t" "lsl r11, r11, #8\n\t" @@ -8940,8 +9330,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r11, #0x631a\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x58000000\n\t" + "orr r11, r11, #0x120000\n\t" +#else "movt r11, #0x5812\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r12, #0xa2\n\t" "lsl r12, r12, #8\n\t" @@ -8958,8 +9353,13 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov r12, #0x9cd6\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xa2000000\n\t" + "orr r12, r12, #0xf70000\n\t" +#else "movt r12, #0xa2f7\n\t" #endif +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov lr, #20\n\t" "lsl lr, lr, #8\n\t" @@ -8976,7 +9376,12 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else "mov lr, #0xf9de\n\t" #endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0x14000000\n\t" + "orr lr, lr, #0xde0000\n\t" +#else "movt lr, #0x14de\n\t" +#endif #endif "and r10, r10, %[a]\n\t" "and r11, r11, %[a]\n\t" @@ -9007,7 +9412,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) "str r8, [%[s], #24]\n\t" "str r9, [%[s], #28]\n\t" "add sp, sp, #0x50\n\t" - : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) + : [s] "+r" (s), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" @@ -9020,9 +9425,7 @@ void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S new file mode 100644 index 0000000000..2a73781e2a --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S @@ -0,0 +1,9442 @@ +/* armv8-32-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-kyber-asm.S + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) +#ifndef WOLFSSL_ARMASM_INLINE +#ifdef WOLFSSL_WC_KYBER + .text + .type L_kyber_arm32_ntt_zetas, %object + .size L_kyber_arm32_ntt_zetas, 256 + .align 4 +L_kyber_arm32_ntt_zetas: + .short 0x8ed + .short 0xa0b + .short 0xb9a + .short 0x714 + .short 0x5d5 + .short 0x58e + .short 0x11f + .short 0xca + .short 0xc56 + .short 0x26e + .short 0x629 + .short 0xb6 + .short 0x3c2 + .short 0x84f + .short 0x73f + .short 0x5bc + .short 0x23d + .short 0x7d4 + .short 0x108 + .short 0x17f + .short 0x9c4 + .short 0x5b2 + .short 0x6bf + .short 0xc7f + .short 0xa58 + .short 0x3f9 + .short 0x2dc + .short 0x260 + .short 0x6fb + .short 0x19b + .short 0xc34 + .short 0x6de + .short 0x4c7 + .short 0x28c + .short 0xad9 + .short 0x3f7 + .short 0x7f4 + .short 0x5d3 + .short 0xbe7 + .short 0x6f9 + .short 0x204 + .short 0xcf9 + .short 0xbc1 + .short 0xa67 + .short 0x6af + .short 0x877 + .short 0x7e + .short 0x5bd + .short 0x9ac + .short 0xca7 + .short 0xbf2 + .short 0x33e + .short 0x6b + .short 0x774 + .short 0xc0a + .short 0x94a + .short 0xb73 + .short 0x3c1 + .short 0x71d + .short 0xa2c + .short 0x1c0 + .short 0x8d8 + .short 0x2a5 + .short 0x806 + .short 0x8b2 + .short 0x1ae + .short 0x22b + .short 0x34b + .short 0x81e + .short 0x367 + .short 0x60e + .short 0x69 + .short 0x1a6 + .short 0x24b + .short 0xb1 + .short 0xc16 + .short 0xbde + .short 0xb35 + .short 0x626 + .short 0x675 + .short 0xc0b + .short 0x30a + .short 0x487 + .short 0xc6e + .short 0x9f8 + .short 0x5cb + .short 0xaa7 + .short 0x45f + .short 0x6cb + .short 0x284 + .short 0x999 + .short 0x15d + .short 0x1a2 + .short 0x149 + .short 0xc65 + .short 0xcb6 + .short 0x331 + .short 0x449 + .short 0x25b + .short 0x262 + .short 0x52a + .short 0x7fc + .short 0x748 + .short 0x180 + .short 0x842 + .short 0xc79 + .short 0x4c2 + .short 0x7ca + .short 0x997 + .short 0xdc + .short 0x85e + .short 0x686 + .short 0x860 + .short 0x707 + .short 0x803 + .short 0x31a + .short 0x71b + .short 0x9ab + .short 0x99b + .short 0x1de + .short 0xc95 + .short 0xbcd + .short 0x3e4 + .short 0x3df + .short 0x3be + .short 0x74d + .short 0x5f2 + .short 0x65c + .text + .align 4 + .globl kyber_arm32_ntt + .type kyber_arm32_ntt, %function +kyber_arm32_ntt: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + sub sp, sp, #8 + adr r1, L_kyber_arm32_ntt_zetas +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xc000000 + orr r10, r10, #0xff0000 +#else + movt r10, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + mov r2, #16 +L_kyber_arm32_ntt_loop_123: + str r2, [sp] + ldrh r11, [r1, #2] + ldr r2, [r0] + ldr r3, [r0, #64] + ldr r4, [r0, #128] + ldr r5, [r0, #192] + ldr r6, [r0, #256] + ldr r7, [r0, #320] + ldr r8, [r0, #384] + ldr r9, [r0, #448] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r6 + smulbt r6, r11, r6 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb lr, r10, lr, r6 + pkhtb r12, lr, r12, ASR #16 + ssub16 r6, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r6, r6, #16 + mul r12, lr, r12 + mul r6, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r6 + sub r6, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, lr, lsl #16 + ror r6, r6, #16 +#else + bfi r6, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb lr, r10, lr, r7 + pkhtb r12, lr, r12, ASR #16 + ssub16 r7, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r7, r7, #16 + mul r12, lr, r12 + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r7 + sub r7, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, lr, lsl #16 + ror r7, r7, #16 +#else + bfi r7, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r8 + smulbt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r4, r12 + sadd16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r4, lr + add r4, r4, lr + sub lr, r4, r12, lsr #16 + add r12, r4, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r9 + smulbt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r5, r12 + sadd16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r5, lr + add r5, r5, lr + sub lr, r5, r12, lsr #16 + add r12, r5, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r4 + smulbt r4, r11, r4 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb lr, r10, lr, r4 + pkhtb r12, lr, r12, ASR #16 + ssub16 r4, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r4, r4, #16 + mul r12, lr, r12 + mul r4, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r4 + sub r4, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, lr, lsl #16 + ror r4, r4, #16 +#else + bfi r4, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r5 + smulbt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r8 + smultt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r7, r12 + sadd16 r7, r7, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r7, lr + add r7, r7, lr + sub lr, r7, r12, lsr #16 + add r12, r7, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #8] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r3 + smulbt r3, r11, r3 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb lr, r10, lr, r3 + pkhtb r12, lr, r12, ASR #16 + ssub16 r3, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r3, r3, #16 + mul r12, lr, r12 + mul r3, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r3 + sub r3, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, lr, lsl #16 + ror r3, r3, #16 +#else + bfi r3, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r5 + smultt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r4, r12 + sadd16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r4, lr + add r4, r4, lr + sub lr, r4, r12, lsr #16 + add r12, r4, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb lr, r10, lr, r7 + pkhtb r12, lr, r12, ASR #16 + ssub16 r7, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r7, r7, #16 + mul r12, lr, r12 + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r7 + sub r7, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, lr, lsl #16 + ror r7, r7, #16 +#else + bfi r7, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r8, r12 + sadd16 r8, r8, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r8, lr + add r8, r8, lr + sub lr, r8, r12, lsr #16 + add r12, r8, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #64] + str r4, [r0, #128] + str r5, [r0, #192] + str r6, [r0, #256] + str r7, [r0, #320] + str r8, [r0, #384] + str r9, [r0, #448] + ldr r2, [sp] + subs r2, r2, #1 + add r0, r0, #4 + bne L_kyber_arm32_ntt_loop_123 + sub r0, r0, #0x40 + mov r3, #0 +L_kyber_arm32_ntt_loop_4_j: + str r3, [sp, #4] + add r11, r1, r3, lsr #4 + mov r2, #4 + ldr r11, [r11, #16] +L_kyber_arm32_ntt_loop_4_i: + str r2, [sp] + ldr r2, [r0] + ldr r3, [r0, #16] + ldr r4, [r0, #32] + ldr r5, [r0, #48] + ldr r6, [r0, #64] + ldr r7, [r0, #80] + ldr r8, [r0, #96] + ldr r9, [r0, #112] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r4 + smulbt r4, r11, r4 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb lr, r10, lr, r4 + pkhtb r12, lr, r12, ASR #16 + ssub16 r4, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r4, r4, #16 + mul r12, lr, r12 + mul r4, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r4 + sub r4, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, lr, lsl #16 + ror r4, r4, #16 +#else + bfi r4, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r5 + smulbt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r8 + smultt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r7, r12 + sadd16 r7, r7, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r7, lr + add r7, r7, lr + sub lr, r7, r12, lsr #16 + add r12, r7, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #16] + str r4, [r0, #32] + str r5, [r0, #48] + str r6, [r0, #64] + str r7, [r0, #80] + str r8, [r0, #96] + str r9, [r0, #112] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp] + ldr r3, [sp, #4] +#else + ldrd r2, r3, [sp] +#endif + subs r2, r2, #1 + add r0, r0, #4 + bne L_kyber_arm32_ntt_loop_4_i + add r3, r3, #0x40 + rsbs r12, r3, #0x100 + add r0, r0, #0x70 + bne L_kyber_arm32_ntt_loop_4_j + sub r0, r0, #0x200 + mov r3, #0 +L_kyber_arm32_ntt_loop_567: + add r11, r1, r3, lsr #3 + str r3, [sp, #4] + ldrh r11, [r11, #32] + ldr r2, [r0] + ldr r3, [r0, #4] + ldr r4, [r0, #8] + ldr r5, [r0, #12] + ldr r6, [r0, #16] + ldr r7, [r0, #20] + ldr r8, [r0, #24] + ldr r9, [r0, #28] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r6 + smulbt r6, r11, r6 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb lr, r10, lr, r6 + pkhtb r12, lr, r12, ASR #16 + ssub16 r6, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r6, r6, #16 + mul r12, lr, r12 + mul r6, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r6 + sub r6, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, lr, lsl #16 + ror r6, r6, #16 +#else + bfi r6, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb lr, r10, lr, r7 + pkhtb r12, lr, r12, ASR #16 + ssub16 r7, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r7, r7, #16 + mul r12, lr, r12 + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r7 + sub r7, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, lr, lsl #16 + ror r7, r7, #16 +#else + bfi r7, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r8 + smulbt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r4, r12 + sadd16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r4, lr + add r4, r4, lr + sub lr, r4, r12, lsr #16 + add r12, r4, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r9 + smulbt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r5, r12 + sadd16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r5, lr + add r5, r5, lr + sub lr, r5, r12, lsr #16 + add r12, r5, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #2 + ldr r11, [r11, #64] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r4 + smulbt r4, r11, r4 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb lr, r10, lr, r4 + pkhtb r12, lr, r12, ASR #16 + ssub16 r4, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r4, r4, #16 + mul r12, lr, r12 + mul r4, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r4 + sub r4, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, lr, lsl #16 + ror r4, r4, #16 +#else + bfi r4, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r5 + smulbt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r3, r12 + sadd16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r3, lr + add r3, r3, lr + sub lr, r3, r12, lsr #16 + add r12, r3, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r8 + smultt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb lr, r10, lr, r8 + pkhtb r12, lr, r12, ASR #16 + ssub16 r8, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r8, r8, #16 + mul r12, lr, r12 + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r8 + sub r8, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, lr, lsl #16 + ror r8, r8, #16 +#else + bfi r8, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r7, r12 + sadd16 r7, r7, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r7, lr + add r7, r7, lr + sub lr, r7, r12, lsr #16 + add r12, r7, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #1 + ldr r11, [r11, #128] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r3 + smulbt r3, r11, r3 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb lr, r10, lr, r3 + pkhtb r12, lr, r12, ASR #16 + ssub16 r3, r2, r12 + sadd16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r3, r3, #16 + mul r12, lr, r12 + mul r3, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r3 + sub r3, r2, lr + add r2, r2, lr + sub lr, r2, r12, lsr #16 + add r12, r2, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, lr, lsl #16 + ror r3, r3, #16 +#else + bfi r3, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r5 + smultt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb lr, r10, lr, r5 + pkhtb r12, lr, r12, ASR #16 + ssub16 r5, r4, r12 + sadd16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r5, r5, #16 + mul r12, lr, r12 + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r5 + sub r5, r4, lr + add r4, r4, lr + sub lr, r4, r12, lsr #16 + add r12, r4, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, lr, lsl #16 + ror r5, r5, #16 +#else + bfi r5, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #1 + ldr r11, [r11, #132] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb lr, r10, lr, r7 + pkhtb r12, lr, r12, ASR #16 + ssub16 r7, r6, r12 + sadd16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r7, r7, #16 + mul r12, lr, r12 + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r7 + sub r7, r6, lr + add r6, r6, lr + sub lr, r6, r12, lsr #16 + add r12, r6, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, lr, lsl #16 + ror r7, r7, #16 +#else + bfi r7, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultb r12, r11, r9 + smultt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb lr, r10, lr, r9 + pkhtb r12, lr, r12, ASR #16 + ssub16 r9, r8, r12 + sadd16 r8, r8, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r9, r9, #16 + mul r12, lr, r12 + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla lr, r10, lr, r9 + sub r9, r8, lr + add r8, r8, lr + sub lr, r8, r12, lsr #16 + add r12, r8, r12, lsr #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, lr, lsl #16 + ror r9, r9, #16 +#else + bfi r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0xaf + lsl r11, r11, #8 + add r11, r11, #0xc0 +#else + mov r11, #0xafc0 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x130000 +#else + movt r11, #0x13 +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0x4e + lsl r11, r11, #8 + add r11, r11, #0xbf +#else + mov r11, #0x4ebf +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r2 + smulwt lr, r11, r2 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r2, #16 + asr r12, r12, #16 +#else + sbfx r12, r2, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r2, #16 +#else + sbfx lr, r2, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r2, lr, lsl #16 + sub r2, r2, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff0000 + bic r2, r2, #0xff000000 + orr r2, r2, lr, lsl #16 +#else + bfi r2, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r3 + smulwt lr, r11, r3 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r3, #16 +#else + sbfx lr, r3, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r3, lr, lsl #16 + sub r3, r3, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff0000 + bic r3, r3, #0xff000000 + orr r3, r3, lr, lsl #16 +#else + bfi r3, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r4 + smulwt lr, r11, r4 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r4, #16 +#else + sbfx lr, r4, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r4, lr, lsl #16 + sub r4, r4, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff0000 + bic r4, r4, #0xff000000 + orr r4, r4, lr, lsl #16 +#else + bfi r4, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r5 + smulwt lr, r11, r5 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r5, #16 +#else + sbfx lr, r5, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r5, lr, lsl #16 + sub r5, r5, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff0000 + bic r5, r5, #0xff000000 + orr r5, r5, lr, lsl #16 +#else + bfi r5, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r6 + smulwt lr, r11, r6 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r6, r6, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r6, #16 +#else + sbfx lr, r6, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r6, lr, lsl #16 + sub r6, r6, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff0000 + bic r6, r6, #0xff000000 + orr r6, r6, lr, lsl #16 +#else + bfi r6, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r7 + smulwt lr, r11, r7 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r7, r7, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r7, #16 +#else + sbfx lr, r7, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r7, lr, lsl #16 + sub r7, r7, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff0000 + bic r7, r7, #0xff000000 + orr r7, r7, lr, lsl #16 +#else + bfi r7, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r8 + smulwt lr, r11, r8 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r8, r8, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r8, #16 +#else + sbfx lr, r8, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r8, lr, lsl #16 + sub r8, r8, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff0000 + bic r8, r8, #0xff000000 + orr r8, r8, lr, lsl #16 +#else + bfi r8, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r9 + smulwt lr, r11, r9 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r9, r9, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r9, #16 +#else + sbfx lr, r9, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r9, lr, lsl #16 + sub r9, r9, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff0000 + bic r9, r9, #0xff000000 + orr r9, r9, lr, lsl #16 +#else + bfi r9, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xc000000 + orr r10, r10, #0xff0000 +#else + movt r10, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #4] + str r4, [r0, #8] + str r5, [r0, #12] + str r6, [r0, #16] + str r7, [r0, #20] + str r8, [r0, #24] + str r9, [r0, #28] + ldr r3, [sp, #4] + add r3, r3, #16 + rsbs r12, r3, #0x100 + add r0, r0, #32 + bne L_kyber_arm32_ntt_loop_567 + add sp, sp, #8 + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_ntt,.-kyber_arm32_ntt + .text + .type L_kyber_arm32_invntt_zetas_inv, %object + .size L_kyber_arm32_invntt_zetas_inv, 256 + .align 4 +L_kyber_arm32_invntt_zetas_inv: + .short 0x6a5 + .short 0x70f + .short 0x5b4 + .short 0x943 + .short 0x922 + .short 0x91d + .short 0x134 + .short 0x6c + .short 0xb23 + .short 0x366 + .short 0x356 + .short 0x5e6 + .short 0x9e7 + .short 0x4fe + .short 0x5fa + .short 0x4a1 + .short 0x67b + .short 0x4a3 + .short 0xc25 + .short 0x36a + .short 0x537 + .short 0x83f + .short 0x88 + .short 0x4bf + .short 0xb81 + .short 0x5b9 + .short 0x505 + .short 0x7d7 + .short 0xa9f + .short 0xaa6 + .short 0x8b8 + .short 0x9d0 + .short 0x4b + .short 0x9c + .short 0xbb8 + .short 0xb5f + .short 0xba4 + .short 0x368 + .short 0xa7d + .short 0x636 + .short 0x8a2 + .short 0x25a + .short 0x736 + .short 0x309 + .short 0x93 + .short 0x87a + .short 0x9f7 + .short 0xf6 + .short 0x68c + .short 0x6db + .short 0x1cc + .short 0x123 + .short 0xeb + .short 0xc50 + .short 0xab6 + .short 0xb5b + .short 0xc98 + .short 0x6f3 + .short 0x99a + .short 0x4e3 + .short 0x9b6 + .short 0xad6 + .short 0xb53 + .short 0x44f + .short 0x4fb + .short 0xa5c + .short 0x429 + .short 0xb41 + .short 0x2d5 + .short 0x5e4 + .short 0x940 + .short 0x18e + .short 0x3b7 + .short 0xf7 + .short 0x58d + .short 0xc96 + .short 0x9c3 + .short 0x10f + .short 0x5a + .short 0x355 + .short 0x744 + .short 0xc83 + .short 0x48a + .short 0x652 + .short 0x29a + .short 0x140 + .short 0x8 + .short 0xafd + .short 0x608 + .short 0x11a + .short 0x72e + .short 0x50d + .short 0x90a + .short 0x228 + .short 0xa75 + .short 0x83a + .short 0x623 + .short 0xcd + .short 0xb66 + .short 0x606 + .short 0xaa1 + .short 0xa25 + .short 0x908 + .short 0x2a9 + .short 0x82 + .short 0x642 + .short 0x74f + .short 0x33d + .short 0xb82 + .short 0xbf9 + .short 0x52d + .short 0xac4 + .short 0x745 + .short 0x5c2 + .short 0x4b2 + .short 0x93f + .short 0xc4b + .short 0x6d8 + .short 0xa93 + .short 0xab + .short 0xc37 + .short 0xbe2 + .short 0x773 + .short 0x72c + .short 0x5ed + .short 0x167 + .short 0x2f6 + .short 0x5a1 + .text + .align 4 + .globl kyber_arm32_invntt + .type kyber_arm32_invntt, %function +kyber_arm32_invntt: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + sub sp, sp, #8 + adr r1, L_kyber_arm32_invntt_zetas_inv +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r10, r10, #0xc000000 + orr r10, r10, #0xff0000 +#else + movt r10, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + mov r3, #0 +L_kyber_arm32_invntt_loop_765: + add r11, r1, r3, lsr #1 + str r3, [sp, #4] + ldr r2, [r0] + ldr r3, [r0, #4] + ldr r4, [r0, #8] + ldr r5, [r0, #12] + ldr r6, [r0, #16] + ldr r7, [r0, #20] + ldr r8, [r0, #24] + ldr r9, [r0, #28] + ldr r11, [r11] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r3 + sadd16 r2, r2, r3 + smulbt r3, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb r3, r10, lr, r3 + pkhtb r3, r3, r12, ASR #16 +#else + sub lr, r2, r3 + add r10, r2, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r3 + add r2, r2, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r3, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r3, r10, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r4, r5 + sadd16 r4, r4, r5 + smultt r5, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r4, r5 + add r10, r4, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif + sub r12, r4, r5 + add r4, r4, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #1 + ldr r11, [r11, #4] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r7 + sadd16 r6, r6, r7 + smulbt r7, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else + sub lr, r6, r7 + add r10, r6, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r7 + add r6, r6, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r7, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r8, r9 + sadd16 r8, r8, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r8, r9 + add r10, r8, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif + sub r12, r8, r9 + add r8, r8, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r10, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #2 + ldr r11, [r11, #128] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r4 + sadd16 r2, r2, r4 + smulbt r4, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb r4, r10, lr, r4 + pkhtb r4, r4, r12, ASR #16 +#else + sub lr, r2, r4 + add r10, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r4 + add r2, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r4, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r4, r10, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r5 + sadd16 r3, r3, r5 + smulbt r5, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r3, r5 + add r10, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r5 + add r3, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r8 + sadd16 r6, r6, r8 + smultt r8, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r6, r8 + add r10, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r8 + add r6, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r7, r9 + sadd16 r7, r7, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r7, r9 + add r10, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif + sub r12, r7, r9 + add r7, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r10, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [sp, #4] + add r11, r1, r11, lsr #3 + ldr r11, [r11, #192] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r6 + sadd16 r2, r2, r6 + smulbt r6, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb r6, r10, lr, r6 + pkhtb r6, r6, r12, ASR #16 +#else + sub lr, r2, r6 + add r10, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r6 + add r2, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r6, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r6, r10, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r7 + sadd16 r3, r3, r7 + smulbt r7, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else + sub lr, r3, r7 + add r10, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r7 + add r3, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r7, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r4, r8 + sadd16 r4, r4, r8 + smulbt r8, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r4, r8 + add r10, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif + sub r12, r4, r8 + add r4, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r5, r9 + sadd16 r5, r5, r9 + smulbt r9, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r5, r9 + add r10, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif + sub r12, r5, r9 + add r5, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r10, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0xaf + lsl r11, r11, #8 + add r11, r11, #0xc0 +#else + mov r11, #0xafc0 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x130000 +#else + movt r11, #0x13 +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0x4e + lsl r11, r11, #8 + add r11, r11, #0xbf +#else + mov r11, #0x4ebf +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r2 + smulwt lr, r11, r2 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r2, #16 + asr r12, r12, #16 +#else + sbfx r12, r2, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r2, #16 +#else + sbfx lr, r2, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r2, lr, lsl #16 + sub r2, r2, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff0000 + bic r2, r2, #0xff000000 + orr r2, r2, lr, lsl #16 +#else + bfi r2, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r3 + smulwt lr, r11, r3 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r3, #16 +#else + sbfx lr, r3, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r3, lr, lsl #16 + sub r3, r3, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff0000 + bic r3, r3, #0xff000000 + orr r3, r3, lr, lsl #16 +#else + bfi r3, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r4 + smulwt lr, r11, r4 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r4, #16 +#else + sbfx lr, r4, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r4, lr, lsl #16 + sub r4, r4, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff0000 + bic r4, r4, #0xff000000 + orr r4, r4, lr, lsl #16 +#else + bfi r4, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r5 + smulwt lr, r11, r5 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r5, #16 +#else + sbfx lr, r5, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r5, lr, lsl #16 + sub r5, r5, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff0000 + bic r5, r5, #0xff000000 + orr r5, r5, lr, lsl #16 +#else + bfi r5, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #4] + str r4, [r0, #8] + str r5, [r0, #12] + str r6, [r0, #16] + str r7, [r0, #20] + str r8, [r0, #24] + str r9, [r0, #28] + ldr r3, [sp, #4] + add r3, r3, #16 + rsbs r12, r3, #0x100 + add r0, r0, #32 + bne L_kyber_arm32_invntt_loop_765 + sub r0, r0, #0x200 + mov r3, #0 +L_kyber_arm32_invntt_loop_4_j: + str r3, [sp, #4] + add r11, r1, r3, lsr #4 + mov r2, #4 + ldr r11, [r11, #224] +L_kyber_arm32_invntt_loop_4_i: + str r2, [sp] + ldr r2, [r0] + ldr r3, [r0, #16] + ldr r4, [r0, #32] + ldr r5, [r0, #48] + ldr r6, [r0, #64] + ldr r7, [r0, #80] + ldr r8, [r0, #96] + ldr r9, [r0, #112] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r4 + sadd16 r2, r2, r4 + smulbt r4, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb r4, r10, lr, r4 + pkhtb r4, r4, r12, ASR #16 +#else + sub lr, r2, r4 + add r10, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r4 + add r2, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r4, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r4, r10, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r5 + sadd16 r3, r3, r5 + smulbt r5, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r3, r5 + add r10, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r5 + add r3, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r8 + sadd16 r6, r6, r8 + smultt r8, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r6, r8 + add r10, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r8 + add r6, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r7, r9 + sadd16 r7, r7, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r7, r9 + add r10, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif + sub r12, r7, r9 + add r7, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r10, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #16] + str r4, [r0, #32] + str r5, [r0, #48] + str r6, [r0, #64] + str r7, [r0, #80] + str r8, [r0, #96] + str r9, [r0, #112] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r2, [sp] + ldr r3, [sp, #4] +#else + ldrd r2, r3, [sp] +#endif + subs r2, r2, #1 + add r0, r0, #4 + bne L_kyber_arm32_invntt_loop_4_i + add r3, r3, #0x40 + rsbs r12, r3, #0x100 + add r0, r0, #0x70 + bne L_kyber_arm32_invntt_loop_4_j + sub r0, r0, #0x200 + mov r2, #16 +L_kyber_arm32_invntt_loop_321: + str r2, [sp] + ldrh r11, [r1, #2] + ldr r2, [r0] + ldr r3, [r0, #64] + ldr r4, [r0, #128] + ldr r5, [r0, #192] + ldr r6, [r0, #256] + ldr r7, [r0, #320] + ldr r8, [r0, #384] + ldr r9, [r0, #448] + ldr r11, [r1, #240] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r3 + sadd16 r2, r2, r3 + smulbt r3, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb r3, r10, lr, r3 + pkhtb r3, r3, r12, ASR #16 +#else + sub lr, r2, r3 + add r10, r2, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r3 + add r2, r2, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r3, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r3, r10, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r4, r5 + sadd16 r4, r4, r5 + smultt r5, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r4, r5 + add r10, r4, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif + sub r12, r4, r5 + add r4, r4, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #244] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r7 + sadd16 r6, r6, r7 + smulbt r7, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else + sub lr, r6, r7 + add r10, r6, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r7 + add r6, r6, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r7, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r8, r9 + sadd16 r8, r8, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r8, r9 + add r10, r8, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif + sub r12, r8, r9 + add r8, r8, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r10, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #248] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r4 + sadd16 r2, r2, r4 + smulbt r4, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb r4, r10, lr, r4 + pkhtb r4, r4, r12, ASR #16 +#else + sub lr, r2, r4 + add r10, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r4 + add r2, r2, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r4, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r4, r10, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r5 + sadd16 r3, r3, r5 + smulbt r5, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else + sub lr, r3, r5 + add r10, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r5 + add r3, r3, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r5, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r6, r8 + sadd16 r6, r6, r8 + smultt r8, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r6, r8 + add r10, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + sub r12, r6, r8 + add r6, r6, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r10, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r7, r9 + sadd16 r7, r7, r9 + smultt r9, r11, r12 + smultb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r7, r9 + add r10, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif + sub r12, r7, r9 + add r7, r7, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r10, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r11, #16 +#else + sbfx lr, r11, #16, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0xaf + lsl r11, r11, #8 + add r11, r11, #0xc0 +#else + mov r11, #0xafc0 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x130000 +#else + movt r11, #0x13 +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0x4e + lsl r11, r11, #8 + add r11, r11, #0xbf +#else + mov r11, #0x4ebf +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r2 + smulwt lr, r11, r2 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r2, r2, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r2, #16 + asr r12, r12, #16 +#else + sbfx r12, r2, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r2, #16 +#else + sbfx lr, r2, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r2, lr, lsl #16 + sub r2, r2, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff0000 + bic r2, r2, #0xff000000 + orr r2, r2, lr, lsl #16 +#else + bfi r2, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r3 + smulwt lr, r11, r3 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r3, r3, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r3, #16 +#else + sbfx lr, r3, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r3, lr, lsl #16 + sub r3, r3, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff0000 + bic r3, r3, #0xff000000 + orr r3, r3, lr, lsl #16 +#else + bfi r3, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r4 + smulwt lr, r11, r4 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r4, r4, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r4, #16 +#else + sbfx lr, r4, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r4, lr, lsl #16 + sub r4, r4, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff0000 + bic r4, r4, #0xff000000 + orr r4, r4, lr, lsl #16 +#else + bfi r4, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulwb r12, r11, r5 + smulwt lr, r11, r5 + smulbt r12, r10, r12 + smulbt lr, r10, lr + pkhbt r12, r12, lr, LSL #16 + ssub16 r5, r5, r12 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr lr, r5, #16 +#else + sbfx lr, r5, #16, #16 +#endif + mul r12, r11, r12 + mul lr, r11, lr + asr r12, r12, #26 + asr lr, lr, #26 + mul r12, r10, r12 + mul lr, r10, lr + sub lr, r5, lr, lsl #16 + sub r5, r5, r12 + lsr lr, lr, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff0000 + bic r5, r5, #0xff000000 + orr r5, r5, lr, lsl #16 +#else + bfi r5, lr, #16, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #252] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r2, r6 + sadd16 r2, r2, r6 + smulbt r6, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb r6, r10, lr, r6 + pkhtb r6, r6, r12, ASR #16 +#else + sub lr, r2, r6 + add r10, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 +#else + bfc r2, #0, #16 +#endif + sub r12, r2, r6 + add r2, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r6, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r6, r10, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r3, r7 + sadd16 r3, r3, r7 + smulbt r7, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else + sub lr, r3, r7 + add r10, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 +#else + bfc r3, #0, #16 +#endif + sub r12, r3, r7 + add r3, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r7, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r4, r8 + sadd16 r4, r4, r8 + smulbt r8, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else + sub lr, r4, r8 + add r10, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 +#else + bfc r4, #0, #16 +#endif + sub r12, r4, r8 + add r4, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r8, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r12, r5, r9 + sadd16 r5, r5, r9 + smulbt r9, r11, r12 + smulbb r12, r11, r12 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else + sub lr, r5, r9 + add r10, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 +#else + bfc r5, #0, #16 +#endif + sub r12, r5, r9 + add r5, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r12, r12, #0xff + bic r12, r12, #0xff00 + ror r12, r12, #16 + orr r12, r12, lr, lsl #16 + ror r12, r12, #16 +#else + bfi r12, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r10, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r10, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif + asr r10, r12, #16 + mul r9, lr, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r12, #16 + asr r12, r12, #16 +#else + sbfx r12, r12, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r12, #16 + asr lr, lr, #16 +#else + sbfx lr, r12, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + ldr r11, [r1, #254] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r2 + smulbt r2, r11, r2 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r2 + smlabb r2, r10, lr, r2 + pkhtb r2, r2, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r2, #16 + asr r12, r12, #16 +#else + sbfx r12, r2, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r2, r2, #16 +#else + sbfx r2, r2, #16, #16 +#endif + mul r2, lr, r2 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r2, #16 + asr lr, lr, #16 +#else + sbfx lr, r2, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r2, r10, lr, r2 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r12, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r3 + smulbt r3, r11, r3 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r3 + smlabb r3, r10, lr, r3 + pkhtb r3, r3, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r3, #16 + asr r12, r12, #16 +#else + sbfx r12, r3, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r3, r3, #16 +#else + sbfx r3, r3, #16, #16 +#endif + mul r3, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r3, #16 + asr lr, lr, #16 +#else + sbfx lr, r3, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r3, r10, lr, r3 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r12, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r4 + smulbt r4, r11, r4 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r4 + smlabb r4, r10, lr, r4 + pkhtb r4, r4, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r4, #16 + asr r12, r12, #16 +#else + sbfx r12, r4, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r4, r4, #16 +#else + sbfx r4, r4, #16, #16 +#endif + mul r4, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r4, #16 + asr lr, lr, #16 +#else + sbfx lr, r4, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r4, r10, lr, r4 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r12, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r5 + smulbt r5, r11, r5 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r5 + smlabb r5, r10, lr, r5 + pkhtb r5, r5, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r5, #16 + asr r12, r12, #16 +#else + sbfx r12, r5, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r5, r5, #16 +#else + sbfx r5, r5, #16, #16 +#endif + mul r5, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r5, #16 + asr lr, lr, #16 +#else + sbfx lr, r5, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r5, r10, lr, r5 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r12, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r6 + smulbt r6, r11, r6 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r6 + smlabb r6, r10, lr, r6 + pkhtb r6, r6, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r6, r6, #16 +#else + sbfx r6, r6, #16, #16 +#endif + mul r6, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r6, #16 + asr lr, lr, #16 +#else + sbfx lr, r6, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r6, r10, lr, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 + ror r6, r6, #16 + orr r6, r6, r12, lsl #16 + ror r6, r6, #16 +#else + bfi r6, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r7 + smulbt r7, r11, r7 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r7 + smlabb r7, r10, lr, r7 + pkhtb r7, r7, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r7, r7, #16 +#else + sbfx r7, r7, #16, #16 +#endif + mul r7, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r7, #16 + asr lr, lr, #16 +#else + sbfx lr, r7, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r7, r10, lr, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 + ror r7, r7, #16 + orr r7, r7, r12, lsl #16 + ror r7, r7, #16 +#else + bfi r7, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r8 + smulbt r8, r11, r8 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r8 + smlabb r8, r10, lr, r8 + pkhtb r8, r8, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r8, #16 + asr r12, r12, #16 +#else + sbfx r12, r8, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r8, r8, #16 +#else + sbfx r8, r8, #16, #16 +#endif + mul r8, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r8, #16 + asr lr, lr, #16 +#else + sbfx lr, r8, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r8, r10, lr, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 + ror r8, r8, #16 + orr r8, r8, r12, lsl #16 + ror r8, r8, #16 +#else + bfi r8, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smulbb r12, r11, r9 + smulbt r9, r11, r9 + smultb lr, r10, r12 + smlabb r12, r10, lr, r12 + smultb lr, r10, r9 + smlabb r9, r10, lr, r9 + pkhtb r9, r9, r12, ASR #16 +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r11, #16 + asr lr, lr, #16 +#else + sbfx lr, r11, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r9, #16 + asr r12, r12, #16 +#else + sbfx r12, r9, #0, #16 +#endif + mul r12, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + asr r9, r9, #16 +#else + sbfx r9, r9, #16, #16 +#endif + mul r9, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif + mul lr, r10, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + mla r12, r10, lr, r12 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xc + lsl r10, r10, #8 + add r10, r10, #0xff +#else + mov r10, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, r9, #16 + asr lr, lr, #16 +#else + sbfx lr, r9, #0, #16 +#endif + mul lr, r10, lr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r10, #0xd + lsl r10, r10, #8 + add r10, r10, #0x1 +#else + mov r10, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl lr, lr, #16 + asr lr, lr, #16 +#else + sbfx lr, lr, #0, #16 +#endif + lsr r12, r12, #16 + mla r9, r10, lr, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 + ror r9, r9, #16 + orr r9, r9, r12, lsl #16 + ror r9, r9, #16 +#else + bfi r9, r12, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + str r2, [r0] + str r3, [r0, #64] + str r4, [r0, #128] + str r5, [r0, #192] + str r6, [r0, #256] + str r7, [r0, #320] + str r8, [r0, #384] + str r9, [r0, #448] + ldr r2, [sp] + subs r2, r2, #1 + add r0, r0, #4 + bne L_kyber_arm32_invntt_loop_321 + add sp, sp, #8 + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_invntt,.-kyber_arm32_invntt + .text + .type L_kyber_arm32_basemul_mont_zetas, %object + .size L_kyber_arm32_basemul_mont_zetas, 256 + .align 4 +L_kyber_arm32_basemul_mont_zetas: + .short 0x8ed + .short 0xa0b + .short 0xb9a + .short 0x714 + .short 0x5d5 + .short 0x58e + .short 0x11f + .short 0xca + .short 0xc56 + .short 0x26e + .short 0x629 + .short 0xb6 + .short 0x3c2 + .short 0x84f + .short 0x73f + .short 0x5bc + .short 0x23d + .short 0x7d4 + .short 0x108 + .short 0x17f + .short 0x9c4 + .short 0x5b2 + .short 0x6bf + .short 0xc7f + .short 0xa58 + .short 0x3f9 + .short 0x2dc + .short 0x260 + .short 0x6fb + .short 0x19b + .short 0xc34 + .short 0x6de + .short 0x4c7 + .short 0x28c + .short 0xad9 + .short 0x3f7 + .short 0x7f4 + .short 0x5d3 + .short 0xbe7 + .short 0x6f9 + .short 0x204 + .short 0xcf9 + .short 0xbc1 + .short 0xa67 + .short 0x6af + .short 0x877 + .short 0x7e + .short 0x5bd + .short 0x9ac + .short 0xca7 + .short 0xbf2 + .short 0x33e + .short 0x6b + .short 0x774 + .short 0xc0a + .short 0x94a + .short 0xb73 + .short 0x3c1 + .short 0x71d + .short 0xa2c + .short 0x1c0 + .short 0x8d8 + .short 0x2a5 + .short 0x806 + .short 0x8b2 + .short 0x1ae + .short 0x22b + .short 0x34b + .short 0x81e + .short 0x367 + .short 0x60e + .short 0x69 + .short 0x1a6 + .short 0x24b + .short 0xb1 + .short 0xc16 + .short 0xbde + .short 0xb35 + .short 0x626 + .short 0x675 + .short 0xc0b + .short 0x30a + .short 0x487 + .short 0xc6e + .short 0x9f8 + .short 0x5cb + .short 0xaa7 + .short 0x45f + .short 0x6cb + .short 0x284 + .short 0x999 + .short 0x15d + .short 0x1a2 + .short 0x149 + .short 0xc65 + .short 0xcb6 + .short 0x331 + .short 0x449 + .short 0x25b + .short 0x262 + .short 0x52a + .short 0x7fc + .short 0x748 + .short 0x180 + .short 0x842 + .short 0xc79 + .short 0x4c2 + .short 0x7ca + .short 0x997 + .short 0xdc + .short 0x85e + .short 0x686 + .short 0x860 + .short 0x707 + .short 0x803 + .short 0x31a + .short 0x71b + .short 0x9ab + .short 0x99b + .short 0x1de + .short 0xc95 + .short 0xbcd + .short 0x3e4 + .short 0x3df + .short 0x3be + .short 0x74d + .short 0x5f2 + .short 0x65c + .text + .align 4 + .globl kyber_arm32_basemul_mont + .type kyber_arm32_basemul_mont, %function +kyber_arm32_basemul_mont: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + adr r3, L_kyber_arm32_basemul_mont_zetas + add r3, r3, #0x80 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xc000000 + orr r12, r12, #0xff0000 +#else + movt r12, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + mov r8, #0 +L_kyber_arm32_basemul_mont_loop: + ldm r1!, {r4, r5} + ldm r2!, {r6, r7} + ldr lr, [r3, r8] + add r8, r8, #2 + push {r8} + cmp r8, #0x80 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultt r8, r4, r6 + smultt r10, r5, r7 + smultb r9, r12, r8 + smultb r11, r12, r10 + smlabb r8, r12, r9, r8 + smlabb r10, r12, r11, r10 + rsb r11, lr, #0 + smulbt r8, lr, r8 + smulbt r10, r11, r10 + smlabb r8, r4, r6, r8 + smlabb r10, r5, r7, r10 + smultb r9, r12, r8 + smultb r11, r12, r10 + smlabb r8, r12, r9, r8 + smlabb r10, r12, r11, r10 + smulbt r9, r4, r6 + smulbt r11, r5, r7 + smlatb r9, r4, r6, r9 + smlatb r11, r5, r7, r11 + smultb r6, r12, r9 + smultb r7, r12, r11 + smlabb r9, r12, r6, r9 + smlabb r11, r12, r7, r11 + pkhtb r4, r9, r8, ASR #16 + pkhtb r5, r11, r10, ASR #16 +#else + asr r8, r4, #16 + asr r10, r5, #16 + asr r9, r6, #16 + asr r11, r7, #16 + mul r8, r9, r8 + mul r10, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r8, #16 + asr r9, r9, #16 +#else + sbfx r9, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r10, #16 + asr r11, r11, #16 +#else + sbfx r11, r10, #0, #16 +#endif + mul r9, r12, r8 + mul r11, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r9, #16 + asr r9, r9, #16 +#else + sbfx r9, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + mla r8, r12, r9, r8 + mla r10, r12, r11, r10 + rsb r11, lr, #0 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, lr, #16 + asr r9, r9, #16 +#else + sbfx r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + asr r8, r8, #16 + asr r10, r10, #16 + mul r8, r9, r8 + mul r10, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r4, #16 + asr r9, r9, #16 +#else + sbfx r9, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r5, #16 + asr r11, r11, #16 +#else + sbfx r11, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mla r8, r9, r12, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mla r10, r11, r12, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r8, #16 + asr r9, r9, #16 +#else + sbfx r9, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r10, #16 + asr r11, r11, #16 +#else + sbfx r11, r10, #0, #16 +#endif + mul r9, r12, r9 + mul r11, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r9, #16 + asr r9, r9, #16 +#else + sbfx r9, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + mla r8, r12, r9, r8 + mla r10, r12, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r4, #16 + asr r9, r9, #16 +#else + sbfx r9, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r5, #16 + asr r11, r11, #16 +#else + sbfx r11, r5, #0, #16 +#endif + asr r12, r6, #16 + mul r9, r12, r9 + asr r12, r7, #16 + mul r11, r12, r11 + asr r4, r4, #16 + asr r5, r5, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mla r9, r4, r12, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mla r11, r5, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r6, r9, #16 + asr r6, r6, #16 +#else + sbfx r6, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r11, #16 + asr r7, r7, #16 +#else + sbfx r7, r11, #0, #16 +#endif + mul r6, r12, r6 + mul r7, r12, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r4, r6, #16 + asr r4, r4, #16 +#else + sbfx r4, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r5, r7, #16 + asr r5, r5, #16 +#else + sbfx r5, r7, #0, #16 +#endif + mla r9, r12, r4, r9 + mla r11, r12, r5, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r11, r11, #0xff + bic r11, r11, #0xff00 +#else + bfc r11, #0, #16 +#endif + orr r4, r9, r8, lsr #16 + orr r5, r11, r10, lsr #16 +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + stm r0!, {r4, r5} + pop {r8} + bne L_kyber_arm32_basemul_mont_loop + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_basemul_mont,.-kyber_arm32_basemul_mont + .text + .align 4 + .globl kyber_arm32_basemul_mont_add + .type kyber_arm32_basemul_mont_add, %function +kyber_arm32_basemul_mont_add: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + adr r3, L_kyber_arm32_basemul_mont_zetas + add r3, r3, #0x80 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r12, r12, #0xc000000 + orr r12, r12, #0xff0000 +#else + movt r12, #0xcff +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + mov r8, #0 +L_kyber_arm32_basemul_mont_add_loop: + ldm r1!, {r4, r5} + ldm r2!, {r6, r7} + ldr lr, [r3, r8] + add r8, r8, #2 + push {r8} + cmp r8, #0x80 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + smultt r8, r4, r6 + smultt r10, r5, r7 + smultb r9, r12, r8 + smultb r11, r12, r10 + smlabb r8, r12, r9, r8 + smlabb r10, r12, r11, r10 + rsb r11, lr, #0 + smulbt r8, lr, r8 + smulbt r10, r11, r10 + smlabb r8, r4, r6, r8 + smlabb r10, r5, r7, r10 + smultb r9, r12, r8 + smultb r11, r12, r10 + smlabb r8, r12, r9, r8 + smlabb r10, r12, r11, r10 + smulbt r9, r4, r6 + smulbt r11, r5, r7 + smlatb r9, r4, r6, r9 + smlatb r11, r5, r7, r11 + smultb r6, r12, r9 + smultb r7, r12, r11 + smlabb r9, r12, r6, r9 + smlabb r11, r12, r7, r11 + ldm r0, {r4, r5} + pkhtb r9, r9, r8, ASR #16 + pkhtb r11, r11, r10, ASR #16 + sadd16 r4, r4, r9 + sadd16 r5, r5, r11 +#else + asr r8, r4, #16 + asr r10, r5, #16 + asr r9, r6, #16 + asr r11, r7, #16 + mul r8, r9, r8 + mul r10, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r8, #16 + asr r9, r9, #16 +#else + sbfx r9, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r10, #16 + asr r11, r11, #16 +#else + sbfx r11, r10, #0, #16 +#endif + mul r9, r12, r8 + mul r11, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r9, #16 + asr r9, r9, #16 +#else + sbfx r9, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + mla r8, r12, r9, r8 + mla r10, r12, r11, r10 + rsb r11, lr, #0 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, lr, #16 + asr r9, r9, #16 +#else + sbfx r9, lr, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + asr r8, r8, #16 + asr r10, r10, #16 + mul r8, r9, r8 + mul r10, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r4, #16 + asr r9, r9, #16 +#else + sbfx r9, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r5, #16 + asr r11, r11, #16 +#else + sbfx r11, r5, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mla r8, r9, r12, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mla r10, r11, r12, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r8, #16 + asr r9, r9, #16 +#else + sbfx r9, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r10, #16 + asr r11, r11, #16 +#else + sbfx r11, r10, #0, #16 +#endif + mul r9, r12, r9 + mul r11, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r9, #16 + asr r9, r9, #16 +#else + sbfx r9, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r11, #16 + asr r11, r11, #16 +#else + sbfx r11, r11, #0, #16 +#endif + mla r8, r12, r9, r8 + mla r10, r12, r11, r10 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r9, r4, #16 + asr r9, r9, #16 +#else + sbfx r9, r4, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r11, r5, #16 + asr r11, r11, #16 +#else + sbfx r11, r5, #0, #16 +#endif + asr r12, r6, #16 + mul r9, r12, r9 + asr r12, r7, #16 + mul r11, r12, r11 + asr r4, r4, #16 + asr r5, r5, #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r6, #16 + asr r12, r12, #16 +#else + sbfx r12, r6, #0, #16 +#endif + mla r9, r4, r12, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r12, r7, #16 + asr r12, r12, #16 +#else + sbfx r12, r7, #0, #16 +#endif + mla r11, r5, r12, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xc + lsl r12, r12, #8 + add r12, r12, #0xff +#else + mov r12, #0xcff +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r6, r9, #16 + asr r6, r6, #16 +#else + sbfx r6, r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r11, #16 + asr r7, r7, #16 +#else + sbfx r7, r11, #0, #16 +#endif + mul r6, r12, r6 + mul r7, r12, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r4, r6, #16 + asr r4, r4, #16 +#else + sbfx r4, r6, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r5, r7, #16 + asr r5, r5, #16 +#else + sbfx r5, r7, #0, #16 +#endif + mla r9, r12, r4, r9 + mla r11, r12, r5, r11 + ldm r0, {r4, r5} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r11, r11, #0xff + bic r11, r11, #0xff00 +#else + bfc r11, #0, #16 +#endif + orr r9, r9, r8, lsr #16 + orr r11, r11, r10, lsr #16 + add r8, r4, r9 + add r10, r5, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r11, r11, #0xff + bic r11, r11, #0xff00 +#else + bfc r11, #0, #16 +#endif + add r4, r4, r9 + add r5, r5, r11 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r8, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r8, #0, #16 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r10, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r10, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + stm r0!, {r4, r5} + pop {r8} + bne L_kyber_arm32_basemul_mont_add_loop + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_basemul_mont_add,.-kyber_arm32_basemul_mont_add + .text + .align 4 + .globl kyber_arm32_csubq + .type kyber_arm32_csubq, %function +kyber_arm32_csubq: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r12, #0xd + lsl r12, r12, #8 + add r12, r12, #0x1 +#else + mov r12, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov lr, #0xd + lsl lr, lr, #8 + add lr, lr, #0x1 +#else + mov lr, #0xd01 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr lr, lr, #0xd000000 + orr lr, lr, #0x10000 +#else + movt lr, #0xd01 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r11, #0x80 + lsl r11, r11, #8 + add r11, r11, #0x0 +#else + mov r11, #0x8000 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + orr r11, r11, #0x80000000 +#else + movt r11, #0x8000 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r1, #0x1 + lsl r1, r1, #8 + add r1, r1, #0x0 +#else + mov r1, #0x100 +#endif +L_kyber_arm32_csubq_loop: + ldm r0, {r2, r3, r4, r5} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + ssub16 r2, r2, lr + ssub16 r3, r3, lr + ssub16 r4, r4, lr + ssub16 r5, r5, lr + and r6, r2, r11 + and r7, r3, r11 + and r8, r4, r11 + and r9, r5, r11 + lsr r6, r6, #15 + lsr r7, r7, #15 + lsr r8, r8, #15 + lsr r9, r9, #15 + mul r6, r12, r6 + mul r7, r12, r7 + mul r8, r12, r8 + mul r9, r12, r9 + sadd16 r2, r2, r6 + sadd16 r3, r3, r7 + sadd16 r4, r4, r8 + sadd16 r5, r5, r9 +#else + sub r6, r2, lr + sub r2, r2, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r6, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r6, #0, #16 +#endif + sub r7, r3, lr + sub r3, r3, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r7, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r7, #0, #16 +#endif + sub r8, r4, lr + sub r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r8, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r8, #0, #16 +#endif + sub r9, r5, lr + sub r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r9, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r9, #0, #16 +#endif + and r6, r2, r11 + and r7, r3, r11 + and r8, r4, r11 + and r9, r5, r11 + lsr r6, r6, #15 + lsr r7, r7, #15 + lsr r8, r8, #15 + lsr r9, r9, #15 + mul r6, r12, r6 + mul r7, r12, r7 + mul r8, r12, r8 + mul r9, r12, r9 + add r10, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r6, r6, #0xff + bic r6, r6, #0xff00 +#else + bfc r6, #0, #16 +#endif + add r2, r2, r6 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r2, r2, #0xff + bic r2, r2, #0xff00 + ror r2, r2, #16 + orr r2, r2, r10, lsl #16 + ror r2, r2, #16 +#else + bfi r2, r10, #0, #16 +#endif + add r10, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff + bic r7, r7, #0xff00 +#else + bfc r7, #0, #16 +#endif + add r3, r3, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r3, r3, #0xff + bic r3, r3, #0xff00 + ror r3, r3, #16 + orr r3, r3, r10, lsl #16 + ror r3, r3, #16 +#else + bfi r3, r10, #0, #16 +#endif + add r10, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r8, r8, #0xff + bic r8, r8, #0xff00 +#else + bfc r8, #0, #16 +#endif + add r4, r4, r8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r4, r4, #0xff + bic r4, r4, #0xff00 + ror r4, r4, #16 + orr r4, r4, r10, lsl #16 + ror r4, r4, #16 +#else + bfi r4, r10, #0, #16 +#endif + add r10, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r9, r9, #0xff + bic r9, r9, #0xff00 +#else + bfc r9, #0, #16 +#endif + add r5, r5, r9 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r5, r5, #0xff + bic r5, r5, #0xff00 + ror r5, r5, #16 + orr r5, r5, r10, lsl #16 + ror r5, r5, #16 +#else + bfi r5, r10, #0, #16 +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + stm r0!, {r2, r3, r4, r5} + subs r1, r1, #8 + bne L_kyber_arm32_csubq_loop + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size kyber_arm32_csubq,.-kyber_arm32_csubq + .text + .align 4 + .globl kyber_arm32_rej_uniform + .type kyber_arm32_rej_uniform, %function +kyber_arm32_rej_uniform: + push {r4, r5, r6, r7, r8, lr} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + mov r8, #0xd + lsl r8, r8, #8 + add r8, r8, #0x1 +#else + mov r8, #0xd01 +#endif + mov r12, #0 +L_kyber_arm32_rej_uniform_loop_no_fail: + cmp r1, #8 + blt L_kyber_arm32_rej_uniform_done_no_fail + ldm r2!, {r4, r5, r6} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r4, #20 + lsr r7, r7, #20 +#else + ubfx r7, r4, #0, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r4, #8 + lsr r7, r7, #20 +#else + ubfx r7, r4, #12, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r4, #24 +#else + ubfx r7, r4, #24, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xf00 + ror r7, r7, #12 + orr r7, r7, r5, lsl #28 + ror r7, r7, #20 +#else + bfi r7, r5, #8, #4 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r5, #16 + lsr r7, r7, #20 +#else + ubfx r7, r5, #4, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r5, #4 + lsr r7, r7, #20 +#else + ubfx r7, r5, #16, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r5, #28 +#else + ubfx r7, r5, #28, #4 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff0 + ror r7, r7, #12 + orr r7, r7, r6, lsl #24 + ror r7, r7, #20 +#else + bfi r7, r6, #4, #8 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r6, #12 + lsr r7, r7, #20 +#else + ubfx r7, r6, #8, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r6, #20 +#else + ubfx r7, r6, #20, #12 +#endif + strh r7, [r0, r12] + sub lr, r7, r8 + lsr lr, lr, #31 + sub r1, r1, lr + add r12, r12, lr, lsl #1 + subs r3, r3, #12 + bne L_kyber_arm32_rej_uniform_loop_no_fail + b L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_done_no_fail: + cmp r1, #0 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_loop: + ldm r2!, {r4, r5, r6} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r4, #20 + lsr r7, r7, #20 +#else + ubfx r7, r4, #0, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_0 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_0: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r4, #8 + lsr r7, r7, #20 +#else + ubfx r7, r4, #12, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_1 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_1: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r4, #24 +#else + ubfx r7, r4, #24, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xf00 + ror r7, r7, #12 + orr r7, r7, r5, lsl #28 + ror r7, r7, #20 +#else + bfi r7, r5, #8, #4 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_2 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_2: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r5, #16 + lsr r7, r7, #20 +#else + ubfx r7, r5, #4, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_3 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_3: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r5, #4 + lsr r7, r7, #20 +#else + ubfx r7, r5, #16, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_4 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_4: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r5, #28 +#else + ubfx r7, r5, #28, #4 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r7, r7, #0xff0 + ror r7, r7, #12 + orr r7, r7, r6, lsl #24 + ror r7, r7, #20 +#else + bfi r7, r6, #4, #8 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_5 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_5: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsl r7, r6, #12 + lsr r7, r7, #20 +#else + ubfx r7, r6, #8, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_6 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_6: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + lsr r7, r6, #20 +#else + ubfx r7, r6, #20, #12 +#endif + cmp r7, r8 + bge L_kyber_arm32_rej_uniform_fail_7 + strh r7, [r0, r12] + subs r1, r1, #1 + add r12, r12, #2 + beq L_kyber_arm32_rej_uniform_done +L_kyber_arm32_rej_uniform_fail_7: + subs r3, r3, #12 + bgt L_kyber_arm32_rej_uniform_loop +L_kyber_arm32_rej_uniform_done: + lsr r0, r12, #1 + pop {r4, r5, r6, r7, r8, pc} + .size kyber_arm32_rej_uniform,.-kyber_arm32_rej_uniform +#endif /* WOLFSSL_WC_KYBER */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ +#endif /* WOLFSSL_ARMASM */ + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif +#endif /* !WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c new file mode 100644 index 0000000000..1866f3c41d --- /dev/null +++ b/wolfcrypt/src/port/arm/armv8-32-kyber-asm_c.c @@ -0,0 +1,9234 @@ +/* armv8-32-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb arm32 \ + * ../wolfssl/wolfcrypt/src/port/arm/armv8-32-kyber-asm.c + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include + +#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) +#include +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include +#ifdef WOLFSSL_ARMASM_INLINE + +#ifdef __IAR_SYSTEMS_ICC__ +#define __asm__ asm +#define __volatile__ volatile +#endif /* __IAR_SYSTEMS_ICC__ */ +#ifdef __KEIL__ +#define __asm__ __asm +#define __volatile__ volatile +#endif /* __KEIL__ */ +#include + +#ifdef WOLFSSL_WC_KYBER +static const word16 L_kyber_arm32_ntt_zetas[] = { + 0x08ed, 0x0a0b, 0x0b9a, 0x0714, + 0x05d5, 0x058e, 0x011f, 0x00ca, + 0x0c56, 0x026e, 0x0629, 0x00b6, + 0x03c2, 0x084f, 0x073f, 0x05bc, + 0x023d, 0x07d4, 0x0108, 0x017f, + 0x09c4, 0x05b2, 0x06bf, 0x0c7f, + 0x0a58, 0x03f9, 0x02dc, 0x0260, + 0x06fb, 0x019b, 0x0c34, 0x06de, + 0x04c7, 0x028c, 0x0ad9, 0x03f7, + 0x07f4, 0x05d3, 0x0be7, 0x06f9, + 0x0204, 0x0cf9, 0x0bc1, 0x0a67, + 0x06af, 0x0877, 0x007e, 0x05bd, + 0x09ac, 0x0ca7, 0x0bf2, 0x033e, + 0x006b, 0x0774, 0x0c0a, 0x094a, + 0x0b73, 0x03c1, 0x071d, 0x0a2c, + 0x01c0, 0x08d8, 0x02a5, 0x0806, + 0x08b2, 0x01ae, 0x022b, 0x034b, + 0x081e, 0x0367, 0x060e, 0x0069, + 0x01a6, 0x024b, 0x00b1, 0x0c16, + 0x0bde, 0x0b35, 0x0626, 0x0675, + 0x0c0b, 0x030a, 0x0487, 0x0c6e, + 0x09f8, 0x05cb, 0x0aa7, 0x045f, + 0x06cb, 0x0284, 0x0999, 0x015d, + 0x01a2, 0x0149, 0x0c65, 0x0cb6, + 0x0331, 0x0449, 0x025b, 0x0262, + 0x052a, 0x07fc, 0x0748, 0x0180, + 0x0842, 0x0c79, 0x04c2, 0x07ca, + 0x0997, 0x00dc, 0x085e, 0x0686, + 0x0860, 0x0707, 0x0803, 0x031a, + 0x071b, 0x09ab, 0x099b, 0x01de, + 0x0c95, 0x0bcd, 0x03e4, 0x03df, + 0x03be, 0x074d, 0x05f2, 0x065c, +}; + +void kyber_arm32_ntt(sword16* r_p) +{ + register sword16* r asm ("r0") = (sword16*)r_p; + register word16* L_kyber_arm32_ntt_zetas_c asm ("r1") = + (word16*)&L_kyber_arm32_ntt_zetas; + + __asm__ __volatile__ ( + "sub sp, sp, #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xc000000\n\t" + "orr r10, r10, #0xff0000\n\t" +#else + "movt r10, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "mov r2, #16\n\t" + "\n" + "L_kyber_arm32_ntt_loop_123_%=: \n\t" + "str r2, [sp]\n\t" + "ldrh r11, [r1, #2]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #64]\n\t" + "ldr r4, [%[r], #128]\n\t" + "ldr r5, [%[r], #192]\n\t" + "ldr r6, [%[r], #256]\n\t" + "ldr r7, [%[r], #320]\n\t" + "ldr r8, [%[r], #384]\n\t" + "ldr r9, [%[r], #448]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r6\n\t" + "smulbt r6, r11, r6\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb lr, r10, lr, r6\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r6, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r6, r6, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r6, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r6\n\t" + "sub r6, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, lr, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb lr, r10, lr, r7\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r7, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r7, r7, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r7\n\t" + "sub r7, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, lr, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r8\n\t" + "smulbt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r4, r12\n\t" + "sadd16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r4, lr\n\t" + "add r4, r4, lr\n\t" + "sub lr, r4, r12, lsr #16\n\t" + "add r12, r4, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r9\n\t" + "smulbt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r5, r12\n\t" + "sadd16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r5, lr\n\t" + "add r5, r5, lr\n\t" + "sub lr, r5, r12, lsr #16\n\t" + "add r12, r5, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #4]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r4\n\t" + "smulbt r4, r11, r4\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb lr, r10, lr, r4\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r4, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r4, r4, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r4, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r4\n\t" + "sub r4, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, lr, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r5\n\t" + "smulbt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r8\n\t" + "smultt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r7, r12\n\t" + "sadd16 r7, r7, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r7, lr\n\t" + "add r7, r7, lr\n\t" + "sub lr, r7, r12, lsr #16\n\t" + "add r12, r7, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #8]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r3\n\t" + "smulbt r3, r11, r3\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb lr, r10, lr, r3\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r3, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r3, r3, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r3, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r3\n\t" + "sub r3, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, lr, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r5\n\t" + "smultt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r4, r12\n\t" + "sadd16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r4, lr\n\t" + "add r4, r4, lr\n\t" + "sub lr, r4, r12, lsr #16\n\t" + "add r12, r4, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb lr, r10, lr, r7\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r7, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r7, r7, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r7\n\t" + "sub r7, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, lr, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r8, r12\n\t" + "sadd16 r8, r8, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r8, lr\n\t" + "add r8, r8, lr\n\t" + "sub lr, r8, r12, lsr #16\n\t" + "add r12, r8, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #64]\n\t" + "str r4, [%[r], #128]\n\t" + "str r5, [%[r], #192]\n\t" + "str r6, [%[r], #256]\n\t" + "str r7, [%[r], #320]\n\t" + "str r8, [%[r], #384]\n\t" + "str r9, [%[r], #448]\n\t" + "ldr r2, [sp]\n\t" + "subs r2, r2, #1\n\t" + "add %[r], %[r], #4\n\t" + "bne L_kyber_arm32_ntt_loop_123_%=\n\t" + "sub %[r], %[r], #0x40\n\t" + "mov r3, #0\n\t" + "\n" + "L_kyber_arm32_ntt_loop_4_j_%=: \n\t" + "str r3, [sp, #4]\n\t" + "add r11, r1, r3, lsr #4\n\t" + "mov r2, #4\n\t" + "ldr r11, [r11, #16]\n\t" + "\n" + "L_kyber_arm32_ntt_loop_4_i_%=: \n\t" + "str r2, [sp]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #16]\n\t" + "ldr r4, [%[r], #32]\n\t" + "ldr r5, [%[r], #48]\n\t" + "ldr r6, [%[r], #64]\n\t" + "ldr r7, [%[r], #80]\n\t" + "ldr r8, [%[r], #96]\n\t" + "ldr r9, [%[r], #112]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r4\n\t" + "smulbt r4, r11, r4\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb lr, r10, lr, r4\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r4, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r4, r4, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r4, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r4\n\t" + "sub r4, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, lr, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r5\n\t" + "smulbt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r8\n\t" + "smultt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r7, r12\n\t" + "sadd16 r7, r7, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r7, lr\n\t" + "add r7, r7, lr\n\t" + "sub lr, r7, r12, lsr #16\n\t" + "add r12, r7, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #16]\n\t" + "str r4, [%[r], #32]\n\t" + "str r5, [%[r], #48]\n\t" + "str r6, [%[r], #64]\n\t" + "str r7, [%[r], #80]\n\t" + "str r8, [%[r], #96]\n\t" + "str r9, [%[r], #112]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp]\n\t" + "ldr r3, [sp, #4]\n\t" +#else + "ldrd r2, r3, [sp]\n\t" +#endif + "subs r2, r2, #1\n\t" + "add %[r], %[r], #4\n\t" + "bne L_kyber_arm32_ntt_loop_4_i_%=\n\t" + "add r3, r3, #0x40\n\t" + "rsbs r12, r3, #0x100\n\t" + "add %[r], %[r], #0x70\n\t" + "bne L_kyber_arm32_ntt_loop_4_j_%=\n\t" + "sub %[r], %[r], #0x200\n\t" + "mov r3, #0\n\t" + "\n" + "L_kyber_arm32_ntt_loop_567_%=: \n\t" + "add r11, r1, r3, lsr #3\n\t" + "str r3, [sp, #4]\n\t" + "ldrh r11, [r11, #32]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #4]\n\t" + "ldr r4, [%[r], #8]\n\t" + "ldr r5, [%[r], #12]\n\t" + "ldr r6, [%[r], #16]\n\t" + "ldr r7, [%[r], #20]\n\t" + "ldr r8, [%[r], #24]\n\t" + "ldr r9, [%[r], #28]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r6\n\t" + "smulbt r6, r11, r6\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb lr, r10, lr, r6\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r6, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r6, r6, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r6, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r6\n\t" + "sub r6, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, lr, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb lr, r10, lr, r7\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r7, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r7, r7, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r7\n\t" + "sub r7, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, lr, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r8\n\t" + "smulbt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r4, r12\n\t" + "sadd16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r4, lr\n\t" + "add r4, r4, lr\n\t" + "sub lr, r4, r12, lsr #16\n\t" + "add r12, r4, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r9\n\t" + "smulbt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r5, r12\n\t" + "sadd16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r5, lr\n\t" + "add r5, r5, lr\n\t" + "sub lr, r5, r12, lsr #16\n\t" + "add r12, r5, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #2\n\t" + "ldr r11, [r11, #64]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r4\n\t" + "smulbt r4, r11, r4\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb lr, r10, lr, r4\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r4, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r4, r4, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r4, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r4\n\t" + "sub r4, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, lr, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r5\n\t" + "smulbt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r3, r12\n\t" + "sadd16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r3, lr\n\t" + "add r3, r3, lr\n\t" + "sub lr, r3, r12, lsr #16\n\t" + "add r12, r3, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r8\n\t" + "smultt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb lr, r10, lr, r8\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r8, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r8\n\t" + "sub r8, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, lr, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r7, r12\n\t" + "sadd16 r7, r7, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r7, lr\n\t" + "add r7, r7, lr\n\t" + "sub lr, r7, r12, lsr #16\n\t" + "add r12, r7, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #1\n\t" + "ldr r11, [r11, #128]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r3\n\t" + "smulbt r3, r11, r3\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb lr, r10, lr, r3\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r3, r2, r12\n\t" + "sadd16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r3, r3, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r3, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r3\n\t" + "sub r3, r2, lr\n\t" + "add r2, r2, lr\n\t" + "sub lr, r2, r12, lsr #16\n\t" + "add r12, r2, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, lr, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r5\n\t" + "smultt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb lr, r10, lr, r5\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r5, r4, r12\n\t" + "sadd16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r5, r5, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r5\n\t" + "sub r5, r4, lr\n\t" + "add r4, r4, lr\n\t" + "sub lr, r4, r12, lsr #16\n\t" + "add r12, r4, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, lr, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #1\n\t" + "ldr r11, [r11, #132]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb lr, r10, lr, r7\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r7, r6, r12\n\t" + "sadd16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r7, r7, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r7\n\t" + "sub r7, r6, lr\n\t" + "add r6, r6, lr\n\t" + "sub lr, r6, r12, lsr #16\n\t" + "add r12, r6, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, lr, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultb r12, r11, r9\n\t" + "smultt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb lr, r10, lr, r9\n\t" + "pkhtb r12, lr, r12, ASR #16\n\t" + "ssub16 r9, r8, r12\n\t" + "sadd16 r8, r8, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r9, r9, #16\n\t" + "mul r12, lr, r12\n\t" + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla lr, r10, lr, r9\n\t" + "sub r9, r8, lr\n\t" + "add r8, r8, lr\n\t" + "sub lr, r8, r12, lsr #16\n\t" + "add r12, r8, r12, lsr #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, lr, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0xaf\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xc0\n\t" +#else + "mov r11, #0xafc0\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x130000\n\t" +#else + "movt r11, #0x13\n\t" +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0x4e\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xbf\n\t" +#else + "mov r11, #0x4ebf\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r2\n\t" + "smulwt lr, r11, r2\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r2, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r2, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r2, #16\n\t" +#else + "sbfx lr, r2, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r2, lr, lsl #16\n\t" + "sub r2, r2, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff0000\n\t" + "bic r2, r2, #0xff000000\n\t" + "orr r2, r2, lr, lsl #16\n\t" +#else + "bfi r2, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r3\n\t" + "smulwt lr, r11, r3\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r3, #16\n\t" +#else + "sbfx lr, r3, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r3, lr, lsl #16\n\t" + "sub r3, r3, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff0000\n\t" + "bic r3, r3, #0xff000000\n\t" + "orr r3, r3, lr, lsl #16\n\t" +#else + "bfi r3, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r4\n\t" + "smulwt lr, r11, r4\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r4, #16\n\t" +#else + "sbfx lr, r4, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r4, lr, lsl #16\n\t" + "sub r4, r4, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff0000\n\t" + "bic r4, r4, #0xff000000\n\t" + "orr r4, r4, lr, lsl #16\n\t" +#else + "bfi r4, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r5\n\t" + "smulwt lr, r11, r5\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r5, #16\n\t" +#else + "sbfx lr, r5, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r5, lr, lsl #16\n\t" + "sub r5, r5, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff0000\n\t" + "bic r5, r5, #0xff000000\n\t" + "orr r5, r5, lr, lsl #16\n\t" +#else + "bfi r5, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r6\n\t" + "smulwt lr, r11, r6\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r6, r6, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r6, #16\n\t" +#else + "sbfx lr, r6, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r6, lr, lsl #16\n\t" + "sub r6, r6, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff0000\n\t" + "bic r6, r6, #0xff000000\n\t" + "orr r6, r6, lr, lsl #16\n\t" +#else + "bfi r6, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r7\n\t" + "smulwt lr, r11, r7\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r7, r7, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r7, #16\n\t" +#else + "sbfx lr, r7, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r7, lr, lsl #16\n\t" + "sub r7, r7, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff0000\n\t" + "bic r7, r7, #0xff000000\n\t" + "orr r7, r7, lr, lsl #16\n\t" +#else + "bfi r7, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r8\n\t" + "smulwt lr, r11, r8\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r8, r8, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r8, #16\n\t" +#else + "sbfx lr, r8, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r8, lr, lsl #16\n\t" + "sub r8, r8, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff0000\n\t" + "bic r8, r8, #0xff000000\n\t" + "orr r8, r8, lr, lsl #16\n\t" +#else + "bfi r8, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r9\n\t" + "smulwt lr, r11, r9\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r9, r9, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r9, #16\n\t" +#else + "sbfx lr, r9, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r9, lr, lsl #16\n\t" + "sub r9, r9, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff0000\n\t" + "bic r9, r9, #0xff000000\n\t" + "orr r9, r9, lr, lsl #16\n\t" +#else + "bfi r9, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xc000000\n\t" + "orr r10, r10, #0xff0000\n\t" +#else + "movt r10, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #4]\n\t" + "str r4, [%[r], #8]\n\t" + "str r5, [%[r], #12]\n\t" + "str r6, [%[r], #16]\n\t" + "str r7, [%[r], #20]\n\t" + "str r8, [%[r], #24]\n\t" + "str r9, [%[r], #28]\n\t" + "ldr r3, [sp, #4]\n\t" + "add r3, r3, #16\n\t" + "rsbs r12, r3, #0x100\n\t" + "add %[r], %[r], #32\n\t" + "bne L_kyber_arm32_ntt_loop_567_%=\n\t" + "add sp, sp, #8\n\t" + : [r] "+r" (r), + [L_kyber_arm32_ntt_zetas] "+r" (L_kyber_arm32_ntt_zetas_c) + : + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" + ); +} + +static const word16 L_kyber_arm32_invntt_zetas_inv[] = { + 0x06a5, 0x070f, 0x05b4, 0x0943, + 0x0922, 0x091d, 0x0134, 0x006c, + 0x0b23, 0x0366, 0x0356, 0x05e6, + 0x09e7, 0x04fe, 0x05fa, 0x04a1, + 0x067b, 0x04a3, 0x0c25, 0x036a, + 0x0537, 0x083f, 0x0088, 0x04bf, + 0x0b81, 0x05b9, 0x0505, 0x07d7, + 0x0a9f, 0x0aa6, 0x08b8, 0x09d0, + 0x004b, 0x009c, 0x0bb8, 0x0b5f, + 0x0ba4, 0x0368, 0x0a7d, 0x0636, + 0x08a2, 0x025a, 0x0736, 0x0309, + 0x0093, 0x087a, 0x09f7, 0x00f6, + 0x068c, 0x06db, 0x01cc, 0x0123, + 0x00eb, 0x0c50, 0x0ab6, 0x0b5b, + 0x0c98, 0x06f3, 0x099a, 0x04e3, + 0x09b6, 0x0ad6, 0x0b53, 0x044f, + 0x04fb, 0x0a5c, 0x0429, 0x0b41, + 0x02d5, 0x05e4, 0x0940, 0x018e, + 0x03b7, 0x00f7, 0x058d, 0x0c96, + 0x09c3, 0x010f, 0x005a, 0x0355, + 0x0744, 0x0c83, 0x048a, 0x0652, + 0x029a, 0x0140, 0x0008, 0x0afd, + 0x0608, 0x011a, 0x072e, 0x050d, + 0x090a, 0x0228, 0x0a75, 0x083a, + 0x0623, 0x00cd, 0x0b66, 0x0606, + 0x0aa1, 0x0a25, 0x0908, 0x02a9, + 0x0082, 0x0642, 0x074f, 0x033d, + 0x0b82, 0x0bf9, 0x052d, 0x0ac4, + 0x0745, 0x05c2, 0x04b2, 0x093f, + 0x0c4b, 0x06d8, 0x0a93, 0x00ab, + 0x0c37, 0x0be2, 0x0773, 0x072c, + 0x05ed, 0x0167, 0x02f6, 0x05a1, +}; + +void kyber_arm32_invntt(sword16* r_p) +{ + register sword16* r asm ("r0") = (sword16*)r_p; + register word16* L_kyber_arm32_invntt_zetas_inv_c asm ("r1") = + (word16*)&L_kyber_arm32_invntt_zetas_inv; + + __asm__ __volatile__ ( + "sub sp, sp, #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r10, r10, #0xc000000\n\t" + "orr r10, r10, #0xff0000\n\t" +#else + "movt r10, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "mov r3, #0\n\t" + "\n" + "L_kyber_arm32_invntt_loop_765_%=: \n\t" + "add r11, r1, r3, lsr #1\n\t" + "str r3, [sp, #4]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #4]\n\t" + "ldr r4, [%[r], #8]\n\t" + "ldr r5, [%[r], #12]\n\t" + "ldr r6, [%[r], #16]\n\t" + "ldr r7, [%[r], #20]\n\t" + "ldr r8, [%[r], #24]\n\t" + "ldr r9, [%[r], #28]\n\t" + "ldr r11, [r11]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r3\n\t" + "sadd16 r2, r2, r3\n\t" + "smulbt r3, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb r3, r10, lr, r3\n\t" + "pkhtb r3, r3, r12, ASR #16\n\t" +#else + "sub lr, r2, r3\n\t" + "add r10, r2, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r3\n\t" + "add r2, r2, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r3, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r3, r10, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r4, r5\n\t" + "sadd16 r4, r4, r5\n\t" + "smultt r5, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r4, r5\n\t" + "add r10, r4, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif + "sub r12, r4, r5\n\t" + "add r4, r4, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #1\n\t" + "ldr r11, [r11, #4]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r7\n\t" + "sadd16 r6, r6, r7\n\t" + "smulbt r7, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else + "sub lr, r6, r7\n\t" + "add r10, r6, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r7\n\t" + "add r6, r6, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r7, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r8, r9\n\t" + "sadd16 r8, r8, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r8, r9\n\t" + "add r10, r8, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif + "sub r12, r8, r9\n\t" + "add r8, r8, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r10, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #2\n\t" + "ldr r11, [r11, #128]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r4\n\t" + "sadd16 r2, r2, r4\n\t" + "smulbt r4, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb r4, r10, lr, r4\n\t" + "pkhtb r4, r4, r12, ASR #16\n\t" +#else + "sub lr, r2, r4\n\t" + "add r10, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r4\n\t" + "add r2, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r4, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r4, r10, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r5\n\t" + "sadd16 r3, r3, r5\n\t" + "smulbt r5, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r3, r5\n\t" + "add r10, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r5\n\t" + "add r3, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r8\n\t" + "sadd16 r6, r6, r8\n\t" + "smultt r8, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r6, r8\n\t" + "add r10, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r8\n\t" + "add r6, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r7, r9\n\t" + "sadd16 r7, r7, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r7, r9\n\t" + "add r10, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif + "sub r12, r7, r9\n\t" + "add r7, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r10, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [sp, #4]\n\t" + "add r11, r1, r11, lsr #3\n\t" + "ldr r11, [r11, #192]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r6\n\t" + "sadd16 r2, r2, r6\n\t" + "smulbt r6, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb r6, r10, lr, r6\n\t" + "pkhtb r6, r6, r12, ASR #16\n\t" +#else + "sub lr, r2, r6\n\t" + "add r10, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r6\n\t" + "add r2, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r6, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r6, r10, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r7\n\t" + "sadd16 r3, r3, r7\n\t" + "smulbt r7, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else + "sub lr, r3, r7\n\t" + "add r10, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r7\n\t" + "add r3, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r7, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r4, r8\n\t" + "sadd16 r4, r4, r8\n\t" + "smulbt r8, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r4, r8\n\t" + "add r10, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif + "sub r12, r4, r8\n\t" + "add r4, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r5, r9\n\t" + "sadd16 r5, r5, r9\n\t" + "smulbt r9, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r5, r9\n\t" + "add r10, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif + "sub r12, r5, r9\n\t" + "add r5, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r10, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0xaf\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xc0\n\t" +#else + "mov r11, #0xafc0\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x130000\n\t" +#else + "movt r11, #0x13\n\t" +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0x4e\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xbf\n\t" +#else + "mov r11, #0x4ebf\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r2\n\t" + "smulwt lr, r11, r2\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r2, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r2, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r2, #16\n\t" +#else + "sbfx lr, r2, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r2, lr, lsl #16\n\t" + "sub r2, r2, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff0000\n\t" + "bic r2, r2, #0xff000000\n\t" + "orr r2, r2, lr, lsl #16\n\t" +#else + "bfi r2, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r3\n\t" + "smulwt lr, r11, r3\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r3, #16\n\t" +#else + "sbfx lr, r3, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r3, lr, lsl #16\n\t" + "sub r3, r3, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff0000\n\t" + "bic r3, r3, #0xff000000\n\t" + "orr r3, r3, lr, lsl #16\n\t" +#else + "bfi r3, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r4\n\t" + "smulwt lr, r11, r4\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r4, #16\n\t" +#else + "sbfx lr, r4, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r4, lr, lsl #16\n\t" + "sub r4, r4, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff0000\n\t" + "bic r4, r4, #0xff000000\n\t" + "orr r4, r4, lr, lsl #16\n\t" +#else + "bfi r4, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r5\n\t" + "smulwt lr, r11, r5\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r5, #16\n\t" +#else + "sbfx lr, r5, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r5, lr, lsl #16\n\t" + "sub r5, r5, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff0000\n\t" + "bic r5, r5, #0xff000000\n\t" + "orr r5, r5, lr, lsl #16\n\t" +#else + "bfi r5, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #4]\n\t" + "str r4, [%[r], #8]\n\t" + "str r5, [%[r], #12]\n\t" + "str r6, [%[r], #16]\n\t" + "str r7, [%[r], #20]\n\t" + "str r8, [%[r], #24]\n\t" + "str r9, [%[r], #28]\n\t" + "ldr r3, [sp, #4]\n\t" + "add r3, r3, #16\n\t" + "rsbs r12, r3, #0x100\n\t" + "add %[r], %[r], #32\n\t" + "bne L_kyber_arm32_invntt_loop_765_%=\n\t" + "sub %[r], %[r], #0x200\n\t" + "mov r3, #0\n\t" + "\n" + "L_kyber_arm32_invntt_loop_4_j_%=: \n\t" + "str r3, [sp, #4]\n\t" + "add r11, r1, r3, lsr #4\n\t" + "mov r2, #4\n\t" + "ldr r11, [r11, #224]\n\t" + "\n" + "L_kyber_arm32_invntt_loop_4_i_%=: \n\t" + "str r2, [sp]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #16]\n\t" + "ldr r4, [%[r], #32]\n\t" + "ldr r5, [%[r], #48]\n\t" + "ldr r6, [%[r], #64]\n\t" + "ldr r7, [%[r], #80]\n\t" + "ldr r8, [%[r], #96]\n\t" + "ldr r9, [%[r], #112]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r4\n\t" + "sadd16 r2, r2, r4\n\t" + "smulbt r4, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb r4, r10, lr, r4\n\t" + "pkhtb r4, r4, r12, ASR #16\n\t" +#else + "sub lr, r2, r4\n\t" + "add r10, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r4\n\t" + "add r2, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r4, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r4, r10, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r5\n\t" + "sadd16 r3, r3, r5\n\t" + "smulbt r5, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r3, r5\n\t" + "add r10, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r5\n\t" + "add r3, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r8\n\t" + "sadd16 r6, r6, r8\n\t" + "smultt r8, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r6, r8\n\t" + "add r10, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r8\n\t" + "add r6, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r7, r9\n\t" + "sadd16 r7, r7, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r7, r9\n\t" + "add r10, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif + "sub r12, r7, r9\n\t" + "add r7, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r10, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #16]\n\t" + "str r4, [%[r], #32]\n\t" + "str r5, [%[r], #48]\n\t" + "str r6, [%[r], #64]\n\t" + "str r7, [%[r], #80]\n\t" + "str r8, [%[r], #96]\n\t" + "str r9, [%[r], #112]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "ldr r2, [sp]\n\t" + "ldr r3, [sp, #4]\n\t" +#else + "ldrd r2, r3, [sp]\n\t" +#endif + "subs r2, r2, #1\n\t" + "add %[r], %[r], #4\n\t" + "bne L_kyber_arm32_invntt_loop_4_i_%=\n\t" + "add r3, r3, #0x40\n\t" + "rsbs r12, r3, #0x100\n\t" + "add %[r], %[r], #0x70\n\t" + "bne L_kyber_arm32_invntt_loop_4_j_%=\n\t" + "sub %[r], %[r], #0x200\n\t" + "mov r2, #16\n\t" + "\n" + "L_kyber_arm32_invntt_loop_321_%=: \n\t" + "str r2, [sp]\n\t" + "ldrh r11, [r1, #2]\n\t" + "ldr r2, [%[r]]\n\t" + "ldr r3, [%[r], #64]\n\t" + "ldr r4, [%[r], #128]\n\t" + "ldr r5, [%[r], #192]\n\t" + "ldr r6, [%[r], #256]\n\t" + "ldr r7, [%[r], #320]\n\t" + "ldr r8, [%[r], #384]\n\t" + "ldr r9, [%[r], #448]\n\t" + "ldr r11, [r1, #240]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r3\n\t" + "sadd16 r2, r2, r3\n\t" + "smulbt r3, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb r3, r10, lr, r3\n\t" + "pkhtb r3, r3, r12, ASR #16\n\t" +#else + "sub lr, r2, r3\n\t" + "add r10, r2, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r3\n\t" + "add r2, r2, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r3, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r3, r10, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r4, r5\n\t" + "sadd16 r4, r4, r5\n\t" + "smultt r5, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r4, r5\n\t" + "add r10, r4, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif + "sub r12, r4, r5\n\t" + "add r4, r4, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #244]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r7\n\t" + "sadd16 r6, r6, r7\n\t" + "smulbt r7, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else + "sub lr, r6, r7\n\t" + "add r10, r6, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r7\n\t" + "add r6, r6, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r7, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r8, r9\n\t" + "sadd16 r8, r8, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r8, r9\n\t" + "add r10, r8, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif + "sub r12, r8, r9\n\t" + "add r8, r8, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r10, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #248]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r4\n\t" + "sadd16 r2, r2, r4\n\t" + "smulbt r4, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb r4, r10, lr, r4\n\t" + "pkhtb r4, r4, r12, ASR #16\n\t" +#else + "sub lr, r2, r4\n\t" + "add r10, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r4\n\t" + "add r2, r2, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r4, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r4, r10, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r5\n\t" + "sadd16 r3, r3, r5\n\t" + "smulbt r5, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else + "sub lr, r3, r5\n\t" + "add r10, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r5\n\t" + "add r3, r3, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r5, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r6, r8\n\t" + "sadd16 r6, r6, r8\n\t" + "smultt r8, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r6, r8\n\t" + "add r10, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "sub r12, r6, r8\n\t" + "add r6, r6, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r10, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r7, r9\n\t" + "sadd16 r7, r7, r9\n\t" + "smultt r9, r11, r12\n\t" + "smultb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r7, r9\n\t" + "add r10, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif + "sub r12, r7, r9\n\t" + "add r7, r7, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r10, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r11, #16\n\t" +#else + "sbfx lr, r11, #16, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0xaf\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xc0\n\t" +#else + "mov r11, #0xafc0\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x130000\n\t" +#else + "movt r11, #0x13\n\t" +#endif +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0x4e\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0xbf\n\t" +#else + "mov r11, #0x4ebf\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r2\n\t" + "smulwt lr, r11, r2\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r2, r2, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r2, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r2, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r2, #16\n\t" +#else + "sbfx lr, r2, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r2, lr, lsl #16\n\t" + "sub r2, r2, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff0000\n\t" + "bic r2, r2, #0xff000000\n\t" + "orr r2, r2, lr, lsl #16\n\t" +#else + "bfi r2, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r3\n\t" + "smulwt lr, r11, r3\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r3, r3, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r3, #16\n\t" +#else + "sbfx lr, r3, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r3, lr, lsl #16\n\t" + "sub r3, r3, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff0000\n\t" + "bic r3, r3, #0xff000000\n\t" + "orr r3, r3, lr, lsl #16\n\t" +#else + "bfi r3, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r4\n\t" + "smulwt lr, r11, r4\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r4, r4, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r4, #16\n\t" +#else + "sbfx lr, r4, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r4, lr, lsl #16\n\t" + "sub r4, r4, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff0000\n\t" + "bic r4, r4, #0xff000000\n\t" + "orr r4, r4, lr, lsl #16\n\t" +#else + "bfi r4, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulwb r12, r11, r5\n\t" + "smulwt lr, r11, r5\n\t" + "smulbt r12, r10, r12\n\t" + "smulbt lr, r10, lr\n\t" + "pkhbt r12, r12, lr, LSL #16\n\t" + "ssub16 r5, r5, r12\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr lr, r5, #16\n\t" +#else + "sbfx lr, r5, #16, #16\n\t" +#endif + "mul r12, r11, r12\n\t" + "mul lr, r11, lr\n\t" + "asr r12, r12, #26\n\t" + "asr lr, lr, #26\n\t" + "mul r12, r10, r12\n\t" + "mul lr, r10, lr\n\t" + "sub lr, r5, lr, lsl #16\n\t" + "sub r5, r5, r12\n\t" + "lsr lr, lr, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff0000\n\t" + "bic r5, r5, #0xff000000\n\t" + "orr r5, r5, lr, lsl #16\n\t" +#else + "bfi r5, lr, #16, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #252]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r2, r6\n\t" + "sadd16 r2, r2, r6\n\t" + "smulbt r6, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb r6, r10, lr, r6\n\t" + "pkhtb r6, r6, r12, ASR #16\n\t" +#else + "sub lr, r2, r6\n\t" + "add r10, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" +#else + "bfc r2, #0, #16\n\t" +#endif + "sub r12, r2, r6\n\t" + "add r2, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r6, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r6, r10, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r3, r7\n\t" + "sadd16 r3, r3, r7\n\t" + "smulbt r7, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else + "sub lr, r3, r7\n\t" + "add r10, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" +#else + "bfc r3, #0, #16\n\t" +#endif + "sub r12, r3, r7\n\t" + "add r3, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r7, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r4, r8\n\t" + "sadd16 r4, r4, r8\n\t" + "smulbt r8, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else + "sub lr, r4, r8\n\t" + "add r10, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" +#else + "bfc r4, #0, #16\n\t" +#endif + "sub r12, r4, r8\n\t" + "add r4, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r8, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r12, r5, r9\n\t" + "sadd16 r5, r5, r9\n\t" + "smulbt r9, r11, r12\n\t" + "smulbb r12, r11, r12\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else + "sub lr, r5, r9\n\t" + "add r10, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" +#else + "bfc r5, #0, #16\n\t" +#endif + "sub r12, r5, r9\n\t" + "add r5, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r12, r12, #0xff\n\t" + "bic r12, r12, #0xff00\n\t" + "ror r12, r12, #16\n\t" + "orr r12, r12, lr, lsl #16\n\t" + "ror r12, r12, #16\n\t" +#else + "bfi r12, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r10, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r10, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif + "asr r10, r12, #16\n\t" + "mul r9, lr, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r12, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r12, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r12, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r12, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "ldr r11, [r1, #254]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r2\n\t" + "smulbt r2, r11, r2\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r2\n\t" + "smlabb r2, r10, lr, r2\n\t" + "pkhtb r2, r2, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r2, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r2, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r2, r2, #16\n\t" +#else + "sbfx r2, r2, #16, #16\n\t" +#endif + "mul r2, lr, r2\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r2, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r2, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r2, r10, lr, r2\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r12, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r3\n\t" + "smulbt r3, r11, r3\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r3\n\t" + "smlabb r3, r10, lr, r3\n\t" + "pkhtb r3, r3, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r3, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r3, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r3, r3, #16\n\t" +#else + "sbfx r3, r3, #16, #16\n\t" +#endif + "mul r3, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r3, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r3, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r3, r10, lr, r3\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r12, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r4\n\t" + "smulbt r4, r11, r4\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r4\n\t" + "smlabb r4, r10, lr, r4\n\t" + "pkhtb r4, r4, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r4, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r4, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r4, r4, #16\n\t" +#else + "sbfx r4, r4, #16, #16\n\t" +#endif + "mul r4, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r4, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r4, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r4, r10, lr, r4\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r12, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r5\n\t" + "smulbt r5, r11, r5\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r5\n\t" + "smlabb r5, r10, lr, r5\n\t" + "pkhtb r5, r5, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r5, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r5, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r5, r5, #16\n\t" +#else + "sbfx r5, r5, #16, #16\n\t" +#endif + "mul r5, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r5, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r5, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r5, r10, lr, r5\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r12, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r6\n\t" + "smulbt r6, r11, r6\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r6\n\t" + "smlabb r6, r10, lr, r6\n\t" + "pkhtb r6, r6, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r6, r6, #16\n\t" +#else + "sbfx r6, r6, #16, #16\n\t" +#endif + "mul r6, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r6, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r6, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r6, r10, lr, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" + "ror r6, r6, #16\n\t" + "orr r6, r6, r12, lsl #16\n\t" + "ror r6, r6, #16\n\t" +#else + "bfi r6, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r7\n\t" + "smulbt r7, r11, r7\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r7\n\t" + "smlabb r7, r10, lr, r7\n\t" + "pkhtb r7, r7, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r7, r7, #16\n\t" +#else + "sbfx r7, r7, #16, #16\n\t" +#endif + "mul r7, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r7, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r7, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r7, r10, lr, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" + "ror r7, r7, #16\n\t" + "orr r7, r7, r12, lsl #16\n\t" + "ror r7, r7, #16\n\t" +#else + "bfi r7, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r8\n\t" + "smulbt r8, r11, r8\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r8\n\t" + "smlabb r8, r10, lr, r8\n\t" + "pkhtb r8, r8, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r8, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r8, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r8, r8, #16\n\t" +#else + "sbfx r8, r8, #16, #16\n\t" +#endif + "mul r8, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r8, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r8, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r8, r10, lr, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" + "ror r8, r8, #16\n\t" + "orr r8, r8, r12, lsl #16\n\t" + "ror r8, r8, #16\n\t" +#else + "bfi r8, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smulbb r12, r11, r9\n\t" + "smulbt r9, r11, r9\n\t" + "smultb lr, r10, r12\n\t" + "smlabb r12, r10, lr, r12\n\t" + "smultb lr, r10, r9\n\t" + "smlabb r9, r10, lr, r9\n\t" + "pkhtb r9, r9, r12, ASR #16\n\t" +#else +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r11, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r11, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r9, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r9, #0, #16\n\t" +#endif + "mul r12, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #16, #16\n\t" +#endif + "mul r9, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif + "mul lr, r10, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "mla r12, r10, lr, r12\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xc\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0xff\n\t" +#else + "mov r10, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, r9, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, r9, #0, #16\n\t" +#endif + "mul lr, r10, lr\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r10, #0xd\n\t" + "lsl r10, r10, #8\n\t" + "add r10, r10, #0x1\n\t" +#else + "mov r10, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl lr, lr, #16\n\t" + "asr lr, lr, #16\n\t" +#else + "sbfx lr, lr, #0, #16\n\t" +#endif + "lsr r12, r12, #16\n\t" + "mla r9, r10, lr, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" + "ror r9, r9, #16\n\t" + "orr r9, r9, r12, lsl #16\n\t" + "ror r9, r9, #16\n\t" +#else + "bfi r9, r12, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "str r2, [%[r]]\n\t" + "str r3, [%[r], #64]\n\t" + "str r4, [%[r], #128]\n\t" + "str r5, [%[r], #192]\n\t" + "str r6, [%[r], #256]\n\t" + "str r7, [%[r], #320]\n\t" + "str r8, [%[r], #384]\n\t" + "str r9, [%[r], #448]\n\t" + "ldr r2, [sp]\n\t" + "subs r2, r2, #1\n\t" + "add %[r], %[r], #4\n\t" + "bne L_kyber_arm32_invntt_loop_321_%=\n\t" + "add sp, sp, #8\n\t" + : [r] "+r" (r), + [L_kyber_arm32_invntt_zetas_inv] "+r" (L_kyber_arm32_invntt_zetas_inv_c) + : + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" + ); +} + +static const word16 L_kyber_arm32_basemul_mont_zetas[] = { + 0x08ed, 0x0a0b, 0x0b9a, 0x0714, + 0x05d5, 0x058e, 0x011f, 0x00ca, + 0x0c56, 0x026e, 0x0629, 0x00b6, + 0x03c2, 0x084f, 0x073f, 0x05bc, + 0x023d, 0x07d4, 0x0108, 0x017f, + 0x09c4, 0x05b2, 0x06bf, 0x0c7f, + 0x0a58, 0x03f9, 0x02dc, 0x0260, + 0x06fb, 0x019b, 0x0c34, 0x06de, + 0x04c7, 0x028c, 0x0ad9, 0x03f7, + 0x07f4, 0x05d3, 0x0be7, 0x06f9, + 0x0204, 0x0cf9, 0x0bc1, 0x0a67, + 0x06af, 0x0877, 0x007e, 0x05bd, + 0x09ac, 0x0ca7, 0x0bf2, 0x033e, + 0x006b, 0x0774, 0x0c0a, 0x094a, + 0x0b73, 0x03c1, 0x071d, 0x0a2c, + 0x01c0, 0x08d8, 0x02a5, 0x0806, + 0x08b2, 0x01ae, 0x022b, 0x034b, + 0x081e, 0x0367, 0x060e, 0x0069, + 0x01a6, 0x024b, 0x00b1, 0x0c16, + 0x0bde, 0x0b35, 0x0626, 0x0675, + 0x0c0b, 0x030a, 0x0487, 0x0c6e, + 0x09f8, 0x05cb, 0x0aa7, 0x045f, + 0x06cb, 0x0284, 0x0999, 0x015d, + 0x01a2, 0x0149, 0x0c65, 0x0cb6, + 0x0331, 0x0449, 0x025b, 0x0262, + 0x052a, 0x07fc, 0x0748, 0x0180, + 0x0842, 0x0c79, 0x04c2, 0x07ca, + 0x0997, 0x00dc, 0x085e, 0x0686, + 0x0860, 0x0707, 0x0803, 0x031a, + 0x071b, 0x09ab, 0x099b, 0x01de, + 0x0c95, 0x0bcd, 0x03e4, 0x03df, + 0x03be, 0x074d, 0x05f2, 0x065c, +}; + +void kyber_arm32_basemul_mont(sword16* r_p, const sword16* a_p, + const sword16* b_p) +{ + register sword16* r asm ("r0") = (sword16*)r_p; + register const sword16* a asm ("r1") = (const sword16*)a_p; + register const sword16* b asm ("r2") = (const sword16*)b_p; + register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") = + (word16*)&L_kyber_arm32_basemul_mont_zetas; + + __asm__ __volatile__ ( + "add r3, r3, #0x80\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xc000000\n\t" + "orr r12, r12, #0xff0000\n\t" +#else + "movt r12, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "mov r8, #0\n\t" + "\n" + "L_kyber_arm32_basemul_mont_loop_%=: \n\t" + "ldm %[a]!, {r4, r5}\n\t" + "ldm %[b]!, {r6, r7}\n\t" + "ldr lr, [r3, r8]\n\t" + "add r8, r8, #2\n\t" + "push {r8}\n\t" + "cmp r8, #0x80\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultt r8, r4, r6\n\t" + "smultt r10, r5, r7\n\t" + "smultb r9, r12, r8\n\t" + "smultb r11, r12, r10\n\t" + "smlabb r8, r12, r9, r8\n\t" + "smlabb r10, r12, r11, r10\n\t" + "rsb r11, lr, #0\n\t" + "smulbt r8, lr, r8\n\t" + "smulbt r10, r11, r10\n\t" + "smlabb r8, r4, r6, r8\n\t" + "smlabb r10, r5, r7, r10\n\t" + "smultb r9, r12, r8\n\t" + "smultb r11, r12, r10\n\t" + "smlabb r8, r12, r9, r8\n\t" + "smlabb r10, r12, r11, r10\n\t" + "smulbt r9, r4, r6\n\t" + "smulbt r11, r5, r7\n\t" + "smlatb r9, r4, r6, r9\n\t" + "smlatb r11, r5, r7, r11\n\t" + "smultb r6, r12, r9\n\t" + "smultb r7, r12, r11\n\t" + "smlabb r9, r12, r6, r9\n\t" + "smlabb r11, r12, r7, r11\n\t" + "pkhtb r4, r9, r8, ASR #16\n\t" + "pkhtb r5, r11, r10, ASR #16\n\t" +#else + "asr r8, r4, #16\n\t" + "asr r10, r5, #16\n\t" + "asr r9, r6, #16\n\t" + "asr r11, r7, #16\n\t" + "mul r8, r9, r8\n\t" + "mul r10, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r8, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r10, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r10, #0, #16\n\t" +#endif + "mul r9, r12, r8\n\t" + "mul r11, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r9, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "mla r8, r12, r9, r8\n\t" + "mla r10, r12, r11, r10\n\t" + "rsb r11, lr, #0\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, lr, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "asr r10, r10, #16\n\t" + "mul r8, r9, r8\n\t" + "mul r10, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r4, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r5, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mla r8, r9, r12, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mla r10, r11, r12, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r8, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r10, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r10, #0, #16\n\t" +#endif + "mul r9, r12, r9\n\t" + "mul r11, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r9, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "mla r8, r12, r9, r8\n\t" + "mla r10, r12, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r4, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r5, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r5, #0, #16\n\t" +#endif + "asr r12, r6, #16\n\t" + "mul r9, r12, r9\n\t" + "asr r12, r7, #16\n\t" + "mul r11, r12, r11\n\t" + "asr r4, r4, #16\n\t" + "asr r5, r5, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mla r9, r4, r12, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mla r11, r5, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r6, r9, #16\n\t" + "asr r6, r6, #16\n\t" +#else + "sbfx r6, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r11, #16\n\t" + "asr r7, r7, #16\n\t" +#else + "sbfx r7, r11, #0, #16\n\t" +#endif + "mul r6, r12, r6\n\t" + "mul r7, r12, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r4, r6, #16\n\t" + "asr r4, r4, #16\n\t" +#else + "sbfx r4, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r5, r7, #16\n\t" + "asr r5, r5, #16\n\t" +#else + "sbfx r5, r7, #0, #16\n\t" +#endif + "mla r9, r12, r4, r9\n\t" + "mla r11, r12, r5, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r11, r11, #0xff\n\t" + "bic r11, r11, #0xff00\n\t" +#else + "bfc r11, #0, #16\n\t" +#endif + "orr r4, r9, r8, lsr #16\n\t" + "orr r5, r11, r10, lsr #16\n\t" +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "stm %[r]!, {r4, r5}\n\t" + "pop {r8}\n\t" + "bne L_kyber_arm32_basemul_mont_loop_%=\n\t" + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" + ); +} + +void kyber_arm32_basemul_mont_add(sword16* r_p, const sword16* a_p, + const sword16* b_p) +{ + register sword16* r asm ("r0") = (sword16*)r_p; + register const sword16* a asm ("r1") = (const sword16*)a_p; + register const sword16* b asm ("r2") = (const sword16*)b_p; + register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r3") = + (word16*)&L_kyber_arm32_basemul_mont_zetas; + + __asm__ __volatile__ ( + "add r3, r3, #0x80\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r12, r12, #0xc000000\n\t" + "orr r12, r12, #0xff0000\n\t" +#else + "movt r12, #0xcff\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "mov r8, #0\n\t" + "\n" + "L_kyber_arm32_basemul_mont_add_loop_%=: \n\t" + "ldm %[a]!, {r4, r5}\n\t" + "ldm %[b]!, {r6, r7}\n\t" + "ldr lr, [r3, r8]\n\t" + "add r8, r8, #2\n\t" + "push {r8}\n\t" + "cmp r8, #0x80\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "smultt r8, r4, r6\n\t" + "smultt r10, r5, r7\n\t" + "smultb r9, r12, r8\n\t" + "smultb r11, r12, r10\n\t" + "smlabb r8, r12, r9, r8\n\t" + "smlabb r10, r12, r11, r10\n\t" + "rsb r11, lr, #0\n\t" + "smulbt r8, lr, r8\n\t" + "smulbt r10, r11, r10\n\t" + "smlabb r8, r4, r6, r8\n\t" + "smlabb r10, r5, r7, r10\n\t" + "smultb r9, r12, r8\n\t" + "smultb r11, r12, r10\n\t" + "smlabb r8, r12, r9, r8\n\t" + "smlabb r10, r12, r11, r10\n\t" + "smulbt r9, r4, r6\n\t" + "smulbt r11, r5, r7\n\t" + "smlatb r9, r4, r6, r9\n\t" + "smlatb r11, r5, r7, r11\n\t" + "smultb r6, r12, r9\n\t" + "smultb r7, r12, r11\n\t" + "smlabb r9, r12, r6, r9\n\t" + "smlabb r11, r12, r7, r11\n\t" + "ldm %[r], {r4, r5}\n\t" + "pkhtb r9, r9, r8, ASR #16\n\t" + "pkhtb r11, r11, r10, ASR #16\n\t" + "sadd16 r4, r4, r9\n\t" + "sadd16 r5, r5, r11\n\t" +#else + "asr r8, r4, #16\n\t" + "asr r10, r5, #16\n\t" + "asr r9, r6, #16\n\t" + "asr r11, r7, #16\n\t" + "mul r8, r9, r8\n\t" + "mul r10, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r8, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r10, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r10, #0, #16\n\t" +#endif + "mul r9, r12, r8\n\t" + "mul r11, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r9, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "mla r8, r12, r9, r8\n\t" + "mla r10, r12, r11, r10\n\t" + "rsb r11, lr, #0\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, lr, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, lr, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "asr r8, r8, #16\n\t" + "asr r10, r10, #16\n\t" + "mul r8, r9, r8\n\t" + "mul r10, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r4, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r5, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r5, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mla r8, r9, r12, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mla r10, r11, r12, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r8, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r10, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r10, #0, #16\n\t" +#endif + "mul r9, r12, r9\n\t" + "mul r11, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r9, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r11, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r11, #0, #16\n\t" +#endif + "mla r8, r12, r9, r8\n\t" + "mla r10, r12, r11, r10\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r9, r4, #16\n\t" + "asr r9, r9, #16\n\t" +#else + "sbfx r9, r4, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r11, r5, #16\n\t" + "asr r11, r11, #16\n\t" +#else + "sbfx r11, r5, #0, #16\n\t" +#endif + "asr r12, r6, #16\n\t" + "mul r9, r12, r9\n\t" + "asr r12, r7, #16\n\t" + "mul r11, r12, r11\n\t" + "asr r4, r4, #16\n\t" + "asr r5, r5, #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r6, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r6, #0, #16\n\t" +#endif + "mla r9, r4, r12, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r12, r7, #16\n\t" + "asr r12, r12, #16\n\t" +#else + "sbfx r12, r7, #0, #16\n\t" +#endif + "mla r11, r5, r12, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xc\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0xff\n\t" +#else + "mov r12, #0xcff\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r6, r9, #16\n\t" + "asr r6, r6, #16\n\t" +#else + "sbfx r6, r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r11, #16\n\t" + "asr r7, r7, #16\n\t" +#else + "sbfx r7, r11, #0, #16\n\t" +#endif + "mul r6, r12, r6\n\t" + "mul r7, r12, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r4, r6, #16\n\t" + "asr r4, r4, #16\n\t" +#else + "sbfx r4, r6, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r5, r7, #16\n\t" + "asr r5, r5, #16\n\t" +#else + "sbfx r5, r7, #0, #16\n\t" +#endif + "mla r9, r12, r4, r9\n\t" + "mla r11, r12, r5, r11\n\t" + "ldm %[r], {r4, r5}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r11, r11, #0xff\n\t" + "bic r11, r11, #0xff00\n\t" +#else + "bfc r11, #0, #16\n\t" +#endif + "orr r9, r9, r8, lsr #16\n\t" + "orr r11, r11, r10, lsr #16\n\t" + "add r8, r4, r9\n\t" + "add r10, r5, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r11, r11, #0xff\n\t" + "bic r11, r11, #0xff00\n\t" +#else + "bfc r11, #0, #16\n\t" +#endif + "add r4, r4, r9\n\t" + "add r5, r5, r11\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r8, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r8, #0, #16\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r10, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r10, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "stm %[r]!, {r4, r5}\n\t" + "pop {r8}\n\t" + "bne L_kyber_arm32_basemul_mont_add_loop_%=\n\t" + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" + ); +} + +void kyber_arm32_csubq(sword16* p_p) +{ + register sword16* p asm ("r0") = (sword16*)p_p; + register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r1") = + (word16*)&L_kyber_arm32_basemul_mont_zetas; + + __asm__ __volatile__ ( +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r12, #0xd\n\t" + "lsl r12, r12, #8\n\t" + "add r12, r12, #0x1\n\t" +#else + "mov r12, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov lr, #0xd\n\t" + "lsl lr, lr, #8\n\t" + "add lr, lr, #0x1\n\t" +#else + "mov lr, #0xd01\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr lr, lr, #0xd000000\n\t" + "orr lr, lr, #0x10000\n\t" +#else + "movt lr, #0xd01\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r11, #0x80\n\t" + "lsl r11, r11, #8\n\t" + "add r11, r11, #0x0\n\t" +#else + "mov r11, #0x8000\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "orr r11, r11, #0x80000000\n\t" +#else + "movt r11, #0x8000\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r1, #0x1\n\t" + "lsl r1, r1, #8\n\t" + "add r1, r1, #0x0\n\t" +#else + "mov r1, #0x100\n\t" +#endif + "\n" + "L_kyber_arm32_csubq_loop_%=: \n\t" + "ldm %[p], {r2, r3, r4, r5}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) + "ssub16 r2, r2, lr\n\t" + "ssub16 r3, r3, lr\n\t" + "ssub16 r4, r4, lr\n\t" + "ssub16 r5, r5, lr\n\t" + "and r6, r2, r11\n\t" + "and r7, r3, r11\n\t" + "and r8, r4, r11\n\t" + "and r9, r5, r11\n\t" + "lsr r6, r6, #15\n\t" + "lsr r7, r7, #15\n\t" + "lsr r8, r8, #15\n\t" + "lsr r9, r9, #15\n\t" + "mul r6, r12, r6\n\t" + "mul r7, r12, r7\n\t" + "mul r8, r12, r8\n\t" + "mul r9, r12, r9\n\t" + "sadd16 r2, r2, r6\n\t" + "sadd16 r3, r3, r7\n\t" + "sadd16 r4, r4, r8\n\t" + "sadd16 r5, r5, r9\n\t" +#else + "sub r6, r2, lr\n\t" + "sub r2, r2, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r6, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r6, #0, #16\n\t" +#endif + "sub r7, r3, lr\n\t" + "sub r3, r3, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r7, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r7, #0, #16\n\t" +#endif + "sub r8, r4, lr\n\t" + "sub r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r8, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r8, #0, #16\n\t" +#endif + "sub r9, r5, lr\n\t" + "sub r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r9, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r9, #0, #16\n\t" +#endif + "and r6, r2, r11\n\t" + "and r7, r3, r11\n\t" + "and r8, r4, r11\n\t" + "and r9, r5, r11\n\t" + "lsr r6, r6, #15\n\t" + "lsr r7, r7, #15\n\t" + "lsr r8, r8, #15\n\t" + "lsr r9, r9, #15\n\t" + "mul r6, r12, r6\n\t" + "mul r7, r12, r7\n\t" + "mul r8, r12, r8\n\t" + "mul r9, r12, r9\n\t" + "add r10, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r6, r6, #0xff\n\t" + "bic r6, r6, #0xff00\n\t" +#else + "bfc r6, #0, #16\n\t" +#endif + "add r2, r2, r6\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r2, r2, #0xff\n\t" + "bic r2, r2, #0xff00\n\t" + "ror r2, r2, #16\n\t" + "orr r2, r2, r10, lsl #16\n\t" + "ror r2, r2, #16\n\t" +#else + "bfi r2, r10, #0, #16\n\t" +#endif + "add r10, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff\n\t" + "bic r7, r7, #0xff00\n\t" +#else + "bfc r7, #0, #16\n\t" +#endif + "add r3, r3, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r3, r3, #0xff\n\t" + "bic r3, r3, #0xff00\n\t" + "ror r3, r3, #16\n\t" + "orr r3, r3, r10, lsl #16\n\t" + "ror r3, r3, #16\n\t" +#else + "bfi r3, r10, #0, #16\n\t" +#endif + "add r10, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r8, r8, #0xff\n\t" + "bic r8, r8, #0xff00\n\t" +#else + "bfc r8, #0, #16\n\t" +#endif + "add r4, r4, r8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r4, r4, #0xff\n\t" + "bic r4, r4, #0xff00\n\t" + "ror r4, r4, #16\n\t" + "orr r4, r4, r10, lsl #16\n\t" + "ror r4, r4, #16\n\t" +#else + "bfi r4, r10, #0, #16\n\t" +#endif + "add r10, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r9, r9, #0xff\n\t" + "bic r9, r9, #0xff00\n\t" +#else + "bfc r9, #0, #16\n\t" +#endif + "add r5, r5, r9\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r5, r5, #0xff\n\t" + "bic r5, r5, #0xff00\n\t" + "ror r5, r5, #16\n\t" + "orr r5, r5, r10, lsl #16\n\t" + "ror r5, r5, #16\n\t" +#else + "bfi r5, r10, #0, #16\n\t" +#endif +#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ + "stm %[p]!, {r2, r3, r4, r5}\n\t" + "subs r1, r1, #8\n\t" + "bne L_kyber_arm32_csubq_loop_%=\n\t" + : [p] "+r" (p), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", + "r9", "r10", "r11" + ); +} + +unsigned int kyber_arm32_rej_uniform(sword16* p_p, unsigned int len_p, + const byte* r_p, unsigned int rLen_p) +{ + register sword16* p asm ("r0") = (sword16*)p_p; + register unsigned int len asm ("r1") = (unsigned int)len_p; + register const byte* r asm ("r2") = (const byte*)r_p; + register unsigned int rLen asm ("r3") = (unsigned int)rLen_p; + register word16* L_kyber_arm32_basemul_mont_zetas_c asm ("r4") = + (word16*)&L_kyber_arm32_basemul_mont_zetas; + + __asm__ __volatile__ ( +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "mov r8, #0xd\n\t" + "lsl r8, r8, #8\n\t" + "add r8, r8, #0x1\n\t" +#else + "mov r8, #0xd01\n\t" +#endif + "mov r12, #0\n\t" + "\n" + "L_kyber_arm32_rej_uniform_loop_no_fail_%=: \n\t" + "cmp %[len], #8\n\t" + "blt L_kyber_arm32_rej_uniform_done_no_fail_%=\n\t" + "ldm %[r]!, {r4, r5, r6}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r4, #20\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r4, #0, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r4, #8\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r4, #12, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r4, #24\n\t" +#else + "ubfx r7, r4, #24, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xf00\n\t" + "ror r7, r7, #12\n\t" + "orr r7, r7, r5, lsl #28\n\t" + "ror r7, r7, #20\n\t" +#else + "bfi r7, r5, #8, #4\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r5, #16\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r5, #4, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r5, #4\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r5, #16, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r5, #28\n\t" +#else + "ubfx r7, r5, #28, #4\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff0\n\t" + "ror r7, r7, #12\n\t" + "orr r7, r7, r6, lsl #24\n\t" + "ror r7, r7, #20\n\t" +#else + "bfi r7, r6, #4, #8\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r6, #12\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r6, #8, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r6, #20\n\t" +#else + "ubfx r7, r6, #20, #12\n\t" +#endif + "strh r7, [%[p], r12]\n\t" + "sub lr, r7, r8\n\t" + "lsr lr, lr, #31\n\t" + "sub %[len], %[len], lr\n\t" + "add r12, r12, lr, lsl #1\n\t" + "subs %[rLen], %[rLen], #12\n\t" + "bne L_kyber_arm32_rej_uniform_loop_no_fail_%=\n\t" + "b L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_done_no_fail_%=: \n\t" + "cmp %[len], #0\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_loop_%=: \n\t" + "ldm %[r]!, {r4, r5, r6}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r4, #20\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r4, #0, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_0_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_0_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r4, #8\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r4, #12, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_1_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_1_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r4, #24\n\t" +#else + "ubfx r7, r4, #24, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xf00\n\t" + "ror r7, r7, #12\n\t" + "orr r7, r7, r5, lsl #28\n\t" + "ror r7, r7, #20\n\t" +#else + "bfi r7, r5, #8, #4\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_2_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_2_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r5, #16\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r5, #4, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_3_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_3_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r5, #4\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r5, #16, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_4_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_4_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r5, #28\n\t" +#else + "ubfx r7, r5, #28, #4\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r7, r7, #0xff0\n\t" + "ror r7, r7, #12\n\t" + "orr r7, r7, r6, lsl #24\n\t" + "ror r7, r7, #20\n\t" +#else + "bfi r7, r6, #4, #8\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_5_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_5_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsl r7, r6, #12\n\t" + "lsr r7, r7, #20\n\t" +#else + "ubfx r7, r6, #8, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_6_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_6_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "lsr r7, r6, #20\n\t" +#else + "ubfx r7, r6, #20, #12\n\t" +#endif + "cmp r7, r8\n\t" + "bge L_kyber_arm32_rej_uniform_fail_7_%=\n\t" + "strh r7, [%[p], r12]\n\t" + "subs %[len], %[len], #1\n\t" + "add r12, r12, #2\n\t" + "beq L_kyber_arm32_rej_uniform_done_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_fail_7_%=: \n\t" + "subs %[rLen], %[rLen], #12\n\t" + "bgt L_kyber_arm32_rej_uniform_loop_%=\n\t" + "\n" + "L_kyber_arm32_rej_uniform_done_%=: \n\t" + "lsr r0, r12, #1\n\t" + : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen), + [L_kyber_arm32_basemul_mont_zetas] "+r" (L_kyber_arm32_basemul_mont_zetas_c) + : + : "memory", "cc", "r12", "lr", "r5", "r6", "r7", "r8" + ); + return (uint32_t)(size_t)p; +} + +#endif /* WOLFSSL_WC_KYBER */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ +#endif /* WOLFSSL_ARMASM */ + +#endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S index d7225828fa..731836b9e8 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifdef HAVE_POLY1305 .text @@ -218,7 +218,7 @@ L_poly1305_arm32_16_loop: # Load length ldr r2, [sp, #20] # Reduce mod 2^130 - 5 - bic r3, r8, #3 + bic r3, r8, #0x3 and r8, r8, #3 adds r4, r4, r3 lsr r3, r3, #2 @@ -348,7 +348,7 @@ poly1305_final: pop {r4, r5, r6, r7, r8, r9, pc} .size poly1305_final,.-poly1305_final #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c index da604101b7..d12e4c19bf 100644 --- a/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +41,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -243,7 +240,7 @@ void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, /* Load length */ "ldr %[len], [sp, #20]\n\t" /* Reduce mod 2^130 - 5 */ - "bic %[notLast], r8, #3\n\t" + "bic %[notLast], r8, #0x3\n\t" "and r8, r8, #3\n\t" "adds r4, r4, %[notLast]\n\t" "lsr %[notLast], %[notLast], #2\n\t" @@ -272,15 +269,15 @@ void poly1305_blocks_arm32_16(Poly1305* ctx_p, const byte* m_p, word32 len_p, "\n" "L_poly1305_arm32_16_done_%=: \n\t" "add sp, sp, #28\n\t" - : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len), - [notLast] "+r" (notLast) + : [ctx] "+r" (ctx), [m] "+r" (m), [len] "+r" (len), + [notLast] "+r" (notLast) : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); } -static const uint32_t L_poly1305_arm32_clamp[] = { +static const word32 L_poly1305_arm32_clamp[] = { 0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc, }; @@ -288,8 +285,8 @@ void poly1305_set_key(Poly1305* ctx_p, const byte* key_p) { register Poly1305* ctx asm ("r0") = (Poly1305*)ctx_p; register const byte* key asm ("r1") = (const byte*)key_p; - register uint32_t* L_poly1305_arm32_clamp_c asm ("r2") = - (uint32_t*)&L_poly1305_arm32_clamp; + register word32* L_poly1305_arm32_clamp_c asm ("r2") = + (word32*)&L_poly1305_arm32_clamp; __asm__ __volatile__ ( /* Load mask. */ @@ -323,8 +320,8 @@ void poly1305_set_key(Poly1305* ctx_p, const byte* key_p) "stm lr, {r5, r6, r7, r8, r12}\n\t" /* Zero leftover */ "str r5, [%[ctx], #52]\n\t" - : [ctx] "+r" (ctx), [key] "+r" (key), - [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c) + : [ctx] "+r" (ctx), [key] "+r" (key), + [L_poly1305_arm32_clamp] "+r" (L_poly1305_arm32_clamp_c) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); @@ -379,7 +376,7 @@ void poly1305_final(Poly1305* ctx_p, byte* mac_p) /* Zero out padding. */ "add r9, %[ctx], #36\n\t" "stm r9, {r4, r5, r6, r7}\n\t" - : [ctx] "+r" (ctx), [mac] "+r" (mac) + : [ctx] "+r" (ctx), [mac] "+r" (mac) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9" @@ -387,9 +384,7 @@ void poly1305_final(Poly1305* ctx_p, byte* mac_p) } #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S index bcbf3273a6..1a24afebf0 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifndef NO_SHA256 #ifdef WOLFSSL_ARMASM_NO_NEON @@ -2866,7 +2866,7 @@ L_SHA256_transform_neon_len_start: .size Transform_Sha256_Len,.-Transform_Sha256_Len #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c index 0a2e15e9be..01de106342 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +41,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -56,7 +53,7 @@ #include #ifdef WOLFSSL_ARMASM_NO_NEON -static const uint32_t L_SHA256_transform_len_k[] = { +static const word32 L_SHA256_transform_len_k[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, @@ -81,8 +78,8 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint32_t* L_SHA256_transform_len_k_c asm ("r3") = - (uint32_t*)&L_SHA256_transform_len_k; + register word32* L_SHA256_transform_len_k_c asm ("r3") = + (word32*)&L_SHA256_transform_len_k; __asm__ __volatile__ ( "sub sp, sp, #0xc0\n\t" @@ -1734,8 +1731,8 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) "add %[data], %[data], #0x40\n\t" "bne L_SHA256_transform_len_begin_%=\n\t" "add sp, sp, #0xc0\n\t" - : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), - [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c) + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12" @@ -1746,7 +1743,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) #include #ifndef WOLFSSL_ARMASM_NO_NEON -static const uint32_t L_SHA256_transform_neon_len_k[] = { +static const word32 L_SHA256_transform_neon_len_k[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, @@ -1771,8 +1768,8 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) register wc_Sha256* sha256 asm ("r0") = (wc_Sha256*)sha256_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint32_t* L_SHA256_transform_neon_len_k_c asm ("r3") = - (uint32_t*)&L_SHA256_transform_neon_len_k; + register word32* L_SHA256_transform_neon_len_k_c asm ("r3") = + (word32*)&L_SHA256_transform_neon_len_k; __asm__ __volatile__ ( "sub sp, sp, #24\n\t" @@ -2799,8 +2796,8 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) "str r10, [sp, #8]\n\t" "bne L_SHA256_transform_neon_len_begin_%=\n\t" "add sp, sp, #24\n\t" - : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), - [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c) + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_neon_len_k] "+r" (L_SHA256_transform_neon_len_k_c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", @@ -2810,9 +2807,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S index 7d2c60a89e..0a966b769f 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_ARMASM_NO_NEON @@ -2394,7 +2394,7 @@ L_sha3_arm32_begin: .size BlockSha3,.-BlockSha3 #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c index 832aac1cb4..9a21c4d8f5 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +41,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -54,7 +51,7 @@ #endif /* __KEIL__ */ #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_sha3_arm2_neon_rt[] = { +static const word64 L_sha3_arm2_neon_rt[] = { 0x0000000000000001UL, 0x0000000000008082UL, 0x800000000000808aUL, 0x8000000080008000UL, 0x000000000000808bUL, 0x0000000080000001UL, @@ -74,8 +71,8 @@ static const uint64_t L_sha3_arm2_neon_rt[] = { void BlockSha3(word64* state_p) { register word64* state asm ("r0") = (word64*)state_p; - register uint64_t* L_sha3_arm2_neon_rt_c asm ("r1") = - (uint64_t*)&L_sha3_arm2_neon_rt; + register word64* L_sha3_arm2_neon_rt_c asm ("r1") = + (word64*)&L_sha3_arm2_neon_rt; __asm__ __volatile__ ( "sub sp, sp, #16\n\t" @@ -336,7 +333,7 @@ void BlockSha3(word64* state_p) "vst1.8 {d24}, [%[state]]\n\t" "add sp, sp, #16\n\t" : [state] "+r" (state), - [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c) + [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c) : : "memory", "cc", "r2", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", @@ -347,7 +344,7 @@ void BlockSha3(word64* state_p) #endif /* WOLFSSL_ARMASM_NO_NEON */ #ifdef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_sha3_arm2_rt[] = { +static const word64 L_sha3_arm2_rt[] = { 0x0000000000000001UL, 0x0000000000008082UL, 0x800000000000808aUL, 0x8000000080008000UL, 0x000000000000808bUL, 0x0000000080000001UL, @@ -367,8 +364,7 @@ static const uint64_t L_sha3_arm2_rt[] = { void BlockSha3(word64* state_p) { register word64* state asm ("r0") = (word64*)state_p; - register uint64_t* L_sha3_arm2_rt_c asm ("r1") = - (uint64_t*)&L_sha3_arm2_rt; + register word64* L_sha3_arm2_rt_c asm ("r1") = (word64*)&L_sha3_arm2_rt; __asm__ __volatile__ ( "sub sp, sp, #0xcc\n\t" @@ -2355,9 +2351,7 @@ void BlockSha3(word64* state_p) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S index 1df40cfc86..ff26eaf3c3 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #ifndef WOLFSSL_ARMASM_INLINE #ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_ARMASM_NO_NEON @@ -9367,7 +9367,7 @@ L_SHA512_transform_neon_len_start: .size Transform_Sha512_Len,.-Transform_Sha512_Len #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c index eaaa6c7e87..5e56de87be 100644 --- a/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c @@ -32,7 +32,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_THUMB2) #include #ifdef HAVE_CONFIG_H #include @@ -41,9 +41,6 @@ #include #ifdef WOLFSSL_ARMASM_INLINE -#ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) - #ifdef __IAR_SYSTEMS_ICC__ #define __asm__ asm #define __volatile__ volatile @@ -56,7 +53,7 @@ #include #ifdef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_SHA512_transform_len_k[] = { +static const word64 L_SHA512_transform_len_k[] = { 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, @@ -105,8 +102,8 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint64_t* L_SHA512_transform_len_k_c asm ("r3") = - (uint64_t*)&L_SHA512_transform_len_k; + register word64* L_SHA512_transform_len_k_c asm ("r3") = + (word64*)&L_SHA512_transform_len_k; __asm__ __volatile__ ( "sub sp, sp, #0xc0\n\t" @@ -7603,8 +7600,8 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) "bne L_SHA512_transform_len_begin_%=\n\t" "eor r0, r0, r0\n\t" "add sp, sp, #0xc0\n\t" - : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), - [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c) + : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), + [L_SHA512_transform_len_k] "+r" (L_SHA512_transform_len_k_c) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12" @@ -7615,7 +7612,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) #include #ifndef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_SHA512_transform_neon_len_k[] = { +static const word64 L_SHA512_transform_neon_len_k[] = { 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, @@ -7664,8 +7661,8 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) register wc_Sha512* sha512 asm ("r0") = (wc_Sha512*)sha512_p; register const byte* data asm ("r1") = (const byte*)data_p; register word32 len asm ("r2") = (word32)len_p; - register uint64_t* L_SHA512_transform_neon_len_k_c asm ("r3") = - (uint64_t*)&L_SHA512_transform_neon_len_k; + register word64* L_SHA512_transform_neon_len_k_c asm ("r3") = + (word64*)&L_SHA512_transform_neon_len_k; __asm__ __volatile__ ( /* Load digest into working vars */ @@ -9156,8 +9153,8 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) "subs %[len], %[len], #0x80\n\t" "sub r3, r3, #0x280\n\t" "bne L_SHA512_transform_neon_len_begin_%=\n\t" - : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), - [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c) + : [sha512] "+r" (sha512), [data] "+r" (data), [len] "+r" (len), + [L_SHA512_transform_neon_len_k] "+r" (L_SHA512_transform_neon_len_k_c) : : "memory", "cc", "r12", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "q8", "q9", @@ -9167,9 +9164,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512_p, const byte* data_p, word32 len_p) #endif /* !WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __arm__ && !__thumb__ */ -#endif /* WOLFSSL_ARMASM */ -#endif /* !defined(__aarch64__) && defined(__arm__) && !defined(__thumb__) */ +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index 87df6f0895..9e2f3cb6b9 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -201,7 +201,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, } #endif - #ifdef WOLFSSL_AES_COUNTER + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif /* WOLFSSL_AES_COUNTER */ @@ -16560,6 +16561,7 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, { #if defined(AES_MAX_KEY_SIZE) const word32 max_key_len = (AES_MAX_KEY_SIZE / 8); + word32 userKey_aligned[AES_MAX_KEY_SIZE / WOLFSSL_BIT_SIZE / sizeof(word32)]; #endif if (((keylen != 16) && (keylen != 24) && (keylen != 32)) || @@ -16573,6 +16575,14 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, return BAD_FUNC_ARG; } #endif + +#if !defined(AES_MAX_KEY_SIZE) + /* Check alignment */ + if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) { + return BAD_FUNC_ARG; + } +#endif + #ifdef WOLF_CRYPTO_CB if (aes->devId != INVALID_DEVID) { if (keylen > sizeof(aes->devKey)) { @@ -16581,14 +16591,25 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, XMEMCPY(aes->devKey, userKey, keylen); } #endif -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; -#endif /* WOLFSSL_AES_COUNTER */ +#endif aes->keylen = keylen; aes->rounds = keylen/4 + 6; - AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key); +#if defined(AES_MAX_KEY_SIZE) + if ((unsigned long)userKey & (sizeof(aes->key[0]) - 1U)) { + XMEMCPY(userKey_aligned, userKey, keylen); + AES_set_encrypt_key((byte *)userKey_aligned, keylen * 8, (byte*)aes->key); + } + else +#endif + { + AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key); + } + #ifdef HAVE_AES_DECRYPT if (dir == AES_DECRYPTION) { AES_invert_key((byte*)aes->key, aes->rounds); diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c index 9527bbd9d1..a258f3607b 100644 --- a/wolfcrypt/src/port/arm/armv8-poly1305.c +++ b/wolfcrypt/src/port/arm/armv8-poly1305.c @@ -1120,7 +1120,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) } #else -#ifdef __thumb__ +#ifdef WOLFSSL_ARMASM_THUMB2 /* Process 16 bytes of message at a time. * * @param [in] ctx Poly1305 context. @@ -1226,7 +1226,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) for (; i < POLY1305_BLOCK_SIZE; i++) { ctx->buffer[i] = 0; } - #ifdef __thumb__ + #ifdef WOLFSSL_ARMASM_THUMB2 poly1305_blocks_thumb2_16(ctx, ctx->buffer, POLY1305_BLOCK_SIZE, 0); #else diff --git a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c index e52d02de1b..71ac40a22d 100644 --- a/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c @@ -63,7 +63,7 @@ static const uint64_t L_SHA3_transform_crypto_r[] = { 0x8000000080008008UL, }; -void BlockSha3(unsigned long* state) +void BlockSha3(word64* state) { __asm__ __volatile__ ( #ifdef __APPLE__ @@ -209,7 +209,7 @@ static const uint64_t L_SHA3_transform_base_r[] = { 0x8000000080008008UL, }; -void BlockSha3(unsigned long* state) +void BlockSha3(word64* state) { __asm__ __volatile__ ( "stp x29, x30, [sp, #-64]!\n\t" diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm.S b/wolfcrypt/src/port/arm/thumb2-aes-asm.S index 34f860884c..362a0ab808 100644 --- a/wolfcrypt/src/port/arm/thumb2-aes-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-aes-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -3360,7 +3360,7 @@ L_AES_GCM_encrypt_end: .size AES_GCM_encrypt,.-AES_GCM_encrypt #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c index ddf9d11412..da16fdc10b 100644 --- a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -47,7 +47,7 @@ #include #ifdef HAVE_AES_DECRYPT -XALIGNED(16) static const uint32_t L_AES_Thumb2_td_data[] = { +XALIGNED(16) static const word32 L_AES_Thumb2_td_data[] = { 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, @@ -116,7 +116,7 @@ XALIGNED(16) static const uint32_t L_AES_Thumb2_td_data[] = { #endif /* HAVE_AES_DECRYPT */ #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -XALIGNED(16) static const uint32_t L_AES_Thumb2_te_data[] = { +XALIGNED(16) static const word32 L_AES_Thumb2_te_data[] = { 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b, @@ -185,10 +185,10 @@ XALIGNED(16) static const uint32_t L_AES_Thumb2_te_data[] = { #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT -static const uint32_t* L_AES_Thumb2_td = L_AES_Thumb2_td_data; +static const word32* L_AES_Thumb2_td = L_AES_Thumb2_td_data; #endif /* HAVE_AES_DECRYPT */ #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t* L_AES_Thumb2_te = L_AES_Thumb2_te_data; +static const word32* L_AES_Thumb2_te = L_AES_Thumb2_te_data; #endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT void AES_invert_key(unsigned char* ks, word32 rounds); @@ -201,8 +201,8 @@ void AES_invert_key(unsigned char* ks, word32 rounds) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register unsigned char* ks __asm__ ("r0") = (unsigned char*)ks_p; register word32 rounds __asm__ ("r1") = (word32)rounds_p; - register uint32_t* L_AES_Thumb2_te_c __asm__ ("r2") = (uint32_t*)L_AES_Thumb2_te; - register uint32_t* L_AES_Thumb2_td_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_td; + register word32* L_AES_Thumb2_te_c __asm__ ("r2") = (word32*)L_AES_Thumb2_te; + register word32* L_AES_Thumb2_td_c __asm__ ("r3") = (word32*)L_AES_Thumb2_td; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -325,7 +325,7 @@ void AES_invert_key(unsigned char* ks, word32 rounds) } #endif /* HAVE_AES_DECRYPT */ -XALIGNED(16) static const uint32_t L_AES_Thumb2_rcon[] = { +XALIGNED(16) static const word32 L_AES_Thumb2_rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000 @@ -343,8 +343,8 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks register const unsigned char* key __asm__ ("r0") = (const unsigned char*)key_p; register word32 len __asm__ ("r1") = (word32)len_p; register unsigned char* ks __asm__ ("r2") = (unsigned char*)ks_p; - register uint32_t* L_AES_Thumb2_te_c __asm__ ("r3") = (uint32_t*)L_AES_Thumb2_te; - register uint32_t* L_AES_Thumb2_rcon_c __asm__ ("r4") = (uint32_t*)&L_AES_Thumb2_rcon; + register word32* L_AES_Thumb2_te_c __asm__ ("r3") = (word32*)L_AES_Thumb2_te; + register word32* L_AES_Thumb2_rcon_c __asm__ ("r4") = (word32*)&L_AES_Thumb2_rcon; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -620,18 +620,18 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks ); } -void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks); +void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -void AES_encrypt_block(const uint32_t* te_p, int nr_p, int len_p, const uint32_t* ks_p) +void AES_encrypt_block(const word32* te_p, int nr_p, int len_p, const word32* ks_p) #else -void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks) +void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG - register const uint32_t* te __asm__ ("r0") = (const uint32_t*)te_p; + register const word32* te __asm__ ("r0") = (const word32*)te_p; register int nr __asm__ ("r1") = (int)nr_p; register int len __asm__ ("r2") = (int)len_p; - register const uint32_t* ks __asm__ ("r3") = (const uint32_t*)ks_p; + register const word32* ks __asm__ ("r3") = (const word32*)ks_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -856,7 +856,7 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks) } #if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) -static const uint32_t* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data; +static const word32* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data; #endif /* HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, @@ -873,7 +873,7 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long register unsigned long len __asm__ ("r2") = (unsigned long)len_p; register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; - register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_te_ecb; + register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r5") = (word32*)L_AES_Thumb2_te_ecb; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1096,7 +1096,7 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb; + register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_ecb; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1341,7 +1341,7 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_ecb; + register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_ecb; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1593,17 +1593,17 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long #endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_CBC) -void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4); +void AES_decrypt_block(const word32* td, int nr, const byte* td4); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -void AES_decrypt_block(const uint32_t* td_p, int nr_p, const uint8_t* td4_p) +void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p) #else -void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4) +void AES_decrypt_block(const word32* td, int nr, const byte* td4) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG - register const uint32_t* td __asm__ ("r0") = (const uint32_t*)td_p; + register const word32* td __asm__ ("r0") = (const word32*)td_p; register int nr __asm__ ("r1") = (int)nr_p; - register const uint8_t* td4 __asm__ ("r2") = (const uint8_t*)td4_p; + register const byte* td4 __asm__ ("r2") = (const byte*)td4_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1827,8 +1827,8 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4) ); } -static const uint32_t* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data; -static const unsigned char L_AES_Thumb2_td4[] = { +static const word32* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data; +static const byte L_AES_Thumb2_td4[] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, @@ -1878,8 +1878,8 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long register unsigned long len __asm__ ("r2") = (unsigned long)len_p; register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; - register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r5") = (uint32_t*)L_AES_Thumb2_td_ecb; - register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r6") = (unsigned char*)&L_AES_Thumb2_td4; + register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r5") = (word32*)L_AES_Thumb2_td_ecb; + register byte* L_AES_Thumb2_td4_c __asm__ ("r6") = (byte*)&L_AES_Thumb2_td4; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -2099,8 +2099,8 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; register unsigned char* iv __asm__ ("r5") = (unsigned char*)iv_p; - register uint32_t* L_AES_Thumb2_td_ecb_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_td_ecb; - register unsigned char* L_AES_Thumb2_td4_c __asm__ ("r7") = (unsigned char*)&L_AES_Thumb2_td4; + register word32* L_AES_Thumb2_td_ecb_c __asm__ ("r6") = (word32*)L_AES_Thumb2_td_ecb; + register byte* L_AES_Thumb2_td4_c __asm__ ("r7") = (byte*)&L_AES_Thumb2_td4; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -2494,7 +2494,7 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC */ #endif /* HAVE_AES_DECRYPT */ #ifdef HAVE_AESGCM -XALIGNED(16) static const uint32_t L_GCM_gmult_len_r[] = { +XALIGNED(16) static const word32 L_GCM_gmult_len_r[] = { 0x00000000, 0x1c200000, 0x38400000, 0x24600000, 0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000, 0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000, @@ -2514,7 +2514,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha register const unsigned char** m __asm__ ("r1") = (const unsigned char**)m_p; register const unsigned char* data __asm__ ("r2") = (const unsigned char*)data_p; register unsigned long len __asm__ ("r3") = (unsigned long)len_p; - register uint32_t* L_GCM_gmult_len_r_c __asm__ ("r4") = (uint32_t*)&L_GCM_gmult_len_r; + register word32* L_GCM_gmult_len_r_c __asm__ ("r4") = (word32*)&L_GCM_gmult_len_r; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -3089,7 +3089,7 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha ); } -static const uint32_t* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data; +static const word32* L_AES_Thumb2_te_gcm = L_AES_Thumb2_te_data; void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3105,7 +3105,7 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long register const unsigned char* ks __asm__ ("r3") = (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p; - register uint32_t* L_AES_Thumb2_te_gcm_c __asm__ ("r6") = (uint32_t*)L_AES_Thumb2_te_gcm; + register word32* L_AES_Thumb2_te_gcm_c __asm__ ("r6") = (word32*)L_AES_Thumb2_te_gcm; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -3347,6 +3347,6 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm.S b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S index 4c3c2e7e77..b26d8079b1 100644 --- a/wolfcrypt/src/port/arm/thumb2-chacha-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -566,7 +566,7 @@ L_chacha_thumb2_over_done: /* Cycle Count = 108 */ .size wc_chacha_use_over,.-wc_chacha_use_over #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c index 0dcdc4e3eb..7693748c8d 100644 --- a/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -76,7 +76,7 @@ void wc_chacha_setiv(word32* x, const byte* iv, word32 counter) ); } -XALIGNED(16) static const uint32_t L_chacha_thumb2_constants[] = { +XALIGNED(16) static const word32 L_chacha_thumb2_constants[] = { 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574, 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574, }; @@ -91,7 +91,7 @@ void wc_chacha_setkey(word32* x, const byte* key, word32 keySz) register word32* x __asm__ ("r0") = (word32*)x_p; register const byte* key __asm__ ("r1") = (const byte*)key_p; register word32 keySz __asm__ ("r2") = (word32)keySz_p; - register uint32_t* L_chacha_thumb2_constants_c __asm__ ("r3") = (uint32_t*)&L_chacha_thumb2_constants; + register word32* L_chacha_thumb2_constants_c __asm__ ("r3") = (word32*)&L_chacha_thumb2_constants; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -726,6 +726,6 @@ void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len) } #endif /* HAVE_CHACHA */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-chacha.c b/wolfcrypt/src/port/arm/thumb2-chacha.c index a189ccddd3..041a25e030 100644 --- a/wolfcrypt/src/port/arm/thumb2-chacha.c +++ b/wolfcrypt/src/port/arm/thumb2-chacha.c @@ -26,7 +26,7 @@ #include -#if defined(WOLFSSL_ARMASM) && defined(__thumb__) +#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_THUMB2) #ifdef HAVE_CHACHA #include diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519.S b/wolfcrypt/src/port/arm/thumb2-curve25519.S index 42da2f45f1..298e9add7f 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519.S +++ b/wolfcrypt/src/port/arm/thumb2-curve25519.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -1511,7 +1511,7 @@ fe_cmov_table: #endif /* WC_NO_CACHE_RESISTANT */ #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */ #endif /* HAVE_ED25519 */ -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl fe_mul_op @@ -2023,7 +2023,7 @@ fe_mul_op: POP {pc} /* Cycle Count = 239 */ .size fe_mul_op,.-fe_mul_op -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ .text .align 4 .globl fe_mul @@ -2034,7 +2034,7 @@ fe_mul: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 24 */ .size fe_mul,.-fe_mul -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl fe_sq_op @@ -2425,7 +2425,7 @@ fe_sq_op: POP {pc} /* Cycle Count = 179 */ .size fe_sq_op,.-fe_sq_op -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ .text .align 4 .globl fe_sq @@ -2437,7 +2437,7 @@ fe_sq: /* Cycle Count = 24 */ .size fe_sq,.-fe_sq #ifdef HAVE_CURVE25519 -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl fe_mul121666 @@ -2524,7 +2524,7 @@ fe_mul121666: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 69 */ .size fe_mul121666,.-fe_mul121666 -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WC_NO_CACHE_RESISTANT .text .align 4 @@ -3466,7 +3466,7 @@ L_fe_invert8: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 292 */ .size fe_invert,.-fe_invert -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl fe_sq2 @@ -3925,7 +3925,7 @@ fe_sq2: POP {pc} /* Cycle Count = 213 */ .size fe_sq2,.-fe_sq2 -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ .text .align 4 .globl fe_pow22523 @@ -4535,7 +4535,7 @@ ge_sub: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 138 */ .size ge_sub,.-ge_sub -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl sc_reduce @@ -5258,9 +5258,9 @@ sc_reduce: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 502 */ .size sc_reduce,.-sc_reduce -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifdef HAVE_ED25519_SIGN -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 .globl sc_muladd @@ -6470,13 +6470,13 @@ sc_muladd: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 752 */ .size sc_muladd,.-sc_muladd -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* HAVE_ED25519_SIGN */ #endif /* HAVE_ED25519 */ #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c index 21ad67bac3..df8273840b 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c +++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -1667,7 +1667,7 @@ void fe_cmov_table(fe* r, fe* base, signed char b) #endif /* WC_NO_CACHE_RESISTANT */ #endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */ #endif /* HAVE_ED25519 */ -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M void fe_mul_op(void); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_mul_op() @@ -2193,7 +2193,7 @@ void fe_mul_op() ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_mul(fe r_p, const fe a_p, const fe b_p) #else @@ -2214,7 +2214,7 @@ void fe_mul(fe r, const fe a, const fe b) ); } -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M void fe_sq_op(void); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_sq_op() @@ -2619,7 +2619,7 @@ void fe_sq_op() ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_sq(fe r_p, const fe a_p) #else @@ -2640,7 +2640,7 @@ void fe_sq(fe r, const fe a) } #ifdef HAVE_CURVE25519 -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_mul121666(fe r_p, fe a_p) #else @@ -2745,7 +2745,7 @@ void fe_mul121666(fe r, fe a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WC_NO_CACHE_RESISTANT #ifndef WOLFSSL_NO_VAR_ASSIGN_REG int curve25519(byte* r_p, const byte* n_p, const byte* a_p) @@ -3907,7 +3907,7 @@ void fe_invert(fe r, const fe a) ); } -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_sq2(fe r_p, const fe a_p) #else @@ -4384,7 +4384,7 @@ void fe_sq2(fe r, const fe a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void fe_pow22523(fe r_p, const fe a_p) #else @@ -5126,7 +5126,7 @@ void ge_sub(ge_p1p1 * r, const ge_p3 * p, const ge_cached* q) ); } -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void sc_reduce(byte* s_p) #else @@ -5865,9 +5865,9 @@ void sc_reduce(byte* s) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #ifdef HAVE_ED25519_SIGN -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M #ifndef WOLFSSL_NO_VAR_ASSIGN_REG void sc_muladd(byte* s_p, const byte* a_p, const byte* b_p, const byte* c_p) #else @@ -7099,12 +7099,12 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* HAVE_ED25519_SIGN */ #endif /* HAVE_ED25519 */ #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ #endif /* HAVE_CURVE25519 || HAVE_ED25519 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm.S b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S new file mode 100644 index 0000000000..e3097c321e --- /dev/null +++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm.S @@ -0,0 +1,3903 @@ +/* thumb2-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-kyber-asm.S + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include + +#ifdef WOLFSSL_ARMASM +#ifdef WOLFSSL_ARMASM_THUMB2 +#ifndef WOLFSSL_ARMASM_INLINE + .thumb + .syntax unified +#ifdef WOLFSSL_WC_KYBER + .text + .type L_kyber_thumb2_ntt_zetas, %object + .size L_kyber_thumb2_ntt_zetas, 256 + .align 4 +L_kyber_thumb2_ntt_zetas: + .short 0x8ed + .short 0xa0b + .short 0xb9a + .short 0x714 + .short 0x5d5 + .short 0x58e + .short 0x11f + .short 0xca + .short 0xc56 + .short 0x26e + .short 0x629 + .short 0xb6 + .short 0x3c2 + .short 0x84f + .short 0x73f + .short 0x5bc + .short 0x23d + .short 0x7d4 + .short 0x108 + .short 0x17f + .short 0x9c4 + .short 0x5b2 + .short 0x6bf + .short 0xc7f + .short 0xa58 + .short 0x3f9 + .short 0x2dc + .short 0x260 + .short 0x6fb + .short 0x19b + .short 0xc34 + .short 0x6de + .short 0x4c7 + .short 0x28c + .short 0xad9 + .short 0x3f7 + .short 0x7f4 + .short 0x5d3 + .short 0xbe7 + .short 0x6f9 + .short 0x204 + .short 0xcf9 + .short 0xbc1 + .short 0xa67 + .short 0x6af + .short 0x877 + .short 0x7e + .short 0x5bd + .short 0x9ac + .short 0xca7 + .short 0xbf2 + .short 0x33e + .short 0x6b + .short 0x774 + .short 0xc0a + .short 0x94a + .short 0xb73 + .short 0x3c1 + .short 0x71d + .short 0xa2c + .short 0x1c0 + .short 0x8d8 + .short 0x2a5 + .short 0x806 + .short 0x8b2 + .short 0x1ae + .short 0x22b + .short 0x34b + .short 0x81e + .short 0x367 + .short 0x60e + .short 0x69 + .short 0x1a6 + .short 0x24b + .short 0xb1 + .short 0xc16 + .short 0xbde + .short 0xb35 + .short 0x626 + .short 0x675 + .short 0xc0b + .short 0x30a + .short 0x487 + .short 0xc6e + .short 0x9f8 + .short 0x5cb + .short 0xaa7 + .short 0x45f + .short 0x6cb + .short 0x284 + .short 0x999 + .short 0x15d + .short 0x1a2 + .short 0x149 + .short 0xc65 + .short 0xcb6 + .short 0x331 + .short 0x449 + .short 0x25b + .short 0x262 + .short 0x52a + .short 0x7fc + .short 0x748 + .short 0x180 + .short 0x842 + .short 0xc79 + .short 0x4c2 + .short 0x7ca + .short 0x997 + .short 0xdc + .short 0x85e + .short 0x686 + .short 0x860 + .short 0x707 + .short 0x803 + .short 0x31a + .short 0x71b + .short 0x9ab + .short 0x99b + .short 0x1de + .short 0xc95 + .short 0xbcd + .short 0x3e4 + .short 0x3df + .short 0x3be + .short 0x74d + .short 0x5f2 + .short 0x65c + .text + .align 4 + .globl kyber_thumb2_ntt + .type kyber_thumb2_ntt, %function +kyber_thumb2_ntt: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + SUB sp, sp, #0x8 + ADR r1, L_kyber_thumb2_ntt_zetas +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV r2, #0x10 +L_kyber_thumb2_ntt_loop_123: + STR r2, [sp] + LDRH lr, [r1, #2] + LDR r2, [r0] + LDR r3, [r0, #64] + LDR r4, [r0, #128] + LDR r5, [r0, #192] + LDR r6, [r0, #256] + LDR r7, [r0, #320] + LDR r8, [r0, #384] + LDR r9, [r0, #448] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r6 + SMULBT r6, lr, r6 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r11, r12, r11, r6 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r6, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r6, #0, #16 + SBFX r11, lr, #0, #16 + ASR r6, r6, #16 + MUL r10, r11, r10 + MUL r6, r11, r6 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r6 + SUB r6, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r6, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r11, r12, r11, r7 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r7, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, lr, #0, #16 + ASR r7, r7, #16 + MUL r10, r11, r10 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r7 + SUB r7, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r7, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r8 + SMULBT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r4, r10 + SADD16 r4, r4, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #0, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r4, r11 + ADD r4, r4, r11 + SUB r11, r4, r10, LSR #16 + ADD r10, r4, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r9 + SMULBT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r5, r10 + SADD16 r5, r5, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #0, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r5, r11 + ADD r5, r5, r11 + SUB r11, r5, r10, LSR #16 + ADD r10, r5, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #4] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r4 + SMULBT r4, lr, r4 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r11, r12, r11, r4 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r4, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, lr, #0, #16 + ASR r4, r4, #16 + MUL r10, r11, r10 + MUL r4, r11, r4 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r4 + SUB r4, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r4, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r5 + SMULBT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #0, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r8 + SMULTT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #16, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r7, r10 + SADD16 r7, r7, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r7, r11 + ADD r7, r7, r11 + SUB r11, r7, r10, LSR #16 + ADD r10, r7, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #8] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r3 + SMULBT r3, lr, r3 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r11, r12, r11, r3 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r3, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, lr, #0, #16 + ASR r3, r3, #16 + MUL r10, r11, r10 + MUL r3, r11, r3 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r3 + SUB r3, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r3, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r5 + SMULTT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r4, r10 + SADD16 r4, r4, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #16, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r4, r11 + ADD r4, r4, r11 + SUB r11, r4, r10, LSR #16 + ADD r10, r4, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #12] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r11, r12, r11, r7 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r7, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, lr, #0, #16 + ASR r7, r7, #16 + MUL r10, r11, r10 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r7 + SUB r7, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r7, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r8, r10 + SADD16 r8, r8, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r8, r11 + ADD r8, r8, r11 + SUB r11, r8, r10, LSR #16 + ADD r10, r8, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #64] + STR r4, [r0, #128] + STR r5, [r0, #192] + STR r6, [r0, #256] + STR r7, [r0, #320] + STR r8, [r0, #384] + STR r9, [r0, #448] + LDR r2, [sp] + SUBS r2, r2, #0x1 + ADD r0, r0, #0x4 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_ntt_loop_123 +#else + BNE.N L_kyber_thumb2_ntt_loop_123 +#endif + SUB r0, r0, #0x40 + MOV r3, #0x0 +L_kyber_thumb2_ntt_loop_4_j: + STR r3, [sp, #4] + ADD lr, r1, r3, LSR #4 + MOV r2, #0x4 + LDR lr, [lr, #16] +L_kyber_thumb2_ntt_loop_4_i: + STR r2, [sp] + LDR r2, [r0] + LDR r3, [r0, #16] + LDR r4, [r0, #32] + LDR r5, [r0, #48] + LDR r6, [r0, #64] + LDR r7, [r0, #80] + LDR r8, [r0, #96] + LDR r9, [r0, #112] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r4 + SMULBT r4, lr, r4 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r11, r12, r11, r4 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r4, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, lr, #0, #16 + ASR r4, r4, #16 + MUL r10, r11, r10 + MUL r4, r11, r4 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r4 + SUB r4, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r4, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r5 + SMULBT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #0, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r8 + SMULTT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #16, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r7, r10 + SADD16 r7, r7, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r7, r11 + ADD r7, r7, r11 + SUB r11, r7, r10, LSR #16 + ADD r10, r7, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #16] + STR r4, [r0, #32] + STR r5, [r0, #48] + STR r6, [r0, #64] + STR r7, [r0, #80] + STR r8, [r0, #96] + STR r9, [r0, #112] + LDRD r2, r3, [sp] + SUBS r2, r2, #0x1 + ADD r0, r0, #0x4 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_ntt_loop_4_i +#else + BNE.N L_kyber_thumb2_ntt_loop_4_i +#endif + ADD r3, r3, #0x40 + RSBS r10, r3, #0x100 + ADD r0, r0, #0x70 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_ntt_loop_4_j +#else + BNE.N L_kyber_thumb2_ntt_loop_4_j +#endif + SUB r0, r0, #0x200 + MOV r3, #0x0 +L_kyber_thumb2_ntt_loop_567: + ADD lr, r1, r3, LSR #3 + STR r3, [sp, #4] + LDRH lr, [lr, #32] + LDR r2, [r0] + LDR r3, [r0, #4] + LDR r4, [r0, #8] + LDR r5, [r0, #12] + LDR r6, [r0, #16] + LDR r7, [r0, #20] + LDR r8, [r0, #24] + LDR r9, [r0, #28] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r6 + SMULBT r6, lr, r6 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r11, r12, r11, r6 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r6, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r6, #0, #16 + SBFX r11, lr, #0, #16 + ASR r6, r6, #16 + MUL r10, r11, r10 + MUL r6, r11, r6 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r6 + SUB r6, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r6, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r11, r12, r11, r7 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r7, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, lr, #0, #16 + ASR r7, r7, #16 + MUL r10, r11, r10 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r7 + SUB r7, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r7, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r8 + SMULBT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r4, r10 + SADD16 r4, r4, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #0, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r4, r11 + ADD r4, r4, r11 + SUB r11, r4, r10, LSR #16 + ADD r10, r4, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r9 + SMULBT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r5, r10 + SADD16 r5, r5, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #0, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r5, r11 + ADD r5, r5, r11 + SUB r11, r5, r10, LSR #16 + ADD r10, r5, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #2 + LDR lr, [lr, #64] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r4 + SMULBT r4, lr, r4 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r11, r12, r11, r4 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r4, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, lr, #0, #16 + ASR r4, r4, #16 + MUL r10, r11, r10 + MUL r4, r11, r4 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r4 + SUB r4, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r4, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r5 + SMULBT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r3, r10 + SADD16 r3, r3, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #0, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r3, r11 + ADD r3, r3, r11 + SUB r11, r3, r10, LSR #16 + ADD r10, r3, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r8 + SMULTT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r11, r12, r11, r8 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r8, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, lr, #16, #16 + ASR r8, r8, #16 + MUL r10, r11, r10 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r8 + SUB r8, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r8, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r7, r10 + SADD16 r7, r7, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r7, r11 + ADD r7, r7, r11 + SUB r11, r7, r10, LSR #16 + ADD r10, r7, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #1 + LDR lr, [lr, #128] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r3 + SMULBT r3, lr, r3 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r11, r12, r11, r3 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r3, r2, r10 + SADD16 r2, r2, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, lr, #0, #16 + ASR r3, r3, #16 + MUL r10, r11, r10 + MUL r3, r11, r3 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r3 + SUB r3, r2, r11 + ADD r2, r2, r11 + SUB r11, r2, r10, LSR #16 + ADD r10, r2, r10, LSR #16 + BFI r3, r11, #0, #16 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r5 + SMULTT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r11, r12, r11, r5 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r5, r4, r10 + SADD16 r4, r4, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, lr, #16, #16 + ASR r5, r5, #16 + MUL r10, r11, r10 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r5 + SUB r5, r4, r11 + ADD r4, r4, r11 + SUB r11, r4, r10, LSR #16 + ADD r10, r4, r10, LSR #16 + BFI r5, r11, #0, #16 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #1 + LDR lr, [lr, #132] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r11, r12, r11, r7 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r7, r6, r10 + SADD16 r6, r6, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, lr, #0, #16 + ASR r7, r7, #16 + MUL r10, r11, r10 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r7 + SUB r7, r6, r11 + ADD r6, r6, r11 + SUB r11, r6, r10, LSR #16 + ADD r10, r6, r10, LSR #16 + BFI r7, r11, #0, #16 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTB r10, lr, r9 + SMULTT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r11, r12, r11, r9 + PKHTB r10, r11, r10, ASR #16 + SSUB16 r9, r8, r10 + SADD16 r8, r8, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, lr, #16, #16 + ASR r9, r9, #16 + MUL r10, r11, r10 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r11, r12, r11, r9 + SUB r9, r8, r11 + ADD r8, r8, r11 + SUB r11, r8, r10, LSR #16 + ADD r10, r8, r10, LSR #16 + BFI r9, r11, #0, #16 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + MOV lr, #0xafc0 + MOVT lr, #0x13 +#else + MOV lr, #0x4ebf + MOV r12, #0xd01 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r2 + SMULWT r11, lr, r2 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r2, r2, r10 +#else + SBFX r10, r2, #0, #16 + SBFX r11, r2, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r2, r11, LSL #16 + SUB r2, r2, r10 + LSR r11, r11, #16 + BFI r2, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r3 + SMULWT r11, lr, r3 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r3, r3, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, r3, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r3, r11, LSL #16 + SUB r3, r3, r10 + LSR r11, r11, #16 + BFI r3, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r4 + SMULWT r11, lr, r4 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r4, r4, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, r4, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r4, r11, LSL #16 + SUB r4, r4, r10 + LSR r11, r11, #16 + BFI r4, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r5 + SMULWT r11, lr, r5 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r5, r5, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, r5, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r5, r11, LSL #16 + SUB r5, r5, r10 + LSR r11, r11, #16 + BFI r5, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r6 + SMULWT r11, lr, r6 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r6, r6, r10 +#else + SBFX r10, r6, #0, #16 + SBFX r11, r6, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r6, r11, LSL #16 + SUB r6, r6, r10 + LSR r11, r11, #16 + BFI r6, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r7 + SMULWT r11, lr, r7 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r7, r7, r10 +#else + SBFX r10, r7, #0, #16 + SBFX r11, r7, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r7, r11, LSL #16 + SUB r7, r7, r10 + LSR r11, r11, #16 + BFI r7, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r8 + SMULWT r11, lr, r8 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r8, r8, r10 +#else + SBFX r10, r8, #0, #16 + SBFX r11, r8, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r8, r11, LSL #16 + SUB r8, r8, r10 + LSR r11, r11, #16 + BFI r8, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r9 + SMULWT r11, lr, r9 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r9, r9, r10 +#else + SBFX r10, r9, #0, #16 + SBFX r11, r9, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r9, r11, LSL #16 + SUB r9, r9, r10 + LSR r11, r11, #16 + BFI r9, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #4] + STR r4, [r0, #8] + STR r5, [r0, #12] + STR r6, [r0, #16] + STR r7, [r0, #20] + STR r8, [r0, #24] + STR r9, [r0, #28] + LDR r3, [sp, #4] + ADD r3, r3, #0x10 + RSBS r10, r3, #0x100 + ADD r0, r0, #0x20 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_ntt_loop_567 +#else + BNE.N L_kyber_thumb2_ntt_loop_567 +#endif + ADD sp, sp, #0x8 + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 1270 */ + .size kyber_thumb2_ntt,.-kyber_thumb2_ntt + .text + .type L_kyber_thumb2_invntt_zetas_inv, %object + .size L_kyber_thumb2_invntt_zetas_inv, 256 + .align 4 +L_kyber_thumb2_invntt_zetas_inv: + .short 0x6a5 + .short 0x70f + .short 0x5b4 + .short 0x943 + .short 0x922 + .short 0x91d + .short 0x134 + .short 0x6c + .short 0xb23 + .short 0x366 + .short 0x356 + .short 0x5e6 + .short 0x9e7 + .short 0x4fe + .short 0x5fa + .short 0x4a1 + .short 0x67b + .short 0x4a3 + .short 0xc25 + .short 0x36a + .short 0x537 + .short 0x83f + .short 0x88 + .short 0x4bf + .short 0xb81 + .short 0x5b9 + .short 0x505 + .short 0x7d7 + .short 0xa9f + .short 0xaa6 + .short 0x8b8 + .short 0x9d0 + .short 0x4b + .short 0x9c + .short 0xbb8 + .short 0xb5f + .short 0xba4 + .short 0x368 + .short 0xa7d + .short 0x636 + .short 0x8a2 + .short 0x25a + .short 0x736 + .short 0x309 + .short 0x93 + .short 0x87a + .short 0x9f7 + .short 0xf6 + .short 0x68c + .short 0x6db + .short 0x1cc + .short 0x123 + .short 0xeb + .short 0xc50 + .short 0xab6 + .short 0xb5b + .short 0xc98 + .short 0x6f3 + .short 0x99a + .short 0x4e3 + .short 0x9b6 + .short 0xad6 + .short 0xb53 + .short 0x44f + .short 0x4fb + .short 0xa5c + .short 0x429 + .short 0xb41 + .short 0x2d5 + .short 0x5e4 + .short 0x940 + .short 0x18e + .short 0x3b7 + .short 0xf7 + .short 0x58d + .short 0xc96 + .short 0x9c3 + .short 0x10f + .short 0x5a + .short 0x355 + .short 0x744 + .short 0xc83 + .short 0x48a + .short 0x652 + .short 0x29a + .short 0x140 + .short 0x8 + .short 0xafd + .short 0x608 + .short 0x11a + .short 0x72e + .short 0x50d + .short 0x90a + .short 0x228 + .short 0xa75 + .short 0x83a + .short 0x623 + .short 0xcd + .short 0xb66 + .short 0x606 + .short 0xaa1 + .short 0xa25 + .short 0x908 + .short 0x2a9 + .short 0x82 + .short 0x642 + .short 0x74f + .short 0x33d + .short 0xb82 + .short 0xbf9 + .short 0x52d + .short 0xac4 + .short 0x745 + .short 0x5c2 + .short 0x4b2 + .short 0x93f + .short 0xc4b + .short 0x6d8 + .short 0xa93 + .short 0xab + .short 0xc37 + .short 0xbe2 + .short 0x773 + .short 0x72c + .short 0x5ed + .short 0x167 + .short 0x2f6 + .short 0x5a1 + .text + .align 4 + .globl kyber_thumb2_invntt + .type kyber_thumb2_invntt, %function +kyber_thumb2_invntt: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + SUB sp, sp, #0x8 + ADR r1, L_kyber_thumb2_invntt_zetas_inv +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV r3, #0x0 +L_kyber_thumb2_invntt_loop_765: + ADD lr, r1, r3, LSR #1 + STR r3, [sp, #4] + LDR r2, [r0] + LDR r3, [r0, #4] + LDR r4, [r0, #8] + LDR r5, [r0, #12] + LDR r6, [r0, #16] + LDR r7, [r0, #20] + LDR r8, [r0, #24] + LDR r9, [r0, #28] + LDR lr, [lr] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r3 + SADD16 r2, r2, r3 + SMULBT r3, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r3, r12, r11, r3 + PKHTB r3, r3, r10, ASR #16 +#else + SUB r11, r2, r3 + ADD r12, r2, r3 + BFC r3, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r3 + ADD r2, r2, r3 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r3, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r3, r12, r11, r3 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r4, r5 + SADD16 r4, r4, r5 + SMULTT r5, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r4, r5 + ADD r12, r4, r5 + BFC r5, #0, #16 + BFC r4, #0, #16 + SUB r10, r4, r5 + ADD r4, r4, r5 + BFI r10, r11, #0, #16 + BFI r4, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #1 + LDR lr, [lr, #4] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r7 + SADD16 r6, r6, r7 + SMULBT r7, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SUB r11, r6, r7 + ADD r12, r6, r7 + BFC r7, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r7 + ADD r6, r6, r7 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r7, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r8, r9 + SADD16 r8, r8, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r8, r9 + ADD r12, r8, r9 + BFC r9, #0, #16 + BFC r8, #0, #16 + SUB r10, r8, r9 + ADD r8, r8, r9 + BFI r10, r11, #0, #16 + BFI r8, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #2 + LDR lr, [lr, #128] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r4 + SADD16 r2, r2, r4 + SMULBT r4, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r4, r12, r11, r4 + PKHTB r4, r4, r10, ASR #16 +#else + SUB r11, r2, r4 + ADD r12, r2, r4 + BFC r4, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r4 + ADD r2, r2, r4 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r4, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r4, r12, r11, r4 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r5 + SADD16 r3, r3, r5 + SMULBT r5, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r3, r5 + ADD r12, r3, r5 + BFC r5, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r5 + ADD r3, r3, r5 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r8 + SADD16 r6, r6, r8 + SMULTT r8, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r6, r8 + ADD r12, r6, r8 + BFC r8, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r8 + ADD r6, r6, r8 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r7, r9 + SADD16 r7, r7, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r7, r9 + ADD r12, r7, r9 + BFC r9, #0, #16 + BFC r7, #0, #16 + SUB r10, r7, r9 + ADD r7, r7, r9 + BFI r10, r11, #0, #16 + BFI r7, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [sp, #4] + ADD lr, r1, lr, LSR #3 + LDR lr, [lr, #192] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r6 + SADD16 r2, r2, r6 + SMULBT r6, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r6, r12, r11, r6 + PKHTB r6, r6, r10, ASR #16 +#else + SUB r11, r2, r6 + ADD r12, r2, r6 + BFC r6, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r6 + ADD r2, r2, r6 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r6, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r6, r12, r11, r6 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r7 + SADD16 r3, r3, r7 + SMULBT r7, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SUB r11, r3, r7 + ADD r12, r3, r7 + BFC r7, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r7 + ADD r3, r3, r7 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r7, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r4, r8 + SADD16 r4, r4, r8 + SMULBT r8, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r4, r8 + ADD r12, r4, r8 + BFC r8, #0, #16 + BFC r4, #0, #16 + SUB r10, r4, r8 + ADD r4, r4, r8 + BFI r10, r11, #0, #16 + BFI r4, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r5, r9 + SADD16 r5, r5, r9 + SMULBT r9, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r5, r9 + ADD r12, r5, r9 + BFC r9, #0, #16 + BFC r5, #0, #16 + SUB r10, r5, r9 + ADD r5, r5, r9 + BFI r10, r11, #0, #16 + BFI r5, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + MOV lr, #0xafc0 + MOVT lr, #0x13 +#else + MOV lr, #0x4ebf +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r2 + SMULWT r11, lr, r2 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r2, r2, r10 +#else + SBFX r10, r2, #0, #16 + SBFX r11, r2, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r2, r11, LSL #16 + SUB r2, r2, r10 + LSR r11, r11, #16 + BFI r2, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r3 + SMULWT r11, lr, r3 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r3, r3, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, r3, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r3, r11, LSL #16 + SUB r3, r3, r10 + LSR r11, r11, #16 + BFI r3, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r4 + SMULWT r11, lr, r4 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r4, r4, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, r4, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r4, r11, LSL #16 + SUB r4, r4, r10 + LSR r11, r11, #16 + BFI r4, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r5 + SMULWT r11, lr, r5 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r5, r5, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, r5, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r5, r11, LSL #16 + SUB r5, r5, r10 + LSR r11, r11, #16 + BFI r5, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #4] + STR r4, [r0, #8] + STR r5, [r0, #12] + STR r6, [r0, #16] + STR r7, [r0, #20] + STR r8, [r0, #24] + STR r9, [r0, #28] + LDR r3, [sp, #4] + ADD r3, r3, #0x10 + RSBS r10, r3, #0x100 + ADD r0, r0, #0x20 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_invntt_loop_765 +#else + BNE.N L_kyber_thumb2_invntt_loop_765 +#endif + SUB r0, r0, #0x200 + MOV r3, #0x0 +L_kyber_thumb2_invntt_loop_4_j: + STR r3, [sp, #4] + ADD lr, r1, r3, LSR #4 + MOV r2, #0x4 + LDR lr, [lr, #224] +L_kyber_thumb2_invntt_loop_4_i: + STR r2, [sp] + LDR r2, [r0] + LDR r3, [r0, #16] + LDR r4, [r0, #32] + LDR r5, [r0, #48] + LDR r6, [r0, #64] + LDR r7, [r0, #80] + LDR r8, [r0, #96] + LDR r9, [r0, #112] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r4 + SADD16 r2, r2, r4 + SMULBT r4, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r4, r12, r11, r4 + PKHTB r4, r4, r10, ASR #16 +#else + SUB r11, r2, r4 + ADD r12, r2, r4 + BFC r4, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r4 + ADD r2, r2, r4 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r4, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r4, r12, r11, r4 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r5 + SADD16 r3, r3, r5 + SMULBT r5, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r3, r5 + ADD r12, r3, r5 + BFC r5, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r5 + ADD r3, r3, r5 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r8 + SADD16 r6, r6, r8 + SMULTT r8, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r6, r8 + ADD r12, r6, r8 + BFC r8, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r8 + ADD r6, r6, r8 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r7, r9 + SADD16 r7, r7, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r7, r9 + ADD r12, r7, r9 + BFC r9, #0, #16 + BFC r7, #0, #16 + SUB r10, r7, r9 + ADD r7, r7, r9 + BFI r10, r11, #0, #16 + BFI r7, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #16] + STR r4, [r0, #32] + STR r5, [r0, #48] + STR r6, [r0, #64] + STR r7, [r0, #80] + STR r8, [r0, #96] + STR r9, [r0, #112] + LDRD r2, r3, [sp] + SUBS r2, r2, #0x1 + ADD r0, r0, #0x4 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_invntt_loop_4_i +#else + BNE.N L_kyber_thumb2_invntt_loop_4_i +#endif + ADD r3, r3, #0x40 + RSBS r10, r3, #0x100 + ADD r0, r0, #0x70 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_invntt_loop_4_j +#else + BNE.N L_kyber_thumb2_invntt_loop_4_j +#endif + SUB r0, r0, #0x200 + MOV r2, #0x10 +L_kyber_thumb2_invntt_loop_321: + STR r2, [sp] + LDRH lr, [r1, #2] + LDR r2, [r0] + LDR r3, [r0, #64] + LDR r4, [r0, #128] + LDR r5, [r0, #192] + LDR r6, [r0, #256] + LDR r7, [r0, #320] + LDR r8, [r0, #384] + LDR r9, [r0, #448] + LDR lr, [r1, #240] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r3 + SADD16 r2, r2, r3 + SMULBT r3, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r3, r12, r11, r3 + PKHTB r3, r3, r10, ASR #16 +#else + SUB r11, r2, r3 + ADD r12, r2, r3 + BFC r3, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r3 + ADD r2, r2, r3 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r3, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r3, r12, r11, r3 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r4, r5 + SADD16 r4, r4, r5 + SMULTT r5, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r4, r5 + ADD r12, r4, r5 + BFC r5, #0, #16 + BFC r4, #0, #16 + SUB r10, r4, r5 + ADD r4, r4, r5 + BFI r10, r11, #0, #16 + BFI r4, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #244] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r7 + SADD16 r6, r6, r7 + SMULBT r7, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SUB r11, r6, r7 + ADD r12, r6, r7 + BFC r7, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r7 + ADD r6, r6, r7 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r7, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r8, r9 + SADD16 r8, r8, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r8, r9 + ADD r12, r8, r9 + BFC r9, #0, #16 + BFC r8, #0, #16 + SUB r10, r8, r9 + ADD r8, r8, r9 + BFI r10, r11, #0, #16 + BFI r8, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #248] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r4 + SADD16 r2, r2, r4 + SMULBT r4, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r4, r12, r11, r4 + PKHTB r4, r4, r10, ASR #16 +#else + SUB r11, r2, r4 + ADD r12, r2, r4 + BFC r4, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r4 + ADD r2, r2, r4 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r4, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r4, r12, r11, r4 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r5 + SADD16 r3, r3, r5 + SMULBT r5, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SUB r11, r3, r5 + ADD r12, r3, r5 + BFC r5, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r5 + ADD r3, r3, r5 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r5, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r6, r8 + SADD16 r6, r6, r8 + SMULTT r8, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r6, r8 + ADD r12, r6, r8 + BFC r8, #0, #16 + BFC r6, #0, #16 + SUB r10, r6, r8 + ADD r6, r6, r8 + BFI r10, r11, #0, #16 + BFI r6, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r7, r9 + SADD16 r7, r7, r9 + SMULTT r9, lr, r10 + SMULTB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r7, r9 + ADD r12, r7, r9 + BFC r9, #0, #16 + BFC r7, #0, #16 + SUB r10, r7, r9 + ADD r7, r7, r9 + BFI r10, r11, #0, #16 + BFI r7, r12, #0, #16 + SBFX r11, lr, #16, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + MOV lr, #0xafc0 + MOVT lr, #0x13 +#else + MOV lr, #0x4ebf +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r2 + SMULWT r11, lr, r2 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r2, r2, r10 +#else + SBFX r10, r2, #0, #16 + SBFX r11, r2, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r2, r11, LSL #16 + SUB r2, r2, r10 + LSR r11, r11, #16 + BFI r2, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r3 + SMULWT r11, lr, r3 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r3, r3, r10 +#else + SBFX r10, r3, #0, #16 + SBFX r11, r3, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r3, r11, LSL #16 + SUB r3, r3, r10 + LSR r11, r11, #16 + BFI r3, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r4 + SMULWT r11, lr, r4 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r4, r4, r10 +#else + SBFX r10, r4, #0, #16 + SBFX r11, r4, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r4, r11, LSL #16 + SUB r4, r4, r10 + LSR r11, r11, #16 + BFI r4, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULWB r10, lr, r5 + SMULWT r11, lr, r5 + SMULBT r10, r12, r10 + SMULBT r11, r12, r11 + PKHBT r10, r10, r11, LSL #16 + SSUB16 r5, r5, r10 +#else + SBFX r10, r5, #0, #16 + SBFX r11, r5, #16, #16 + MUL r10, lr, r10 + MUL r11, lr, r11 + ASR r10, r10, #26 + ASR r11, r11, #26 + MUL r10, r12, r10 + MUL r11, r12, r11 + SUB r11, r5, r11, LSL #16 + SUB r5, r5, r10 + LSR r11, r11, #16 + BFI r5, r11, #16, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #252] +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r2, r6 + SADD16 r2, r2, r6 + SMULBT r6, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r6, r12, r11, r6 + PKHTB r6, r6, r10, ASR #16 +#else + SUB r11, r2, r6 + ADD r12, r2, r6 + BFC r6, #0, #16 + BFC r2, #0, #16 + SUB r10, r2, r6 + ADD r2, r2, r6 + BFI r10, r11, #0, #16 + BFI r2, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r6, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r6, r12, r11, r6 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r3, r7 + SADD16 r3, r3, r7 + SMULBT r7, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SUB r11, r3, r7 + ADD r12, r3, r7 + BFC r7, #0, #16 + BFC r3, #0, #16 + SUB r10, r3, r7 + ADD r3, r3, r7 + BFI r10, r11, #0, #16 + BFI r3, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r7, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r4, r8 + SADD16 r4, r4, r8 + SMULBT r8, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SUB r11, r4, r8 + ADD r12, r4, r8 + BFC r8, #0, #16 + BFC r4, #0, #16 + SUB r10, r4, r8 + ADD r4, r4, r8 + BFI r10, r11, #0, #16 + BFI r4, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r8, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r10, r5, r9 + SADD16 r5, r5, r9 + SMULBT r9, lr, r10 + SMULBB r10, lr, r10 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SUB r11, r5, r9 + ADD r12, r5, r9 + BFC r9, #0, #16 + BFC r5, #0, #16 + SUB r10, r5, r9 + ADD r5, r5, r9 + BFI r10, r11, #0, #16 + BFI r5, r12, #0, #16 + SBFX r11, lr, #0, #16 + ASR r12, r10, #16 + MUL r9, r11, r12 + SBFX r10, r10, #0, #16 + MUL r10, r11, r10 + MOV r12, #0xcff + SBFX r11, r10, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + LDR lr, [r1, #254] +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r2 + SMULBT r2, lr, r2 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r2 + SMLABB r2, r12, r11, r2 + PKHTB r2, r2, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r2, #0, #16 + MUL r10, r11, r10 + SBFX r2, r2, #16, #16 + MUL r2, r11, r2 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r2, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r2, r12, r11, r2 + BFI r2, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r3 + SMULBT r3, lr, r3 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r3 + SMLABB r3, r12, r11, r3 + PKHTB r3, r3, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r3, #0, #16 + MUL r10, r11, r10 + SBFX r3, r3, #16, #16 + MUL r3, r11, r3 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r3, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r3, r12, r11, r3 + BFI r3, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r4 + SMULBT r4, lr, r4 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r4 + SMLABB r4, r12, r11, r4 + PKHTB r4, r4, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r4, #0, #16 + MUL r10, r11, r10 + SBFX r4, r4, #16, #16 + MUL r4, r11, r4 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r4, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r4, r12, r11, r4 + BFI r4, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r5 + SMULBT r5, lr, r5 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r5 + SMLABB r5, r12, r11, r5 + PKHTB r5, r5, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r5, #0, #16 + MUL r10, r11, r10 + SBFX r5, r5, #16, #16 + MUL r5, r11, r5 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r5, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r5, r12, r11, r5 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r6 + SMULBT r6, lr, r6 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r6 + SMLABB r6, r12, r11, r6 + PKHTB r6, r6, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r6, #0, #16 + MUL r10, r11, r10 + SBFX r6, r6, #16, #16 + MUL r6, r11, r6 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r6, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r6, r12, r11, r6 + BFI r6, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r7 + SMULBT r7, lr, r7 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r7 + SMLABB r7, r12, r11, r7 + PKHTB r7, r7, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r7, #0, #16 + MUL r10, r11, r10 + SBFX r7, r7, #16, #16 + MUL r7, r11, r7 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r7, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r7, r12, r11, r7 + BFI r7, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r8 + SMULBT r8, lr, r8 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r8 + SMLABB r8, r12, r11, r8 + PKHTB r8, r8, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r8, #0, #16 + MUL r10, r11, r10 + SBFX r8, r8, #16, #16 + MUL r8, r11, r8 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r8, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r8, r12, r11, r8 + BFI r8, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + SMULBB r10, lr, r9 + SMULBT r9, lr, r9 + SMULTB r11, r12, r10 + SMLABB r10, r12, r11, r10 + SMULTB r11, r12, r9 + SMLABB r9, r12, r11, r9 + PKHTB r9, r9, r10, ASR #16 +#else + SBFX r11, lr, #0, #16 + SBFX r10, r9, #0, #16 + MUL r10, r11, r10 + SBFX r9, r9, #16, #16 + MUL r9, r11, r9 + MOV r12, #0xcff + MUL r11, r12, r10 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + MLA r10, r12, r11, r10 + MOV r12, #0xcff + SBFX r11, r9, #0, #16 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r11, r11, #0, #16 + LSR r10, r10, #16 + MLA r9, r12, r11, r9 + BFI r9, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STR r2, [r0] + STR r3, [r0, #64] + STR r4, [r0, #128] + STR r5, [r0, #192] + STR r6, [r0, #256] + STR r7, [r0, #320] + STR r8, [r0, #384] + STR r9, [r0, #448] + LDR r2, [sp] + SUBS r2, r2, #0x1 + ADD r0, r0, #0x4 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_invntt_loop_321 +#else + BNE.N L_kyber_thumb2_invntt_loop_321 +#endif + ADD sp, sp, #0x8 + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 1629 */ + .size kyber_thumb2_invntt,.-kyber_thumb2_invntt + .text + .type L_kyber_thumb2_basemul_mont_zetas, %object + .size L_kyber_thumb2_basemul_mont_zetas, 256 + .align 4 +L_kyber_thumb2_basemul_mont_zetas: + .short 0x8ed + .short 0xa0b + .short 0xb9a + .short 0x714 + .short 0x5d5 + .short 0x58e + .short 0x11f + .short 0xca + .short 0xc56 + .short 0x26e + .short 0x629 + .short 0xb6 + .short 0x3c2 + .short 0x84f + .short 0x73f + .short 0x5bc + .short 0x23d + .short 0x7d4 + .short 0x108 + .short 0x17f + .short 0x9c4 + .short 0x5b2 + .short 0x6bf + .short 0xc7f + .short 0xa58 + .short 0x3f9 + .short 0x2dc + .short 0x260 + .short 0x6fb + .short 0x19b + .short 0xc34 + .short 0x6de + .short 0x4c7 + .short 0x28c + .short 0xad9 + .short 0x3f7 + .short 0x7f4 + .short 0x5d3 + .short 0xbe7 + .short 0x6f9 + .short 0x204 + .short 0xcf9 + .short 0xbc1 + .short 0xa67 + .short 0x6af + .short 0x877 + .short 0x7e + .short 0x5bd + .short 0x9ac + .short 0xca7 + .short 0xbf2 + .short 0x33e + .short 0x6b + .short 0x774 + .short 0xc0a + .short 0x94a + .short 0xb73 + .short 0x3c1 + .short 0x71d + .short 0xa2c + .short 0x1c0 + .short 0x8d8 + .short 0x2a5 + .short 0x806 + .short 0x8b2 + .short 0x1ae + .short 0x22b + .short 0x34b + .short 0x81e + .short 0x367 + .short 0x60e + .short 0x69 + .short 0x1a6 + .short 0x24b + .short 0xb1 + .short 0xc16 + .short 0xbde + .short 0xb35 + .short 0x626 + .short 0x675 + .short 0xc0b + .short 0x30a + .short 0x487 + .short 0xc6e + .short 0x9f8 + .short 0x5cb + .short 0xaa7 + .short 0x45f + .short 0x6cb + .short 0x284 + .short 0x999 + .short 0x15d + .short 0x1a2 + .short 0x149 + .short 0xc65 + .short 0xcb6 + .short 0x331 + .short 0x449 + .short 0x25b + .short 0x262 + .short 0x52a + .short 0x7fc + .short 0x748 + .short 0x180 + .short 0x842 + .short 0xc79 + .short 0x4c2 + .short 0x7ca + .short 0x997 + .short 0xdc + .short 0x85e + .short 0x686 + .short 0x860 + .short 0x707 + .short 0x803 + .short 0x31a + .short 0x71b + .short 0x9ab + .short 0x99b + .short 0x1de + .short 0xc95 + .short 0xbcd + .short 0x3e4 + .short 0x3df + .short 0x3be + .short 0x74d + .short 0x5f2 + .short 0x65c + .text + .align 4 + .globl kyber_thumb2_basemul_mont + .type kyber_thumb2_basemul_mont, %function +kyber_thumb2_basemul_mont: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + ADR r3, L_kyber_thumb2_basemul_mont_zetas + ADD r3, r3, #0x80 +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV r8, #0x0 +L_kyber_thumb2_basemul_mont_loop: + LDM r1!, {r4, r5} + LDM r2!, {r6, r7} + LDR lr, [r3, r8] + ADD r8, r8, #0x2 + PUSH {r8} + CMP r8, #0x80 +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTT r8, r4, r6 + SMULTT r10, r5, r7 + SMULTB r9, r12, r8 + SMULTB r11, r12, r10 + SMLABB r8, r12, r9, r8 + SMLABB r10, r12, r11, r10 + RSB r11, lr, #0x0 + SMULBT r8, lr, r8 + SMULBT r10, r11, r10 + SMLABB r8, r4, r6, r8 + SMLABB r10, r5, r7, r10 + SMULTB r9, r12, r8 + SMULTB r11, r12, r10 + SMLABB r8, r12, r9, r8 + SMLABB r10, r12, r11, r10 + SMULBT r9, r4, r6 + SMULBT r11, r5, r7 + SMLATB r9, r4, r6, r9 + SMLATB r11, r5, r7, r11 + SMULTB r6, r12, r9 + SMULTB r7, r12, r11 + SMLABB r9, r12, r6, r9 + SMLABB r11, r12, r7, r11 + PKHTB r4, r9, r8, ASR #16 + PKHTB r5, r11, r10, ASR #16 +#else + ASR r8, r4, #16 + ASR r10, r5, #16 + ASR r9, r6, #16 + ASR r11, r7, #16 + MUL r8, r8, r9 + MUL r10, r10, r11 + MOV r12, #0xcff + SBFX r9, r8, #0, #16 + SBFX r11, r10, #0, #16 + MUL r9, r12, r8 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r9, r9, #0, #16 + SBFX r11, r11, #0, #16 + MLA r8, r12, r9, r8 + MLA r10, r12, r11, r10 + RSB r11, lr, #0x0 + SBFX r9, lr, #0, #16 + SBFX r11, r11, #0, #16 + ASR r8, r8, #16 + ASR r10, r10, #16 + MUL r8, r9, r8 + MUL r10, r11, r10 + SBFX r9, r4, #0, #16 + SBFX r11, r5, #0, #16 + SBFX r12, r6, #0, #16 + MLA r8, r9, r12, r8 + SBFX r12, r7, #0, #16 + MLA r10, r11, r12, r10 + MOV r12, #0xcff + SBFX r9, r8, #0, #16 + SBFX r11, r10, #0, #16 + MUL r9, r12, r9 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r9, r9, #0, #16 + SBFX r11, r11, #0, #16 + MLA r8, r12, r9, r8 + MLA r10, r12, r11, r10 + SBFX r9, r4, #0, #16 + SBFX r11, r5, #0, #16 + ASR r12, r6, #16 + MUL r9, r9, r12 + ASR r12, r7, #16 + MUL r11, r11, r12 + ASR r4, r4, #16 + ASR r5, r5, #16 + SBFX r12, r6, #0, #16 + MLA r9, r4, r12, r9 + SBFX r12, r7, #0, #16 + MLA r11, r5, r12, r11 + MOV r12, #0xcff + SBFX r6, r9, #0, #16 + SBFX r7, r11, #0, #16 + MUL r6, r12, r6 + MUL r7, r12, r7 + MOV r12, #0xd01 + SBFX r4, r6, #0, #16 + SBFX r5, r7, #0, #16 + MLA r9, r12, r4, r9 + MLA r11, r12, r5, r11 + BFC r9, #0, #16 + BFC r11, #0, #16 + ORR r4, r9, r8, LSR #16 + ORR r5, r11, r10, LSR #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STM r0!, {r4, r5} + POP {r8} +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_basemul_mont_loop +#else + BNE.N L_kyber_thumb2_basemul_mont_loop +#endif + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 146 */ + .size kyber_thumb2_basemul_mont,.-kyber_thumb2_basemul_mont + .text + .align 4 + .globl kyber_thumb2_basemul_mont_add + .type kyber_thumb2_basemul_mont_add, %function +kyber_thumb2_basemul_mont_add: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + ADR r3, L_kyber_thumb2_basemul_mont_zetas + ADD r3, r3, #0x80 +#ifndef WOLFSSL_ARM_ARCH_7M + MOV r12, #0xd01 + MOVT r12, #0xcff +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV r8, #0x0 +L_kyber_thumb2_basemul_mont_add_loop: + LDM r1!, {r4, r5} + LDM r2!, {r6, r7} + LDR lr, [r3, r8] + ADD r8, r8, #0x2 + PUSH {r8} + CMP r8, #0x80 +#ifndef WOLFSSL_ARM_ARCH_7M + SMULTT r8, r4, r6 + SMULTT r10, r5, r7 + SMULTB r9, r12, r8 + SMULTB r11, r12, r10 + SMLABB r8, r12, r9, r8 + SMLABB r10, r12, r11, r10 + RSB r11, lr, #0x0 + SMULBT r8, lr, r8 + SMULBT r10, r11, r10 + SMLABB r8, r4, r6, r8 + SMLABB r10, r5, r7, r10 + SMULTB r9, r12, r8 + SMULTB r11, r12, r10 + SMLABB r8, r12, r9, r8 + SMLABB r10, r12, r11, r10 + SMULBT r9, r4, r6 + SMULBT r11, r5, r7 + SMLATB r9, r4, r6, r9 + SMLATB r11, r5, r7, r11 + SMULTB r6, r12, r9 + SMULTB r7, r12, r11 + SMLABB r9, r12, r6, r9 + SMLABB r11, r12, r7, r11 + LDM r0, {r4, r5} + PKHTB r9, r9, r8, ASR #16 + PKHTB r11, r11, r10, ASR #16 + SADD16 r4, r4, r9 + SADD16 r5, r5, r11 +#else + ASR r8, r4, #16 + ASR r10, r5, #16 + ASR r9, r6, #16 + ASR r11, r7, #16 + MUL r8, r8, r9 + MUL r10, r10, r11 + MOV r12, #0xcff + SBFX r9, r8, #0, #16 + SBFX r11, r10, #0, #16 + MUL r9, r12, r8 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r9, r9, #0, #16 + SBFX r11, r11, #0, #16 + MLA r8, r12, r9, r8 + MLA r10, r12, r11, r10 + RSB r11, lr, #0x0 + SBFX r9, lr, #0, #16 + SBFX r11, r11, #0, #16 + ASR r8, r8, #16 + ASR r10, r10, #16 + MUL r8, r9, r8 + MUL r10, r11, r10 + SBFX r9, r4, #0, #16 + SBFX r11, r5, #0, #16 + SBFX r12, r6, #0, #16 + MLA r8, r9, r12, r8 + SBFX r12, r7, #0, #16 + MLA r10, r11, r12, r10 + MOV r12, #0xcff + SBFX r9, r8, #0, #16 + SBFX r11, r10, #0, #16 + MUL r9, r12, r9 + MUL r11, r12, r11 + MOV r12, #0xd01 + SBFX r9, r9, #0, #16 + SBFX r11, r11, #0, #16 + MLA r8, r12, r9, r8 + MLA r10, r12, r11, r10 + SBFX r9, r4, #0, #16 + SBFX r11, r5, #0, #16 + ASR r12, r6, #16 + MUL r9, r9, r12 + ASR r12, r7, #16 + MUL r11, r11, r12 + ASR r4, r4, #16 + ASR r5, r5, #16 + SBFX r12, r6, #0, #16 + MLA r9, r4, r12, r9 + SBFX r12, r7, #0, #16 + MLA r11, r5, r12, r11 + MOV r12, #0xcff + SBFX r6, r9, #0, #16 + SBFX r7, r11, #0, #16 + MUL r6, r12, r6 + MUL r7, r12, r7 + MOV r12, #0xd01 + SBFX r4, r6, #0, #16 + SBFX r5, r7, #0, #16 + MLA r9, r12, r4, r9 + MLA r11, r12, r5, r11 + LDM r0, {r4, r5} + BFC r9, #0, #16 + BFC r11, #0, #16 + ORR r9, r9, r8, LSR #16 + ORR r11, r11, r10, LSR #16 + ADD r8, r4, r9 + ADD r10, r5, r11 + BFC r9, #0, #16 + BFC r11, #0, #16 + ADD r4, r4, r9 + ADD r5, r5, r11 + BFI r4, r8, #0, #16 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STM r0!, {r4, r5} + POP {r8} +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_basemul_mont_add_loop +#else + BNE.N L_kyber_thumb2_basemul_mont_add_loop +#endif + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 162 */ + .size kyber_thumb2_basemul_mont_add,.-kyber_thumb2_basemul_mont_add + .text + .align 4 + .globl kyber_thumb2_csubq + .type kyber_thumb2_csubq, %function +kyber_thumb2_csubq: + PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} + MOV r11, #0xd01 + MOV r12, #0xd01 +#ifndef WOLFSSL_ARM_ARCH_7M + MOVT r12, #0xd01 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + MOV lr, #0x8000 + MOVT lr, #0x8000 + MOV r1, #0x100 +L_kyber_thumb2_csubq_loop: + LDM r0, {r2, r3, r4, r5} +#ifndef WOLFSSL_ARM_ARCH_7M + SSUB16 r2, r2, r12 + SSUB16 r3, r3, r12 + SSUB16 r4, r4, r12 + SSUB16 r5, r5, r12 + AND r6, r2, lr + AND r7, r3, lr + AND r8, r4, lr + AND r9, r5, lr + LSR r6, r6, #15 + LSR r7, r7, #15 + LSR r8, r8, #15 + LSR r9, r9, #15 + MUL r6, r6, r11 + MUL r7, r7, r11 + MUL r8, r8, r11 + MUL r9, r9, r11 + SADD16 r2, r2, r6 + SADD16 r3, r3, r7 + SADD16 r4, r4, r8 + SADD16 r5, r5, r9 +#else + SUB r6, r2, r12 + SUB r2, r2, r12, LSL #16 + BFI r2, r6, #0, #16 + SUB r7, r3, r12 + SUB r3, r3, r12, LSL #16 + BFI r3, r7, #0, #16 + SUB r8, r4, r12 + SUB r4, r4, r12, LSL #16 + BFI r4, r8, #0, #16 + SUB r9, r5, r12 + SUB r5, r5, r12, LSL #16 + BFI r5, r9, #0, #16 + AND r6, r2, lr + AND r7, r3, lr + AND r8, r4, lr + AND r9, r5, lr + LSR r6, r6, #15 + LSR r7, r7, #15 + LSR r8, r8, #15 + LSR r9, r9, #15 + MUL r6, r6, r11 + MUL r7, r7, r11 + MUL r8, r8, r11 + MUL r9, r9, r11 + ADD r10, r2, r6 + BFC r6, #0, #16 + ADD r2, r2, r6 + BFI r2, r10, #0, #16 + ADD r10, r3, r7 + BFC r7, #0, #16 + ADD r3, r3, r7 + BFI r3, r10, #0, #16 + ADD r10, r4, r8 + BFC r8, #0, #16 + ADD r4, r4, r8 + BFI r4, r10, #0, #16 + ADD r10, r5, r9 + BFC r9, #0, #16 + ADD r5, r5, r9 + BFI r5, r10, #0, #16 +#endif /* !WOLFSSL_ARM_ARCH_7M */ + STM r0!, {r2, r3, r4, r5} + SUBS r1, r1, #0x8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_csubq_loop +#else + BNE.N L_kyber_thumb2_csubq_loop +#endif + POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} + /* Cycle Count = 101 */ + .size kyber_thumb2_csubq,.-kyber_thumb2_csubq + .text + .align 4 + .globl kyber_thumb2_rej_uniform + .type kyber_thumb2_rej_uniform, %function +kyber_thumb2_rej_uniform: + PUSH {r4, r5, r6, r7, r8, r9, r10, lr} + MOV r8, #0xd01 + MOV r9, #0x0 +L_kyber_thumb2_rej_uniform_loop_no_fail: + CMP r1, #0x8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BLT L_kyber_thumb2_rej_uniform_done_no_fail +#else + BLT.N L_kyber_thumb2_rej_uniform_done_no_fail +#endif + LDM r2!, {r4, r5, r6} + UBFX r7, r4, #0, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r4, #12, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r4, #24, #8 + BFI r7, r5, #8, #4 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r5, #4, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r5, #16, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r5, #28, #4 + BFI r7, r6, #4, #8 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r6, #8, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + UBFX r7, r6, #20, #12 + STRH r7, [r0, r9] + SUB r10, r7, r8 + LSR r10, r10, #31 + SUB r1, r1, r10 + ADD r9, r9, r10, LSL #1 + SUBS r3, r3, #0xc +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_kyber_thumb2_rej_uniform_loop_no_fail +#else + BNE.N L_kyber_thumb2_rej_uniform_loop_no_fail +#endif +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + B L_kyber_thumb2_rej_uniform_done +#else + B.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_done_no_fail: + CMP r1, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_loop: + LDM r2!, {r4, r5, r6} + UBFX r7, r4, #0, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_0 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_0 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_0: + UBFX r7, r4, #12, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_1 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_1 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_1: + UBFX r7, r4, #24, #8 + BFI r7, r5, #8, #4 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_2 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_2 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_2: + UBFX r7, r5, #4, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_3 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_3 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_3: + UBFX r7, r5, #16, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_4 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_4 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_4: + UBFX r7, r5, #28, #4 + BFI r7, r6, #4, #8 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_5 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_5 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_5: + UBFX r7, r6, #8, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_6 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_6 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_6: + UBFX r7, r6, #20, #12 + CMP r7, r8 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGE L_kyber_thumb2_rej_uniform_fail_7 +#else + BGE.N L_kyber_thumb2_rej_uniform_fail_7 +#endif + STRH r7, [r0, r9] + SUBS r1, r1, #0x1 + ADD r9, r9, #0x2 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_kyber_thumb2_rej_uniform_done +#else + BEQ.N L_kyber_thumb2_rej_uniform_done +#endif +L_kyber_thumb2_rej_uniform_fail_7: + SUBS r3, r3, #0xc +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BGT L_kyber_thumb2_rej_uniform_loop +#else + BGT.N L_kyber_thumb2_rej_uniform_loop +#endif +L_kyber_thumb2_rej_uniform_done: + LSR r0, r9, #1 + POP {r4, r5, r6, r7, r8, r9, r10, pc} + /* Cycle Count = 225 */ + .size kyber_thumb2_rej_uniform,.-kyber_thumb2_rej_uniform +#endif /* WOLFSSL_WC_KYBER */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ +#endif /* WOLFSSL_ARMASM */ + +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif +#endif /* !WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c new file mode 100644 index 0000000000..e42741d625 --- /dev/null +++ b/wolfcrypt/src/port/arm/thumb2-kyber-asm_c.c @@ -0,0 +1,3851 @@ +/* thumb2-kyber-asm + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./kyber/kyber.rb thumb2 ../wolfssl/wolfcrypt/src/port/arm/thumb2-kyber-asm.c + */ + +#ifdef HAVE_CONFIG_H + #include +#endif /* HAVE_CONFIG_H */ +#include +#include + +#ifdef WOLFSSL_ARMASM +#ifdef WOLFSSL_ARMASM_THUMB2 +#ifdef WOLFSSL_ARMASM_INLINE + +#ifdef __IAR_SYSTEMS_ICC__ +#define __asm__ asm +#define __volatile__ volatile +#define WOLFSSL_NO_VAR_ASSIGN_REG +#endif /* __IAR_SYSTEMS_ICC__ */ +#ifdef __KEIL__ +#define __asm__ __asm +#define __volatile__ volatile +#endif /* __KEIL__ */ +#include + +#ifdef WOLFSSL_WC_KYBER +XALIGNED(16) static const word16 L_kyber_thumb2_ntt_zetas[] = { + 0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca, + 0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc, + 0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f, + 0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de, + 0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9, + 0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd, + 0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a, + 0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806, + 0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069, + 0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675, + 0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f, + 0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6, + 0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180, + 0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686, + 0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de, + 0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c, +}; + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_ntt(sword16* r_p) +#else +void kyber_thumb2_ntt(sword16* r) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* r __asm__ ("r0") = (sword16*)r_p; + register word16* L_kyber_thumb2_ntt_zetas_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_ntt_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "SUB sp, sp, #0x8\n\t" + "MOV r1, %[L_kyber_thumb2_ntt_zetas]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV r2, #0x10\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_ntt_loop_123:\n\t" +#else + "L_kyber_thumb2_ntt_loop_123_%=:\n\t" +#endif + "STR r2, [sp]\n\t" + "LDRH lr, [r1, #2]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #64]\n\t" + "LDR r4, [%[r], #128]\n\t" + "LDR r5, [%[r], #192]\n\t" + "LDR r6, [%[r], #256]\n\t" + "LDR r7, [%[r], #320]\n\t" + "LDR r8, [%[r], #384]\n\t" + "LDR r9, [%[r], #448]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r6\n\t" + "SMULBT r6, lr, r6\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r11, r12, r11, r6\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r6, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r6, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r6, r6, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r6, r11, r6\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r6\n\t" + "SUB r6, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r6, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r11, r12, r11, r7\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r7, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r7, r7, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r7\n\t" + "SUB r7, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r7, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r8\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r4, r10\n\t" + "SADD16 r4, r4, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r4, r11\n\t" + "ADD r4, r4, r11\n\t" + "SUB r11, r4, r10, LSR #16\n\t" + "ADD r10, r4, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r9\n\t" + "SMULBT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r5, r10\n\t" + "SADD16 r5, r5, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r5, r11\n\t" + "ADD r5, r5, r11\n\t" + "SUB r11, r5, r10, LSR #16\n\t" + "ADD r10, r5, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #4]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r4\n\t" + "SMULBT r4, lr, r4\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r11, r12, r11, r4\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r4, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r4, r4, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r4, r11, r4\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r4\n\t" + "SUB r4, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r4, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r5\n\t" + "SMULBT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r8\n\t" + "SMULTT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r7, r10\n\t" + "SADD16 r7, r7, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r7, r11\n\t" + "ADD r7, r7, r11\n\t" + "SUB r11, r7, r10, LSR #16\n\t" + "ADD r10, r7, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #8]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r3\n\t" + "SMULBT r3, lr, r3\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r11, r12, r11, r3\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r3, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r3, r3, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r3, r11, r3\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r3\n\t" + "SUB r3, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r3, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r5\n\t" + "SMULTT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r4, r10\n\t" + "SADD16 r4, r4, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r4, r11\n\t" + "ADD r4, r4, r11\n\t" + "SUB r11, r4, r10, LSR #16\n\t" + "ADD r10, r4, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #12]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r11, r12, r11, r7\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r7, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r7, r7, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r7\n\t" + "SUB r7, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r7, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r8, r10\n\t" + "SADD16 r8, r8, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r8, r11\n\t" + "ADD r8, r8, r11\n\t" + "SUB r11, r8, r10, LSR #16\n\t" + "ADD r10, r8, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #64]\n\t" + "STR r4, [%[r], #128]\n\t" + "STR r5, [%[r], #192]\n\t" + "STR r6, [%[r], #256]\n\t" + "STR r7, [%[r], #320]\n\t" + "STR r8, [%[r], #384]\n\t" + "STR r9, [%[r], #448]\n\t" + "LDR r2, [sp]\n\t" + "SUBS r2, r2, #0x1\n\t" + "ADD %[r], %[r], #0x4\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_ntt_loop_123_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_ntt_loop_123\n\t" +#else + "BNE.N L_kyber_thumb2_ntt_loop_123_%=\n\t" +#endif + "SUB %[r], %[r], #0x40\n\t" + "MOV r3, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_ntt_loop_4_j:\n\t" +#else + "L_kyber_thumb2_ntt_loop_4_j_%=:\n\t" +#endif + "STR r3, [sp, #4]\n\t" + "ADD lr, r1, r3, LSR #4\n\t" + "MOV r2, #0x4\n\t" + "LDR lr, [lr, #16]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_ntt_loop_4_i:\n\t" +#else + "L_kyber_thumb2_ntt_loop_4_i_%=:\n\t" +#endif + "STR r2, [sp]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #16]\n\t" + "LDR r4, [%[r], #32]\n\t" + "LDR r5, [%[r], #48]\n\t" + "LDR r6, [%[r], #64]\n\t" + "LDR r7, [%[r], #80]\n\t" + "LDR r8, [%[r], #96]\n\t" + "LDR r9, [%[r], #112]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r4\n\t" + "SMULBT r4, lr, r4\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r11, r12, r11, r4\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r4, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r4, r4, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r4, r11, r4\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r4\n\t" + "SUB r4, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r4, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r5\n\t" + "SMULBT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r8\n\t" + "SMULTT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r7, r10\n\t" + "SADD16 r7, r7, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r7, r11\n\t" + "ADD r7, r7, r11\n\t" + "SUB r11, r7, r10, LSR #16\n\t" + "ADD r10, r7, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #16]\n\t" + "STR r4, [%[r], #32]\n\t" + "STR r5, [%[r], #48]\n\t" + "STR r6, [%[r], #64]\n\t" + "STR r7, [%[r], #80]\n\t" + "STR r8, [%[r], #96]\n\t" + "STR r9, [%[r], #112]\n\t" + "LDRD r2, r3, [sp]\n\t" + "SUBS r2, r2, #0x1\n\t" + "ADD %[r], %[r], #0x4\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_ntt_loop_4_i_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_ntt_loop_4_i\n\t" +#else + "BNE.N L_kyber_thumb2_ntt_loop_4_i_%=\n\t" +#endif + "ADD r3, r3, #0x40\n\t" + "RSBS r10, r3, #0x100\n\t" + "ADD %[r], %[r], #0x70\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_ntt_loop_4_j_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_ntt_loop_4_j\n\t" +#else + "BNE.N L_kyber_thumb2_ntt_loop_4_j_%=\n\t" +#endif + "SUB %[r], %[r], #0x200\n\t" + "MOV r3, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_ntt_loop_567:\n\t" +#else + "L_kyber_thumb2_ntt_loop_567_%=:\n\t" +#endif + "ADD lr, r1, r3, LSR #3\n\t" + "STR r3, [sp, #4]\n\t" + "LDRH lr, [lr, #32]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #4]\n\t" + "LDR r4, [%[r], #8]\n\t" + "LDR r5, [%[r], #12]\n\t" + "LDR r6, [%[r], #16]\n\t" + "LDR r7, [%[r], #20]\n\t" + "LDR r8, [%[r], #24]\n\t" + "LDR r9, [%[r], #28]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r6\n\t" + "SMULBT r6, lr, r6\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r11, r12, r11, r6\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r6, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r6, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r6, r6, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r6, r11, r6\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r6\n\t" + "SUB r6, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r6, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r11, r12, r11, r7\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r7, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r7, r7, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r7\n\t" + "SUB r7, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r7, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r8\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r4, r10\n\t" + "SADD16 r4, r4, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r4, r11\n\t" + "ADD r4, r4, r11\n\t" + "SUB r11, r4, r10, LSR #16\n\t" + "ADD r10, r4, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r9\n\t" + "SMULBT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r5, r10\n\t" + "SADD16 r5, r5, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r5, r11\n\t" + "ADD r5, r5, r11\n\t" + "SUB r11, r5, r10, LSR #16\n\t" + "ADD r10, r5, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #2\n\t" + "LDR lr, [lr, #64]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r4\n\t" + "SMULBT r4, lr, r4\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r11, r12, r11, r4\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r4, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r4, r4, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r4, r11, r4\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r4\n\t" + "SUB r4, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r4, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r5\n\t" + "SMULBT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r3, r10\n\t" + "SADD16 r3, r3, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r3, r11\n\t" + "ADD r3, r3, r11\n\t" + "SUB r11, r3, r10, LSR #16\n\t" + "ADD r10, r3, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r8\n\t" + "SMULTT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r11, r12, r11, r8\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r8, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r8, r8, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r8\n\t" + "SUB r8, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r8, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r7, r10\n\t" + "SADD16 r7, r7, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r7, r11\n\t" + "ADD r7, r7, r11\n\t" + "SUB r11, r7, r10, LSR #16\n\t" + "ADD r10, r7, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #1\n\t" + "LDR lr, [lr, #128]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r3\n\t" + "SMULBT r3, lr, r3\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r11, r12, r11, r3\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r3, r2, r10\n\t" + "SADD16 r2, r2, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r3, r3, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r3, r11, r3\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r3\n\t" + "SUB r3, r2, r11\n\t" + "ADD r2, r2, r11\n\t" + "SUB r11, r2, r10, LSR #16\n\t" + "ADD r10, r2, r10, LSR #16\n\t" + "BFI r3, r11, #0, #16\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r5\n\t" + "SMULTT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r11, r12, r11, r5\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r5, r4, r10\n\t" + "SADD16 r4, r4, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r5, r5, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r5\n\t" + "SUB r5, r4, r11\n\t" + "ADD r4, r4, r11\n\t" + "SUB r11, r4, r10, LSR #16\n\t" + "ADD r10, r4, r10, LSR #16\n\t" + "BFI r5, r11, #0, #16\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #1\n\t" + "LDR lr, [lr, #132]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r11, r12, r11, r7\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r7, r6, r10\n\t" + "SADD16 r6, r6, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r7, r7, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r7\n\t" + "SUB r7, r6, r11\n\t" + "ADD r6, r6, r11\n\t" + "SUB r11, r6, r10, LSR #16\n\t" + "ADD r10, r6, r10, LSR #16\n\t" + "BFI r7, r11, #0, #16\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTB r10, lr, r9\n\t" + "SMULTT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r11, r12, r11, r9\n\t" + "PKHTB r10, r11, r10, ASR #16\n\t" + "SSUB16 r9, r8, r10\n\t" + "SADD16 r8, r8, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r9, r9, #16\n\t" + "MUL r10, r11, r10\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r11, r12, r11, r9\n\t" + "SUB r9, r8, r11\n\t" + "ADD r8, r8, r11\n\t" + "SUB r11, r8, r10, LSR #16\n\t" + "ADD r10, r8, r10, LSR #16\n\t" + "BFI r9, r11, #0, #16\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV lr, #0xafc0\n\t" + "MOVT lr, #0x13\n\t" +#else + "MOV lr, #0x4ebf\n\t" + "MOV r12, #0xd01\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r2\n\t" + "SMULWT r11, lr, r2\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r2, r2, r10\n\t" +#else + "SBFX r10, r2, #0, #16\n\t" + "SBFX r11, r2, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r2, r11, LSL #16\n\t" + "SUB r2, r2, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r2, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r3\n\t" + "SMULWT r11, lr, r3\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r3, r3, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, r3, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r3, r11, LSL #16\n\t" + "SUB r3, r3, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r3, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r4\n\t" + "SMULWT r11, lr, r4\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r4, r4, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, r4, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r4, r11, LSL #16\n\t" + "SUB r4, r4, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r4, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r5\n\t" + "SMULWT r11, lr, r5\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r5, r5, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, r5, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r5, r11, LSL #16\n\t" + "SUB r5, r5, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r5, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r6\n\t" + "SMULWT r11, lr, r6\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r6, r6, r10\n\t" +#else + "SBFX r10, r6, #0, #16\n\t" + "SBFX r11, r6, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r6, r11, LSL #16\n\t" + "SUB r6, r6, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r6, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r7\n\t" + "SMULWT r11, lr, r7\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r7, r7, r10\n\t" +#else + "SBFX r10, r7, #0, #16\n\t" + "SBFX r11, r7, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r7, r11, LSL #16\n\t" + "SUB r7, r7, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r7, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r8\n\t" + "SMULWT r11, lr, r8\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r8, r8, r10\n\t" +#else + "SBFX r10, r8, #0, #16\n\t" + "SBFX r11, r8, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r8, r11, LSL #16\n\t" + "SUB r8, r8, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r8, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r9\n\t" + "SMULWT r11, lr, r9\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r9, r9, r10\n\t" +#else + "SBFX r10, r9, #0, #16\n\t" + "SBFX r11, r9, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r9, r11, LSL #16\n\t" + "SUB r9, r9, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r9, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #4]\n\t" + "STR r4, [%[r], #8]\n\t" + "STR r5, [%[r], #12]\n\t" + "STR r6, [%[r], #16]\n\t" + "STR r7, [%[r], #20]\n\t" + "STR r8, [%[r], #24]\n\t" + "STR r9, [%[r], #28]\n\t" + "LDR r3, [sp, #4]\n\t" + "ADD r3, r3, #0x10\n\t" + "RSBS r10, r3, #0x100\n\t" + "ADD %[r], %[r], #0x20\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_ntt_loop_567_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_ntt_loop_567\n\t" +#else + "BNE.N L_kyber_thumb2_ntt_loop_567_%=\n\t" +#endif + "ADD sp, sp, #0x8\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [r] "+r" (r), + [L_kyber_thumb2_ntt_zetas] "+r" (L_kyber_thumb2_ntt_zetas_c) + : + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [r] "+r" (r) + : [L_kyber_thumb2_ntt_zetas] "r" (L_kyber_thumb2_ntt_zetas) + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +XALIGNED(16) static const word16 L_kyber_thumb2_invntt_zetas_inv[] = { + 0x06a5, 0x070f, 0x05b4, 0x0943, 0x0922, 0x091d, 0x0134, 0x006c, + 0x0b23, 0x0366, 0x0356, 0x05e6, 0x09e7, 0x04fe, 0x05fa, 0x04a1, + 0x067b, 0x04a3, 0x0c25, 0x036a, 0x0537, 0x083f, 0x0088, 0x04bf, + 0x0b81, 0x05b9, 0x0505, 0x07d7, 0x0a9f, 0x0aa6, 0x08b8, 0x09d0, + 0x004b, 0x009c, 0x0bb8, 0x0b5f, 0x0ba4, 0x0368, 0x0a7d, 0x0636, + 0x08a2, 0x025a, 0x0736, 0x0309, 0x0093, 0x087a, 0x09f7, 0x00f6, + 0x068c, 0x06db, 0x01cc, 0x0123, 0x00eb, 0x0c50, 0x0ab6, 0x0b5b, + 0x0c98, 0x06f3, 0x099a, 0x04e3, 0x09b6, 0x0ad6, 0x0b53, 0x044f, + 0x04fb, 0x0a5c, 0x0429, 0x0b41, 0x02d5, 0x05e4, 0x0940, 0x018e, + 0x03b7, 0x00f7, 0x058d, 0x0c96, 0x09c3, 0x010f, 0x005a, 0x0355, + 0x0744, 0x0c83, 0x048a, 0x0652, 0x029a, 0x0140, 0x0008, 0x0afd, + 0x0608, 0x011a, 0x072e, 0x050d, 0x090a, 0x0228, 0x0a75, 0x083a, + 0x0623, 0x00cd, 0x0b66, 0x0606, 0x0aa1, 0x0a25, 0x0908, 0x02a9, + 0x0082, 0x0642, 0x074f, 0x033d, 0x0b82, 0x0bf9, 0x052d, 0x0ac4, + 0x0745, 0x05c2, 0x04b2, 0x093f, 0x0c4b, 0x06d8, 0x0a93, 0x00ab, + 0x0c37, 0x0be2, 0x0773, 0x072c, 0x05ed, 0x0167, 0x02f6, 0x05a1, +}; + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_invntt(sword16* r_p) +#else +void kyber_thumb2_invntt(sword16* r) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* r __asm__ ("r0") = (sword16*)r_p; + register word16* L_kyber_thumb2_invntt_zetas_inv_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_invntt_zetas_inv; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "SUB sp, sp, #0x8\n\t" + "MOV r1, %[L_kyber_thumb2_invntt_zetas_inv]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV r3, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_invntt_loop_765:\n\t" +#else + "L_kyber_thumb2_invntt_loop_765_%=:\n\t" +#endif + "ADD lr, r1, r3, LSR #1\n\t" + "STR r3, [sp, #4]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #4]\n\t" + "LDR r4, [%[r], #8]\n\t" + "LDR r5, [%[r], #12]\n\t" + "LDR r6, [%[r], #16]\n\t" + "LDR r7, [%[r], #20]\n\t" + "LDR r8, [%[r], #24]\n\t" + "LDR r9, [%[r], #28]\n\t" + "LDR lr, [lr]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r3\n\t" + "SADD16 r2, r2, r3\n\t" + "SMULBT r3, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r3, r12, r11, r3\n\t" + "PKHTB r3, r3, r10, ASR #16\n\t" +#else + "SUB r11, r2, r3\n\t" + "ADD r12, r2, r3\n\t" + "BFC r3, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r3\n\t" + "ADD r2, r2, r3\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r3, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r3, r12, r11, r3\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r4, r5\n\t" + "SADD16 r4, r4, r5\n\t" + "SMULTT r5, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r4, r5\n\t" + "ADD r12, r4, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r4, #0, #16\n\t" + "SUB r10, r4, r5\n\t" + "ADD r4, r4, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r4, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #1\n\t" + "LDR lr, [lr, #4]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r7\n\t" + "SADD16 r6, r6, r7\n\t" + "SMULBT r7, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SUB r11, r6, r7\n\t" + "ADD r12, r6, r7\n\t" + "BFC r7, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r7\n\t" + "ADD r6, r6, r7\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r7, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r8, r9\n\t" + "SADD16 r8, r8, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r8, r9\n\t" + "ADD r12, r8, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r8, #0, #16\n\t" + "SUB r10, r8, r9\n\t" + "ADD r8, r8, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r8, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #2\n\t" + "LDR lr, [lr, #128]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r4\n\t" + "SADD16 r2, r2, r4\n\t" + "SMULBT r4, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r4, r12, r11, r4\n\t" + "PKHTB r4, r4, r10, ASR #16\n\t" +#else + "SUB r11, r2, r4\n\t" + "ADD r12, r2, r4\n\t" + "BFC r4, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r4\n\t" + "ADD r2, r2, r4\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r4, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r4, r12, r11, r4\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r5\n\t" + "SADD16 r3, r3, r5\n\t" + "SMULBT r5, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r3, r5\n\t" + "ADD r12, r3, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r5\n\t" + "ADD r3, r3, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r8\n\t" + "SADD16 r6, r6, r8\n\t" + "SMULTT r8, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r6, r8\n\t" + "ADD r12, r6, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r8\n\t" + "ADD r6, r6, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r7, r9\n\t" + "SADD16 r7, r7, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r7, r9\n\t" + "ADD r12, r7, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r7, #0, #16\n\t" + "SUB r10, r7, r9\n\t" + "ADD r7, r7, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r7, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [sp, #4]\n\t" + "ADD lr, r1, lr, LSR #3\n\t" + "LDR lr, [lr, #192]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r6\n\t" + "SADD16 r2, r2, r6\n\t" + "SMULBT r6, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r6, r12, r11, r6\n\t" + "PKHTB r6, r6, r10, ASR #16\n\t" +#else + "SUB r11, r2, r6\n\t" + "ADD r12, r2, r6\n\t" + "BFC r6, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r6\n\t" + "ADD r2, r2, r6\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r6, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r6, r12, r11, r6\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r7\n\t" + "SADD16 r3, r3, r7\n\t" + "SMULBT r7, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SUB r11, r3, r7\n\t" + "ADD r12, r3, r7\n\t" + "BFC r7, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r7\n\t" + "ADD r3, r3, r7\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r7, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r4, r8\n\t" + "SADD16 r4, r4, r8\n\t" + "SMULBT r8, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r4, r8\n\t" + "ADD r12, r4, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r4, #0, #16\n\t" + "SUB r10, r4, r8\n\t" + "ADD r4, r4, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r4, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r5, r9\n\t" + "SADD16 r5, r5, r9\n\t" + "SMULBT r9, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r5, r9\n\t" + "ADD r12, r5, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r5, #0, #16\n\t" + "SUB r10, r5, r9\n\t" + "ADD r5, r5, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r5, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV lr, #0xafc0\n\t" + "MOVT lr, #0x13\n\t" +#else + "MOV lr, #0x4ebf\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r2\n\t" + "SMULWT r11, lr, r2\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r2, r2, r10\n\t" +#else + "SBFX r10, r2, #0, #16\n\t" + "SBFX r11, r2, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r2, r11, LSL #16\n\t" + "SUB r2, r2, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r2, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r3\n\t" + "SMULWT r11, lr, r3\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r3, r3, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, r3, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r3, r11, LSL #16\n\t" + "SUB r3, r3, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r3, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r4\n\t" + "SMULWT r11, lr, r4\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r4, r4, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, r4, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r4, r11, LSL #16\n\t" + "SUB r4, r4, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r4, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r5\n\t" + "SMULWT r11, lr, r5\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r5, r5, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, r5, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r5, r11, LSL #16\n\t" + "SUB r5, r5, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r5, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #4]\n\t" + "STR r4, [%[r], #8]\n\t" + "STR r5, [%[r], #12]\n\t" + "STR r6, [%[r], #16]\n\t" + "STR r7, [%[r], #20]\n\t" + "STR r8, [%[r], #24]\n\t" + "STR r9, [%[r], #28]\n\t" + "LDR r3, [sp, #4]\n\t" + "ADD r3, r3, #0x10\n\t" + "RSBS r10, r3, #0x100\n\t" + "ADD %[r], %[r], #0x20\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_invntt_loop_765_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_invntt_loop_765\n\t" +#else + "BNE.N L_kyber_thumb2_invntt_loop_765_%=\n\t" +#endif + "SUB %[r], %[r], #0x200\n\t" + "MOV r3, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_invntt_loop_4_j:\n\t" +#else + "L_kyber_thumb2_invntt_loop_4_j_%=:\n\t" +#endif + "STR r3, [sp, #4]\n\t" + "ADD lr, r1, r3, LSR #4\n\t" + "MOV r2, #0x4\n\t" + "LDR lr, [lr, #224]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_invntt_loop_4_i:\n\t" +#else + "L_kyber_thumb2_invntt_loop_4_i_%=:\n\t" +#endif + "STR r2, [sp]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #16]\n\t" + "LDR r4, [%[r], #32]\n\t" + "LDR r5, [%[r], #48]\n\t" + "LDR r6, [%[r], #64]\n\t" + "LDR r7, [%[r], #80]\n\t" + "LDR r8, [%[r], #96]\n\t" + "LDR r9, [%[r], #112]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r4\n\t" + "SADD16 r2, r2, r4\n\t" + "SMULBT r4, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r4, r12, r11, r4\n\t" + "PKHTB r4, r4, r10, ASR #16\n\t" +#else + "SUB r11, r2, r4\n\t" + "ADD r12, r2, r4\n\t" + "BFC r4, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r4\n\t" + "ADD r2, r2, r4\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r4, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r4, r12, r11, r4\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r5\n\t" + "SADD16 r3, r3, r5\n\t" + "SMULBT r5, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r3, r5\n\t" + "ADD r12, r3, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r5\n\t" + "ADD r3, r3, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r8\n\t" + "SADD16 r6, r6, r8\n\t" + "SMULTT r8, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r6, r8\n\t" + "ADD r12, r6, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r8\n\t" + "ADD r6, r6, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r7, r9\n\t" + "SADD16 r7, r7, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r7, r9\n\t" + "ADD r12, r7, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r7, #0, #16\n\t" + "SUB r10, r7, r9\n\t" + "ADD r7, r7, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r7, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #16]\n\t" + "STR r4, [%[r], #32]\n\t" + "STR r5, [%[r], #48]\n\t" + "STR r6, [%[r], #64]\n\t" + "STR r7, [%[r], #80]\n\t" + "STR r8, [%[r], #96]\n\t" + "STR r9, [%[r], #112]\n\t" + "LDRD r2, r3, [sp]\n\t" + "SUBS r2, r2, #0x1\n\t" + "ADD %[r], %[r], #0x4\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_invntt_loop_4_i_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_invntt_loop_4_i\n\t" +#else + "BNE.N L_kyber_thumb2_invntt_loop_4_i_%=\n\t" +#endif + "ADD r3, r3, #0x40\n\t" + "RSBS r10, r3, #0x100\n\t" + "ADD %[r], %[r], #0x70\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_invntt_loop_4_j_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_invntt_loop_4_j\n\t" +#else + "BNE.N L_kyber_thumb2_invntt_loop_4_j_%=\n\t" +#endif + "SUB %[r], %[r], #0x200\n\t" + "MOV r2, #0x10\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_invntt_loop_321:\n\t" +#else + "L_kyber_thumb2_invntt_loop_321_%=:\n\t" +#endif + "STR r2, [sp]\n\t" + "LDRH lr, [r1, #2]\n\t" + "LDR r2, [%[r]]\n\t" + "LDR r3, [%[r], #64]\n\t" + "LDR r4, [%[r], #128]\n\t" + "LDR r5, [%[r], #192]\n\t" + "LDR r6, [%[r], #256]\n\t" + "LDR r7, [%[r], #320]\n\t" + "LDR r8, [%[r], #384]\n\t" + "LDR r9, [%[r], #448]\n\t" + "LDR lr, [r1, #240]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r3\n\t" + "SADD16 r2, r2, r3\n\t" + "SMULBT r3, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r3, r12, r11, r3\n\t" + "PKHTB r3, r3, r10, ASR #16\n\t" +#else + "SUB r11, r2, r3\n\t" + "ADD r12, r2, r3\n\t" + "BFC r3, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r3\n\t" + "ADD r2, r2, r3\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r3, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r3, r12, r11, r3\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r4, r5\n\t" + "SADD16 r4, r4, r5\n\t" + "SMULTT r5, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r4, r5\n\t" + "ADD r12, r4, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r4, #0, #16\n\t" + "SUB r10, r4, r5\n\t" + "ADD r4, r4, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r4, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #244]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r7\n\t" + "SADD16 r6, r6, r7\n\t" + "SMULBT r7, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SUB r11, r6, r7\n\t" + "ADD r12, r6, r7\n\t" + "BFC r7, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r7\n\t" + "ADD r6, r6, r7\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r7, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r8, r9\n\t" + "SADD16 r8, r8, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r8, r9\n\t" + "ADD r12, r8, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r8, #0, #16\n\t" + "SUB r10, r8, r9\n\t" + "ADD r8, r8, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r8, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #248]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r4\n\t" + "SADD16 r2, r2, r4\n\t" + "SMULBT r4, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r4, r12, r11, r4\n\t" + "PKHTB r4, r4, r10, ASR #16\n\t" +#else + "SUB r11, r2, r4\n\t" + "ADD r12, r2, r4\n\t" + "BFC r4, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r4\n\t" + "ADD r2, r2, r4\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r4, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r4, r12, r11, r4\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r5\n\t" + "SADD16 r3, r3, r5\n\t" + "SMULBT r5, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SUB r11, r3, r5\n\t" + "ADD r12, r3, r5\n\t" + "BFC r5, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r5\n\t" + "ADD r3, r3, r5\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r5, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r6, r8\n\t" + "SADD16 r6, r6, r8\n\t" + "SMULTT r8, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r6, r8\n\t" + "ADD r12, r6, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r6, #0, #16\n\t" + "SUB r10, r6, r8\n\t" + "ADD r6, r6, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r6, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r7, r9\n\t" + "SADD16 r7, r7, r9\n\t" + "SMULTT r9, lr, r10\n\t" + "SMULTB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r7, r9\n\t" + "ADD r12, r7, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r7, #0, #16\n\t" + "SUB r10, r7, r9\n\t" + "ADD r7, r7, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r7, r12, #0, #16\n\t" + "SBFX r11, lr, #16, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV lr, #0xafc0\n\t" + "MOVT lr, #0x13\n\t" +#else + "MOV lr, #0x4ebf\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r2\n\t" + "SMULWT r11, lr, r2\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r2, r2, r10\n\t" +#else + "SBFX r10, r2, #0, #16\n\t" + "SBFX r11, r2, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r2, r11, LSL #16\n\t" + "SUB r2, r2, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r2, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r3\n\t" + "SMULWT r11, lr, r3\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r3, r3, r10\n\t" +#else + "SBFX r10, r3, #0, #16\n\t" + "SBFX r11, r3, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r3, r11, LSL #16\n\t" + "SUB r3, r3, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r3, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r4\n\t" + "SMULWT r11, lr, r4\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r4, r4, r10\n\t" +#else + "SBFX r10, r4, #0, #16\n\t" + "SBFX r11, r4, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r4, r11, LSL #16\n\t" + "SUB r4, r4, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r4, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULWB r10, lr, r5\n\t" + "SMULWT r11, lr, r5\n\t" + "SMULBT r10, r12, r10\n\t" + "SMULBT r11, r12, r11\n\t" + "PKHBT r10, r10, r11, LSL #16\n\t" + "SSUB16 r5, r5, r10\n\t" +#else + "SBFX r10, r5, #0, #16\n\t" + "SBFX r11, r5, #16, #16\n\t" + "MUL r10, lr, r10\n\t" + "MUL r11, lr, r11\n\t" + "ASR r10, r10, #26\n\t" + "ASR r11, r11, #26\n\t" + "MUL r10, r12, r10\n\t" + "MUL r11, r12, r11\n\t" + "SUB r11, r5, r11, LSL #16\n\t" + "SUB r5, r5, r10\n\t" + "LSR r11, r11, #16\n\t" + "BFI r5, r11, #16, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #252]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r2, r6\n\t" + "SADD16 r2, r2, r6\n\t" + "SMULBT r6, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r6, r12, r11, r6\n\t" + "PKHTB r6, r6, r10, ASR #16\n\t" +#else + "SUB r11, r2, r6\n\t" + "ADD r12, r2, r6\n\t" + "BFC r6, #0, #16\n\t" + "BFC r2, #0, #16\n\t" + "SUB r10, r2, r6\n\t" + "ADD r2, r2, r6\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r2, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r6, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r6, r12, r11, r6\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r3, r7\n\t" + "SADD16 r3, r3, r7\n\t" + "SMULBT r7, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SUB r11, r3, r7\n\t" + "ADD r12, r3, r7\n\t" + "BFC r7, #0, #16\n\t" + "BFC r3, #0, #16\n\t" + "SUB r10, r3, r7\n\t" + "ADD r3, r3, r7\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r3, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r7, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r4, r8\n\t" + "SADD16 r4, r4, r8\n\t" + "SMULBT r8, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SUB r11, r4, r8\n\t" + "ADD r12, r4, r8\n\t" + "BFC r8, #0, #16\n\t" + "BFC r4, #0, #16\n\t" + "SUB r10, r4, r8\n\t" + "ADD r4, r4, r8\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r4, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r8, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r10, r5, r9\n\t" + "SADD16 r5, r5, r9\n\t" + "SMULBT r9, lr, r10\n\t" + "SMULBB r10, lr, r10\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SUB r11, r5, r9\n\t" + "ADD r12, r5, r9\n\t" + "BFC r9, #0, #16\n\t" + "BFC r5, #0, #16\n\t" + "SUB r10, r5, r9\n\t" + "ADD r5, r5, r9\n\t" + "BFI r10, r11, #0, #16\n\t" + "BFI r5, r12, #0, #16\n\t" + "SBFX r11, lr, #0, #16\n\t" + "ASR r12, r10, #16\n\t" + "MUL r9, r11, r12\n\t" + "SBFX r10, r10, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "LDR lr, [r1, #254]\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r2\n\t" + "SMULBT r2, lr, r2\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r2\n\t" + "SMLABB r2, r12, r11, r2\n\t" + "PKHTB r2, r2, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r2, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r2, r2, #16, #16\n\t" + "MUL r2, r11, r2\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r2, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r2, r12, r11, r2\n\t" + "BFI r2, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r3\n\t" + "SMULBT r3, lr, r3\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r3\n\t" + "SMLABB r3, r12, r11, r3\n\t" + "PKHTB r3, r3, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r3, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r3, r3, #16, #16\n\t" + "MUL r3, r11, r3\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r3, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r3, r12, r11, r3\n\t" + "BFI r3, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r4\n\t" + "SMULBT r4, lr, r4\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r4\n\t" + "SMLABB r4, r12, r11, r4\n\t" + "PKHTB r4, r4, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r4, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r4, r4, #16, #16\n\t" + "MUL r4, r11, r4\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r4, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r4, r12, r11, r4\n\t" + "BFI r4, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r5\n\t" + "SMULBT r5, lr, r5\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r5\n\t" + "SMLABB r5, r12, r11, r5\n\t" + "PKHTB r5, r5, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r5, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r5, r5, #16, #16\n\t" + "MUL r5, r11, r5\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r5, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r5, r12, r11, r5\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r6\n\t" + "SMULBT r6, lr, r6\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r6\n\t" + "SMLABB r6, r12, r11, r6\n\t" + "PKHTB r6, r6, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r6, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r6, r6, #16, #16\n\t" + "MUL r6, r11, r6\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r6, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r6, r12, r11, r6\n\t" + "BFI r6, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r7\n\t" + "SMULBT r7, lr, r7\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r7\n\t" + "SMLABB r7, r12, r11, r7\n\t" + "PKHTB r7, r7, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r7, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r7, r7, #16, #16\n\t" + "MUL r7, r11, r7\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r7, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r7, r12, r11, r7\n\t" + "BFI r7, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r8\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r8\n\t" + "SMLABB r8, r12, r11, r8\n\t" + "PKHTB r8, r8, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r8, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r8, r8, #16, #16\n\t" + "MUL r8, r11, r8\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r8, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r8, r12, r11, r8\n\t" + "BFI r8, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULBB r10, lr, r9\n\t" + "SMULBT r9, lr, r9\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULTB r11, r12, r9\n\t" + "SMLABB r9, r12, r11, r9\n\t" + "PKHTB r9, r9, r10, ASR #16\n\t" +#else + "SBFX r11, lr, #0, #16\n\t" + "SBFX r10, r9, #0, #16\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r9, r9, #16, #16\n\t" + "MUL r9, r11, r9\n\t" + "MOV r12, #0xcff\n\t" + "MUL r11, r12, r10\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r10, r12, r11, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r11, r9, #0, #16\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r11, r11, #0, #16\n\t" + "LSR r10, r10, #16\n\t" + "MLA r9, r12, r11, r9\n\t" + "BFI r9, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STR r2, [%[r]]\n\t" + "STR r3, [%[r], #64]\n\t" + "STR r4, [%[r], #128]\n\t" + "STR r5, [%[r], #192]\n\t" + "STR r6, [%[r], #256]\n\t" + "STR r7, [%[r], #320]\n\t" + "STR r8, [%[r], #384]\n\t" + "STR r9, [%[r], #448]\n\t" + "LDR r2, [sp]\n\t" + "SUBS r2, r2, #0x1\n\t" + "ADD %[r], %[r], #0x4\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_invntt_loop_321_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_invntt_loop_321\n\t" +#else + "BNE.N L_kyber_thumb2_invntt_loop_321_%=\n\t" +#endif + "ADD sp, sp, #0x8\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [r] "+r" (r), + [L_kyber_thumb2_invntt_zetas_inv] "+r" (L_kyber_thumb2_invntt_zetas_inv_c) + : + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [r] "+r" (r) + : [L_kyber_thumb2_invntt_zetas_inv] "r" (L_kyber_thumb2_invntt_zetas_inv) + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +XALIGNED(16) static const word16 L_kyber_thumb2_basemul_mont_zetas[] = { + 0x08ed, 0x0a0b, 0x0b9a, 0x0714, 0x05d5, 0x058e, 0x011f, 0x00ca, + 0x0c56, 0x026e, 0x0629, 0x00b6, 0x03c2, 0x084f, 0x073f, 0x05bc, + 0x023d, 0x07d4, 0x0108, 0x017f, 0x09c4, 0x05b2, 0x06bf, 0x0c7f, + 0x0a58, 0x03f9, 0x02dc, 0x0260, 0x06fb, 0x019b, 0x0c34, 0x06de, + 0x04c7, 0x028c, 0x0ad9, 0x03f7, 0x07f4, 0x05d3, 0x0be7, 0x06f9, + 0x0204, 0x0cf9, 0x0bc1, 0x0a67, 0x06af, 0x0877, 0x007e, 0x05bd, + 0x09ac, 0x0ca7, 0x0bf2, 0x033e, 0x006b, 0x0774, 0x0c0a, 0x094a, + 0x0b73, 0x03c1, 0x071d, 0x0a2c, 0x01c0, 0x08d8, 0x02a5, 0x0806, + 0x08b2, 0x01ae, 0x022b, 0x034b, 0x081e, 0x0367, 0x060e, 0x0069, + 0x01a6, 0x024b, 0x00b1, 0x0c16, 0x0bde, 0x0b35, 0x0626, 0x0675, + 0x0c0b, 0x030a, 0x0487, 0x0c6e, 0x09f8, 0x05cb, 0x0aa7, 0x045f, + 0x06cb, 0x0284, 0x0999, 0x015d, 0x01a2, 0x0149, 0x0c65, 0x0cb6, + 0x0331, 0x0449, 0x025b, 0x0262, 0x052a, 0x07fc, 0x0748, 0x0180, + 0x0842, 0x0c79, 0x04c2, 0x07ca, 0x0997, 0x00dc, 0x085e, 0x0686, + 0x0860, 0x0707, 0x0803, 0x031a, 0x071b, 0x09ab, 0x099b, 0x01de, + 0x0c95, 0x0bcd, 0x03e4, 0x03df, 0x03be, 0x074d, 0x05f2, 0x065c, +}; + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_basemul_mont(sword16* r_p, const sword16* a_p, const sword16* b_p) +#else +void kyber_thumb2_basemul_mont(sword16* r, const sword16* a, const sword16* b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* r __asm__ ("r0") = (sword16*)r_p; + register const sword16* a __asm__ ("r1") = (const sword16*)a_p; + register const sword16* b __asm__ ("r2") = (const sword16*)b_p; + register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (word16*)&L_kyber_thumb2_basemul_mont_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "MOV r3, %[L_kyber_thumb2_basemul_mont_zetas]\n\t" + "ADD r3, r3, #0x80\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV r8, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_basemul_mont_loop:\n\t" +#else + "L_kyber_thumb2_basemul_mont_loop_%=:\n\t" +#endif + "LDM %[a]!, {r4, r5}\n\t" + "LDM %[b]!, {r6, r7}\n\t" + "LDR lr, [r3, r8]\n\t" + "ADD r8, r8, #0x2\n\t" + "PUSH {r8}\n\t" + "CMP r8, #0x80\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTT r8, r4, r6\n\t" + "SMULTT r10, r5, r7\n\t" + "SMULTB r9, r12, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r8, r12, r9, r8\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "RSB r11, lr, #0x0\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULBT r10, r11, r10\n\t" + "SMLABB r8, r4, r6, r8\n\t" + "SMLABB r10, r5, r7, r10\n\t" + "SMULTB r9, r12, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r8, r12, r9, r8\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULBT r9, r4, r6\n\t" + "SMULBT r11, r5, r7\n\t" + "SMLATB r9, r4, r6, r9\n\t" + "SMLATB r11, r5, r7, r11\n\t" + "SMULTB r6, r12, r9\n\t" + "SMULTB r7, r12, r11\n\t" + "SMLABB r9, r12, r6, r9\n\t" + "SMLABB r11, r12, r7, r11\n\t" + "PKHTB r4, r9, r8, ASR #16\n\t" + "PKHTB r5, r11, r10, ASR #16\n\t" +#else + "ASR r8, r4, #16\n\t" + "ASR r10, r5, #16\n\t" + "ASR r9, r6, #16\n\t" + "ASR r11, r7, #16\n\t" + "MUL r8, r8, r9\n\t" + "MUL r10, r10, r11\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r9, r8, #0, #16\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r9, r12, r8\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r9, r9, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r8, r12, r9, r8\n\t" + "MLA r10, r12, r11, r10\n\t" + "RSB r11, lr, #0x0\n\t" + "SBFX r9, lr, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "ASR r8, r8, #16\n\t" + "ASR r10, r10, #16\n\t" + "MUL r8, r9, r8\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r9, r4, #0, #16\n\t" + "SBFX r11, r5, #0, #16\n\t" + "SBFX r12, r6, #0, #16\n\t" + "MLA r8, r9, r12, r8\n\t" + "SBFX r12, r7, #0, #16\n\t" + "MLA r10, r11, r12, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r9, r8, #0, #16\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r9, r12, r9\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r9, r9, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r8, r12, r9, r8\n\t" + "MLA r10, r12, r11, r10\n\t" + "SBFX r9, r4, #0, #16\n\t" + "SBFX r11, r5, #0, #16\n\t" + "ASR r12, r6, #16\n\t" + "MUL r9, r9, r12\n\t" + "ASR r12, r7, #16\n\t" + "MUL r11, r11, r12\n\t" + "ASR r4, r4, #16\n\t" + "ASR r5, r5, #16\n\t" + "SBFX r12, r6, #0, #16\n\t" + "MLA r9, r4, r12, r9\n\t" + "SBFX r12, r7, #0, #16\n\t" + "MLA r11, r5, r12, r11\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r6, r9, #0, #16\n\t" + "SBFX r7, r11, #0, #16\n\t" + "MUL r6, r12, r6\n\t" + "MUL r7, r12, r7\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r4, r6, #0, #16\n\t" + "SBFX r5, r7, #0, #16\n\t" + "MLA r9, r12, r4, r9\n\t" + "MLA r11, r12, r5, r11\n\t" + "BFC r9, #0, #16\n\t" + "BFC r11, #0, #16\n\t" + "ORR r4, r9, r8, LSR #16\n\t" + "ORR r5, r11, r10, LSR #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STM %[r]!, {r4, r5}\n\t" + "POP {r8}\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_basemul_mont_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_basemul_mont_loop\n\t" +#else + "BNE.N L_kyber_thumb2_basemul_mont_loop_%=\n\t" +#endif +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c) + : + : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas) + : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_basemul_mont_add(sword16* r_p, const sword16* a_p, const sword16* b_p) +#else +void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a, const sword16* b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* r __asm__ ("r0") = (sword16*)r_p; + register const sword16* a __asm__ ("r1") = (const sword16*)a_p; + register const sword16* b __asm__ ("r2") = (const sword16*)b_p; + register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r3") = (word16*)&L_kyber_thumb2_basemul_mont_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "MOV r3, %[L_kyber_thumb2_basemul_mont_zetas]\n\t" + "ADD r3, r3, #0x80\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOV r12, #0xd01\n\t" + "MOVT r12, #0xcff\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV r8, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_basemul_mont_add_loop:\n\t" +#else + "L_kyber_thumb2_basemul_mont_add_loop_%=:\n\t" +#endif + "LDM %[a]!, {r4, r5}\n\t" + "LDM %[b]!, {r6, r7}\n\t" + "LDR lr, [r3, r8]\n\t" + "ADD r8, r8, #0x2\n\t" + "PUSH {r8}\n\t" + "CMP r8, #0x80\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SMULTT r8, r4, r6\n\t" + "SMULTT r10, r5, r7\n\t" + "SMULTB r9, r12, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r8, r12, r9, r8\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "RSB r11, lr, #0x0\n\t" + "SMULBT r8, lr, r8\n\t" + "SMULBT r10, r11, r10\n\t" + "SMLABB r8, r4, r6, r8\n\t" + "SMLABB r10, r5, r7, r10\n\t" + "SMULTB r9, r12, r8\n\t" + "SMULTB r11, r12, r10\n\t" + "SMLABB r8, r12, r9, r8\n\t" + "SMLABB r10, r12, r11, r10\n\t" + "SMULBT r9, r4, r6\n\t" + "SMULBT r11, r5, r7\n\t" + "SMLATB r9, r4, r6, r9\n\t" + "SMLATB r11, r5, r7, r11\n\t" + "SMULTB r6, r12, r9\n\t" + "SMULTB r7, r12, r11\n\t" + "SMLABB r9, r12, r6, r9\n\t" + "SMLABB r11, r12, r7, r11\n\t" + "LDM %[r], {r4, r5}\n\t" + "PKHTB r9, r9, r8, ASR #16\n\t" + "PKHTB r11, r11, r10, ASR #16\n\t" + "SADD16 r4, r4, r9\n\t" + "SADD16 r5, r5, r11\n\t" +#else + "ASR r8, r4, #16\n\t" + "ASR r10, r5, #16\n\t" + "ASR r9, r6, #16\n\t" + "ASR r11, r7, #16\n\t" + "MUL r8, r8, r9\n\t" + "MUL r10, r10, r11\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r9, r8, #0, #16\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r9, r12, r8\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r9, r9, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r8, r12, r9, r8\n\t" + "MLA r10, r12, r11, r10\n\t" + "RSB r11, lr, #0x0\n\t" + "SBFX r9, lr, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "ASR r8, r8, #16\n\t" + "ASR r10, r10, #16\n\t" + "MUL r8, r9, r8\n\t" + "MUL r10, r11, r10\n\t" + "SBFX r9, r4, #0, #16\n\t" + "SBFX r11, r5, #0, #16\n\t" + "SBFX r12, r6, #0, #16\n\t" + "MLA r8, r9, r12, r8\n\t" + "SBFX r12, r7, #0, #16\n\t" + "MLA r10, r11, r12, r10\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r9, r8, #0, #16\n\t" + "SBFX r11, r10, #0, #16\n\t" + "MUL r9, r12, r9\n\t" + "MUL r11, r12, r11\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r9, r9, #0, #16\n\t" + "SBFX r11, r11, #0, #16\n\t" + "MLA r8, r12, r9, r8\n\t" + "MLA r10, r12, r11, r10\n\t" + "SBFX r9, r4, #0, #16\n\t" + "SBFX r11, r5, #0, #16\n\t" + "ASR r12, r6, #16\n\t" + "MUL r9, r9, r12\n\t" + "ASR r12, r7, #16\n\t" + "MUL r11, r11, r12\n\t" + "ASR r4, r4, #16\n\t" + "ASR r5, r5, #16\n\t" + "SBFX r12, r6, #0, #16\n\t" + "MLA r9, r4, r12, r9\n\t" + "SBFX r12, r7, #0, #16\n\t" + "MLA r11, r5, r12, r11\n\t" + "MOV r12, #0xcff\n\t" + "SBFX r6, r9, #0, #16\n\t" + "SBFX r7, r11, #0, #16\n\t" + "MUL r6, r12, r6\n\t" + "MUL r7, r12, r7\n\t" + "MOV r12, #0xd01\n\t" + "SBFX r4, r6, #0, #16\n\t" + "SBFX r5, r7, #0, #16\n\t" + "MLA r9, r12, r4, r9\n\t" + "MLA r11, r12, r5, r11\n\t" + "LDM %[r], {r4, r5}\n\t" + "BFC r9, #0, #16\n\t" + "BFC r11, #0, #16\n\t" + "ORR r9, r9, r8, LSR #16\n\t" + "ORR r11, r11, r10, LSR #16\n\t" + "ADD r8, r4, r9\n\t" + "ADD r10, r5, r11\n\t" + "BFC r9, #0, #16\n\t" + "BFC r11, #0, #16\n\t" + "ADD r4, r4, r9\n\t" + "ADD r5, r5, r11\n\t" + "BFI r4, r8, #0, #16\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STM %[r]!, {r4, r5}\n\t" + "POP {r8}\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_basemul_mont_add_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_basemul_mont_add_loop\n\t" +#else + "BNE.N L_kyber_thumb2_basemul_mont_add_loop_%=\n\t" +#endif +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), + [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c) + : + : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas) + : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void kyber_thumb2_csubq(sword16* p_p) +#else +void kyber_thumb2_csubq(sword16* p) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* p __asm__ ("r0") = (sword16*)p_p; + register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r1") = (word16*)&L_kyber_thumb2_basemul_mont_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "MOV r11, #0xd01\n\t" + "MOV r12, #0xd01\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "MOVT r12, #0xd01\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "MOV lr, #0x8000\n\t" + "MOVT lr, #0x8000\n\t" + "MOV r1, #0x100\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_csubq_loop:\n\t" +#else + "L_kyber_thumb2_csubq_loop_%=:\n\t" +#endif + "LDM %[p], {r2, r3, r4, r5}\n\t" +#ifndef WOLFSSL_ARM_ARCH_7M + "SSUB16 r2, r2, r12\n\t" + "SSUB16 r3, r3, r12\n\t" + "SSUB16 r4, r4, r12\n\t" + "SSUB16 r5, r5, r12\n\t" + "AND r6, r2, lr\n\t" + "AND r7, r3, lr\n\t" + "AND r8, r4, lr\n\t" + "AND r9, r5, lr\n\t" + "LSR r6, r6, #15\n\t" + "LSR r7, r7, #15\n\t" + "LSR r8, r8, #15\n\t" + "LSR r9, r9, #15\n\t" + "MUL r6, r6, r11\n\t" + "MUL r7, r7, r11\n\t" + "MUL r8, r8, r11\n\t" + "MUL r9, r9, r11\n\t" + "SADD16 r2, r2, r6\n\t" + "SADD16 r3, r3, r7\n\t" + "SADD16 r4, r4, r8\n\t" + "SADD16 r5, r5, r9\n\t" +#else + "SUB r6, r2, r12\n\t" + "SUB r2, r2, r12, LSL #16\n\t" + "BFI r2, r6, #0, #16\n\t" + "SUB r7, r3, r12\n\t" + "SUB r3, r3, r12, LSL #16\n\t" + "BFI r3, r7, #0, #16\n\t" + "SUB r8, r4, r12\n\t" + "SUB r4, r4, r12, LSL #16\n\t" + "BFI r4, r8, #0, #16\n\t" + "SUB r9, r5, r12\n\t" + "SUB r5, r5, r12, LSL #16\n\t" + "BFI r5, r9, #0, #16\n\t" + "AND r6, r2, lr\n\t" + "AND r7, r3, lr\n\t" + "AND r8, r4, lr\n\t" + "AND r9, r5, lr\n\t" + "LSR r6, r6, #15\n\t" + "LSR r7, r7, #15\n\t" + "LSR r8, r8, #15\n\t" + "LSR r9, r9, #15\n\t" + "MUL r6, r6, r11\n\t" + "MUL r7, r7, r11\n\t" + "MUL r8, r8, r11\n\t" + "MUL r9, r9, r11\n\t" + "ADD r10, r2, r6\n\t" + "BFC r6, #0, #16\n\t" + "ADD r2, r2, r6\n\t" + "BFI r2, r10, #0, #16\n\t" + "ADD r10, r3, r7\n\t" + "BFC r7, #0, #16\n\t" + "ADD r3, r3, r7\n\t" + "BFI r3, r10, #0, #16\n\t" + "ADD r10, r4, r8\n\t" + "BFC r8, #0, #16\n\t" + "ADD r4, r4, r8\n\t" + "BFI r4, r10, #0, #16\n\t" + "ADD r10, r5, r9\n\t" + "BFC r9, #0, #16\n\t" + "ADD r5, r5, r9\n\t" + "BFI r5, r10, #0, #16\n\t" +#endif /* !WOLFSSL_ARM_ARCH_7M */ + "STM %[p]!, {r2, r3, r4, r5}\n\t" + "SUBS r1, r1, #0x8\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_csubq_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_csubq_loop\n\t" +#else + "BNE.N L_kyber_thumb2_csubq_loop_%=\n\t" +#endif +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [p] "+r" (p), + [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c) + : + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#else + : [p] "+r" (p) + : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas) + : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); +} + +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +unsigned int kyber_thumb2_rej_uniform(sword16* p_p, unsigned int len_p, const byte* r_p, unsigned int rLen_p) +#else +unsigned int kyber_thumb2_rej_uniform(sword16* p, unsigned int len, const byte* r, unsigned int rLen) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register sword16* p __asm__ ("r0") = (sword16*)p_p; + register unsigned int len __asm__ ("r1") = (unsigned int)len_p; + register const byte* r __asm__ ("r2") = (const byte*)r_p; + register unsigned int rLen __asm__ ("r3") = (unsigned int)rLen_p; + register word16* L_kyber_thumb2_basemul_mont_zetas_c __asm__ ("r4") = (word16*)&L_kyber_thumb2_basemul_mont_zetas; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "MOV r8, #0xd01\n\t" + "MOV r9, #0x0\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_loop_no_fail:\n\t" +#else + "L_kyber_thumb2_rej_uniform_loop_no_fail_%=:\n\t" +#endif + "CMP %[len], #0x8\n\t" +#if defined(__GNUC__) + "BLT L_kyber_thumb2_rej_uniform_done_no_fail_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_kyber_thumb2_rej_uniform_done_no_fail\n\t" +#else + "BLT.N L_kyber_thumb2_rej_uniform_done_no_fail_%=\n\t" +#endif + "LDM %[r]!, {r4, r5, r6}\n\t" + "UBFX r7, r4, #0, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r4, #12, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r4, #24, #8\n\t" + "BFI r7, r5, #8, #4\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r5, #4, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r5, #16, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r5, #28, #4\n\t" + "BFI r7, r6, #4, #8\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r6, #8, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "UBFX r7, r6, #20, #12\n\t" + "STRH r7, [%[p], r9]\n\t" + "SUB r10, r7, r8\n\t" + "LSR r10, r10, #31\n\t" + "SUB %[len], %[len], r10\n\t" + "ADD r9, r9, r10, LSL #1\n\t" + "SUBS %[rLen], %[rLen], #0xc\n\t" +#if defined(__GNUC__) + "BNE L_kyber_thumb2_rej_uniform_loop_no_fail_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_kyber_thumb2_rej_uniform_loop_no_fail\n\t" +#else + "BNE.N L_kyber_thumb2_rej_uniform_loop_no_fail_%=\n\t" +#endif +#if defined(__GNUC__) + "B L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "B.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_done_no_fail:\n\t" +#else + "L_kyber_thumb2_rej_uniform_done_no_fail_%=:\n\t" +#endif + "CMP %[len], #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_loop:\n\t" +#else + "L_kyber_thumb2_rej_uniform_loop_%=:\n\t" +#endif + "LDM %[r]!, {r4, r5, r6}\n\t" + "UBFX r7, r4, #0, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_0_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_0\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_0_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_0:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_0_%=:\n\t" +#endif + "UBFX r7, r4, #12, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_1\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_1_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_1:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_1_%=:\n\t" +#endif + "UBFX r7, r4, #24, #8\n\t" + "BFI r7, r5, #8, #4\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_2\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_2_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_2:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_2_%=:\n\t" +#endif + "UBFX r7, r5, #4, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_3\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_3_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_3:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_3_%=:\n\t" +#endif + "UBFX r7, r5, #16, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_4\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_4_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_4:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_4_%=:\n\t" +#endif + "UBFX r7, r5, #28, #4\n\t" + "BFI r7, r6, #4, #8\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_5\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_5_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_5:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_5_%=:\n\t" +#endif + "UBFX r7, r6, #8, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_6\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_6_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_6:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_6_%=:\n\t" +#endif + "UBFX r7, r6, #20, #12\n\t" + "CMP r7, r8\n\t" +#if defined(__GNUC__) + "BGE L_kyber_thumb2_rej_uniform_fail_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_kyber_thumb2_rej_uniform_fail_7\n\t" +#else + "BGE.N L_kyber_thumb2_rej_uniform_fail_7_%=\n\t" +#endif + "STRH r7, [%[p], r9]\n\t" + "SUBS %[len], %[len], #0x1\n\t" + "ADD r9, r9, #0x2\n\t" +#if defined(__GNUC__) + "BEQ L_kyber_thumb2_rej_uniform_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_kyber_thumb2_rej_uniform_done\n\t" +#else + "BEQ.N L_kyber_thumb2_rej_uniform_done_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_fail_7:\n\t" +#else + "L_kyber_thumb2_rej_uniform_fail_7_%=:\n\t" +#endif + "SUBS %[rLen], %[rLen], #0xc\n\t" +#if defined(__GNUC__) + "BGT L_kyber_thumb2_rej_uniform_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_kyber_thumb2_rej_uniform_loop\n\t" +#else + "BGT.N L_kyber_thumb2_rej_uniform_loop_%=\n\t" +#endif + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_kyber_thumb2_rej_uniform_done:\n\t" +#else + "L_kyber_thumb2_rej_uniform_done_%=:\n\t" +#endif + "LSR r0, r9, #1\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen), + [L_kyber_thumb2_basemul_mont_zetas] "+r" (L_kyber_thumb2_basemul_mont_zetas_c) + : + : "memory", "r5", "r6", "r7", "r8", "r9", "r10", "cc" +#else + : [p] "+r" (p), [len] "+r" (len), [r] "+r" (r), [rLen] "+r" (rLen) + : [L_kyber_thumb2_basemul_mont_zetas] "r" (L_kyber_thumb2_basemul_mont_zetas) + : "memory", "r5", "r6", "r7", "r8", "r9", "r10", "cc" +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ + ); + return (uint32_t)(size_t)p; +} + +#endif /* WOLFSSL_WC_KYBER */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ +#endif /* WOLFSSL_ARMASM */ +#endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S index b727e8164e..42dc8f0611 100644 --- a/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -67,17 +67,17 @@ L_poly1305_thumb2_16_loop: ADCS r7, r7, r10 ADD r1, r1, #0x10 ADC r8, r8, r11 -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M STM lr, {r4, r5, r6, r7, r8} #else /* h[0]-h[2] in r4-r6 for multiplication. */ STR r7, [lr, #12] STR r8, [lr, #16] -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ STR r1, [sp, #16] LDR r1, [sp, #12] /* Multiply h by r */ -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */ LDR r3, [r1] EOR r0, r0, r0 @@ -218,7 +218,7 @@ L_poly1305_thumb2_16_loop: UMAAL r11, r12, r3, r5 /* DONE */ LDM sp, {r4, r5, r6} -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* r12 will be zero because r is masked. */ /* Load length */ LDR r2, [sp, #20] @@ -360,7 +360,7 @@ poly1305_final: /* Cycle Count = 82 */ .size poly1305_final,.-poly1305_final #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c index 437141ab06..7cc94428fa 100644 --- a/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -93,17 +93,17 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int not "ADCS r7, r7, r10\n\t" "ADD %[m], %[m], #0x10\n\t" "ADC r8, r8, r11\n\t" -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M "STM lr, {r4, r5, r6, r7, r8}\n\t" #else /* h[0]-h[2] in r4-r6 for multiplication. */ "STR r7, [lr, #12]\n\t" "STR r8, [lr, #16]\n\t" -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ "STR %[m], [sp, #16]\n\t" "LDR %[m], [sp, #12]\n\t" /* Multiply h by r */ -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* r0 = #0, r1 = r, lr = h, r2 = h[j], r3 = r[i] */ "LDR %[notLast], [%[m]]\n\t" "EOR %[ctx], %[ctx], %[ctx]\n\t" @@ -244,7 +244,7 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int not "UMAAL r11, r12, %[notLast], r5\n\t" /* DONE */ "LDM sp, {r4, r5, r6}\n\t" -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* r12 will be zero because r is masked. */ /* Load length */ "LDR %[len], [sp, #20]\n\t" @@ -294,7 +294,7 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const byte* m, word32 len, int not ); } -XALIGNED(16) static const uint32_t L_poly1305_thumb2_clamp[] = { +XALIGNED(16) static const word32 L_poly1305_thumb2_clamp[] = { 0x0fffffff, 0x0ffffffc, 0x0ffffffc, 0x0ffffffc, }; @@ -307,7 +307,7 @@ void poly1305_set_key(Poly1305* ctx, const byte* key) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register Poly1305* ctx __asm__ ("r0") = (Poly1305*)ctx_p; register const byte* key __asm__ ("r1") = (const byte*)key_p; - register uint32_t* L_poly1305_thumb2_clamp_c __asm__ ("r2") = (uint32_t*)&L_poly1305_thumb2_clamp; + register word32* L_poly1305_thumb2_clamp_c __asm__ ("r2") = (word32*)&L_poly1305_thumb2_clamp; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -417,6 +417,6 @@ void poly1305_final(Poly1305* ctx, byte* mac) } #endif /* HAVE_POLY1305 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-poly1305.c b/wolfcrypt/src/port/arm/thumb2-poly1305.c index 0091a3283b..2b262c560e 100644 --- a/wolfcrypt/src/port/arm/thumb2-poly1305.c +++ b/wolfcrypt/src/port/arm/thumb2-poly1305.c @@ -27,7 +27,7 @@ #include #ifdef WOLFSSL_ARMASM -#ifdef __thumb__ +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef HAVE_POLY1305 #include @@ -138,5 +138,5 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) } #endif /* HAVE_POLY1305 */ -#endif /* __aarch64__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S index 4809afbc7d..d004d6b672 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -1481,7 +1481,7 @@ L_SHA256_transform_len_start: .size Transform_Sha256_Len,.-Transform_Sha256_Len #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c index 903b58e3d0..0b7642ee67 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -47,7 +47,7 @@ #include #ifdef WOLFSSL_ARMASM_NO_NEON -XALIGNED(16) static const uint32_t L_SHA256_transform_len_k[] = { +XALIGNED(16) static const word32 L_SHA256_transform_len_k[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, @@ -77,7 +77,7 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) register wc_Sha256* sha256 __asm__ ("r0") = (wc_Sha256*)sha256_p; register const byte* data __asm__ ("r1") = (const byte*)data_p; register word32 len __asm__ ("r2") = (word32)len_p; - register uint32_t* L_SHA256_transform_len_k_c __asm__ ("r3") = (uint32_t*)&L_SHA256_transform_len_k; + register word32* L_SHA256_transform_len_k_c __asm__ ("r3") = (word32*)&L_SHA256_transform_len_k; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1475,6 +1475,6 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S index de12f723c0..a04b5adb8d 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -1167,7 +1167,7 @@ L_sha3_thumb2_begin: /* Cycle Count = 1505 */ .size BlockSha3,.-BlockSha3 #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c index a22b9acc56..03b564fe7b 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -44,7 +44,7 @@ #define __volatile__ volatile #endif /* __KEIL__ */ #ifdef WOLFSSL_SHA3 -static const uint64_t L_sha3_thumb2_rt[] = { +static const word64 L_sha3_thumb2_rt[] = { 0x0000000000000001UL, 0x0000000000008082UL, 0x800000000000808aUL, 0x8000000080008000UL, 0x000000000000808bUL, 0x0000000080000001UL, @@ -69,7 +69,7 @@ void BlockSha3(word64* state) { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register word64* state __asm__ ("r0") = (word64*)state_p; - register uint64_t* L_sha3_thumb2_rt_c __asm__ ("r1") = (uint64_t*)&L_sha3_thumb2_rt; + register word64* L_sha3_thumb2_rt_c __asm__ ("r1") = (word64*)&L_sha3_thumb2_rt; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -1163,6 +1163,6 @@ void BlockSha3(word64* state) } #endif /* WOLFSSL_SHA3 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S index 9170e9457f..b3c355411e 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S @@ -30,7 +30,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifndef WOLFSSL_ARMASM_INLINE .thumb .syntax unified @@ -3668,7 +3668,7 @@ L_SHA512_transform_len_start: .size Transform_Sha512_Len,.-Transform_Sha512_Len #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #if defined(__linux__) && defined(__ELF__) diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c index bd998025ad..6a223b19a9 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c @@ -31,7 +31,7 @@ #include #ifdef WOLFSSL_ARMASM -#if !defined(__aarch64__) && defined(__thumb__) +#ifdef WOLFSSL_ARMASM_THUMB2 #ifdef WOLFSSL_ARMASM_INLINE #ifdef __IAR_SYSTEMS_ICC__ @@ -47,7 +47,7 @@ #include #ifdef WOLFSSL_ARMASM_NO_NEON -static const uint64_t L_SHA512_transform_len_k[] = { +static const word64 L_SHA512_transform_len_k[] = { 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, @@ -101,7 +101,7 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) register wc_Sha512* sha512 __asm__ ("r0") = (wc_Sha512*)sha512_p; register const byte* data __asm__ ("r1") = (const byte*)data_p; register word32 len __asm__ ("r2") = (word32)len_p; - register uint64_t* L_SHA512_transform_len_k_c __asm__ ("r3") = (uint64_t*)&L_SHA512_transform_len_k; + register word64* L_SHA512_transform_len_k_c __asm__ ("r3") = (word64*)&L_SHA512_transform_len_k; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( @@ -3590,6 +3590,6 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* WOLFSSL_SHA512 */ -#endif /* !__aarch64__ && __thumb__ */ +#endif /* WOLFSSL_ARMASM_THUMB2 */ #endif /* WOLFSSL_ARMASM */ #endif /* WOLFSSL_ARMASM_INLINE */ diff --git a/wolfcrypt/src/port/caam/caam_aes.c b/wolfcrypt/src/port/caam/caam_aes.c index b744c12447..20c4068ab2 100644 --- a/wolfcrypt/src/port/caam/caam_aes.c +++ b/wolfcrypt/src/port/caam/caam_aes.c @@ -93,7 +93,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, return ret; } -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c index ba12d2583b..e2f7d6c444 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c @@ -125,7 +125,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, aes->keylen = keylen; aes->rounds = keylen/4 + 6; -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif aes->ctx.cfd = -1; diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c index 6dc324df0e..b43ef6c90f 100644 --- a/wolfcrypt/src/port/maxim/max3266x.c +++ b/wolfcrypt/src/port/maxim/max3266x.c @@ -789,35 +789,35 @@ WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha); + return wc_MXC_TPU_SHA_Init(&(sha->mxcCtx)); } WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha, data, len); + return wc_MXC_TPU_SHA_Update(&(sha->mxcCtx), data, len); } WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha, hash, + return wc_MXC_TPU_SHA_Final(&(sha->mxcCtx), hash, MXC_TPU_HASH_SHA1); } WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha->mxcCtx), hash, MXC_TPU_HASH_SHA1); } WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_ShaFree(wc_Sha* sha) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha); + wc_MXC_TPU_SHA_Free(&(sha->mxcCtx)); return; } @@ -832,7 +832,7 @@ WOLFSSL_API int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha224); + return wc_MXC_TPU_SHA_Init(&(sha224->mxcCtx)); } WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224) @@ -843,29 +843,29 @@ WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224) WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha224, data, len); + return wc_MXC_TPU_SHA_Update(&(sha224->mxcCtx), data, len); } WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha224, hash, + return wc_MXC_TPU_SHA_Final(&(sha224->mxcCtx), hash, MXC_TPU_HASH_SHA224); } WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha224, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha224->mxcCtx), hash, MXC_TPU_HASH_SHA224); } WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha224); + wc_MXC_TPU_SHA_Free(&(sha224->mxcCtx)); return; } @@ -880,7 +880,7 @@ WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha256); + return wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx)); } WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256) @@ -891,29 +891,29 @@ WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256) WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha256, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha256, data, len); + return wc_MXC_TPU_SHA_Update(&(sha256->mxcCtx), data, len); } WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha256, hash, + return wc_MXC_TPU_SHA_Final(&(sha256->mxcCtx), hash, MXC_TPU_HASH_SHA256); } WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha256, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha256->mxcCtx), hash, MXC_TPU_HASH_SHA256); } WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha256); + wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx)); return; } @@ -928,7 +928,7 @@ WOLFSSL_API int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha384); + return wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx)); } WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384) @@ -939,29 +939,29 @@ WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384) WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha384, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha384, data, len); + return wc_MXC_TPU_SHA_Update(&(sha384->mxcCtx), data, len); } WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha384, hash, + return wc_MXC_TPU_SHA_Final(&(sha384->mxcCtx), hash, MXC_TPU_HASH_SHA384); } WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha384, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha384->mxcCtx), hash, MXC_TPU_HASH_SHA384); } WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha384) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha384); + wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx)); return; } @@ -976,7 +976,7 @@ WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) } (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init((wc_MXC_Sha *)sha512); + return wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)); } WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512) @@ -987,29 +987,29 @@ WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512) WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha512, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(sha512, data, len); + return wc_MXC_TPU_SHA_Update(&(sha512->mxcCtx), data, len); } WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final((wc_MXC_Sha *)sha512, hash, + return wc_MXC_TPU_SHA_Final(&(sha512->mxcCtx), hash, MXC_TPU_HASH_SHA512); } WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash((wc_MXC_Sha *)sha512, hash, + return wc_MXC_TPU_SHA_GetHash(&(sha512->mxcCtx), hash, MXC_TPU_HASH_SHA512); } WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) { - return wc_MXC_TPU_SHA_Copy((wc_MXC_Sha *)src, (wc_MXC_Sha *)dst); + return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); } WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha512) { - wc_MXC_TPU_SHA_Free((wc_MXC_Sha *)sha512); + wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx)); return; } diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c index 292c854d18..3ca35419c2 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-aes.c +++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c @@ -498,8 +498,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, if (ret == 0) { /* Finish setting the AES object. */ aes->keylen = keyLen; -#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif } @@ -1770,8 +1770,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, if (ret == 0) { /* Finish setting the AES object. */ aes->keylen = keyLen; -#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif } @@ -2978,8 +2978,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, if (ret == 0) { /* Initialize fields. */ - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif aes->keylen = (int)keyLen; diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c index 8dcd10abce..ed5515ef71 100644 --- a/wolfcrypt/src/port/ti/ti-aes.c +++ b/wolfcrypt/src/port/ti/ti-aes.c @@ -99,7 +99,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) aes->rounds = len / 4 + 6; XMEMCPY(aes->key, key, len); -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return AesSetIV(aes, iv); diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 278e2d72c3..0eda13375c 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1702,7 +1702,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, if (ret != 0) { #if defined(DEBUG_WOLFSSL) - WOLFSSL_MSG_EX("_InitRng failed. err = ", ret); + WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret); #endif } else { diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 1cb01bb476..9e34599caf 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -154,9 +154,43 @@ static void wc_RsaCleanup(RsaKey* key) #endif } +#ifndef WC_NO_CONSTRUCTORS +RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) +{ + int ret; + RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_InitRsaKey_ex(key, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_RSA); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} + +int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) +{ + if (key == NULL) + return BAD_FUNC_ARG; + wc_FreeRsaKey(key); + XFREE(key, key->heap, DYNAMIC_TYPE_RSA); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) { - int ret = 0; + int ret = 0; if (key == NULL) { return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index 1a3596a61a..c40afbd909 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -820,10 +820,10 @@ static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) ret = wolfAsync_DevCtxInit(&sha3->asyncDev, WOLFSSL_ASYNC_MARKER_SHA3, sha3->heap, devId); -#elif defined(WOLF_CRYPTO_CB) +#endif +#if defined(WOLF_CRYPTO_CB) sha3->devId = devId; -#endif /* WOLFSSL_ASYNC_CRYPT */ - +#endif (void)devId; return ret; diff --git a/wolfcrypt/src/siphash.c b/wolfcrypt/src/siphash.c index 54c02f6a58..d455c663ec 100644 --- a/wolfcrypt/src/siphash.c +++ b/wolfcrypt/src/siphash.c @@ -69,14 +69,14 @@ * @param [in] a Little-endian byte array. * @return 64-bit number. */ -#define GET_U64(a) (*(word64*)(a)) +#define GET_U64(a) readUnalignedWord64(a) /** * Decode little-endian byte array to 32-bit number. * * @param [in] a Little-endian byte array. * @return 32-bit number. */ -#define GET_U32(a) (*(word32*)(a)) +#define GET_U32(a) readUnalignedWord32(a) /** * Decode little-endian byte array to 16-bit number. * @@ -90,7 +90,7 @@ * @param [out] a Byte array to write into. * @param [in] n Number to encode. */ -#define SET_U64(a, n) ((*(word64*)(a)) = (n)) +#define SET_U64(a, n) writeUnalignedWord64(a, n) #else /** * Decode little-endian byte array to 64-bit number. @@ -112,7 +112,7 @@ * @param [in] a Little-endian byte array. * @return 32-bit number. */ -#define GET_U32(a) (((word64)((a)[3]) << 24) | \ +#define GET_U32(a) (((word32)((a)[3]) << 24) | \ ((word32)((a)[2]) << 16) | \ ((word32)((a)[1]) << 8) | \ ((word32)((a)[0]) )) diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index c8ecf47ece..87e9c426a3 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -2231,7 +2231,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -2584,7 +2585,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "add sp, sp, #36\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -2610,7 +2612,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "strd %[r], %[a], [sp, #36]\n\t" #endif "mov lr, %[b]\n\t" - "ldm %[a], {%[r], %[a], %[b], r3}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[r], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -2655,7 +2657,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, r3, r7\n\t" - "ldm %[r], {%[r], %[a], %[b], r3}\n\t" + "ldm %[r], {r0, r1, r2, r3}\n\t" "str r6, [sp, #32]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -2715,7 +2717,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "add sp, sp, #44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); } @@ -2751,7 +2754,7 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -2798,7 +2801,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -2848,7 +2851,7 @@ static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -2988,7 +2991,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -3066,7 +3069,7 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -3266,7 +3269,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -3400,7 +3403,7 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -4680,7 +4683,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -4923,7 +4927,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -4941,7 +4946,7 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) __asm__ __volatile__ ( "sub sp, sp, #32\n\t" "str %[r], [sp, #28]\n\t" - "ldm %[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t" + "ldm %[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "umull r9, r10, %[r], %[r]\n\t" "umull r11, r12, %[r], %[a]\n\t" "adds r11, r11, r11\n\t" @@ -5028,18 +5033,19 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) /* R[15] = r7 */ "ldr lr, [sp, #28]\n\t" "add lr, lr, #28\n\t" - "stm lr!, {%[r], r12}\n\t" + "stm lr!, {r0, r12}\n\t" "stm lr!, {r11}\n\t" "stm lr!, {r10}\n\t" "stm lr!, {r3, r4, r8, r9}\n\t" "stm lr!, {r7}\n\t" "sub lr, lr, #0x40\n\t" - "ldm sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" - "stm lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" + "ldm sp, {r0, r1, r2, r3, r4, r5, r6}\n\t" + "stm lr, {r0, r1, r2, r3, r4, r5, r6}\n\t" "add sp, sp, #32\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -5074,7 +5080,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -5159,7 +5165,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -5272,7 +5278,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -5347,7 +5353,8 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -5383,7 +5390,8 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -5585,7 +5593,8 @@ static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_2048_mul_64_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -5742,7 +5751,8 @@ static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_2048_sqr_64_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -5798,7 +5808,8 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -5834,7 +5845,8 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -6036,7 +6048,8 @@ static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_2048_mul_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -6193,7 +6206,8 @@ static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_2048_sqr_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -6314,7 +6328,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #256]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -8379,7 +8393,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r4, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -8408,7 +8422,8 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -8434,7 +8449,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -8448,7 +8463,8 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -8572,7 +8588,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -9553,7 +9569,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -9848,7 +9865,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -10053,7 +10071,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -10183,7 +10202,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -11224,7 +11243,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -11283,7 +11302,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -11421,7 +11440,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -11820,7 +11839,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -12229,7 +12248,8 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -12255,7 +12275,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -12269,7 +12289,8 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -12505,7 +12526,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -14414,7 +14435,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -14965,7 +14987,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -15330,7 +15353,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -15398,7 +15422,8 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -15532,7 +15557,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -15592,7 +15617,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -15730,7 +15755,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -16585,7 +16610,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -17116,7 +17141,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -17142,7 +17168,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -17156,7 +17182,8 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -17280,7 +17307,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -17994,7 +18021,7 @@ static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r6, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -23899,7 +23926,8 @@ static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -23941,7 +23969,7 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -24002,7 +24030,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -24066,7 +24094,7 @@ static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -24238,7 +24266,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -24344,7 +24372,7 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -24600,7 +24628,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -24790,7 +24818,7 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -27922,7 +27950,8 @@ static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -27963,7 +27992,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -28062,7 +28091,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -28203,7 +28232,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -28278,7 +28307,8 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -28314,7 +28344,8 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -28516,7 +28547,8 @@ static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_3072_mul_96_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -28673,7 +28705,8 @@ static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_3072_sqr_96_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -28729,7 +28762,8 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -28765,7 +28799,8 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -28967,7 +29002,8 @@ static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_3072_mul_48_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -29124,7 +29160,8 @@ static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_3072_sqr_48_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -29245,7 +29282,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #384]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -32334,7 +32371,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -32363,7 +32400,8 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -32389,7 +32427,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -32403,7 +32441,8 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -32583,7 +32622,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -34028,7 +34067,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -34451,7 +34491,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -34736,7 +34777,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -34866,7 +34908,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #192]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -36419,7 +36461,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -36478,7 +36520,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -36616,7 +36658,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -37191,7 +37233,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -37600,7 +37642,8 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -37626,7 +37669,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -37640,7 +37683,8 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -37988,7 +38032,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -40825,7 +40869,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -41632,7 +41677,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -42157,7 +42203,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -42225,7 +42272,8 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -42415,7 +42463,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -42475,7 +42523,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -42613,7 +42661,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -43826,7 +43874,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -44357,7 +44405,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -44383,7 +44432,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -44397,7 +44446,8 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -44577,7 +44627,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -45483,7 +45533,7 @@ static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r4, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -46134,7 +46184,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -46145,7 +46195,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -46380,7 +46431,7 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -46468,7 +46519,8 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -46494,7 +46546,8 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -46530,7 +46583,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -46732,7 +46786,8 @@ static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "bgt L_sp_4096_mul_128_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -46889,7 +46944,8 @@ static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_4096_sqr_128_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -47008,7 +47064,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #512]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -51121,7 +51177,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -51151,7 +51207,8 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -51177,7 +51234,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -51191,7 +51248,8 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -51651,7 +51709,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -55416,7 +55474,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -56479,7 +56538,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -57164,7 +57224,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -57207,7 +57268,8 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -57232,7 +57294,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -57244,7 +57307,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -57478,7 +57542,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -57538,7 +57602,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -57676,7 +57740,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -59241,7 +59305,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -59772,7 +59836,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -59798,7 +59863,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -59812,7 +59877,8 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -60048,7 +60114,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -61146,7 +61212,7 @@ static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r5, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -61627,7 +61693,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "bgt L_sp_256_mul_8_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -63623,7 +63690,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -63976,7 +64044,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "add sp, sp, #36\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -64002,7 +64071,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "strd %[r], %[a], [sp, #36]\n\t" #endif "mov lr, %[b]\n\t" - "ldm %[a], {%[r], %[a], %[b], r3}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[r], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -64047,7 +64116,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, r3, r7\n\t" - "ldm %[r], {%[r], %[a], %[b], r3}\n\t" + "ldm %[r], {r0, r1, r2, r3}\n\t" "str r6, [sp, #32]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -64107,7 +64176,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "add sp, sp, #44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); } @@ -64267,7 +64337,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_256_sqr_8_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -65478,7 +65549,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -65721,7 +65793,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -65739,7 +65812,7 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) __asm__ __volatile__ ( "sub sp, sp, #32\n\t" "str %[r], [sp, #28]\n\t" - "ldm %[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t" + "ldm %[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "umull r9, r10, %[r], %[r]\n\t" "umull r11, r12, %[r], %[a]\n\t" "adds r11, r11, r11\n\t" @@ -65826,18 +65899,19 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) /* R[15] = r7 */ "ldr lr, [sp, #28]\n\t" "add lr, lr, #28\n\t" - "stm lr!, {%[r], r12}\n\t" + "stm lr!, {r0, r12}\n\t" "stm lr!, {r11}\n\t" "stm lr!, {r10}\n\t" "stm lr!, {r3, r4, r8, r9}\n\t" "stm lr!, {r7}\n\t" "sub lr, lr, #0x40\n\t" - "ldm sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" - "stm lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" + "ldm sp, {r0, r1, r2, r3, r4, r5, r6}\n\t" + "stm lr, {r0, r1, r2, r3, r4, r5, r6}\n\t" "add sp, sp, #32\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -65876,7 +65950,8 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -65913,7 +65988,7 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -65925,7 +66000,8 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* * a The number to convert. * m The modulus (prime). */ -static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -66149,7 +66225,8 @@ static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_di "add sp, sp, #24\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr", "r10" ); (void)m_p; return (uint32_t)(size_t)r; @@ -66360,7 +66437,8 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm) * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p, sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -68464,7 +68542,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r12" ); (void)m_p; (void)mp_p; @@ -68480,7 +68559,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p, sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -68941,7 +69021,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -68957,7 +69038,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p, sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -68972,7 +69054,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "strd %[r], %[a], [sp, #68]\n\t" #endif "mov lr, %[b]\n\t" - "ldm %[a], {%[r], %[a], %[b], r3}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[r], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -69017,7 +69099,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, r3, r7\n\t" - "ldm %[r], {%[r], %[a], %[b], r3}\n\t" + "ldm %[r], {r0, r1, r2, r3}\n\t" "str r6, [sp, #64]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -69196,7 +69278,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x4c\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); (void)m_p; (void)mp_p; @@ -69211,7 +69294,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -70394,7 +70478,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", "r10", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", + "r10", "lr" ); (void)m_p; (void)mp_p; @@ -70408,7 +70493,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -70760,7 +70846,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -70774,7 +70861,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -70782,7 +70870,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" "str %[r], [sp, #64]\n\t" - "ldm %[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t" + "ldm %[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "umull r9, r10, %[r], %[r]\n\t" "umull r11, r12, %[r], %[a]\n\t" "adds r11, r11, r11\n\t" @@ -70869,7 +70957,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co /* R[15] = r7 */ "mov lr, sp\n\t" "add lr, lr, #28\n\t" - "stm lr!, {%[r], r12}\n\t" + "stm lr!, {r0, r12}\n\t" "stm lr!, {r11}\n\t" "stm lr!, {r10}\n\t" "stm lr!, {r3, r4, r8, r9}\n\t" @@ -71000,7 +71088,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -71028,7 +71117,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -71232,7 +71321,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -71252,7 +71341,8 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -71278,7 +71368,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -71292,7 +71382,8 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -71332,7 +71423,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -71620,7 +71711,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -71723,7 +71815,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -71808,7 +71901,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -71959,7 +72053,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "add sp, sp, #0x44\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -71972,7 +72067,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -72244,7 +72340,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -72256,7 +72353,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -72347,7 +72445,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -72359,7 +72458,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -72432,7 +72532,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -72486,7 +72587,8 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -72530,7 +72632,8 @@ static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; } @@ -72580,7 +72683,8 @@ static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2" ); (void)m_p; } @@ -72662,7 +72766,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3", "r12" ); (void)m_p; } @@ -72674,7 +72779,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -72716,7 +72822,8 @@ static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; } @@ -72793,7 +72900,8 @@ static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r], {r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3" ); } @@ -76318,7 +76426,7 @@ static void sp_256_add_one_8(sp_digit* a_p) "stm %[a]!, {r1, r2, r3, r4}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -76722,7 +76830,8 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -76756,7 +76865,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -76856,7 +76965,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #32]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -77129,7 +77238,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -77188,7 +77297,7 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -77326,7 +77435,7 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -77431,7 +77540,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -78010,7 +78119,8 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -78046,7 +78156,7 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -78126,7 +78236,8 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr", "r10" ); } @@ -78212,12 +78323,13 @@ static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) -static const unsigned char L_sp_256_num_bits_8_table[] = { +static const byte L_sp_256_num_bits_8_table[] = { 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, @@ -78255,7 +78367,8 @@ static const unsigned char L_sp_256_num_bits_8_table[] = { static int sp_256_num_bits_8(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = (unsigned char*)&L_sp_256_num_bits_8_table; + register byte* L_sp_256_num_bits_8_table_c asm ("r1") = + (byte*)&L_sp_256_num_bits_8_table; __asm__ __volatile__ ( "mov lr, %[L_sp_256_num_bits_8_table]\n\t" @@ -78567,9 +78680,10 @@ static int sp_256_num_bits_8(const sp_digit* a_p) "\n" "L_sp_256_num_bits_8_9_%=: \n\t" "mov %[a], r12\n\t" - : [a] "+r" (a), [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c) + : [a] "+r" (a), + [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c) : - : "memory", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -78658,7 +78772,7 @@ static int sp_256_num_bits_8(const sp_digit* a_p) "mov %[a], r12\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -79931,7 +80045,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "bgt L_sp_384_mul_12_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -85428,7 +85543,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -85587,7 +85703,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_384_sqr_12_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -88650,7 +88767,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -88688,7 +88806,8 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -88732,7 +88851,7 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -89043,7 +89162,8 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -89069,7 +89189,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -89083,7 +89203,8 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_ * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -89137,7 +89258,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -89540,7 +89661,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -89675,7 +89797,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -89780,7 +89903,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -89837,7 +89961,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -90101,7 +90225,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -90159,7 +90283,8 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90242,7 +90367,8 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -90285,7 +90411,7 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -90300,7 +90426,8 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90326,7 +90453,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -90340,7 +90467,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90394,7 +90522,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -90407,7 +90535,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90477,7 +90606,7 @@ static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p) "str r4, [%[r], #44]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -94081,7 +94210,7 @@ static void sp_384_add_one_12(sp_digit* a_p) "stm %[a]!, {r1, r2, r3, r4}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -94485,7 +94614,8 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -94526,7 +94656,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -94626,7 +94756,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #48]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -95027,7 +95157,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -95086,7 +95216,7 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -95224,7 +95354,7 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -95333,13 +95463,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -95952,12 +96082,13 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "str r10, [%[r], #44]\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) -static const unsigned char L_sp_384_num_bits_12_table[] = { +static const byte L_sp_384_num_bits_12_table[] = { 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, @@ -95995,7 +96126,8 @@ static const unsigned char L_sp_384_num_bits_12_table[] = { static int sp_384_num_bits_12(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = (unsigned char*)&L_sp_384_num_bits_12_table; + register byte* L_sp_384_num_bits_12_table_c asm ("r1") = + (byte*)&L_sp_384_num_bits_12_table; __asm__ __volatile__ ( "mov lr, %[L_sp_384_num_bits_12_table]\n\t" @@ -96559,9 +96691,10 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "\n" "L_sp_384_num_bits_12_13_%=: \n\t" "mov %[a], r12\n\t" - : [a] "+r" (a), [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c) + : [a] "+r" (a), + [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c) : - : "memory", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -96710,7 +96843,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "mov %[a], r12\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -98032,7 +98165,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "bgt L_sp_521_mul_17_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -109048,7 +109182,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -109210,7 +109345,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_521_sqr_17_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -115082,7 +115218,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -115126,7 +115263,8 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], r4, #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -115181,7 +115319,7 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -115409,7 +115547,8 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -115435,7 +115574,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_ "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -115449,7 +115588,8 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_ * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -115522,7 +115662,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_ "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -115650,7 +115790,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p "stm %[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -115663,7 +115804,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -116279,7 +116421,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -116291,7 +116434,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -116537,7 +116681,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -116549,7 +116694,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -116750,7 +116896,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -116807,7 +116954,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -117123,7 +117270,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -117181,7 +117328,8 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -117256,7 +117404,8 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); (void)m_p; } @@ -117332,7 +117481,8 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3" ); (void)m_p; } @@ -117428,7 +117578,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3" ); (void)m_p; } @@ -117440,7 +117591,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -117516,7 +117668,8 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); (void)m_p; } @@ -117595,7 +117748,7 @@ static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p) "str r3, [%[r], #64]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -121830,7 +121983,7 @@ static void sp_521_add_one_17(sp_digit* a_p) "stm %[a]!, {r1}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -122304,7 +122457,7 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) #endif : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122424,7 +122577,7 @@ static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r5, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122642,7 +122795,7 @@ static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r6, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122681,7 +122834,8 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], %[a], %[a]\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -122733,7 +122887,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -122833,7 +122987,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #68]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -123394,7 +123548,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -123453,7 +123607,7 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -123591,7 +123745,7 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -123707,14 +123861,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -124281,7 +124435,8 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -124335,7 +124490,7 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -124481,12 +124636,13 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "str r9, [%[r], #64]\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) -static const unsigned char L_sp_521_num_bits_17_table[] = { +static const byte L_sp_521_num_bits_17_table[] = { 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, @@ -124524,7 +124680,8 @@ static const unsigned char L_sp_521_num_bits_17_table[] = { static int sp_521_num_bits_17(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = (unsigned char*)&L_sp_521_num_bits_17_table; + register byte* L_sp_521_num_bits_17_table_c asm ("r1") = + (byte*)&L_sp_521_num_bits_17_table; __asm__ __volatile__ ( "mov lr, %[L_sp_521_num_bits_17_table]\n\t" @@ -125403,9 +125560,10 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "\n" "L_sp_521_num_bits_17_18_%=: \n\t" "mov %[a], r12\n\t" - : [a] "+r" (a), [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c) + : [a] "+r" (a), + [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c) : - : "memory", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -125629,7 +125787,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "mov %[a], r12\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -126506,7 +126664,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 @@ -136390,7 +136548,8 @@ static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -141622,7 +141781,8 @@ static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -141671,7 +141831,7 @@ static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -141746,7 +141906,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -141824,7 +141984,7 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -141942,7 +142102,7 @@ static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -142179,7 +142339,8 @@ static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_1024_mul_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -142336,7 +142497,8 @@ static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_1024_sqr_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -142456,7 +142618,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -142471,7 +142634,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -142497,7 +142661,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -142511,7 +142675,8 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -142635,7 +142800,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -142674,7 +142839,8 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -142774,7 +142940,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -143815,7 +143981,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -143874,7 +144040,7 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -144012,7 +144178,7 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -144441,7 +144607,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -145755,7 +145921,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -146055,7 +146222,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -146265,7 +146433,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -146415,7 +146584,8 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -146577,7 +146747,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -146587,7 +146758,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * a Number to double in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -146732,7 +146904,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc" + : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", + "r12" ); } @@ -146742,7 +146915,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * a Number to triple in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147042,7 +147216,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc" + : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", + "r12" ); } @@ -147053,7 +147228,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147209,7 +147385,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -147222,7 +147399,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147248,7 +147426,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -147262,7 +147440,8 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147386,7 +147565,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -147526,7 +147705,7 @@ static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p) "str r3, [%[r], #124]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index 0a465f4f09..3da6744a12 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -22738,7 +22738,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint64_t p256_mod_minus_2[4] = { +static const word64 p256_mod_minus_2[4] = { 0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U, 0xffffffff00000001U }; @@ -40519,7 +40519,7 @@ SP_NOINLINE static void sp_256_mont_mul_order_4(sp_digit* r, #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint64_t p256_order_minus_2[4] = { +static const word64 p256_order_minus_2[4] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU, 0xffffffff00000000U }; @@ -43944,7 +43944,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint64_t p384_mod_minus_2[6] = { +static const word64 p384_mod_minus_2[6] = { 0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; @@ -67122,13 +67122,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint64_t p384_order_minus_2[6] = { +static const word64 p384_order_minus_2[6] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint64_t p384_order_low[3] = { +static const word64 p384_order_low[3] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU }; #endif /* WOLFSSL_SP_SMALL */ @@ -72112,7 +72112,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint64_t p521_mod_minus_2[9] = { +static const word64 p521_mod_minus_2[9] = { 0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU @@ -111996,14 +111996,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint64_t p521_order_minus_2[9] = { +static const word64 p521_order_minus_2[9] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint64_t p521_order_low[5] = { +static const word64 p521_order_low[5] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU }; @@ -113493,7 +113493,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint64_t p521_sqrt_power[9] = { +static const word64 p521_sqrt_power[9] = { 0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000080 diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index 56c7931149..78e0ea484e 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -98858,7 +98858,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -105321,7 +105321,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -110286,7 +110286,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -116261,13 +116261,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -122551,7 +122551,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -132186,14 +132186,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -136163,7 +136163,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index a6db0646aa..b4489d2161 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -357,29 +357,29 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, t0 = ((sp_uint64)a[ 0]) * b[ 0]; t1 = ((sp_uint64)a[ 0]) * b[ 1] + ((sp_uint64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 2] + ((sp_uint64)a[ 1]) * b[ 1] + ((sp_uint64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 3] + ((sp_uint64)a[ 1]) * b[ 2] + ((sp_uint64)a[ 2]) * b[ 1] + ((sp_uint64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 4] + ((sp_uint64)a[ 1]) * b[ 3] + ((sp_uint64)a[ 2]) * b[ 2] + ((sp_uint64)a[ 3]) * b[ 1] + ((sp_uint64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 5] + ((sp_uint64)a[ 1]) * b[ 4] + ((sp_uint64)a[ 2]) * b[ 3] + ((sp_uint64)a[ 3]) * b[ 2] + ((sp_uint64)a[ 4]) * b[ 1] + ((sp_uint64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 6] + ((sp_uint64)a[ 1]) * b[ 5] + ((sp_uint64)a[ 2]) * b[ 4] @@ -387,7 +387,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 4]) * b[ 2] + ((sp_uint64)a[ 5]) * b[ 1] + ((sp_uint64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 7] + ((sp_uint64)a[ 1]) * b[ 6] + ((sp_uint64)a[ 2]) * b[ 5] @@ -396,7 +396,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 5]) * b[ 2] + ((sp_uint64)a[ 6]) * b[ 1] + ((sp_uint64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 8] + ((sp_uint64)a[ 1]) * b[ 7] + ((sp_uint64)a[ 2]) * b[ 6] @@ -406,7 +406,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 2] + ((sp_uint64)a[ 7]) * b[ 1] + ((sp_uint64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 9] + ((sp_uint64)a[ 1]) * b[ 8] + ((sp_uint64)a[ 2]) * b[ 7] @@ -417,7 +417,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 7]) * b[ 2] + ((sp_uint64)a[ 8]) * b[ 1] + ((sp_uint64)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[10] + ((sp_uint64)a[ 1]) * b[ 9] + ((sp_uint64)a[ 2]) * b[ 8] @@ -429,7 +429,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 8]) * b[ 2] + ((sp_uint64)a[ 9]) * b[ 1] + ((sp_uint64)a[10]) * b[ 0]; - t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[11] + ((sp_uint64)a[ 1]) * b[10] + ((sp_uint64)a[ 2]) * b[ 9] @@ -442,7 +442,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 2] + ((sp_uint64)a[10]) * b[ 1] + ((sp_uint64)a[11]) * b[ 0]; - t[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 1]) * b[11] + ((sp_uint64)a[ 2]) * b[10] + ((sp_uint64)a[ 3]) * b[ 9] @@ -454,7 +454,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 3] + ((sp_uint64)a[10]) * b[ 2] + ((sp_uint64)a[11]) * b[ 1]; - t[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 2]) * b[11] + ((sp_uint64)a[ 3]) * b[10] + ((sp_uint64)a[ 4]) * b[ 9] @@ -465,7 +465,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 4] + ((sp_uint64)a[10]) * b[ 3] + ((sp_uint64)a[11]) * b[ 2]; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 3]) * b[11] + ((sp_uint64)a[ 4]) * b[10] + ((sp_uint64)a[ 5]) * b[ 9] @@ -475,7 +475,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 5] + ((sp_uint64)a[10]) * b[ 4] + ((sp_uint64)a[11]) * b[ 3]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 4]) * b[11] + ((sp_uint64)a[ 5]) * b[10] + ((sp_uint64)a[ 6]) * b[ 9] @@ -484,7 +484,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 6] + ((sp_uint64)a[10]) * b[ 5] + ((sp_uint64)a[11]) * b[ 4]; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 5]) * b[11] + ((sp_uint64)a[ 6]) * b[10] + ((sp_uint64)a[ 7]) * b[ 9] @@ -492,35 +492,35 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 7] + ((sp_uint64)a[10]) * b[ 6] + ((sp_uint64)a[11]) * b[ 5]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 6]) * b[11] + ((sp_uint64)a[ 7]) * b[10] + ((sp_uint64)a[ 8]) * b[ 9] + ((sp_uint64)a[ 9]) * b[ 8] + ((sp_uint64)a[10]) * b[ 7] + ((sp_uint64)a[11]) * b[ 6]; - r[16] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 7]) * b[11] + ((sp_uint64)a[ 8]) * b[10] + ((sp_uint64)a[ 9]) * b[ 9] + ((sp_uint64)a[10]) * b[ 8] + ((sp_uint64)a[11]) * b[ 7]; - r[17] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 8]) * b[11] + ((sp_uint64)a[ 9]) * b[10] + ((sp_uint64)a[10]) * b[ 9] + ((sp_uint64)a[11]) * b[ 8]; - r[18] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 9]) * b[11] + ((sp_uint64)a[10]) * b[10] + ((sp_uint64)a[11]) * b[ 9]; - r[19] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[10]) * b[11] + ((sp_uint64)a[11]) * b[10]; - r[20] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[11]) * b[11]; - r[21] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[22] = t0 & 0x1fffffff; + r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[22] = (sp_digit)(t0 & 0x1fffffff); r[23] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -874,105 +874,105 @@ SP_NOINLINE static void sp_2048_sqr_12(sp_digit* r, const sp_digit* a) t0 = ((sp_uint64)a[ 0]) * a[ 0]; t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2 + ((sp_uint64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 3] + ((sp_uint64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 4] + ((sp_uint64)a[ 1]) * a[ 3]) * 2 + ((sp_uint64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 5] + ((sp_uint64)a[ 1]) * a[ 4] + ((sp_uint64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 6] + ((sp_uint64)a[ 1]) * a[ 5] + ((sp_uint64)a[ 2]) * a[ 4]) * 2 + ((sp_uint64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 7] + ((sp_uint64)a[ 1]) * a[ 6] + ((sp_uint64)a[ 2]) * a[ 5] + ((sp_uint64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 8] + ((sp_uint64)a[ 1]) * a[ 7] + ((sp_uint64)a[ 2]) * a[ 6] + ((sp_uint64)a[ 3]) * a[ 5]) * 2 + ((sp_uint64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 9] + ((sp_uint64)a[ 1]) * a[ 8] + ((sp_uint64)a[ 2]) * a[ 7] + ((sp_uint64)a[ 3]) * a[ 6] + ((sp_uint64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[10] + ((sp_uint64)a[ 1]) * a[ 9] + ((sp_uint64)a[ 2]) * a[ 8] + ((sp_uint64)a[ 3]) * a[ 7] + ((sp_uint64)a[ 4]) * a[ 6]) * 2 + ((sp_uint64)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[11] + ((sp_uint64)a[ 1]) * a[10] + ((sp_uint64)a[ 2]) * a[ 9] + ((sp_uint64)a[ 3]) * a[ 8] + ((sp_uint64)a[ 4]) * a[ 7] + ((sp_uint64)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 1]) * a[11] + ((sp_uint64)a[ 2]) * a[10] + ((sp_uint64)a[ 3]) * a[ 9] + ((sp_uint64)a[ 4]) * a[ 8] + ((sp_uint64)a[ 5]) * a[ 7]) * 2 + ((sp_uint64)a[ 6]) * a[ 6]; - t[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 2]) * a[11] + ((sp_uint64)a[ 3]) * a[10] + ((sp_uint64)a[ 4]) * a[ 9] + ((sp_uint64)a[ 5]) * a[ 8] + ((sp_uint64)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 3]) * a[11] + ((sp_uint64)a[ 4]) * a[10] + ((sp_uint64)a[ 5]) * a[ 9] + ((sp_uint64)a[ 6]) * a[ 8]) * 2 + ((sp_uint64)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 4]) * a[11] + ((sp_uint64)a[ 5]) * a[10] + ((sp_uint64)a[ 6]) * a[ 9] + ((sp_uint64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 5]) * a[11] + ((sp_uint64)a[ 6]) * a[10] + ((sp_uint64)a[ 7]) * a[ 9]) * 2 + ((sp_uint64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 6]) * a[11] + ((sp_uint64)a[ 7]) * a[10] + ((sp_uint64)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 7]) * a[11] + ((sp_uint64)a[ 8]) * a[10]) * 2 + ((sp_uint64)a[ 9]) * a[ 9]; - r[17] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 8]) * a[11] + ((sp_uint64)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 9]) * a[11]) * 2 + ((sp_uint64)a[10]) * a[10]; - r[19] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[10]) * a[11]) * 2; - r[20] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[11]) * a[11]; - r[21] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[22] = t0 & 0x1fffffff; + r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[22] = (sp_digit)(t0 & 0x1fffffff); r[23] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -1626,26 +1626,26 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; t[2] = (tb * a[34]) + r[34]; t[3] = (tb * a[35]) + r[35]; - r[32] = t[0] & 0x1fffffff; + r[32] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[33] = t[1] & 0x1fffffff; + r[33] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[34] = t[2] & 0x1fffffff; + r[34] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[35] = t[3] & 0x1fffffff; + r[35] = (sp_digit)(t[3] & 0x1fffffff); r[36] += (sp_digit)(t[3] >> 29); #else sp_int64 tb = b; @@ -1662,34 +1662,34 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[i+4] = t[4] & 0x1fffffff; + r[i+4] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[i+5] = t[5] & 0x1fffffff; + r[i+5] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[i+6] = t[6] & 0x1fffffff; + r[i+6] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[i+7] = t[7] & 0x1fffffff; + r[i+7] = (sp_digit)(t[7] & 0x1fffffff); t[0] = t[7] >> 29; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; t[2] = (tb * a[34]) + r[34]; t[3] = (tb * a[35]) + r[35]; - r[32] = t[0] & 0x1fffffff; + r[32] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[33] = t[1] & 0x1fffffff; + r[33] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[34] = t[2] & 0x1fffffff; + r[34] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[35] = t[3] & 0x1fffffff; + r[35] = (sp_digit)(t[3] & 0x1fffffff); r[36] += (sp_digit)(t[3] >> 29); #endif /* WOLFSSL_SP_SMALL */ #endif /* !WOLFSSL_SP_LARGE_CODE */ @@ -1708,7 +1708,7 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[36]) << 20; for (i = 0; i < 35; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[37 + i]) << 20; } @@ -1718,26 +1718,26 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a) sp_int64 n = a[35] >> 9; n += ((sp_int64)a[36]) << 20; for (i = 0; i < 32; i += 8) { - r[i + 0] = n & 0x1fffffff; + r[i + 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 37]) << 20; - r[i + 1] = n & 0x1fffffff; + r[i + 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 38]) << 20; - r[i + 2] = n & 0x1fffffff; + r[i + 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 39]) << 20; - r[i + 3] = n & 0x1fffffff; + r[i + 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 40]) << 20; - r[i + 4] = n & 0x1fffffff; + r[i + 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 41]) << 20; - r[i + 5] = n & 0x1fffffff; + r[i + 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 42]) << 20; - r[i + 6] = n & 0x1fffffff; + r[i + 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 43]) << 20; - r[i + 7] = n & 0x1fffffff; + r[i + 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 44]) << 20; } - r[32] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[69]) << 20; - r[33] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[70]) << 20; - r[34] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[71]) << 20; + r[32] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[69]) << 20; + r[33] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[70]) << 20; + r[34] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[71]) << 20; r[35] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[36], 0, sizeof(*r) * 36U); @@ -1758,11 +1758,11 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_36(a + 36); for (i=0; i<35; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -1913,22 +1913,22 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<35; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } #else for (i=0; i<32; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff); - } - r[32] = (a[32] >> n) | ((a[33] << (29 - n)) & 0x1fffffff); - r[33] = (a[33] >> n) | ((a[34] << (29 - n)) & 0x1fffffff); - r[34] = (a[34] >> n) | ((a[35] << (29 - n)) & 0x1fffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff); + } + r[32] = (a[32] >> n) | (sp_digit)((a[33] << (29 - n)) & 0x1fffffff); + r[33] = (a[33] >> n) | (sp_digit)((a[34] << (29 - n)) & 0x1fffffff); + r[34] = (a[34] >> n) | (sp_digit)((a[35] << (29 - n)) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ r[35] = a[35] >> n; } @@ -2611,26 +2611,26 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[68]) + r[68]; t[1] = (tb * a[69]) + r[69]; t[2] = (tb * a[70]) + r[70]; t[3] = (tb * a[71]) + r[71]; - r[68] = t[0] & 0x1fffffff; + r[68] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[69] = t[1] & 0x1fffffff; + r[69] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[70] = t[2] & 0x1fffffff; + r[70] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[71] = t[3] & 0x1fffffff; + r[71] = (sp_digit)(t[3] & 0x1fffffff); r[72] += (sp_digit)(t[3] >> 29); #else sp_int64 tb = b; @@ -2647,21 +2647,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[i+4] = t[4] & 0x1fffffff; + r[i+4] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[i+5] = t[5] & 0x1fffffff; + r[i+5] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[i+6] = t[6] & 0x1fffffff; + r[i+6] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[i+7] = t[7] & 0x1fffffff; + r[i+7] = (sp_digit)(t[7] & 0x1fffffff); t[0] = t[7] >> 29; } t[0] += (tb * a[64]) + r[64]; @@ -2672,21 +2672,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a, t[5] = (tb * a[69]) + r[69]; t[6] = (tb * a[70]) + r[70]; t[7] = (tb * a[71]) + r[71]; - r[64] = t[0] & 0x1fffffff; + r[64] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[65] = t[1] & 0x1fffffff; + r[65] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[66] = t[2] & 0x1fffffff; + r[66] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[67] = t[3] & 0x1fffffff; + r[67] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[68] = t[4] & 0x1fffffff; + r[68] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[69] = t[5] & 0x1fffffff; + r[69] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[70] = t[6] & 0x1fffffff; + r[70] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[71] = t[7] & 0x1fffffff; + r[71] = (sp_digit)(t[7] & 0x1fffffff); r[72] += (sp_digit)(t[7] >> 29); #endif /* WOLFSSL_SP_SMALL */ #endif /* !WOLFSSL_SP_LARGE_CODE */ @@ -2705,7 +2705,7 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[71]) << 11; for (i = 0; i < 70; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[72 + i]) << 11; } @@ -2715,29 +2715,29 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a) sp_int64 n = a[70] >> 18; n += ((sp_int64)a[71]) << 11; for (i = 0; i < 64; i += 8) { - r[i + 0] = n & 0x1fffffff; + r[i + 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 72]) << 11; - r[i + 1] = n & 0x1fffffff; + r[i + 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 73]) << 11; - r[i + 2] = n & 0x1fffffff; + r[i + 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 74]) << 11; - r[i + 3] = n & 0x1fffffff; + r[i + 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 75]) << 11; - r[i + 4] = n & 0x1fffffff; + r[i + 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 76]) << 11; - r[i + 5] = n & 0x1fffffff; + r[i + 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 77]) << 11; - r[i + 6] = n & 0x1fffffff; + r[i + 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 78]) << 11; - r[i + 7] = n & 0x1fffffff; + r[i + 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 79]) << 11; } - r[64] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[136]) << 11; - r[65] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[137]) << 11; - r[66] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[138]) << 11; - r[67] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[139]) << 11; - r[68] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[140]) << 11; - r[69] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[141]) << 11; + r[64] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[136]) << 11; + r[65] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[137]) << 11; + r[66] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[138]) << 11; + r[67] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[139]) << 11; + r[68] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[140]) << 11; + r[69] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[141]) << 11; r[70] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[71], 0, sizeof(*r) * 71U); @@ -2760,33 +2760,33 @@ static void sp_2048_mont_reduce_72(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<70; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } else { for (i=0; i<70; i++) { - mu = a[i] & 0x1fffffff; + mu = (sp_digit)(a[i] & 0x1fffffff); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = a[i] & 0x3ffffL; + mu = (sp_digit)(a[i] & 0x3ffffL); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } #else for (i=0; i<70; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -2967,26 +2967,26 @@ SP_NOINLINE static void sp_2048_rshift_72(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<71; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } #else for (i=0; i<64; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff); - } - r[64] = (a[64] >> n) | ((a[65] << (29 - n)) & 0x1fffffff); - r[65] = (a[65] >> n) | ((a[66] << (29 - n)) & 0x1fffffff); - r[66] = (a[66] >> n) | ((a[67] << (29 - n)) & 0x1fffffff); - r[67] = (a[67] >> n) | ((a[68] << (29 - n)) & 0x1fffffff); - r[68] = (a[68] >> n) | ((a[69] << (29 - n)) & 0x1fffffff); - r[69] = (a[69] >> n) | ((a[70] << (29 - n)) & 0x1fffffff); - r[70] = (a[70] >> n) | ((a[71] << (29 - n)) & 0x1fffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff); + } + r[64] = (a[64] >> n) | (sp_digit)((a[65] << (29 - n)) & 0x1fffffff); + r[65] = (a[65] >> n) | (sp_digit)((a[66] << (29 - n)) & 0x1fffffff); + r[66] = (a[66] >> n) | (sp_digit)((a[67] << (29 - n)) & 0x1fffffff); + r[67] = (a[67] >> n) | (sp_digit)((a[68] << (29 - n)) & 0x1fffffff); + r[68] = (a[68] >> n) | (sp_digit)((a[69] << (29 - n)) & 0x1fffffff); + r[69] = (a[69] >> n) | (sp_digit)((a[70] << (29 - n)) & 0x1fffffff); + r[70] = (a[70] >> n) | (sp_digit)((a[71] << (29 - n)) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ r[71] = a[71] >> n; } @@ -4340,7 +4340,7 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a, r[72] = a[71] >> (29 - n); for (i=71; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } #else sp_int_digit s; @@ -4349,149 +4349,149 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[71]; r[72] = s >> (29U - n); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[71] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[70] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[69] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[68] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[67] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[66] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[65] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[64] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[63] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[62] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[61] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[60] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[59] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[58] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[57] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[56] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[55] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[54] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[53] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[52] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[51] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[50] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[49] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[48] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[47] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[46] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[45] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[44] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[43] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[42] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[41] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[40] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[39] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[38] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[37] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[36] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[35] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[34] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[33] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[32] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[31] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[30] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[29] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[28] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[27] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[26] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[25] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[24] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[23] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[22] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[21] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[20] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[19] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[18] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -5324,17 +5324,17 @@ SP_NOINLINE static void sp_3072_mul_add_53(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[52]) + r[52]; - r[52] = t[0] & 0x1fffffff; + r[52] = (sp_digit)(t[0] & 0x1fffffff); r[53] += (sp_digit)(t[0] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -5351,7 +5351,7 @@ static void sp_3072_mont_shift_53(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[53]) << 1; for (i = 0; i < 52; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[54 + i]) << 1; } @@ -5374,11 +5374,11 @@ static void sp_3072_mont_reduce_53(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_53(a + 53); for (i=0; i<52; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_3072_mul_add_53(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL); sp_3072_mul_add_53(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -5602,7 +5602,7 @@ SP_NOINLINE static void sp_3072_rshift_53(sp_digit* r, const sp_digit* a, int i; for (i=0; i<52; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[52] = a[52] >> n; } @@ -6250,20 +6250,20 @@ SP_NOINLINE static void sp_3072_mul_add_106(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[104]) + r[104]; t[1] = (tb * a[105]) + r[105]; - r[104] = t[0] & 0x1fffffff; + r[104] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[105] = t[1] & 0x1fffffff; + r[105] = (sp_digit)(t[1] & 0x1fffffff); r[106] += (sp_digit)(t[1] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -6280,7 +6280,7 @@ static void sp_3072_mont_shift_106(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[106]) << 2; for (i = 0; i < 105; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[107 + i]) << 2; } @@ -6305,33 +6305,33 @@ static void sp_3072_mont_reduce_106(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<105; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } else { for (i=0; i<105; i++) { - mu = a[i] & 0x1fffffff; + mu = (sp_digit)(a[i] & 0x1fffffff); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = a[i] & 0x7ffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffL); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } #else for (i=0; i<105; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -6437,7 +6437,7 @@ SP_NOINLINE static void sp_3072_rshift_106(sp_digit* r, const sp_digit* a, int i; for (i=0; i<105; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[105] = a[105] >> n; } @@ -7786,9 +7786,9 @@ SP_NOINLINE static void sp_3072_lshift_106(sp_digit* r, const sp_digit* a, r[106] = a[105] >> (29 - n); for (i=105; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -8438,29 +8438,29 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, t0 = ((sp_uint64)a[ 0]) * b[ 0]; t1 = ((sp_uint64)a[ 0]) * b[ 1] + ((sp_uint64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 2] + ((sp_uint64)a[ 1]) * b[ 1] + ((sp_uint64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 3] + ((sp_uint64)a[ 1]) * b[ 2] + ((sp_uint64)a[ 2]) * b[ 1] + ((sp_uint64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 4] + ((sp_uint64)a[ 1]) * b[ 3] + ((sp_uint64)a[ 2]) * b[ 2] + ((sp_uint64)a[ 3]) * b[ 1] + ((sp_uint64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 5] + ((sp_uint64)a[ 1]) * b[ 4] + ((sp_uint64)a[ 2]) * b[ 3] + ((sp_uint64)a[ 3]) * b[ 2] + ((sp_uint64)a[ 4]) * b[ 1] + ((sp_uint64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 6] + ((sp_uint64)a[ 1]) * b[ 5] + ((sp_uint64)a[ 2]) * b[ 4] @@ -8468,7 +8468,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 4]) * b[ 2] + ((sp_uint64)a[ 5]) * b[ 1] + ((sp_uint64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 7] + ((sp_uint64)a[ 1]) * b[ 6] + ((sp_uint64)a[ 2]) * b[ 5] @@ -8477,7 +8477,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 5]) * b[ 2] + ((sp_uint64)a[ 6]) * b[ 1] + ((sp_uint64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 8] + ((sp_uint64)a[ 1]) * b[ 7] + ((sp_uint64)a[ 2]) * b[ 6] @@ -8487,7 +8487,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 2] + ((sp_uint64)a[ 7]) * b[ 1] + ((sp_uint64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 9] + ((sp_uint64)a[ 1]) * b[ 8] + ((sp_uint64)a[ 2]) * b[ 7] @@ -8498,7 +8498,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 7]) * b[ 2] + ((sp_uint64)a[ 8]) * b[ 1] + ((sp_uint64)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[10] + ((sp_uint64)a[ 1]) * b[ 9] + ((sp_uint64)a[ 2]) * b[ 8] @@ -8510,7 +8510,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 8]) * b[ 2] + ((sp_uint64)a[ 9]) * b[ 1] + ((sp_uint64)a[10]) * b[ 0]; - t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[11] + ((sp_uint64)a[ 1]) * b[10] + ((sp_uint64)a[ 2]) * b[ 9] @@ -8523,7 +8523,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 2] + ((sp_uint64)a[10]) * b[ 1] + ((sp_uint64)a[11]) * b[ 0]; - t[10] = t0 & 0xfffffff; t1 += t0 >> 28; + t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[12] + ((sp_uint64)a[ 1]) * b[11] + ((sp_uint64)a[ 2]) * b[10] @@ -8537,7 +8537,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[10]) * b[ 2] + ((sp_uint64)a[11]) * b[ 1] + ((sp_uint64)a[12]) * b[ 0]; - t[11] = t1 & 0xfffffff; t0 += t1 >> 28; + t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[13] + ((sp_uint64)a[ 1]) * b[12] + ((sp_uint64)a[ 2]) * b[11] @@ -8552,7 +8552,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 2] + ((sp_uint64)a[12]) * b[ 1] + ((sp_uint64)a[13]) * b[ 0]; - t[12] = t0 & 0xfffffff; t1 += t0 >> 28; + t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 1]) * b[13] + ((sp_uint64)a[ 2]) * b[12] + ((sp_uint64)a[ 3]) * b[11] @@ -8566,7 +8566,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 3] + ((sp_uint64)a[12]) * b[ 2] + ((sp_uint64)a[13]) * b[ 1]; - t[13] = t1 & 0xfffffff; t0 += t1 >> 28; + t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 2]) * b[13] + ((sp_uint64)a[ 3]) * b[12] + ((sp_uint64)a[ 4]) * b[11] @@ -8579,7 +8579,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 4] + ((sp_uint64)a[12]) * b[ 3] + ((sp_uint64)a[13]) * b[ 2]; - r[14] = t0 & 0xfffffff; t1 += t0 >> 28; + r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 3]) * b[13] + ((sp_uint64)a[ 4]) * b[12] + ((sp_uint64)a[ 5]) * b[11] @@ -8591,7 +8591,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 5] + ((sp_uint64)a[12]) * b[ 4] + ((sp_uint64)a[13]) * b[ 3]; - r[15] = t1 & 0xfffffff; t0 += t1 >> 28; + r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 4]) * b[13] + ((sp_uint64)a[ 5]) * b[12] + ((sp_uint64)a[ 6]) * b[11] @@ -8602,7 +8602,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 6] + ((sp_uint64)a[12]) * b[ 5] + ((sp_uint64)a[13]) * b[ 4]; - r[16] = t0 & 0xfffffff; t1 += t0 >> 28; + r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 5]) * b[13] + ((sp_uint64)a[ 6]) * b[12] + ((sp_uint64)a[ 7]) * b[11] @@ -8612,7 +8612,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 7] + ((sp_uint64)a[12]) * b[ 6] + ((sp_uint64)a[13]) * b[ 5]; - r[17] = t1 & 0xfffffff; t0 += t1 >> 28; + r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 6]) * b[13] + ((sp_uint64)a[ 7]) * b[12] + ((sp_uint64)a[ 8]) * b[11] @@ -8621,7 +8621,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 8] + ((sp_uint64)a[12]) * b[ 7] + ((sp_uint64)a[13]) * b[ 6]; - r[18] = t0 & 0xfffffff; t1 += t0 >> 28; + r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 7]) * b[13] + ((sp_uint64)a[ 8]) * b[12] + ((sp_uint64)a[ 9]) * b[11] @@ -8629,35 +8629,35 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 9] + ((sp_uint64)a[12]) * b[ 8] + ((sp_uint64)a[13]) * b[ 7]; - r[19] = t1 & 0xfffffff; t0 += t1 >> 28; + r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 8]) * b[13] + ((sp_uint64)a[ 9]) * b[12] + ((sp_uint64)a[10]) * b[11] + ((sp_uint64)a[11]) * b[10] + ((sp_uint64)a[12]) * b[ 9] + ((sp_uint64)a[13]) * b[ 8]; - r[20] = t0 & 0xfffffff; t1 += t0 >> 28; + r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 9]) * b[13] + ((sp_uint64)a[10]) * b[12] + ((sp_uint64)a[11]) * b[11] + ((sp_uint64)a[12]) * b[10] + ((sp_uint64)a[13]) * b[ 9]; - r[21] = t1 & 0xfffffff; t0 += t1 >> 28; + r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[10]) * b[13] + ((sp_uint64)a[11]) * b[12] + ((sp_uint64)a[12]) * b[11] + ((sp_uint64)a[13]) * b[10]; - r[22] = t0 & 0xfffffff; t1 += t0 >> 28; + r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[11]) * b[13] + ((sp_uint64)a[12]) * b[12] + ((sp_uint64)a[13]) * b[11]; - r[23] = t1 & 0xfffffff; t0 += t1 >> 28; + r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[12]) * b[13] + ((sp_uint64)a[13]) * b[12]; - r[24] = t0 & 0xfffffff; t1 += t0 >> 28; + r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[13]) * b[13]; - r[25] = t1 & 0xfffffff; t0 += t1 >> 28; - r[26] = t0 & 0xfffffff; + r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; + r[26] = (sp_digit)(t0 & 0xfffffff); r[27] = (sp_digit)(t0 >> 28); XMEMCPY(r, t, sizeof(t)); } @@ -9010,57 +9010,57 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) t0 = ((sp_uint64)a[ 0]) * a[ 0]; t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2 + ((sp_uint64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 3] + ((sp_uint64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 4] + ((sp_uint64)a[ 1]) * a[ 3]) * 2 + ((sp_uint64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 5] + ((sp_uint64)a[ 1]) * a[ 4] + ((sp_uint64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 6] + ((sp_uint64)a[ 1]) * a[ 5] + ((sp_uint64)a[ 2]) * a[ 4]) * 2 + ((sp_uint64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 7] + ((sp_uint64)a[ 1]) * a[ 6] + ((sp_uint64)a[ 2]) * a[ 5] + ((sp_uint64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 8] + ((sp_uint64)a[ 1]) * a[ 7] + ((sp_uint64)a[ 2]) * a[ 6] + ((sp_uint64)a[ 3]) * a[ 5]) * 2 + ((sp_uint64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 9] + ((sp_uint64)a[ 1]) * a[ 8] + ((sp_uint64)a[ 2]) * a[ 7] + ((sp_uint64)a[ 3]) * a[ 6] + ((sp_uint64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[10] + ((sp_uint64)a[ 1]) * a[ 9] + ((sp_uint64)a[ 2]) * a[ 8] + ((sp_uint64)a[ 3]) * a[ 7] + ((sp_uint64)a[ 4]) * a[ 6]) * 2 + ((sp_uint64)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[11] + ((sp_uint64)a[ 1]) * a[10] + ((sp_uint64)a[ 2]) * a[ 9] + ((sp_uint64)a[ 3]) * a[ 8] + ((sp_uint64)a[ 4]) * a[ 7] + ((sp_uint64)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0xfffffff; t1 += t0 >> 28; + t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[12] + ((sp_uint64)a[ 1]) * a[11] + ((sp_uint64)a[ 2]) * a[10] @@ -9068,7 +9068,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) + ((sp_uint64)a[ 4]) * a[ 8] + ((sp_uint64)a[ 5]) * a[ 7]) * 2 + ((sp_uint64)a[ 6]) * a[ 6]; - t[11] = t1 & 0xfffffff; t0 += t1 >> 28; + t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[13] + ((sp_uint64)a[ 1]) * a[12] + ((sp_uint64)a[ 2]) * a[11] @@ -9076,7 +9076,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) + ((sp_uint64)a[ 4]) * a[ 9] + ((sp_uint64)a[ 5]) * a[ 8] + ((sp_uint64)a[ 6]) * a[ 7]) * 2; - t[12] = t0 & 0xfffffff; t1 += t0 >> 28; + t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 1]) * a[13] + ((sp_uint64)a[ 2]) * a[12] + ((sp_uint64)a[ 3]) * a[11] @@ -9084,62 +9084,62 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) + ((sp_uint64)a[ 5]) * a[ 9] + ((sp_uint64)a[ 6]) * a[ 8]) * 2 + ((sp_uint64)a[ 7]) * a[ 7]; - t[13] = t1 & 0xfffffff; t0 += t1 >> 28; + t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 2]) * a[13] + ((sp_uint64)a[ 3]) * a[12] + ((sp_uint64)a[ 4]) * a[11] + ((sp_uint64)a[ 5]) * a[10] + ((sp_uint64)a[ 6]) * a[ 9] + ((sp_uint64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0xfffffff; t1 += t0 >> 28; + r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 3]) * a[13] + ((sp_uint64)a[ 4]) * a[12] + ((sp_uint64)a[ 5]) * a[11] + ((sp_uint64)a[ 6]) * a[10] + ((sp_uint64)a[ 7]) * a[ 9]) * 2 + ((sp_uint64)a[ 8]) * a[ 8]; - r[15] = t1 & 0xfffffff; t0 += t1 >> 28; + r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 4]) * a[13] + ((sp_uint64)a[ 5]) * a[12] + ((sp_uint64)a[ 6]) * a[11] + ((sp_uint64)a[ 7]) * a[10] + ((sp_uint64)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0xfffffff; t1 += t0 >> 28; + r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 5]) * a[13] + ((sp_uint64)a[ 6]) * a[12] + ((sp_uint64)a[ 7]) * a[11] + ((sp_uint64)a[ 8]) * a[10]) * 2 + ((sp_uint64)a[ 9]) * a[ 9]; - r[17] = t1 & 0xfffffff; t0 += t1 >> 28; + r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 6]) * a[13] + ((sp_uint64)a[ 7]) * a[12] + ((sp_uint64)a[ 8]) * a[11] + ((sp_uint64)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0xfffffff; t1 += t0 >> 28; + r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 7]) * a[13] + ((sp_uint64)a[ 8]) * a[12] + ((sp_uint64)a[ 9]) * a[11]) * 2 + ((sp_uint64)a[10]) * a[10]; - r[19] = t1 & 0xfffffff; t0 += t1 >> 28; + r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 8]) * a[13] + ((sp_uint64)a[ 9]) * a[12] + ((sp_uint64)a[10]) * a[11]) * 2; - r[20] = t0 & 0xfffffff; t1 += t0 >> 28; + r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 9]) * a[13] + ((sp_uint64)a[10]) * a[12]) * 2 + ((sp_uint64)a[11]) * a[11]; - r[21] = t1 & 0xfffffff; t0 += t1 >> 28; + r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[10]) * a[13] + ((sp_uint64)a[11]) * a[12]) * 2; - r[22] = t0 & 0xfffffff; t1 += t0 >> 28; + r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[11]) * a[13]) * 2 + ((sp_uint64)a[12]) * a[12]; - r[23] = t1 & 0xfffffff; t0 += t1 >> 28; + r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[12]) * a[13]) * 2; - r[24] = t0 & 0xfffffff; t1 += t0 >> 28; + r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[13]) * a[13]; - r[25] = t1 & 0xfffffff; t0 += t1 >> 28; - r[26] = t0 & 0xfffffff; + r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; + r[26] = (sp_digit)(t0 & 0xfffffff); r[27] = (sp_digit)(t0 >> 28); XMEMCPY(r, t, sizeof(t)); } @@ -9397,21 +9397,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0xfffffff; + r[i+0] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[i+1] = t[1] & 0xfffffff; + r[i+1] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[i+2] = t[2] & 0xfffffff; + r[i+2] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[i+3] = t[3] & 0xfffffff; + r[i+3] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[i+4] = t[4] & 0xfffffff; + r[i+4] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[i+5] = t[5] & 0xfffffff; + r[i+5] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[i+6] = t[6] & 0xfffffff; + r[i+6] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[i+7] = t[7] & 0xfffffff; + r[i+7] = (sp_digit)(t[7] & 0xfffffff); t[0] = t[7] >> 28; } t[0] += (tb * a[48]) + r[48]; @@ -9422,21 +9422,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a, t[5] = (tb * a[53]) + r[53]; t[6] = (tb * a[54]) + r[54]; t[7] = (tb * a[55]) + r[55]; - r[48] = t[0] & 0xfffffff; + r[48] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[49] = t[1] & 0xfffffff; + r[49] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[50] = t[2] & 0xfffffff; + r[50] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[51] = t[3] & 0xfffffff; + r[51] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[52] = t[4] & 0xfffffff; + r[52] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[53] = t[5] & 0xfffffff; + r[53] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[54] = t[6] & 0xfffffff; + r[54] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[55] = t[7] & 0xfffffff; + r[55] = (sp_digit)(t[7] & 0xfffffff); r[56] += (sp_digit)(t[7] >> 28); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -9452,29 +9452,29 @@ static void sp_3072_mont_shift_56(sp_digit* r, const sp_digit* a) sp_int64 n = a[54] >> 24; n += ((sp_int64)a[55]) << 4; for (i = 0; i < 48; i += 8) { - r[i + 0] = n & 0xfffffff; + r[i + 0] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 56]) << 4; - r[i + 1] = n & 0xfffffff; + r[i + 1] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 57]) << 4; - r[i + 2] = n & 0xfffffff; + r[i + 2] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 58]) << 4; - r[i + 3] = n & 0xfffffff; + r[i + 3] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 59]) << 4; - r[i + 4] = n & 0xfffffff; + r[i + 4] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 60]) << 4; - r[i + 5] = n & 0xfffffff; + r[i + 5] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 61]) << 4; - r[i + 6] = n & 0xfffffff; + r[i + 6] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 62]) << 4; - r[i + 7] = n & 0xfffffff; + r[i + 7] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 63]) << 4; } - r[48] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[104]) << 4; - r[49] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[105]) << 4; - r[50] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[106]) << 4; - r[51] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[107]) << 4; - r[52] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[108]) << 4; - r[53] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[109]) << 4; + r[48] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[104]) << 4; + r[49] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[105]) << 4; + r[50] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[106]) << 4; + r[51] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[107]) << 4; + r[52] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[108]) << 4; + r[53] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[109]) << 4; r[54] = (sp_digit)n; XMEMSET(&r[55], 0, sizeof(*r) * 55U); } @@ -9494,11 +9494,11 @@ static void sp_3072_mont_reduce_56(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_56(a + 55); for (i=0; i<54; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff); sp_3072_mul_add_56(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL); sp_3072_mul_add_56(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; @@ -9611,22 +9611,22 @@ SP_NOINLINE static void sp_3072_rshift_56(sp_digit* r, const sp_digit* a, int i; for (i=0; i<48; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff); - } - r[48] = (a[48] >> n) | ((a[49] << (28 - n)) & 0xfffffff); - r[49] = (a[49] >> n) | ((a[50] << (28 - n)) & 0xfffffff); - r[50] = (a[50] >> n) | ((a[51] << (28 - n)) & 0xfffffff); - r[51] = (a[51] >> n) | ((a[52] << (28 - n)) & 0xfffffff); - r[52] = (a[52] >> n) | ((a[53] << (28 - n)) & 0xfffffff); - r[53] = (a[53] >> n) | ((a[54] << (28 - n)) & 0xfffffff); - r[54] = (a[54] >> n) | ((a[55] << (28 - n)) & 0xfffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff); + } + r[48] = (a[48] >> n) | (sp_digit)((a[49] << (28 - n)) & 0xfffffff); + r[49] = (a[49] >> n) | (sp_digit)((a[50] << (28 - n)) & 0xfffffff); + r[50] = (a[50] >> n) | (sp_digit)((a[51] << (28 - n)) & 0xfffffff); + r[51] = (a[51] >> n) | (sp_digit)((a[52] << (28 - n)) & 0xfffffff); + r[52] = (a[52] >> n) | (sp_digit)((a[53] << (28 - n)) & 0xfffffff); + r[53] = (a[53] >> n) | (sp_digit)((a[54] << (28 - n)) & 0xfffffff); + r[54] = (a[54] >> n) | (sp_digit)((a[55] << (28 - n)) & 0xfffffff); r[55] = a[55] >> n; } @@ -10287,21 +10287,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0xfffffff; + r[i+0] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[i+1] = t[1] & 0xfffffff; + r[i+1] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[i+2] = t[2] & 0xfffffff; + r[i+2] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[i+3] = t[3] & 0xfffffff; + r[i+3] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[i+4] = t[4] & 0xfffffff; + r[i+4] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[i+5] = t[5] & 0xfffffff; + r[i+5] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[i+6] = t[6] & 0xfffffff; + r[i+6] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[i+7] = t[7] & 0xfffffff; + r[i+7] = (sp_digit)(t[7] & 0xfffffff); t[0] = t[7] >> 28; } t[0] += (tb * a[104]) + r[104]; @@ -10312,21 +10312,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a, t[5] = (tb * a[109]) + r[109]; t[6] = (tb * a[110]) + r[110]; t[7] = (tb * a[111]) + r[111]; - r[104] = t[0] & 0xfffffff; + r[104] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[105] = t[1] & 0xfffffff; + r[105] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[106] = t[2] & 0xfffffff; + r[106] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[107] = t[3] & 0xfffffff; + r[107] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[108] = t[4] & 0xfffffff; + r[108] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[109] = t[5] & 0xfffffff; + r[109] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[110] = t[6] & 0xfffffff; + r[110] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[111] = t[7] & 0xfffffff; + r[111] = (sp_digit)(t[7] & 0xfffffff); r[112] += (sp_digit)(t[7] >> 28); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -10342,28 +10342,28 @@ static void sp_3072_mont_shift_112(sp_digit* r, const sp_digit* a) sp_int64 n = a[109] >> 20; n += ((sp_int64)a[110]) << 8; for (i = 0; i < 104; i += 8) { - r[i + 0] = n & 0xfffffff; + r[i + 0] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 111]) << 8; - r[i + 1] = n & 0xfffffff; + r[i + 1] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 112]) << 8; - r[i + 2] = n & 0xfffffff; + r[i + 2] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 113]) << 8; - r[i + 3] = n & 0xfffffff; + r[i + 3] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 114]) << 8; - r[i + 4] = n & 0xfffffff; + r[i + 4] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 115]) << 8; - r[i + 5] = n & 0xfffffff; + r[i + 5] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 116]) << 8; - r[i + 6] = n & 0xfffffff; + r[i + 6] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 117]) << 8; - r[i + 7] = n & 0xfffffff; + r[i + 7] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 118]) << 8; } - r[104] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[215]) << 8; - r[105] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[216]) << 8; - r[106] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[217]) << 8; - r[107] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[218]) << 8; - r[108] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[219]) << 8; + r[104] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[215]) << 8; + r[105] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[216]) << 8; + r[106] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[217]) << 8; + r[107] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[218]) << 8; + r[108] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[219]) << 8; r[109] = (sp_digit)n; XMEMSET(&r[110], 0, sizeof(*r) * 110U); } @@ -10385,33 +10385,33 @@ static void sp_3072_mont_reduce_112(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<109; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; } else { for (i=0; i<109; i++) { - mu = a[i] & 0xfffffff; + mu = (sp_digit)(a[i] & 0xfffffff); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = a[i] & 0xfffffL; + mu = (sp_digit)(a[i] & 0xfffffL); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; } #else for (i=0; i<109; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; @@ -10525,22 +10525,22 @@ SP_NOINLINE static void sp_3072_rshift_112(sp_digit* r, const sp_digit* a, int i; for (i=0; i<104; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff); - } - r[104] = (a[104] >> n) | ((a[105] << (28 - n)) & 0xfffffff); - r[105] = (a[105] >> n) | ((a[106] << (28 - n)) & 0xfffffff); - r[106] = (a[106] >> n) | ((a[107] << (28 - n)) & 0xfffffff); - r[107] = (a[107] >> n) | ((a[108] << (28 - n)) & 0xfffffff); - r[108] = (a[108] >> n) | ((a[109] << (28 - n)) & 0xfffffff); - r[109] = (a[109] >> n) | ((a[110] << (28 - n)) & 0xfffffff); - r[110] = (a[110] >> n) | ((a[111] << (28 - n)) & 0xfffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff); + } + r[104] = (a[104] >> n) | (sp_digit)((a[105] << (28 - n)) & 0xfffffff); + r[105] = (a[105] >> n) | (sp_digit)((a[106] << (28 - n)) & 0xfffffff); + r[106] = (a[106] >> n) | (sp_digit)((a[107] << (28 - n)) & 0xfffffff); + r[107] = (a[107] >> n) | (sp_digit)((a[108] << (28 - n)) & 0xfffffff); + r[108] = (a[108] >> n) | (sp_digit)((a[109] << (28 - n)) & 0xfffffff); + r[109] = (a[109] >> n) | (sp_digit)((a[110] << (28 - n)) & 0xfffffff); + r[110] = (a[110] >> n) | (sp_digit)((a[111] << (28 - n)) & 0xfffffff); r[111] = a[111] >> n; } @@ -11895,228 +11895,228 @@ SP_NOINLINE static void sp_3072_lshift_112(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[111]; r[112] = s >> (28U - n); s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]); - r[111] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[111] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]); - r[110] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[110] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]); - r[109] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[109] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]); - r[108] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[108] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]); - r[107] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[107] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]); - r[106] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[106] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]); - r[105] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[105] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]); - r[104] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[104] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]); - r[103] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[103] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]); - r[102] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[102] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]); - r[101] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[101] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]); - r[100] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[100] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]); - r[99] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[99] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]); - r[98] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[98] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]); - r[97] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[97] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]); - r[96] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[96] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]); - r[95] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[95] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]); - r[94] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[94] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]); - r[93] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[93] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]); - r[92] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[92] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]); - r[91] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[91] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]); - r[90] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[90] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]); - r[89] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[89] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]); - r[88] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[88] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]); - r[87] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[87] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]); - r[86] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[86] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]); - r[85] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[85] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]); - r[84] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[84] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]); - r[83] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[83] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]); - r[82] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[82] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]); - r[81] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[81] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]); - r[80] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[80] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]); - r[79] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[79] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]); - r[78] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[78] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]); - r[77] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[77] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]); - r[76] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[76] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]); - r[75] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[75] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]); - r[74] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[74] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]); - r[73] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[73] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]); - r[72] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[72] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[71] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[70] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[69] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[68] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[67] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[66] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[65] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[64] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[63] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[62] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[61] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[60] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[59] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[58] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[57] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[56] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[55] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[54] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[53] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[52] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[51] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[50] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[49] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[48] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[47] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[46] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[45] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[44] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[43] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[42] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[41] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[40] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[39] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[38] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[37] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[36] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[35] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[34] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[33] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[32] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[31] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[30] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[29] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[28] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[27] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[26] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[25] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[24] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[23] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[22] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[21] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[20] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[19] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[18] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[17] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[16] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[15] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[14] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[13] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[12] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[11] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[10] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[9] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[8] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[7] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[6] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[5] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[4] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[3] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[2] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (28U - n))) & 0xfffffff; - r[0] = (a[0] << n) & 0xfffffff; + r[1] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); + r[0] = (sp_digit)((a[0] << n) & 0xfffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -12953,23 +12953,23 @@ SP_NOINLINE static void sp_4096_mul_add_71(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[68]) + r[68]; t[1] = (tb * a[69]) + r[69]; t[2] = (tb * a[70]) + r[70]; - r[68] = t[0] & 0x1fffffff; + r[68] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[69] = t[1] & 0x1fffffff; + r[69] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[70] = t[2] & 0x1fffffff; + r[70] = (sp_digit)(t[2] & 0x1fffffff); r[71] += (sp_digit)(t[2] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -12986,7 +12986,7 @@ static void sp_4096_mont_shift_71(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[71]) << 11; for (i = 0; i < 70; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[72 + i]) << 11; } @@ -13009,11 +13009,11 @@ static void sp_4096_mont_reduce_71(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_71(a + 71); for (i=0; i<70; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_4096_mul_add_71(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL); sp_4096_mul_add_71(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -13237,7 +13237,7 @@ SP_NOINLINE static void sp_4096_rshift_71(sp_digit* r, const sp_digit* a, int i; for (i=0; i<70; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[70] = a[70] >> n; } @@ -13886,20 +13886,20 @@ SP_NOINLINE static void sp_4096_mul_add_142(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[140]) + r[140]; t[1] = (tb * a[141]) + r[141]; - r[140] = t[0] & 0x1fffffff; + r[140] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[141] = t[1] & 0x1fffffff; + r[141] = (sp_digit)(t[1] & 0x1fffffff); r[142] += (sp_digit)(t[1] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -13916,7 +13916,7 @@ static void sp_4096_mont_shift_142(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[142]) << 22; for (i = 0; i < 141; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[143 + i]) << 22; } @@ -13941,33 +13941,33 @@ static void sp_4096_mont_reduce_142(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<141; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } else { for (i=0; i<141; i++) { - mu = a[i] & 0x1fffffff; + mu = (sp_digit)(a[i] & 0x1fffffff); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = a[i] & 0x7fL; + mu = (sp_digit)(a[i] & 0x7fL); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } #else for (i=0; i<141; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -14073,7 +14073,7 @@ SP_NOINLINE static void sp_4096_rshift_142(sp_digit* r, const sp_digit* a, int i; for (i=0; i<141; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[141] = a[141] >> n; } @@ -15422,9 +15422,9 @@ SP_NOINLINE static void sp_4096_lshift_142(sp_digit* r, const sp_digit* a, r[142] = a[141] >> (29 - n); for (i=141; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -15921,29 +15921,29 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_uint64)a[ 0]) * b[ 0]; t1 = ((sp_uint64)a[ 0]) * b[ 1] + ((sp_uint64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 2] + ((sp_uint64)a[ 1]) * b[ 1] + ((sp_uint64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 0]) * b[ 3] + ((sp_uint64)a[ 1]) * b[ 2] + ((sp_uint64)a[ 2]) * b[ 1] + ((sp_uint64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 4] + ((sp_uint64)a[ 1]) * b[ 3] + ((sp_uint64)a[ 2]) * b[ 2] + ((sp_uint64)a[ 3]) * b[ 1] + ((sp_uint64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 0]) * b[ 5] + ((sp_uint64)a[ 1]) * b[ 4] + ((sp_uint64)a[ 2]) * b[ 3] + ((sp_uint64)a[ 3]) * b[ 2] + ((sp_uint64)a[ 4]) * b[ 1] + ((sp_uint64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 6] + ((sp_uint64)a[ 1]) * b[ 5] + ((sp_uint64)a[ 2]) * b[ 4] @@ -15951,7 +15951,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 4]) * b[ 2] + ((sp_uint64)a[ 5]) * b[ 1] + ((sp_uint64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 0]) * b[ 7] + ((sp_uint64)a[ 1]) * b[ 6] + ((sp_uint64)a[ 2]) * b[ 5] @@ -15960,7 +15960,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 5]) * b[ 2] + ((sp_uint64)a[ 6]) * b[ 1] + ((sp_uint64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 8] + ((sp_uint64)a[ 1]) * b[ 7] + ((sp_uint64)a[ 2]) * b[ 6] @@ -15970,7 +15970,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 2] + ((sp_uint64)a[ 7]) * b[ 1] + ((sp_uint64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 1]) * b[ 8] + ((sp_uint64)a[ 2]) * b[ 7] + ((sp_uint64)a[ 3]) * b[ 6] @@ -15979,7 +15979,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 3] + ((sp_uint64)a[ 7]) * b[ 2] + ((sp_uint64)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 2]) * b[ 8] + ((sp_uint64)a[ 3]) * b[ 7] + ((sp_uint64)a[ 4]) * b[ 6] @@ -15987,35 +15987,35 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 4] + ((sp_uint64)a[ 7]) * b[ 3] + ((sp_uint64)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 3]) * b[ 8] + ((sp_uint64)a[ 4]) * b[ 7] + ((sp_uint64)a[ 5]) * b[ 6] + ((sp_uint64)a[ 6]) * b[ 5] + ((sp_uint64)a[ 7]) * b[ 4] + ((sp_uint64)a[ 8]) * b[ 3]; - r[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 4]) * b[ 8] + ((sp_uint64)a[ 5]) * b[ 7] + ((sp_uint64)a[ 6]) * b[ 6] + ((sp_uint64)a[ 7]) * b[ 5] + ((sp_uint64)a[ 8]) * b[ 4]; - r[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 5]) * b[ 8] + ((sp_uint64)a[ 6]) * b[ 7] + ((sp_uint64)a[ 7]) * b[ 6] + ((sp_uint64)a[ 8]) * b[ 5]; - r[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 6]) * b[ 8] + ((sp_uint64)a[ 7]) * b[ 7] + ((sp_uint64)a[ 8]) * b[ 6]; - r[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 7]) * b[ 8] + ((sp_uint64)a[ 8]) * b[ 7]; - r[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 8]) * b[ 8]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[16] = t0 & 0x3ffffff; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); r[17] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -16529,66 +16529,66 @@ SP_NOINLINE static void sp_4096_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_uint64)a[ 0]) * a[ 0]; t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2 + ((sp_uint64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 0]) * a[ 3] + ((sp_uint64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 4] + ((sp_uint64)a[ 1]) * a[ 3]) * 2 + ((sp_uint64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 0]) * a[ 5] + ((sp_uint64)a[ 1]) * a[ 4] + ((sp_uint64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 6] + ((sp_uint64)a[ 1]) * a[ 5] + ((sp_uint64)a[ 2]) * a[ 4]) * 2 + ((sp_uint64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 0]) * a[ 7] + ((sp_uint64)a[ 1]) * a[ 6] + ((sp_uint64)a[ 2]) * a[ 5] + ((sp_uint64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 8] + ((sp_uint64)a[ 1]) * a[ 7] + ((sp_uint64)a[ 2]) * a[ 6] + ((sp_uint64)a[ 3]) * a[ 5]) * 2 + ((sp_uint64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 1]) * a[ 8] + ((sp_uint64)a[ 2]) * a[ 7] + ((sp_uint64)a[ 3]) * a[ 6] + ((sp_uint64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 2]) * a[ 8] + ((sp_uint64)a[ 3]) * a[ 7] + ((sp_uint64)a[ 4]) * a[ 6]) * 2 + ((sp_uint64)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 3]) * a[ 8] + ((sp_uint64)a[ 4]) * a[ 7] + ((sp_uint64)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 4]) * a[ 8] + ((sp_uint64)a[ 5]) * a[ 7]) * 2 + ((sp_uint64)a[ 6]) * a[ 6]; - r[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 5]) * a[ 8] + ((sp_uint64)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 6]) * a[ 8]) * 2 + ((sp_uint64)a[ 7]) * a[ 7]; - r[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[16] = t0 & 0x3ffffff; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); r[17] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -16936,25 +16936,25 @@ SP_NOINLINE static void sp_4096_mul_add_81(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x3ffffff; + r[i+0] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[i+1] = t[1] & 0x3ffffff; + r[i+1] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[i+2] = t[2] & 0x3ffffff; + r[i+2] = (sp_digit)(t[2] & 0x3ffffff); t[3] += t[2] >> 26; - r[i+3] = t[3] & 0x3ffffff; + r[i+3] = (sp_digit)(t[3] & 0x3ffffff); t[4] += t[3] >> 26; - r[i+4] = t[4] & 0x3ffffff; + r[i+4] = (sp_digit)(t[4] & 0x3ffffff); t[5] += t[4] >> 26; - r[i+5] = t[5] & 0x3ffffff; + r[i+5] = (sp_digit)(t[5] & 0x3ffffff); t[6] += t[5] >> 26; - r[i+6] = t[6] & 0x3ffffff; + r[i+6] = (sp_digit)(t[6] & 0x3ffffff); t[7] += t[6] >> 26; - r[i+7] = t[7] & 0x3ffffff; + r[i+7] = (sp_digit)(t[7] & 0x3ffffff); t[0] = t[7] >> 26; } t[0] += (tb * a[80]) + r[80]; - r[80] = t[0] & 0x3ffffff; + r[80] = (sp_digit)(t[0] & 0x3ffffff); r[81] += (sp_digit)(t[0] >> 26); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -16970,29 +16970,29 @@ static void sp_4096_mont_shift_81(sp_digit* r, const sp_digit* a) sp_int64 n = a[78] >> 20; n += ((sp_int64)a[79]) << 6; for (i = 0; i < 72; i += 8) { - r[i + 0] = n & 0x3ffffff; + r[i + 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 80]) << 6; - r[i + 1] = n & 0x3ffffff; + r[i + 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 81]) << 6; - r[i + 2] = n & 0x3ffffff; + r[i + 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 82]) << 6; - r[i + 3] = n & 0x3ffffff; + r[i + 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 83]) << 6; - r[i + 4] = n & 0x3ffffff; + r[i + 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 84]) << 6; - r[i + 5] = n & 0x3ffffff; + r[i + 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 85]) << 6; - r[i + 6] = n & 0x3ffffff; + r[i + 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 86]) << 6; - r[i + 7] = n & 0x3ffffff; + r[i + 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 87]) << 6; } - r[72] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[152]) << 6; - r[73] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[153]) << 6; - r[74] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[154]) << 6; - r[75] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[155]) << 6; - r[76] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[156]) << 6; - r[77] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[157]) << 6; + r[72] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[152]) << 6; + r[73] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[153]) << 6; + r[74] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[154]) << 6; + r[75] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[155]) << 6; + r[76] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[156]) << 6; + r[77] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[157]) << 6; r[78] = (sp_digit)n; XMEMSET(&r[79], 0, sizeof(*r) * 79U); } @@ -17012,11 +17012,11 @@ static void sp_4096_mont_reduce_81(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_81(a + 79); for (i=0; i<78; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_4096_mul_add_81(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_4096_mul_add_81(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; @@ -17133,14 +17133,14 @@ SP_NOINLINE static void sp_4096_rshift_81(sp_digit* r, const sp_digit* a, int i; for (i=0; i<80; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff); } r[80] = a[80] >> n; } @@ -17810,28 +17810,28 @@ SP_NOINLINE static void sp_4096_mul_add_162(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x3ffffff; + r[i+0] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[i+1] = t[1] & 0x3ffffff; + r[i+1] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[i+2] = t[2] & 0x3ffffff; + r[i+2] = (sp_digit)(t[2] & 0x3ffffff); t[3] += t[2] >> 26; - r[i+3] = t[3] & 0x3ffffff; + r[i+3] = (sp_digit)(t[3] & 0x3ffffff); t[4] += t[3] >> 26; - r[i+4] = t[4] & 0x3ffffff; + r[i+4] = (sp_digit)(t[4] & 0x3ffffff); t[5] += t[4] >> 26; - r[i+5] = t[5] & 0x3ffffff; + r[i+5] = (sp_digit)(t[5] & 0x3ffffff); t[6] += t[5] >> 26; - r[i+6] = t[6] & 0x3ffffff; + r[i+6] = (sp_digit)(t[6] & 0x3ffffff); t[7] += t[6] >> 26; - r[i+7] = t[7] & 0x3ffffff; + r[i+7] = (sp_digit)(t[7] & 0x3ffffff); t[0] = t[7] >> 26; } t[0] += (tb * a[160]) + r[160]; t[1] = (tb * a[161]) + r[161]; - r[160] = t[0] & 0x3ffffff; + r[160] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[161] = t[1] & 0x3ffffff; + r[161] = (sp_digit)(t[1] & 0x3ffffff); r[162] += (sp_digit)(t[1] >> 26); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -17847,28 +17847,28 @@ static void sp_4096_mont_shift_162(sp_digit* r, const sp_digit* a) sp_int64 n = a[157] >> 14; n += ((sp_int64)a[158]) << 12; for (i = 0; i < 152; i += 8) { - r[i + 0] = n & 0x3ffffff; + r[i + 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 159]) << 12; - r[i + 1] = n & 0x3ffffff; + r[i + 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 160]) << 12; - r[i + 2] = n & 0x3ffffff; + r[i + 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 161]) << 12; - r[i + 3] = n & 0x3ffffff; + r[i + 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 162]) << 12; - r[i + 4] = n & 0x3ffffff; + r[i + 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 163]) << 12; - r[i + 5] = n & 0x3ffffff; + r[i + 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 164]) << 12; - r[i + 6] = n & 0x3ffffff; + r[i + 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 165]) << 12; - r[i + 7] = n & 0x3ffffff; + r[i + 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 166]) << 12; } - r[152] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[311]) << 12; - r[153] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[312]) << 12; - r[154] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[313]) << 12; - r[155] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[314]) << 12; - r[156] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[315]) << 12; + r[152] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[311]) << 12; + r[153] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[312]) << 12; + r[154] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[313]) << 12; + r[155] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[314]) << 12; + r[156] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[315]) << 12; r[157] = (sp_digit)n; XMEMSET(&r[158], 0, sizeof(*r) * 158U); } @@ -17890,33 +17890,33 @@ static void sp_4096_mont_reduce_162(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<157; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; } else { for (i=0; i<157; i++) { - mu = a[i] & 0x3ffffff; + mu = (sp_digit)(a[i] & 0x3ffffff); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = a[i] & 0x3fffL; + mu = (sp_digit)(a[i] & 0x3fffL); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; } #else for (i=0; i<157; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; @@ -18032,16 +18032,16 @@ SP_NOINLINE static void sp_4096_rshift_162(sp_digit* r, const sp_digit* a, int i; for (i=0; i<160; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff); - } - r[160] = (a[160] >> n) | ((a[161] << (26 - n)) & 0x3ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff); + } + r[160] = (a[160] >> n) | (sp_digit)((a[161] << (26 - n)) & 0x3ffffff); r[161] = a[161] >> n; } @@ -19398,328 +19398,328 @@ SP_NOINLINE static void sp_4096_lshift_162(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[161]; r[162] = s >> (26U - n); s = (sp_int_digit)(a[161]); t = (sp_int_digit)(a[160]); - r[161] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[161] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[160]); t = (sp_int_digit)(a[159]); - r[160] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[160] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[159]); t = (sp_int_digit)(a[158]); - r[159] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[159] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[158]); t = (sp_int_digit)(a[157]); - r[158] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[158] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[157]); t = (sp_int_digit)(a[156]); - r[157] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[157] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[156]); t = (sp_int_digit)(a[155]); - r[156] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[156] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[155]); t = (sp_int_digit)(a[154]); - r[155] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[155] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[154]); t = (sp_int_digit)(a[153]); - r[154] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[154] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[153]); t = (sp_int_digit)(a[152]); - r[153] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[153] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[152]); t = (sp_int_digit)(a[151]); - r[152] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[152] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[151]); t = (sp_int_digit)(a[150]); - r[151] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[151] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[150]); t = (sp_int_digit)(a[149]); - r[150] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[150] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[149]); t = (sp_int_digit)(a[148]); - r[149] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[149] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[148]); t = (sp_int_digit)(a[147]); - r[148] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[148] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[147]); t = (sp_int_digit)(a[146]); - r[147] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[147] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[146]); t = (sp_int_digit)(a[145]); - r[146] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[146] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[145]); t = (sp_int_digit)(a[144]); - r[145] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[145] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[144]); t = (sp_int_digit)(a[143]); - r[144] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[144] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[143]); t = (sp_int_digit)(a[142]); - r[143] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[143] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[142]); t = (sp_int_digit)(a[141]); - r[142] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[142] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[141]); t = (sp_int_digit)(a[140]); - r[141] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[141] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[140]); t = (sp_int_digit)(a[139]); - r[140] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[140] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[139]); t = (sp_int_digit)(a[138]); - r[139] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[139] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[138]); t = (sp_int_digit)(a[137]); - r[138] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[138] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[137]); t = (sp_int_digit)(a[136]); - r[137] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[137] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[136]); t = (sp_int_digit)(a[135]); - r[136] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[136] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[135]); t = (sp_int_digit)(a[134]); - r[135] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[135] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[134]); t = (sp_int_digit)(a[133]); - r[134] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[134] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[133]); t = (sp_int_digit)(a[132]); - r[133] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[133] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[132]); t = (sp_int_digit)(a[131]); - r[132] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[132] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[131]); t = (sp_int_digit)(a[130]); - r[131] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[131] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[130]); t = (sp_int_digit)(a[129]); - r[130] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[130] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[129]); t = (sp_int_digit)(a[128]); - r[129] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[129] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[128]); t = (sp_int_digit)(a[127]); - r[128] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[128] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[127]); t = (sp_int_digit)(a[126]); - r[127] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[127] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[126]); t = (sp_int_digit)(a[125]); - r[126] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[126] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[125]); t = (sp_int_digit)(a[124]); - r[125] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[125] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[124]); t = (sp_int_digit)(a[123]); - r[124] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[124] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[123]); t = (sp_int_digit)(a[122]); - r[123] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[123] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[122]); t = (sp_int_digit)(a[121]); - r[122] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[122] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[121]); t = (sp_int_digit)(a[120]); - r[121] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[121] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[120]); t = (sp_int_digit)(a[119]); - r[120] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[120] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[119]); t = (sp_int_digit)(a[118]); - r[119] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[119] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[118]); t = (sp_int_digit)(a[117]); - r[118] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[118] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[117]); t = (sp_int_digit)(a[116]); - r[117] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[117] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[116]); t = (sp_int_digit)(a[115]); - r[116] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[116] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[115]); t = (sp_int_digit)(a[114]); - r[115] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[115] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[114]); t = (sp_int_digit)(a[113]); - r[114] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[114] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[113]); t = (sp_int_digit)(a[112]); - r[113] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[113] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[112]); t = (sp_int_digit)(a[111]); - r[112] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[112] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]); - r[111] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[111] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]); - r[110] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[110] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]); - r[109] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[109] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]); - r[108] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[108] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]); - r[107] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[107] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]); - r[106] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[106] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]); - r[105] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[105] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]); - r[104] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[104] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]); - r[103] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[103] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]); - r[102] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[102] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]); - r[101] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[101] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]); - r[100] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[100] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]); - r[99] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[99] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]); - r[98] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[98] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]); - r[97] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[97] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]); - r[96] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[96] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]); - r[95] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[95] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]); - r[94] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[94] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]); - r[93] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[93] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]); - r[92] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[92] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]); - r[91] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[91] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]); - r[90] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[90] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]); - r[89] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[89] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]); - r[88] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[88] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]); - r[87] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[87] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]); - r[86] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[86] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]); - r[85] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[85] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]); - r[84] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[84] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]); - r[83] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[83] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]); - r[82] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[82] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]); - r[81] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[81] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]); - r[80] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[80] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]); - r[79] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[79] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]); - r[78] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[78] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]); - r[77] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[77] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]); - r[76] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[76] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]); - r[75] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[75] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]); - r[74] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[74] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]); - r[73] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[73] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]); - r[72] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[72] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[71] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[70] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[69] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[68] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[67] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[66] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[65] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[64] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[63] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[62] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[61] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[60] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[59] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[58] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[57] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[56] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[55] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[54] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[53] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[52] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[51] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[50] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[49] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[48] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[47] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[46] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[45] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[44] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[43] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[42] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[41] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[40] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[39] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[38] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[37] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[36] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[35] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[34] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[33] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[32] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[31] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[30] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; - r[0] = (a[0] << n) & 0x3ffffff; + r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); + r[0] = (sp_digit)((a[0] << n) & 0x3ffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -20084,29 +20084,29 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_int64)a[ 0]) * b[ 0]; t1 = ((sp_int64)a[ 0]) * b[ 1] + ((sp_int64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 2] + ((sp_int64)a[ 1]) * b[ 1] + ((sp_int64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 0]) * b[ 3] + ((sp_int64)a[ 1]) * b[ 2] + ((sp_int64)a[ 2]) * b[ 1] + ((sp_int64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 4] + ((sp_int64)a[ 1]) * b[ 3] + ((sp_int64)a[ 2]) * b[ 2] + ((sp_int64)a[ 3]) * b[ 1] + ((sp_int64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 0]) * b[ 5] + ((sp_int64)a[ 1]) * b[ 4] + ((sp_int64)a[ 2]) * b[ 3] + ((sp_int64)a[ 3]) * b[ 2] + ((sp_int64)a[ 4]) * b[ 1] + ((sp_int64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 6] + ((sp_int64)a[ 1]) * b[ 5] + ((sp_int64)a[ 2]) * b[ 4] @@ -20114,7 +20114,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 4]) * b[ 2] + ((sp_int64)a[ 5]) * b[ 1] + ((sp_int64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 0]) * b[ 7] + ((sp_int64)a[ 1]) * b[ 6] + ((sp_int64)a[ 2]) * b[ 5] @@ -20123,7 +20123,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 5]) * b[ 2] + ((sp_int64)a[ 6]) * b[ 1] + ((sp_int64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 8] + ((sp_int64)a[ 1]) * b[ 7] + ((sp_int64)a[ 2]) * b[ 6] @@ -20133,7 +20133,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 2] + ((sp_int64)a[ 7]) * b[ 1] + ((sp_int64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 1]) * b[ 8] + ((sp_int64)a[ 2]) * b[ 7] + ((sp_int64)a[ 3]) * b[ 6] @@ -20142,7 +20142,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 3] + ((sp_int64)a[ 7]) * b[ 2] + ((sp_int64)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 2]) * b[ 8] + ((sp_int64)a[ 3]) * b[ 7] + ((sp_int64)a[ 4]) * b[ 6] @@ -20150,35 +20150,35 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 4] + ((sp_int64)a[ 7]) * b[ 3] + ((sp_int64)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 3]) * b[ 8] + ((sp_int64)a[ 4]) * b[ 7] + ((sp_int64)a[ 5]) * b[ 6] + ((sp_int64)a[ 6]) * b[ 5] + ((sp_int64)a[ 7]) * b[ 4] + ((sp_int64)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 4]) * b[ 8] + ((sp_int64)a[ 5]) * b[ 7] + ((sp_int64)a[ 6]) * b[ 6] + ((sp_int64)a[ 7]) * b[ 5] + ((sp_int64)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 5]) * b[ 8] + ((sp_int64)a[ 6]) * b[ 7] + ((sp_int64)a[ 7]) * b[ 6] + ((sp_int64)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 6]) * b[ 8] + ((sp_int64)a[ 7]) * b[ 7] + ((sp_int64)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 7]) * b[ 8] + ((sp_int64)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[16] = t0 & 0x1fffffff; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); r[17] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -20240,66 +20240,66 @@ SP_NOINLINE static void sp_256_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_int64)a[ 0]) * a[ 0]; t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2 + ((sp_int64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 0]) * a[ 3] + ((sp_int64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 4] + ((sp_int64)a[ 1]) * a[ 3]) * 2 + ((sp_int64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 0]) * a[ 5] + ((sp_int64)a[ 1]) * a[ 4] + ((sp_int64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 6] + ((sp_int64)a[ 1]) * a[ 5] + ((sp_int64)a[ 2]) * a[ 4]) * 2 + ((sp_int64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 0]) * a[ 7] + ((sp_int64)a[ 1]) * a[ 6] + ((sp_int64)a[ 2]) * a[ 5] + ((sp_int64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 8] + ((sp_int64)a[ 1]) * a[ 7] + ((sp_int64)a[ 2]) * a[ 6] + ((sp_int64)a[ 3]) * a[ 5]) * 2 + ((sp_int64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 1]) * a[ 8] + ((sp_int64)a[ 2]) * a[ 7] + ((sp_int64)a[ 3]) * a[ 6] + ((sp_int64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 2]) * a[ 8] + ((sp_int64)a[ 3]) * a[ 7] + ((sp_int64)a[ 4]) * a[ 6]) * 2 + ((sp_int64)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 3]) * a[ 8] + ((sp_int64)a[ 4]) * a[ 7] + ((sp_int64)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 4]) * a[ 8] + ((sp_int64)a[ 5]) * a[ 7]) * 2 + ((sp_int64)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 5]) * a[ 8] + ((sp_int64)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 6]) * a[ 8]) * 2 + ((sp_int64)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[16] = t0 & 0x1fffffff; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); r[17] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -20679,17 +20679,17 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[8]) + r[8]; - r[8] = t[0] & 0x1fffffff; + r[8] = (sp_digit)(t[0] & 0x1fffffff); r[9] += (sp_digit)(t[0] >> 29); #else sp_int64 tb = b; @@ -20706,25 +20706,25 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[i+4] = t[4] & 0x1fffffff; + r[i+4] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[i+5] = t[5] & 0x1fffffff; + r[i+5] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[i+6] = t[6] & 0x1fffffff; + r[i+6] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[i+7] = t[7] & 0x1fffffff; + r[i+7] = (sp_digit)(t[7] & 0x1fffffff); t[0] = t[7] >> 29; } t[0] += (tb * a[8]) + r[8]; - r[8] = t[0] & 0x1fffffff; + r[8] = (sp_digit)(t[0] & 0x1fffffff); r[9] += (sp_digit)(t[0] >> 29); #endif /* WOLFSSL_SP_SMALL */ #endif /* !WOLFSSL_SP_LARGE_CODE */ @@ -20767,7 +20767,7 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[9]) << 5; for (i = 0; i < 8; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[10 + i]) << 5; } @@ -20775,14 +20775,14 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a) #else sp_int64 n = a[8] >> 24; n += ((sp_int64)a[9]) << 5; - r[ 0] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[10]) << 5; - r[ 1] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[11]) << 5; - r[ 2] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[12]) << 5; - r[ 3] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[13]) << 5; - r[ 4] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[14]) << 5; - r[ 5] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[15]) << 5; - r[ 6] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[16]) << 5; - r[ 7] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[17]) << 5; + r[ 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[10]) << 5; + r[ 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[11]) << 5; + r[ 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[12]) << 5; + r[ 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[13]) << 5; + r[ 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[14]) << 5; + r[ 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[15]) << 5; + r[ 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[16]) << 5; + r[ 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[17]) << 5; r[8] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[9], 0, sizeof(*r) * 9U); @@ -20803,11 +20803,11 @@ static void sp_256_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit sp_256_norm_9(a + 9); for (i=0; i<8; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_256_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL); sp_256_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -20832,32 +20832,32 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 8; i++) { - am = a[i] & 0x1fffffff; - a[i + 3] += (am << 9) & 0x1fffffff; + am = (sp_digit)(a[i] & 0x1fffffff); + a[i + 3] += (sp_digit)((am << 9) & 0x1fffffff); a[i + 4] += am >> 20; - a[i + 6] += (am << 18) & 0x1fffffff; - a[i + 7] += (am >> 11) - ((am << 21) & 0x1fffffff); - a[i + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff); + a[i + 6] += (sp_digit)((am << 18) & 0x1fffffff); + a[i + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff); + a[i + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff); a[i + 9] += am >> 5; a[i + 1] += a[i] >> 29; } - am = a[8] & 0xffffff; - a[8 + 3] += (am << 9) & 0x1fffffff; + am = (sp_digit)(a[8] & 0xffffff); + a[8 + 3] += (sp_digit)((am << 9) & 0x1fffffff); a[8 + 4] += am >> 20; - a[8 + 6] += (am << 18) & 0x1fffffff; - a[8 + 7] += (am >> 11) - ((am << 21) & 0x1fffffff); - a[8 + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff); + a[8 + 6] += (sp_digit)((am << 18) & 0x1fffffff); + a[8 + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff); + a[8 + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff); a[8 + 9] += am >> 5; - a[0] = (a[ 8] >> 24) + ((a[ 9] << 5) & 0x1fffffff); - a[1] = (a[ 9] >> 24) + ((a[10] << 5) & 0x1fffffff); - a[2] = (a[10] >> 24) + ((a[11] << 5) & 0x1fffffff); - a[3] = (a[11] >> 24) + ((a[12] << 5) & 0x1fffffff); - a[4] = (a[12] >> 24) + ((a[13] << 5) & 0x1fffffff); - a[5] = (a[13] >> 24) + ((a[14] << 5) & 0x1fffffff); - a[6] = (a[14] >> 24) + ((a[15] << 5) & 0x1fffffff); - a[7] = (a[15] >> 24) + ((a[16] << 5) & 0x1fffffff); + a[0] = (a[ 8] >> 24) + (sp_digit)((a[ 9] << 5) & 0x1fffffff); + a[1] = (a[ 9] >> 24) + (sp_digit)((a[10] << 5) & 0x1fffffff); + a[2] = (a[10] >> 24) + (sp_digit)((a[11] << 5) & 0x1fffffff); + a[3] = (a[11] >> 24) + (sp_digit)((a[12] << 5) & 0x1fffffff); + a[4] = (a[12] >> 24) + (sp_digit)((a[13] << 5) & 0x1fffffff); + a[5] = (a[13] >> 24) + (sp_digit)((a[14] << 5) & 0x1fffffff); + a[6] = (a[14] >> 24) + (sp_digit)((a[15] << 5) & 0x1fffffff); + a[7] = (a[15] >> 24) + (sp_digit)((a[16] << 5) & 0x1fffffff); a[8] = (a[16] >> 24) + (a[17] << 5); a[1] += a[0] >> 29; a[0] &= 0x1fffffff; @@ -20874,15 +20874,15 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x1fffffff & am; - a[1] -= 0x1fffffff & am; - a[2] -= 0x1fffffff & am; - a[3] -= 0x000001ff & am; + a[0] -= (sp_digit)(0x1fffffff & am); + a[1] -= (sp_digit)(0x1fffffff & am); + a[2] -= (sp_digit)(0x1fffffff & am); + a[3] -= (sp_digit)(0x000001ff & am); /* p256_mod[4] is zero */ /* p256_mod[5] is zero */ - a[6] -= 0x00040000 & am; - a[7] -= 0x1fe00000 & am; - a[8] -= 0x00ffffff & am; + a[6] -= (sp_digit)(0x00040000 & am); + a[7] -= (sp_digit)(0x1fe00000 & am); + a[8] -= (sp_digit)(0x00ffffff & am); a[1] += a[0] >> 29; a[0] &= 0x1fffffff; a[2] += a[1] >> 29; a[1] &= 0x1fffffff; @@ -20945,7 +20945,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -21187,17 +21187,17 @@ SP_NOINLINE static void sp_256_rshift1_9(sp_digit* r, const sp_digit* a) int i; for (i=0; i<8; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 28) & 0x1fffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 28) & 0x1fffffff); } #else - r[0] = (a[0] >> 1) + ((a[1] << 28) & 0x1fffffff); - r[1] = (a[1] >> 1) + ((a[2] << 28) & 0x1fffffff); - r[2] = (a[2] >> 1) + ((a[3] << 28) & 0x1fffffff); - r[3] = (a[3] >> 1) + ((a[4] << 28) & 0x1fffffff); - r[4] = (a[4] >> 1) + ((a[5] << 28) & 0x1fffffff); - r[5] = (a[5] >> 1) + ((a[6] << 28) & 0x1fffffff); - r[6] = (a[6] >> 1) + ((a[7] << 28) & 0x1fffffff); - r[7] = (a[7] >> 1) + ((a[8] << 28) & 0x1fffffff); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 28) & 0x1fffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 28) & 0x1fffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 28) & 0x1fffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 28) & 0x1fffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 28) & 0x1fffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 28) & 0x1fffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 28) & 0x1fffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 28) & 0x1fffffff); #endif r[8] = a[8] >> 1; } @@ -25203,18 +25203,18 @@ SP_NOINLINE static void sp_256_rshift_9(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<8; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } #else for (i=0; i<8; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff); } #endif /* WOLFSSL_SP_SMALL */ r[8] = a[8] >> n; @@ -25274,7 +25274,7 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a, r[18] = a[17] >> (29 - n); for (i=17; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } #else sp_int_digit s; @@ -25283,41 +25283,41 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[17]; r[18] = s >> (29U - n); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -25416,7 +25416,7 @@ static void sp_256_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -27168,29 +27168,29 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, t0 = ((sp_int64)a[ 0]) * b[ 0]; t1 = ((sp_int64)a[ 0]) * b[ 1] + ((sp_int64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 2] + ((sp_int64)a[ 1]) * b[ 1] + ((sp_int64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 3] + ((sp_int64)a[ 1]) * b[ 2] + ((sp_int64)a[ 2]) * b[ 1] + ((sp_int64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 4] + ((sp_int64)a[ 1]) * b[ 3] + ((sp_int64)a[ 2]) * b[ 2] + ((sp_int64)a[ 3]) * b[ 1] + ((sp_int64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 5] + ((sp_int64)a[ 1]) * b[ 4] + ((sp_int64)a[ 2]) * b[ 3] + ((sp_int64)a[ 3]) * b[ 2] + ((sp_int64)a[ 4]) * b[ 1] + ((sp_int64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 6] + ((sp_int64)a[ 1]) * b[ 5] + ((sp_int64)a[ 2]) * b[ 4] @@ -27198,7 +27198,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 4]) * b[ 2] + ((sp_int64)a[ 5]) * b[ 1] + ((sp_int64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 7] + ((sp_int64)a[ 1]) * b[ 6] + ((sp_int64)a[ 2]) * b[ 5] @@ -27207,7 +27207,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 5]) * b[ 2] + ((sp_int64)a[ 6]) * b[ 1] + ((sp_int64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 8] + ((sp_int64)a[ 1]) * b[ 7] + ((sp_int64)a[ 2]) * b[ 6] @@ -27217,7 +27217,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 2] + ((sp_int64)a[ 7]) * b[ 1] + ((sp_int64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 9] + ((sp_int64)a[ 1]) * b[ 8] + ((sp_int64)a[ 2]) * b[ 7] @@ -27228,7 +27228,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 7]) * b[ 2] + ((sp_int64)a[ 8]) * b[ 1] + ((sp_int64)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[10] + ((sp_int64)a[ 1]) * b[ 9] + ((sp_int64)a[ 2]) * b[ 8] @@ -27240,7 +27240,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 8]) * b[ 2] + ((sp_int64)a[ 9]) * b[ 1] + ((sp_int64)a[10]) * b[ 0]; - t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[11] + ((sp_int64)a[ 1]) * b[10] + ((sp_int64)a[ 2]) * b[ 9] @@ -27253,7 +27253,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 9]) * b[ 2] + ((sp_int64)a[10]) * b[ 1] + ((sp_int64)a[11]) * b[ 0]; - t[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[12] + ((sp_int64)a[ 1]) * b[11] + ((sp_int64)a[ 2]) * b[10] @@ -27267,7 +27267,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[10]) * b[ 2] + ((sp_int64)a[11]) * b[ 1] + ((sp_int64)a[12]) * b[ 0]; - t[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[13] + ((sp_int64)a[ 1]) * b[12] + ((sp_int64)a[ 2]) * b[11] @@ -27282,7 +27282,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[11]) * b[ 2] + ((sp_int64)a[12]) * b[ 1] + ((sp_int64)a[13]) * b[ 0]; - t[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[14] + ((sp_int64)a[ 1]) * b[13] + ((sp_int64)a[ 2]) * b[12] @@ -27298,7 +27298,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 2] + ((sp_int64)a[13]) * b[ 1] + ((sp_int64)a[14]) * b[ 0]; - t[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 1]) * b[14] + ((sp_int64)a[ 2]) * b[13] + ((sp_int64)a[ 3]) * b[12] @@ -27313,7 +27313,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 3] + ((sp_int64)a[13]) * b[ 2] + ((sp_int64)a[14]) * b[ 1]; - t[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 2]) * b[14] + ((sp_int64)a[ 3]) * b[13] + ((sp_int64)a[ 4]) * b[12] @@ -27327,7 +27327,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 4] + ((sp_int64)a[13]) * b[ 3] + ((sp_int64)a[14]) * b[ 2]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 3]) * b[14] + ((sp_int64)a[ 4]) * b[13] + ((sp_int64)a[ 5]) * b[12] @@ -27340,7 +27340,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 5] + ((sp_int64)a[13]) * b[ 4] + ((sp_int64)a[14]) * b[ 3]; - r[16] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 4]) * b[14] + ((sp_int64)a[ 5]) * b[13] + ((sp_int64)a[ 6]) * b[12] @@ -27352,7 +27352,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 6] + ((sp_int64)a[13]) * b[ 5] + ((sp_int64)a[14]) * b[ 4]; - r[17] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 5]) * b[14] + ((sp_int64)a[ 6]) * b[13] + ((sp_int64)a[ 7]) * b[12] @@ -27363,7 +27363,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 7] + ((sp_int64)a[13]) * b[ 6] + ((sp_int64)a[14]) * b[ 5]; - r[18] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 6]) * b[14] + ((sp_int64)a[ 7]) * b[13] + ((sp_int64)a[ 8]) * b[12] @@ -27373,7 +27373,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 8] + ((sp_int64)a[13]) * b[ 7] + ((sp_int64)a[14]) * b[ 6]; - r[19] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 7]) * b[14] + ((sp_int64)a[ 8]) * b[13] + ((sp_int64)a[ 9]) * b[12] @@ -27382,7 +27382,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 9] + ((sp_int64)a[13]) * b[ 8] + ((sp_int64)a[14]) * b[ 7]; - r[20] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 8]) * b[14] + ((sp_int64)a[ 9]) * b[13] + ((sp_int64)a[10]) * b[12] @@ -27390,35 +27390,35 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[10] + ((sp_int64)a[13]) * b[ 9] + ((sp_int64)a[14]) * b[ 8]; - r[21] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 9]) * b[14] + ((sp_int64)a[10]) * b[13] + ((sp_int64)a[11]) * b[12] + ((sp_int64)a[12]) * b[11] + ((sp_int64)a[13]) * b[10] + ((sp_int64)a[14]) * b[ 9]; - r[22] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[10]) * b[14] + ((sp_int64)a[11]) * b[13] + ((sp_int64)a[12]) * b[12] + ((sp_int64)a[13]) * b[11] + ((sp_int64)a[14]) * b[10]; - r[23] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[11]) * b[14] + ((sp_int64)a[12]) * b[13] + ((sp_int64)a[13]) * b[12] + ((sp_int64)a[14]) * b[11]; - r[24] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[12]) * b[14] + ((sp_int64)a[13]) * b[13] + ((sp_int64)a[14]) * b[12]; - r[25] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[13]) * b[14] + ((sp_int64)a[14]) * b[13]; - r[26] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[14]) * b[14]; - r[27] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[28] = t0 & 0x3ffffff; + r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[28] = (sp_digit)(t0 & 0x3ffffff); r[29] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -27480,57 +27480,57 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) t0 = ((sp_int64)a[ 0]) * a[ 0]; t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2 + ((sp_int64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 3] + ((sp_int64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 4] + ((sp_int64)a[ 1]) * a[ 3]) * 2 + ((sp_int64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 5] + ((sp_int64)a[ 1]) * a[ 4] + ((sp_int64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 6] + ((sp_int64)a[ 1]) * a[ 5] + ((sp_int64)a[ 2]) * a[ 4]) * 2 + ((sp_int64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 7] + ((sp_int64)a[ 1]) * a[ 6] + ((sp_int64)a[ 2]) * a[ 5] + ((sp_int64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 8] + ((sp_int64)a[ 1]) * a[ 7] + ((sp_int64)a[ 2]) * a[ 6] + ((sp_int64)a[ 3]) * a[ 5]) * 2 + ((sp_int64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 9] + ((sp_int64)a[ 1]) * a[ 8] + ((sp_int64)a[ 2]) * a[ 7] + ((sp_int64)a[ 3]) * a[ 6] + ((sp_int64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[10] + ((sp_int64)a[ 1]) * a[ 9] + ((sp_int64)a[ 2]) * a[ 8] + ((sp_int64)a[ 3]) * a[ 7] + ((sp_int64)a[ 4]) * a[ 6]) * 2 + ((sp_int64)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[11] + ((sp_int64)a[ 1]) * a[10] + ((sp_int64)a[ 2]) * a[ 9] + ((sp_int64)a[ 3]) * a[ 8] + ((sp_int64)a[ 4]) * a[ 7] + ((sp_int64)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[12] + ((sp_int64)a[ 1]) * a[11] + ((sp_int64)a[ 2]) * a[10] @@ -27538,7 +27538,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 4]) * a[ 8] + ((sp_int64)a[ 5]) * a[ 7]) * 2 + ((sp_int64)a[ 6]) * a[ 6]; - t[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[13] + ((sp_int64)a[ 1]) * a[12] + ((sp_int64)a[ 2]) * a[11] @@ -27546,7 +27546,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 4]) * a[ 9] + ((sp_int64)a[ 5]) * a[ 8] + ((sp_int64)a[ 6]) * a[ 7]) * 2; - t[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[14] + ((sp_int64)a[ 1]) * a[13] + ((sp_int64)a[ 2]) * a[12] @@ -27555,7 +27555,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 5]) * a[ 9] + ((sp_int64)a[ 6]) * a[ 8]) * 2 + ((sp_int64)a[ 7]) * a[ 7]; - t[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 1]) * a[14] + ((sp_int64)a[ 2]) * a[13] + ((sp_int64)a[ 3]) * a[12] @@ -27563,7 +27563,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 5]) * a[10] + ((sp_int64)a[ 6]) * a[ 9] + ((sp_int64)a[ 7]) * a[ 8]) * 2; - t[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 2]) * a[14] + ((sp_int64)a[ 3]) * a[13] + ((sp_int64)a[ 4]) * a[12] @@ -27571,62 +27571,62 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 6]) * a[10] + ((sp_int64)a[ 7]) * a[ 9]) * 2 + ((sp_int64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 3]) * a[14] + ((sp_int64)a[ 4]) * a[13] + ((sp_int64)a[ 5]) * a[12] + ((sp_int64)a[ 6]) * a[11] + ((sp_int64)a[ 7]) * a[10] + ((sp_int64)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 4]) * a[14] + ((sp_int64)a[ 5]) * a[13] + ((sp_int64)a[ 6]) * a[12] + ((sp_int64)a[ 7]) * a[11] + ((sp_int64)a[ 8]) * a[10]) * 2 + ((sp_int64)a[ 9]) * a[ 9]; - r[17] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 5]) * a[14] + ((sp_int64)a[ 6]) * a[13] + ((sp_int64)a[ 7]) * a[12] + ((sp_int64)a[ 8]) * a[11] + ((sp_int64)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 6]) * a[14] + ((sp_int64)a[ 7]) * a[13] + ((sp_int64)a[ 8]) * a[12] + ((sp_int64)a[ 9]) * a[11]) * 2 + ((sp_int64)a[10]) * a[10]; - r[19] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 7]) * a[14] + ((sp_int64)a[ 8]) * a[13] + ((sp_int64)a[ 9]) * a[12] + ((sp_int64)a[10]) * a[11]) * 2; - r[20] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 8]) * a[14] + ((sp_int64)a[ 9]) * a[13] + ((sp_int64)a[10]) * a[12]) * 2 + ((sp_int64)a[11]) * a[11]; - r[21] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 9]) * a[14] + ((sp_int64)a[10]) * a[13] + ((sp_int64)a[11]) * a[12]) * 2; - r[22] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[10]) * a[14] + ((sp_int64)a[11]) * a[13]) * 2 + ((sp_int64)a[12]) * a[12]; - r[23] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[11]) * a[14] + ((sp_int64)a[12]) * a[13]) * 2; - r[24] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[12]) * a[14]) * 2 + ((sp_int64)a[13]) * a[13]; - r[25] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[13]) * a[14]) * 2; - r[26] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[14]) * a[14]; - r[27] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[28] = t0 & 0x3ffffff; + r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[28] = (sp_digit)(t0 & 0x3ffffff); r[29] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -28017,23 +28017,23 @@ SP_NOINLINE static void sp_384_mul_add_15(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x3ffffff; + r[i+0] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[i+1] = t[1] & 0x3ffffff; + r[i+1] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[i+2] = t[2] & 0x3ffffff; + r[i+2] = (sp_digit)(t[2] & 0x3ffffff); t[3] += t[2] >> 26; - r[i+3] = t[3] & 0x3ffffff; + r[i+3] = (sp_digit)(t[3] & 0x3ffffff); t[0] = t[3] >> 26; } t[0] += (tb * a[12]) + r[12]; t[1] = (tb * a[13]) + r[13]; t[2] = (tb * a[14]) + r[14]; - r[12] = t[0] & 0x3ffffff; + r[12] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[13] = t[1] & 0x3ffffff; + r[13] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[14] = t[2] & 0x3ffffff; + r[14] = (sp_digit)(t[2] & 0x3ffffff); r[15] += (sp_digit)(t[2] >> 26); #else sp_int64 tb = b; @@ -28116,7 +28116,7 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[15]) << 6; for (i = 0; i < 14; i++) { - r[i] = n & 0x3ffffff; + r[i] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[16 + i]) << 6; } @@ -28124,20 +28124,20 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a) #else sp_int64 n = a[14] >> 20; n += ((sp_int64)a[15]) << 6; - r[ 0] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[16]) << 6; - r[ 1] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[17]) << 6; - r[ 2] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[18]) << 6; - r[ 3] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[19]) << 6; - r[ 4] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[20]) << 6; - r[ 5] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[21]) << 6; - r[ 6] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[22]) << 6; - r[ 7] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[23]) << 6; - r[ 8] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[24]) << 6; - r[ 9] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[25]) << 6; - r[10] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[26]) << 6; - r[11] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[27]) << 6; - r[12] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[28]) << 6; - r[13] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[29]) << 6; + r[ 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[16]) << 6; + r[ 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[17]) << 6; + r[ 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[18]) << 6; + r[ 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[19]) << 6; + r[ 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[20]) << 6; + r[ 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[21]) << 6; + r[ 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[22]) << 6; + r[ 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[23]) << 6; + r[ 8] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[24]) << 6; + r[ 9] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[25]) << 6; + r[10] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[26]) << 6; + r[11] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[27]) << 6; + r[12] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[28]) << 6; + r[13] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[29]) << 6; r[14] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[15], 0, sizeof(*r) * 15U); @@ -28158,11 +28158,11 @@ static void sp_384_mont_reduce_order_15(sp_digit* a, const sp_digit* m, sp_digit sp_384_norm_15(a + 15); for (i=0; i<14; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_384_mul_add_15(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_384_mul_add_15(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; @@ -28187,42 +28187,42 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 14; i++) { - am = (a[i] * 0x1) & 0x3ffffff; - a[i + 1] += (am << 6) & 0x3ffffff; + am = (sp_digit)((a[i] * 0x1) & 0x3ffffff); + a[i + 1] += (sp_digit)((am << 6) & 0x3ffffff); a[i + 2] += am >> 20; - a[i + 3] -= (am << 18) & 0x3ffffff; + a[i + 3] -= (sp_digit)((am << 18) & 0x3ffffff); a[i + 4] -= am >> 8; - a[i + 4] -= (am << 24) & 0x3ffffff; + a[i + 4] -= (sp_digit)((am << 24) & 0x3ffffff); a[i + 5] -= am >> 2; - a[i + 14] += (am << 20) & 0x3ffffff; + a[i + 14] += (sp_digit)((am << 20) & 0x3ffffff); a[i + 15] += am >> 6; a[i + 1] += a[i] >> 26; } - am = (a[14] * 0x1) & 0xfffff; - a[14 + 1] += (am << 6) & 0x3ffffff; + am = (sp_digit)((a[14] * 0x1) & 0xfffff); + a[14 + 1] += (sp_digit)((am << 6) & 0x3ffffff); a[14 + 2] += am >> 20; - a[14 + 3] -= (am << 18) & 0x3ffffff; + a[14 + 3] -= (sp_digit)((am << 18) & 0x3ffffff); a[14 + 4] -= am >> 8; - a[14 + 4] -= (am << 24) & 0x3ffffff; + a[14 + 4] -= (sp_digit)((am << 24) & 0x3ffffff); a[14 + 5] -= am >> 2; - a[14 + 14] += (am << 20) & 0x3ffffff; + a[14 + 14] += (sp_digit)((am << 20) & 0x3ffffff); a[14 + 15] += am >> 6; - a[0] = (a[14] >> 20) + ((a[15] << 6) & 0x3ffffff); - a[1] = (a[15] >> 20) + ((a[16] << 6) & 0x3ffffff); - a[2] = (a[16] >> 20) + ((a[17] << 6) & 0x3ffffff); - a[3] = (a[17] >> 20) + ((a[18] << 6) & 0x3ffffff); - a[4] = (a[18] >> 20) + ((a[19] << 6) & 0x3ffffff); - a[5] = (a[19] >> 20) + ((a[20] << 6) & 0x3ffffff); - a[6] = (a[20] >> 20) + ((a[21] << 6) & 0x3ffffff); - a[7] = (a[21] >> 20) + ((a[22] << 6) & 0x3ffffff); - a[8] = (a[22] >> 20) + ((a[23] << 6) & 0x3ffffff); - a[9] = (a[23] >> 20) + ((a[24] << 6) & 0x3ffffff); - a[10] = (a[24] >> 20) + ((a[25] << 6) & 0x3ffffff); - a[11] = (a[25] >> 20) + ((a[26] << 6) & 0x3ffffff); - a[12] = (a[26] >> 20) + ((a[27] << 6) & 0x3ffffff); - a[13] = (a[27] >> 20) + ((a[28] << 6) & 0x3ffffff); + a[0] = (a[14] >> 20) + (sp_digit)((a[15] << 6) & 0x3ffffff); + a[1] = (a[15] >> 20) + (sp_digit)((a[16] << 6) & 0x3ffffff); + a[2] = (a[16] >> 20) + (sp_digit)((a[17] << 6) & 0x3ffffff); + a[3] = (a[17] >> 20) + (sp_digit)((a[18] << 6) & 0x3ffffff); + a[4] = (a[18] >> 20) + (sp_digit)((a[19] << 6) & 0x3ffffff); + a[5] = (a[19] >> 20) + (sp_digit)((a[20] << 6) & 0x3ffffff); + a[6] = (a[20] >> 20) + (sp_digit)((a[21] << 6) & 0x3ffffff); + a[7] = (a[21] >> 20) + (sp_digit)((a[22] << 6) & 0x3ffffff); + a[8] = (a[22] >> 20) + (sp_digit)((a[23] << 6) & 0x3ffffff); + a[9] = (a[23] >> 20) + (sp_digit)((a[24] << 6) & 0x3ffffff); + a[10] = (a[24] >> 20) + (sp_digit)((a[25] << 6) & 0x3ffffff); + a[11] = (a[25] >> 20) + (sp_digit)((a[26] << 6) & 0x3ffffff); + a[12] = (a[26] >> 20) + (sp_digit)((a[27] << 6) & 0x3ffffff); + a[13] = (a[27] >> 20) + (sp_digit)((a[28] << 6) & 0x3ffffff); a[14] = (a[14 + 14] >> 20) + (a[29] << 6); a[1] += a[0] >> 26; a[0] &= 0x3ffffff; @@ -28245,21 +28245,21 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x03ffffff & am; - a[1] -= 0x0000003f & am; + a[0] -= (sp_digit)(0x03ffffff & am); + a[1] -= (sp_digit)(0x0000003f & am); /* p384_mod[2] is zero */ - a[3] -= 0x03fc0000 & am; - a[4] -= 0x02ffffff & am; - a[5] -= 0x03ffffff & am; - a[6] -= 0x03ffffff & am; - a[7] -= 0x03ffffff & am; - a[8] -= 0x03ffffff & am; - a[9] -= 0x03ffffff & am; - a[10] -= 0x03ffffff & am; - a[11] -= 0x03ffffff & am; - a[12] -= 0x03ffffff & am; - a[13] -= 0x03ffffff & am; - a[14] -= 0x000fffff & am; + a[3] -= (sp_digit)(0x03fc0000 & am); + a[4] -= (sp_digit)(0x02ffffff & am); + a[5] -= (sp_digit)(0x03ffffff & am); + a[6] -= (sp_digit)(0x03ffffff & am); + a[7] -= (sp_digit)(0x03ffffff & am); + a[8] -= (sp_digit)(0x03ffffff & am); + a[9] -= (sp_digit)(0x03ffffff & am); + a[10] -= (sp_digit)(0x03ffffff & am); + a[11] -= (sp_digit)(0x03ffffff & am); + a[12] -= (sp_digit)(0x03ffffff & am); + a[13] -= (sp_digit)(0x03ffffff & am); + a[14] -= (sp_digit)(0x000fffff & am); a[1] += a[0] >> 26; a[0] &= 0x3ffffff; a[2] += a[1] >> 26; a[1] &= 0x3ffffff; @@ -28328,7 +28328,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_15(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -28592,23 +28592,23 @@ SP_NOINLINE static void sp_384_rshift1_15(sp_digit* r, const sp_digit* a) int i; for (i=0; i<14; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 25) & 0x3ffffff); - } -#else - r[0] = (a[0] >> 1) + ((a[1] << 25) & 0x3ffffff); - r[1] = (a[1] >> 1) + ((a[2] << 25) & 0x3ffffff); - r[2] = (a[2] >> 1) + ((a[3] << 25) & 0x3ffffff); - r[3] = (a[3] >> 1) + ((a[4] << 25) & 0x3ffffff); - r[4] = (a[4] >> 1) + ((a[5] << 25) & 0x3ffffff); - r[5] = (a[5] >> 1) + ((a[6] << 25) & 0x3ffffff); - r[6] = (a[6] >> 1) + ((a[7] << 25) & 0x3ffffff); - r[7] = (a[7] >> 1) + ((a[8] << 25) & 0x3ffffff); - r[8] = (a[8] >> 1) + ((a[9] << 25) & 0x3ffffff); - r[9] = (a[9] >> 1) + ((a[10] << 25) & 0x3ffffff); - r[10] = (a[10] >> 1) + ((a[11] << 25) & 0x3ffffff); - r[11] = (a[11] >> 1) + ((a[12] << 25) & 0x3ffffff); - r[12] = (a[12] >> 1) + ((a[13] << 25) & 0x3ffffff); - r[13] = (a[13] >> 1) + ((a[14] << 25) & 0x3ffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 25) & 0x3ffffff); + } +#else + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 25) & 0x3ffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 25) & 0x3ffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 25) & 0x3ffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 25) & 0x3ffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 25) & 0x3ffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 25) & 0x3ffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 25) & 0x3ffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 25) & 0x3ffffff); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 25) & 0x3ffffff); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 25) & 0x3ffffff); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 25) & 0x3ffffff); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 25) & 0x3ffffff); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 25) & 0x3ffffff); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 25) & 0x3ffffff); #endif r[14] = a[14] >> 1; } @@ -33244,25 +33244,25 @@ SP_NOINLINE static void sp_384_rshift_15(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<14; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff); } #else for (i=0; i<8; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff); - } - r[8] = (a[8] >> n) | ((a[9] << (26 - n)) & 0x3ffffff); - r[9] = (a[9] >> n) | ((a[10] << (26 - n)) & 0x3ffffff); - r[10] = (a[10] >> n) | ((a[11] << (26 - n)) & 0x3ffffff); - r[11] = (a[11] >> n) | ((a[12] << (26 - n)) & 0x3ffffff); - r[12] = (a[12] >> n) | ((a[13] << (26 - n)) & 0x3ffffff); - r[13] = (a[13] >> n) | ((a[14] << (26 - n)) & 0x3ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff); + } + r[8] = (a[8] >> n) | (sp_digit)((a[9] << (26 - n)) & 0x3ffffff); + r[9] = (a[9] >> n) | (sp_digit)((a[10] << (26 - n)) & 0x3ffffff); + r[10] = (a[10] >> n) | (sp_digit)((a[11] << (26 - n)) & 0x3ffffff); + r[11] = (a[11] >> n) | (sp_digit)((a[12] << (26 - n)) & 0x3ffffff); + r[12] = (a[12] >> n) | (sp_digit)((a[13] << (26 - n)) & 0x3ffffff); + r[13] = (a[13] >> n) | (sp_digit)((a[14] << (26 - n)) & 0x3ffffff); #endif /* WOLFSSL_SP_SMALL */ r[14] = a[14] >> n; } @@ -33333,7 +33333,7 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a, r[30] = a[29] >> (26 - n); for (i=29; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff); } #else sp_int_digit s; @@ -33342,65 +33342,65 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[29]; r[30] = s >> (26U - n); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x3ffffff; + r[0] = (sp_digit)((a[0] << n) & 0x3ffffff); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -33499,13 +33499,13 @@ static void sp_384_mont_mul_order_15(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -35264,7 +35264,7 @@ SP_NOINLINE static void sp_521_mul_21(sp_digit* r, const sp_digit* a, } } for (i=0; i<41; i++) { - r[i] = t[i] & 0x1ffffff; + r[i] = (sp_digit)(t[i] & 0x1ffffff); t[i+1] += t[i] >> 25; } r[41] = (sp_digit)t[41]; @@ -35333,7 +35333,7 @@ SP_NOINLINE static void sp_521_sqr_21(sp_digit* r, const sp_digit* a) t[i+i] += ((sp_int64)a[i]) * a[i]; } for (i=0; i<41; i++) { - r[i] = t[i] & 0x1ffffff; + r[i] = (sp_digit)(t[i] & 0x1ffffff); t[i+1] += t[i] >> 25; } r[41] = (sp_digit)t[41]; @@ -35681,10 +35681,10 @@ static void sp_521_mont_reduce_21(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 20; i++) { - a[i] += ((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff; + a[i] += (sp_digit)(((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff); } a[20] &= 0x1fffff; - a[20] += ((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff; + a[20] += (sp_digit)(((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff); sp_521_norm_21(a); @@ -35789,17 +35789,17 @@ SP_NOINLINE static void sp_521_mul_add_21(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1ffffff; + r[i+0] = (sp_digit)(t[0] & 0x1ffffff); t[1] += t[0] >> 25; - r[i+1] = t[1] & 0x1ffffff; + r[i+1] = (sp_digit)(t[1] & 0x1ffffff); t[2] += t[1] >> 25; - r[i+2] = t[2] & 0x1ffffff; + r[i+2] = (sp_digit)(t[2] & 0x1ffffff); t[3] += t[2] >> 25; - r[i+3] = t[3] & 0x1ffffff; + r[i+3] = (sp_digit)(t[3] & 0x1ffffff); t[0] = t[3] >> 25; } t[0] += (tb * a[20]) + r[20]; - r[20] = t[0] & 0x1ffffff; + r[20] = (sp_digit)(t[0] & 0x1ffffff); r[21] += (sp_digit)(t[0] >> 25); #else sp_int64 tb = b; @@ -35852,8 +35852,8 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a) s = a[21]; n = a[20] >> 21; for (i = 0; i < 20; i++) { - n += (s & 0x1ffffff) << 4; - r[i] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); + r[i] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[22 + i] + (s >> 25); } @@ -35866,30 +35866,30 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a) s = a[21]; n = a[20] >> 21; for (i = 0; i < 16; i += 8) { - n += (s & 0x1ffffff) << 4; r[i+0] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+0] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+22] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+1] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+1] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+23] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+2] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+2] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+24] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+3] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+3] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+25] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+4] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+4] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+26] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+5] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+5] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+27] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+6] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+6] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+28] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+7] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+7] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+29] + (s >> 25); } - n += (s & 0x1ffffff) << 4; r[16] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[16] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[38] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[17] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[17] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[39] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[18] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[18] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[40] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[19] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[19] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[41] + (s >> 25); n += s << 4; r[20] = n; #endif /* WOLFSSL_SP_SMALL */ @@ -35911,11 +35911,11 @@ static void sp_521_mont_reduce_order_21(sp_digit* a, const sp_digit* m, sp_digit sp_521_norm_21(a + 21); for (i=0; i<20; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff); sp_521_mul_add_21(a+i, m, mu); a[i+1] += a[i] >> 25; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL); sp_521_mul_add_21(a+i, m, mu); a[i+1] += a[i] >> 25; a[i] &= 0x1ffffff; @@ -35976,7 +35976,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_21(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -36239,29 +36239,29 @@ SP_NOINLINE static void sp_521_rshift1_21(sp_digit* r, const sp_digit* a) int i; for (i=0; i<20; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff); - } -#else - r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff); - r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff); - r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff); - r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff); - r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff); - r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff); - r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff); - r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff); - r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff); - r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff); - r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff); - r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff); - r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff); - r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff); - r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff); - r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff); - r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff); - r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff); - r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff); - r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff); + } +#else + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff); + r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff); + r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff); + r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff); + r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff); + r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff); + r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff); #endif r[20] = a[20] >> 1; } @@ -41332,23 +41332,23 @@ SP_NOINLINE static void sp_521_rshift_21(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<20; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff); } #else for (i=0; i<16; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff); - } - r[16] = (a[16] >> n) | ((a[17] << (25 - n)) & 0x1ffffff); - r[17] = (a[17] >> n) | ((a[18] << (25 - n)) & 0x1ffffff); - r[18] = (a[18] >> n) | ((a[19] << (25 - n)) & 0x1ffffff); - r[19] = (a[19] >> n) | ((a[20] << (25 - n)) & 0x1ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff); + } + r[16] = (a[16] >> n) | (sp_digit)((a[17] << (25 - n)) & 0x1ffffff); + r[17] = (a[17] >> n) | (sp_digit)((a[18] << (25 - n)) & 0x1ffffff); + r[18] = (a[18] >> n) | (sp_digit)((a[19] << (25 - n)) & 0x1ffffff); + r[19] = (a[19] >> n) | (sp_digit)((a[20] << (25 - n)) & 0x1ffffff); #endif /* WOLFSSL_SP_SMALL */ r[20] = a[20] >> n; } @@ -41419,7 +41419,7 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a, r[42] = a[41] >> (25 - n); for (i=41; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff); } #else sp_int_digit s; @@ -41428,89 +41428,89 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[41]; r[42] = s >> (25U - n); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[41] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[40] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[39] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[38] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[37] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[36] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[35] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[34] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[33] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[32] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[31] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[30] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[29] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[28] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[27] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[26] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[25] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[24] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[23] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[22] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[21] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[20] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[19] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[18] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[17] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[16] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[15] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[14] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[13] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[12] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[11] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[10] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[9] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[8] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[7] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[6] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[5] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[4] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[3] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[2] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[1] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x1ffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1ffffff); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -41609,14 +41609,14 @@ static void sp_521_mont_mul_order_21(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -43092,7 +43092,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 @@ -43281,20 +43281,20 @@ SP_NOINLINE static void sp_1024_mul_7(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 5]; sp_int64 t12 = ((sp_int64)a[ 6]) * b[ 6]; - t1 += t0 >> 25; r[ 0] = t0 & 0x1ffffff; - t2 += t1 >> 25; r[ 1] = t1 & 0x1ffffff; - t3 += t2 >> 25; r[ 2] = t2 & 0x1ffffff; - t4 += t3 >> 25; r[ 3] = t3 & 0x1ffffff; - t5 += t4 >> 25; r[ 4] = t4 & 0x1ffffff; - t6 += t5 >> 25; r[ 5] = t5 & 0x1ffffff; - t7 += t6 >> 25; r[ 6] = t6 & 0x1ffffff; - t8 += t7 >> 25; r[ 7] = t7 & 0x1ffffff; - t9 += t8 >> 25; r[ 8] = t8 & 0x1ffffff; - t10 += t9 >> 25; r[ 9] = t9 & 0x1ffffff; - t11 += t10 >> 25; r[10] = t10 & 0x1ffffff; - t12 += t11 >> 25; r[11] = t11 & 0x1ffffff; + t1 += t0 >> 25; r[ 0] = (sp_digit)(t0 & 0x1ffffff); + t2 += t1 >> 25; r[ 1] = (sp_digit)(t1 & 0x1ffffff); + t3 += t2 >> 25; r[ 2] = (sp_digit)(t2 & 0x1ffffff); + t4 += t3 >> 25; r[ 3] = (sp_digit)(t3 & 0x1ffffff); + t5 += t4 >> 25; r[ 4] = (sp_digit)(t4 & 0x1ffffff); + t6 += t5 >> 25; r[ 5] = (sp_digit)(t5 & 0x1ffffff); + t7 += t6 >> 25; r[ 6] = (sp_digit)(t6 & 0x1ffffff); + t8 += t7 >> 25; r[ 7] = (sp_digit)(t7 & 0x1ffffff); + t9 += t8 >> 25; r[ 8] = (sp_digit)(t8 & 0x1ffffff); + t10 += t9 >> 25; r[ 9] = (sp_digit)(t9 & 0x1ffffff); + t11 += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff); + t12 += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff); r[13] = (sp_digit)(t12 >> 25); - r[12] = t12 & 0x1ffffff; + r[12] = (sp_digit)(t12 & 0x1ffffff); } /* Square a and put result in r. (r = a * a) @@ -43333,20 +43333,20 @@ SP_NOINLINE static void sp_1024_sqr_7(sp_digit* r, const sp_digit* a) sp_int64 t11 = (((sp_int64)a[ 5]) * a[ 6]) * 2; sp_int64 t12 = ((sp_int64)a[ 6]) * a[ 6]; - t1 += t0 >> 25; r[ 0] = t0 & 0x1ffffff; - t2 += t1 >> 25; r[ 1] = t1 & 0x1ffffff; - t3 += t2 >> 25; r[ 2] = t2 & 0x1ffffff; - t4 += t3 >> 25; r[ 3] = t3 & 0x1ffffff; - t5 += t4 >> 25; r[ 4] = t4 & 0x1ffffff; - t6 += t5 >> 25; r[ 5] = t5 & 0x1ffffff; - t7 += t6 >> 25; r[ 6] = t6 & 0x1ffffff; - t8 += t7 >> 25; r[ 7] = t7 & 0x1ffffff; - t9 += t8 >> 25; r[ 8] = t8 & 0x1ffffff; - t10 += t9 >> 25; r[ 9] = t9 & 0x1ffffff; - t11 += t10 >> 25; r[10] = t10 & 0x1ffffff; - t12 += t11 >> 25; r[11] = t11 & 0x1ffffff; + t1 += t0 >> 25; r[ 0] = (sp_digit)(t0 & 0x1ffffff); + t2 += t1 >> 25; r[ 1] = (sp_digit)(t1 & 0x1ffffff); + t3 += t2 >> 25; r[ 2] = (sp_digit)(t2 & 0x1ffffff); + t4 += t3 >> 25; r[ 3] = (sp_digit)(t3 & 0x1ffffff); + t5 += t4 >> 25; r[ 4] = (sp_digit)(t4 & 0x1ffffff); + t6 += t5 >> 25; r[ 5] = (sp_digit)(t5 & 0x1ffffff); + t7 += t6 >> 25; r[ 6] = (sp_digit)(t6 & 0x1ffffff); + t8 += t7 >> 25; r[ 7] = (sp_digit)(t7 & 0x1ffffff); + t9 += t8 >> 25; r[ 8] = (sp_digit)(t8 & 0x1ffffff); + t10 += t9 >> 25; r[ 9] = (sp_digit)(t9 & 0x1ffffff); + t11 += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff); + t12 += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff); r[13] = (sp_digit)(t12 >> 25); - r[12] = t12 & 0x1ffffff; + r[12] = (sp_digit)(t12 & 0x1ffffff); } /* Add b to a into r. (r = a + b) @@ -44051,20 +44051,20 @@ SP_NOINLINE static void sp_1024_rshift_42(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<41; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff); } #else for (i=0; i<40; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff); - } - r[40] = (a[40] >> n) | ((a[41] << (25 - n)) & 0x1ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff); + } + r[40] = (a[40] >> n) | (sp_digit)((a[41] << (25 - n)) & 0x1ffffff); #endif /* WOLFSSL_SP_SMALL */ r[41] = a[41] >> n; } @@ -44623,20 +44623,20 @@ SP_NOINLINE static void sp_1024_mul_add_42(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1ffffff; + r[i+0] = (sp_digit)(t[0] & 0x1ffffff); t[1] += t[0] >> 25; - r[i+1] = t[1] & 0x1ffffff; + r[i+1] = (sp_digit)(t[1] & 0x1ffffff); t[2] += t[1] >> 25; - r[i+2] = t[2] & 0x1ffffff; + r[i+2] = (sp_digit)(t[2] & 0x1ffffff); t[3] += t[2] >> 25; - r[i+3] = t[3] & 0x1ffffff; + r[i+3] = (sp_digit)(t[3] & 0x1ffffff); t[0] = t[3] >> 25; } t[0] += (tb * a[40]) + r[40]; t[1] = (tb * a[41]) + r[41]; - r[40] = t[0] & 0x1ffffff; + r[40] = (sp_digit)(t[0] & 0x1ffffff); t[1] += t[0] >> 25; - r[41] = t[1] & 0x1ffffff; + r[41] = (sp_digit)(t[1] & 0x1ffffff); r[42] += (sp_digit)(t[1] >> 25); #else sp_int64 tb = b; @@ -44710,7 +44710,7 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a) n = a[40] >> 24; for (i = 0; i < 40; i++) { n += (sp_uint32)a[41 + i] << 1; - r[i] = n & 0x1ffffff; + r[i] = (sp_digit)(n & 0x1ffffff); n >>= 25; } n += (sp_uint32)a[81] << 1; @@ -44722,14 +44722,14 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a) n = (sp_uint32)a[40]; n = n >> 24U; for (i = 0; i < 40; i += 8) { - n += (sp_uint32)a[i+41] << 1U; r[i+0] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+42] << 1U; r[i+1] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+43] << 1U; r[i+2] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+44] << 1U; r[i+3] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+45] << 1U; r[i+4] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+46] << 1U; r[i+5] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+47] << 1U; r[i+6] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+48] << 1U; r[i+7] = n & 0x1ffffff; n >>= 25U; + n += (sp_uint32)a[i+41] << 1U; r[i+0] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+42] << 1U; r[i+1] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+43] << 1U; r[i+2] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+44] << 1U; r[i+3] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+45] << 1U; r[i+4] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+46] << 1U; r[i+5] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+47] << 1U; r[i+6] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+48] << 1U; r[i+7] = (sp_digit)(n & 0x1ffffff); n >>= 25U; } n += (sp_uint32)a[81] << 1U; r[40] = n; #endif /* WOLFSSL_SP_SMALL */ @@ -44752,22 +44752,22 @@ static void sp_1024_mont_reduce_42(sp_digit* a, const sp_digit* m, sp_digit mp) if (mp != 1) { for (i=0; i<40; i++) { - mu = (a[i] * mp) & 0x1ffffff; + mu = (sp_digit)((a[i] * mp) & 0x1ffffff); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; } - mu = (a[i] * mp) & 0xffffffL; + mu = (sp_digit)((a[i] * mp) & 0xffffffL); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; a[i] &= 0x1ffffff; } else { for (i=0; i<40; i++) { - mu = a[i] & 0x1ffffff; + mu = (sp_digit)(a[i] & 0x1ffffff); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; } - mu = a[i] & 0xffffffL; + mu = (sp_digit)(a[i] & 0xffffffL); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; a[i] &= 0x1ffffff; @@ -44993,50 +44993,50 @@ SP_NOINLINE static void sp_1024_rshift1_42(sp_digit* r, const sp_digit* a) int i; for (i=0; i<41; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff); - } -#else - r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff); - r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff); - r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff); - r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff); - r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff); - r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff); - r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff); - r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff); - r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff); - r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff); - r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff); - r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff); - r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff); - r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff); - r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff); - r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff); - r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff); - r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff); - r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff); - r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff); - r[20] = (a[20] >> 1) + ((a[21] << 24) & 0x1ffffff); - r[21] = (a[21] >> 1) + ((a[22] << 24) & 0x1ffffff); - r[22] = (a[22] >> 1) + ((a[23] << 24) & 0x1ffffff); - r[23] = (a[23] >> 1) + ((a[24] << 24) & 0x1ffffff); - r[24] = (a[24] >> 1) + ((a[25] << 24) & 0x1ffffff); - r[25] = (a[25] >> 1) + ((a[26] << 24) & 0x1ffffff); - r[26] = (a[26] >> 1) + ((a[27] << 24) & 0x1ffffff); - r[27] = (a[27] >> 1) + ((a[28] << 24) & 0x1ffffff); - r[28] = (a[28] >> 1) + ((a[29] << 24) & 0x1ffffff); - r[29] = (a[29] >> 1) + ((a[30] << 24) & 0x1ffffff); - r[30] = (a[30] >> 1) + ((a[31] << 24) & 0x1ffffff); - r[31] = (a[31] >> 1) + ((a[32] << 24) & 0x1ffffff); - r[32] = (a[32] >> 1) + ((a[33] << 24) & 0x1ffffff); - r[33] = (a[33] >> 1) + ((a[34] << 24) & 0x1ffffff); - r[34] = (a[34] >> 1) + ((a[35] << 24) & 0x1ffffff); - r[35] = (a[35] >> 1) + ((a[36] << 24) & 0x1ffffff); - r[36] = (a[36] >> 1) + ((a[37] << 24) & 0x1ffffff); - r[37] = (a[37] >> 1) + ((a[38] << 24) & 0x1ffffff); - r[38] = (a[38] >> 1) + ((a[39] << 24) & 0x1ffffff); - r[39] = (a[39] >> 1) + ((a[40] << 24) & 0x1ffffff); - r[40] = (a[40] >> 1) + ((a[41] << 24) & 0x1ffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff); + } +#else + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff); + r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff); + r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff); + r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff); + r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff); + r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff); + r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff); + r[20] = (a[20] >> 1) + (sp_digit)((a[21] << 24) & 0x1ffffff); + r[21] = (a[21] >> 1) + (sp_digit)((a[22] << 24) & 0x1ffffff); + r[22] = (a[22] >> 1) + (sp_digit)((a[23] << 24) & 0x1ffffff); + r[23] = (a[23] >> 1) + (sp_digit)((a[24] << 24) & 0x1ffffff); + r[24] = (a[24] >> 1) + (sp_digit)((a[25] << 24) & 0x1ffffff); + r[25] = (a[25] >> 1) + (sp_digit)((a[26] << 24) & 0x1ffffff); + r[26] = (a[26] >> 1) + (sp_digit)((a[27] << 24) & 0x1ffffff); + r[27] = (a[27] >> 1) + (sp_digit)((a[28] << 24) & 0x1ffffff); + r[28] = (a[28] >> 1) + (sp_digit)((a[29] << 24) & 0x1ffffff); + r[29] = (a[29] >> 1) + (sp_digit)((a[30] << 24) & 0x1ffffff); + r[30] = (a[30] >> 1) + (sp_digit)((a[31] << 24) & 0x1ffffff); + r[31] = (a[31] >> 1) + (sp_digit)((a[32] << 24) & 0x1ffffff); + r[32] = (a[32] >> 1) + (sp_digit)((a[33] << 24) & 0x1ffffff); + r[33] = (a[33] >> 1) + (sp_digit)((a[34] << 24) & 0x1ffffff); + r[34] = (a[34] >> 1) + (sp_digit)((a[35] << 24) & 0x1ffffff); + r[35] = (a[35] >> 1) + (sp_digit)((a[36] << 24) & 0x1ffffff); + r[36] = (a[36] >> 1) + (sp_digit)((a[37] << 24) & 0x1ffffff); + r[37] = (a[37] >> 1) + (sp_digit)((a[38] << 24) & 0x1ffffff); + r[38] = (a[38] >> 1) + (sp_digit)((a[39] << 24) & 0x1ffffff); + r[39] = (a[39] >> 1) + (sp_digit)((a[40] << 24) & 0x1ffffff); + r[40] = (a[40] >> 1) + (sp_digit)((a[41] << 24) & 0x1ffffff); #endif r[41] = a[41] >> 1; } diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index 136cae4c7e..6046cb4176 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -563,17 +563,17 @@ SP_NOINLINE static void sp_2048_mul_add_17(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL); t[1] += t[0] >> 61; - r[i+1] = t[1] & 0x1fffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL); t[2] += t[1] >> 61; - r[i+2] = t[2] & 0x1fffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL); t[3] += t[2] >> 61; - r[i+3] = t[3] & 0x1fffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL); t[0] = t[3] >> 61; } t[0] += (tb * a[16]) + r[16]; - r[16] = t[0] & 0x1fffffffffffffffL; + r[16] = (sp_digit)(t[0] & 0x1fffffffffffffffL); r[17] += (sp_digit)(t[0] >> 61); } @@ -589,7 +589,7 @@ static void sp_2048_mont_shift_17(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[17]) << 13; for (i = 0; i < 16; i++) { - r[i] = n & 0x1fffffffffffffffL; + r[i] = (sp_digit)(n & 0x1fffffffffffffffL); n >>= 61; n += ((sp_int128)a[18 + i]) << 13; } @@ -612,11 +612,11 @@ static void sp_2048_mont_reduce_17(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_17(a + 17); for (i=0; i<16; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL); sp_2048_mul_add_17(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL); sp_2048_mul_add_17(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; @@ -840,7 +840,7 @@ SP_NOINLINE static void sp_2048_rshift_17(sp_digit* r, const sp_digit* a, int i; for (i=0; i<16; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL); } r[16] = a[16] >> n; } @@ -1475,20 +1475,20 @@ SP_NOINLINE static void sp_2048_mul_add_34(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL); t[1] += t[0] >> 61; - r[i+1] = t[1] & 0x1fffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL); t[2] += t[1] >> 61; - r[i+2] = t[2] & 0x1fffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL); t[3] += t[2] >> 61; - r[i+3] = t[3] & 0x1fffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL); t[0] = t[3] >> 61; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; - r[32] = t[0] & 0x1fffffffffffffffL; + r[32] = (sp_digit)(t[0] & 0x1fffffffffffffffL); t[1] += t[0] >> 61; - r[33] = t[1] & 0x1fffffffffffffffL; + r[33] = (sp_digit)(t[1] & 0x1fffffffffffffffL); r[34] += (sp_digit)(t[1] >> 61); } @@ -1504,7 +1504,7 @@ static void sp_2048_mont_shift_34(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[34]) << 26; for (i = 0; i < 33; i++) { - r[i] = n & 0x1fffffffffffffffL; + r[i] = (sp_digit)(n & 0x1fffffffffffffffL); n >>= 61; n += ((sp_int128)a[35 + i]) << 26; } @@ -1529,33 +1529,33 @@ static void sp_2048_mont_reduce_34(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<33; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; } else { for (i=0; i<33; i++) { - mu = a[i] & 0x1fffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1fffffffffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = a[i] & 0x7ffffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; } #else for (i=0; i<33; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; @@ -1661,7 +1661,7 @@ SP_NOINLINE static void sp_2048_rshift_34(sp_digit* r, const sp_digit* a, int i; for (i=0; i<33; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL); } r[33] = a[33] >> n; } @@ -3010,9 +3010,9 @@ SP_NOINLINE static void sp_2048_lshift_34(sp_digit* r, const sp_digit* a, r[34] = a[33] >> (61 - n); for (i=33; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL); } - r[0] = (a[0] << n) & 0x1fffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -3604,29 +3604,29 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_uint128)a[ 0]) * b[ 0]; t1 = ((sp_uint128)a[ 0]) * b[ 1] + ((sp_uint128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 2] + ((sp_uint128)a[ 1]) * b[ 1] + ((sp_uint128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 3] + ((sp_uint128)a[ 1]) * b[ 2] + ((sp_uint128)a[ 2]) * b[ 1] + ((sp_uint128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 4] + ((sp_uint128)a[ 1]) * b[ 3] + ((sp_uint128)a[ 2]) * b[ 2] + ((sp_uint128)a[ 3]) * b[ 1] + ((sp_uint128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 5] + ((sp_uint128)a[ 1]) * b[ 4] + ((sp_uint128)a[ 2]) * b[ 3] + ((sp_uint128)a[ 3]) * b[ 2] + ((sp_uint128)a[ 4]) * b[ 1] + ((sp_uint128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 6] + ((sp_uint128)a[ 1]) * b[ 5] + ((sp_uint128)a[ 2]) * b[ 4] @@ -3634,7 +3634,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 4]) * b[ 2] + ((sp_uint128)a[ 5]) * b[ 1] + ((sp_uint128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 7] + ((sp_uint128)a[ 1]) * b[ 6] + ((sp_uint128)a[ 2]) * b[ 5] @@ -3643,7 +3643,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 5]) * b[ 2] + ((sp_uint128)a[ 6]) * b[ 1] + ((sp_uint128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 8] + ((sp_uint128)a[ 1]) * b[ 7] + ((sp_uint128)a[ 2]) * b[ 6] @@ -3653,7 +3653,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 2] + ((sp_uint128)a[ 7]) * b[ 1] + ((sp_uint128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 1]) * b[ 8] + ((sp_uint128)a[ 2]) * b[ 7] + ((sp_uint128)a[ 3]) * b[ 6] @@ -3662,7 +3662,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 3] + ((sp_uint128)a[ 7]) * b[ 2] + ((sp_uint128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 2]) * b[ 8] + ((sp_uint128)a[ 3]) * b[ 7] + ((sp_uint128)a[ 4]) * b[ 6] @@ -3670,35 +3670,35 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 4] + ((sp_uint128)a[ 7]) * b[ 3] + ((sp_uint128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 3]) * b[ 8] + ((sp_uint128)a[ 4]) * b[ 7] + ((sp_uint128)a[ 5]) * b[ 6] + ((sp_uint128)a[ 6]) * b[ 5] + ((sp_uint128)a[ 7]) * b[ 4] + ((sp_uint128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 4]) * b[ 8] + ((sp_uint128)a[ 5]) * b[ 7] + ((sp_uint128)a[ 6]) * b[ 6] + ((sp_uint128)a[ 7]) * b[ 5] + ((sp_uint128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 5]) * b[ 8] + ((sp_uint128)a[ 6]) * b[ 7] + ((sp_uint128)a[ 7]) * b[ 6] + ((sp_uint128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 6]) * b[ 8] + ((sp_uint128)a[ 7]) * b[ 7] + ((sp_uint128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 7]) * b[ 8] + ((sp_uint128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -3898,66 +3898,66 @@ SP_NOINLINE static void sp_2048_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_uint128)a[ 0]) * a[ 0]; t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2 + ((sp_uint128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 3] + ((sp_uint128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 4] + ((sp_uint128)a[ 1]) * a[ 3]) * 2 + ((sp_uint128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 5] + ((sp_uint128)a[ 1]) * a[ 4] + ((sp_uint128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 6] + ((sp_uint128)a[ 1]) * a[ 5] + ((sp_uint128)a[ 2]) * a[ 4]) * 2 + ((sp_uint128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 7] + ((sp_uint128)a[ 1]) * a[ 6] + ((sp_uint128)a[ 2]) * a[ 5] + ((sp_uint128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 8] + ((sp_uint128)a[ 1]) * a[ 7] + ((sp_uint128)a[ 2]) * a[ 6] + ((sp_uint128)a[ 3]) * a[ 5]) * 2 + ((sp_uint128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 1]) * a[ 8] + ((sp_uint128)a[ 2]) * a[ 7] + ((sp_uint128)a[ 3]) * a[ 6] + ((sp_uint128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 2]) * a[ 8] + ((sp_uint128)a[ 3]) * a[ 7] + ((sp_uint128)a[ 4]) * a[ 6]) * 2 + ((sp_uint128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 3]) * a[ 8] + ((sp_uint128)a[ 4]) * a[ 7] + ((sp_uint128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 4]) * a[ 8] + ((sp_uint128)a[ 5]) * a[ 7]) * 2 + ((sp_uint128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 5]) * a[ 8] + ((sp_uint128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2 + ((sp_uint128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -4202,16 +4202,16 @@ static void sp_2048_mont_shift_18(sp_digit* r, const sp_digit* a) n = (sp_uint64)a[17]; n = n >> 55U; for (i = 0; i < 16; i += 8) { - n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U; - } - n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U; + n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + } + n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; n += (sp_uint64)a[35] << 2U; r[17] = n; XMEMSET(&r[18], 0, sizeof(*r) * 18U); } @@ -4231,11 +4231,11 @@ static void sp_2048_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_18(a + 18); for (i=0; i<17; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_2048_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL); sp_2048_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -4356,16 +4356,16 @@ SP_NOINLINE static void sp_2048_rshift_18(sp_digit* r, const sp_digit* a, int i; for (i=0; i<16; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL); r[17] = a[17] >> n; } @@ -5048,28 +5048,28 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a) s = a[36]; n = a[35] >> 53; for (i = 0; i < 32; i += 8) { - n += (s & 0x1ffffffffffffffL) << 4; r[i+0] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+37] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+1] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+38] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+2] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+39] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+3] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+40] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+4] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+41] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+5] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+42] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+6] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+43] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+7] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+44] + (s >> 57); } - n += (s & 0x1ffffffffffffffL) << 4; r[32] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[32] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[69] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[33] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[33] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[70] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[34] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[34] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[71] + (s >> 57); n += s << 4; r[35] = n; XMEMSET(&r[36], 0, sizeof(*r) * 36U); @@ -5092,33 +5092,33 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<35; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } else { for (i=0; i<35; i++) { - mu = a[i] & 0x1ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = a[i] & 0x1fffffffffffffL; + mu = (sp_digit)(a[i] & 0x1fffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } #else for (i=0; i<35; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -5236,18 +5236,18 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a, int i; for (i=0; i<32; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[32] = (a[32] >> n) | ((a[33] << (57 - n)) & 0x1ffffffffffffffL); - r[33] = (a[33] >> n) | ((a[34] << (57 - n)) & 0x1ffffffffffffffL); - r[34] = (a[34] >> n) | ((a[35] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[32] = (a[32] >> n) | (sp_digit)((a[33] << (57 - n)) & 0x1ffffffffffffffL); + r[33] = (a[33] >> n) | (sp_digit)((a[34] << (57 - n)) & 0x1ffffffffffffffL); + r[34] = (a[34] >> n) | (sp_digit)((a[35] << (57 - n)) & 0x1ffffffffffffffL); r[35] = a[35] >> n; } @@ -6601,76 +6601,76 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[35]; r[36] = s >> (57U - n); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; - r[0] = (a[0] << n) & 0x1ffffffffffffffL; + r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); + r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -7454,20 +7454,20 @@ SP_NOINLINE static void sp_3072_mul_add_26(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0xfffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[i+1] = t[1] & 0xfffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL); t[2] += t[1] >> 60; - r[i+2] = t[2] & 0xfffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL); t[3] += t[2] >> 60; - r[i+3] = t[3] & 0xfffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL); t[0] = t[3] >> 60; } t[0] += (tb * a[24]) + r[24]; t[1] = (tb * a[25]) + r[25]; - r[24] = t[0] & 0xfffffffffffffffL; + r[24] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[25] = t[1] & 0xfffffffffffffffL; + r[25] = (sp_digit)(t[1] & 0xfffffffffffffffL); r[26] += (sp_digit)(t[1] >> 60); } @@ -7483,7 +7483,7 @@ static void sp_3072_mont_shift_26(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[26]) << 24; for (i = 0; i < 25; i++) { - r[i] = n & 0xfffffffffffffffL; + r[i] = (sp_digit)(n & 0xfffffffffffffffL); n >>= 60; n += ((sp_int128)a[27 + i]) << 24; } @@ -7506,11 +7506,11 @@ static void sp_3072_mont_reduce_26(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_26(a + 26); for (i=0; i<25; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL); sp_3072_mul_add_26(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL); sp_3072_mul_add_26(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; @@ -7695,7 +7695,7 @@ SP_NOINLINE static void sp_3072_rshift_26(sp_digit* r, const sp_digit* a, int i; for (i=0; i<25; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL); } r[25] = a[25] >> n; } @@ -8330,26 +8330,26 @@ SP_NOINLINE static void sp_3072_mul_add_52(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0xfffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[i+1] = t[1] & 0xfffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL); t[2] += t[1] >> 60; - r[i+2] = t[2] & 0xfffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL); t[3] += t[2] >> 60; - r[i+3] = t[3] & 0xfffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL); t[0] = t[3] >> 60; } t[0] += (tb * a[48]) + r[48]; t[1] = (tb * a[49]) + r[49]; t[2] = (tb * a[50]) + r[50]; t[3] = (tb * a[51]) + r[51]; - r[48] = t[0] & 0xfffffffffffffffL; + r[48] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[49] = t[1] & 0xfffffffffffffffL; + r[49] = (sp_digit)(t[1] & 0xfffffffffffffffL); t[2] += t[1] >> 60; - r[50] = t[2] & 0xfffffffffffffffL; + r[50] = (sp_digit)(t[2] & 0xfffffffffffffffL); t[3] += t[2] >> 60; - r[51] = t[3] & 0xfffffffffffffffL; + r[51] = (sp_digit)(t[3] & 0xfffffffffffffffL); r[52] += (sp_digit)(t[3] >> 60); } @@ -8365,7 +8365,7 @@ static void sp_3072_mont_shift_52(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[52]) << 48; for (i = 0; i < 51; i++) { - r[i] = n & 0xfffffffffffffffL; + r[i] = (sp_digit)(n & 0xfffffffffffffffL); n >>= 60; n += ((sp_int128)a[53 + i]) << 48; } @@ -8390,33 +8390,33 @@ static void sp_3072_mont_reduce_52(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<51; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; } else { for (i=0; i<51; i++) { - mu = a[i] & 0xfffffffffffffffL; + mu = (sp_digit)(a[i] & 0xfffffffffffffffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = a[i] & 0xfffL; + mu = (sp_digit)(a[i] & 0xfffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; } #else for (i=0; i<51; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; @@ -8522,7 +8522,7 @@ SP_NOINLINE static void sp_3072_rshift_52(sp_digit* r, const sp_digit* a, int i; for (i=0; i<51; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL); } r[51] = a[51] >> n; } @@ -9871,9 +9871,9 @@ SP_NOINLINE static void sp_3072_lshift_52(sp_digit* r, const sp_digit* a, r[52] = a[51] >> (60 - n); for (i=51; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL); } - r[0] = (a[0] << n) & 0xfffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -10468,29 +10468,29 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_uint128)a[ 0]) * b[ 0]; t1 = ((sp_uint128)a[ 0]) * b[ 1] + ((sp_uint128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 2] + ((sp_uint128)a[ 1]) * b[ 1] + ((sp_uint128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 3] + ((sp_uint128)a[ 1]) * b[ 2] + ((sp_uint128)a[ 2]) * b[ 1] + ((sp_uint128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 4] + ((sp_uint128)a[ 1]) * b[ 3] + ((sp_uint128)a[ 2]) * b[ 2] + ((sp_uint128)a[ 3]) * b[ 1] + ((sp_uint128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 5] + ((sp_uint128)a[ 1]) * b[ 4] + ((sp_uint128)a[ 2]) * b[ 3] + ((sp_uint128)a[ 3]) * b[ 2] + ((sp_uint128)a[ 4]) * b[ 1] + ((sp_uint128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 6] + ((sp_uint128)a[ 1]) * b[ 5] + ((sp_uint128)a[ 2]) * b[ 4] @@ -10498,7 +10498,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 4]) * b[ 2] + ((sp_uint128)a[ 5]) * b[ 1] + ((sp_uint128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 7] + ((sp_uint128)a[ 1]) * b[ 6] + ((sp_uint128)a[ 2]) * b[ 5] @@ -10507,7 +10507,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 5]) * b[ 2] + ((sp_uint128)a[ 6]) * b[ 1] + ((sp_uint128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 8] + ((sp_uint128)a[ 1]) * b[ 7] + ((sp_uint128)a[ 2]) * b[ 6] @@ -10517,7 +10517,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 2] + ((sp_uint128)a[ 7]) * b[ 1] + ((sp_uint128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 1]) * b[ 8] + ((sp_uint128)a[ 2]) * b[ 7] + ((sp_uint128)a[ 3]) * b[ 6] @@ -10526,7 +10526,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 3] + ((sp_uint128)a[ 7]) * b[ 2] + ((sp_uint128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 2]) * b[ 8] + ((sp_uint128)a[ 3]) * b[ 7] + ((sp_uint128)a[ 4]) * b[ 6] @@ -10534,35 +10534,35 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 4] + ((sp_uint128)a[ 7]) * b[ 3] + ((sp_uint128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 3]) * b[ 8] + ((sp_uint128)a[ 4]) * b[ 7] + ((sp_uint128)a[ 5]) * b[ 6] + ((sp_uint128)a[ 6]) * b[ 5] + ((sp_uint128)a[ 7]) * b[ 4] + ((sp_uint128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 4]) * b[ 8] + ((sp_uint128)a[ 5]) * b[ 7] + ((sp_uint128)a[ 6]) * b[ 6] + ((sp_uint128)a[ 7]) * b[ 5] + ((sp_uint128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 5]) * b[ 8] + ((sp_uint128)a[ 6]) * b[ 7] + ((sp_uint128)a[ 7]) * b[ 6] + ((sp_uint128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 6]) * b[ 8] + ((sp_uint128)a[ 7]) * b[ 7] + ((sp_uint128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 7]) * b[ 8] + ((sp_uint128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -10820,66 +10820,66 @@ SP_NOINLINE static void sp_3072_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_uint128)a[ 0]) * a[ 0]; t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2 + ((sp_uint128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 3] + ((sp_uint128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 4] + ((sp_uint128)a[ 1]) * a[ 3]) * 2 + ((sp_uint128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 5] + ((sp_uint128)a[ 1]) * a[ 4] + ((sp_uint128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 6] + ((sp_uint128)a[ 1]) * a[ 5] + ((sp_uint128)a[ 2]) * a[ 4]) * 2 + ((sp_uint128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 7] + ((sp_uint128)a[ 1]) * a[ 6] + ((sp_uint128)a[ 2]) * a[ 5] + ((sp_uint128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 8] + ((sp_uint128)a[ 1]) * a[ 7] + ((sp_uint128)a[ 2]) * a[ 6] + ((sp_uint128)a[ 3]) * a[ 5]) * 2 + ((sp_uint128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 1]) * a[ 8] + ((sp_uint128)a[ 2]) * a[ 7] + ((sp_uint128)a[ 3]) * a[ 6] + ((sp_uint128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 2]) * a[ 8] + ((sp_uint128)a[ 3]) * a[ 7] + ((sp_uint128)a[ 4]) * a[ 6]) * 2 + ((sp_uint128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 3]) * a[ 8] + ((sp_uint128)a[ 4]) * a[ 7] + ((sp_uint128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 4]) * a[ 8] + ((sp_uint128)a[ 5]) * a[ 7]) * 2 + ((sp_uint128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 5]) * a[ 8] + ((sp_uint128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2 + ((sp_uint128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -11185,26 +11185,26 @@ static void sp_3072_mont_shift_27(sp_digit* r, const sp_digit* a) s = a[27]; n = a[26] >> 54; for (i = 0; i < 24; i += 8) { - n += (s & 0x1ffffffffffffffL) << 3; r[i+0] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+28] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+1] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+29] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+2] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+30] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+3] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+31] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+4] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+32] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+5] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+33] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+6] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+34] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+7] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+35] + (s >> 57); } - n += (s & 0x1ffffffffffffffL) << 3; r[24] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[24] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[52] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[25] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[25] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[53] + (s >> 57); n += s << 3; r[26] = n; XMEMSET(&r[27], 0, sizeof(*r) * 27U); @@ -11225,11 +11225,11 @@ static void sp_3072_mont_reduce_27(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_27(a + 27); for (i=0; i<26; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_3072_mul_add_27(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL); sp_3072_mul_add_27(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -11354,17 +11354,17 @@ SP_NOINLINE static void sp_3072_rshift_27(sp_digit* r, const sp_digit* a, int i; for (i=0; i<24; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[24] = (a[24] >> n) | ((a[25] << (57 - n)) & 0x1ffffffffffffffL); - r[25] = (a[25] >> n) | ((a[26] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[24] = (a[24] >> n) | (sp_digit)((a[25] << (57 - n)) & 0x1ffffffffffffffL); + r[25] = (a[25] >> n) | (sp_digit)((a[26] << (57 - n)) & 0x1ffffffffffffffL); r[26] = a[26] >> n; } @@ -12055,28 +12055,28 @@ static void sp_3072_mont_shift_54(sp_digit* r, const sp_digit* a) sp_int128 n = a[53] >> 51; n += ((sp_int128)a[54]) << 6; for (i = 0; i < 48; i += 8) { - r[i + 0] = n & 0x1ffffffffffffffL; + r[i + 0] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 55]) << 6; - r[i + 1] = n & 0x1ffffffffffffffL; + r[i + 1] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 56]) << 6; - r[i + 2] = n & 0x1ffffffffffffffL; + r[i + 2] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 57]) << 6; - r[i + 3] = n & 0x1ffffffffffffffL; + r[i + 3] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 58]) << 6; - r[i + 4] = n & 0x1ffffffffffffffL; + r[i + 4] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 59]) << 6; - r[i + 5] = n & 0x1ffffffffffffffL; + r[i + 5] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 60]) << 6; - r[i + 6] = n & 0x1ffffffffffffffL; + r[i + 6] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 61]) << 6; - r[i + 7] = n & 0x1ffffffffffffffL; + r[i + 7] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 62]) << 6; } - r[48] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[103]) << 6; - r[49] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[104]) << 6; - r[50] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[105]) << 6; - r[51] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[106]) << 6; - r[52] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[107]) << 6; + r[48] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[103]) << 6; + r[49] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[104]) << 6; + r[50] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[105]) << 6; + r[51] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[106]) << 6; + r[52] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[107]) << 6; r[53] = (sp_digit)n; XMEMSET(&r[54], 0, sizeof(*r) * 54U); } @@ -12098,33 +12098,33 @@ static void sp_3072_mont_reduce_54(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<53; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } else { for (i=0; i<53; i++) { - mu = a[i] & 0x1ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = a[i] & 0x7ffffffffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } #else for (i=0; i<53; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -12244,20 +12244,20 @@ SP_NOINLINE static void sp_3072_rshift_54(sp_digit* r, const sp_digit* a, int i; for (i=0; i<48; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[48] = (a[48] >> n) | ((a[49] << (57 - n)) & 0x1ffffffffffffffL); - r[49] = (a[49] >> n) | ((a[50] << (57 - n)) & 0x1ffffffffffffffL); - r[50] = (a[50] >> n) | ((a[51] << (57 - n)) & 0x1ffffffffffffffL); - r[51] = (a[51] >> n) | ((a[52] << (57 - n)) & 0x1ffffffffffffffL); - r[52] = (a[52] >> n) | ((a[53] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[48] = (a[48] >> n) | (sp_digit)((a[49] << (57 - n)) & 0x1ffffffffffffffL); + r[49] = (a[49] >> n) | (sp_digit)((a[50] << (57 - n)) & 0x1ffffffffffffffL); + r[50] = (a[50] >> n) | (sp_digit)((a[51] << (57 - n)) & 0x1ffffffffffffffL); + r[51] = (a[51] >> n) | (sp_digit)((a[52] << (57 - n)) & 0x1ffffffffffffffL); + r[52] = (a[52] >> n) | (sp_digit)((a[53] << (57 - n)) & 0x1ffffffffffffffL); r[53] = a[53] >> n; } @@ -13611,112 +13611,112 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[53]; r[54] = s >> (57U - n); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[53] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[52] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[51] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[50] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[49] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[48] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[47] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[46] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[45] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[44] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[43] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[42] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[41] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[40] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[39] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[38] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[37] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[36] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; - r[0] = (a[0] << n) & 0x1ffffffffffffffL; + r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); + r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -14503,23 +14503,23 @@ SP_NOINLINE static void sp_4096_mul_add_35(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x7ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[i+1] = t[1] & 0x7ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL); t[2] += t[1] >> 59; - r[i+2] = t[2] & 0x7ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL); t[3] += t[2] >> 59; - r[i+3] = t[3] & 0x7ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL); t[0] = t[3] >> 59; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; t[2] = (tb * a[34]) + r[34]; - r[32] = t[0] & 0x7ffffffffffffffL; + r[32] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[33] = t[1] & 0x7ffffffffffffffL; + r[33] = (sp_digit)(t[1] & 0x7ffffffffffffffL); t[2] += t[1] >> 59; - r[34] = t[2] & 0x7ffffffffffffffL; + r[34] = (sp_digit)(t[2] & 0x7ffffffffffffffL); r[35] += (sp_digit)(t[2] >> 59); } @@ -14535,7 +14535,7 @@ static void sp_4096_mont_shift_35(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[35]) << 17; for (i = 0; i < 34; i++) { - r[i] = n & 0x7ffffffffffffffL; + r[i] = (sp_digit)(n & 0x7ffffffffffffffL); n >>= 59; n += ((sp_int128)a[36 + i]) << 17; } @@ -14558,11 +14558,11 @@ static void sp_4096_mont_reduce_35(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_35(a + 35); for (i=0; i<34; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL); sp_4096_mul_add_35(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL); sp_4096_mul_add_35(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; @@ -14747,7 +14747,7 @@ SP_NOINLINE static void sp_4096_rshift_35(sp_digit* r, const sp_digit* a, int i; for (i=0; i<34; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL); } r[34] = a[34] >> n; } @@ -15383,20 +15383,20 @@ SP_NOINLINE static void sp_4096_mul_add_70(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x7ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[i+1] = t[1] & 0x7ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL); t[2] += t[1] >> 59; - r[i+2] = t[2] & 0x7ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL); t[3] += t[2] >> 59; - r[i+3] = t[3] & 0x7ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL); t[0] = t[3] >> 59; } t[0] += (tb * a[68]) + r[68]; t[1] = (tb * a[69]) + r[69]; - r[68] = t[0] & 0x7ffffffffffffffL; + r[68] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[69] = t[1] & 0x7ffffffffffffffL; + r[69] = (sp_digit)(t[1] & 0x7ffffffffffffffL); r[70] += (sp_digit)(t[1] >> 59); } @@ -15412,7 +15412,7 @@ static void sp_4096_mont_shift_70(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[70]) << 34; for (i = 0; i < 69; i++) { - r[i] = n & 0x7ffffffffffffffL; + r[i] = (sp_digit)(n & 0x7ffffffffffffffL); n >>= 59; n += ((sp_int128)a[71 + i]) << 34; } @@ -15437,33 +15437,33 @@ static void sp_4096_mont_reduce_70(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<69; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; } else { for (i=0; i<69; i++) { - mu = a[i] & 0x7ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffffffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = a[i] & 0x1ffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; } #else for (i=0; i<69; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; @@ -15569,7 +15569,7 @@ SP_NOINLINE static void sp_4096_rshift_70(sp_digit* r, const sp_digit* a, int i; for (i=0; i<69; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL); } r[69] = a[69] >> n; } @@ -16918,9 +16918,9 @@ SP_NOINLINE static void sp_4096_lshift_70(sp_digit* r, const sp_digit* a, r[70] = a[69] >> (59 - n); for (i=69; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL); } - r[0] = (a[0] << n) & 0x7ffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x7ffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -17379,29 +17379,29 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, t0 = ((sp_uint128)a[ 0]) * b[ 0]; t1 = ((sp_uint128)a[ 0]) * b[ 1] + ((sp_uint128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 2] + ((sp_uint128)a[ 1]) * b[ 1] + ((sp_uint128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 3] + ((sp_uint128)a[ 1]) * b[ 2] + ((sp_uint128)a[ 2]) * b[ 1] + ((sp_uint128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 4] + ((sp_uint128)a[ 1]) * b[ 3] + ((sp_uint128)a[ 2]) * b[ 2] + ((sp_uint128)a[ 3]) * b[ 1] + ((sp_uint128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 5] + ((sp_uint128)a[ 1]) * b[ 4] + ((sp_uint128)a[ 2]) * b[ 3] + ((sp_uint128)a[ 3]) * b[ 2] + ((sp_uint128)a[ 4]) * b[ 1] + ((sp_uint128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 6] + ((sp_uint128)a[ 1]) * b[ 5] + ((sp_uint128)a[ 2]) * b[ 4] @@ -17409,7 +17409,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 4]) * b[ 2] + ((sp_uint128)a[ 5]) * b[ 1] + ((sp_uint128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 7] + ((sp_uint128)a[ 1]) * b[ 6] + ((sp_uint128)a[ 2]) * b[ 5] @@ -17418,7 +17418,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 5]) * b[ 2] + ((sp_uint128)a[ 6]) * b[ 1] + ((sp_uint128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 8] + ((sp_uint128)a[ 1]) * b[ 7] + ((sp_uint128)a[ 2]) * b[ 6] @@ -17428,7 +17428,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 2] + ((sp_uint128)a[ 7]) * b[ 1] + ((sp_uint128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 9] + ((sp_uint128)a[ 1]) * b[ 8] + ((sp_uint128)a[ 2]) * b[ 7] @@ -17439,7 +17439,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 7]) * b[ 2] + ((sp_uint128)a[ 8]) * b[ 1] + ((sp_uint128)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[10] + ((sp_uint128)a[ 1]) * b[ 9] + ((sp_uint128)a[ 2]) * b[ 8] @@ -17451,7 +17451,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 8]) * b[ 2] + ((sp_uint128)a[ 9]) * b[ 1] + ((sp_uint128)a[10]) * b[ 0]; - t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[11] + ((sp_uint128)a[ 1]) * b[10] + ((sp_uint128)a[ 2]) * b[ 9] @@ -17464,7 +17464,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 9]) * b[ 2] + ((sp_uint128)a[10]) * b[ 1] + ((sp_uint128)a[11]) * b[ 0]; - t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[12] + ((sp_uint128)a[ 1]) * b[11] + ((sp_uint128)a[ 2]) * b[10] @@ -17478,7 +17478,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 2] + ((sp_uint128)a[11]) * b[ 1] + ((sp_uint128)a[12]) * b[ 0]; - t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 1]) * b[12] + ((sp_uint128)a[ 2]) * b[11] + ((sp_uint128)a[ 3]) * b[10] @@ -17491,7 +17491,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 3] + ((sp_uint128)a[11]) * b[ 2] + ((sp_uint128)a[12]) * b[ 1]; - t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 2]) * b[12] + ((sp_uint128)a[ 3]) * b[11] + ((sp_uint128)a[ 4]) * b[10] @@ -17503,7 +17503,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 4] + ((sp_uint128)a[11]) * b[ 3] + ((sp_uint128)a[12]) * b[ 2]; - r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 3]) * b[12] + ((sp_uint128)a[ 4]) * b[11] + ((sp_uint128)a[ 5]) * b[10] @@ -17514,7 +17514,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 5] + ((sp_uint128)a[11]) * b[ 4] + ((sp_uint128)a[12]) * b[ 3]; - r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 4]) * b[12] + ((sp_uint128)a[ 5]) * b[11] + ((sp_uint128)a[ 6]) * b[10] @@ -17524,7 +17524,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 6] + ((sp_uint128)a[11]) * b[ 5] + ((sp_uint128)a[12]) * b[ 4]; - r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 5]) * b[12] + ((sp_uint128)a[ 6]) * b[11] + ((sp_uint128)a[ 7]) * b[10] @@ -17533,7 +17533,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 7] + ((sp_uint128)a[11]) * b[ 6] + ((sp_uint128)a[12]) * b[ 5]; - r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 6]) * b[12] + ((sp_uint128)a[ 7]) * b[11] + ((sp_uint128)a[ 8]) * b[10] @@ -17541,35 +17541,35 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 8] + ((sp_uint128)a[11]) * b[ 7] + ((sp_uint128)a[12]) * b[ 6]; - r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 7]) * b[12] + ((sp_uint128)a[ 8]) * b[11] + ((sp_uint128)a[ 9]) * b[10] + ((sp_uint128)a[10]) * b[ 9] + ((sp_uint128)a[11]) * b[ 8] + ((sp_uint128)a[12]) * b[ 7]; - r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 8]) * b[12] + ((sp_uint128)a[ 9]) * b[11] + ((sp_uint128)a[10]) * b[10] + ((sp_uint128)a[11]) * b[ 9] + ((sp_uint128)a[12]) * b[ 8]; - r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 9]) * b[12] + ((sp_uint128)a[10]) * b[11] + ((sp_uint128)a[11]) * b[10] + ((sp_uint128)a[12]) * b[ 9]; - r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[10]) * b[12] + ((sp_uint128)a[11]) * b[11] + ((sp_uint128)a[12]) * b[10]; - r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[11]) * b[12] + ((sp_uint128)a[12]) * b[11]; - r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[12]) * b[12]; - r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; - r[24] = t0 & 0x1fffffffffffffL; + r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; + r[24] = (sp_digit)(t0 & 0x1fffffffffffffL); r[25] = (sp_digit)(t0 >> 53); XMEMCPY(r, t, sizeof(t)); } @@ -17835,57 +17835,57 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a) t0 = ((sp_uint128)a[ 0]) * a[ 0]; t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2 + ((sp_uint128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 3] + ((sp_uint128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 4] + ((sp_uint128)a[ 1]) * a[ 3]) * 2 + ((sp_uint128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 5] + ((sp_uint128)a[ 1]) * a[ 4] + ((sp_uint128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 6] + ((sp_uint128)a[ 1]) * a[ 5] + ((sp_uint128)a[ 2]) * a[ 4]) * 2 + ((sp_uint128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 7] + ((sp_uint128)a[ 1]) * a[ 6] + ((sp_uint128)a[ 2]) * a[ 5] + ((sp_uint128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 8] + ((sp_uint128)a[ 1]) * a[ 7] + ((sp_uint128)a[ 2]) * a[ 6] + ((sp_uint128)a[ 3]) * a[ 5]) * 2 + ((sp_uint128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 9] + ((sp_uint128)a[ 1]) * a[ 8] + ((sp_uint128)a[ 2]) * a[ 7] + ((sp_uint128)a[ 3]) * a[ 6] + ((sp_uint128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[10] + ((sp_uint128)a[ 1]) * a[ 9] + ((sp_uint128)a[ 2]) * a[ 8] + ((sp_uint128)a[ 3]) * a[ 7] + ((sp_uint128)a[ 4]) * a[ 6]) * 2 + ((sp_uint128)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[11] + ((sp_uint128)a[ 1]) * a[10] + ((sp_uint128)a[ 2]) * a[ 9] + ((sp_uint128)a[ 3]) * a[ 8] + ((sp_uint128)a[ 4]) * a[ 7] + ((sp_uint128)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[12] + ((sp_uint128)a[ 1]) * a[11] + ((sp_uint128)a[ 2]) * a[10] @@ -17893,62 +17893,62 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a) + ((sp_uint128)a[ 4]) * a[ 8] + ((sp_uint128)a[ 5]) * a[ 7]) * 2 + ((sp_uint128)a[ 6]) * a[ 6]; - t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 1]) * a[12] + ((sp_uint128)a[ 2]) * a[11] + ((sp_uint128)a[ 3]) * a[10] + ((sp_uint128)a[ 4]) * a[ 9] + ((sp_uint128)a[ 5]) * a[ 8] + ((sp_uint128)a[ 6]) * a[ 7]) * 2; - t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 2]) * a[12] + ((sp_uint128)a[ 3]) * a[11] + ((sp_uint128)a[ 4]) * a[10] + ((sp_uint128)a[ 5]) * a[ 9] + ((sp_uint128)a[ 6]) * a[ 8]) * 2 + ((sp_uint128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 3]) * a[12] + ((sp_uint128)a[ 4]) * a[11] + ((sp_uint128)a[ 5]) * a[10] + ((sp_uint128)a[ 6]) * a[ 9] + ((sp_uint128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 4]) * a[12] + ((sp_uint128)a[ 5]) * a[11] + ((sp_uint128)a[ 6]) * a[10] + ((sp_uint128)a[ 7]) * a[ 9]) * 2 + ((sp_uint128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 5]) * a[12] + ((sp_uint128)a[ 6]) * a[11] + ((sp_uint128)a[ 7]) * a[10] + ((sp_uint128)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 6]) * a[12] + ((sp_uint128)a[ 7]) * a[11] + ((sp_uint128)a[ 8]) * a[10]) * 2 + ((sp_uint128)a[ 9]) * a[ 9]; - r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 7]) * a[12] + ((sp_uint128)a[ 8]) * a[11] + ((sp_uint128)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 8]) * a[12] + ((sp_uint128)a[ 9]) * a[11]) * 2 + ((sp_uint128)a[10]) * a[10]; - r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 9]) * a[12] + ((sp_uint128)a[10]) * a[11]) * 2; - r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[10]) * a[12]) * 2 + ((sp_uint128)a[11]) * a[11]; - r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[11]) * a[12]) * 2; - r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[12]) * a[12]; - r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; - r[24] = t0 & 0x1fffffffffffffL; + r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; + r[24] = (sp_digit)(t0 & 0x1fffffffffffffL); r[25] = (sp_digit)(t0 >> 53); XMEMCPY(r, t, sizeof(t)); } @@ -18277,29 +18277,29 @@ static void sp_4096_mont_shift_39(sp_digit* r, const sp_digit* a) sp_int128 n = a[38] >> 34; n += ((sp_int128)a[39]) << 19; for (i = 0; i < 32; i += 8) { - r[i + 0] = n & 0x1fffffffffffffL; + r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 40]) << 19; - r[i + 1] = n & 0x1fffffffffffffL; + r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 41]) << 19; - r[i + 2] = n & 0x1fffffffffffffL; + r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 42]) << 19; - r[i + 3] = n & 0x1fffffffffffffL; + r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 43]) << 19; - r[i + 4] = n & 0x1fffffffffffffL; + r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 44]) << 19; - r[i + 5] = n & 0x1fffffffffffffL; + r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 45]) << 19; - r[i + 6] = n & 0x1fffffffffffffL; + r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 46]) << 19; - r[i + 7] = n & 0x1fffffffffffffL; + r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 47]) << 19; } - r[32] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[72]) << 19; - r[33] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[73]) << 19; - r[34] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[74]) << 19; - r[35] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[75]) << 19; - r[36] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[76]) << 19; - r[37] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[77]) << 19; + r[32] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[72]) << 19; + r[33] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[73]) << 19; + r[34] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[74]) << 19; + r[35] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[75]) << 19; + r[36] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[76]) << 19; + r[37] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[77]) << 19; r[38] = (sp_digit)n; XMEMSET(&r[39], 0, sizeof(*r) * 39U); } @@ -18319,11 +18319,11 @@ static void sp_4096_mont_reduce_39(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_39(a + 39); for (i=0; i<38; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_4096_mul_add_39(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL); sp_4096_mul_add_39(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; @@ -18452,21 +18452,21 @@ SP_NOINLINE static void sp_4096_rshift_39(sp_digit* r, const sp_digit* a, int i; for (i=0; i<32; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL); - } - r[32] = (a[32] >> n) | ((a[33] << (53 - n)) & 0x1fffffffffffffL); - r[33] = (a[33] >> n) | ((a[34] << (53 - n)) & 0x1fffffffffffffL); - r[34] = (a[34] >> n) | ((a[35] << (53 - n)) & 0x1fffffffffffffL); - r[35] = (a[35] >> n) | ((a[36] << (53 - n)) & 0x1fffffffffffffL); - r[36] = (a[36] >> n) | ((a[37] << (53 - n)) & 0x1fffffffffffffL); - r[37] = (a[37] >> n) | ((a[38] << (53 - n)) & 0x1fffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL); + } + r[32] = (a[32] >> n) | (sp_digit)((a[33] << (53 - n)) & 0x1fffffffffffffL); + r[33] = (a[33] >> n) | (sp_digit)((a[34] << (53 - n)) & 0x1fffffffffffffL); + r[34] = (a[34] >> n) | (sp_digit)((a[35] << (53 - n)) & 0x1fffffffffffffL); + r[35] = (a[35] >> n) | (sp_digit)((a[36] << (53 - n)) & 0x1fffffffffffffL); + r[36] = (a[36] >> n) | (sp_digit)((a[37] << (53 - n)) & 0x1fffffffffffffL); + r[37] = (a[37] >> n) | (sp_digit)((a[38] << (53 - n)) & 0x1fffffffffffffL); r[38] = a[38] >> n; } @@ -19158,28 +19158,28 @@ static void sp_4096_mont_shift_78(sp_digit* r, const sp_digit* a) sp_int128 n = a[77] >> 15; n += ((sp_int128)a[78]) << 38; for (i = 0; i < 72; i += 8) { - r[i + 0] = n & 0x1fffffffffffffL; + r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 79]) << 38; - r[i + 1] = n & 0x1fffffffffffffL; + r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 80]) << 38; - r[i + 2] = n & 0x1fffffffffffffL; + r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 81]) << 38; - r[i + 3] = n & 0x1fffffffffffffL; + r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 82]) << 38; - r[i + 4] = n & 0x1fffffffffffffL; + r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 83]) << 38; - r[i + 5] = n & 0x1fffffffffffffL; + r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 84]) << 38; - r[i + 6] = n & 0x1fffffffffffffL; + r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 85]) << 38; - r[i + 7] = n & 0x1fffffffffffffL; + r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 86]) << 38; } - r[72] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[151]) << 38; - r[73] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[152]) << 38; - r[74] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[153]) << 38; - r[75] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[154]) << 38; - r[76] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[155]) << 38; + r[72] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[151]) << 38; + r[73] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[152]) << 38; + r[74] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[153]) << 38; + r[75] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[154]) << 38; + r[76] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[155]) << 38; r[77] = (sp_digit)n; XMEMSET(&r[78], 0, sizeof(*r) * 78U); } @@ -19201,33 +19201,33 @@ static void sp_4096_mont_reduce_78(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<77; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; } else { for (i=0; i<77; i++) { - mu = a[i] & 0x1fffffffffffffL; + mu = (sp_digit)(a[i] & 0x1fffffffffffffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = a[i] & 0x7fffL; + mu = (sp_digit)(a[i] & 0x7fffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; } #else for (i=0; i<77; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; @@ -19347,20 +19347,20 @@ SP_NOINLINE static void sp_4096_rshift_78(sp_digit* r, const sp_digit* a, int i; for (i=0; i<72; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL); - } - r[72] = (a[72] >> n) | ((a[73] << (53 - n)) & 0x1fffffffffffffL); - r[73] = (a[73] >> n) | ((a[74] << (53 - n)) & 0x1fffffffffffffL); - r[74] = (a[74] >> n) | ((a[75] << (53 - n)) & 0x1fffffffffffffL); - r[75] = (a[75] >> n) | ((a[76] << (53 - n)) & 0x1fffffffffffffL); - r[76] = (a[76] >> n) | ((a[77] << (53 - n)) & 0x1fffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL); + } + r[72] = (a[72] >> n) | (sp_digit)((a[73] << (53 - n)) & 0x1fffffffffffffL); + r[73] = (a[73] >> n) | (sp_digit)((a[74] << (53 - n)) & 0x1fffffffffffffL); + r[74] = (a[74] >> n) | (sp_digit)((a[75] << (53 - n)) & 0x1fffffffffffffL); + r[75] = (a[75] >> n) | (sp_digit)((a[76] << (53 - n)) & 0x1fffffffffffffL); + r[76] = (a[76] >> n) | (sp_digit)((a[77] << (53 - n)) & 0x1fffffffffffffL); r[77] = a[77] >> n; } @@ -20714,160 +20714,160 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[77]; r[78] = s >> (53U - n); s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]); - r[77] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[77] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]); - r[76] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[76] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]); - r[75] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[75] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]); - r[74] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[74] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]); - r[73] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[73] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]); - r[72] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[72] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[71] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[70] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[69] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[68] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[67] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[66] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[65] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[64] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[63] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[62] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[61] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[60] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[59] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[58] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[57] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[56] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[55] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[54] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[53] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[52] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[51] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[50] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[49] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[48] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[47] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[46] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[45] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[44] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[43] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[42] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[41] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[40] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[39] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[38] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[37] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[36] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[35] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[34] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[33] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[32] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[31] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[30] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[29] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[28] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[27] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[26] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[25] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[24] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[23] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[22] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[21] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[20] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[19] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[18] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; - r[0] = (a[0] << n) & 0x1fffffffffffffL; + r[1] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); + r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -21249,16 +21249,16 @@ SP_NOINLINE static void sp_256_mul_5(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 4]) * b[ 3]; sp_int128 t8 = ((sp_int128)a[ 4]) * b[ 4]; - t1 += t0 >> 52; r[ 0] = t0 & 0xfffffffffffffL; - t2 += t1 >> 52; r[ 1] = t1 & 0xfffffffffffffL; - t3 += t2 >> 52; r[ 2] = t2 & 0xfffffffffffffL; - t4 += t3 >> 52; r[ 3] = t3 & 0xfffffffffffffL; - t5 += t4 >> 52; r[ 4] = t4 & 0xfffffffffffffL; - t6 += t5 >> 52; r[ 5] = t5 & 0xfffffffffffffL; - t7 += t6 >> 52; r[ 6] = t6 & 0xfffffffffffffL; - t8 += t7 >> 52; r[ 7] = t7 & 0xfffffffffffffL; + t1 += t0 >> 52; r[ 0] = (sp_digit)(t0 & 0xfffffffffffffL); + t2 += t1 >> 52; r[ 1] = (sp_digit)(t1 & 0xfffffffffffffL); + t3 += t2 >> 52; r[ 2] = (sp_digit)(t2 & 0xfffffffffffffL); + t4 += t3 >> 52; r[ 3] = (sp_digit)(t3 & 0xfffffffffffffL); + t5 += t4 >> 52; r[ 4] = (sp_digit)(t4 & 0xfffffffffffffL); + t6 += t5 >> 52; r[ 5] = (sp_digit)(t5 & 0xfffffffffffffL); + t7 += t6 >> 52; r[ 6] = (sp_digit)(t6 & 0xfffffffffffffL); + t8 += t7 >> 52; r[ 7] = (sp_digit)(t7 & 0xfffffffffffffL); r[9] = (sp_digit)(t8 >> 52); - r[8] = t8 & 0xfffffffffffffL; + r[8] = (sp_digit)(t8 & 0xfffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -21328,16 +21328,16 @@ SP_NOINLINE static void sp_256_sqr_5(sp_digit* r, const sp_digit* a) sp_int128 t7 = (((sp_int128)a[ 3]) * a[ 4]) * 2; sp_int128 t8 = ((sp_int128)a[ 4]) * a[ 4]; - t1 += t0 >> 52; r[ 0] = t0 & 0xfffffffffffffL; - t2 += t1 >> 52; r[ 1] = t1 & 0xfffffffffffffL; - t3 += t2 >> 52; r[ 2] = t2 & 0xfffffffffffffL; - t4 += t3 >> 52; r[ 3] = t3 & 0xfffffffffffffL; - t5 += t4 >> 52; r[ 4] = t4 & 0xfffffffffffffL; - t6 += t5 >> 52; r[ 5] = t5 & 0xfffffffffffffL; - t7 += t6 >> 52; r[ 6] = t6 & 0xfffffffffffffL; - t8 += t7 >> 52; r[ 7] = t7 & 0xfffffffffffffL; + t1 += t0 >> 52; r[ 0] = (sp_digit)(t0 & 0xfffffffffffffL); + t2 += t1 >> 52; r[ 1] = (sp_digit)(t1 & 0xfffffffffffffL); + t3 += t2 >> 52; r[ 2] = (sp_digit)(t2 & 0xfffffffffffffL); + t4 += t3 >> 52; r[ 3] = (sp_digit)(t3 & 0xfffffffffffffL); + t5 += t4 >> 52; r[ 4] = (sp_digit)(t4 & 0xfffffffffffffL); + t6 += t5 >> 52; r[ 5] = (sp_digit)(t5 & 0xfffffffffffffL); + t7 += t6 >> 52; r[ 6] = (sp_digit)(t6 & 0xfffffffffffffL); + t8 += t7 >> 52; r[ 7] = (sp_digit)(t7 & 0xfffffffffffffL); r[9] = (sp_digit)(t8 >> 52); - r[8] = t8 & 0xfffffffffffffL; + r[8] = (sp_digit)(t8 & 0xfffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -21686,17 +21686,17 @@ SP_NOINLINE static void sp_256_mul_add_5(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0xfffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffL); t[1] += t[0] >> 52; - r[i+1] = t[1] & 0xfffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffL); t[2] += t[1] >> 52; - r[i+2] = t[2] & 0xfffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffL); t[3] += t[2] >> 52; - r[i+3] = t[3] & 0xfffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffL); t[0] = t[3] >> 52; } t[0] += (tb * a[4]) + r[4]; - r[4] = t[0] & 0xfffffffffffffL; + r[4] = (sp_digit)(t[0] & 0xfffffffffffffL); r[5] += (sp_digit)(t[0] >> 52); #else sp_int128 tb = b; @@ -21750,7 +21750,7 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a) n = a[4] >> 48; for (i = 0; i < 4; i++) { n += (sp_uint64)a[5 + i] << 4; - r[i] = n & 0xfffffffffffffL; + r[i] = (sp_digit)(n & 0xfffffffffffffL); n >>= 52; } n += (sp_uint64)a[9] << 4; @@ -21759,10 +21759,10 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a) sp_uint64 n; n = a[4] >> 48; - n += (sp_uint64)a[ 5] << 4U; r[ 0] = n & 0xfffffffffffffUL; n >>= 52U; - n += (sp_uint64)a[ 6] << 4U; r[ 1] = n & 0xfffffffffffffUL; n >>= 52U; - n += (sp_uint64)a[ 7] << 4U; r[ 2] = n & 0xfffffffffffffUL; n >>= 52U; - n += (sp_uint64)a[ 8] << 4U; r[ 3] = n & 0xfffffffffffffUL; n >>= 52U; + n += (sp_uint64)a[ 5] << 4U; r[ 0] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; + n += (sp_uint64)a[ 6] << 4U; r[ 1] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; + n += (sp_uint64)a[ 7] << 4U; r[ 2] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; + n += (sp_uint64)a[ 8] << 4U; r[ 3] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; n += (sp_uint64)a[ 9] << 4U; r[ 4] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[5], 0, sizeof(*r) * 5U); @@ -21783,11 +21783,11 @@ static void sp_256_mont_reduce_order_5(sp_digit* a, const sp_digit* m, sp_digit sp_256_norm_5(a + 5); for (i=0; i<4; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL); sp_256_mul_add_5(a+i, m, mu); a[i+1] += a[i] >> 52; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL); sp_256_mul_add_5(a+i, m, mu); a[i+1] += a[i] >> 52; a[i] &= 0xfffffffffffffL; @@ -21813,32 +21813,32 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 4; i++) { - am = a[i] & 0xfffffffffffffL; + am = (sp_digit)(a[i] & 0xfffffffffffffL); /* Fifth word of modulus word */ t = am; t *= 0x0ffffffff0000L; - a[i + 1] += (am << 44) & 0xfffffffffffffL; + a[i + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL); a[i + 2] += am >> 8; - a[i + 3] += (am << 36) & 0xfffffffffffffL; - a[i + 4] += (am >> 16) + (t & 0xfffffffffffffL); + a[i + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL); + a[i + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL); a[i + 5] += t >> 52; a[i + 1] += a[i] >> 52; } - am = a[4] & 0xffffffffffff; + am = (sp_digit)(a[4] & 0xffffffffffff); /* Fifth word of modulus word */ t = am; t *= 0x0ffffffff0000L; - a[4 + 1] += (am << 44) & 0xfffffffffffffL; + a[4 + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL); a[4 + 2] += am >> 8; - a[4 + 3] += (am << 36) & 0xfffffffffffffL; - a[4 + 4] += (am >> 16) + (t & 0xfffffffffffffL); + a[4 + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL); + a[4 + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL); a[4 + 5] += t >> 52; - a[0] = (a[4] >> 48) + ((a[5] << 4) & 0xfffffffffffffL); - a[1] = (a[5] >> 48) + ((a[6] << 4) & 0xfffffffffffffL); - a[2] = (a[6] >> 48) + ((a[7] << 4) & 0xfffffffffffffL); - a[3] = (a[7] >> 48) + ((a[8] << 4) & 0xfffffffffffffL); + a[0] = (a[4] >> 48) + (sp_digit)((a[5] << 4) & 0xfffffffffffffL); + a[1] = (a[5] >> 48) + (sp_digit)((a[6] << 4) & 0xfffffffffffffL); + a[2] = (a[6] >> 48) + (sp_digit)((a[7] << 4) & 0xfffffffffffffL); + a[3] = (a[7] >> 48) + (sp_digit)((a[8] << 4) & 0xfffffffffffffL); a[4] = (a[8] >> 48) + (a[9] << 4); a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL; @@ -21851,11 +21851,11 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x000fffffffffffffL & am; - a[1] -= 0x00000fffffffffffL & am; + a[0] -= (sp_digit)(0x000fffffffffffffL & am); + a[1] -= (sp_digit)(0x00000fffffffffffL & am); /* p256_mod[2] is zero */ - a[3] -= 0x0000001000000000L & am; - a[4] -= 0x0000ffffffff0000L & am; + a[3] -= (sp_digit)(0x0000001000000000L & am); + a[4] -= (sp_digit)(0x0000ffffffff0000L & am); a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL; a[2] += a[1] >> 52; a[1] &= 0xfffffffffffffL; @@ -21914,7 +21914,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_5(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint64_t p256_mod_minus_2[4] = { +static const word64 p256_mod_minus_2[4] = { 0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U, 0xffffffff00000001U }; @@ -22152,13 +22152,13 @@ SP_NOINLINE static void sp_256_rshift1_5(sp_digit* r, const sp_digit* a) int i; for (i=0; i<4; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 51) & 0xfffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 51) & 0xfffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 51) & 0xfffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 51) & 0xfffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 51) & 0xfffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 51) & 0xfffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 51) & 0xfffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 51) & 0xfffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 51) & 0xfffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 51) & 0xfffffffffffffL); #endif r[4] = a[4] >> 1; } @@ -26099,23 +26099,23 @@ SP_NOINLINE static void sp_256_rshift_5(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<4; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL); } #else for (i=0; i<0; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (52 - n)) & 0xfffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (52 - n)) & 0xfffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (52 - n)) & 0xfffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (52 - n)) & 0xfffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (52 - n)) & 0xfffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (52 - n)) & 0xfffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (52 - n)) & 0xfffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (52 - n)) & 0xfffffffffffffL); - } - r[0] = (a[0] >> n) | ((a[1] << (52 - n)) & 0xfffffffffffffL); - r[1] = (a[1] >> n) | ((a[2] << (52 - n)) & 0xfffffffffffffL); - r[2] = (a[2] >> n) | ((a[3] << (52 - n)) & 0xfffffffffffffL); - r[3] = (a[3] >> n) | ((a[4] << (52 - n)) & 0xfffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (52 - n)) & 0xfffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (52 - n)) & 0xfffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (52 - n)) & 0xfffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (52 - n)) & 0xfffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (52 - n)) & 0xfffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (52 - n)) & 0xfffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (52 - n)) & 0xfffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (52 - n)) & 0xfffffffffffffL); + } + r[0] = (a[0] >> n) | (sp_digit)((a[1] << (52 - n)) & 0xfffffffffffffL); + r[1] = (a[1] >> n) | (sp_digit)((a[2] << (52 - n)) & 0xfffffffffffffL); + r[2] = (a[2] >> n) | (sp_digit)((a[3] << (52 - n)) & 0xfffffffffffffL); + r[3] = (a[3] >> n) | (sp_digit)((a[4] << (52 - n)) & 0xfffffffffffffL); #endif /* WOLFSSL_SP_SMALL */ r[4] = a[4] >> n; } @@ -26166,7 +26166,7 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a, r[10] = a[9] >> (52 - n); for (i=9; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL); } #else sp_int_digit s; @@ -26175,25 +26175,25 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[9]; r[10] = s >> (52U - n); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[1] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0xfffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffL); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -26298,7 +26298,7 @@ static void sp_256_mont_mul_order_5(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint64_t p256_order_minus_2[4] = { +static const word64 p256_order_minus_2[4] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU, 0xffffffff00000000U }; @@ -28082,20 +28082,20 @@ SP_NOINLINE static void sp_384_mul_7(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 5]; sp_int128 t12 = ((sp_int128)a[ 6]) * b[ 6]; - t1 += t0 >> 55; r[ 0] = t0 & 0x7fffffffffffffL; - t2 += t1 >> 55; r[ 1] = t1 & 0x7fffffffffffffL; - t3 += t2 >> 55; r[ 2] = t2 & 0x7fffffffffffffL; - t4 += t3 >> 55; r[ 3] = t3 & 0x7fffffffffffffL; - t5 += t4 >> 55; r[ 4] = t4 & 0x7fffffffffffffL; - t6 += t5 >> 55; r[ 5] = t5 & 0x7fffffffffffffL; - t7 += t6 >> 55; r[ 6] = t6 & 0x7fffffffffffffL; - t8 += t7 >> 55; r[ 7] = t7 & 0x7fffffffffffffL; - t9 += t8 >> 55; r[ 8] = t8 & 0x7fffffffffffffL; - t10 += t9 >> 55; r[ 9] = t9 & 0x7fffffffffffffL; - t11 += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL; - t12 += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL; + t1 += t0 >> 55; r[ 0] = (sp_digit)(t0 & 0x7fffffffffffffL); + t2 += t1 >> 55; r[ 1] = (sp_digit)(t1 & 0x7fffffffffffffL); + t3 += t2 >> 55; r[ 2] = (sp_digit)(t2 & 0x7fffffffffffffL); + t4 += t3 >> 55; r[ 3] = (sp_digit)(t3 & 0x7fffffffffffffL); + t5 += t4 >> 55; r[ 4] = (sp_digit)(t4 & 0x7fffffffffffffL); + t6 += t5 >> 55; r[ 5] = (sp_digit)(t5 & 0x7fffffffffffffL); + t7 += t6 >> 55; r[ 6] = (sp_digit)(t6 & 0x7fffffffffffffL); + t8 += t7 >> 55; r[ 7] = (sp_digit)(t7 & 0x7fffffffffffffL); + t9 += t8 >> 55; r[ 8] = (sp_digit)(t8 & 0x7fffffffffffffL); + t10 += t9 >> 55; r[ 9] = (sp_digit)(t9 & 0x7fffffffffffffL); + t11 += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL); + t12 += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL); r[13] = (sp_digit)(t12 >> 55); - r[12] = t12 & 0x7fffffffffffffL; + r[12] = (sp_digit)(t12 & 0x7fffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -28178,20 +28178,20 @@ SP_NOINLINE static void sp_384_sqr_7(sp_digit* r, const sp_digit* a) sp_int128 t11 = (((sp_int128)a[ 5]) * a[ 6]) * 2; sp_int128 t12 = ((sp_int128)a[ 6]) * a[ 6]; - t1 += t0 >> 55; r[ 0] = t0 & 0x7fffffffffffffL; - t2 += t1 >> 55; r[ 1] = t1 & 0x7fffffffffffffL; - t3 += t2 >> 55; r[ 2] = t2 & 0x7fffffffffffffL; - t4 += t3 >> 55; r[ 3] = t3 & 0x7fffffffffffffL; - t5 += t4 >> 55; r[ 4] = t4 & 0x7fffffffffffffL; - t6 += t5 >> 55; r[ 5] = t5 & 0x7fffffffffffffL; - t7 += t6 >> 55; r[ 6] = t6 & 0x7fffffffffffffL; - t8 += t7 >> 55; r[ 7] = t7 & 0x7fffffffffffffL; - t9 += t8 >> 55; r[ 8] = t8 & 0x7fffffffffffffL; - t10 += t9 >> 55; r[ 9] = t9 & 0x7fffffffffffffL; - t11 += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL; - t12 += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL; + t1 += t0 >> 55; r[ 0] = (sp_digit)(t0 & 0x7fffffffffffffL); + t2 += t1 >> 55; r[ 1] = (sp_digit)(t1 & 0x7fffffffffffffL); + t3 += t2 >> 55; r[ 2] = (sp_digit)(t2 & 0x7fffffffffffffL); + t4 += t3 >> 55; r[ 3] = (sp_digit)(t3 & 0x7fffffffffffffL); + t5 += t4 >> 55; r[ 4] = (sp_digit)(t4 & 0x7fffffffffffffL); + t6 += t5 >> 55; r[ 5] = (sp_digit)(t5 & 0x7fffffffffffffL); + t7 += t6 >> 55; r[ 6] = (sp_digit)(t6 & 0x7fffffffffffffL); + t8 += t7 >> 55; r[ 7] = (sp_digit)(t7 & 0x7fffffffffffffL); + t9 += t8 >> 55; r[ 8] = (sp_digit)(t8 & 0x7fffffffffffffL); + t10 += t9 >> 55; r[ 9] = (sp_digit)(t9 & 0x7fffffffffffffL); + t11 += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL); + t12 += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL); r[13] = (sp_digit)(t12 >> 55); - r[12] = t12 & 0x7fffffffffffffL; + r[12] = (sp_digit)(t12 & 0x7fffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -28548,23 +28548,23 @@ SP_NOINLINE static void sp_384_mul_add_7(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x7fffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x7fffffffffffffL); t[1] += t[0] >> 55; - r[i+1] = t[1] & 0x7fffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x7fffffffffffffL); t[2] += t[1] >> 55; - r[i+2] = t[2] & 0x7fffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x7fffffffffffffL); t[3] += t[2] >> 55; - r[i+3] = t[3] & 0x7fffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x7fffffffffffffL); t[0] = t[3] >> 55; } t[0] += (tb * a[4]) + r[4]; t[1] = (tb * a[5]) + r[5]; t[2] = (tb * a[6]) + r[6]; - r[4] = t[0] & 0x7fffffffffffffL; + r[4] = (sp_digit)(t[0] & 0x7fffffffffffffL); t[1] += t[0] >> 55; - r[5] = t[1] & 0x7fffffffffffffL; + r[5] = (sp_digit)(t[1] & 0x7fffffffffffffL); t[2] += t[1] >> 55; - r[6] = t[2] & 0x7fffffffffffffL; + r[6] = (sp_digit)(t[2] & 0x7fffffffffffffL); r[7] += (sp_digit)(t[2] >> 55); #else sp_int128 tb = b; @@ -28624,7 +28624,7 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a) n = a[6] >> 54; for (i = 0; i < 6; i++) { n += (sp_uint64)a[7 + i] << 1; - r[i] = n & 0x7fffffffffffffL; + r[i] = (sp_digit)(n & 0x7fffffffffffffL); n >>= 55; } n += (sp_uint64)a[13] << 1; @@ -28633,12 +28633,12 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a) sp_uint64 n; n = a[6] >> 54; - n += (sp_uint64)a[ 7] << 1U; r[ 0] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[ 8] << 1U; r[ 1] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[ 9] << 1U; r[ 2] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[10] << 1U; r[ 3] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[11] << 1U; r[ 4] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[12] << 1U; r[ 5] = n & 0x7fffffffffffffUL; n >>= 55U; + n += (sp_uint64)a[ 7] << 1U; r[ 0] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[ 8] << 1U; r[ 1] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[ 9] << 1U; r[ 2] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[10] << 1U; r[ 3] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[11] << 1U; r[ 4] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[12] << 1U; r[ 5] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; n += (sp_uint64)a[13] << 1U; r[ 6] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[7], 0, sizeof(*r) * 7U); @@ -28659,11 +28659,11 @@ static void sp_384_mont_reduce_order_7(sp_digit* a, const sp_digit* m, sp_digit sp_384_norm_7(a + 7); for (i=0; i<6; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL); sp_384_mul_add_7(a+i, m, mu); a[i+1] += a[i] >> 55; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL); sp_384_mul_add_7(a+i, m, mu); a[i+1] += a[i] >> 55; a[i] &= 0x7fffffffffffffL; @@ -28688,30 +28688,30 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 6; i++) { - am = (a[i] * 0x100000001) & 0x7fffffffffffffL; - a[i + 0] += (am << 32) & 0x7fffffffffffffL; - a[i + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL); - a[i + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL); + am = (sp_digit)((a[i] * 0x100000001) & 0x7fffffffffffffL); + a[i + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL); + a[i + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL); + a[i + 2] += -(am >> 14) - ((sp_digit)(am << 18) & 0x7fffffffffffffL); a[i + 3] += -(am >> 37); - a[i + 6] += (am << 54) & 0x7fffffffffffffL; + a[i + 6] += ((sp_digit)(am << 54) & 0x7fffffffffffffL); a[i + 7] += am >> 1; a[i + 1] += a[i] >> 55; } - am = (a[6] * 0x100000001) & 0x3fffffffffffff; - a[6 + 0] += (am << 32) & 0x7fffffffffffffL; - a[6 + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL); - a[6 + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL); + am = (sp_digit)((a[6] * 0x100000001) & 0x3fffffffffffff); + a[6 + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL); + a[6 + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL); + a[6 + 2] += -(am >> 14) - (sp_digit)((am << 18) & 0x7fffffffffffffL); a[6 + 3] += -(am >> 37); - a[6 + 6] += (am << 54) & 0x7fffffffffffffL; + a[6 + 6] += (sp_digit)((am << 54) & 0x7fffffffffffffL); a[6 + 7] += am >> 1; - a[0] = (a[6] >> 54) + ((a[7] << 1) & 0x7fffffffffffffL); - a[1] = (a[7] >> 54) + ((a[8] << 1) & 0x7fffffffffffffL); - a[2] = (a[8] >> 54) + ((a[9] << 1) & 0x7fffffffffffffL); - a[3] = (a[9] >> 54) + ((a[10] << 1) & 0x7fffffffffffffL); - a[4] = (a[10] >> 54) + ((a[11] << 1) & 0x7fffffffffffffL); - a[5] = (a[11] >> 54) + ((a[12] << 1) & 0x7fffffffffffffL); + a[0] = (a[6] >> 54) + (sp_digit)((a[7] << 1) & 0x7fffffffffffffL); + a[1] = (a[7] >> 54) + (sp_digit)((a[8] << 1) & 0x7fffffffffffffL); + a[2] = (a[8] >> 54) + (sp_digit)((a[9] << 1) & 0x7fffffffffffffL); + a[3] = (a[9] >> 54) + (sp_digit)((a[10] << 1) & 0x7fffffffffffffL); + a[4] = (a[10] >> 54) + (sp_digit)((a[11] << 1) & 0x7fffffffffffffL); + a[5] = (a[11] >> 54) + (sp_digit)((a[12] << 1) & 0x7fffffffffffffL); a[6] = (a[12] >> 54) + (a[13] << 1); a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL; @@ -28726,13 +28726,13 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x00000000ffffffffL & am; - a[1] -= 0x007ffe0000000000L & am; - a[2] -= 0x007ffffffffbffffL & am; - a[3] -= 0x007fffffffffffffL & am; - a[4] -= 0x007fffffffffffffL & am; - a[5] -= 0x007fffffffffffffL & am; - a[6] -= 0x003fffffffffffffL & am; + a[0] -= (sp_digit)(0x00000000ffffffffL & am); + a[1] -= (sp_digit)(0x007ffe0000000000L & am); + a[2] -= (sp_digit)(0x007ffffffffbffffL & am); + a[3] -= (sp_digit)(0x007fffffffffffffL & am); + a[4] -= (sp_digit)(0x007fffffffffffffL & am); + a[5] -= (sp_digit)(0x007fffffffffffffL & am); + a[6] -= (sp_digit)(0x003fffffffffffffL & am); a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL; a[2] += a[1] >> 55; a[1] &= 0x7fffffffffffffL; @@ -28793,7 +28793,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_7(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint64_t p384_mod_minus_2[6] = { +static const word64 p384_mod_minus_2[6] = { 0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; @@ -29049,15 +29049,15 @@ SP_NOINLINE static void sp_384_rshift1_7(sp_digit* r, const sp_digit* a) int i; for (i=0; i<6; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 54) & 0x7fffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 54) & 0x7fffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 54) & 0x7fffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 54) & 0x7fffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 54) & 0x7fffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 54) & 0x7fffffffffffffL); - r[4] = (a[4] >> 1) + ((a[5] << 54) & 0x7fffffffffffffL); - r[5] = (a[5] >> 1) + ((a[6] << 54) & 0x7fffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 54) & 0x7fffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 54) & 0x7fffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 54) & 0x7fffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 54) & 0x7fffffffffffffL); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 54) & 0x7fffffffffffffL); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 54) & 0x7fffffffffffffL); #endif r[6] = a[6] >> 1; } @@ -33565,25 +33565,25 @@ SP_NOINLINE static void sp_384_rshift_7(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<6; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL); } #else for (i=0; i<0; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (55 - n)) & 0x7fffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (55 - n)) & 0x7fffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (55 - n)) & 0x7fffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (55 - n)) & 0x7fffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (55 - n)) & 0x7fffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (55 - n)) & 0x7fffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (55 - n)) & 0x7fffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (55 - n)) & 0x7fffffffffffffL); - } - r[0] = (a[0] >> n) | ((a[1] << (55 - n)) & 0x7fffffffffffffL); - r[1] = (a[1] >> n) | ((a[2] << (55 - n)) & 0x7fffffffffffffL); - r[2] = (a[2] >> n) | ((a[3] << (55 - n)) & 0x7fffffffffffffL); - r[3] = (a[3] >> n) | ((a[4] << (55 - n)) & 0x7fffffffffffffL); - r[4] = (a[4] >> n) | ((a[5] << (55 - n)) & 0x7fffffffffffffL); - r[5] = (a[5] >> n) | ((a[6] << (55 - n)) & 0x7fffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (55 - n)) & 0x7fffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (55 - n)) & 0x7fffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (55 - n)) & 0x7fffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (55 - n)) & 0x7fffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (55 - n)) & 0x7fffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (55 - n)) & 0x7fffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (55 - n)) & 0x7fffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (55 - n)) & 0x7fffffffffffffL); + } + r[0] = (a[0] >> n) | (sp_digit)((a[1] << (55 - n)) & 0x7fffffffffffffL); + r[1] = (a[1] >> n) | (sp_digit)((a[2] << (55 - n)) & 0x7fffffffffffffL); + r[2] = (a[2] >> n) | (sp_digit)((a[3] << (55 - n)) & 0x7fffffffffffffL); + r[3] = (a[3] >> n) | (sp_digit)((a[4] << (55 - n)) & 0x7fffffffffffffL); + r[4] = (a[4] >> n) | (sp_digit)((a[5] << (55 - n)) & 0x7fffffffffffffL); + r[5] = (a[5] >> n) | (sp_digit)((a[6] << (55 - n)) & 0x7fffffffffffffL); #endif /* WOLFSSL_SP_SMALL */ r[6] = a[6] >> n; } @@ -33638,7 +33638,7 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a, r[14] = a[13] >> (55 - n); for (i=13; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL); } #else sp_int_digit s; @@ -33647,33 +33647,33 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[13]; r[14] = s >> (55U - n); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[1] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x7fffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x7fffffffffffffL); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -33772,13 +33772,13 @@ static void sp_384_mont_mul_order_7(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint64_t p384_order_minus_2[6] = { +static const word64 p384_order_minus_2[6] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint64_t p384_order_low[3] = { +static const word64 p384_order_low[3] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU }; #endif /* WOLFSSL_SP_SMALL */ @@ -35521,29 +35521,29 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_int128)a[ 0]) * b[ 0]; t1 = ((sp_int128)a[ 0]) * b[ 1] + ((sp_int128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 2] + ((sp_int128)a[ 1]) * b[ 1] + ((sp_int128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 0]) * b[ 3] + ((sp_int128)a[ 1]) * b[ 2] + ((sp_int128)a[ 2]) * b[ 1] + ((sp_int128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 4] + ((sp_int128)a[ 1]) * b[ 3] + ((sp_int128)a[ 2]) * b[ 2] + ((sp_int128)a[ 3]) * b[ 1] + ((sp_int128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 0]) * b[ 5] + ((sp_int128)a[ 1]) * b[ 4] + ((sp_int128)a[ 2]) * b[ 3] + ((sp_int128)a[ 3]) * b[ 2] + ((sp_int128)a[ 4]) * b[ 1] + ((sp_int128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 6] + ((sp_int128)a[ 1]) * b[ 5] + ((sp_int128)a[ 2]) * b[ 4] @@ -35551,7 +35551,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 4]) * b[ 2] + ((sp_int128)a[ 5]) * b[ 1] + ((sp_int128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 0]) * b[ 7] + ((sp_int128)a[ 1]) * b[ 6] + ((sp_int128)a[ 2]) * b[ 5] @@ -35560,7 +35560,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 5]) * b[ 2] + ((sp_int128)a[ 6]) * b[ 1] + ((sp_int128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 8] + ((sp_int128)a[ 1]) * b[ 7] + ((sp_int128)a[ 2]) * b[ 6] @@ -35570,7 +35570,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 2] + ((sp_int128)a[ 7]) * b[ 1] + ((sp_int128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 1]) * b[ 8] + ((sp_int128)a[ 2]) * b[ 7] + ((sp_int128)a[ 3]) * b[ 6] @@ -35579,7 +35579,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 3] + ((sp_int128)a[ 7]) * b[ 2] + ((sp_int128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 2]) * b[ 8] + ((sp_int128)a[ 3]) * b[ 7] + ((sp_int128)a[ 4]) * b[ 6] @@ -35587,35 +35587,35 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 4] + ((sp_int128)a[ 7]) * b[ 3] + ((sp_int128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 3]) * b[ 8] + ((sp_int128)a[ 4]) * b[ 7] + ((sp_int128)a[ 5]) * b[ 6] + ((sp_int128)a[ 6]) * b[ 5] + ((sp_int128)a[ 7]) * b[ 4] + ((sp_int128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 4]) * b[ 8] + ((sp_int128)a[ 5]) * b[ 7] + ((sp_int128)a[ 6]) * b[ 6] + ((sp_int128)a[ 7]) * b[ 5] + ((sp_int128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 5]) * b[ 8] + ((sp_int128)a[ 6]) * b[ 7] + ((sp_int128)a[ 7]) * b[ 6] + ((sp_int128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 6]) * b[ 8] + ((sp_int128)a[ 7]) * b[ 7] + ((sp_int128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 7]) * b[ 8] + ((sp_int128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; - r[16] = t0 & 0x3ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; + r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL); r[17] = (sp_digit)(t0 >> 58); XMEMCPY(r, t, sizeof(t)); } @@ -35677,66 +35677,66 @@ SP_NOINLINE static void sp_521_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_int128)a[ 0]) * a[ 0]; t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2 + ((sp_int128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 0]) * a[ 3] + ((sp_int128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 4] + ((sp_int128)a[ 1]) * a[ 3]) * 2 + ((sp_int128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 0]) * a[ 5] + ((sp_int128)a[ 1]) * a[ 4] + ((sp_int128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 6] + ((sp_int128)a[ 1]) * a[ 5] + ((sp_int128)a[ 2]) * a[ 4]) * 2 + ((sp_int128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 0]) * a[ 7] + ((sp_int128)a[ 1]) * a[ 6] + ((sp_int128)a[ 2]) * a[ 5] + ((sp_int128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 8] + ((sp_int128)a[ 1]) * a[ 7] + ((sp_int128)a[ 2]) * a[ 6] + ((sp_int128)a[ 3]) * a[ 5]) * 2 + ((sp_int128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 1]) * a[ 8] + ((sp_int128)a[ 2]) * a[ 7] + ((sp_int128)a[ 3]) * a[ 6] + ((sp_int128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 2]) * a[ 8] + ((sp_int128)a[ 3]) * a[ 7] + ((sp_int128)a[ 4]) * a[ 6]) * 2 + ((sp_int128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 3]) * a[ 8] + ((sp_int128)a[ 4]) * a[ 7] + ((sp_int128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 4]) * a[ 8] + ((sp_int128)a[ 5]) * a[ 7]) * 2 + ((sp_int128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 5]) * a[ 8] + ((sp_int128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2 + ((sp_int128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; - r[16] = t0 & 0x3ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; + r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL); r[17] = (sp_digit)(t0 >> 58); XMEMCPY(r, t, sizeof(t)); } @@ -36060,10 +36060,10 @@ static void sp_521_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 8; i++) { - a[i] += ((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL; + a[i] += (sp_digit)(((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL); } a[8] &= 0x1ffffffffffffff; - a[8] += ((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL; + a[8] += (sp_digit)(((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL); sp_521_norm_9(a); @@ -36152,17 +36152,17 @@ SP_NOINLINE static void sp_521_mul_add_9(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x3ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x3ffffffffffffffL); t[1] += t[0] >> 58; - r[i+1] = t[1] & 0x3ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x3ffffffffffffffL); t[2] += t[1] >> 58; - r[i+2] = t[2] & 0x3ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x3ffffffffffffffL); t[3] += t[2] >> 58; - r[i+3] = t[3] & 0x3ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x3ffffffffffffffL); t[0] = t[3] >> 58; } t[0] += (tb * a[8]) + r[8]; - r[8] = t[0] & 0x3ffffffffffffffL; + r[8] = (sp_digit)(t[0] & 0x3ffffffffffffffL); r[9] += (sp_digit)(t[0] >> 58); #else sp_int128 tb = b; @@ -36204,7 +36204,7 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a) n = a[8] >> 57; for (i = 0; i < 8; i++) { n += (sp_uint64)a[9 + i] << 1; - r[i] = n & 0x3ffffffffffffffL; + r[i] = (sp_digit)(n & 0x3ffffffffffffffL); n >>= 58; } n += (sp_uint64)a[17] << 1; @@ -36213,14 +36213,14 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a) sp_uint64 n; n = a[8] >> 57; - n += (sp_uint64)a[ 9] << 1U; r[ 0] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[10] << 1U; r[ 1] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[11] << 1U; r[ 2] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[12] << 1U; r[ 3] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[13] << 1U; r[ 4] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[14] << 1U; r[ 5] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[15] << 1U; r[ 6] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[16] << 1U; r[ 7] = n & 0x3ffffffffffffffUL; n >>= 58U; + n += (sp_uint64)a[ 9] << 1U; r[ 0] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[10] << 1U; r[ 1] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[11] << 1U; r[ 2] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[12] << 1U; r[ 3] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[13] << 1U; r[ 4] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[14] << 1U; r[ 5] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[15] << 1U; r[ 6] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[16] << 1U; r[ 7] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; n += (sp_uint64)a[17] << 1U; r[ 8] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[9], 0, sizeof(*r) * 9U); @@ -36241,11 +36241,11 @@ static void sp_521_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit sp_521_norm_9(a + 9); for (i=0; i<8; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL); sp_521_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 58; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_521_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 58; a[i] &= 0x3ffffffffffffffL; @@ -36306,7 +36306,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint64_t p521_mod_minus_2[9] = { +static const word64 p521_mod_minus_2[9] = { 0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU @@ -36561,17 +36561,17 @@ SP_NOINLINE static void sp_521_rshift1_9(sp_digit* r, const sp_digit* a) int i; for (i=0; i<8; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 57) & 0x3ffffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 57) & 0x3ffffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 57) & 0x3ffffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 57) & 0x3ffffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 57) & 0x3ffffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 57) & 0x3ffffffffffffffL); - r[4] = (a[4] >> 1) + ((a[5] << 57) & 0x3ffffffffffffffL); - r[5] = (a[5] >> 1) + ((a[6] << 57) & 0x3ffffffffffffffL); - r[6] = (a[6] >> 1) + ((a[7] << 57) & 0x3ffffffffffffffL); - r[7] = (a[7] >> 1) + ((a[8] << 57) & 0x3ffffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 57) & 0x3ffffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 57) & 0x3ffffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 57) & 0x3ffffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 57) & 0x3ffffffffffffffL); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 57) & 0x3ffffffffffffffL); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 57) & 0x3ffffffffffffffL); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 57) & 0x3ffffffffffffffL); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 57) & 0x3ffffffffffffffL); #endif r[8] = a[8] >> 1; } @@ -40981,18 +40981,18 @@ SP_NOINLINE static void sp_521_rshift_9(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<8; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL); } #else for (i=0; i<8; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (58 - n)) & 0x3ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (58 - n)) & 0x3ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (58 - n)) & 0x3ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (58 - n)) & 0x3ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (58 - n)) & 0x3ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (58 - n)) & 0x3ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (58 - n)) & 0x3ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (58 - n)) & 0x3ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (58 - n)) & 0x3ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (58 - n)) & 0x3ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (58 - n)) & 0x3ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (58 - n)) & 0x3ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (58 - n)) & 0x3ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (58 - n)) & 0x3ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (58 - n)) & 0x3ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (58 - n)) & 0x3ffffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ r[8] = a[8] >> n; @@ -41054,7 +41054,7 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a, r[18] = a[17] >> (58 - n); for (i=17; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL); } #else sp_int_digit s; @@ -41063,41 +41063,41 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[17]; r[18] = s >> (58U - n); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[1] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x3ffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x3ffffffffffffffL); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -41196,14 +41196,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint64_t p521_order_minus_2[9] = { +static const word64 p521_order_minus_2[9] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint64_t p521_order_low[5] = { +static const word64 p521_order_low[5] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU }; @@ -42672,7 +42672,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint64_t p521_sqrt_power[9] = { +static const word64 p521_sqrt_power[9] = { 0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000080 @@ -42818,29 +42818,29 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_int128)a[ 0]) * b[ 0]; t1 = ((sp_int128)a[ 0]) * b[ 1] + ((sp_int128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 2] + ((sp_int128)a[ 1]) * b[ 1] + ((sp_int128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 0]) * b[ 3] + ((sp_int128)a[ 1]) * b[ 2] + ((sp_int128)a[ 2]) * b[ 1] + ((sp_int128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 4] + ((sp_int128)a[ 1]) * b[ 3] + ((sp_int128)a[ 2]) * b[ 2] + ((sp_int128)a[ 3]) * b[ 1] + ((sp_int128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 0]) * b[ 5] + ((sp_int128)a[ 1]) * b[ 4] + ((sp_int128)a[ 2]) * b[ 3] + ((sp_int128)a[ 3]) * b[ 2] + ((sp_int128)a[ 4]) * b[ 1] + ((sp_int128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 6] + ((sp_int128)a[ 1]) * b[ 5] + ((sp_int128)a[ 2]) * b[ 4] @@ -42848,7 +42848,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 4]) * b[ 2] + ((sp_int128)a[ 5]) * b[ 1] + ((sp_int128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 0]) * b[ 7] + ((sp_int128)a[ 1]) * b[ 6] + ((sp_int128)a[ 2]) * b[ 5] @@ -42857,7 +42857,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 5]) * b[ 2] + ((sp_int128)a[ 6]) * b[ 1] + ((sp_int128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 8] + ((sp_int128)a[ 1]) * b[ 7] + ((sp_int128)a[ 2]) * b[ 6] @@ -42867,7 +42867,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 2] + ((sp_int128)a[ 7]) * b[ 1] + ((sp_int128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 1]) * b[ 8] + ((sp_int128)a[ 2]) * b[ 7] + ((sp_int128)a[ 3]) * b[ 6] @@ -42876,7 +42876,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 3] + ((sp_int128)a[ 7]) * b[ 2] + ((sp_int128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 2]) * b[ 8] + ((sp_int128)a[ 3]) * b[ 7] + ((sp_int128)a[ 4]) * b[ 6] @@ -42884,35 +42884,35 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 4] + ((sp_int128)a[ 7]) * b[ 3] + ((sp_int128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 3]) * b[ 8] + ((sp_int128)a[ 4]) * b[ 7] + ((sp_int128)a[ 5]) * b[ 6] + ((sp_int128)a[ 6]) * b[ 5] + ((sp_int128)a[ 7]) * b[ 4] + ((sp_int128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 4]) * b[ 8] + ((sp_int128)a[ 5]) * b[ 7] + ((sp_int128)a[ 6]) * b[ 6] + ((sp_int128)a[ 7]) * b[ 5] + ((sp_int128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 5]) * b[ 8] + ((sp_int128)a[ 6]) * b[ 7] + ((sp_int128)a[ 7]) * b[ 6] + ((sp_int128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 6]) * b[ 8] + ((sp_int128)a[ 7]) * b[ 7] + ((sp_int128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 7]) * b[ 8] + ((sp_int128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -42930,66 +42930,66 @@ SP_NOINLINE static void sp_1024_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_int128)a[ 0]) * a[ 0]; t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2 + ((sp_int128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 0]) * a[ 3] + ((sp_int128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 4] + ((sp_int128)a[ 1]) * a[ 3]) * 2 + ((sp_int128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 0]) * a[ 5] + ((sp_int128)a[ 1]) * a[ 4] + ((sp_int128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 6] + ((sp_int128)a[ 1]) * a[ 5] + ((sp_int128)a[ 2]) * a[ 4]) * 2 + ((sp_int128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 0]) * a[ 7] + ((sp_int128)a[ 1]) * a[ 6] + ((sp_int128)a[ 2]) * a[ 5] + ((sp_int128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 8] + ((sp_int128)a[ 1]) * a[ 7] + ((sp_int128)a[ 2]) * a[ 6] + ((sp_int128)a[ 3]) * a[ 5]) * 2 + ((sp_int128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 1]) * a[ 8] + ((sp_int128)a[ 2]) * a[ 7] + ((sp_int128)a[ 3]) * a[ 6] + ((sp_int128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 2]) * a[ 8] + ((sp_int128)a[ 3]) * a[ 7] + ((sp_int128)a[ 4]) * a[ 6]) * 2 + ((sp_int128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 3]) * a[ 8] + ((sp_int128)a[ 4]) * a[ 7] + ((sp_int128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 4]) * a[ 8] + ((sp_int128)a[ 5]) * a[ 7]) * 2 + ((sp_int128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 5]) * a[ 8] + ((sp_int128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2 + ((sp_int128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -43505,20 +43505,20 @@ SP_NOINLINE static void sp_1024_rshift_18(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<17; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL); } #else for (i=0; i<16; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL); #endif /* WOLFSSL_SP_SMALL */ r[17] = a[17] >> n; } @@ -44077,20 +44077,20 @@ SP_NOINLINE static void sp_1024_mul_add_18(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x1ffffffffffffffL); t[1] += t[0] >> 57; - r[i+1] = t[1] & 0x1ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x1ffffffffffffffL); t[2] += t[1] >> 57; - r[i+2] = t[2] & 0x1ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x1ffffffffffffffL); t[3] += t[2] >> 57; - r[i+3] = t[3] & 0x1ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x1ffffffffffffffL); t[0] = t[3] >> 57; } t[0] += (tb * a[16]) + r[16]; t[1] = (tb * a[17]) + r[17]; - r[16] = t[0] & 0x1ffffffffffffffL; + r[16] = (sp_digit)(t[0] & 0x1ffffffffffffffL); t[1] += t[0] >> 57; - r[17] = t[1] & 0x1ffffffffffffffL; + r[17] = (sp_digit)(t[1] & 0x1ffffffffffffffL); r[18] += (sp_digit)(t[1] >> 57); #else sp_int128 tb = b; @@ -44136,7 +44136,7 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a) n = a[17] >> 55; for (i = 0; i < 17; i++) { n += (sp_uint64)a[18 + i] << 2; - r[i] = n & 0x1ffffffffffffffL; + r[i] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; } n += (sp_uint64)a[35] << 2; @@ -44148,16 +44148,16 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a) n = (sp_uint64)a[17]; n = n >> 55U; for (i = 0; i < 16; i += 8) { - n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U; - } - n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U; + n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + } + n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; n += (sp_uint64)a[35] << 2U; r[17] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[18], 0, sizeof(*r) * 18U); @@ -44179,22 +44179,22 @@ static void sp_1024_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp) if (mp != 1) { for (i=0; i<17; i++) { - mu = (a[i] * mp) & 0x1ffffffffffffffL; + mu = (sp_digit)((a[i] * mp) & 0x1ffffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = (a[i] * mp) & 0x7fffffffffffffL; + mu = (sp_digit)((a[i] * mp) & 0x7fffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } else { for (i=0; i<17; i++) { - mu = a[i] & 0x1ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = a[i] & 0x7fffffffffffffL; + mu = (sp_digit)(a[i] & 0x7fffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -44419,26 +44419,26 @@ SP_NOINLINE static void sp_1024_rshift1_18(sp_digit* r, const sp_digit* a) int i; for (i=0; i<17; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 56) & 0x1ffffffffffffffL); - } -#else - r[0] = (a[0] >> 1) + ((a[1] << 56) & 0x1ffffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 56) & 0x1ffffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 56) & 0x1ffffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 56) & 0x1ffffffffffffffL); - r[4] = (a[4] >> 1) + ((a[5] << 56) & 0x1ffffffffffffffL); - r[5] = (a[5] >> 1) + ((a[6] << 56) & 0x1ffffffffffffffL); - r[6] = (a[6] >> 1) + ((a[7] << 56) & 0x1ffffffffffffffL); - r[7] = (a[7] >> 1) + ((a[8] << 56) & 0x1ffffffffffffffL); - r[8] = (a[8] >> 1) + ((a[9] << 56) & 0x1ffffffffffffffL); - r[9] = (a[9] >> 1) + ((a[10] << 56) & 0x1ffffffffffffffL); - r[10] = (a[10] >> 1) + ((a[11] << 56) & 0x1ffffffffffffffL); - r[11] = (a[11] >> 1) + ((a[12] << 56) & 0x1ffffffffffffffL); - r[12] = (a[12] >> 1) + ((a[13] << 56) & 0x1ffffffffffffffL); - r[13] = (a[13] >> 1) + ((a[14] << 56) & 0x1ffffffffffffffL); - r[14] = (a[14] >> 1) + ((a[15] << 56) & 0x1ffffffffffffffL); - r[15] = (a[15] >> 1) + ((a[16] << 56) & 0x1ffffffffffffffL); - r[16] = (a[16] >> 1) + ((a[17] << 56) & 0x1ffffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 56) & 0x1ffffffffffffffL); + } +#else + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 56) & 0x1ffffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 56) & 0x1ffffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 56) & 0x1ffffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 56) & 0x1ffffffffffffffL); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 56) & 0x1ffffffffffffffL); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 56) & 0x1ffffffffffffffL); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 56) & 0x1ffffffffffffffL); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 56) & 0x1ffffffffffffffL); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 56) & 0x1ffffffffffffffL); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 56) & 0x1ffffffffffffffL); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 56) & 0x1ffffffffffffffL); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 56) & 0x1ffffffffffffffL); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 56) & 0x1ffffffffffffffL); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 56) & 0x1ffffffffffffffL); + r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 56) & 0x1ffffffffffffffL); + r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 56) & 0x1ffffffffffffffL); + r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 56) & 0x1ffffffffffffffL); #endif r[17] = a[17] >> 1; } diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index 343f69d690..bd02cd468f 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -240,7 +240,7 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a) #define sp_2048_norm_64(a) #ifndef WOLFSSL_SP_SMALL -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Multiply a and b into r. (r = a * b) * * r A single precision integer. @@ -736,7 +736,7 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* Add b to a into r. (r = a + b) * * r A single precision integer. @@ -1533,7 +1533,7 @@ SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, (void)sp_2048_add_32(r + 96, r + 96, a1); } -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Square a and put result in r. (r = a * a) * * r A single precision integer. @@ -1899,7 +1899,7 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* Sub b from a into r. (r = a - b) * * r A single precision integer. @@ -31605,7 +31605,7 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) } #else -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Multiply a and b into r. (r = a * b) * * r A single precision integer. @@ -32101,7 +32101,7 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_di ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Square a and put result in r. (r = a * a) @@ -32222,7 +32222,7 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) } #else -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Square a and put result in r. (r = a * a) * * r A single precision integer. @@ -32588,7 +32588,7 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Add b to a into r. (r = a + b) @@ -34541,7 +34541,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -40247,7 +40247,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -45134,7 +45134,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -50341,13 +50341,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -57169,7 +57169,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -63601,14 +63601,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -65722,7 +65722,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index bb73fea2ab..d9ac60bca0 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -3942,7 +3942,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, __asm__ __volatile__ ( \ "mulhwu %[h], %[a], %[b] \n\t" \ "mullw %[l], %[a], %[b] \n\t" \ - "li %[o], 0 \n\t" \ + "xor %[o], %[o], %[o] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \ : [a] "r" (va), [b] "r" (vb) \ ) @@ -4045,7 +4045,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, #define SP_ASM_SUBB(vl, vh, va) \ __asm__ __volatile__ ( \ "subfc %[l], %[a], %[l] \n\t" \ - "li 16, 0 \n\t" \ + "xor 16, 16, 16 \n\t" \ "subfe %[h], 16, %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ : [a] "r" (va) \ @@ -5128,6 +5128,12 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho); #define WOLFSSL_SP_PRIME_GEN #endif +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) +/* Determine when mp_mul_d is required */ +#define WOLFSSL_SP_MUL_D +#endif + /* Set the multi-precision number to zero. * * Assumes a is not NULL. @@ -6553,7 +6559,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r) !defined(NO_DH) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \ + defined(WOLFSSL_SP_MUL_D) /* Multiply a by digit n and put result into r shifting up o digits. * r = (a * n) << (o * SP_WORD_SIZE) * @@ -6636,8 +6643,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o) #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || * WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) +#ifdef WOLFSSL_SP_MUL_D /* Multiply a by digit n and put result into r. r = a * n * * @param [in] a SP integer to multiply. @@ -6675,8 +6681,7 @@ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r) return err; } -#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || - * (WOLFSSL_KEY_GEN && !NO_RSA) */ +#endif /* WOLFSSL_SP_MUL_D */ /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ @@ -12429,8 +12434,10 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x, ALLOC_SP_INT(d, m->used + 1, err, NULL); if (err == MP_OKAY) { - sp_init_size(d, m->used + 1); + err = sp_init_size(d, m->used + 1); + } + if (err == MP_OKAY) { /* 1. x = m, y = a, b = 1, c = 0 */ if (a != y) { _sp_copy(a, y); diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 2529432279..b1dcaf6290 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -8438,7 +8438,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint64_t p256_mod_minus_2[4] = { +static const word64 p256_mod_minus_2[4] = { 0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U, 0xffffffff00000001U }; @@ -25121,13 +25121,13 @@ static void sp_256_mont_mul_order_4(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint64_t p256_order_minus_2[4] = { +static const word64 p256_order_minus_2[4] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU, 0xffffffff00000000U }; #else /* The low half of the order-2 of the P256 curve. */ -static const uint64_t p256_order_low[2] = { +static const word64 p256_order_low[2] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U }; #endif /* WOLFSSL_SP_SMALL */ @@ -27593,7 +27593,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint64_t p384_mod_minus_2[6] = { +static const word64 p384_mod_minus_2[6] = { 0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; @@ -50156,13 +50156,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint64_t p384_order_minus_2[6] = { +static const word64 p384_order_minus_2[6] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint64_t p384_order_low[3] = { +static const word64 p384_order_low[3] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU }; #endif /* WOLFSSL_SP_SMALL */ @@ -52503,7 +52503,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint64_t p521_mod_minus_2[9] = { +static const word64 p521_mod_minus_2[9] = { 0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU @@ -91277,14 +91277,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint64_t p521_order_minus_2[9] = { +static const word64 p521_order_minus_2[9] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint64_t p521_order_low[5] = { +static const word64 p521_order_low[5] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU }; @@ -93041,7 +93041,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint64_t p521_sqrt_power[9] = { +static const word64 p521_sqrt_power[9] = { 0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000080 diff --git a/wolfcrypt/src/wc_kyber_poly.c b/wolfcrypt/src/wc_kyber_poly.c index 4514ad3179..52c8af356f 100644 --- a/wolfcrypt/src/wc_kyber_poly.c +++ b/wolfcrypt/src/wc_kyber_poly.c @@ -173,8 +173,16 @@ const sword16 zetas_inv[KYBER_N / 2] = { 3127, 3042, 1907, 1836, 1517, 359, 758, 1441 }; +#define KYBER_BARRETT(a) \ + "SMULWB r10, r14, " #a "\n\t" \ + "SMULWT r11, r14, " #a "\n\t" \ + "SMULBT r10, r12, r10\n\t" \ + "SMULBT r11, r12, r11\n\t" \ + "PKHBT r10, r10, r11, LSL #16\n\t" \ + "SSUB16 " #a ", " #a ", r10\n\t" -#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + +#if !defined(WOLFSSL_ARMASM) /* Number-Theoretic Transform. * * @param [in, out] r Polynomial to transform. @@ -939,15 +947,16 @@ static void kyber_basemul(sword16* r, const sword16* a, const sword16* b, */ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) { - unsigned int i; const sword16* zeta = zetas + 64; -#ifdef WOLFSSL_KYBER_SMALL +#if defined(WOLFSSL_KYBER_SMALL) + unsigned int i; for (i = 0; i < KYBER_N; i += 4, zeta++) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); } #elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) + unsigned int i; for (i = 0; i < KYBER_N; i += 8, zeta += 2) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); @@ -955,6 +964,7 @@ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) kyber_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]); } #else + unsigned int i; for (i = 0; i < KYBER_N; i += 16, zeta += 4) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); @@ -977,10 +987,10 @@ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) static void kyber_basemul_mont_add(sword16* r, const sword16* a, const sword16* b) { - unsigned int i; const sword16* zeta = zetas + 64; -#ifdef WOLFSSL_KYBER_SMALL +#if defined(WOLFSSL_KYBER_SMALL) + unsigned int i; for (i = 0; i < KYBER_N; i += 4, zeta++) { sword16 t0[2]; sword16 t2[2]; @@ -994,6 +1004,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, r[i + 3] += t2[1]; } #elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) + unsigned int i; for (i = 0; i < KYBER_N; i += 8, zeta += 2) { sword16 t0[2]; sword16 t2[2]; @@ -1015,6 +1026,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, r[i + 7] += t6[1]; } #else + unsigned int i; for (i = 0; i < KYBER_N; i += 16, zeta += 4) { sword16 t0[2]; sword16 t2[2]; @@ -2142,7 +2154,7 @@ int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) } #endif -#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) +#if !defined(WOLFSSL_ARMASM) /* Rejection sampling on uniform random bytes to generate uniform random * integers mod q. * @@ -3338,7 +3350,7 @@ int kyber_cmp(const byte* a, const byte* b, int sz) /******************************************************************************/ -#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) +#if !defined(WOLFSSL_ARMASM) /* Conditional subtraction of q to each coefficient of a polynomial. * @@ -3355,10 +3367,18 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p) } } -#else +#elif defined(__aarch64__) #define kyber_csubq_c kyber_csubq_neon +#elif defined(WOLFSSL_ARMASM_THUMB2) + +#define kyber_csubq_c kyber_thumb2_csubq + +#else + +#define kyber_csubq_c kyber_arm32_csubq + #endif /******************************************************************************/ diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c index cbe9d1f7b2..45590018ae 100644 --- a/wolfcrypt/src/wc_lms.c +++ b/wolfcrypt/src/wc_lms.c @@ -42,8 +42,8 @@ * * @param [in] w Winternitz width. */ -#define LMS_U(w) \ - (8 * WC_SHA256_DIGEST_SIZE / (w)) +#define LMS_U(w, hLen) \ + (8 * (hLen) / (w)) /* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8. * * @param [in] w Winternitz width. @@ -63,17 +63,17 @@ * @param [in] w Winternitz width. * @param [in] wb Winternitz width length in bits. */ -#define LMS_P(w, wb) \ - (LMS_U(w) + LMS_V(w, wb)) +#define LMS_P(w, wb, hLen) \ + (LMS_U(w, hLen) + LMS_V(w, wb)) /* Calculate signature length. * * @param [in] l Number of levels. * @param [in] h Height of the trees. * @param [in] p Number of n-byte string elements in signature for a tree. */ -#define LMS_PARAMS_SIG_LEN(l, h, p) \ - (4 + (l) * (4 + 4 + 4 + WC_SHA256_DIGEST_SIZE * (1 + (p) + (h))) + \ - ((l) - 1) * LMS_PUBKEY_LEN) +#define LMS_PARAMS_SIG_LEN(l, h, p, hLen) \ + (4 + (l) * (4 + 4 + 4 + (hLen) * (1 + (p) + (h))) + \ + ((l) - 1) * LMS_PUBKEY_LEN(hLen)) #ifndef WOLFSSL_WC_LMS_SMALL /* Root levels and leaf cache bits. */ @@ -94,9 +94,10 @@ * @param [in] t LMS type. * @param [in] t2 LM-OTS type. */ -#define LMS_PARAMS(l, h, w, wb, t, t2) \ - { l, h, w, LMS_LS(w, wb), LMS_P(w, wb), t, t2, \ - LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb)), LMS_PARAMS_CACHE(h) } +#define LMS_PARAMS(l, h, w, wb, t, t2, hLen) \ + { l, h, w, LMS_LS(w, wb), LMS_P(w, wb, hLen), t, t2, \ + LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb, hLen), hLen), \ + (hLen), LMS_PARAMS_CACHE(h) } /* Initialize the working state for LMS operations. @@ -138,112 +139,230 @@ static void wc_lmskey_state_free(LmsState* state) /* Supported LMS parameters. */ static const wc_LmsParamsMap wc_lms_map[] = { +#ifndef WOLFSSL_NO_LMS_SHA256_256 #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_NONE , "LMS_NONE" , - LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H15_W2, "LMS/HSS L1_H15_W2", - LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H15_W4, "LMS/HSS L1_H15_W4", - LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_LEVELS >= 2 #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L2_H10_W2, "LMS/HSS L2_H10_W2", - LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H10_W4, "LMS/HSS L2_H10_W4", - LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H10_W8, "LMS/HSS L2_H10_W8", - LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 3 { WC_LMS_PARM_L3_H5_W2 , "LMS/HSS L3_H5_W2" , - LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L3_H5_W4 , "LMS/HSS L3_H5_W4" , - LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L3_H5_W8 , "LMS/HSS L3_H5_W8" , - LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L3_H10_W4, "LMS/HSS L3_H10_W4", - LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 4 { WC_LMS_PARM_L4_H5_W8 , "LMS/HSS L4_H5_W8" , - LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif /* For when user sets L, H, W explicitly. */ { WC_LMS_PARM_L1_H5_W1 , "LMS/HSS_L1_H5_W1" , - LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1) }, + LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H5_W2 , "LMS/HSS_L1_H5_W2" , - LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H5_W4 , "LMS/HSS_L1_H5_W4" , - LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H5_W8 , "LMS/HSS_L1_H5_W8" , - LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L1_H10_W2 , "LMS/HSS_L1_H10_W2", - LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H10_W4 , "LMS/HSS_L1_H10_W4", - LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H10_W8 , "LMS/HSS_L1_H10_W8", - LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_L1_H15_W8 , "LMS/HSS L1_H15_W8", - LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 20 { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_L1_H20_W2", - LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_L1_H20_W4", - LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_L1_H20_W8", - LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_LEVELS >= 2 { WC_LMS_PARM_L2_H5_W2 , "LMS/HSS_L2_H5_W2" , - LMS_PARAMS(2, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H5_W4 , "LMS/HSS_L2_H5_W4" , - LMS_PARAMS(2, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H5_W8 , "LMS/HSS_L2_H5_W8" , - LMS_PARAMS(2, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_L2_H15_W2 , "LMS/HSS_L2_H15_W2", - LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H15_W4 , "LMS/HSS_L2_H15_W4", - LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H15_W8 , "LMS/HSS_L2_H15_W8", - LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 20 { WC_LMS_PARM_L2_H20_W2 , "LMS/HSS_L2_H20_W2", - LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H20_W4 , "LMS/HSS_L2_H20_W4", - LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H20_W8 , "LMS/HSS_L2_H20_W8", - LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 3 #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L3_H10_W8 , "LMS/HSS L3_H10_W8", - LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 4 { WC_LMS_PARM_L4_H5_W2 , "LMS/HSS L4_H5_W2" , - LMS_PARAMS(4, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(4, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L4_H5_W4 , "LMS/HSS L4_H5_W4" , - LMS_PARAMS(4, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(4, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L4_H10_W4 , "LMS/HSS L4_H10_W4", - LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L4_H10_W8 , "LMS/HSS L4_H10_W8", - LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ + +#ifdef WOLFSSL_LMS_SHA256_192 +#if LMS_MAX_HEIGHT >= 15 + { WC_LMS_PARM_SHA256_192_L1_H15_W2, "LMS/HSS_SHA256/192 L1_H15_W2", + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H15_W4, "LMS/HSS_SHA256/192 L1_H15_W4", + LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#if LMS_MAX_LEVELS >= 2 +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_SHA256_192_L2_H10_W2, "LMS/HSS SHA256/192 L2_H10_W2", + LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L2_H10_W4, "LMS/HSS SHA256/192 L2_H10_W4", + LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L2_H10_W8, "LMS/HSS SHA256/192 L2_H10_W8", + LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#endif +#if LMS_MAX_LEVELS >= 3 + { WC_LMS_PARM_SHA256_192_L3_H5_W2 , "LMS/HSS_SHA256/192 L3_H5_W2" , + LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L3_H5_W4 , "LMS/HSS_SHA256/192 L3_H5_W4" , + LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L3_H5_W8 , "LMS/HSS_SHA256/192 L3_H5_W8" , + LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_SHA256_192_L3_H10_W4, "LMS/HSS_SHA256/192 L3_H10_W4", + LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#endif +#if LMS_MAX_LEVELS >= 4 + { WC_LMS_PARM_SHA256_192_L4_H5_W8 , "LMS/HSS_SHA256/192 L4_H5_W8" , + LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif + + { WC_LMS_PARM_SHA256_192_L1_H5_W1 , "LMS/HSS_SHA256/192_L1_H5_W1" , + LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W1, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H5_W2 , "LMS/HSS_SHA256/192_L1_H5_W2" , + LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H5_W4 , "LMS/HSS_SHA256/192_L1_H5_W4" , + LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H5_W8 , "LMS/HSS_SHA256/192_L1_H5_W8" , + LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_SHA256_192_L1_H10_W2 , "LMS/HSS_SHA256/192_L1_H10_W2", + LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H10_W4 , "LMS/HSS_SHA256/192_L1_H10_W4", + LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H10_W8 , "LMS/HSS_SHA256/192_L1_H10_W8", + LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#if LMS_MAX_HEIGHT >= 20 + { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_SHA256/192_L1_H20_W2", + LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_SHA256/192_L1_H20_W4", + LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_SHA256/192_L1_H20_W8", + LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#endif /* WOLFSSL_LMS_SHA256_192 */ }; /* Number of parameter sets supported. */ #define WC_LMS_MAP_LEN ((int)(sizeof(wc_lms_map) / sizeof(*wc_lms_map))) @@ -476,7 +595,7 @@ void wc_LmsKey_Free(LmsKey* key) ForceZero(key->priv_data, LMS_PRIV_DATA_LEN(params->levels, params->height, params->p, params->rootLevels, - params->cacheBits)); + params->cacheBits, params->hash_len)); XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS); } @@ -630,8 +749,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) /* Allocate memory for the private key data. */ key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, - params->height, params->p, params->rootLevels, params->cacheBits), - key->heap, DYNAMIC_TYPE_LMS); + params->height, params->p, params->rootLevels, params->cacheBits, + params->hash_len), key->heap, DYNAMIC_TYPE_LMS); /* Check pointer is valid. */ if (key->priv_data == NULL) { ret = MEMORY_E; @@ -669,8 +788,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) } if (ret == 0) { /* Write private key to storage. */ - int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, - key->context); + int rv = key->write_private_key(key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { ret = IO_FAILED_E; } @@ -729,8 +848,8 @@ int wc_LmsKey_Reload(LmsKey* key) /* Allocate memory for the private key data. */ key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, - params->height, params->p, params->rootLevels, params->cacheBits), - key->heap, DYNAMIC_TYPE_LMS); + params->height, params->p, params->rootLevels, params->cacheBits, + params->hash_len), key->heap, DYNAMIC_TYPE_LMS); /* Check pointer is valid. */ if (key->priv_data == NULL) { ret = MEMORY_E; @@ -738,8 +857,8 @@ int wc_LmsKey_Reload(LmsKey* key) } if (ret == 0) { /* Load private key. */ - int rv = key->read_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, - key->context); + int rv = key->read_private_key(key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); if (rv != WC_LMS_RC_READ_TO_MEMORY) { ret = IO_FAILED_E; } @@ -808,7 +927,7 @@ int wc_LmsKey_GetPrivLen(const LmsKey* key, word32* len) if (ret == 0) { /* Return private key length from parameter set. */ - *len = HSS_PRIVATE_KEY_LEN; + *len = HSS_PRIVATE_KEY_LEN(key->params->hash_len); } return ret; @@ -885,8 +1004,8 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg, } if (ret == 0) { /* Write private key to storage. */ - int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, - key->context); + int rv = key->write_private_key(key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { ret = IO_FAILED_E; } @@ -933,7 +1052,7 @@ int wc_LmsKey_GetPubLen(const LmsKey* key, word32* len) } if (ret == 0) { - *len = HSS_PUBLIC_KEY_LEN; + *len = HSS_PUBLIC_KEY_LEN(key->params->hash_len); } return ret; @@ -996,14 +1115,15 @@ int wc_LmsKey_ExportPubRaw(const LmsKey* key, byte* out, word32* outLen) ret = BAD_FUNC_ARG; } /* Check size of out is sufficient. */ - if ((ret == 0) && (*outLen < HSS_PUBLIC_KEY_LEN)) { + if ((ret == 0) && + (*outLen < (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) { ret = BUFFER_E; } if (ret == 0) { /* Return encoded public key. */ - XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN); - *outLen = HSS_PUBLIC_KEY_LEN; + XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN(key->params->hash_len)); + *outLen = HSS_PUBLIC_KEY_LEN(key->params->hash_len); } return ret; @@ -1032,7 +1152,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen) if ((key == NULL) || (in == NULL)) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (inLen != HSS_PUBLIC_KEY_LEN)) { + if ((ret == 0) && + (inLen != (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) { /* Something inconsistent. Parameters weren't set, or input * pub key is wrong.*/ return BUFFER_E; diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c index 86037d4646..bb9345c9a2 100644 --- a/wolfcrypt/src/wc_lms_impl.c +++ b/wolfcrypt/src/wc_lms_impl.c @@ -79,24 +79,19 @@ #define LMS_D_CHILD_I 0xffff /* Length of data to hash when computing seed: - * 16 + 4 + 2 + 32 = 54 */ -#define LMS_SEED_HASH_LEN \ - (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + LMS_MAX_NODE_LEN) + * 16 + 4 + 2 + 32/24 = 54/46 */ +#define LMS_SEED_HASH_LEN(hLen) \ + (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + (hLen)) /* Length of data to hash when computing a node: - * 16 + 4 + 2 + 32 + 32 = 86 */ -#define LMS_NODE_HASH_LEN \ - (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * LMS_MAX_NODE_LEN) + * 16 + 4 + 2 + 32/24 + 32/24 = 86/70 */ +#define LMS_NODE_HASH_LEN(hLen) \ + (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * (hLen)) /* Length of data to hash when computing most results: - * 16 + 4 + 2 + 1 + 32 = 55 */ -#define LMS_HASH_BUFFER_LEN \ - (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + LMS_MAX_NODE_LEN) - -/* Length of data to hash when computing Q: - * 16 + 4 + 2 + 32 = 54 */ -#define LMS_Q_BUFFER_LEN \ - (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_MAX_NODE_LEN) + * 16 + 4 + 2 + 1 + 32/24 = 55/47 */ +#define LMS_HASH_BUFFER_LEN(hLen) \ + (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + (hLen)) /* Length of preliminary data to hash when computing K: * 16 + 4 + 2 = 22 */ @@ -226,6 +221,7 @@ do { \ (buffer)[63] = 0xb8; \ } while (0) +#ifndef WOLFSSL_NO_LMS_SHA256_256 #ifndef WC_LMS_FULL_HASH /* Hash one full block of data and compute result. * @@ -290,6 +286,7 @@ static WC_INLINE int wc_lms_hash(wc_Sha256* sha256, byte* data, word32 len, return ret; } +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ /* Update hash with first data. * @@ -361,6 +358,7 @@ static WC_INLINE int wc_lms_hash_update(wc_Sha256* sha256, const byte* data, return ret; } +#ifndef WOLFSSL_NO_LMS_SHA256_256 /* Finalize hash. * * @param [in] sha256 SHA-256 hash object. @@ -403,6 +401,201 @@ static WC_INLINE int wc_lms_hash_final(wc_Sha256* sha256, byte* hash) return wc_Sha256Final(sha256, hash); #endif } +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ + +#ifdef WOLFSSL_LMS_SHA256_192 +/* Set the length of 46 bytes in buffer as per SHA-256 final operation. + * + * @param [in, out] buffer Hash data buffer to add length to. + */ +#define LMS_SHA256_SET_LEN_46(buffer) \ +do { \ + (buffer)[46] = 0x80; \ + (buffer)[47] = 0x00; \ + (buffer)[48] = 0x00; \ + (buffer)[49] = 0x00; \ + (buffer)[50] = 0x00; \ + (buffer)[51] = 0x00; \ + (buffer)[52] = 0x00; \ + (buffer)[53] = 0x00; \ + (buffer)[54] = 0x00; \ + (buffer)[55] = 0x00; \ + (buffer)[56] = 0x00; \ + (buffer)[57] = 0x00; \ + (buffer)[58] = 0x00; \ + (buffer)[59] = 0x00; \ + (buffer)[60] = 0x00; \ + (buffer)[61] = 0x00; \ + (buffer)[62] = 0x01; \ + (buffer)[63] = 0x70; \ +} while (0) + +/* Set the length of 47 bytes in buffer as per SHA-256 final operation. + * + * @param [in, out] buffer Hash data buffer to add length to. + */ +#define LMS_SHA256_SET_LEN_47(buffer) \ +do { \ + (buffer)[47] = 0x80; \ + (buffer)[48] = 0x00; \ + (buffer)[49] = 0x00; \ + (buffer)[50] = 0x00; \ + (buffer)[51] = 0x00; \ + (buffer)[52] = 0x00; \ + (buffer)[53] = 0x00; \ + (buffer)[54] = 0x00; \ + (buffer)[55] = 0x00; \ + (buffer)[56] = 0x00; \ + (buffer)[57] = 0x00; \ + (buffer)[58] = 0x00; \ + (buffer)[59] = 0x00; \ + (buffer)[60] = 0x00; \ + (buffer)[61] = 0x00; \ + (buffer)[62] = 0x01; \ + (buffer)[63] = 0x78; \ +} while (0) + +#ifndef WC_LMS_FULL_HASH +/* Hash one full block of data and compute result. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_sha256_192_hash_block(wc_Sha256* sha256, + const byte* data, byte* hash) +{ + int ret; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + + /* Hash the block and reset SHA-256 state. */ + ret = wc_Sha256HashBlock(sha256, data, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + + return ret; +} +#endif /* !WC_LMS_FULL_HASH */ + +/* Hash data and compute result. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [in] len Length of data to hash. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_sha256_192(wc_Sha256* sha256, byte* data, + word32 len, byte* hash) +{ + int ret; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + +#ifndef WC_LMS_FULL_HASH + if (len < WC_SHA256_BLOCK_SIZE) { + /* Store data into SHA-256 object's buffer. */ + LMS_SHA256_SET_DATA(sha256, data, len); + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } + else if (len < WC_SHA256_BLOCK_SIZE + WC_SHA256_PAD_SIZE) { + ret = wc_Sha256HashBlock(sha256, data, NULL); + if (ret == 0) { + byte* buffer = (byte*)sha256->buffer; + int rem = len - WC_SHA256_BLOCK_SIZE; + + XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE, rem); + buffer[rem++] = 0x80; + XMEMSET(buffer + rem, 0, WC_SHA256_BLOCK_SIZE - 2 - rem); + buffer[WC_SHA256_BLOCK_SIZE - 2] = (byte)(len >> 5); + buffer[WC_SHA256_BLOCK_SIZE - 1] = (byte)(len << 3); + ret = wc_Sha256HashBlock(sha256, buffer, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } + } + else { + ret = wc_Sha256Update(sha256, data, len); + if (ret == 0) { + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } + } +#else + ret = wc_Sha256Update(sha256, data, len); + if (ret == 0) { + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } +#endif /* !WC_LMS_FULL_HASH */ + + return ret; +} + +/* Finalize hash. + * + * @param [in] sha256 SHA-256 hash object. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_sha256_192_final(wc_Sha256* sha256, byte* hash) +{ +#ifndef WC_LMS_FULL_HASH + int ret = 0; + byte* buffer = (byte*)sha256->buffer; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + + buffer[sha256->buffLen++] = 0x80; + if (sha256->buffLen > WC_SHA256_PAD_SIZE) { + XMEMSET(buffer + sha256->buffLen, 0, + WC_SHA256_BLOCK_SIZE - sha256->buffLen); + ret = wc_Sha256HashBlock(sha256, buffer, NULL); + sha256->buffLen = 0; + } + if (ret == 0) { + XMEMSET(buffer + sha256->buffLen, 0, + WC_SHA256_BLOCK_SIZE - 8 - sha256->buffLen); + sha256->hiLen = (sha256->hiLen << 3) + (sha256->loLen >> 29); + sha256->loLen = sha256->loLen << 3; + #ifdef LITTLE_ENDIAN_ORDER + sha256->buffer[14] = ByteReverseWord32(sha256->hiLen); + sha256->buffer[15] = ByteReverseWord32(sha256->loLen); + #else + sha256->buffer[14] = sha256->hiLen; + sha256->buffer[15] = sha256->loLen; + #endif + ret = wc_Sha256HashBlock(sha256, buffer, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + sha256->buffLen = 0; + sha256->hiLen = 0; + sha256->loLen = 0; + } + + return ret; +#else + int ret; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + + return ret; +#endif +} +#endif /* WOLFSSL_LMS_SHA256_192 */ /*************************************** * LM-OTS APIs @@ -619,16 +812,30 @@ static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz, ret = wc_lms_hash_first(&state->hash, buffer, LMS_MSG_PRE_LEN); if (ret == 0) { /* H(... || C || ...) */ - ret = wc_lms_hash_update(&state->hash, c, LMS_MAX_NODE_LEN); + ret = wc_lms_hash_update(&state->hash, c, state->params->hash_len); } if (ret == 0) { /* H(... || message) */ ret = wc_lms_hash_update(&state->hash, msg, msgSz); } +#ifdef WOLFSSL_LMS_SHA256_192 + if ((ret == 0) && + ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) { + /* Q = H(...) */ + ret = wc_lms_hash_sha256_192_final(&state->hash, q); + } + else +#endif +#ifndef WOLFSSL_NO_LMS_SHA256_256 if (ret == 0) { /* Q = H(...) */ ret = wc_lms_hash_final(&state->hash, q); } + else +#endif + { + ret = NOT_COMPILED_IN; + } return ret; } @@ -684,15 +891,26 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed, ret = wc_lmots_msg_hash(state, msg, msgSz, c, q); if (ret == 0) { /* Calculate checksum list all coefficients. */ - ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls, + ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls, a); } - #ifndef WC_LMS_FULL_HASH +#ifndef WC_LMS_FULL_HASH if (ret == 0) { - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + #endif + } } - #endif /* !WC_LMS_FULL_HASH */ +#endif /* !WC_LMS_FULL_HASH */ /* Compute y for each coefficient. */ for (i = 0; (ret == 0) && (i < params->p); i++) { @@ -702,29 +920,84 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed, * = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */ c16toa(i, ip); *jp = LMS_D_FIXED; - XMEMCPY(tmp, seed, LMS_SEED_LEN); - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ +#ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ /* Apply the hash function coefficient number of times. */ for (j = 0; (ret == 0) && (j < a[i]); j++) { /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ *jp = j; /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ + #ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #endif /* !WC_LMS_FULL_HASH */ } if (ret == 0) { /* y[i] = tmp */ - XMEMCPY(y, tmp, LMS_MAX_NODE_LEN); - y += LMS_MAX_NODE_LEN; + XMEMCPY(y, tmp, params->hash_len); + y += params->hash_len; } } @@ -789,15 +1062,26 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg, } if (ret == 0) { /* Calculate checksum list all coefficients. */ - ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls, + ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls, a); } - #ifndef WC_LMS_FULL_HASH +#ifndef WC_LMS_FULL_HASH if (ret == 0) { - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + #endif + } } - #endif /* !WC_LMS_FULL_HASH */ +#endif /* !WC_LMS_FULL_HASH */ /* Compute z for each coefficient. */ for (i = 0; (ret == 0) && (i < params->p); i++) { @@ -808,30 +1092,69 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg, /* tmp = y[i]. * I || u32(str) || u16str(i) || ... || tmp */ - XMEMCPY(tmp, sig_y, LMS_MAX_NODE_LEN); - sig_y += LMS_MAX_NODE_LEN; + XMEMCPY(tmp, sig_y, params->hash_len); + sig_y += params->hash_len; /* Finish iterations of hash from coefficient to max. */ for (j = a[i]; (ret == 0) && (j < max); j++) { /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ *jp = (word8)j; /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ + #ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + /* Apply the hash function coefficient number of times. */ + #else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #endif /* !WC_LMS_FULL_HASH */ } if (ret == 0) { /* H(... || z[i] || ...) (for calculating Kc). */ - ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN); + ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len); } } +#ifdef WOLFSSL_LMS_SHA256_192 + if ((ret == 0) && + ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) { + /* Kc = H(...) */ + ret = wc_lms_hash_sha256_192_final(&state->hash_k, kc); + } + else +#endif if (ret == 0) { + #ifndef WOLFSSL_NO_LMS_SHA256_256 /* Kc = H(...) */ ret = wc_lms_hash_final(&state->hash_k, kc); + #else + ret = NOT_COMPILED_IN; + #endif } return ret; @@ -879,8 +1202,19 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) ret = wc_lms_hash_first(&state->hash_k, buffer, LMS_K_PRE_LEN); #ifndef WC_LMS_FULL_HASH - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + #endif + } #endif /* !WC_LMS_FULL_HASH */ for (i = 0; (ret == 0) && (i < params->p); i++) { @@ -890,31 +1224,97 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) * = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */ c16toa(i, ip); *jp = LMS_D_FIXED; - XMEMCPY(tmp, seed, LMS_SEED_LEN); - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ +#ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ /* Do all iterations to calculate y. */ for (j = 0; (ret == 0) && (j < max); j++) { /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ *jp = (word8)j; /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ + #ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #endif /* !WC_LMS_FULL_HASH */ } if (ret == 0) { /* K = H(... || y[i] || ...) */ - ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN); + ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len); } } +#ifdef WOLFSSL_LMS_SHA256_192 + if ((ret == 0) && ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) { + /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */ + ret = wc_lms_hash_sha256_192_final(&state->hash_k, k); + } + else +#endif if (ret == 0) { + #ifndef WOLFSSL_NO_LMS_SHA256_256 /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */ ret = wc_lms_hash_final(&state->hash_k, k); + #else + ret = NOT_COMPILED_IN; + #endif } return ret; @@ -935,7 +1335,7 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) static void wc_lmots_public_key_encode(const LmsParams* params, const byte* priv, byte* pub) { - const byte* priv_i = priv + LMS_Q_LEN + LMS_SEED_LEN; + const byte* priv_i = priv + LMS_Q_LEN + params->hash_len; /* u32str(type) || ... || T(1) */ c32toa(params->lmsType, pub); @@ -1016,7 +1416,7 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg, /* Get C or randomizer value from signature. */ const byte* c = sig + LMS_TYPE_LEN; /* Get array y from signature. */ - const byte* y = c + LMS_MAX_NODE_LEN; + const byte* y = c + state->params->hash_len; /* Compute the public key candidate Kc from the signature. */ ret = wc_lmots_compute_kc_from_sig(state, msg, msgSz, c, y, kc); @@ -1032,12 +1432,13 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg, * But use Appendix A to generate x on the fly. * PRIV = SEED | I * - * @param [in] rng Random number generator. - * @param [out] priv Private key data. + * @param [in] rng Random number generator. + * @param [in] seed_len Length of seed to generate. + * @param [out] priv Private key data. */ -static int wc_lmots_make_private_key(WC_RNG* rng, byte* priv) +static int wc_lmots_make_private_key(WC_RNG* rng, word16 seed_len, byte* priv) { - return wc_RNG_GenerateBlock(rng, priv, LMS_SEED_LEN + LMS_I_LEN); + return wc_RNG_GenerateBlock(rng, priv, seed_len + LMS_I_LEN); } /* Generate LM-OTS signature. @@ -1071,20 +1472,60 @@ static int wc_lmots_sign(LmsState* state, const byte* seed, const byte* msg, c16toa(LMS_D_C, ip); /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || ... */ *jp = LMS_D_FIXED; - /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ - XMEMCPY(tmp, seed, LMS_SEED_LEN); - /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) - * sig = u32str(type) || C || ... */ #ifndef WC_LMS_FULL_HASH - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, sig_c); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, sig_c); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, sig_c); + #else + ret = NOT_COMPILED_IN; + #endif + } #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, sig_c); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), sig_c); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), sig_c); + #else + ret = NOT_COMPILED_IN; + #endif + } #endif /* !WC_LMS_FULL_HASH */ if (ret == 0) { - byte* sig_y = sig_c + LMS_MAX_NODE_LEN; + byte* sig_y = sig_c + state->params->hash_len; /* Compute array y. * sig = u32str(type) || C || y[0] || ... || y[p-1] */ @@ -1113,21 +1554,21 @@ static void wc_lms_priv_state_load(const LmsParams* params, LmsPrivState* state, { /* Authentication path data. */ state->auth_path = priv_data; - priv_data += params->height * LMS_MAX_NODE_LEN; + priv_data += params->height * params->hash_len; /* Stack of nodes. */ state->stack.stack = priv_data; - priv_data += (params->height + 1) * LMS_MAX_NODE_LEN; + priv_data += (params->height + 1) * params->hash_len; ato32(priv_data, &state->stack.offset); priv_data += 4; /* Cached root nodes. */ state->root = priv_data; - priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels); + priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len); /* Cached leaf nodes. */ state->leaf.cache = priv_data; - priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits); + priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len); ato32(priv_data, &state->leaf.idx); priv_data += 4; ato32(priv_data, &state->leaf.offset); @@ -1144,18 +1585,18 @@ static void wc_lms_priv_state_store(const LmsParams* params, LmsPrivState* state, byte* priv_data) { /* Authentication path data. */ - priv_data += params->height * LMS_MAX_NODE_LEN; + priv_data += params->height * params->hash_len; /* Stack of nodes. */ - priv_data += (params->height + 1) * LMS_MAX_NODE_LEN; + priv_data += (params->height + 1) * params->hash_len; c32toa(state->stack.offset, priv_data); priv_data += 4; /* Cached root nodes. */ - priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels); + priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len); /* Cached leaf nodes. */ - priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits); + priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len); c32toa(state->leaf.idx, priv_data); priv_data += 4; c32toa(state->leaf.offset, priv_data); @@ -1173,7 +1614,7 @@ static void wc_lms_priv_state_copy(const LmsParams* params, LmsPrivState* dst, const LmsPrivState* src) { XMEMCPY(dst->auth_path, src->auth_path, LMS_PRIV_STATE_LEN(params->height, - params->rootLevels, params->cacheBits)); + params->rootLevels, params->cacheBits, params->hash_len)); dst->stack.offset = src->stack.offset; dst->leaf.idx = src->leaf.idx; dst->leaf.offset = src->leaf.offset; @@ -1229,13 +1670,40 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i, /* I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i] */ c16toa(LMS_D_LEAF, dp); /* temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) */ - #ifndef WC_LMS_FULL_HASH +#ifndef WC_LMS_FULL_HASH /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_54(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, leaf); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, leaf); - #endif /* !WC_LMS_FULL_HASH */ + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + LMS_SHA256_SET_LEN_46(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, leaf); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + LMS_SHA256_SET_LEN_54(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, leaf); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), leaf); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), leaf); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ } return ret; @@ -1259,17 +1727,38 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i, static int wc_lms_interior_hash(LmsState* state, byte* sp, word32 r, byte* node) { + int ret; byte* buffer = state->buffer; byte* rp = buffer + LMS_I_LEN; byte* left = rp + LMS_R_LEN + LMS_D_LEN; /* I || u32str(r) || u16str(D_INTR) || ... || temp */ c32toa(r, rp); - /* left_side = pop(data stack) - * I || u32str(r) || u16str(D_INTR) || left_side || temp */ - XMEMCPY(left, sp, LMS_MAX_NODE_LEN); - /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ - return wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, node); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* left_side = pop(data stack) + * I || u32str(r) || u16str(D_INTR) || left_side || temp */ + XMEMCPY(left, sp, WC_SHA256_192_DIGEST_SIZE); + /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), node); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* left_side = pop(data stack) + * I || u32str(r) || u16str(D_INTR) || left_side || temp */ + XMEMCPY(left, sp, WC_SHA256_DIGEST_SIZE); + /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ + ret = wc_lms_hash(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), node); + #else + ret = NOT_COMPILED_IN; + #endif + } + + return ret; } #ifdef WOLFSSL_WC_LMS_SMALL @@ -1310,7 +1799,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, byte* rp = buffer + LMS_I_LEN; byte* dp = rp + LMS_R_LEN; byte* left = dp + LMS_D_LEN; - byte* temp = left + LMS_MAX_NODE_LEN; + byte* temp = left + params->hash_len; #ifdef WOLFSSL_SMALL_STACK byte* stack = NULL; #else @@ -1324,7 +1813,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + stack = XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -1344,7 +1833,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, /* Store the node if on the authentication path. */ if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) { - XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + XMEMCPY(auth_path, temp, params->hash_len); } /* I || ... || u16str(D_INTR) || ... || temp */ @@ -1359,23 +1848,23 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, /* Calculate interior node hash. * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ - sp -= LMS_MAX_NODE_LEN; + sp -= params->hash_len; ret = wc_lms_interior_hash(state, sp, r, temp); /* Copy out node to authentication path if on path. */ if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) { - XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(auth_path + h * params->hash_len, temp, + params->hash_len); } } /* Push temp onto the data stack. */ - XMEMCPY(sp, temp, LMS_MAX_NODE_LEN); - sp += LMS_MAX_NODE_LEN; + XMEMCPY(sp, temp, params->hash_len); + sp += params->hash_len; } if ((ret == 0) && (pub != NULL)) { /* Public key, root node, is top of data stack. */ - XMEMCPY(pub, stack, LMS_MAX_NODE_LEN); + XMEMCPY(pub, stack, params->hash_len); } #ifdef WOLFSSL_SMALL_STACK XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1449,7 +1938,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, byte* rp = buffer + LMS_I_LEN; byte* dp = rp + LMS_R_LEN; byte* left = dp + LMS_D_LEN; - byte* temp = left + LMS_MAX_NODE_LEN; + byte* temp = left + params->hash_len; #ifdef WOLFSSL_SMALL_STACK byte* stack = NULL; #else @@ -1473,7 +1962,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + stack = XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -1492,12 +1981,12 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, /* Cache leaf node if in range. */ if ((ret == 0) && (i >= leaf->idx) && (i < leaf->idx + max_cb)) { - XMEMCPY(leaf->cache + i * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN); + XMEMCPY(leaf->cache + i * params->hash_len, temp, params->hash_len); } /* Store the node if on the authentication path. */ if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) { - XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + XMEMCPY(auth_path, temp, params->hash_len); } /* I || ... || u16str(D_INTR) || ... || temp */ @@ -1512,25 +2001,25 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, /* Calculate interior node hash. * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ - spi -= LMS_MAX_NODE_LEN; + spi -= params->hash_len; ret = wc_lms_interior_hash(state, stack + spi, r, temp); /* Copy out top root nodes. */ if ((h > params->height - params->rootLevels) && ((i >> (h-1)) != ((i + 1) >> (h - 1)))) { int off = (1 << (params->height - h)) + (i >> h) - 1; - XMEMCPY(root + off * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN); + XMEMCPY(root + off * params->hash_len, temp, params->hash_len); } /* Copy out node to authentication path if on path. */ if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) { - XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(auth_path + h * params->hash_len, temp, + params->hash_len); } } /* Push temp onto the data stack. */ - XMEMCPY(stack + spi, temp, LMS_MAX_NODE_LEN); - spi += LMS_MAX_NODE_LEN; + XMEMCPY(stack + spi, temp, params->hash_len); + spi += params->hash_len; if (i == q - 1) { XMEMCPY(privState->stack.stack, stack, spi); @@ -1584,7 +2073,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, byte* rp = buffer + LMS_I_LEN; byte* dp = rp + LMS_R_LEN; byte* left = dp + LMS_D_LEN; - byte* temp = left + LMS_MAX_NODE_LEN; + byte* temp = left + params->hash_len; #ifdef WOLFSSL_SMALL_STACK byte* stack = NULL; #else @@ -1599,7 +2088,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + stack = XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -1607,7 +2096,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, #endif /* WOLFSSL_SMALL_STACK */ /* Public key, root node, is top of data stack. */ - XMEMCPY(stack, stackCache->stack, params->height * LMS_MAX_NODE_LEN); + XMEMCPY(stack, stackCache->stack, params->height * params->hash_len); sp = stack + stackCache->offset; /* Compute all nodes requested. */ @@ -1620,9 +2109,9 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, if ((i >= leaf->idx) && (i < leaf->idx + max_cb)) { /* Calculate offset of node in cache. */ word32 off = ((i - (leaf->idx + max_cb) + leaf->offset) % max_cb) * - LMS_MAX_NODE_LEN; + params->hash_len; /* Copy cached node into working buffer. */ - XMEMCPY(temp, leaf->cache + off, LMS_MAX_NODE_LEN); + XMEMCPY(temp, leaf->cache + off, params->hash_len); /* I || u32str(i) || ... */ c32toa(i, rp); } @@ -1634,8 +2123,8 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, * the number of leaf nodes. */ if ((i == leaf->idx + max_cb) && (i < (q + max_cb))) { /* Copy working node into cache over old first node. */ - XMEMCPY(leaf->cache + leaf->offset * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(leaf->cache + leaf->offset * params->hash_len, temp, + params->hash_len); /* Increase start index as first node replaced. */ leaf->idx++; /* Update offset of first leaf node. */ @@ -1645,7 +2134,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, /* Store the node if on the authentication path. */ if ((ret == 0) && ((q ^ 0x1) == i)) { - XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + XMEMCPY(auth_path, temp, params->hash_len); } /* I || ... || u16str(D_INTR) || ... || temp */ @@ -1657,14 +2146,14 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, j >>= 1; h++; - sp -= LMS_MAX_NODE_LEN; + sp -= params->hash_len; if (useRoot && (h > params->height - params->rootLevels) && (h <= params->height)) { /* Calculate offset of cached root node. */ word32 off = ((word32)1U << (params->height - h)) + (i >> h) - 1; - XMEMCPY(temp, privState->root + (off * LMS_MAX_NODE_LEN), - LMS_MAX_NODE_LEN); + XMEMCPY(temp, privState->root + (off * params->hash_len), + params->hash_len); } else { /* Calculate interior node hash. @@ -1679,20 +2168,20 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, (h > params->height - params->rootLevels) && ((i >> (h-1)) != ((i + 1) >> (h - 1)))) { int off = (1 << (params->height - h)) + (i >> h) - 1; - XMEMCPY(privState->root + off * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(privState->root + off * params->hash_len, temp, + params->hash_len); } /* Copy out node to authentication path if on path. */ if ((ret == 0) && (((q >> h) ^ 0x1) == j)) { - XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(auth_path + h * params->hash_len, temp, + params->hash_len); } } if (ret == 0) { /* Push temp onto the data stack. */ - XMEMCPY(sp, temp, LMS_MAX_NODE_LEN); - sp += LMS_MAX_NODE_LEN; + XMEMCPY(sp, temp, params->hash_len); + sp += params->hash_len; /* Save stack after updating first node. */ if (i == min_idx) { @@ -1705,7 +2194,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, if (!useRoot) { /* Copy stack back. */ - XMEMCPY(stackCache->stack, stack, params->height * LMS_MAX_NODE_LEN); + XMEMCPY(stackCache->stack, stack, params->height * params->hash_len); stackCache->offset = (word32)((size_t)sp - (size_t)stack); } @@ -1746,7 +2235,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg, byte* s = sig; const byte* priv_q = priv; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + params->hash_len; /* Setup for hashing: I || Q */ XMEMCPY(buffer, priv_i, LMS_I_LEN); @@ -1765,7 +2254,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg, ret = wc_lmots_sign(state, priv_seed, msg, msgSz, s); if (ret == 0) { /* Skip over ots_signature. */ - s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN; + s += params->hash_len + params->p * params->hash_len; /* S = u32str(q) || ots_signature || u32str(type) || ... */ c32toa(params->lmsType, s); } @@ -1791,8 +2280,8 @@ static void wc_lms_sig_copy(const LmsParams* params, const byte* y, c32toa(params->lmOtsType, sig); sig += LMS_TYPE_LEN; /* S = u32str(q) || ots_signature || ... */ - XMEMCPY(sig, y, LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN); - sig += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN; + XMEMCPY(sig, y, params->hash_len + params->p * params->hash_len); + sig += params->hash_len + params->p * params->hash_len; /* S = u32str(q) || ots_signature || u32str(type) || ... */ c32toa(params->lmsType, sig); } @@ -1835,22 +2324,64 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc, byte* rp = buffer + LMS_I_LEN; byte* ip = rp + LMS_Q_LEN; byte* node = ip + LMS_P_LEN; - byte* b[2][2] = { { node, node + LMS_MAX_NODE_LEN }, - { node + LMS_MAX_NODE_LEN, node } }; + byte* b[2][2]; /* node_num = 2^h + q */ word32 r = (1 << params->height) + q; /* tmp = H(I || u32str(node_num) || u16str(D_LEAF) || Kc) */ c32toa(r, rp); c16toa(LMS_D_LEAF, ip); - XMEMCPY(node, kc, LMS_MAX_NODE_LEN); + XMEMCPY(node, kc, params->hash_len); /* Put tmp into offset required for first iteration. */ #ifndef WC_LMS_FULL_HASH /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_54(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + b[0][0] = node; + b[0][1] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][1] = node; + LMS_SHA256_SET_LEN_46(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, b[r & 1][0]); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + b[0][0] = node; + b[0][1] = node + WC_SHA256_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_DIGEST_SIZE; + b[1][1] = node; + LMS_SHA256_SET_LEN_54(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]); + #else + ret = NOT_COMPILED_IN; + #endif + } #else - ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, b[r & 1][0]); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + b[0][0] = node; + b[0][1] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][1] = node; + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + b[0][0] = node; + b[0][1] = node + WC_SHA256_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_DIGEST_SIZE; + b[1][1] = node; + ret = wc_lms_hash(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]); + #else + ret = NOT_COMPILED_IN; + #endif + } #endif /* !WC_LMS_FULL_HASH */ if (ret == 0) { @@ -1860,33 +2391,78 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc, c16toa(LMS_D_INTR, ip); /* Do all but last height. */ - for (i = 0; (ret == 0) && (i < params->height - 1); i++) { - /* Put path into offset required. */ - XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN); - path += LMS_MAX_NODE_LEN; - - /* node_num = node_num / 2 */ - r >>= 1; - /* H(...||u32str(node_num/2)||..) */ - c32toa(r, rp); - /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or - * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) - * Put tmp result into offset required for next iteration. */ - ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, - b[r & 1][0]); + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + for (i = 0; (ret == 0) && (i < params->height - 1); i++) { + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE); + path += WC_SHA256_192_DIGEST_SIZE; + + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into offset required for next iteration. */ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]); + } + if (ret == 0) { + /* Last height. */ + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE); + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into Tc.*/ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), tc); + } } - if (ret == 0) { - /* Last height. */ - /* Put path into offset required. */ - XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN); - /* node_num = node_num / 2 */ - r >>= 1; - /* H(...||u32str(node_num/2)||..) */ - c32toa(r, rp); - /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or - * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) - * Put tmp result into Tc.*/ - ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, tc); + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + for (i = 0; (ret == 0) && (i < params->height - 1); i++) { + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE); + path += WC_SHA256_DIGEST_SIZE; + + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into offset required for next iteration. */ + ret = wc_lms_hash(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]); + } + if (ret == 0) { + /* Last height. */ + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE); + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into Tc.*/ + ret = wc_lms_hash(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), tc); + } + #else + ret = NOT_COMPILED_IN; + #endif } } @@ -1959,7 +2535,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg, if (ret == 0) { /* Algorithm 6a. Step 2.j. */ const byte* sig_path = sig + LMS_Q_LEN + LMS_TYPE_LEN + - LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN; + params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN; word32 q; /* Algorithm 6a. Step 2.a. */ @@ -1969,7 +2545,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg, ret = wc_lms_compute_root(state, q, kc, sig_path, tc); } /* Algorithm 6. Step 4. */ - if ((ret == 0) && (XMEMCMP(pub_k, tc, LMS_MAX_NODE_LEN) != 0)) { + if ((ret == 0) && (XMEMCMP(pub_k, tc, params->hash_len) != 0)) { ret = SIG_VERIFY_E; } @@ -2010,26 +2586,85 @@ static int wc_hss_derive_seed_i(LmsState* state, const byte* id, /* parent's I || q || D_CHILD_SEED || D_FIXED || ... */ *jp = LMS_D_FIXED; /* parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED */ - XMEMCPY(tmp, seed, LMS_SEED_LEN); + XMEMCPY(tmp, seed, state->params->hash_len); /* SEED = H(parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED) */ #ifndef WC_LMS_FULL_HASH - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, seed_i); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, seed_i); + if (ret == 0) { + seed_i += WC_SHA256_192_DIGEST_SIZE; + } + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, seed_i); + if (ret == 0) { + seed_i += WC_SHA256_DIGEST_SIZE; + } + #else + ret = NOT_COMPILED_IN; + #endif + } #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, seed_i); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), seed_i); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), seed_i); + #else + ret = NOT_COMPILED_IN; + #endif + } #endif /* !WC_LMS_FULL_HASH */ if (ret == 0) { - seed_i += LMS_SEED_LEN; /* parent's I || q || D_CHILD_I || D_FIXED || parent's SEED */ c16toa(LMS_D_CHILD_I, ip); /* I = H(parent's I || q || D_CHILD_I || D_FIXED || parent's SEED) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ +#ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ /* Copy part of hash as new I into private key. */ XMEMCPY(seed_i, tmp, LMS_I_LEN); } @@ -2080,7 +2715,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv, } else { /* Copy out SEED and I into private key. */ - XMEMCPY(priv + LMS_Q_LEN, priv_raw, LMS_SEED_I_LEN); + XMEMCPY(priv + LMS_Q_LEN, priv_raw, params->hash_len + LMS_I_LEN); } /* Compute SEED and I for rest of levels. */ @@ -2104,7 +2739,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv, priv_q = priv; priv += LMS_Q_LEN; priv_seed_i = priv; - priv += LMS_SEED_I_LEN; + priv += params->hash_len + LMS_I_LEN; /* Get q for level from 64-bit composite. */ q32 = w64GetLow32(w64ShiftRight(q, (params->levels - 1 - i) * @@ -2114,7 +2749,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv, if (!skip) { /* Derive SEED and I into private key. */ - ret = wc_hss_derive_seed_i(state, priv_seed_i + LMS_SEED_LEN, + ret = wc_hss_derive_seed_i(state, priv_seed_i + params->hash_len, priv_seed_i, priv_q, priv + LMS_Q_LEN); } } @@ -2146,8 +2781,8 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState, priv_q = priv; priv += LMS_Q_LEN; priv_seed = curr + LMS_Q_LEN; - priv += LMS_SEED_LEN; - priv_i = curr + LMS_Q_LEN + LMS_SEED_LEN; + priv += params->hash_len; + priv_i = curr + LMS_Q_LEN + params->hash_len; priv += LMS_I_LEN; ato32(curr, &pq); @@ -2164,7 +2799,7 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState, if (ret == 0) { /* Update treehash for first leaf. */ ret = wc_lms_treehash_update(state, privState, - priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, 0, q, 0, 0); + priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN, 0, q, 0, 0); } return ret; @@ -2186,7 +2821,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, byte* priv = priv_key->next_priv; int i; w64wrapper p64 = q64; - byte tmp_priv[LMS_PRIV_LEN]; + byte tmp_priv[LMS_PRIV_LEN(LMS_MAX_NODE_LEN)]; int use_tmp = 0; int lastQMax = 0; w64wrapper p64_hi; @@ -2206,7 +2841,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, cp64_hi = w64ShiftRight(p64, (params->levels - i - 1) * params->height); cq64_hi = w64ShiftRight(q64, (params->levels - i - 1) * params->height); /* Get the q for the child. */ - ato32(curr + LMS_PRIV_LEN, &qc); + ato32(curr + LMS_PRIV_LEN(params->hash_len), &qc); /* Compare index of parent node with previous value. */ if (w64LT(p64_hi, q64_hi)) { @@ -2225,25 +2860,25 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, if (lastQMax) { /* Calculate new SEED and I based on new subtree. */ ret = wc_hss_derive_seed_i(state, - priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, tmp_priv, - tmp_priv + LMS_Q_LEN); + priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN, + tmp_priv, tmp_priv + LMS_Q_LEN); } else { /* Calculate new SEED and I based on parent. */ ret = wc_hss_derive_seed_i(state, - curr + LMS_Q_LEN + LMS_SEED_LEN, curr + LMS_Q_LEN, priv, + curr + LMS_Q_LEN + params->hash_len, curr + LMS_Q_LEN, priv, tmp_priv + LMS_Q_LEN); } /* Values not stored so note that they are in temporary. */ use_tmp = 1; /* Set the the q. */ - XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN, LMS_Q_LEN); + XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN(params->hash_len), LMS_Q_LEN); } lastQMax = (qc == ((word32)1 << params->height) - 1); - curr += LMS_PRIV_LEN; - priv += LMS_PRIV_LEN; + curr += LMS_PRIV_LEN(params->hash_len); + priv += LMS_PRIV_LEN(params->hash_len); p64_hi = cp64_hi; q64_hi = cq64_hi; } @@ -2265,18 +2900,18 @@ static int wc_hss_next_subtrees_init(LmsState* state, HssPrivKey* priv_key) byte* priv = priv_key->next_priv; int i; - XMEMCPY(priv, curr, LMS_PRIV_LEN); + XMEMCPY(priv, curr, LMS_PRIV_LEN(params->hash_len)); wc_lms_idx_inc(priv, LMS_Q_LEN); for (i = 1; (ret == 0) && (i < params->levels); i++) { word32 q; - ato32(curr + LMS_PRIV_LEN, &q); + ato32(curr + LMS_PRIV_LEN(params->hash_len), &q); ret = wc_lms_next_subtree_init(state, &priv_key->next_state[i - 1], curr, priv, q); - curr += LMS_PRIV_LEN; - priv += LMS_PRIV_LEN; + curr += LMS_PRIV_LEN(params->hash_len); + priv += LMS_PRIV_LEN(params->hash_len); } return ret; @@ -2296,14 +2931,15 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key, { int ret = 0; int levels = state->params->levels; - byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1); + byte* priv = priv_key->priv + + LMS_PRIV_LEN(state->params->hash_len) * (levels - 1); int l; for (l = levels - 1; (ret == 0) && (l >= 0); l--) { word32 q; const byte* priv_q = priv; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + state->params->hash_len; /* Get current q for tree at level. */ ato32(priv_q, &q); @@ -2312,11 +2948,11 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key, priv_seed, q); /* Move onto next level's data. */ - priv -= LMS_PRIV_LEN; + priv -= LMS_PRIV_LEN(state->params->hash_len); } if ((ret == 0) && (pub_root != NULL)) { - XMEMCPY(pub_root, priv_key->state[0].root, LMS_MAX_NODE_LEN); + XMEMCPY(pub_root, priv_key->state[0].root, state->params->hash_len); } return ret; @@ -2343,7 +2979,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, { const LmsParams* params = state->params; int ret = 0; - byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1); + byte* priv = priv_key->priv + LMS_PRIV_LEN(params->hash_len) * (levels - 1); int i; #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING w64wrapper q64; @@ -2358,13 +2994,12 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, word32 q; const byte* priv_q = priv; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + params->hash_len; LmsPrivState* privState = &priv_key->state[i]; /* Get q for tree at level. */ ato32(priv_q, &q); #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING - if ((levels > 1) && (i == levels - 1) && (q == 0)) { /* New sub-tree. */ ret = wc_hss_next_subtree_inc(state, priv_key, q64); @@ -2399,9 +3034,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, /* If different then copy in cached hash. */ if ((qa != qm1a) && (qa > maxq)) { int off = (1 << (params->height - h)) + (qa >> h) - 1; - XMEMCPY(privState->auth_path + h * LMS_MAX_NODE_LEN, - privState->root + off * LMS_MAX_NODE_LEN, - LMS_MAX_NODE_LEN); + XMEMCPY(privState->auth_path + h * params->hash_len, + privState->root + off * params->hash_len, + params->hash_len); } } /* Update the treehash and calculate the extra indices for @@ -2415,9 +3050,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, w64Increment(&tmp64); tmp64 = w64ShiftLeft(tmp64, 64 - (i * params->height)); if (!w64IsZero(tmp64)) { - priv_seed = priv_key->next_priv + i * LMS_PRIV_LEN + - LMS_Q_LEN; - priv_i = priv_seed + LMS_SEED_LEN; + priv_seed = priv_key->next_priv + + i * LMS_PRIV_LEN(params->hash_len) + LMS_Q_LEN; + priv_i = priv_seed + params->hash_len; privState = &priv_key->next_state[i - 1]; ret = wc_lms_treehash_update(state, privState, priv_i, @@ -2429,7 +3064,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, } /* Move onto next level's data. */ - priv -= LMS_PRIV_LEN; + priv -= LMS_PRIV_LEN(params->hash_len); } return ret; @@ -2446,21 +3081,21 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key) int ret = 0; const LmsParams* params = state->params; byte* buffer = state->buffer; - byte pub[LMS_PUBKEY_LEN]; - byte* root = pub + LMS_PUBKEY_LEN - LMS_MAX_NODE_LEN; + byte pub[LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN)]; + byte* root = pub + LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN) - params->hash_len; byte* priv = priv_key->priv; int i; for (i = params->levels - 2; i >= 0; i--) { - const byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + const byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); const byte* priv_q = p; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + params->hash_len; /* ... || T(1) */ - XMEMCPY(root, priv_key->state[i + 1].root, LMS_MAX_NODE_LEN); + XMEMCPY(root, priv_key->state[i + 1].root, params->hash_len); /* u32str(type) || u32str(otstype) || I || T(1) */ - p = priv + (i + 1) * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + p = priv + (i + 1) * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); wc_lmots_public_key_encode(params, p, pub); /* Setup for hashing: I || Q || ... */ @@ -2468,8 +3103,9 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key) XMEMCPY(buffer + LMS_I_LEN, priv_q, LMS_Q_LEN); /* LM-OTS Sign this level. */ - ret = wc_lmots_sign(state, priv_seed, pub, LMS_PUBKEY_LEN, - priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p)); + ret = wc_lmots_sign(state, priv_seed, pub, + LMS_PUBKEY_LEN(params->hash_len), + priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len)); } return ret; @@ -2492,25 +3128,25 @@ static void wc_hss_priv_data_load(const LmsParams* params, HssPrivKey* key, /* Expanded private keys. */ key->priv = priv_data; - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); #ifndef WOLFSSL_WC_LMS_SMALL for (l = 0; l < params->levels; l++) { /* Caches for subtree. */ wc_lms_priv_state_load(params, &key->state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING /* Next subtree's expanded private keys. */ key->next_priv = priv_data; - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); for (l = 0; l < params->levels - 1; l++) { /* Next subtree's caches. */ wc_lms_priv_state_load(params, &key->next_state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */ @@ -2536,22 +3172,22 @@ static void wc_hss_priv_data_store(const LmsParams* params, HssPrivKey* key, (void)key; /* Expanded private keys. */ - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); for (l = 0; l < params->levels; l++) { /* Caches for subtrees. */ wc_lms_priv_state_store(params, &key->state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING /* Next subtree's expanded private keys. */ - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); for (l = 0; l < params->levels - 1; l++) { /* Next subtree's caches. */ wc_lms_priv_state_store(params, &key->next_state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */ @@ -2632,7 +3268,8 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, /* Set the LMS and LM-OTS types for each level. */ for (i = 0; i < params->levels; i++) { - p[i] = (params->lmsType << 4) + params->lmOtsType; + p[i] = ((params->lmsType & LMS_H_W_MASK) << 4) + + (params->lmOtsType & LMS_H_W_MASK); } /* Set rest of levels to an invalid value. */ for (; i < HSS_MAX_LEVELS; i++) { @@ -2641,7 +3278,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, p += HSS_PRIV_KEY_PARAM_SET_LEN; /* Make the private key. */ - ret = wc_lmots_make_private_key(rng, p); + ret = wc_lmots_make_private_key(rng, params->hash_len, p); if (ret == 0) { /* Set the levels into the public key data. */ @@ -2653,7 +3290,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, #ifdef WOLFSSL_WC_LMS_SMALL if (ret == 0) { byte* priv_seed = priv_key->priv + LMS_Q_LEN; - byte* priv_i = priv_seed + LMS_SEED_LEN; + byte* priv_i = priv_seed + params->hash_len; /* Compute the root of the highest tree to get the root for public key. */ @@ -2742,24 +3379,24 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key, /* Build from bottom up. */ for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) { - byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); byte* root = NULL; /* Move to start of next signature at this level. */ - sig -= LMS_SIG_LEN(params->height, params->p); + sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len); if (i != 0) { /* Put root node into signature at this index. */ - root = sig - LMS_MAX_NODE_LEN; + root = sig - params->hash_len; } /* Sign using LMS for this level. */ ret = wc_lms_sign(state, p, msg, msgSz, sig); if (ret == 0) { - byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + - params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN; + byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + params->hash_len + + params->p * params->hash_len + LMS_TYPE_LEN; byte* priv_q = p; byte* priv_seed = priv_q + LMS_Q_LEN; - byte* priv_i = priv_seed + LMS_SEED_LEN; + byte* priv_i = priv_seed + params->hash_len; word32 q32; /* Get Q from private key as a number. */ @@ -2769,9 +3406,9 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key, } if ((ret == 0) && (i != 0)) { /* Create public data for this level if there is another. */ - sig -= LMS_PUBKEY_LEN; + sig -= LMS_PUBKEY_LEN(params->hash_len); msg = sig; - msgSz = LMS_PUBKEY_LEN; + msgSz = LMS_PUBKEY_LEN(params->hash_len); wc_lmots_public_key_encode(params, p, sig); } } @@ -2839,7 +3476,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, /* Build from bottom up. */ for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) { - byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); byte* root = NULL; #ifndef WOLFSSL_LMS_NO_SIG_CACHE int store_p = 0; @@ -2850,10 +3487,10 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ /* Move to start of next signature at this level. */ - sig -= LMS_SIG_LEN(params->height, params->p); + sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len); if (i != 0) { /* Put root node into signature at this index. */ - root = sig - LMS_MAX_NODE_LEN; + root = sig - params->hash_len; } #ifndef WOLFSSL_LMS_NO_SIG_CACHE @@ -2861,7 +3498,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, * can reuse. */ if ((i < params->levels - 1) && (q_32 == qm1_32)) { wc_lms_sig_copy(params, priv_key->y + - i * LMS_PRIV_Y_TREE_LEN(params->p), p, sig); + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), p, sig); } else #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ @@ -2879,26 +3516,27 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, /* Check if we computed new C and p hashes. */ if (store_p) { /* Cache the C and p hashes. */ - XMEMCPY(priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p), s, - LMS_PRIV_Y_TREE_LEN(params->p)); + XMEMCPY(priv_key->y + + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), s, + LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len)); } #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ - s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + + s += params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN; /* Copy the authentication path out of the private key. */ XMEMCPY(s, priv_key->state[i].auth_path, - params->height * LMS_MAX_NODE_LEN); + params->height * params->hash_len); /* Copy the root node into signature unless at top. */ if (i != 0) { - XMEMCPY(root, priv_key->state[i].root, LMS_MAX_NODE_LEN); + XMEMCPY(root, priv_key->state[i].root, params->hash_len); } } if ((ret == 0) && (i != 0)) { /* Create public data for this level if there is another. */ - sig -= LMS_PUBKEY_LEN; + sig -= LMS_PUBKEY_LEN(params->hash_len); msg = sig; - msgSz = LMS_PUBKEY_LEN; + msgSz = LMS_PUBKEY_LEN(params->hash_len); wc_lmots_public_key_encode(params, p, sig); } } @@ -3074,14 +3712,15 @@ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, for (i = 0; (ret == 0) && (i < nspk); i++) { /* Line 7: Get start of public key in signature. */ const byte* pubList = sig + LMS_Q_LEN + LMS_TYPE_LEN + - LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN + - params->height * LMS_MAX_NODE_LEN; + params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN + + params->height * params->hash_len; /* Line 8: Verify the LMS signature with public key as message. */ - ret = wc_lms_verify(state, key, pubList, LMS_PUBKEY_LEN, sig); + ret = wc_lms_verify(state, key, pubList, + LMS_PUBKEY_LEN(params->hash_len), sig); /* Line 10: Next key is from signature. */ key = pubList; /* Line 6: Move to start of next signature. */ - sig = pubList + LMS_PUBKEY_LEN; + sig = pubList + LMS_PUBKEY_LEN(params->hash_len); } } if (ret == 0) { diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 772231ba0d..7fe2d35ab1 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -365,6 +365,13 @@ int wolfCrypt_Init(void) return ret; } #endif + #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))) + if ((ret = wc_ecc_oid_cache_init()) != 0) { + WOLFSSL_MSG("Error creating ECC oid cache"); + return ret; + } + #endif #endif #ifdef WOLFSSL_SCE @@ -456,6 +463,10 @@ int wolfCrypt_Cleanup(void) #ifdef ECC_CACHE_CURVE wc_ecc_curve_cache_free(); #endif + #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))) + wc_ecc_oid_cache_free(); + #endif #endif /* HAVE_ECC */ #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) diff --git a/wolfcrypt/test/include.am b/wolfcrypt/test/include.am index 64d0f1a4f1..4e059dfa62 100644 --- a/wolfcrypt/test/include.am +++ b/wolfcrypt/test/include.am @@ -26,5 +26,9 @@ endif EXTRA_DIST += wolfcrypt/test/test.sln EXTRA_DIST += wolfcrypt/test/test.vcproj +EXTRA_DIST += wolfcrypt/test/test-VS2022.sln +EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj +EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj.user + EXTRA_DIST += wolfcrypt/test/README.md DISTCLEANFILES+= wolfcrypt/test/.libs/testwolfcrypt diff --git a/wolfcrypt/test/test-VS2022.sln b/wolfcrypt/test/test-VS2022.sln new file mode 100644 index 0000000000..557627482c --- /dev/null +++ b/wolfcrypt/test/test-VS2022.sln @@ -0,0 +1,87 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.11.35327.3 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test-VS2022", "test-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}" + ProjectSection(SolutionItems) = preProject + ..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h + ..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|ARM64 = Debug|ARM64 + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + DLL Debug|ARM64 = DLL Debug|ARM64 + DLL Debug|x64 = DLL Debug|x64 + DLL Debug|x86 = DLL Debug|x86 + DLL Release|ARM64 = DLL Release|ARM64 + DLL Release|x64 = DLL Release|x64 + DLL Release|x86 = DLL Release|x86 + Release|ARM64 = Release|ARM64 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA} + EndGlobalSection +EndGlobal diff --git a/wolfcrypt/test/test-VS2022.vcxproj b/wolfcrypt/test/test-VS2022.vcxproj new file mode 100644 index 0000000000..ed79d62efe --- /dev/null +++ b/wolfcrypt/test/test-VS2022.vcxproj @@ -0,0 +1,162 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + 17.0 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21} + Win32Proj + + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>17.0.35327.3 + + + Debug\ + Debug\ + true + + + true + + + Release\ + Release\ + true + + + true + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + EditAndContinue + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + MachineX86 + + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + MachineX86 + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + + + + {12226dbe-7278-4dfa-a119-5a0294cf0b33} + + + + + + diff --git a/wolfcrypt/test/test-VS2022.vcxproj.user b/wolfcrypt/test/test-VS2022.vcxproj.user new file mode 100644 index 0000000000..2219efc160 --- /dev/null +++ b/wolfcrypt/test/test-VS2022.vcxproj.user @@ -0,0 +1,7 @@ + + + + $(ProjectDir)../../ + WindowsLocalDebugger + + diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 1f3c54c1e1..f158ee5e4b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -491,12 +491,16 @@ typedef struct testVector { size_t outLen; } testVector; -#ifndef WOLFSSL_TEST_SUBROUTINE -#define WOLFSSL_TEST_SUBROUTINE +#ifdef WOLFCRYPT_TEST_LINT + #define WOLFSSL_TEST_SUBROUTINE static +#else + PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"") + PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"") #endif -PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"") -PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"") +#ifndef WOLFSSL_TEST_SUBROUTINE + #define WOLFSSL_TEST_SUBROUTINE +#endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void); @@ -521,7 +525,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void); +#ifdef WOLFSSL_SM3 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void); +#endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void); @@ -555,7 +561,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void); +#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void); +#endif #ifdef WC_SRTP_KDF WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void); #endif @@ -570,6 +578,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void); #if defined(WOLFSSL_AES_CFB) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void); #endif @@ -604,7 +614,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void); #endif /* WC_NO_RNG */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void); +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); +#endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void); #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */ @@ -663,8 +678,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); #endif #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \ - defined(HAVE_LIBLMS) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); #endif #endif @@ -709,7 +724,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void); #endif #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN) + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void); #endif #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ @@ -725,7 +740,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void); #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void); #endif -#ifdef ASN_BER_TO_DER +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void); @@ -841,11 +858,11 @@ static void render_error_message(const char* msg, wc_test_ret_t es) * stores an error string in the supplied buffer. this is all most * infelicitous... */ -#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) && \ +#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) && \ (defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) && \ - ((defined(__GLIBC__) && (__GLIBC__ >= 2)) || \ - (defined(__USE_XOPEN2K) && \ - defined(_POSIX_C_SOURCE) && \ + ((defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_GNU)) || \ + (defined(__USE_XOPEN2K) && \ + defined(_POSIX_C_SOURCE) && \ (_POSIX_C_SOURCE >= 200112L))) char errno_buf[64], *errno_string; @@ -918,6 +935,76 @@ static void myFipsCb(int ok, int err, const char* hash) } #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */ +#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS) + +#if !defined(NO_AES) +static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code) +{ + int ret; + Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); + if (aes == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_AesInit(aes, heap, thisDevId); + if (ret != 0) { + XFREE(aes, heap, DYNAMIC_TYPE_AES); + aes = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return aes; +} +static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p) +{ + if (aes == NULL) + return BAD_FUNC_ARG; + wc_AesFree(aes); + XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + if (aes_p != NULL) + *aes_p = NULL; + return 0; +} +#endif /* !NO_AES */ + +#if !defined(NO_RSA) +static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code) +{ + int ret; + RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_InitRsaKey_ex(key, heap, thisDevId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_RSA); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} +static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) +{ + if (key == NULL) + return BAD_FUNC_ARG; + wc_FreeRsaKey(key); + XFREE(key, key->heap, DYNAMIC_TYPE_RSA); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !NO_RSA */ + +#endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */ + #ifdef WOLFSSL_STATIC_MEMORY #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ) static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ]; @@ -1882,6 +1969,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #endif #ifndef NO_AES + /* key sizes, ECB and Direct tests */ if ( (ret = aes_test()) != 0) TEST_FAIL("AES test failed!\n", ret); else @@ -1902,6 +1990,20 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ TEST_PASS("AES256 test passed!\n"); #endif +#ifdef HAVE_AES_CBC + if ( (ret = aes_cbc_test()) != 0) + TEST_FAIL("AES-CBC test failed!\n", ret); + else + TEST_PASS("AES-CBC test passed!\n"); +#endif + +#ifdef WOLFSSL_AES_COUNTER + if ( (ret = aes_ctr_test()) != 0) + TEST_FAIL("AES-CTR test failed!\n", ret); + else + TEST_PASS("AES-CTR test passed!\n"); +#endif + #ifdef WOLFSSL_AES_OFB if ( (ret = aesofb_test()) != 0) TEST_FAIL("AES-OFB test failed!\n", ret); @@ -1960,7 +2062,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ else TEST_PASS("AES-SIV test passed!\n"); #endif -#endif +#endif /* !NO_AES */ #if defined(WOLFSSL_AES_EAX) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) @@ -2199,8 +2301,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ #if defined(WOLFSSL_HAVE_LMS) #if !defined(WOLFSSL_SMALL_STACK) - #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \ - defined(HAVE_LIBLMS) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) if ( (ret = lms_test_verify_only()) != 0) TEST_FAIL("LMS Vfy test failed!\n", ret); else @@ -2588,7 +2690,7 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, #ifndef WOLFSSL_NO_MALLOC byte* pem; #else - byte pem[1024]; + byte pem[2048]; #endif int pemSz; @@ -2604,28 +2706,36 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, } #else if (pemSz > (int)sizeof(pem)) - return BAD_FUNC_ARG; + return WC_TEST_RET_ENC_EC(BAD_FUNC_ARG); #endif /* Convert to PEM */ pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType); if (pemSz < 0) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I); } #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) pemFile = XFOPEN(filePem, "wb"); if (!pemFile) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I); } ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile); XFCLOSE(pemFile); if (ret != pemSz) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I); } #endif + #ifndef WOLFSSL_NO_MALLOC XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif } #endif /* WOLFSSL_DER_TO_PEM */ @@ -5899,7 +6009,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void) #ifndef NO_HASH_WRAPPER WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) { - wc_HashAlg hash; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_HashAlg *hash = NULL; +#else + wc_HashAlg hash[1]; +#endif int ret, exp_ret; int i, j; int digestSz; @@ -5957,6 +6071,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) WOLFSSL_ENTER("hash_test"); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId, &ret); + if (hash == NULL) { + return WC_TEST_RET_ENC_EC(ret); + } +#else + XMEMSET(hash, 0, sizeof(wc_HashAlg)); +#endif + /* Parameter Validation testing. */ ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) @@ -5964,7 +6087,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); - ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); + ret = wc_HashUpdate(hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data)); @@ -5973,7 +6096,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); - ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL); + ret = wc_HashFinal(hash, WC_HASH_TYPE_SHA256, NULL); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_EC(ret); ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out); @@ -5982,16 +6105,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) /* Try invalid hash algorithms. */ for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) { - ret = wc_HashInit(&hash, typesBad[i]); + ret = wc_HashInit(hash, typesBad[i]); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_I(i); - ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data)); + ret = wc_HashUpdate(hash, typesBad[i], data, sizeof(data)); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_I(i); - ret = wc_HashFinal(&hash, typesBad[i], out); + ret = wc_HashFinal(hash, typesBad[i], out); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) return WC_TEST_RET_ENC_I(i); - wc_HashFree(&hash, typesBad[i]); + wc_HashFree(hash, typesBad[i]); } /* Try valid hash algorithms. */ @@ -6002,16 +6125,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) exp_ret = HASH_TYPE_E; j++; } - ret = wc_HashInit(&hash, typesGood[i]); + ret = wc_HashInit(hash, typesGood[i]); if (ret != exp_ret) return WC_TEST_RET_ENC_I(i); - ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data)); + ret = wc_HashUpdate(hash, typesGood[i], data, sizeof(data)); if (ret != exp_ret) return WC_TEST_RET_ENC_I(i); - ret = wc_HashFinal(&hash, typesGood[i], out); + ret = wc_HashFinal(hash, typesGood[i], out); if (ret != exp_ret) return WC_TEST_RET_ENC_I(i); - wc_HashFree(&hash, typesGood[i]); + wc_HashFree(hash, typesGood[i]); digestSz = wc_HashGetDigestSize(typesGood[i]); if (exp_ret < 0 && digestSz != exp_ret) @@ -6232,6 +6355,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) return WC_TEST_RET_ENC_EC(ret); #endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + (void)wc_HashDelete(hash, &hash); +#endif + return 0; } #endif /* !NO_HASH_WRAPPER */ @@ -9194,18 +9321,28 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, WOLFSSL_ENTER("aesofb_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(-1, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(-1, out); -#endif -#endif - - XMEMSET(enc, 0, sizeof *enc); + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif + ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - XMEMSET(dec, 0, sizeof *dec); + ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ #ifdef WOLFSSL_AES_128 /* 128 key size test */ @@ -9218,16 +9355,6 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, } #endif - ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #endif - ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -9449,19 +9576,21 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ - out: + out: + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); + #else wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - wc_AesFree(dec); -#endif -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#ifdef HAVE_AES_DECRYPT - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif -#endif + #endif + #ifdef HAVE_AES_DECRYPT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); + #else + wc_AesFree(dec); + #endif + #endif #endif /* WOLFSSL_AES_256 */ return ret; @@ -9479,17 +9608,15 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE * 4]; - #ifdef HAVE_AES_DECRYPT -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) +#ifdef HAVE_AES_DECRYPT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *dec = NULL; -#else + #else Aes dec[1]; -#endif - int dec_inited = 0; - byte plain [AES_BLOCK_SIZE * 4]; #endif + byte plain [AES_BLOCK_SIZE * 4]; +#endif wc_test_ret_t ret = 0; WOLFSSL_SMALL_STACK_STATIC const byte iv[] = { @@ -9595,26 +9722,28 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#endif - + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ #ifdef WOLFSSL_AES_128 /* 128 key tests */ @@ -9779,17 +9908,16 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, out: - if (enc_inited) - wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); -#endif - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif #ifdef HAVE_AES_DECRYPT - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); #endif #endif @@ -9804,7 +9932,6 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE]; #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -9812,7 +9939,6 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #else Aes dec[1]; #endif - int dec_inited = 0; byte plain [AES_BLOCK_SIZE]; #endif wc_test_ret_t ret = 0; @@ -9893,26 +10019,28 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif - +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ #ifdef WOLFSSL_AES_128 /* 128 key tests */ @@ -10042,19 +10170,18 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, out: - if (enc_inited) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); #endif - + #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#ifdef HAVE_AES_DECRYPT - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); #endif + #endif return ret; } @@ -10066,7 +10193,6 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE]; #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -10074,7 +10200,6 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #else Aes dec[1]; #endif - int dec_inited = 0; byte plain [AES_BLOCK_SIZE]; #endif wc_test_ret_t ret = 0; @@ -10152,26 +10277,28 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#endif - + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ #ifdef WOLFSSL_AES_128 /* 128 key tests */ @@ -10255,31 +10382,30 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, out: - if (enc_inited) - wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); -#endif - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#ifdef HAVE_AES_DECRYPT - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); #endif + #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); #endif + #endif return ret; } #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ #endif /* WOLFSSL_AES_CFB */ - +#ifndef HAVE_RENESAS_SYNC static wc_test_ret_t aes_key_size_test(void) { wc_test_ret_t ret; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *aes; + Aes *aes = NULL; #else Aes aes[1]; #endif @@ -10300,8 +10426,14 @@ static wc_test_ret_t aes_key_size_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - return WC_TEST_RET_ENC_ERRNO; + aes = wc_AesNew(HEAP_HINT, devId, &ret); + if (aes == NULL) + return WC_TEST_RET_ENC_EC(ret); +#else + ret = wc_AesInit(aes, HEAP_HINT, devId); + /* 0 check OK for FIPSv1 */ + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #if !defined(HAVE_FIPS) || \ @@ -10313,11 +10445,6 @@ static wc_test_ret_t aes_key_size_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif - ret = wc_AesInit(aes, HEAP_HINT, devId); - /* 0 check OK for FIPSv1 */ - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #ifndef HAVE_FIPS /* Parameter Validation testing. */ ret = wc_AesGetKeySize(NULL, NULL); @@ -10400,13 +10527,15 @@ static wc_test_ret_t aes_key_size_test(void) ret = 0; /* success */ out: - wc_AesFree(aes); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, &aes); +#else + wc_AesFree(aes); #endif return ret; } +#endif /* !HAVE_RENESAS_SYNC */ #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) @@ -12684,8 +12813,9 @@ static wc_test_ret_t aes_xts_args_test(void) #endif /* WOLFSSL_AES_128 */ #endif /* WOLFSSL_AES_XTS && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */ -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) -static wc_test_ret_t aes_cbc_test(void) +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + !defined(HAVE_RENESAS_SYNC) +static wc_test_ret_t aes_cbc_oneshot_test(void) { byte cipher[AES_BLOCK_SIZE]; byte plain[AES_BLOCK_SIZE]; @@ -12729,181 +12859,18 @@ static wc_test_ret_t aes_cbc_test(void) } #endif -#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -static wc_test_ret_t aesecb_test(void) +#if defined(WOLFSSL_AES_COUNTER) && defined(HAVE_AES_DECRYPT) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) { - wc_test_ret_t ret = 0; -#if defined(WOLFSSL_AES_256) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES); + Aes *enc = NULL; + Aes *dec = NULL; #else Aes enc[1]; -#endif - int enc_inited = 0; - byte cipher[AES_BLOCK_SIZE * 4]; -#ifdef HAVE_AES_DECRYPT -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#else Aes dec[1]; #endif - int dec_inited = 0; - byte plain[AES_BLOCK_SIZE * 4]; -#endif /* HAVE_AES_DECRYPT */ - - { - WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - ret = wc_AesInit(enc, HEAP_HINT, devId); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - enc_inited = 1; - #if defined(HAVE_AES_DECRYPT) - ret = wc_AesInit(dec, HEAP_HINT, devId); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec_inited = 1; - #endif - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#endif - -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - -#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) - XMEMSET(plain, 0, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); - ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE); - WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#endif -#endif /* HAVE_AES_DECRYPT */ - } - - out: -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#ifdef HAVE_AES_DECRYPT - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#endif -#else - if (enc_inited) - wc_AesFree(enc); -#ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); -#endif -#endif - -#endif /* WOLFSSL_AES_256 */ - - return ret; -} -#endif /* HAVE_AES_ECB */ - -#ifdef WOLFSSL_AES_COUNTER -static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) -{ + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; wc_test_ret_t ret = 0; /* test vectors from "Recommendation for Block Cipher Modes of @@ -13467,6 +13434,26 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) }; #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec)) + WOLFSSL_ENTER("aes_ctr_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + XMEMSET(enc, 0, sizeof(Aes)); + XMEMSET(dec, 0, sizeof(Aes)); + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + for (i = 0; i < AES_CTR_TEST_LEN; i++) { if (testVec[i].key != NULL) { ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz, @@ -13580,8 +13567,19 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ - out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif +#endif return ret; } #endif /* WOLFSSL_AES_COUNTER */ @@ -13590,8 +13588,9 @@ static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) { wc_test_ret_t ret = 0; - - WOLFSSL_SMALL_STACK_STATIC const byte key_128[] = "0123456789abcdef "; + /* keys padded to block size (16 bytes) */ + WOLFSSL_SMALL_STACK_STATIC const byte key_128[] = + "0123456789abcdef "; WOLFSSL_SMALL_STACK_STATIC const byte key_192[] = "0123456789abcdef01234567 "; WOLFSSL_SMALL_STACK_STATIC const byte key_256[] = @@ -13614,16 +13613,33 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) 0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82 }; + WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + int i; struct { const byte* key; int keySz; - const byte* iv; + const byte* iv; /* null uses 0's */ + const byte* plain; const byte* verify; } testVec[] = { - { key_128, 16, iv, verify_ecb_128 }, - { key_192, 24, iv, verify_ecb_192 }, - { key_256, 32, iv, verify_ecb_256 }, + { key_128, 16, iv, msg, verify_ecb_128 }, + { key_192, 24, iv, msg, verify_ecb_192 }, + { key_256, 32, iv, msg, verify_ecb_256 }, + { niKey, 32, NULL, niPlain, niCipher } }; #define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec)) @@ -13639,8 +13655,8 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE); + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + ret = wc_AesEcbEncrypt(enc, cipher, testVec[i].plain, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); #endif @@ -13651,14 +13667,14 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } #ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE * 4); + XMEMSET(plain, 0, AES_BLOCK_SIZE); ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + if (XMEMCMP(plain, testVec[i].plain, AES_BLOCK_SIZE)) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); #endif /* HAVE_AES_DECRYPT */ (void)dec; @@ -13668,121 +13684,192 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) out: return ret; } +#endif /* HAVE_AES_ECB */ + +#ifdef WOLFSSL_AES_DIRECT +static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) +{ + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aes_direct_test"); + +#if defined(WOLFSSL_AES_256) + { + WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + XMEMSET(cipher, 0, AES_BLOCK_SIZE); + ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(HAVE_SELFTEST) && \ + (defined(WOLFSSL_LINUXKM) || \ + !defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + ret = wc_AesEncryptDirect(enc, cipher, niPlain); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + wc_AesEncryptDirect(enc, cipher, niPlain); +#endif + if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, AES_BLOCK_SIZE); + ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(HAVE_SELFTEST) && \ + (defined(WOLFSSL_LINUXKM) || \ + !defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + ret = wc_AesDecryptDirect(dec, plain, niCipher); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + wc_AesDecryptDirect(dec, plain, niCipher); #endif + if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + } + (void)dec; + (void)plain; +#endif /* WOLFSSL_AES_256 */ -WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) +out: + return ret; +} +#endif /* WOLFSSL_AES_DIRECT */ + +#ifdef HAVE_AES_CBC + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) { -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES); + Aes *enc = NULL; #else Aes enc[1]; #endif - int enc_inited = 0; - byte cipher[AES_BLOCK_SIZE * 4]; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) +#ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); + Aes *dec = NULL; #else Aes dec[1]; #endif - int dec_inited = 0; +#endif + byte cipher[AES_BLOCK_SIZE * 4]; +#ifdef HAVE_AES_DECRYPT byte plain [AES_BLOCK_SIZE * 4]; -#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */ -#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ +#endif wc_test_ret_t ret = 0; -#ifdef HAVE_AES_CBC -#ifdef WOLFSSL_AES_128 - WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte verify[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb - }; - #ifdef HAVE_RENESAS_SYNC - const byte *key = - (byte*)guser_PKCbInfo.wrapped_key_aes128; - #else - WOLFSSL_SMALL_STACK_STATIC const - byte key[] = "0123456789abcdef "; /* align */ - #endif - WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */ - WOLFSSL_ENTER("aes_test"); + WOLFSSL_ENTER("aes_cbc_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_DIRECT) + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif -#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ - +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - enc_inited = 1; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) +#ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec_inited = 1; #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ -#ifdef HAVE_AES_ECB - ret = aes_ecb_test(enc, dec, cipher, plain); - if (ret != 0) - return ret; -#endif +#ifdef WOLFSSL_AES_128 + { + /* "Now is the time for all " w/o trailing 0 */ + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb + }; + #ifdef HAVE_RENESAS_SYNC + const byte *key = (byte*)guser_PKCbInfo.wrapped_key_aes128; + #else + /* padded to 16-byye */ + WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef "; + #endif + /* padded to 16-bytes */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; - ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#ifdef HAVE_AES_DECRYPT - ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#endif + ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - WOLFSSL_MSG("failed wc_AesCbcDecrypt"); - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - } + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, sizeof(plain)); + ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { + WOLFSSL_MSG("failed wc_AesCbcDecrypt"); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) { - WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare"); - ERROR_OUT(WC_TEST_RET_ENC_NC, out); - } -#endif /* HAVE_AES_DECRYPT */ - /* skipped because wrapped key use in case of renesas sm */ - #ifndef HAVE_RENESAS_SYNC - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) { - WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare"); - ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) { + WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif /* HAVE_AES_DECRYPT */ + /* skipped because wrapped key use in case of renesas sm */ + #ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) { + WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif } - #endif #endif /* WOLFSSL_AES_128 */ #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) @@ -13838,15 +13925,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20 }; - WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210"; + WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = + "0123456789abcdeffedcba9876543210"; + /* padded to 16-bytes */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; word32 keySz, msgSz; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); if ((bigCipher == NULL) || (bigPlain == NULL)) { XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); ERROR_OUT(WC_TEST_RET_ENC_NC, out); } #else @@ -14045,124 +14138,122 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, out); } #endif /* HAVE_AES_DECRYPT */ + + aes_cbc_oneshot_test(); } #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */ -#endif /* HAVE_AES_CBC */ -#ifdef WOLFSSL_AES_COUNTER - ret = aesctr_test(enc, dec, cipher, plain); - if (ret != 0) - return ret; + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif #endif -#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) - { - WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; + return ret; +} +#endif /* HAVE_AES_CBC */ - WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; +#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT) +static wc_test_ret_t aes_ecb_direct_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif +#if !defined(HAVE_AES_DECRYPT) || \ + (defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)) + Aes *dec = NULL; +#else + Aes dec[1]; +#endif + byte cipher[AES_BLOCK_SIZE]; + byte plain [AES_BLOCK_SIZE]; + wc_test_ret_t ret = 0; - WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; + WOLFSSL_ENTER("aes_ecb/direct_test"); - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#if !defined(HAVE_SELFTEST) && \ - (defined(WOLFSSL_LINUXKM) || \ - !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - ret = wc_AesEncryptDirect(enc, cipher, niPlain); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#else - wc_AesEncryptDirect(enc, cipher, niPlain); +#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif #endif - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#if !defined(HAVE_SELFTEST) && \ - (defined(WOLFSSL_LINUXKM) || \ - !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - ret = wc_AesDecryptDirect(dec, plain, niCipher); - if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#else - wc_AesDecryptDirect(dec, plain, niCipher); + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#endif /* HAVE_AES_DECRYPT */ - } -#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ - -#ifndef HAVE_RENESAS_SYNC - ret = aes_key_size_test(); +#else + ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) - goto out; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ - !defined(HAVE_RENESAS_SYNC) - ret = aes_cbc_test(); +#ifdef HAVE_AES_ECB + ret = aes_ecb_test(enc, dec, cipher, plain); if (ret != 0) - goto out; + return ret; #endif -#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - ret = aesecb_test(); +#ifdef WOLFSSL_AES_DIRECT + ret = aes_direct_test(enc, dec, cipher, plain); if (ret != 0) - goto out; + return ret; #endif out: -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); #else - if (enc_inited) - wc_AesFree(enc); + wc_AesFree(enc); + wc_AesFree(dec); #endif - (void)cipher; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#else - if (dec_inited) - wc_AesFree(dec); + + return ret; +} +#endif /* HAVE_AES_ECB || WOLFSSL_AES_DIRECT */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) +{ + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aes_test"); + +#ifndef HAVE_RENESAS_SYNC + ret = aes_key_size_test(); + if (ret != 0) + goto out; #endif - (void)plain; -#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_COUNTER */ -#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ +#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT) + ret = aes_ecb_direct_test(); + if (ret != 0) + return ret; +#endif + + out: return ret; } @@ -14235,7 +14326,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE]; #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -14245,9 +14335,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) #endif byte plain[AES_BLOCK_SIZE]; #endif -#ifdef HAVE_AES_DECRYPT - int dec_inited = 0; -#endif /* Test vectors from NIST Special Publication 800-38A, 2001 Edition * Appendix F.2.3 */ @@ -14275,24 +14362,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) WOLFSSL_ENTER("aes192_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#endif - + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) @@ -14328,25 +14419,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) #endif out: + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#ifdef HAVE_AES_DECRYPT - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); #endif -#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ - if (enc_inited) - wc_AesFree(enc); #ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); #endif #endif #endif /* HAVE_AES_CBC */ @@ -14364,7 +14447,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) #else Aes enc[1]; #endif - int enc_inited = 0; byte cipher[AES_BLOCK_SIZE]; #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -14372,7 +14454,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) #else Aes dec[1]; #endif - int dec_inited = 0; byte plain[AES_BLOCK_SIZE]; #endif #endif /* HAVE_AES_CBC */ @@ -14411,24 +14492,28 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) WOLFSSL_ENTER("aes256_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#ifdef HAVE_AES_DECRYPT - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif -#endif - + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - enc_inited = 1; -#ifdef HAVE_AES_DECRYPT + #ifdef HAVE_AES_DECRYPT ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - dec_inited = 1; -#endif + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION); if (ret != 0) @@ -14543,26 +14628,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#ifdef HAVE_AES_DECRYPT - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); #endif -#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ - if (enc_inited) - wc_AesFree(enc); #ifdef HAVE_AES_DECRYPT - if (dec_inited) - wc_AesFree(dec); -#endif /* HAVE_AES_DECRYPT */ -#endif /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif +#endif #endif /* HAVE_AES_CBC */ return ret; @@ -14578,7 +14654,6 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, byte* aad, int aadSz, byte* tag, int tagSz) { wc_test_ret_t ret; - int enc_inited = 0, dec_inited = 0; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *enc = NULL; Aes *dec = NULL; @@ -14591,27 +14666,27 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, byte resultP[AES_BLOCK_SIZE * 3]; byte resultC[AES_BLOCK_SIZE * 3]; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif - XMEMSET(resultT, 0, sizeof(resultT)); XMEMSET(resultC, 0, sizeof(resultC)); XMEMSET(resultP, 0, sizeof(resultP)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + XMEMSET(enc, 0, sizeof(Aes)); + XMEMSET(dec, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - enc_inited = 1; ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - else - dec_inited = 1; +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ ret = wc_AesGcmSetKey(enc, key, (word32)keySz); if (ret != 0) @@ -14690,21 +14765,11 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (enc) { - if (enc_inited) - wc_AesFree(enc); - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - } - if (dec) { - if (dec_inited) - wc_AesFree(dec); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); - } -#else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */ - if (enc_inited) - wc_AesFree(enc); - if (dec_inited) - wc_AesFree(dec); + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); +#else + wc_AesFree(enc); + wc_AesFree(dec); #endif return ret; @@ -14997,8 +15062,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) byte resultC[sizeof(p) + AES_BLOCK_SIZE]; wc_test_ret_t ret = 0; - int alen; - int plen; + int alen = 0; + int plen = 0; #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) byte buf[sizeof(p) + AES_BLOCK_SIZE]; byte bufA[sizeof(a) + 1]; @@ -15033,23 +15098,25 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif WOLFSSL_ENTER("aesgcm_test"); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); -#endif - XMEMSET(resultT, 0, sizeof(resultT)); XMEMSET(resultC, 0, sizeof(resultC)); XMEMSET(resultP, 0, sizeof(resultP)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_AesInit(dec, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif #ifdef WOLFSSL_AES_256 ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz); @@ -15623,9 +15690,6 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) #endif /* WOLFSSL_AES_256 */ #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */ - wc_AesFree(enc); - wc_AesFree(dec); - ret = 0; out: @@ -15637,10 +15701,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); +#else + wc_AesFree(enc); + wc_AesFree(dec); #endif return ret; @@ -15797,7 +15863,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void) static wc_test_ret_t aesccm_256_test(void) { - wc_test_ret_t ret; + wc_test_ret_t ret = 0; /* Test vectors from NIST AES CCM 256-bit CAST Example #1 */ WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, @@ -15819,15 +15885,14 @@ static wc_test_ret_t aesccm_256_test(void) byte atag[sizeof(exp_tag)]; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes* aes = (Aes*)XMALLOC(sizeof(Aes), HEAP_HINT, DYNAMIC_TYPE_AES); + Aes* aes = wc_AesNew(HEAP_HINT, devId, &ret); if (aes == NULL) { - return MEMORY_E; + ret = WC_TEST_RET_ENC_EC(ret); } #else Aes aes[1]; -#endif - ret = wc_AesInit(aes, HEAP_HINT, devId); +#endif if (ret == 0) { ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key)); } @@ -15860,10 +15925,10 @@ static wc_test_ret_t aesccm_256_test(void) } #endif - wc_AesFree(aes); - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, &aes); +#else + wc_AesFree(aes); #endif return ret; @@ -15877,7 +15942,7 @@ static wc_test_ret_t aesccm_128_test(void) { wc_test_ret_t ret; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes *enc; + Aes *enc = NULL; #else Aes enc[1]; #endif @@ -15971,19 +16036,20 @@ static wc_test_ret_t aesccm_128_test(void) byte tl2[sizeof(tl)]; byte t_empty2[sizeof(t_empty)]; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) - return WC_TEST_RET_ENC_ERRNO; -#endif - - XMEMSET(enc, 0, sizeof *enc); /* clear context */ XMEMSET(t2, 0, sizeof(t2)); XMEMSET(c2, 0, sizeof(c2)); XMEMSET(p2, 0, sizeof(p2)); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + XMEMSET(enc, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ ret = wc_AesCcmSetKey(enc, k, sizeof(k)); if (ret != 0) @@ -16020,14 +16086,13 @@ static wc_test_ret_t aesccm_128_test(void) if (XMEMCMP(p2, c2, sizeof(p2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif - wc_AesFree(enc); - XMEMSET(enc, 0, sizeof(Aes)); /* clear context */ XMEMSET(t2, 0, sizeof(t2)); XMEMSET(c2, 0, sizeof(c2)); XMEMSET(p2, 0, sizeof(p2)); XMEMSET(iv2, 0, sizeof(iv2)); + wc_AesFree(enc); ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -16149,13 +16214,14 @@ static wc_test_ret_t aesccm_128_test(void) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif - wc_AesFree(enc); - ret = 0; out: + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); #endif return ret; @@ -16543,8 +16609,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void) } #endif /* HAVE_AES_KEYWRAP */ +#endif /* !NO_AES */ -#endif /* NO_AES */ #ifdef HAVE_ARIA void printOutput(const char *strName, unsigned char *data, unsigned int dataSz) @@ -18145,7 +18211,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifdef WOLFSSL_CERT_GEN static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem"; #endif - #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7) + #if (defined(WOLFSSL_ALT_NAMES) && !defined(WOLFSSL_NO_MALLOC)) || \ + defined(HAVE_PKCS7) static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der"; #endif #ifdef HAVE_PKCS7 @@ -18190,7 +18257,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifndef NO_RSA static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der"; #endif - #ifndef NO_ASN_TIME + #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; #ifdef ENABLE_ECC384_CERT_GEN_TEST @@ -18246,7 +18313,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #ifndef NO_WRITE_TEMP_FILES #ifdef HAVE_ECC #ifndef NO_ECC_SECP - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem"; static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der"; #endif @@ -18268,7 +18336,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #endif /* HAVE_ECC */ #ifndef NO_RSA - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der"; static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der"; static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem"; @@ -18635,7 +18704,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void) #endif /* WOLFSSL_TEST_CERT */ #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN) + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void) { DecodedCert cert; @@ -18833,7 +18902,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void) return 0; } #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT && - !NO_FILESYSTEM && WOLFSSL_CERT_GEN */ + !NO_FILESYSTEM && !NO_RSA && WOLFSSL_CERT_GEN */ #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) @@ -20464,7 +20533,7 @@ static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key) } #endif /* WOLFSSL_HAVE_SP_RSA */ -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -21464,19 +21533,19 @@ static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) { wc_test_ret_t ret; - size_t bytes; + size_t bytes = 0; WC_RNG rng; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte* tmp = NULL; byte* der = NULL; - RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + RsaKey *key = NULL; #else RsaKey key[1]; byte tmp[FOURK_BUF]; #endif #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + RsaKey *keypub = NULL; #else RsaKey keypub[1]; #endif @@ -21519,35 +21588,46 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT); WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); + WOLFSSL_ENTER("rsa_test"); #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC if (in == NULL || out == NULL || plain == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); #endif XMEMCPY(in, inStr, inLen); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + key = wc_NewRsaKey(HEAP_HINT, devId, &ret); if (key == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) + keypub = wc_NewRsaKey(HEAP_HINT, devId, &ret); if (keypub == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif #ifdef WOLFSSL_TEST_CERT if (cert == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); #endif -#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ - /* initialize stack structures */ - XMEMSET(&rng, 0, sizeof(rng)); - XMEMSET(key, 0, sizeof *key); +#else /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */ + + ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - XMEMSET(keypub, 0, sizeof *keypub); + ret = wc_InitRsaKey_ex(keypub, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif +#endif /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */ + + /* initialize stack structures */ + XMEMSET(&rng, 0, sizeof(rng)); + #if !defined(NO_ASN) ret = rsa_decode_test(key); if (ret != 0) @@ -21817,7 +21897,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) ret = rsa_oaep_padding_test(key, &rng); if (ret != 0) - return ret; + goto exit_rsa; #endif /* !HAVE_FIPS */ #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */ @@ -21827,14 +21907,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) && !defined(WOLFSSL_RSA_VERIFY_ONLY) ret = rsa_export_key_test(key); if (ret != 0) - return ret; + goto exit_rsa; #endif #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ !defined(WOLFSSL_RSA_VERIFY_ONLY) ret = rsa_flatten_test(key); if (ret != 0) - return ret; + goto exit_rsa; #endif #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \ @@ -21947,7 +22027,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) goto exit_rsa; #endif -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) /* Make Cert / Sign example for RSA cert and RSA CA */ ret = rsa_certgen_test(key, keypub, &rng, tmp); if (ret != 0) @@ -22096,16 +22177,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) exit_rsa: -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (key != NULL) { - wc_FreeRsaKey(key); - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_DeleteRsaKey(key, &key); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - if (keypub != NULL) { - wc_FreeRsaKey(keypub); - XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } + wc_DeleteRsaKey(keypub, &keypub); #endif #ifdef WOLFSSL_TEST_CERT XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -22759,7 +22834,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void) { wc_test_ret_t ret; word32 bytes; - word32 idx = 0, privSz, pubSz, privSz2, pubSz2; + word32 idx = 0; + word32 privSz = 0; + word32 pubSz = 0; + word32 privSz2 = 0; + word32 pubSz2 = 0; #ifndef WC_NO_RNG WC_RNG rng; int rngInit = 0; @@ -24572,8 +24651,8 @@ static wc_test_ret_t openssl_aes_test(void) return 0; } +#endif /* !NO_AES && !WOLFCRYPT_ONLY */ -#endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) { @@ -25787,7 +25866,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) #endif } #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ -#endif /* ifndef NO_AES */ +#endif /* !NO_AES && !WOLFCRYPT_ONLY */ return 0; } @@ -32553,7 +32632,8 @@ static int test_sm2_verify(void) #endif /* WOLFSSL_SM2 */ -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) /* Make Cert / Sign example for ECC cert and ECC CA */ static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng) @@ -33590,7 +33670,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) #elif defined(HAVE_ECC_KEY_IMPORT) (void)ecc_test_make_pub; /* for compiler warning */ #endif -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME) +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) ret = ecc_test_cert_gen(&rng); if (ret != 0) { printf("ecc_test_cert_gen failed!\n"); @@ -33625,7 +33706,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) +#if !defined(WOLFSSL_NO_MALLOC) + #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3)) +/* maximum encrypted message: + * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */ +#define MAX_ECIES_TEST_SZ 200 static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -33633,9 +33719,9 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) byte* encrypted; byte* decrypted; #else - byte plaintext[128]; - byte encrypted[128]; - byte decrypted[128]; + byte plaintext[MAX_ECIES_TEST_SZ]; + byte encrypted[MAX_ECIES_TEST_SZ]; + byte decrypted[MAX_ECIES_TEST_SZ]; #endif ecEncCtx* aCtx = NULL; ecEncCtx* bCtx = NULL; @@ -33644,25 +33730,37 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) wc_test_ret_t ret = 0; static const char message[] = "Hello wolfSSL!"; word32 plaintextLen; - word32 encryptLen = 128; - word32 decryptLen = 128; + word32 encryptLen = MAX_ECIES_TEST_SZ; + word32 decryptLen = MAX_ECIES_TEST_SZ; + int aInit = 0; + int bInit = 0; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - plaintext = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - encrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - decrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + plaintext = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + encrypted = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + decrypted = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif wc_ecc_free(a); wc_ecc_free(b); ret = wc_ecc_init(a); - if (ret != 0) + if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); + } + else { + aInit = 1; + } + + if (ret == 0) { ret = wc_ecc_init(b); - if (ret != 0) + if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); + } + else { + bInit = 1; + } } if (ret == 0) @@ -33699,7 +33797,7 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) ret = 10473; } - XMEMSET(plaintext, 0, 128); + XMEMSET(plaintext, 0, MAX_ECIES_TEST_SZ); XSTRLCPY((char *)plaintext, message, sizeof plaintext); plaintextLen = (((word32)XSTRLEN(message) + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; @@ -33724,8 +33822,13 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0) ret = WC_TEST_RET_ENC_NC; - wc_ecc_free(a); - wc_ecc_free(b); + if (aInit) { + wc_ecc_free(a); + } + + if (bInit) { + wc_ecc_free(b); + } wc_ecc_ctx_free(aCtx); wc_ecc_ctx_free(bCtx); @@ -33740,6 +33843,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) } #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ +#endif /* !WOLFSSL_NO_MALLOC */ + /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in * wolfFIPS 5.3. * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test(). @@ -33982,6 +34087,7 @@ static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng) } #endif +#ifndef WOLFSSL_NO_MALLOC static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB, byte encAlgo, byte kdfAlgo, byte macAlgo) { @@ -34250,6 +34356,7 @@ static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* return ret; } +#endif #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ @@ -34325,7 +34432,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) #ifdef WOLFSSL_AES_128 if (ret == 0) { ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC, @@ -34361,7 +34468,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) } #endif #endif -#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && !defined(WOLFSSL_NO_MALLOC) #ifdef WOLFSSL_AES_128 if (ret == 0) { ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR, @@ -34381,7 +34488,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) } #endif #endif /* !NO_AES && WOLFSSL_AES_COUNTER */ -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) if (ret == 0) { ret = ecc_ctx_kdf_salt_test(&rng, userA, userB); } @@ -34954,7 +35061,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) byte exportBuf[32]; #endif word32 x = 0; - curve25519_key userA, userB, pubKey; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + curve25519_key *userA = NULL, *userB = NULL, *pubKey = NULL; +#else + curve25519_key userA[1], userB[1], pubKey[1]; +#endif #if defined(HAVE_CURVE25519_SHARED_SECRET) && \ defined(HAVE_CURVE25519_KEY_IMPORT) @@ -35006,6 +35117,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) (void)x; WOLFSSL_ENTER("curve25519_test"); + /* wc_FreeRng is always called on exit. Therefore wc_InitRng should be + * called before any exit goto's */ #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else @@ -35014,52 +35127,64 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - wc_curve25519_init_ex(&userA, HEAP_HINT, devId); - wc_curve25519_init_ex(&userB, HEAP_HINT, devId); - wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + userA = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + userB = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + pubKey = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); +#else + wc_curve25519_init_ex(userA, HEAP_HINT, devId); + wc_curve25519_init_ex(userB, HEAP_HINT, devId); + wc_curve25519_init_ex(pubKey, HEAP_HINT, devId); +#endif /* make curve25519 keys */ - ret = wc_curve25519_make_key(&rng, 32, &userA); + ret = wc_curve25519_make_key(&rng, 32, userA); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); - ret = wc_curve25519_make_key(&rng, 32, &userB); + ret = wc_curve25519_make_key(&rng, 32, userB); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #ifdef HAVE_CURVE25519_SHARED_SECRET /* find shared secret key */ x = sizeof(sharedA); - if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) { + if ((ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x)) != 0) { printf("wc_curve25519_shared_secret 1 failed\n"); - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } y = sizeof(sharedB); - if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) { + if ((ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y)) != 0) { printf("wc_curve25519_shared_secret 2 failed\n"); - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } /* compare shared secret keys to test they are the same */ if (y != x) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); if (XMEMCMP(sharedA, sharedB, x)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); #endif #ifdef HAVE_CURVE25519_KEY_EXPORT /* export a public key and import it for another user */ x = sizeof(exportBuf); - ret = wc_curve25519_export_public(&userA, exportBuf, &x); + ret = wc_curve25519_export_public(userA, exportBuf, &x); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #ifdef HAVE_CURVE25519_KEY_IMPORT - ret = wc_curve25519_import_public(exportBuf, x, &pubKey); + ret = wc_curve25519_import_public(exportBuf, x, pubKey); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #endif #endif @@ -35068,97 +35193,105 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) /* test shared key after importing a public key */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) { - return WC_TEST_RET_ENC_NC; + if (wc_curve25519_shared_secret(userB, pubKey, sharedB, &y) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); } if (XMEMCMP(sharedA, sharedB, y)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); /* import RFC test vectors and compare shared key */ ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), - &userA); + userA); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), - &userB); + userB); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); /* test against known test vector */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); - ret = wc_curve25519_shared_secret(&userA, &userB, sharedB, &y); + ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(ss, sharedB, y)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); /* test swapping roles of keys and generating same shared key */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); - ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y); + ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(ss, sharedB, y)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); /* test with 1 generated key and 1 from known test vector */ ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), - &userA); + userA); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); - wc_curve25519_free(&userB); - wc_curve25519_init_ex(&userB, HEAP_HINT, devId); + wc_curve25519_free(userB); + wc_curve25519_init_ex(userB, HEAP_HINT, devId); - ret = wc_curve25519_make_key(&rng, 32, &userB); + ret = wc_curve25519_make_key(&rng, 32, userB); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); x = sizeof(sharedA); - ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x); + ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); y = sizeof(sharedB); - ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y); + ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); /* compare shared secret keys to test they are the same */ if (y != x) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); if (XMEMCMP(sharedA, sharedB, x)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); ret = curve25519_overflow_test(); if (ret != 0) - return ret; + goto cleanup; ret = curve25519_check_public_test(); if (ret != 0) - return ret; + goto cleanup; #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \ defined(HAVE_CURVE25519_KEY_IMPORT) ret = curve255519_der_test(); if (ret != 0) - return ret; + goto cleanup; #endif +cleanup: + /* clean up keys when done */ - wc_curve25519_free(&pubKey); - wc_curve25519_free(&userB); - wc_curve25519_free(&userA); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_curve25519_delete(pubKey, &pubKey); + wc_curve25519_delete(userB, &userB); + wc_curve25519_delete(userA, &userA); +#else + wc_curve25519_free(pubKey); + wc_curve25519_free(userB); + wc_curve25519_free(userA); +#endif wc_FreeRng(&rng); - return 0; + return ret; } #endif /* HAVE_CURVE25519 */ @@ -35677,8 +35810,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #endif /* HAVE_ED25519_VERIFY */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ word32 keySz, sigSz; - ed25519_key key; - ed25519_key key2; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ed25519_key* key = NULL; + ed25519_key* key2 = NULL; +#else + ed25519_key key[1]; + ed25519_key key2[1]; +#endif + #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ defined(HAVE_ED25519_KEY_IMPORT) @@ -36059,8 +36199,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) #endif /* NO_ASN */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) - ed25519_key key3; + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ed25519_key* key3 = NULL; + #else + ed25519_key key3[1]; + #endif #endif + WOLFSSL_ENTER("ed25519_test"); /* create ed25519 keys */ @@ -36072,19 +36217,34 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - wc_ed25519_init_ex(&key, HEAP_HINT, devId); - wc_ed25519_init_ex(&key2, HEAP_HINT, devId); -#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) - wc_ed25519_init_ex(&key3, HEAP_HINT, devId); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + key = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + key2 = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) + key3 = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + #endif +#else + wc_ed25519_init_ex(key, HEAP_HINT, devId); + wc_ed25519_init_ex(key2, HEAP_HINT, devId); + #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) + wc_ed25519_init_ex(key3, HEAP_HINT, devId); + #endif #endif + #ifdef HAVE_ED25519_MAKE_KEY - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2); + wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key); + wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key2); #endif /* helper functions for signature and key size */ - keySz = (word32)wc_ed25519_size(&key); - sigSz = (word32)wc_ed25519_sig_size(&key); + keySz = (word32)wc_ed25519_size(key); + sigSz = (word32)wc_ed25519_sig_size(key); #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ defined(HAVE_ED25519_KEY_IMPORT) @@ -36093,71 +36253,71 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) XMEMSET(out, 0, sizeof(out)); if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], - pKeySz[i], &key) != 0) - return WC_TEST_RET_ENC_I(i); + pKeySz[i], key) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0) - return WC_TEST_RET_ENC_I(i); + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (XMEMCMP(out, sigs[i], 64)) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key) != 0 || verify != 1) - return WC_TEST_RET_ENC_I(i); + key) != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #ifdef WOLFSSL_ED25519_STREAMING_VERIFY /* test verify on good msg using streaming interface directly */ if (wc_ed25519_verify_msg_init(out, outlen, - &key, (byte)Ed25519, NULL, 0) != 0) - return WC_TEST_RET_ENC_I(i); + key, (byte)Ed25519, NULL, 0) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); for (j = 0; j < msgSz[i]; j += i) { - if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0) - return WC_TEST_RET_ENC_I(i); + if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); } if (wc_ed25519_verify_msg_final(out, outlen, &verify, - &key) != 0 || verify != 1) - return WC_TEST_RET_ENC_I(i); + key) != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ /* test verify on bad msg */ out[outlen-1] = out[outlen-1] + 1; if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key) == 0 || verify == 1) - return WC_TEST_RET_ENC_I(i); + key) == 0 || verify == 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #endif /* HAVE_ED25519_VERIFY */ /* test api for import/exporting keys */ exportPSz = sizeof(exportPKey); exportSSz = sizeof(exportSKey); - if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0) - return WC_TEST_RET_ENC_I(i); + if (wc_ed25519_export_public(key, exportPKey, &exportPSz) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); - if (wc_ed25519_import_public_ex(exportPKey, exportPSz, &key2, 1) != 0) - return WC_TEST_RET_ENC_I(i); + if (wc_ed25519_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); - if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0) - return WC_TEST_RET_ENC_I(i); + if (wc_ed25519_export_private_only(key, exportSKey, &exportSSz) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (wc_ed25519_import_private_key(exportSKey, exportSSz, - exportPKey, exportPSz, &key2) != 0) - return WC_TEST_RET_ENC_I(i); + exportPKey, exportPSz, key2) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); /* clear "out" buffer and test sign with imported keys */ outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0) - return WC_TEST_RET_ENC_I(i); + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key2) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #if defined(HAVE_ED25519_VERIFY) if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key2) != 0 || verify != 1) - return WC_TEST_RET_ENC_I(i); + key2) != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (XMEMCMP(out, sigs[i], 64)) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #endif /* HAVE_ED25519_VERIFY */ } @@ -36209,130 +36369,141 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) }; ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE, - pKeys[0], pKeySz[0], &key); + pKeys[0], pKeySz[0], key); if (ret != 0) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0], - &verify, &key); + &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0], - &verify, &key); + &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0], - &verify, &key); + &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0], - &verify, &key); + &verify, key); if (ret != WC_NO_ERR_TRACE(SIG_VERIFY_E)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } ret = ed25519ctx_test(); if (ret != 0) - return ret; + goto cleanup; ret = ed25519ph_test(); if (ret != 0) - return ret; + goto cleanup; #ifndef NO_ASN /* Try ASN.1 encoded private-only key and public key. */ idx = 0; - ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3, + ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, key3, sizeof(privateEd25519)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); idx = 0; - if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3, + if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, key3, sizeof(badPrivateEd25519)) == 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); - ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3); + ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); /* try with a buffer size that is too large */ idx = 0; - if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3, + if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, key3, sizeof(badPublicEd25519)) == 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); idx = 0; - ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3, + ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, key3, sizeof(publicEd25519)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); - ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3); + ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(out, sigs[0], 64)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ - ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3); + ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3); if (ret != 0 || verify != 1) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #endif /* HAVE_ED25519_VERIFY */ - wc_ed25519_free(&key3); - wc_ed25519_init(&key3); + wc_ed25519_free(key3); + wc_ed25519_init_ex(key3, HEAP_HINT, devId); idx = 0; - ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3, + ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3, sizeof(privPubEd25519)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); - ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3); + ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(out, sigs[0], 64)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); - wc_ed25519_free(&key3); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_ed25519_delete(key3, &key3); +#else + wc_ed25519_free(key3); +#endif #endif /* NO_ASN */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ - /* clean up keys when done */ - wc_ed25519_free(&key); - wc_ed25519_free(&key2); - -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) - wc_FreeRng(&rng); -#endif - - /* hush warnings of unused keySz and sigSz */ - (void)keySz; - (void)sigSz; - ret = ed25519_test_check_key(); if (ret < 0) - return ret; + goto cleanup; #ifdef WOLFSSL_TEST_CERT ret = ed25519_test_cert(); if (ret < 0) - return ret; + goto cleanup; #if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY) ret = ed25519_test_make_cert(); if (ret < 0) - return ret; + goto cleanup; #endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_TEST_CERT */ - return 0; +cleanup: + + /* clean up keys when done */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_ed25519_delete(key, &key); + wc_ed25519_delete(key2, &key2); +#else + wc_ed25519_free(key); + wc_ed25519_free(key2); +#endif + +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + wc_FreeRng(&rng); +#endif + + /* hush warnings of unused keySz and sigSz */ + (void)keySz; + (void)sigSz; + + return ret; } #endif /* HAVE_ED25519 */ @@ -37781,15 +37952,20 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) /* test api for import/exporting keys */ { - byte *exportPKey = NULL; - byte *exportSKey = NULL; word32 exportPSz = ED448_KEY_SIZE; word32 exportSSz = ED448_KEY_SIZE; +#ifdef WOLFSSL_NO_MALLOC + byte exportPKey[exportPSz]; + byte exportSKey[exportSSz]; +#else + byte *exportPKey = NULL; + byte *exportSKey = NULL; exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if ((exportPKey == NULL) || (exportSKey == NULL)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif ret = 0; @@ -37825,8 +38001,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) } } while(0); + #ifndef WOLFSSL_NO_MALLOC XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif if (ret != 0) goto out; @@ -42117,9 +42295,12 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, { byte msg[512]; dilithium_key* key; + byte * pubExported = NULL; wc_test_ret_t ret; int i; int res = 0; + word32 lenExported = pubKeyLen; + int n_diff = 0; key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -42127,6 +42308,12 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); } + pubExported = (byte*)XMALLOC(pubKeyLen, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (pubExported == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + /* make dummy msg */ for (i = 0; i < (int)sizeof(msg); i++) { msg[i] = (byte)i; @@ -42160,9 +42347,27 @@ static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (res != 1) ERROR_OUT(WC_TEST_RET_ENC_EC(res), out); + + /* Now test the export pub raw API, verify we recover the original pub. */ + ret = wc_dilithium_export_public(key, pubExported, &lenExported); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + if (lenExported <= 0 || lenExported != pubKeyLen) { + ERROR_OUT(WC_TEST_RET_ENC_EC(lenExported), out); + } + + n_diff = XMEMCMP(pubExported, pubKey, pubKeyLen); + + if (n_diff) { + ERROR_OUT(WC_TEST_RET_ENC_EC(n_diff), out); + } + out: wc_dilithium_free(key); XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubExported, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -46037,7 +46242,11 @@ static int lms_read_key_mem(byte * priv, word32 privSz, void *context) /* LMS signature sizes are a function of their parameters. This * test has a signature of 8688 bytes. */ +#ifndef WOLFSSL_NO_LMS_SHA256_256 #define WC_TEST_LMS_SIG_LEN (8688) +#else +#define WC_TEST_LMS_SIG_LEN (4984) +#endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) { @@ -46180,8 +46389,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) -#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10)) || \ - defined(HAVE_LIBLMS) +#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) /* A simple LMS verify only test. * @@ -48956,7 +49165,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) return ret; } -#endif /* NO_AES && WOLFSSL_CMAC */ +#endif /* !NO_AES && WOLFSSL_CMAC */ #if defined(WOLFSSL_SIPHASH) @@ -50214,7 +50423,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; -#endif /* NO_AES */ +#endif /* !NO_AES */ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ !defined(NO_SHA) @@ -50847,7 +51056,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; -#endif /* NO_AES */ +#endif /* !NO_AES */ #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) /* encryption key for kekri recipient types */ @@ -50946,12 +51155,12 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_IANDS.der"); #endif - #else /* NO_AES || !HAVE_AESGCM */ + #else (void)rsaCert; (void)rsaCertSz; (void)rsaPrivKey; (void)rsaPrivKeySz; - #endif /* NO_AES || !HAVE_AESGCM */ + #endif /* !NO_AES && !HAVE_AESGCM */ #endif /* key agreement key encryption technique*/ @@ -51033,7 +51242,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer 0, 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"); #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* NO_AES */ + #endif /* !NO_AES && HAVE_AESGCM */ #endif /* kekri (KEKRecipientInfo) recipient types */ @@ -56169,16 +56378,24 @@ static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC /* a = 2^(bits*2) - 1 */ mp_zero(a); mp_set_bit(a, bits[i] * 2); - mp_sub_d(a, 1, a); + ret = mp_sub_d(a, 1, a); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + /* m = 2^(bits) - 1 */ mp_zero(m); mp_set_bit(m, bits[i]); - mp_sub_d(m, 1, m); + ret = mp_sub_d(m, 1, m); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + mp = 1; /* result = r = 2^(bits) - 1 */ mp_zero(r); mp_set_bit(r, bits[i]); - mp_sub_d(r, 1, r); + ret = mp_sub_d(r, 1, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); ret = mp_montgomery_reduce(a, m, mp); if (ret != MP_OKAY) @@ -56853,7 +57070,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void) #endif /* WOLFSSL_PUBLIC_MP */ -#ifdef ASN_BER_TO_DER +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) /* wc_BerToDer is only public facing in the case of test cert or opensslextra */ typedef struct berDerTestData { const byte *in; @@ -56969,7 +57188,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void) return 0; } -#endif /* ASN_BER_TO_DER */ +#endif /* ASN_BER_TO_DER && (WOLFSSL_TEST_CERT || OPENSSL_EXTRA || + OPENSSL_EXTRA_X509_SMALL */ #ifdef DEBUG_WOLFSSL static THREAD_LS_T int log_cnt = 0; diff --git a/wolfssl-VS2022.vcxproj b/wolfssl-VS2022.vcxproj new file mode 100644 index 0000000000..7c011bbc70 --- /dev/null +++ b/wolfssl-VS2022.vcxproj @@ -0,0 +1,578 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Debug + ARM64 + + + DLL Debug + Win32 + + + DLL Debug + x64 + + + DLL Debug + ARM64 + + + DLL Release + Win32 + + + DLL Release + x64 + + + DLL Release + ARM64 + + + Release + Win32 + + + Release + x64 + + + Release + ARM64 + + + + {12226DBE-7278-4DFA-A119-5A0294CF0B33} + wolfssl + Win32Proj + wolfssl + + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + false + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;./IDE/WIN;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + + + + true + true + true + true + true + true + + + + + + diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index f61c78650a..31307806fd 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -115,7 +115,7 @@ enum wolfSSL_ErrorCodes { COOKIE_ERROR = -369, /* dtls cookie error */ SEQUENCE_ERROR = -370, /* dtls sequence error */ SUITES_ERROR = -371, /* suites pointer error */ - + MAX_CERT_EXTENSIONS_ERR = -372, /* max cert extension exceeded */ OUT_OF_ORDER_E = -373, /* out of order message */ BAD_KEA_TYPE_E = -374, /* bad KEA type found */ SANITY_CIPHER_E = -375, /* sanity check on cipher error */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index d3a03e1d4b..c62ef351c9 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2024,6 +2024,22 @@ enum Misc { #define MAX_CHAIN_DEPTH 9 #endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + #if !defined(HAVE_OCSP) + #error OCSP Stapling and Stapling V2 needs OCSP. Please define HAVE_OCSP. + #endif +#endif + +/* Max certificate extensions in TLS1.3 */ +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + /* Number of extensions to set each OCSP response */ + #define MAX_CERT_EXTENSIONS (1 + MAX_CHAIN_DEPTH) +#else + /* Only empty extensions */ + #define MAX_CERT_EXTENSIONS 1 +#endif + /* max size of a certificate message payload */ /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ #ifndef MAX_CERTIFICATE_SZ @@ -2071,18 +2087,9 @@ enum Misc { #define MAX_ENCRYPT_SZ ENCRYPT_LEN -/* A static check to assert a relation between x and y */ -#define WOLFSSL_ASSERT_TEST(x, y, op) do { \ - typedef char _args_test_[(x) op (y) ? 1 : -1]; \ - (void)sizeof(_args_test_); \ -} while(0) - -#define WOLFSSL_ASSERT_EQ(x, y) WOLFSSL_ASSERT_TEST(x, y, ==) - -#define WOLFSSL_ASSERT_SIZEOF_TEST(x, y, op) \ - WOLFSSL_ASSERT_TEST(sizeof(x), sizeof(y), op) +#define WOLFSSL_ASSERT_EQ(x, y) wc_static_assert((x) == (y)) -#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) WOLFSSL_ASSERT_SIZEOF_TEST(x, y, >=) +#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) wc_static_assert(sizeof(x) >= sizeof(y)) /* states. Adding state before HANDSHAKE_DONE will break session importing */ enum states { @@ -2249,9 +2256,13 @@ WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync); WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz); -WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str, word32 strLen); +WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, + const char* str, word32 strLen, + unsigned int flags); #if !defined(NO_CERTS) && !defined(NO_ASN) -WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, int* checkCN); +WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, + word32 domainLen, int* checkCN, + unsigned int flags); WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc); WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType); #endif @@ -2745,6 +2756,8 @@ WOLFSSL_LOCAL int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, WOLFSSL_LOCAL void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store, WOLFSSL* ssl, void* heap, int x509Free); #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ +WOLFSSL_LOCAL int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, + byte *buf, word32 bufLen, int type); #endif /* !defined NO_CERTS */ /* wolfSSL Sock Addr */ @@ -2909,8 +2922,8 @@ typedef struct Keys { byte encryptionOn; /* true after change cipher spec */ byte decryptedCur; /* only decrypt current record once */ #ifdef WOLFSSL_TLS13 - byte updateResponseReq:1; /* KeyUpdate response from peer required. */ - byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ + byte updateResponseReq; /* KeyUpdate response from peer required. */ + byte keyUpdateRespond; /* KeyUpdate is to be responded to. */ #endif #ifdef WOLFSSL_RENESAS_TSIP_TLS @@ -3274,10 +3287,11 @@ typedef struct { byte options; WOLFSSL* ssl; union { - OcspRequest ocsp; + OcspRequest ocsp[MAX_CERT_EXTENSIONS]; } request; + word16 requests; #ifdef WOLFSSL_TLS13 - buffer response; + buffer responses[MAX_CERT_EXTENSIONS]; #endif } CertificateStatusRequest; @@ -3286,12 +3300,25 @@ WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, #ifndef NO_CERTS WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap); +WOLFSSL_LOCAL int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, + void* heap, int idx); #endif WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); +WOLFSSL_LOCAL word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, + byte isRequest, + int idx); +WOLFSSL_LOCAL int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output, + byte isRequest, int idx); +WOLFSSL_LOCAL void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx); #endif - +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +WOLFSSL_LOCAL int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, + DecodedCert* cert, byte* certData, word32 length, + byte *ctxOwnsRequest); +#endif /** Certificate Status Request v2 - RFC 6961 */ #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 @@ -4719,10 +4746,34 @@ enum AcceptStateTls13 { TLS13_TICKET_SENT }; +#ifdef WOLFSSL_THREADED_CRYPT + +#include + +typedef struct ThreadCrypt { + Ciphers encrypt; + bufferStatic buffer; + unsigned char nonce[AESGCM_NONCE_SZ]; + unsigned char additional[AEAD_AUTH_DATA_SZ]; + int init; + int offset; + int cryptLen; + int done; + int avail; + int stop; + WOLFSSL_THREAD_SIGNAL signal; + void* signalCtx; +} ThreadCrypt; + +#endif + /* buffers for struct WOLFSSL */ typedef struct Buffers { bufferStatic inputBuffer; bufferStatic outputBuffer; +#ifdef WOLFSSL_THREADED_CRYPT + ThreadCrypt encrypt[WOLFSSL_THREADED_CRYPT_CNT]; +#endif buffer domainName; /* for client check */ buffer clearOutputBuffer; buffer sig; /* signature data */ @@ -4771,7 +4822,7 @@ typedef struct Buffers { /* chain after self, in DER, with leading size for each cert */ #ifdef WOLFSSL_TLS13 int certChainCnt; - DerBuffer* certExts; + DerBuffer* certExts[MAX_CERT_EXTENSIONS]; #endif #endif #ifdef WOLFSSL_SEND_HRR_COOKIE @@ -4876,7 +4927,6 @@ struct Options { word16 tls:1; /* using TLS ? */ word16 tls1_1:1; /* using TLSv1.1+ ? */ word16 tls1_3:1; /* using TLSv1.3+ ? */ - word16 seenUnifiedHdr:1; /* received msg with unified header */ word16 dtls:1; /* using datagrams ? */ #ifdef WOLFSSL_DTLS word16 dtlsStateful:1; /* allow stateful processing ? */ @@ -4885,7 +4935,6 @@ struct Options { word16 isClosed:1; /* if we consider conn closed */ word16 closeNotify:1; /* we've received a close notify */ word16 sentNotify:1; /* we've sent a close notify */ - word16 shutdownDone:1; /* we've completed a shutdown */ word16 usingCompression:1; /* are we using compression */ word16 haveRSA:1; /* RSA available */ word16 haveECC:1; /* ECC available */ @@ -4933,7 +4982,6 @@ struct Options { #endif word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ word16 dtlsHsRetain:1; /* DTLS retaining HS data */ - word16 haveMcast:1; /* using multicast ? */ #ifdef WOLFSSL_SCTP word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ #endif @@ -4986,8 +5034,6 @@ struct Options { word16 buildArgsSet:1; /* buildArgs are set and need to * be free'd */ #endif - word16 buildingMsg:1; /* If set then we need to re-enter the - * handshake logic. */ #ifdef WOLFSSL_DTLS13 word16 dtls13SendMoreAcks:1; /* Send more acks during the * handshake process */ @@ -5014,6 +5060,14 @@ struct Options { #if defined(HAVE_DANE) word16 useDANE:1; #endif /* HAVE_DANE */ +#ifdef WOLFSSL_DTLS + byte haveMcast; /* using multicast ? */ +#endif + byte buildingMsg; /* If set then we need to re-enter the + * handshake logic. */ + byte seenUnifiedHdr; /* received msg with unified header */ + byte shutdownDone; /* we've completed a shutdown */ + byte sendKeyUpdate; /* Key Update to write */ #if defined(HAVE_RPK) RpkConfig rpkConfig; RpkState rpkState; @@ -5372,7 +5426,8 @@ struct WOLFSSL_X509_ACERT { #ifndef NO_CERTS DerBuffer * derCert; #endif - void* heap; + void * heap; + int dynamic; /* whether struct was dynamically allocated */ /* copy of raw Attributes field from */ byte holderSerial[EXTERNAL_SERIAL_SIZE]; int holderSerialSz; @@ -5652,14 +5707,17 @@ typedef struct Dtls13RecordNumber { } Dtls13RecordNumber; typedef struct Dtls13Rtx { - enum Dtls13RtxFsmState state; +#ifdef WOLFSSL_RW_THREADED + wolfSSL_Mutex mutex; +#endif + enum Dtls13RtxFsmState state; /* Unused? */ Dtls13RtxRecord *rtxRecords; Dtls13RtxRecord **rtxRecordTailPtr; Dtls13RecordNumber *seenRecords; word32 lastRtx; - byte triggeredRtxs; - byte sendAcks:1; - byte retransmit:1; + byte triggeredRtxs; /* Unused? */ + byte sendAcks; + byte retransmit; } Dtls13Rtx; #endif /* WOLFSSL_DTLS13 */ @@ -5937,10 +5995,10 @@ struct WOLFSSL { /* used to store the message if it needs to be fragmented */ buffer dtls13FragmentsBuffer; byte dtls13SendingFragments:1; - byte dtls13SendingAckOrRtx:1; + byte dtls13SendingAckOrRtx; byte dtls13FastTimeout:1; - byte dtls13WaitKeyUpdateAck:1; - byte dtls13DoKeyUpdate:1; + byte dtls13WaitKeyUpdateAck; + byte dtls13DoKeyUpdate; word32 dtls13MessageLength; word32 dtls13FragOffset; byte dtls13FragHandshakeType; @@ -6040,6 +6098,9 @@ struct WOLFSSL { char* url; #endif #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + word32 response_idx; +#endif #endif #ifdef HAVE_NETX NetX_Ctx nxCtx; /* NetX IO Context */ @@ -6261,7 +6322,7 @@ WOLFSSL_API void SSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ #ifndef NO_ASN WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName, - size_t domainNameLen); + size_t domainNameLen, unsigned int flags); #endif #endif @@ -6394,6 +6455,9 @@ WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk, WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len); #endif /* HAVE_SESSION_TICKET */ WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz); +#ifdef WOLFSSL_THREADED_CRYPT +WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl); +#endif #ifdef WOLFSSL_TLS13 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType); #endif @@ -6598,6 +6662,10 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl); #endif /* NO_WOLFSSL_SERVER */ +#ifdef WOLFSSL_TLS13 + WOLFSSL_LOCAL int SendTls13KeyUpdate(WOLFSSL* ssl); +#endif + #ifdef WOLFSSL_DTLS WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap); WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap); @@ -6744,6 +6812,9 @@ enum encrypt_side { ENCRYPT_AND_DECRYPT_SIDE }; +WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, + CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng, + int tls13); WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side); /* Set*Internal and Set*External functions */ @@ -6904,6 +6975,7 @@ WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output, enum HandShakeType msg_type, word32 length); #define EE_MASK (0x3) WOLFSSL_LOCAL int Dtls13FragmentsContinue(WOLFSSL* ssl); +WOLFSSL_LOCAL int DoDtls13KeyUpdateAck(WOLFSSL* ssl); WOLFSSL_LOCAL int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, word32* processedSize); WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits, @@ -7044,6 +7116,12 @@ WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len, int addHdr); #endif +WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, + word32* keySz); +WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, + word32* keySz); + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 6c0373630a..a3afd61ff4 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -150,6 +150,7 @@ WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); +WOLFSSL_API int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); @@ -254,6 +255,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_lshift wolfSSL_BN_lshift #define BN_add_word wolfSSL_BN_add_word +#define BN_mul_word wolfSSL_BN_mul_word #define BN_sub_word wolfSSL_BN_sub_word #define BN_add wolfSSL_BN_add #define BN_mod_add wolfSSL_BN_mod_add diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index ae0f02683a..7ea0f6223c 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -26,6 +26,7 @@ #define WOLFSSL_DH_H_ #include +#include #include #ifdef __cplusplus @@ -102,6 +103,8 @@ typedef WOLFSSL_DH DH; #define DH_set0_key wolfSSL_DH_set0_key #define DH_bits(x) (BN_num_bits((x)->p)) +#define OPENSSL_DH_MAX_MODULUS_BITS DH_MAX_SIZE + #define DH_GENERATOR_2 2 #define DH_CHECK_P_NOT_PRIME 0x01 #define DH_CHECK_P_NOT_SAFE_PRIME 0x02 diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h index 76a1252e1f..6acb59e00c 100644 --- a/wolfssl/openssl/dsa.h +++ b/wolfssl/openssl/dsa.h @@ -26,6 +26,7 @@ #define WOLFSSL_DSA_H_ #include +#include #ifdef __cplusplus extern "C" { @@ -119,6 +120,8 @@ WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams( typedef WOLFSSL_DSA DSA; +#define OPENSSL_DSA_MAX_MODULUS_BITS 3072 + #define WOLFSSL_DSA_LOAD_PRIVATE 1 #define WOLFSSL_DSA_LOAD_PUBLIC 2 diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index c7b0cfffa9..bd81894e8d 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -25,6 +25,7 @@ #define WOLFSSL_EC_H_ #include +#include #include #include #include @@ -431,6 +432,7 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD; #define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form #define EC_KEY_get_conv_form wolfSSL_EC_KEY_get_conv_form #define d2i_ECPKParameters wolfSSL_d2i_ECPKParameters +#define i2d_ECPKParameters wolfSSL_i2d_ECPKParameters #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex #define EC_POINT_hex2point wolfSSL_EC_POINT_hex2point diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 0cfaedd0d3..8ecc02c6b1 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -69,6 +69,8 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, const unsigned char **in, long len); WOLFSSL_API +int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp); +WOLFSSL_API int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, @@ -179,6 +181,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** key, wc_pem_password_cb* cb, void* pass); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_API +PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg); +#endif WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY **key, @@ -279,6 +286,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY #define PEM_write_bio_PUBKEY wolfSSL_PEM_write_bio_PUBKEY +#define PEM_write_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO +#define PEM_read_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index a248b23074..9311283976 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -27,6 +27,7 @@ #include #include +#include #include #include @@ -190,6 +191,8 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE + #define WOLFSSL_RSA_LOAD_PRIVATE 1 #define WOLFSSL_RSA_LOAD_PUBLIC 2 #define WOLFSSL_RSA_F4 0x10001L diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index ef65f60ea9..f6d29f0b75 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -207,7 +207,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define d2i_PKCS8_PRIV_KEY_INFO wolfSSL_d2i_PKCS8_PKEY -#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PrivateKey +#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PKCS8_PKEY #define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio #define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free @@ -643,8 +643,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL -#define X509_V_FLAG_PARTIAL_CHAIN 0 -#define X509_V_FLAG_TRUSTED_FIRST 0 +#define X509_V_FLAG_PARTIAL_CHAIN WOLFSSL_PARTIAL_CHAIN +#define X509_V_FLAG_TRUSTED_FIRST 0 /* dummy value needed for gRPC port */ #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME #define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME @@ -1009,7 +1009,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define RSA_print_fp wolfSSL_RSA_print_fp #define RSA_bits wolfSSL_RSA_bits #define RSA_up_ref wolfSSL_RSA_up_ref +#define RSA_padding_add_PKCS1_PSS_mgf1 wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1 #define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS +#define RSA_verify_PKCS1_PSS_mgf1 wolfSSL_RSA_verify_PKCS1_PSS_mgf1 #define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS #define PEM_def_callback wolfSSL_PEM_def_callback diff --git a/wolfssl/openssl/x509_vfy.h b/wolfssl/openssl/x509_vfy.h index 8666a53fee..977e0c00f8 100644 --- a/wolfssl/openssl/x509_vfy.h +++ b/wolfssl/openssl/x509_vfy.h @@ -33,10 +33,13 @@ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose); +#endif +#ifdef OPENSSL_EXTRA WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, unsigned long flags); #endif + #define X509_STORE_CTX_set_purpose wolfSSL_X509_STORE_CTX_set_purpose #define X509_STORE_CTX_set_flags wolfSSL_X509_STORE_CTX_set_flags diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index fed17f6562..4bbdf6565c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -600,16 +600,23 @@ struct WOLFSSL_X509_STORE { WOLFSSL_X509_CRL *crl; /* points to cm->crl */ #endif wolfSSL_Ref ref; + WOLF_STACK_OF(WOLFSSL_X509)* certs; + WOLF_STACK_OF(WOLFSSL_X509)* trusted; + WOLF_STACK_OF(WOLFSSL_X509)* owned; + word32 numAdded; /* Number of objs in objs that are in certs sk */ }; #define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 #define WOLFSSL_NO_WILDCARDS 0x2 #define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4 #define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8 +/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */ +#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_NO_CHECK_TIME 0x200000 +#define WOLFSSL_PARTIAL_CHAIN 0x80000 #define WOLFSSL_HOST_NAME_MAX 256 #define WOLFSSL_VPARAM_DEFAULT 0x1 @@ -672,7 +679,7 @@ typedef struct WOLFSSL_BUFFER_INFO { struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */ -#ifdef WOLFSSL_ASIO +#if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA) WOLFSSL_X509* current_issuer; /* asio dereference */ #endif WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */ @@ -695,6 +702,13 @@ struct WOLFSSL_X509_STORE_CTX { WOLFSSL_BUFFER_INFO* certs; /* peer certs */ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ void* heap; + int flags; + WOLF_STACK_OF(WOLFSSL_X509)* owned; /* Certs owned by this CTX */ + WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified + * on store ctx init */ + WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override + * set with + * X509_STORE_CTX_trusted_stack*/ }; typedef char* WOLFSSL_STRING; @@ -1267,11 +1281,18 @@ WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, int WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO** bio1_p, size_t writebuf1, WOLFSSL_BIO** bio2_p, size_t writebuf2); +WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + unsigned char *em, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, const WOLFSSL_EVP_MD *mgf1Hash, + int saltLen); WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen); +WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen); WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, const unsigned char *EM, int saltLen); @@ -2086,6 +2107,8 @@ WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio( WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey); WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen); +WOLFSSL_API int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, + unsigned char** pp); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, @@ -3009,9 +3032,12 @@ WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl); WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #endif -#if defined(WOLFSSL_ACERT) +#if defined(WOLFSSL_ACERT) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void * heap); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void); WOLFSSL_API void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, - void* heap); + int dynamic, void * heap); WOLFSSL_API void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509); #ifndef NO_WOLFSSL_STUB WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, @@ -3020,8 +3046,15 @@ WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, #endif /* !NO_WOLFSSL_STUB */ WOLFSSL_API int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey); +#if defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_X509_ACERT_get_signature_nid( + const WOLFSSL_X509_ACERT* x); WOLFSSL_API int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509_acert); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT( + WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u); +WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x); +#endif /* OPENSSL_EXTRA */ WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, const byte ** rawAttr, word32 * rawAttrLen); @@ -3029,16 +3062,14 @@ WOLFSSL_API int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509, unsigned char* in, int * inOutSz); WOLFSSL_API int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509); -WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x); -WOLFSSL_API int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT* x); WOLFSSL_API int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509, unsigned char* buf, int* bufSz); -WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT( - WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex( + const unsigned char* buf, int sz, int format, void * heap); WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer( const unsigned char* buf, int sz, int format); -#endif +#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */ WOLFSSL_API const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const @@ -3294,7 +3325,9 @@ enum { WOLFSSL_DTLSV1_3 = 7, WOLFSSL_USER_CA = 1, /* user added as trusted */ - WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */ + WOLFSSL_CHAIN_CA = 2, /* added to cache from trusted chain */ + WOLFSSL_TEMP_CA = 3 /* Temp intermediate CA, only for use by + * X509_STORE */ }; WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl); @@ -3354,6 +3387,21 @@ WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX* ctx, CallbackEncryptM WOLFSSL_API void wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl); +#ifdef WOLFSSL_THREADED_CRYPT + #ifndef WOLFSSL_THREADED_CRYPT_CNT + #define WOLFSSL_THREADED_CRYPT_CNT 16 + #endif + +typedef void (*WOLFSSL_THREAD_SIGNAL)(void* ctx, WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx, + WOLFSSL_THREAD_SIGNAL signal, void* ctx); +#endif + + typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl, unsigned char* decOut, const unsigned char* decIn, unsigned int decSz, int content, int verify, unsigned int* padSz, @@ -5357,6 +5405,8 @@ WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x); WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, wc_pem_password_cb* cb, void* ctx); +WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO* keyInfo); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey( XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, diff --git a/wolfssl/version.h b/wolfssl/version.h index 01fd1b683e..b4942384fe 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "5.7.2" -#define LIBWOLFSSL_VERSION_HEX 0x05007002 +#define LIBWOLFSSL_VERSION_STRING "5.7.4" +#define LIBWOLFSSL_VERSION_HEX 0x05007004 #ifdef __cplusplus } diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index cf08ec3a5c..eaa0c47150 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -327,7 +327,7 @@ struct Aes { int alFd; /* server socket to bind to */ int rdFd; /* socket to read from */ struct msghdr msg; - int dir; /* flag for encrpyt or decrypt */ + int dir; /* flag for encrypt or decrypt */ #ifdef WOLFSSL_AFALG_XILINX_AES word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) + GCM_NONCE_MID_SZ)]; @@ -382,15 +382,16 @@ struct Aes { ALIGN16 byte streamData[5 * AES_BLOCK_SIZE]; #else byte* streamData; + word32 streamData_sz; #endif word32 aSz; word32 cSz; byte over; byte aOver; byte cOver; - byte gcmKeySet:1; - byte nonceSet:1; - byte ctrSet:1; + WC_BITFIELD gcmKeySet:1; + WC_BITFIELD nonceSet:1; + WC_BITFIELD ctrSet:1; #endif #ifdef WC_DEBUG_CIPHER_LIFECYCLE void *CipherLifecycleTag; /* used for dummy allocation and initialization, @@ -726,6 +727,10 @@ WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId); #endif WOLFSSL_API void wc_AesFree(Aes* aes); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code); +WOLFSSL_API int wc_AesDelete(Aes* aes, Aes** aes_p); +#endif #ifdef WOLFSSL_AES_SIV typedef struct AesSivAssoc { diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 0ab2cb73fc..11803d6b60 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -224,11 +224,11 @@ typedef struct ASNItem { /* BER/DER tag to expect. */ byte tag; /* Whether the ASN.1 item is constructed. */ - byte constructed:1; + WC_BITFIELD constructed:1; /* Whether to parse the header only or skip data. If * ASNSetData.data.buffer.data is supplied then this option gets * overwritten and the child nodes get ignored. */ - byte headerOnly:1; + WC_BITFIELD headerOnly:1; /* Whether ASN.1 item is optional. * - 0 means not optional * - 1 means is optional @@ -951,13 +951,14 @@ enum Misc_ASN { #else KEYID_SIZE = WC_SHA_DIGEST_SIZE, #endif -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)) - RSA_INTS = 8, /* RSA ints in private key */ -#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY) - RSA_INTS = 5, /* RSA ints in private key */ -#else - RSA_INTS = 2, /* RSA ints in private key */ + RSA_INTS = 2 /* RSA ints in private key */ +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + + 3 +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + + 3 +#endif #endif + , DSA_PARAM_INTS = 3, /* DSA parameter ints */ RSA_PUB_INTS = 2, /* RSA ints in public key */ DSA_PUB_INTS = 4, /* DSA ints in public key */ @@ -1273,8 +1274,9 @@ enum Extensions_Sum { #ifdef WOLFSSL_DUAL_ALG_CERTS SUBJ_ALT_PUB_KEY_INFO_OID = 186, /* 2.5.29.72 subject alt public key info */ ALT_SIG_ALG_OID = 187, /* 2.5.29.73 alt sig alg */ - ALT_SIG_VAL_OID = 188 /* 2.5.29.74 alt sig val */ + ALT_SIG_VAL_OID = 188, /* 2.5.29.74 alt sig val */ #endif + WOLF_ENUM_DUMMY_LAST_ELEMENT(Extensions_Sum) }; enum CertificatePolicy_Sum { @@ -1941,63 +1943,63 @@ struct DecodedCert { int criticalExt; /* Option Bits */ - byte subjectCNStored : 1; /* have we saved a copy we own */ - byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */ - byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */ + WC_BITFIELD subjectCNStored:1; /* have we saved a copy we own */ + WC_BITFIELD extSubjKeyIdSet:1; /* Set when the SKID was read from cert */ + WC_BITFIELD extAuthKeyIdSet:1; /* Set when the AKID was read from cert */ #ifndef IGNORE_NAME_CONSTRAINTS - byte extNameConstraintSet : 1; + WC_BITFIELD extNameConstraintSet:1; #endif - byte isCA : 1; /* CA basic constraint true */ - byte pathLengthSet : 1; /* CA basic const path length set */ - byte weOwnAltNames : 1; /* altNames haven't been given to copy */ - byte extKeyUsageSet : 1; - byte extExtKeyUsageSet : 1; /* Extended Key Usage set */ + WC_BITFIELD isCA:1; /* CA basic constraint true */ + WC_BITFIELD pathLengthSet:1; /* CA basic const path length set */ + WC_BITFIELD weOwnAltNames:1; /* altNames haven't been given to copy */ + WC_BITFIELD extKeyUsageSet:1; + WC_BITFIELD extExtKeyUsageSet:1; /* Extended Key Usage set */ #ifdef HAVE_OCSP - byte ocspNoCheckSet : 1; /* id-pkix-ocsp-nocheck set */ -#endif - byte extCRLdistSet : 1; - byte extAuthInfoSet : 1; - byte extBasicConstSet : 1; - byte extPolicyConstSet : 1; - byte extPolicyConstRxpSet : 1; /* requireExplicitPolicy set */ - byte extPolicyConstIpmSet : 1; /* inhibitPolicyMapping set */ - byte extSubjAltNameSet : 1; - byte inhibitAnyOidSet : 1; - byte selfSigned : 1; /* Indicates subject and issuer are same */ + WC_BITFIELD ocspNoCheckSet:1; /* id-pkix-ocsp-nocheck set */ +#endif + WC_BITFIELD extCRLdistSet:1; + WC_BITFIELD extAuthInfoSet:1; + WC_BITFIELD extBasicConstSet:1; + WC_BITFIELD extPolicyConstSet:1; + WC_BITFIELD extPolicyConstRxpSet:1; /* requireExplicitPolicy set */ + WC_BITFIELD extPolicyConstIpmSet:1; /* inhibitPolicyMapping set */ + WC_BITFIELD extSubjAltNameSet:1; + WC_BITFIELD inhibitAnyOidSet:1; + WC_BITFIELD selfSigned:1; /* Indicates subject and issuer are same */ #ifdef WOLFSSL_SEP - byte extCertPolicySet : 1; -#endif - byte extCRLdistCrit : 1; - byte extAuthInfoCrit : 1; - byte extBasicConstCrit : 1; - byte extPolicyConstCrit : 1; - byte extSubjAltNameCrit : 1; - byte extAuthKeyIdCrit : 1; + WC_BITFIELD extCertPolicySet:1; +#endif + WC_BITFIELD extCRLdistCrit:1; + WC_BITFIELD extAuthInfoCrit:1; + WC_BITFIELD extBasicConstCrit:1; + WC_BITFIELD extPolicyConstCrit:1; + WC_BITFIELD extSubjAltNameCrit:1; + WC_BITFIELD extAuthKeyIdCrit:1; #ifndef IGNORE_NAME_CONSTRAINTS - byte extNameConstraintCrit : 1; + WC_BITFIELD extNameConstraintCrit:1; #endif - byte extSubjKeyIdCrit : 1; - byte extKeyUsageCrit : 1; - byte extExtKeyUsageCrit : 1; + WC_BITFIELD extSubjKeyIdCrit:1; + WC_BITFIELD extKeyUsageCrit:1; + WC_BITFIELD extExtKeyUsageCrit:1; #ifdef WOLFSSL_SUBJ_DIR_ATTR - byte extSubjDirAttrSet : 1; + WC_BITFIELD extSubjDirAttrSet:1; #endif #ifdef WOLFSSL_SUBJ_INFO_ACC - byte extSubjInfoAccSet : 1; + WC_BITFIELD extSubjInfoAccSet:1; #endif #ifdef WOLFSSL_DUAL_ALG_CERTS - byte extSapkiSet : 1; - byte extAltSigAlgSet : 1; - byte extAltSigValSet : 1; + WC_BITFIELD extSapkiSet:1; + WC_BITFIELD extAltSigAlgSet:1; + WC_BITFIELD extAltSigValSet:1; #endif /* WOLFSSL_DUAL_ALG_CERTS */ #ifdef WOLFSSL_SEP - byte extCertPolicyCrit : 1; + WC_BITFIELD extCertPolicyCrit:1; #endif #ifdef WOLFSSL_CERT_REQ - byte isCSR : 1; /* Do we intend on parsing a CSR? */ + WC_BITFIELD isCSR:1; /* Do we intend on parsing a CSR? */ #endif #ifdef HAVE_RPK - byte isRPK : 1; /* indicate the cert is Raw-Public-Key cert in RFC7250 */ + WC_BITFIELD isRPK:1; /* indicate the cert is Raw-Public-Key cert in RFC7250 */ #endif #ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; @@ -2034,7 +2036,7 @@ struct Signer { word32 keyOID; /* key type */ word16 keyUsage; byte maxPathLen; - byte selfSigned : 1; + WC_BITFIELD selfSigned:1; const byte* publicKey; int nameLen; char* name; /* common name */ @@ -2381,9 +2383,11 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, WOLFSSL_LOCAL int GetNameHash_ex(const byte* source, word32* idx, byte* hash, int maxIdx, word32 sigOID); WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, - DecodedCert* der, int checkAlt); + DecodedCert* der, int checkAlt, + void* heap); WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, - const byte* pubKey, word32 pubKeySz, enum Key_Sum ks); + const byte* pubKey, word32 pubKeySz, + enum Key_Sum ks, void* heap); WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); #ifdef WOLFSSL_DH_EXTRA WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, @@ -2572,10 +2576,10 @@ struct OcspEntry byte* rawCertId; /* raw bytes of the CertID */ int rawCertIdSize; /* num bytes in raw CertID */ /* option bits - using 32-bit for alignment */ - word32 ownStatus:1; /* do we need to free the status + WC_BITFIELD ownStatus:1; /* do we need to free the status * response list */ - word32 isDynamic:1; /* was dynamically allocated */ - word32 used:1; /* entry used */ + WC_BITFIELD isDynamic:1; /* was dynamically allocated */ + WC_BITFIELD used:1; /* entry used */ }; /* TODO: Long-term, it would be helpful if we made this struct and other OCSP @@ -2719,7 +2723,6 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl); /* Minimal structure for x509 attribute certificate (rfc 5755). * * The attributes field is not parsed, but is stored as raw buffer. - * * */ struct DecodedAcert { word32 certBegin; /* Offset to start of acert. */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 50663e8fd7..b8bbce40f4 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -332,7 +332,7 @@ typedef struct EncryptedInfo { char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */ byte iv[IV_SZ]; /* salt or encrypted IV */ - word16 set:1; /* if encryption set */ + WC_BITFIELD set:1; /* if encryption set */ #endif } EncryptedInfo; @@ -347,7 +347,7 @@ typedef struct WOLFSSL_ASN1_INTEGER { unsigned char* data; unsigned int dataMax; /* max size of data buffer */ - unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ + WC_BITFIELD isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ int length; /* Length of DER encoding. */ int type; /* ASN.1 type. Includes negative flag. */ @@ -549,13 +549,13 @@ typedef struct Cert { void* decodedCert; /* internal DecodedCert allocated from heap */ byte* der; /* Pointer to buffer of current DecodedCert cache */ void* heap; /* heap hint */ - byte basicConstSet:1; /* Indicator for when Basic Constraint is set */ + WC_BITFIELD basicConstSet:1; /* Indicator for when Basic Constraint is set */ #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE - byte isCaSet:1; /* Indicator for when isCA is set */ + WC_BITFIELD isCaSet:1; /* Indicator for when isCA is set */ #endif - byte pathLenSet:1; /* Indicator for when path length is set */ + WC_BITFIELD pathLenSet:1; /* Indicator for when path length is set */ #ifdef WOLFSSL_ALT_NAMES - byte altNamesCrit:1; /* Indicator of criticality of SAN extension */ + WC_BITFIELD altNamesCrit:1; /* Indicator of criticality of SAN extension */ #endif } Cert; @@ -937,9 +937,9 @@ typedef struct _wc_CertPIV { word32 signedNonceSz; /* Identiv Only */ /* flags */ - word16 compression:2; - word16 isX509:1; - word16 isIdentiv:1; + WC_BITFIELD compression:2; + WC_BITFIELD isX509:1; + WC_BITFIELD isIdentiv:1; } wc_CertPIV; WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz); @@ -969,6 +969,19 @@ WOLFSSL_API int wc_GeneratePreTBS(struct DecodedCert* cert, byte *der, int derSz); #endif +#if defined(WOLFSSL_ACERT) +/* Forward declaration needed, as DecodedAcert is defined in asn.h.*/ +struct DecodedAcert; +WOLFSSL_API void wc_InitDecodedAcert(struct DecodedAcert* acert, + const byte* source, word32 inSz, + void* heap); +WOLFSSL_API void wc_FreeDecodedAcert(struct DecodedAcert * acert); +WOLFSSL_API int wc_ParseX509Acert(struct DecodedAcert* acert, int verify); +WOLFSSL_API int wc_VerifyX509Acert(const byte* acert, word32 acertSz, + const byte* pubKey, word32 pubKeySz, + int pubKeyOID, void * heap); +#endif /* WOLFSSL_ACERT */ + #if !defined(XFPRINTF) || defined(NO_FILESYSTEM) || \ defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_ASN_PRINT) #undef WOLFSSL_ASN_PRINT @@ -994,7 +1007,7 @@ enum Asn1PrintOpt { /* Don't show text representations of primitive types. */ ASN1_PRINT_OPT_SHOW_NO_TEXT, /* Don't show dump text representations of primitive types. */ - ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT, + ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT }; /* ASN.1 print options. */ @@ -1006,17 +1019,17 @@ typedef struct Asn1PrintOptions { /* Number of spaces to indent for each change in depth. */ word8 indent; /* Draw branches instead of indenting. */ - word8 draw_branch:1; + WC_BITFIELD draw_branch:1; /* Show raw data of primitive types as octets. */ - word8 show_data:1; + WC_BITFIELD show_data:1; /* Show header data as octets. */ - word8 show_header_data:1; + WC_BITFIELD show_header_data:1; /* Show the wolfSSL OID value for OBJECT_ID. */ - word8 show_oid:1; + WC_BITFIELD show_oid:1; /* Don't show text representations of primitive types. */ - word8 show_no_text:1; + WC_BITFIELD show_no_text:1; /* Don't show dump text representations of primitive types. */ - word8 show_no_dump_text:1; + WC_BITFIELD show_no_dump_text:1; } Asn1PrintOptions; /* ASN.1 item data. */ diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h index db4e5dd664..1c6ae17455 100644 --- a/wolfssl/wolfcrypt/chacha.h +++ b/wolfssl/wolfcrypt/chacha.h @@ -114,7 +114,7 @@ void wc_chacha_setiv(word32* x, const byte* iv, word32 counter); void wc_chacha_setkey(word32* x, const byte* key, word32 keySz); #endif -#if defined(WOLFSSL_ARMASM_NO_NEON) || defined(__thumb__) +#if defined(WOLFSSL_ARMASM_NO_NEON) || defined(WOLFSSL_ARMASM_THUMB2) void wc_chacha_use_over(byte* over, byte* output, const byte* input, word32 len); void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len); diff --git a/wolfssl/wolfcrypt/chacha20_poly1305.h b/wolfssl/wolfcrypt/chacha20_poly1305.h index 929a1a640e..ffa4031bd9 100644 --- a/wolfssl/wolfcrypt/chacha20_poly1305.h +++ b/wolfssl/wolfcrypt/chacha20_poly1305.h @@ -72,7 +72,7 @@ typedef struct ChaChaPoly_Aead { word32 dataLen; byte state; - byte isEncrypt:1; + WC_BITFIELD isEncrypt:1; } ChaChaPoly_Aead; diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index 4d6d90da45..4d18c5678e 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -90,15 +90,15 @@ struct curve25519_key { void* devCtx; int devId; #endif - + void *heap; #ifdef WOLFSSL_SE050 word32 keyId; byte keyIdSet; #endif /* bit fields */ - byte pubSet:1; - byte privSet:1; + WC_BITFIELD pubSet:1; + WC_BITFIELD privSet:1; }; enum { @@ -139,6 +139,13 @@ int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId); WOLFSSL_API void wc_curve25519_free(curve25519_key* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API +curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code); +WOLFSSL_API +int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p); +#endif +WOLFSSL_API /* raw key helpers */ WOLFSSL_API diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h index 75df9e2fb3..b7227275f0 100644 --- a/wolfssl/wolfcrypt/curve448.h +++ b/wolfssl/wolfcrypt/curve448.h @@ -58,8 +58,8 @@ struct curve448_key { #endif /* bit fields */ - byte pubSet:1; - byte privSet:1; + WC_BITFIELD pubSet:1; + WC_BITFIELD privSet:1; }; enum { diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index eb68e20265..6e9cfb67ec 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -765,6 +765,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen); #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY WOLFSSL_API int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen); +#define wc_dilithium_export_private_only wc_dilithium_export_private #endif #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY WOLFSSL_API @@ -841,7 +842,7 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #define wc_MlDsaKey_ExportPrivRaw(key, out, outLen) \ wc_dilithium_export_private_only(key, out, outLen) #define wc_MlDsaKey_ImportPrivRaw(key, in, inLen) \ - wc_dilithium_import_private_only(out, outLen, key) + wc_dilithium_import_private_only(in, inLen, key) #define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng) \ wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng) #define wc_MlDsaKey_Free(key) \ @@ -849,7 +850,7 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #define wc_MlDsaKey_ExportPubRaw(key, out, outLen) \ wc_dilithium_export_public(key, out, outLen) #define wc_MlDsaKey_ImportPubRaw(key, in, inLen) \ - wc_dilithium_import_public(out, outLen, key) + wc_dilithium_import_public(in, inLen, key) #define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \ wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key) diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index ba8c88b882..71a7a8b791 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -467,6 +467,7 @@ struct ecc_point { #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) ecc_key* key; #endif + WC_BITFIELD isAllocated:1; }; /* ECC Flags */ @@ -589,12 +590,12 @@ struct ecc_key { mp_int* sign_k; #else mp_int sign_k[1]; - byte sign_k_set:1; + WC_BITFIELD sign_k_set:1; #endif #endif #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) - byte deterministic:1; + WC_BITFIELD deterministic:1; enum wc_HashType hashType; #endif @@ -1027,6 +1028,11 @@ WOLFSSL_API int wc_ecc_curve_cache_init(void); WOLFSSL_API void wc_ecc_curve_cache_free(void); #endif +#ifdef HAVE_OID_ENCODING +WOLFSSL_LOCAL int wc_ecc_oid_cache_init(void); +WOLFSSL_LOCAL void wc_ecc_oid_cache_free(void); +#endif + WOLFSSL_API int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order); diff --git a/wolfssl/wolfcrypt/eccsi.h b/wolfssl/wolfcrypt/eccsi.h index 72f9c70637..34e10bfcfe 100644 --- a/wolfssl/wolfcrypt/eccsi.h +++ b/wolfssl/wolfcrypt/eccsi.h @@ -62,15 +62,15 @@ typedef struct EccsiKeyParams { ecc_point* base; /** Bit indicates order (q) is set as an MP integer in ECCSI key. */ - byte haveOrder:1; + WC_BITFIELD haveOrder:1; /** Bit indicates A is set as an MP integer in ECCSI key. */ - byte haveA:1; + WC_BITFIELD haveA:1; /** Bit indicates B is set as an MP integer in ECCSI key. */ - byte haveB:1; + WC_BITFIELD haveB:1; /** Bit indicates prime is set as an MP integer in ECCSI key. */ - byte havePrime:1; + WC_BITFIELD havePrime:1; /** Bit indicates base point is set as an MP integer in ECCSI key. */ - byte haveBase:1; + WC_BITFIELD haveBase:1; } EccsiKeyParams; /** @@ -104,7 +104,7 @@ typedef struct EccsiKey { /** Heap hint for dynamic memory allocation. */ void* heap; /** Bit indicates KPAK (public key) is in montgomery form. */ - word16 kpakMont:1; + WC_BITFIELD kpakMont:1; } EccsiKey; #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index ff3b26cb0c..8c660b2189 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -94,8 +94,9 @@ struct ed25519_key { word32 flags; byte keyIdSet; #endif - word16 privKeySet:1; - word16 pubKeySet:1; + WC_BITFIELD privKeySet:1; + WC_BITFIELD pubKeySet:1; + WC_BITFIELD sha_clean_flag:1; /* only used if WOLFSSL_ED25519_PERSISTENT_SHA */ #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif @@ -106,7 +107,6 @@ struct ed25519_key { void *heap; #ifdef WOLFSSL_ED25519_PERSISTENT_SHA wc_Sha512 sha; - int sha_clean_flag; #endif }; @@ -175,13 +175,20 @@ int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res, #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ #endif /* HAVE_ED25519_VERIFY */ - WOLFSSL_API int wc_ed25519_init(ed25519_key* key); WOLFSSL_API int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId); WOLFSSL_API void wc_ed25519_free(ed25519_key* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API +ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code); +WOLFSSL_API +int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p); +#endif +WOLFSSL_API + #ifdef HAVE_ED25519_KEY_IMPORT WOLFSSL_API int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); diff --git a/wolfssl/wolfcrypt/ed448.h b/wolfssl/wolfcrypt/ed448.h index 1d12da87ae..9e2e8908ec 100644 --- a/wolfssl/wolfcrypt/ed448.h +++ b/wolfssl/wolfcrypt/ed448.h @@ -85,8 +85,8 @@ struct ed448_key { byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */ byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ #endif - word16 privKeySet:1; - word16 pubKeySet:1; + WC_BITFIELD privKeySet:1; + WC_BITFIELD pubKeySet:1; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif @@ -97,7 +97,7 @@ struct ed448_key { void *heap; #ifdef WOLFSSL_ED448_PERSISTENT_SHA wc_Shake sha; - int sha_clean_flag; + unsigned int sha_clean_flag : 1; #endif }; diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 2f7de32d0d..edbc949bcb 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -80,7 +80,7 @@ enum wc_MACAlgorithm { sha512_mac, rmd_mac, blake2b_mac, - sm3_mac, + sm3_mac }; enum wc_HashFlags { @@ -93,32 +93,41 @@ enum wc_HashFlags { WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH) }; -#ifndef NO_HASH_WRAPPER +/* hash union */ typedef union { - #ifndef NO_MD5 - wc_Md5 md5; - #endif - #ifndef NO_SHA - wc_Sha sha; - #endif - #ifdef WOLFSSL_SHA224 - wc_Sha224 sha224; - #endif - #ifndef NO_SHA256 - wc_Sha256 sha256; - #endif - #ifdef WOLFSSL_SHA384 - wc_Sha384 sha384; - #endif - #ifdef WOLFSSL_SHA512 - wc_Sha512 sha512; - #endif - #ifdef WOLFSSL_SHA3 - wc_Sha3 sha3; - #endif - #ifdef WOLFSSL_SM3 - wc_Sm3 sm3; - #endif +#ifndef NO_MD5 + wc_Md5 md5; +#endif +#ifndef NO_SHA + wc_Sha sha; +#endif +#ifdef WOLFSSL_SHA224 + wc_Sha224 sha224; +#endif +#ifndef NO_SHA256 + wc_Sha256 sha256; +#endif +#ifdef WOLFSSL_SHA384 + wc_Sha384 sha384; +#endif +#ifdef WOLFSSL_SHA512 + wc_Sha512 sha512; +#endif +#ifdef WOLFSSL_SHA3 + wc_Sha3 sha3; +#endif +#ifdef WOLFSSL_SM3 + wc_Sm3 sm3; +#endif +} wc_Hashes; + +#ifndef NO_HASH_WRAPPER +typedef struct { + wc_Hashes alg; + enum wc_HashType type; /* sanity check */ +#ifndef WC_NO_CONSTRUCTORS + void *heap; +#endif } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ @@ -183,6 +192,11 @@ WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out); WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, + int devId, int *result_code); +WOLFSSL_API int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p); +#endif #ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index 98270ee7ba..fd5d8d3a22 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -119,34 +119,7 @@ enum { #error "You have to have some kind of hash if you want to use HMAC." #endif - -/* hmac hash union */ -typedef union { -#ifndef NO_MD5 - wc_Md5 md5; -#endif -#ifndef NO_SHA - wc_Sha sha; -#endif -#ifdef WOLFSSL_SHA224 - wc_Sha224 sha224; -#endif -#ifndef NO_SHA256 - wc_Sha256 sha256; -#endif -#ifdef WOLFSSL_SHA384 - wc_Sha384 sha384; -#endif -#ifdef WOLFSSL_SHA512 - wc_Sha512 sha512; -#endif -#ifdef WOLFSSL_SHA3 - wc_Sha3 sha3; -#endif -#ifdef WOLFSSL_SM3 - wc_Sm3 sm3; -#endif -} wc_HmacHash; +typedef wc_Hashes wc_HmacHash; /* Hmac digest */ struct Hmac { diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h index 1e731ebc63..66b3a7aac9 100644 --- a/wolfssl/wolfcrypt/kdf.h +++ b/wolfssl/wolfcrypt/kdf.h @@ -140,7 +140,7 @@ WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId, /* Indicators */ enum { WC_SRTCP_32BIT_IDX = 0, - WC_SRTCP_48BIT_IDX = 1, + WC_SRTCP_48BIT_IDX = 1 }; /* Maximum length of salt that can be used with SRTP/SRTCP. */ diff --git a/wolfssl/wolfcrypt/lms.h b/wolfssl/wolfcrypt/lms.h index 45c64e002b..1534fb1aa8 100644 --- a/wolfssl/wolfcrypt/lms.h +++ b/wolfssl/wolfcrypt/lms.h @@ -78,6 +78,7 @@ enum wc_LmsRc { * Not predefining many sets with Winternitz=1, because the signatures * will be large. */ enum wc_LmsParm { +#ifndef WOLFSSL_NO_LMS_SHA256_256 WC_LMS_PARM_NONE = 0, WC_LMS_PARM_L1_H5_W1 = 1, WC_LMS_PARM_L1_H5_W2 = 2, @@ -114,6 +115,27 @@ enum wc_LmsParm { WC_LMS_PARM_L4_H5_W8 = 33, WC_LMS_PARM_L4_H10_W4 = 34, WC_LMS_PARM_L4_H10_W8 = 35, +#endif + +#ifdef WOLFSSL_LMS_SHA256_192 + WC_LMS_PARM_SHA256_192_L1_H5_W1 = 36, + WC_LMS_PARM_SHA256_192_L1_H5_W2 = 37, + WC_LMS_PARM_SHA256_192_L1_H5_W4 = 38, + WC_LMS_PARM_SHA256_192_L1_H5_W8 = 39, + WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40, + WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41, + WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42, + WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43, + WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44, + WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45, + WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46, + WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47, + WC_LMS_PARM_SHA256_192_L3_H5_W2 = 48, + WC_LMS_PARM_SHA256_192_L3_H5_W4 = 49, + WC_LMS_PARM_SHA256_192_L3_H5_W8 = 50, + WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51, + WC_LMS_PARM_SHA256_192_L4_H5_W8 = 52, +#endif }; /* enum wc_LmsState is to help track the state of an LMS/HSS Key. */ diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 9acc31b121..09d5bc9029 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -74,6 +74,15 @@ void ForceZero(void* mem, word32 len); WOLFSSL_LOCAL int ConstantCompare(const byte* a, const byte* b, int length); +WOLFSSL_LOCAL +word32 readUnalignedWord32(const byte *in); +WOLFSSL_LOCAL +word32 writeUnalignedWord32(void *out, word32 in); +WOLFSSL_LOCAL +void readUnalignedWords32(word32 *out, const byte *in, size_t count); +WOLFSSL_LOCAL +void writeUnalignedWords32(byte *out, const word32 *in, size_t count); + #ifdef WORD64_AVAILABLE WOLFSSL_LOCAL word64 readUnalignedWord64(const byte *in); diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 0a4631997f..80c687b051 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -257,8 +257,8 @@ struct PKCS7 { CallbackStreamOut streamOutCb; void* streamCtx; /* passed to getcontentCb and streamOutCb */ #endif - byte encodeStream:1; /* use BER when encoding */ - byte noCerts:1; /* if certificates should be added into bundle + WC_BITFIELD encodeStream:1; /* use BER when encoding */ + WC_BITFIELD noCerts:1; /* if certificates should be added into bundle during creation */ byte* cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */ byte* verifyCert; /* cert from array used for verify */ @@ -296,9 +296,9 @@ struct PKCS7 { word32 certSz[MAX_PKCS7_CERTS]; /* flags - up to 16-bits */ - word16 isDynamic:1; - word16 noDegenerate:1; /* allow degenerate case in verify function */ - word16 detached:1; /* generate detached SignedData signature bundles */ + WC_BITFIELD isDynamic:1; + WC_BITFIELD noDegenerate:1; /* allow degenerate case in verify function */ + WC_BITFIELD detached:1; /* generate detached SignedData signature bundles */ byte contentType[MAX_OID_SZ]; /* custom contentType byte array */ word32 contentTypeSz; /* size of contentType, bytes */ @@ -356,9 +356,9 @@ struct PKCS7 { /* used by DecodeEnvelopedData with multiple encrypted contents */ byte* cachedEncryptedContent; word32 cachedEncryptedContentSz; - word16 contentCRLF:1; /* have content line endings been converted to CRLF */ - word16 contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */ - word16 hashParamsAbsent:1; + WC_BITFIELD contentCRLF:1; /* have content line endings been converted to CRLF */ + WC_BITFIELD contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */ + WC_BITFIELD hashParamsAbsent:1; /* RFC 5280 section-4.2.1.2 lists a possible method for creating the SKID as * a SHA1 hash of the public key, but leaves it open to other methods as diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h index 70ed1efa83..d4db48762e 100644 --- a/wolfssl/wolfcrypt/poly1305.h +++ b/wolfssl/wolfcrypt/poly1305.h @@ -156,7 +156,7 @@ void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m, size_t bytes); void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m); #else -#if defined(__thumb__) +#if defined(WOLFSSL_ARMASM_THUMB2) #define poly1305_blocks poly1305_blocks_thumb2 #define poly1305_block poly1305_block_thumb2 diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 3d6c4e1de1..99d2ca20ab 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -1009,9 +1009,9 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); /* * Errata Mitigation. See - * https://www.espressif.com/sites/default/files/documentation/esp32_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-c3_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-s3_errata_en.pdf + * esp32_errata_en.pdf + * esp32-c3_errata_en.pdf + * esp32-s3_errata_en.pdf */ #define ESP_MP_HW_LOCK_MAX_DELAY ( TickType_t ) 0xffUL diff --git a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h index 632b371f58..afeb3526b7 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -28,11 +28,11 @@ #define __ESP_CRT_BUNDLE_wolfssl_LIB_H__ /* This file is typically NOT directly used by applications utilizing the - * wolfSSL libraries. It is used when the wolfssl libary component is configured - * to be utilized by the Espressif ESP-IDF, specifically the esp-tls layer. + * wolfSSL libraries. It is used when the wolfssl library component is + * configured to be utilized by the Espressif ESP-IDF, specifically the + * esp-tls layer. * - * See: - * https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/protocols/esp_tls.html + * See: esp-idf api-reference for esp_tls. * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h * ******************************************************************************* @@ -54,7 +54,16 @@ * Normally on, this uses the compiler `inline` decorator for bundle functions * to be optimized, since they are called during a TLS connection. * - * See Kconfig file (or use idy.py menufconfig) for other bundle settings. + * See Kconfig file (or use idy.py menuconfig) for other bundle settings. + * + ******************************************************************************* + ** Other Settings: + ******************************************************************************* + * WOLFSSL_CMAKE_REQUIRED_ESP_TLS + * This is defined in the wolfssl component cmake file when the esp-tls + * component is required. This is typically when Certificate Bundles are + * enabled, and the esp_tls_free_global_ca_store() in the esp-tls needs + * to be called from the wolfSSL wolfSSL_bundle_cleanup(). */ /* wolfSSL */ @@ -122,14 +131,14 @@ esp_err_t esp_crt_bundle_attach(void *conf); #else /** - * @brief Return ESP_OK for valid bunder, otherwise ESP_FAIL. + * @brief Return ESP_OK for valid bundle, otherwise ESP_FAIL. * * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. */ esp_err_t esp_crt_bundle_is_valid(void); /** - * @brief Return 1 if Cert Bundle loaded, otheriwse 0. + * @brief Return 1 if Cert Bundle loaded, otherwise 0. * * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. */ @@ -170,7 +179,7 @@ void esp_crt_bundle_detach(wolfssl_ssl_config *conf); * * @return * - ESP_OK if adding certificates was successful. - * - Other if an error occured or an action must be taken + * - Other if an error occurred or an action must be taken * by the calling process. */ esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size); @@ -180,7 +189,7 @@ esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size); * @brief Set the issuer and subject values given the current cert. * * Used internally by ESP-IDF esp-tls layer. Also helpful for debugging - * and general visibiity to certificate attributes. + * and general visibility to certificate attributes. * * The CERT_TAG can be used at the esp-tls or application layer to indicate * the usage of the respective cert (e.g. the string "peer"). diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h index 10c1188b44..6cca4955d8 100644 --- a/wolfssl/wolfcrypt/port/maxim/max3266x.h +++ b/wolfssl/wolfcrypt/port/maxim/max3266x.h @@ -236,21 +236,16 @@ #if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB) + /* Need to update this struct accordingly if other SHA Structs change */ + /* This is a generic struct to use so only this is needed */ + typedef struct { unsigned char *msg; unsigned int used; unsigned int size; - #ifdef WOLFSSL_HASH_FLAGS - unsigned int flags; /* enum wc_HashFlags in hash.h */ - #endif } wc_MXC_Sha; #if !defined(NO_SHA) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha; - #define WC_SHA_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Define the SHA digest for an empty string */ /* as a constant byte array */ static const unsigned char MXC_EMPTY_DIGEST_SHA1[20] = { @@ -260,11 +255,6 @@ #endif /* NO_SHA */ #if defined(WOLFSSL_SHA224) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha224; - #define WC_SHA224_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Define the SHA-224 digest for an empty string */ /* as a constant byte array */ static const unsigned char MXC_EMPTY_DIGEST_SHA224[28] = { @@ -275,11 +265,6 @@ #endif /* WOLFSSL_SHA224 */ #if !defined(NO_SHA256) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha256; - #define WC_SHA256_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Define the SHA-256 digest for an empty string */ /* as a constant byte array */ static const unsigned char MXC_EMPTY_DIGEST_SHA256[32] = { @@ -290,11 +275,6 @@ #endif /* NO_SHA256 */ #if defined(WOLFSSL_SHA384) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha384; - #define WC_SHA384_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Define the SHA-384 digest for an empty string */ /* as a constant byte array */ static const unsigned char MXC_EMPTY_DIGEST_SHA384[48] = { @@ -307,13 +287,6 @@ #endif /* WOLFSSL_SHA384 */ #if defined(WOLFSSL_SHA512) - #ifndef MAX3266X_SHA_CB - typedef wc_MXC_Sha wc_Sha512; - typedef wc_MXC_Sha wc_Sha512_224; - typedef wc_MXC_Sha wc_Sha512_256; - #define WC_SHA512_TYPE_DEFINED - #endif /* !MAX3266X_SHA_CB */ - /* Does not support these SHA512 Macros */ #ifndef WOLFSSL_NOSHA512_224 #warning "MAX3266X Port does not support SHA-512/224" diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index c5d211e67a..3f39d5b4df 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -295,6 +295,11 @@ typedef struct RsaPadding RsaPadding; WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code); +WOLFSSL_API int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p); +#endif + #ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, int devId); diff --git a/wolfssl/wolfcrypt/sakke.h b/wolfssl/wolfcrypt/sakke.h index 68b24c3c63..0f7a75c071 100644 --- a/wolfssl/wolfcrypt/sakke.h +++ b/wolfssl/wolfcrypt/sakke.h @@ -64,15 +64,15 @@ typedef struct SakkeKeyParams { ecc_point* base; /** Bit indicate prime is set as an MP integer in SAKKE key. */ - byte havePrime:1; + WC_BITFIELD havePrime:1; /** Bit indicates q (order) is set as an MP integer in SAKKE key. */ - byte haveQ:1; + WC_BITFIELD haveQ:1; /** Bit indicates g (pairing base) is set as an MP integer in SAKKE key. */ - byte haveG:1; + WC_BITFIELD haveG:1; /** Bit indicates a is set as an MP integer in SAKKE key. */ - byte haveA:1; + WC_BITFIELD haveA:1; /** Bit indicates base point is set as an ECC point in SAKKE key. */ - byte haveBase:1; + WC_BITFIELD haveBase:1; } SakkeKeyParams; /** Temporary values to use in SAKKE calculations. */ @@ -116,7 +116,7 @@ typedef struct SakkeKeyRsk { /** Length of table */ word32 tableLen; /** Indicates whether an RSK value has been set. */ - byte set:1; + WC_BITFIELD set:1; } SakkeKeyRsk; #endif @@ -153,9 +153,9 @@ typedef struct SakkeKey { void* heap; /** Bit indicates Z, public key, is in montgomery form. */ - byte zMont:1; + WC_BITFIELD zMont:1; /** Bit indicate MP integers have been initialized. */ - byte mpInit:1; + WC_BITFIELD mpInit:1; } SakkeKey; #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 5defa3ceb4..e02870c13b 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -20,24 +20,17 @@ */ /* - * ************************************************************************ + * Note, this file should not be edited to activate/deactivate features. * - * ******************************** NOTICE ******************************** - * - * ************************************************************************ - * - * This method of uncommenting a line in settings.h is outdated. - * - * Please use user_settings.h / WOLFSSL_USER_SETTINGS + * Instead, add/edit user_settings.h, and compile with -DWOLFSSL_USER_SETTINGS * * or * - * ./configure CFLAGS="-DFLAG" + * ./configure CFLAGS="-DFEATURE_FLAG_TO_DEFINE -UFEATURE_FLAG_TO_CLEAR [...]" * * For more information see: * * https://www.wolfssl.com/how-do-i-manage-the-build-configuration-of-wolfssl/ - * */ @@ -335,6 +328,18 @@ #include /*------------------------------------------------------------*/ +#if defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV) + #undef HAVE_FIPS_VERSION_MAJOR + #define HAVE_FIPS_VERSION_MAJOR 7 /* always one more than major version */ + /* of most recent FIPS certificate */ + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION HAVE_FIPS_VERSION_MAJOR + #undef HAVE_FIPS_VERSION_MINOR + #define HAVE_FIPS_VERSION_MINOR 0 /* always 0 */ + #undef HAVE_FIPS_VERSION_PATCH + #define HAVE_FIPS_VERSION_PATCH 0 /* always 0 */ +#endif + #define WOLFSSL_MAKE_FIPS_VERSION3(major, minor, patch) \ (((major) * 65536) + ((minor) * 256) + (patch)) #define WOLFSSL_MAKE_FIPS_VERSION(major, minor) \ @@ -535,7 +540,7 @@ * used in the esp-wolfssl or other places in the ESP-IDF. They should * be always be included for backward compatibility. * - * See also: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html + * See also: Espressif api-reference kconfig docs. * * These settings should be checked and assigned wolfssl equivalents before * any others. @@ -1476,7 +1481,7 @@ extern void uITRON4_free(void *p) ; #ifndef NO_WRITEV #define NO_WRITEV #endif - #ifndef HAVE_SHA512 + #ifndef WOLFSSL_SHA512 #ifndef NO_SHA512 #define NO_SHA512 #endif @@ -2399,7 +2404,10 @@ extern void uITRON4_free(void *p) ; #endif /* Detect Cortex M3 (no UMAAL) */ -#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(__ARM_ARCH_7M__) +#if defined(__ARM_ARCH_7M__) && !defined(WOLFSSL_ARM_ARCH_7M) + #define WOLFSSL_ARM_ARCH_7M +#endif +#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(WOLFSSL_ARM_ARCH_7M) #undef WOLFSSL_SP_NO_UMAAL #define WOLFSSL_SP_NO_UMAAL #endif @@ -2735,7 +2743,7 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_SP_INT_DIGIT_ALIGN #define WOLFSSL_SP_INT_DIGIT_ALIGN #endif -#ifdef __APPLE__ +#if defined(__APPLE__) || defined(WOLF_C89) #define WOLFSSL_SP_NO_DYN_STACK #endif diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index dd9d8b90ac..063784edd7 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -151,8 +151,8 @@ struct wc_Sha { #else word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; #endif - void* heap; #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif @@ -163,7 +163,7 @@ struct wc_Sha { int devId; void* devCtx; /* generic crypto callback context */ #endif -#ifdef MAX3266X_SHA_CB +#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) wc_MXC_Sha mxcCtx; #endif #ifdef WOLFSSL_IMXRT1170_CAAM diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index c435cf061c..b5534d4a5a 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -194,13 +194,13 @@ struct wc_Sha256 { word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ - void* heap; #ifdef WC_C_DYNAMIC_FALLBACK int sha_method; #endif #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif @@ -213,7 +213,7 @@ struct wc_Sha256 { #ifdef WOLFSSL_DEVCRYPTO_HASH WC_CRYPTODEV ctx; #endif -#ifdef MAX3266X_SHA_CB +#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) wc_MXC_Sha mxcCtx; #endif #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 9bcebdc62a..e971a8df13 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -144,6 +144,7 @@ struct wc_Sha512 { cy_stc_crypto_sha_state_t hash_state; cy_en_crypto_sha_mode_t sha_mode; cy_stc_crypto_v2_sha512_buffers_t sha_buffers; + void* heap; #else word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; @@ -188,7 +189,7 @@ struct wc_Sha512 { int devId; void* devCtx; /* generic crypto callback context */ #endif -#ifdef MAX3266X_SHA_CB +#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) wc_MXC_Sha mxcCtx; #endif #ifdef WOLFSSL_HASH_FLAGS diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 2177722977..41ea648a54 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -112,6 +112,10 @@ decouple library dependencies with standard string, memory and so on. typedef const char* const wcchar; #endif + #ifndef WC_BITFIELD + #define WC_BITFIELD byte + #endif + #ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES /* if a version is available, pivot on the version, otherwise guess it's * allowed, subject to override. @@ -511,13 +515,19 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) m2mb_os_free(xp) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) m2mb_os_free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) m2mb_os_free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) #elif defined(NO_WOLFSSL_MEMORY) #ifdef WOLFSSL_NO_MALLOC /* this platform does not support heap use */ + #ifdef WOLFSSL_SMALL_STACK + #error WOLFSSL_SMALL_STACK requires a heap implementation. + #endif + #ifndef WC_NO_CONSTRUCTORS + #define WC_NO_CONSTRUCTORS + #endif #ifdef WOLFSSL_MALLOC_CHECK #ifndef NO_STDIO_FILESYSTEM #include @@ -527,11 +537,11 @@ typedef struct w64wrapper { return NULL; }; #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc_check((s))) - #define XFREE(p, h, t) (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(h); (void)(t); } while (0) #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL) #else #define XMALLOC(s, h, t) ((void)(s), (void)(h), (void)(t), NULL) - #define XFREE(p, h, t) (void)(p); (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(p); (void)(h); (void)(t); } while(0) #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL) #endif #else @@ -539,9 +549,9 @@ typedef struct w64wrapper { #include #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); if (xp) free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) \ ((void)(h), (void)(t), realloc((p), (size_t)(n))) @@ -565,7 +575,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t, __func__, __LINE__) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) #else @@ -573,7 +583,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ @@ -585,23 +595,29 @@ typedef struct w64wrapper { #ifdef WOLFSSL_DEBUG_MEMORY #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__)) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(xp, __func__, __LINE__)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(xp, __func__, __LINE__); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n), __func__, __LINE__)) #else #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n))) #endif /* WOLFSSL_DEBUG_MEMORY */ #endif /* WOLFSSL_STATIC_MEMORY */ #endif + #if defined(WOLFSSL_SMALL_STACK) && defined(WC_NO_CONSTRUCTORS) + #error WOLFSSL_SMALL_STACK requires constructors. + #endif + + #include + /* declare/free variable handling for async and smallstack */ #ifndef WC_ALLOC_DO_ON_FAILURE #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING @@ -1098,15 +1114,16 @@ typedef struct w64wrapper { DYNAMIC_TYPE_LMS = 101, DYNAMIC_TYPE_BIO = 102, DYNAMIC_TYPE_X509_ACERT = 103, - DYNAMIC_TYPE_SNIFFER_SERVER = 1000, - DYNAMIC_TYPE_SNIFFER_SESSION = 1001, - DYNAMIC_TYPE_SNIFFER_PB = 1002, - DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, - DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, - DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, - DYNAMIC_TYPE_SNIFFER_KEY = 1006, - DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, - DYNAMIC_TYPE_AES_EAX = 1008, + DYNAMIC_TYPE_SNIFFER_SERVER = 1000, + DYNAMIC_TYPE_SNIFFER_SESSION = 1001, + DYNAMIC_TYPE_SNIFFER_PB = 1002, + DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, + DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, + DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, + DYNAMIC_TYPE_SNIFFER_KEY = 1006, + DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, + DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER = 1008, + DYNAMIC_TYPE_AES_EAX = 1009, }; /* max error buffer string size */ @@ -1695,13 +1712,25 @@ typedef struct w64wrapper { #define WC_CPP_CAT_(a, b) a ## b #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b) - #if (defined(__cplusplus) && (__cplusplus >= 201103L)) || \ - (defined(_MSVC_LANG) && (_MSVC_LANG >= 201103L)) - #ifndef static_assert2 - #define static_assert2 static_assert - #endif - #elif !defined(static_assert) - #if !defined(__cplusplus) && \ + #if defined(WC_NO_STATIC_ASSERT) + #define wc_static_assert(expr) struct wc_static_assert_dummy_struct + #define wc_static_assert2(expr, msg) wc_static_assert(expr) + #elif !defined(wc_static_assert) + #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \ + (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \ + (defined(_MSVC_LANG) && (_MSVC_LANG >= 201103L)) + /* native variadic static_assert() */ + #define wc_static_assert static_assert + #ifndef wc_static_assert2 + #define wc_static_assert2 static_assert + #endif + #elif defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L) + /* native 2-argument static_assert() */ + #define wc_static_assert(expr) static_assert(expr, #expr) + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) static_assert(expr, msg) + #endif + #elif !defined(__cplusplus) && \ !defined(__STRICT_ANSI__) && \ !defined(WOLF_C89) && \ defined(__STDC_VERSION__) && \ @@ -1709,19 +1738,23 @@ typedef struct w64wrapper { ((defined(__GNUC__) && \ (__GNUC__ >= 5)) || \ defined(__clang__)) - #define static_assert(expr) _Static_assert(expr, #expr) - #ifndef static_assert2 - #define static_assert2(expr, msg) _Static_assert(expr, msg) + /* native 2-argument _Static_assert() */ + #define wc_static_assert(expr) _Static_assert(expr, #expr) + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) _Static_assert(expr, msg) #endif #else - #define static_assert(expr) \ - struct WC_CPP_CAT(wc_dummy_struct_L, __LINE__) - #ifndef static_assert2 - #define static_assert2(expr, msg) static_assert(expr) + /* C89-compatible fallback */ + #define wc_static_assert(expr) \ + struct WC_CPP_CAT(wc_static_assert_dummy_struct_L, __LINE__) { \ + char t[(expr) ? 1 : -1]; \ + } + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) wc_static_assert(expr) #endif #endif - #elif !defined(static_assert2) - #define static_assert2(expr, msg) static_assert(expr) + #elif !defined(wc_static_assert2) + #define wc_static_assert2(expr, msg) wc_static_assert(expr) #endif #ifndef SAVE_VECTOR_REGISTERS diff --git a/wolfssl/wolfcrypt/wc_kyber.h b/wolfssl/wolfcrypt/wc_kyber.h index 2b8ac8da22..79a03cbd0d 100644 --- a/wolfssl/wolfcrypt/wc_kyber.h +++ b/wolfssl/wolfcrypt/wc_kyber.h @@ -310,6 +310,38 @@ WOLFSSL_LOCAL int kyber_cmp_neon(const byte* a, const byte* b, int sz); WOLFSSL_LOCAL void kyber_csubq_neon(sword16* p); WOLFSSL_LOCAL void kyber_from_msg_neon(sword16* p, const byte* msg); WOLFSSL_LOCAL void kyber_to_msg_neon(byte* msg, sword16* p); +#elif defined(WOLFSSL_ARMASM_THUMB2) && defined(WOLFSSL_ARMASM) +#define kyber_ntt kyber_thumb2_ntt +#define kyber_invntt kyber_thumb2_invntt +#define kyber_basemul_mont kyber_thumb2_basemul_mont +#define kyber_basemul_mont_add kyber_thumb2_basemul_mont_add +#define kyber_rej_uniform_c kyber_thumb2_rej_uniform + +WOLFSSL_LOCAL void kyber_thumb2_ntt(sword16* r); +WOLFSSL_LOCAL void kyber_thumb2_invntt(sword16* r); +WOLFSSL_LOCAL void kyber_thumb2_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_thumb2_csubq(sword16* p); +WOLFSSL_LOCAL unsigned int kyber_thumb2_rej_uniform(sword16* p, + unsigned int len, const byte* r, unsigned int rLen); +#elif defined(WOLFSSL_ARMASM) +#define kyber_ntt kyber_arm32_ntt +#define kyber_invntt kyber_arm32_invntt +#define kyber_basemul_mont kyber_arm32_basemul_mont +#define kyber_basemul_mont_add kyber_arm32_basemul_mont_add +#define kyber_rej_uniform_c kyber_arm32_rej_uniform + +WOLFSSL_LOCAL void kyber_arm32_ntt(sword16* r); +WOLFSSL_LOCAL void kyber_arm32_invntt(sword16* r); +WOLFSSL_LOCAL void kyber_arm32_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_arm32_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_arm32_csubq(sword16* p); +WOLFSSL_LOCAL unsigned int kyber_arm32_rej_uniform(sword16* p, unsigned int len, + const byte* r, unsigned int rLen); #endif #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h index 6f90eaa3bd..0f31696220 100644 --- a/wolfssl/wolfcrypt/wc_lms.h +++ b/wolfssl/wolfcrypt/wc_lms.h @@ -134,6 +134,9 @@ /* Length of numeric types when encoding. */ #define LMS_TYPE_LEN 4 +/* Size of digest output when truncatint SHA-256 to 192 bits. */ +#define WC_SHA256_192_DIGEST_SIZE 24 + /* Maximum size of a node hash. */ #define LMS_MAX_NODE_LEN WC_SHA256_DIGEST_SIZE /* Maximum size of SEED (produced by hash). */ @@ -142,8 +145,6 @@ * Value of P when N=32 and W=1. */ #define LMS_MAX_P 265 -/* Length of SEED and I in bytes. */ -#define LMS_SEED_I_LEN (LMS_SEED_LEN + LMS_I_LEN) #ifndef WOLFSSL_LMS_ROOT_LEVELS @@ -192,33 +193,32 @@ (HSS_COMPRESS_PARAM_SET_LEN * HSS_MAX_LEVELS) /* Private key length for one level. */ -#define LMS_PRIV_LEN \ - (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN) +#define LMS_PRIV_LEN(hLen) \ + (LMS_Q_LEN + (hLen) + LMS_I_LEN) /* Public key length in signature. */ -#define LMS_PUBKEY_LEN \ - (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + LMS_MAX_NODE_LEN) +#define LMS_PUBKEY_LEN(hLen) \ + (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + (hLen)) /* LMS signature data length. */ -#define LMS_SIG_LEN(h, p) \ - (LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN + \ - LMS_TYPE_LEN + (h) * LMS_MAX_NODE_LEN) +#define LMS_SIG_LEN(h, p, hLen) \ + (LMS_Q_LEN + LMS_TYPE_LEN + (hLen) + (p) * (hLen) + LMS_TYPE_LEN + \ + (h) * (hLen)) /* Length of public key. */ -#define HSS_PUBLIC_KEY_LEN (LMS_L_LEN + LMS_PUBKEY_LEN) +#define HSS_PUBLIC_KEY_LEN(hLen) (LMS_L_LEN + LMS_PUBKEY_LEN(hLen)) /* Length of private key. */ -#define HSS_PRIVATE_KEY_LEN \ - (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + LMS_SEED_LEN + LMS_I_LEN) +#define HSS_PRIVATE_KEY_LEN(hLen) \ + (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + (hLen) + LMS_I_LEN) /* Maximum public key length - length is constant for all parameters. */ -#define HSS_MAX_PRIVATE_KEY_LEN HSS_PRIVATE_KEY_LEN +#define HSS_MAX_PRIVATE_KEY_LEN HSS_PRIVATE_KEY_LEN(LMS_MAX_NODE_LEN) /* Maximum private key length - length is constant for all parameters. */ -#define HSS_MAX_PUBLIC_KEY_LEN HSS_PUBLIC_KEY_LEN +#define HSS_MAX_PUBLIC_KEY_LEN HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN) /* Maximum signature length. */ #define HSS_MAX_SIG_LEN \ (LMS_TYPE_LEN + \ LMS_MAX_LEVELS * (LMS_Q_LEN + LMS_TYPE_LEN + LMS_TYPE_LEN + \ LMS_MAX_NODE_LEN * (1 + LMS_MAX_P + LMS_MAX_HEIGHT)) + \ - (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN \ - ) + (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN)) /* Maximum buffer length required for use when hashing. */ #define LMS_MAX_BUFFER_LEN \ @@ -229,20 +229,20 @@ * * HSSPrivKey.priv */ -#define LMS_PRIV_KEY_LEN(l) \ - ((l) * LMS_PRIV_LEN) +#define LMS_PRIV_KEY_LEN(l, hLen) \ + ((l) * LMS_PRIV_LEN(hLen)) /* Stack of nodes. */ -#define LMS_STACK_CACHE_LEN(h) \ - (((h) + 1) * LMS_MAX_NODE_LEN) +#define LMS_STACK_CACHE_LEN(h, hLen) \ + (((h) + 1) * (hLen)) /* Root cache length. */ -#define LMS_ROOT_CACHE_LEN(rl) \ - (((1 << (rl)) - 1) * LMS_MAX_NODE_LEN) +#define LMS_ROOT_CACHE_LEN(rl, hLen) \ + (((1 << (rl)) - 1) * (hLen)) /* Leaf cache length. */ -#define LMS_LEAF_CACHE_LEN(cb) \ - ((1 << (cb)) * LMS_MAX_NODE_LEN) +#define LMS_LEAF_CACHE_LEN(cb, hLen) \ + ((1 << (cb)) * (hLen)) /* Length of LMS private key state. * @@ -252,75 +252,103 @@ * stack.stack + stack.offset + * cache.leaf + cache.index + cache.offset */ -#define LMS_PRIV_STATE_LEN(h, rl, cb) \ - (((h) * LMS_MAX_NODE_LEN) + \ - LMS_STACK_CACHE_LEN(h) + 4 + \ - LMS_ROOT_CACHE_LEN(rl) + \ - LMS_LEAF_CACHE_LEN(cb) + 4 + 4) +#define LMS_PRIV_STATE_LEN(h, rl, cb, hLen) \ + (((h) * (hLen)) + \ + LMS_STACK_CACHE_LEN(h, hLen) + 4 + \ + LMS_ROOT_CACHE_LEN(rl, hLen) + \ + LMS_LEAF_CACHE_LEN(cb, hLen) + 4 + 4) #ifndef WOLFSSL_WC_LMS_SMALL /* Private key data state for all levels. */ - #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) \ - ((l) * LMS_PRIV_STATE_LEN(h, rl, cb)) + #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) \ + ((l) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen)) #else /* Private key data state for all levels. */ - #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) 0 + #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) 0 #endif #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING /* Extra private key data for smoothing. */ - #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) \ - (LMS_PRIV_KEY_LEN(l) + \ - ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb)) + #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) \ + (LMS_PRIV_KEY_LEN(l, hLen) + \ + ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen)) #else /* Extra private key data for smoothing. */ - #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) 0 + #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) 0 #endif #ifndef WOLFSSL_LMS_NO_SIG_CACHE - #define LMS_PRIV_Y_TREE_LEN(p) \ - (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN) + #define LMS_PRIV_Y_TREE_LEN(p, hLen) \ + ((hLen) + (p) * (hLen)) /* Length of the y data cached in private key data. */ - #define LMS_PRIV_Y_LEN(l, p) \ - (((l) - 1) * (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN)) + #define LMS_PRIV_Y_LEN(l, p, hLen) \ + (((l) - 1) * ((hLen) + (p) * (hLen))) #else /* Length of the y data cached in private key data. */ - #define LMS_PRIV_Y_LEN(l, p) 0 + #define LMS_PRIV_Y_LEN(l, p, hLen) 0 #endif #ifndef WOLFSSL_WC_LMS_SMALL /* Length of private key data. */ -#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb) \ - (LMS_PRIV_KEY_LEN(l) + \ - LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) + \ - LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) + \ - LMS_PRIV_Y_LEN(l, p)) +#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen) \ + (LMS_PRIV_KEY_LEN(l, hLen) + \ + LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) + \ + LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) + \ + LMS_PRIV_Y_LEN(l, p, hLen)) #else -#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb) \ - LMS_PRIV_KEY_LEN(l) +#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen) \ + LMS_PRIV_KEY_LEN(l, hLen) #endif +/* Indicates using SHA-256 for hashing. */ +#define LMS_SHA256 0x00 +/* Indicates using SHA-256/192 for hashing. */ +#define LMS_SHA256_192 0x10 +/* Mask to get hashing algorithm from type. */ +#define LMS_HASH_MASK 0xf0 +/* Mask to get height or Winternitz width from type. */ +#define LMS_H_W_MASK 0x0f /* LMS Parameters. */ /* SHA-256 hash, 32-bytes of hash used, tree height of 5. */ -#define LMS_SHA256_M32_H5 5 +#define LMS_SHA256_M32_H5 0x05 +/* SHA-256 hash, 32-bytes of hash used, tree height of 10. */ +#define LMS_SHA256_M32_H10 0x06 +/* SHA-256 hash, 32-bytes of hash used, tree height of 15. */ +#define LMS_SHA256_M32_H15 0x07 +/* SHA-256 hash, 32-bytes of hash used, tree height of 20. */ +#define LMS_SHA256_M32_H20 0x08 +/* SHA-256 hash, 32-bytes of hash used, tree height of 25. */ +#define LMS_SHA256_M32_H25 0x09 + +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */ +#define LMOTS_SHA256_N32_W1 0x01 +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */ +#define LMOTS_SHA256_N32_W2 0x02 +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */ +#define LMOTS_SHA256_N32_W4 0x03 +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */ +#define LMOTS_SHA256_N32_W8 0x04 + +/* SHA-256 hash, 32-bytes of hash used, tree height of 5. */ +#define LMS_SHA256_M24_H5 (0x05 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 10. */ -#define LMS_SHA256_M32_H10 6 +#define LMS_SHA256_M24_H10 (0x06 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 15. */ -#define LMS_SHA256_M32_H15 7 +#define LMS_SHA256_M24_H15 (0x07 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 20. */ -#define LMS_SHA256_M32_H20 8 +#define LMS_SHA256_M24_H20 (0x08 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 25. */ -#define LMS_SHA256_M32_H25 9 +#define LMS_SHA256_M24_H25 (0x09 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */ -#define LMOTS_SHA256_N32_W1 1 +#define LMOTS_SHA256_N24_W1 (0x01 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */ -#define LMOTS_SHA256_N32_W2 2 +#define LMOTS_SHA256_N24_W2 (0x02 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */ -#define LMOTS_SHA256_N32_W4 3 +#define LMOTS_SHA256_N24_W4 (0x03 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */ -#define LMOTS_SHA256_N32_W8 4 +#define LMOTS_SHA256_N24_W8 (0x04 | LMS_SHA256_192) typedef struct LmsParams { /* Number of tree levels. */ @@ -339,6 +367,8 @@ typedef struct LmsParams { word16 lmOtsType; /* Length of LM-OTS signature. */ word16 sig_len; + /* Length of seed. */ + word16 hash_len; #ifndef WOLFSSL_WC_LMS_SMALL /* Number of root levels of interior nodes to store. */ word8 rootLevels; @@ -426,10 +456,10 @@ typedef struct HssPrivKey { struct LmsKey { /* Public key. */ - ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN]; + ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)]; #ifndef WOLFSSL_LMS_VERIFY_ONLY /* Encoded private key. */ - ALIGN16 byte priv_raw[HSS_PRIVATE_KEY_LEN]; + ALIGN16 byte priv_raw[HSS_MAX_PRIVATE_KEY_LEN]; /* Packed private key data. */ byte* priv_data; diff --git a/wrapper/Ada/alire.toml b/wrapper/Ada/alire.toml index 53b0e94644..b08ccb7e85 100644 --- a/wrapper/Ada/alire.toml +++ b/wrapper/Ada/alire.toml @@ -1,6 +1,6 @@ name = "wolfssl" description = "WolfSSL encryption library and its Ada bindings" -version = "5.7.2" +version = "5.7.4" authors = ["WolfSSL Team "] maintainers = ["Fernando Oleo Blanco "] diff --git a/wrapper/CSharp/README.md b/wrapper/CSharp/README.md index 21310463ae..537e6cc9b4 100644 --- a/wrapper/CSharp/README.md +++ b/wrapper/CSharp/README.md @@ -2,7 +2,9 @@ This directory contains the CSharp wrapper for the wolfSSL TLS layer with examples. -* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library) +* `wolfSSL_CSharp`: wolfSSL TLS layer wrappers (library). +* `wolfCrypt-Test`: wolfCrypt layer wrapper testing. +* `user_settings.h`: wolfCrypt wrapper user settings. Examples: * `wolfSSL-DTLS-PSK-Server` @@ -20,6 +22,12 @@ A Visual Studio solution `wolfSSL_CSharp.sln` is provided. This will allow you to build the wrapper library and examples. It includes the wolfSSL Visual Studio project directly. +To successfully run and build the solution on Windows Visual Studio you will +need to open a new solution `wolfSSL_CSharp.sln` located in `wrapper\CSharp\wolfSSL_CSharp.sln`. + +Select the CPU type, configuration, and target file. +select `Build` and either `Rebuild Solution` or `Build Solution`. + ## Linux (Ubuntu) using mono Prerequisites for linux: @@ -34,35 +42,40 @@ apt-get install mono-complete ``` ./autogen.sh -./configure --enable-wolftpm +./configure --enable-keygen --enable-eccencrypt --enable-ed25519 --enable-curve25519 --enable-aesgcm make make check sudo make install ``` -### Build and run the wrapper +### Build and run the wolfCrypt test wrapper + +From the `wrapper/CSharp` directory (`cd wrapper/CSharp`): -From the wolfssl root directory: +Compile wolfCrypt test: ``` -cd wrapper/CSharp +mcs wolfCrypt-Test/wolfCrypt-Test.cs wolfSSL_CSharp/wolfCrypt.cs -OUT:wolfcrypttest.exe +mono wolfcrypttest.exe ``` +### Build and run the wolfSSL client/server test + +From the `wrapper/CSharp` directory (`cd wrapper/CSharp`): + Compile server: ``` -mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ -wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe +mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs -OUT:server.exe ``` Compile client: ``` -mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs \ -wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe +mcs wolfSSL_CSharp/wolfSSL.cs wolfSSL_CSharp/X509.cs wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs -OUT:client.exe ``` -### Run the example +#### Run the example In one terminal instance run the server: @@ -76,7 +89,7 @@ And in another terminal instance run the client: mono client.exe ``` -### Enabling SNI +#### Enabling SNI To enable SNI, just pass the `-S` argument with the specified hostname to the client: diff --git a/wrapper/CSharp/include.am b/wrapper/CSharp/include.am index c1a11c8c00..ecd70d015e 100644 --- a/wrapper/CSharp/include.am +++ b/wrapper/CSharp/include.am @@ -26,10 +26,13 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/Properties/AssemblyInfo. EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp.sln +EXTRA_DIST+= wrapper/CSharp/user_settings.h +EXTRA_DIST+= wrapper/CSharp/wolfssl.vcxproj EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/AssemblyInfo.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.Designer.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/Properties/Resources.resx EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/X509.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-Client/App.config @@ -40,3 +43,7 @@ EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/App.config EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/Properties/AssemblyInfo.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs EXTRA_DIST+= wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj +EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/App.config +EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs +EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs +EXTRA_DIST+= wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj diff --git a/wrapper/CSharp/user_settings.h b/wrapper/CSharp/user_settings.h new file mode 100644 index 0000000000..b9d2ff738d --- /dev/null +++ b/wrapper/CSharp/user_settings.h @@ -0,0 +1,136 @@ +/* user_settings.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* These are the build settings used by the Visual Studio CSharp wrapper */ + +#ifndef _WIN_CSHARP_USER_SETTINGS_H_ +#define _WIN_CSHARP_USER_SETTINGS_H_ + +/* Features */ +#define NO_OLD_TLS +#define WOLFSSL_TLS13 +#define WOLFSSL_DTLS +#define WOLFSSL_DTLS13 +#define WOLFSSL_SEND_HRR_COOKIE +#define WOLFSSL_DTLS_CID +#define HAVE_EXTENDED_MASTER +#define HAVE_SECURE_RENEGOTIATION +#define HAVE_SUPPORTED_CURVES +#define HAVE_TLS_EXTENSIONS +#define WOLFSSL_CERT_EXT +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define HAVE_ENCRYPT_THEN_MAC +#define HAVE_ECC_ENCRYPT +#define WOLFSSL_PUBLIC_MP +#define NO_MULTIBYTE_PRINT +#define WOLFSSL_KEY_GEN /* RSA key gen */ +#define WOLFSSL_ASN_TEMPLATE /* default */ +#define WOLFSSL_SHA3 + +#if 0 + #define OPENSSL_EXTRA +#endif + +#define HAVE_CRL +#if 0 + /* start thread that can monitor CRL directory */ + #define HAVE_CRL_MONITOR +#endif + +/* Algorithms */ +#define HAVE_ED25519 +#define HAVE_CURVE25519 + +#define HAVE_AESGCM +#define WOLFSSL_AESGCM_STREAM +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 + +#define HAVE_HKDF + +#undef NO_DH +#define HAVE_PUBLIC_FFDHE +#define HAVE_FFDHE_2048 +#define HAVE_FFDHE_4096 + +#undef NO_RSA +#define WC_RSA_PSS +#define WOLFSSL_PSS_LONG_SALT +#define WC_RSA_BLINDING + +#define HAVE_ECC +#define ECC_SHAMIR +#define ECC_TIMING_RESISTANT +#define HAVE_COMP_KEY + +/* Disable features */ +#define NO_PSK + +/* Disable Algorithms */ +#define NO_DES3 +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_MD5 +#define NO_SHA + +/* Math */ + +/* Single Precision Support for RSA/DH 1024/2048/3072 and + * ECC P-256/P-384 */ +#define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_HAVE_SP_DH +#define WOLFSSL_HAVE_SP_RSA + +/* Optional Performance Speedups */ +#if 0 + #ifdef _WIN64 + /* Assembly speedups for SP math */ + #define WOLFSSL_SP_X86_64_ASM + + /* Support for RDSEED instruction */ + #define HAVE_INTEL_RDSEED + + /* AESNI on x64 */ + #define WOLFSSL_AESNI + + /* Intel ASM */ + #define USE_INTEL_SPEEDUP + #define WOLFSSL_X86_64_BUILD + + /* Old versions of MASM compiler do not recognize newer + * instructions. */ + #if 0 + #define NO_AVX2_SUPPORT + #define NO_MOVBE_SUPPORT + #endif + #endif +#endif + +/* Debug logging */ +#if 1 + #define DEBUG_WOLFSSL +#else + /* #define NO_ERROR_STRINGS */ +#endif + +#endif /* !_WIN_CSHARP_USER_SETTINGS_H_ */ diff --git a/wrapper/CSharp/wolfCrypt-Test/App.config b/wrapper/CSharp/wolfCrypt-Test/App.config new file mode 100644 index 0000000000..4bfa005618 --- /dev/null +++ b/wrapper/CSharp/wolfCrypt-Test/App.config @@ -0,0 +1,6 @@ + + + + + + diff --git a/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs new file mode 100644 index 0000000000..ed34d06a03 --- /dev/null +++ b/wrapper/CSharp/wolfCrypt-Test/Properties/AssemblyInfo.cs @@ -0,0 +1,36 @@ +using System.Reflection; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; + +// General Information about an assembly is controlled through the following +// set of attributes. Change these attribute values to modify the information +// associated with an assembly. +[assembly: AssemblyTitle("wolfCrypt-Test")] +[assembly: AssemblyDescription("")] +[assembly: AssemblyConfiguration("")] +[assembly: AssemblyCompany("wolfSSL")] +[assembly: AssemblyProduct("wolfCrypt-Test")] +[assembly: AssemblyCopyright("Copyright wolfSSL 2020")] +[assembly: AssemblyTrademark("")] +[assembly: AssemblyCulture("")] + +// Setting ComVisible to false makes the types in this assembly not visible +// to COM components. If you need to access a type in this assembly from +// COM, set the ComVisible attribute to true on that type. +[assembly: ComVisible(false)] + +// The following GUID is for the ID of the typelib if this project is exposed to COM +[assembly: Guid("a4f4a244-1306-47f4-a168-31f78d7362fa")] + +// Version information for an assembly consists of the following four values: +// +// Major Version +// Minor Version +// Build Number +// Revision +// +// You can specify all the values or you can default the Build and Revision Numbers +// by using the '*' as shown below: +// [assembly: AssemblyVersion("1.0.*")] +[assembly: AssemblyVersion("1.0.0.0")] +[assembly: AssemblyFileVersion("1.0.0.0")] diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs new file mode 100644 index 0000000000..2dd2e7f774 --- /dev/null +++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs @@ -0,0 +1,920 @@ +/* wolfCrypt-Test.cs + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Tests for the wolfCrypt C# wrapper */ + +using System; +using System.Linq; +using System.Text; +using System.Security.Cryptography; +using wolfSSL.CSharp; +using System.Runtime.InteropServices; +using static wolfSSL.CSharp.wolfcrypt; + +public class wolfCrypt_Test_CSharp +{ + private static void random_test() + { + int ret, i, zeroCount = 0; + Byte[] data = new Byte[128]; + + Console.WriteLine("Starting RNG test"); + + /* Random Test */ + ret = wolfcrypt.Random(data, data.Length); + if (ret == 0) + { + /* Check for 0's */ + for (i = 0; i < (int)data.Length; i++) + { + if (data[i] == 0) + { + zeroCount++; + } + } + if (zeroCount == data.Length) + { + Console.WriteLine("RNG zero check error"); + } + else + { + Console.WriteLine("RNG Test Passed"); + } + } + else + { + Console.WriteLine("RNG Error" + wolfcrypt.GetError(ret)); + } + } /* END random_test */ + + private static void ecc_test(string hashAlgorithm, int keySize) + { + int ret; + IntPtr rng = IntPtr.Zero; + IntPtr PrivKey = IntPtr.Zero; + IntPtr PubKey = IntPtr.Zero; + IntPtr key = IntPtr.Zero; + + Console.WriteLine("\nStarting ECC" + (keySize*8) + " test for " + hashAlgorithm + "..."); + + /* Create a new RNG context */ + rng = wolfcrypt.RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("RNG initialization failed."); + } + + /* Generate ECC Key Pair */ + Console.WriteLine("Testing ECC Key Generation..."); + key = wolfcrypt.EccMakeKey(keySize, rng); + if (key == IntPtr.Zero) + { + throw new Exception("EccMakeKey failed"); + } + Console.WriteLine("ECC Key Generation test passed."); + + /* Export and Import Key */ + Console.WriteLine("Testing ECC Key Export and Import..."); + byte[] privateKeyDer; + ret = wolfcrypt.EccExportPrivateKeyToDer(key, out privateKeyDer); + if (ret < 0) { + throw new Exception("ExportPrivateKeyToDer failed"); + } + byte[] publicKeyDer; + ret = wolfcrypt.EccExportPublicKeyToDer(key, out publicKeyDer, true); + if (ret < 0) { + throw new Exception("ExportPublicKeyToDer failed"); + } + PrivKey = wolfcrypt.EccImportKey(privateKeyDer); + if (PrivKey == IntPtr.Zero) + { + throw new Exception("EccImportKey Private failed"); + } + + PubKey = wolfcrypt.EccImportPublicKeyFromDer(publicKeyDer); + if (PubKey == IntPtr.Zero) + { + throw new Exception("ImportPublicKeyFromDer Public failed"); + } + Console.WriteLine("ECC Key Export and Import test passed."); + + /* Generate hash based on selected algorithm */ + byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash"); + byte[] hash; + + switch (hashAlgorithm.ToUpper()) + { + case "SHA256": + using (SHA256 sha256 = SHA256.Create()) + { + hash = sha256.ComputeHash(dataToHash); + } + break; + + case "SHA384": + using (SHA384 sha384 = SHA384.Create()) + { + hash = sha384.ComputeHash(dataToHash); + } + break; + + case "SHA512": + using (SHA512 sha512 = SHA512.Create()) + { + hash = sha512.ComputeHash(dataToHash); + } + break; + + default: + throw new Exception("Unsupported hash algorithm"); + } + Console.WriteLine($"{hashAlgorithm} hash generated."); + + /* Sign Data */ + Console.WriteLine("Testing ECC Signature Creation..."); + byte[] signature = new byte[wolfcrypt.ECC_MAX_SIG_SIZE]; + int signLength = wolfcrypt.EccSign(PrivKey, hash, signature); + if (signLength <= 0) + { + throw new Exception("EccSign failed"); + } + + byte[] actualSignature = new byte[signLength]; + Array.Copy(signature, 0, actualSignature, 0, signLength); + + Console.WriteLine($"ECC Signature Creation test passed. Signature Length: {signLength}"); + + /* Verify Signature */ + Console.WriteLine("Testing ECC Signature Verification..."); + int verifyResult = wolfcrypt.EccVerify(PubKey, actualSignature, hash); + if (verifyResult != 0) + { + throw new Exception("EccVerify failed"); + } + Console.WriteLine("ECC Signature Verification test passed."); + + /* Cleanup */ + if (key != IntPtr.Zero) wolfcrypt.EccFreeKey(key); + if (PubKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PubKey); + if (PrivKey != IntPtr.Zero) wolfcrypt.EccFreeKey(PrivKey); + if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng); + } /* END ecc_test */ + + private static void ecies_test(int keySize) + { + /* maximum encrypted message: + * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */ + int bufferSize = wolfcrypt.MAX_ECIES_TEST_SZ; + const string message = "Hello wolfSSL!"; + byte[] salt = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }; + + IntPtr a = IntPtr.Zero; + IntPtr b = IntPtr.Zero; + IntPtr aCtx = IntPtr.Zero; + IntPtr bCtx = IntPtr.Zero; + IntPtr rng = IntPtr.Zero; + IntPtr heap = IntPtr.Zero; + + byte[] plaintext = new byte[bufferSize]; + byte[] encrypted = new byte[bufferSize]; + byte[] decrypted = new byte[bufferSize]; + + try + { + Console.WriteLine($"\nStarting ECIES test for {keySize} byte key size..."); + + /* Create a new RNG context */ + rng = wolfcrypt.RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("RNG initialization failed."); + } + + /* Initialize keys */ + a = wolfcrypt.EccMakeKey(keySize, rng); + b = wolfcrypt.EccMakeKey(keySize, rng); + if (a == IntPtr.Zero || b == IntPtr.Zero) + { + throw new Exception("Key generation failed."); + } + Console.WriteLine("ECC key generation passed."); + + /* Create ECIES contexts for encryption and decryption */ + aCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_CLIENT, rng, heap); + bCtx = wolfcrypt.EciesNewCtx((int)wolfcrypt.ecFlags.REQ_RESP_SERVER, rng, heap); + if (aCtx == IntPtr.Zero || bCtx == IntPtr.Zero) + { + throw new Exception("Context creation failed."); + } + Console.WriteLine("ECC context creation passed."); + + /* Set KDF salt */ + if (wolfcrypt.EciesSetKdfSalt(aCtx, salt) != 0 || + wolfcrypt.EciesSetKdfSalt(bCtx, salt) != 0) + { + throw new Exception("Failed to set KDF salt."); + } + Console.WriteLine("KDF salt setup passed."); + + /* Prepare plaintext */ + Array.Clear(plaintext, 0, plaintext.Length); + Array.Copy(Encoding.ASCII.GetBytes(message), plaintext, message.Length); + /* Pad to block size */ + int plaintextLen = ((message.Length + (wolfcrypt.AES_BLOCK_SIZE - 1)) / + wolfcrypt.AES_BLOCK_SIZE) * wolfcrypt.AES_BLOCK_SIZE; + + /* Encrypt message */ + int ret = wolfcrypt.EciesEncrypt(a, b, plaintext, (uint)plaintextLen, encrypted, aCtx); + if (ret < 0) + { + throw new Exception("Encryption failed."); + } + + int encryptedLen = ret; + Console.WriteLine("ECC encryption passed."); + + /* Decrypt message */ + ret = wolfcrypt.EciesDecrypt(b, a, encrypted, (uint)encryptedLen, decrypted, bCtx); + if (ret < 0) + { + throw new Exception("Decryption failed."); + } + + int decryptedLen = ret; + Console.WriteLine("ECC decryption passed."); + + /* Compare decrypted text to original plaintext */ + if (decryptedLen != plaintextLen || !wolfcrypt.ByteArrayVerify(plaintext, decrypted)) + { + throw new Exception("Decrypted text does not match original plaintext."); + } + Console.WriteLine("Decrypted text matches original plaintext."); + } + finally + { + /* Cleanup key and context */ + if (a != IntPtr.Zero) wolfcrypt.EccFreeKey(a); + if (b != IntPtr.Zero) wolfcrypt.EccFreeKey(b); + if (aCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(aCtx); + if (bCtx != IntPtr.Zero) wolfcrypt.EciesFreeCtx(bCtx); + if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng); + } + } /* END ecies_test */ + + private static void ecdhe_test(int keySize) + { + int ret; + IntPtr rng = IntPtr.Zero; + IntPtr keyA = IntPtr.Zero; + IntPtr keyB = IntPtr.Zero; + IntPtr publicKeyA = IntPtr.Zero; + IntPtr publicKeyB = IntPtr.Zero; + byte[] derKey; + + Console.WriteLine("\nStarting ECDHE shared secret test for " + keySize + " key size..."); + + /* Create RNG */ + Console.WriteLine("Generating RNG..."); + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to generate RNG."); + } + Console.WriteLine("RNG generation test passed."); + + /* Generate Key Pair A */ + Console.WriteLine("Generating Key Pair A..."); + keyA = wolfcrypt.EccMakeKey(keySize, rng); + if (keyA == IntPtr.Zero) + { + throw new Exception("Failed to generate key pair A."); + } + + /* Generate Key Pair B */ + Console.WriteLine("Generating Key Pair B..."); + keyB = wolfcrypt.EccMakeKey(keySize, rng); + if (keyB == IntPtr.Zero) + { + throw new Exception("Failed to generate key pair B."); + } + Console.WriteLine("ECC Key generation test passed."); + + /* Export Public Key B to DER format */ + Console.WriteLine("Exporting Public Key B to DER format..."); + ret = wolfcrypt.EccExportPublicKeyToDer(keyB, out derKey, true); + if (ret < 0 || derKey == null) + { + throw new Exception("EccExportPublicKeyToDer failed"); + } + + /* Decode Public Key B from DER format */ + Console.WriteLine("Decoding Public Key B from DER format..."); + publicKeyB = wolfcrypt.EccImportPublicKeyFromDer(derKey); + if (publicKeyB == IntPtr.Zero) + { + throw new Exception("Failed to decode public key B from DER format."); + } + Console.WriteLine("ECC Export and Import test passed."); + + /* Compute Shared Secret using Private Key A and Public Key B */ + Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B..."); + byte[] sharedSecretA = new byte[keySize]; + int retA = wolfcrypt.EcdheSharedSecret(keyA, publicKeyB, sharedSecretA, rng); + if (retA != 0) + { + throw new Exception("Failed to compute shared secret A. Error code: " + retA); + } + Console.WriteLine("ECC shared secret created using private Key A."); + + /* Export Public Key A to DER format */ + Console.WriteLine("Exporting Public Key A to DER format..."); + ret = wolfcrypt.EccExportPublicKeyToDer(keyA, out derKey, true); + if (ret < 0 || derKey == null) + { + throw new Exception("EccExportPublicKeyToDer failed"); + } + + /* Decode Public Key A from DER format */ + Console.WriteLine("Decoding Public Key A from DER format..."); + publicKeyA = wolfcrypt.EccImportPublicKeyFromDer(derKey); + if (publicKeyA == IntPtr.Zero) + { + throw new Exception("Failed to decode public key A from DER format."); + } + + /* Compute Shared Secret using Private Key B and Public Key A */ + Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A..."); + byte[] sharedSecretB = new byte[keySize]; + int retB = wolfcrypt.EcdheSharedSecret(keyB, publicKeyA, sharedSecretB, rng); + if (retB != 0) + { + throw new Exception("Failed to compute shared secret B. Error code: " + retB); + } + Console.WriteLine("ECC shared secret created using private Key B."); + + /* Compare Shared Secrets */ + Console.WriteLine("Comparing Shared Secrets..."); + if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB)) + { + throw new Exception("Shared secrets do not match."); + } + else + { + Console.WriteLine("ECC shared secret match."); + } + + /* Cleanup */ + if (keyA != IntPtr.Zero) wolfcrypt.EccFreeKey(keyA); + if (keyB != IntPtr.Zero) wolfcrypt.EccFreeKey(keyB); + if (publicKeyA != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyA); + if (publicKeyB != IntPtr.Zero) wolfcrypt.EccFreeKey(publicKeyB); + if (rng != IntPtr.Zero) wolfcrypt.RandomFree(rng); + } /* END ecdhe_test */ + + private static void rsa_test(string hashAlgorithm, int keySize) + { + IntPtr key = IntPtr.Zero; + IntPtr heap = IntPtr.Zero; + int devId = wolfcrypt.INVALID_DEVID; + + Console.WriteLine("\nStarting RSA" + keySize + " test for " + hashAlgorithm + "..."); + + /* Generate RSA Key Pair */ + Console.WriteLine("Testing RSA Key Generation..."); + key = wolfcrypt.RsaMakeKey(heap, devId, keySize); + if (key == IntPtr.Zero) + { + throw new Exception("RsaMakeKey failed"); + } + Console.WriteLine("RSA Key Generation test passed."); + + /* Generate hash based on selected algorithm */ + byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash"); + byte[] hash; + + switch (hashAlgorithm.ToUpper()) + { + case "SHA256": + using (SHA256 sha256 = SHA256.Create()) + { + hash = sha256.ComputeHash(dataToHash); + } + break; + + case "SHA384": + using (SHA384 sha384 = SHA384.Create()) + { + hash = sha384.ComputeHash(dataToHash); + } + break; + + case "SHA512": + using (SHA512 sha512 = SHA512.Create()) + { + hash = sha512.ComputeHash(dataToHash); + } + break; + + default: + throw new Exception("Unsupported hash algorithm"); + } + Console.WriteLine($"{hashAlgorithm} hash generated."); + + /* Sign Data */ + Console.WriteLine("Testing RSA Signature Creation..."); + byte[] signature = new byte[keySize / 8]; + int signLength = wolfcrypt.RsaSignSSL(key, hash, signature); + if (signLength <= 0) + { + throw new Exception("RsaSignSSL failed"); + } + + byte[] actualSignature = new byte[signLength]; + Array.Copy(signature, 0, actualSignature, 0, signLength); + + Console.WriteLine($"RSA Signature Creation test passed. Signature Length: {signLength}"); + + /* Verify Signature */ + Console.WriteLine("Testing RSA Signature Verification..."); + int verifyResult = wolfcrypt.RsaVerifySSL(key, actualSignature, hash); + if (verifyResult != 0) + { + throw new Exception("RsaVerifySSL failed"); + } + Console.WriteLine("RSA Signature Verification test passed."); + + /* Cleanup */ + if (key != IntPtr.Zero) wolfcrypt.RsaFreeKey(key); + } /* END rsa_test */ + + private static void ed25519_test() + { + int ret; + IntPtr key = IntPtr.Zero; + byte[] privKey; + byte[] pubKey; + + Console.WriteLine("\nStarting ED25519 tests..."); + + IntPtr heap = IntPtr.Zero; + int devId = wolfcrypt.INVALID_DEVID; + + /* Generate ED25519 Key Pair */ + Console.WriteLine("Testing ED25519 Key Generation..."); + key = wolfcrypt.Ed25519MakeKey(heap, devId); + if (key == IntPtr.Zero) + { + throw new Exception("Ed25519MakeKey failed"); + } + Console.WriteLine("ED25519 Key Generation test passed."); + + /* Export and Import Key */ + Console.WriteLine("Testing ED25519 Key Export and Import..."); + /* Export Private */ + ret = wolfcrypt.Ed25519ExportKeyToDer(key, out privKey); + if (ret < 0 || privKey == null) + { + throw new Exception("Ed25519ExportKeyToDer failed"); + } + /* Export Public */ + ret = wolfcrypt.Ed25519ExportPublicKeyToDer(key, out pubKey, true); + if (ret < 0 || pubKey == null) + { + throw new Exception("Ed25519ExportKeyToDer failed"); + } + /* Import Private */ + IntPtr importedPrivKey = wolfcrypt.Ed25519PrivateKeyDecode(privKey); + if (importedPrivKey == IntPtr.Zero) + { + throw new Exception("Ed25519PrivateKeyDecode failed"); + } + /* Import Public */ + IntPtr importedPubKey = wolfcrypt.Ed25519PublicKeyDecode(pubKey); + if (importedPubKey == IntPtr.Zero) + { + throw new Exception("Ed25519PublicKeyDecode failed"); + } + Console.WriteLine("ED25519 Key Export and Import test passed."); + + /* Generate a hash */ + byte[] dataToHash = System.Text.Encoding.UTF8.GetBytes("This is some data to hash"); + + /* Sign Data */ + Console.WriteLine("Testing ED25519 Signature Creation..."); + byte[] signature; + + ret = wolfcrypt.Ed25519SignMsg(dataToHash, out signature, key); + if (ret != 0) + { + throw new Exception("Ed25519SignMsg failed"); + } + Console.WriteLine($"ED25519 Signature Creation test passed. Signature Length: {signature.Length}"); + + /* Verify Signature */ + Console.WriteLine("Testing ED25519 Signature Verification..."); + ret = wolfcrypt.Ed25519VerifyMsg(signature, dataToHash, key); + if (ret != 0) + { + throw new Exception("Ed25519VerifyMsg failed"); + } + Console.WriteLine("ED25519 Signature Verification test passed."); + + /* Cleanup */ + if (key != IntPtr.Zero) wolfcrypt.Ed25519FreeKey(key); + } /* END ed25519_test */ + + private static void curve25519_test() + { + int ret; + IntPtr keyA = IntPtr.Zero; + IntPtr keyB = IntPtr.Zero; + IntPtr publicKeyA = IntPtr.Zero; + IntPtr publicKeyB = IntPtr.Zero; + byte[] derKey; + + Console.WriteLine("\nStarting Curve25519 shared secret test..."); + + /* Generate Key Pair A */ + Console.WriteLine("Generating Key Pair A..."); + keyA = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0); + if (keyA == IntPtr.Zero) + { + throw new Exception("Failed to generate key pair A."); + } + + /* Generate Key Pair B */ + Console.WriteLine("Generating Key Pair B..."); + keyB = wolfcrypt.Curve25519MakeKey(IntPtr.Zero, 0); + if (keyB == IntPtr.Zero) + { + throw new Exception("Failed to generate key pair B."); + } + Console.WriteLine("Curve25519 Key generation test passed."); + + /* Export Public Key B to DER format */ + Console.WriteLine("Exporting Public Key B to DER format..."); + ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyB, out derKey, true); + if (ret < 0 || derKey == null) + { + throw new Exception("Curve25519ExportPublicKeyToDer failed"); + } + + /* Decode Public Key B from DER format */ + Console.WriteLine("Decoding Public Key B from DER format..."); + publicKeyB = wolfcrypt.Curve25519PublicKeyDecode(derKey); + if (publicKeyB == IntPtr.Zero) + { + throw new Exception("Failed to decode public key B from DER format."); + } + Console.WriteLine("Curve25519 Export and Import test passed."); + + /* Compute Shared Secret using Private Key A and Public Key B */ + Console.WriteLine("Computing Shared Secret using Private Key A and Public Key B..."); + byte[] sharedSecretA = new byte[wolfcrypt.ED25519_KEY_SIZE]; + int retA = wolfcrypt.Curve25519SharedSecret(keyA, publicKeyB, sharedSecretA); + if (retA != 0) + { + throw new Exception("Failed to compute shared secret A. Error code: " + retA); + } + Console.WriteLine("Curve25519 shared secret created using private Key A."); + + /* Export Public Key A to DER format */ + Console.WriteLine("Exporting Public Key A to DER format..."); + ret = wolfcrypt.Curve25519ExportPublicKeyToDer(keyA, out derKey, true); + if (ret < 0 || derKey == null) + { + throw new Exception("Curve25519ExportPublicKeyToDer failed"); + } + + /* Decode Public Key A from DER format */ + Console.WriteLine("Decoding Public Key A from DER format..."); + publicKeyA = wolfcrypt.Curve25519PublicKeyDecode(derKey); + if (publicKeyA == IntPtr.Zero) + { + throw new Exception("Failed to decode public key A from DER format."); + } + + /* Compute Shared Secret using Private Key B and Public Key A */ + Console.WriteLine("Computing Shared Secret using Private Key B and Public Key A..."); + byte[] sharedSecretB = new byte[wolfcrypt.ED25519_KEY_SIZE]; + int retB = wolfcrypt.Curve25519SharedSecret(keyB, publicKeyA, sharedSecretB); + if (retB != 0) + { + throw new Exception("Failed to compute shared secret B. Error code: " + retB); + } + Console.WriteLine("Curve25519 shared secret created using private Key B."); + + /* Compare Shared Secrets */ + Console.WriteLine("Comparing Shared Secrets..."); + if (!wolfcrypt.ByteArrayVerify(sharedSecretA, sharedSecretB)) + { + throw new Exception("Shared secrets do not match."); + } + else + { + Console.WriteLine("Curve25519 shared secret match."); + } + + /* Cleanup */ + if (keyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyA); + if (keyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(keyB); + if (publicKeyA != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyA); + if (publicKeyB != IntPtr.Zero) wolfcrypt.Curve25519FreeKey(publicKeyB); + } /* END curve25519_test */ + + private static void aes_gcm_test() + { + IntPtr aes = IntPtr.Zero; + byte[] key; + byte[] iv; + byte[] plaintext; + byte[] ciphertext; + byte[] addAuth; + byte[] authTag; + byte[] decrypted; + int ret; + + try + { + Console.WriteLine("\nStarting AES-GCM tests..."); + + IntPtr heap = IntPtr.Zero; + int devId = wolfcrypt.INVALID_DEVID; + + /* Initialize AES-GCM Context */ + Console.WriteLine("Testing AES-GCM Initialization..."); + + /* + * This is from the Test Case 16 from the document Galois/ + * Counter Mode of Operation (GCM) by McGrew and + * Viega. + */ + + key = new byte[32] + { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }; + + iv = new byte[12] + { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 + }; + + plaintext = new byte[] + { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 + }; + + + ciphertext = new byte[] + { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62 + }; + + addAuth = new byte[] + { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + + authTag = new byte[16]; + + aes = wolfcrypt.AesNew(heap, devId); + if (aes == IntPtr.Zero) + { + throw new Exception($"AesNew failed with error code {aes}"); + } + Console.WriteLine("AesNew test passed."); + + /* Set AES-GCM Key */ + Console.WriteLine("Testing AES-GCM Key Setting..."); + uint len = (uint)key.Length; + ret = wolfcrypt.AesGcmSetKey(aes, key); + if (ret != 0) + { + throw new Exception($"AesGcmSetKey failed with error code {ret}"); + } + Console.WriteLine("AES-GCM Key Setting test passed."); + + /* Encryption */ + Console.WriteLine("Testing AES-GCM Encryption..."); + ret = wolfcrypt.AesGcmEncrypt(aes, iv, plaintext, ciphertext, authTag, addAuth); + if (ret != 0) + { + throw new Exception($"AesGcmEncrypt failed with error code {ret}"); + } + Console.WriteLine($"AES-GCM Encryption test passed. Ciphertext Length: {ciphertext.Length}"); + + /* Decryption */ + Console.WriteLine("Testing AES-GCM Decryption..."); + decrypted = new byte[plaintext.Length]; + + ret = wolfcrypt.AesGcmDecrypt(aes, iv, ciphertext, decrypted, authTag, addAuth); + if (ret != 0) + { + throw new Exception($"AesGcmDecrypt failed with error code {ret}"); + } + + /* Verify Decryption */ + if (!plaintext.SequenceEqual(decrypted)) + { + throw new Exception("Decryption failed: decrypted data does not match original plaintext."); + } + Console.WriteLine("AES-GCM Decryption test passed."); + + } + catch (Exception ex) + { + Console.WriteLine($"AES-GCM test failed: {ex.Message}"); + } + finally + { + /* Cleanup */ + if (aes != IntPtr.Zero) + { + wolfcrypt.AesGcmFree(aes); + } + } + } /* END aes_gcm_test */ + + private static void hash_test(uint hashType) + { + IntPtr hash = IntPtr.Zero; + IntPtr heap = IntPtr.Zero; + int devId = wolfcrypt.INVALID_DEVID; + + /* Get the enum name */ + string hashTypeName = Enum.GetName(typeof(wolfcrypt.hashType), hashType); + + Console.WriteLine($"\nStarting hash test for {hashTypeName}..."); + + /* Allocate new hash context */ + Console.WriteLine("Testing hash context allocation..."); + hash = wolfcrypt.HashNew(hashType, heap, devId); + if (hash == IntPtr.Zero) + { + Console.WriteLine($"HashNew failed for {hashTypeName}"); + return; + } + Console.WriteLine("Hash context allocation test passed."); + + /* Initialize the hash context with the specified hash type */ + Console.WriteLine("Testing hash initialization..."); + int initResult = wolfcrypt.InitHash(hash, hashType); + if (initResult != 0) + { + Console.WriteLine($"InitHash failed for {hashTypeName}"); + wolfcrypt.HashFree(hash, hashType); + return; + } + Console.WriteLine("Hash initialization test passed."); + + /* Update the hash with data */ + byte[] dataToHash = Encoding.UTF8.GetBytes("This is some data to hash"); + Console.WriteLine("Testing hash update..."); + int updateResult = wolfcrypt.HashUpdate(hash, hashType, dataToHash); + if (updateResult != 0) + { + Console.WriteLine($"HashUpdate failed for {hashTypeName}"); + wolfcrypt.HashFree(hash, hashType); + return; + } + Console.WriteLine("Hash update test passed."); + + /* Finalize the hash and get the result */ + Console.WriteLine("Testing hash finalization..."); + byte[] hashOutput; + int finalResult = wolfcrypt.HashFinal(hash, hashType, out hashOutput); + if (finalResult != 0) + { + Console.WriteLine($"HashFinal failed for {hashType}"); + wolfcrypt.HashFree(hash, hashType); + return; + } + Console.WriteLine($"Hash finalization test passed for {hashTypeName}. Hash Length: {hashOutput.Length}"); + + /* Output the hash result */ + Console.WriteLine($"Hash Output ({hashTypeName}): {BitConverter.ToString(hashOutput).Replace("-", "")}"); + + /* Cleanup */ + Console.WriteLine("Testing hash cleanup..."); + int freeResult = wolfcrypt.HashFree(hash, hashType); + if (freeResult != 0) + { + Console.WriteLine($"HashFree failed for {hashTypeName}"); + } + else + { + Console.WriteLine("Hash cleanup test passed."); + } + } /* END hash_test */ + + public static void standard_log(int lvl, StringBuilder msg) + { + Console.WriteLine(msg); + } + + public static void Main(string[] args) + { + try + { + Console.WriteLine("Starting Cryptographic Tests...\n"); + + wolfcrypt.Init(); + + /* setup logging to stdout */ + wolfcrypt.SetLogging(standard_log); + + random_test(); + + Console.WriteLine("\nStarting ECC tests"); + + ecc_test("SHA256", 32); /* Uses SHA-256 (32 byte hash) */ + ecc_test("SHA384", 32); /* Uses SHA-384 (32 byte hash) */ + ecc_test("SHA512", 32); /* Uses SHA-512 (32 byte hash) */ + + Console.WriteLine("\nStarting ECIES tests"); + + ecies_test(32); /* ECIES test (32 byte key size) */ + ecies_test(48); /* ECIES test (48 byte key size) */ + ecies_test(66); /* ECIES test (66 byte key size) */ + + Console.WriteLine("\nStarting ECDHE tests"); + + ecdhe_test(32); /* ECDHE shared secret test (32 byte key size) */ + ecdhe_test(48); /* ECDHE shared secret test (48 byte key size) */ + ecdhe_test(66); /* ECDHE shared secret test (66 byte key size) */ + + Console.WriteLine("\nStarting RSA tests"); + + rsa_test("SHA256", 2048); /* Uses SHA-256 (2048 bit hash) */ + rsa_test("SHA384", 2048); /* Uses SHA-384 (2048 bit hash) */ + rsa_test("SHA512", 2048); /* Uses SHA-512 (2048 bit hash) */ + + Console.WriteLine("\nStarting ED25519 test"); + + ed25519_test(); /* ED25519 test */ + + Console.WriteLine("\nStarting curve25519 test"); + + curve25519_test(); /* curve25519 shared secret test */ + + Console.WriteLine("\nStarting AES-GCM test"); + + aes_gcm_test(); /* AES_GCM test */ + + Console.WriteLine("\nStarting HASH tests"); + + hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA256); /* SHA-256 HASH test */ + hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA384); /* SHA-384 HASH test */ + hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA512); /* SHA-512 HASH test */ + hash_test((uint)wolfcrypt.hashType.WC_HASH_TYPE_SHA3_256); /* SHA3_256 HASH test */ + + wolfcrypt.Cleanup(); + + Console.WriteLine("\nAll tests completed successfully"); + } + catch (Exception ex) + { + Console.WriteLine($"An error occurred: {ex.Message}"); + Environment.Exit(-1); + } + } +} diff --git a/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj new file mode 100644 index 0000000000..647d7ce7bd --- /dev/null +++ b/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.csproj @@ -0,0 +1,123 @@ + + + + + Debug + AnyCPU + {A4F4A244-1306-47F4-A168-31F78D7362FA} + Exe + Properties + wolfCrypt_Test + wolfCrypt-Test + v4.8 + 512 + publish\ + true + Disk + false + Foreground + 7 + Days + false + false + true + 0 + 1.0.0.%2a + false + false + true + + + AnyCPU + true + full + false + $(SolutionDir)$(Configuration)\$(Platform)\ + DEBUG;TRACE + prompt + 3 + + + AnyCPU + pdbonly + true + $(SolutionDir)$(Configuration)\$(Platform)\ + TRACE + prompt + 4 + + + + + + true + $(SolutionDir)$(Configuration)\$(Platform)\ + DEBUG;TRACE + 4 + full + x64 + prompt + MinimumRecommendedRules.ruleset + true + + + $(SolutionDir)$(Configuration)\$(Platform)\ + TRACE + true + pdbonly + x64 + prompt + MinimumRecommendedRules.ruleset + true + + + + + + + + + + + + + + + + + + + {52609808-0418-46d3-8e17-141927a1a39a} + wolfSSL_CSharp + + + + + False + Microsoft .NET Framework 4.5 %28x86 and x64%29 + true + + + False + .NET Framework 3.5 SP1 Client Profile + false + + + False + .NET Framework 3.5 SP1 + false + + + + + + + + + \ No newline at end of file diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config index 49c50e046b..8a99d30db7 100755 --- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config +++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj index 9af7a1f422..5bf4e8c8e0 100755 --- a/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj +++ b/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.csproj @@ -9,15 +9,16 @@ Properties wolfSSL_DTLS_PSK_Server wolfSSL-DTLS-PSK-Server - v4.5 + v4.8 512 + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -26,14 +27,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -42,7 +43,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config index 49c50e046b..8a99d30db7 100755 --- a/wrapper/CSharp/wolfSSL-DTLS-Server/App.config +++ b/wrapper/CSharp/wolfSSL-DTLS-Server/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj index 1c9eb2b126..e0c4a57ea3 100755 --- a/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj +++ b/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.csproj @@ -9,15 +9,16 @@ Properties wolfSSL_DTLS_Server wolfSSL-DTLS-Server - v4.5 + v4.8 512 + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -26,14 +27,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -43,7 +44,7 @@ 0 - ..\DLL Release\x64 + $(SolutionDir)$(Configuration)\$(Platform)\x64 TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config index 49c50e046b..8a99d30db7 100755 --- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config +++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj index 4e6dae1a69..dc57d74f3b 100755 --- a/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj +++ b/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.csproj @@ -9,15 +9,16 @@ Properties wolfSSL_Example_IOCallbacks wolfSSL-Example-IOCallbacks - v4.5 + v4.8 512 + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -26,14 +27,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -42,7 +43,7 @@ true - ..\DLL Release\x64 + $(SolutionDir)$(Configuration)\$(Platform)\x64 TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/App.config b/wrapper/CSharp/wolfSSL-TLS-Client/App.config index f3ec453d92..8a99d30db7 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/App.config +++ b/wrapper/CSharp/wolfSSL-TLS-Client/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj index 3a3d175e4c..7afffb9d4e 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.csproj @@ -9,7 +9,7 @@ Properties wolfSSL_TLS_Client wolfSSL-TLS-Client - v4.5 + v4.8 512 publish\ true @@ -26,13 +26,14 @@ false false true + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 3 @@ -41,7 +42,7 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 @@ -51,7 +52,7 @@ true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE 4 full @@ -61,7 +62,7 @@ true - ..\DLL Release\x64 + $(SolutionDir)$(Configuration)\$(Platform)\x64 TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj index b2113d6ae2..5c3e77e470 100644 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.csproj @@ -33,7 +33,7 @@ true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -42,14 +42,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -58,7 +58,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config index 49c50e046b..8a99d30db7 100755 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj index dab61d5376..1f31752ec7 100755 --- a/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.csproj @@ -9,15 +9,16 @@ Properties wolfSSL_TLS_PSK_Server wolfSSL-TLS-PSK-Server - v4.5 + v4.8 512 + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 4 @@ -26,14 +27,14 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE full x64 @@ -42,7 +43,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/App.config b/wrapper/CSharp/wolfSSL-TLS-Server/App.config index 49c50e046b..8a99d30db7 100755 --- a/wrapper/CSharp/wolfSSL-TLS-Server/App.config +++ b/wrapper/CSharp/wolfSSL-TLS-Server/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj index 35f8b0666e..1cc073e83c 100755 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.csproj @@ -9,7 +9,7 @@ Properties wolfSSL_TLS_Server wolfSSL-TLS-Server - v4.5 + v4.8 512 publish\ true @@ -26,13 +26,14 @@ false false true + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 3 @@ -41,7 +42,7 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 @@ -51,7 +52,7 @@ true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE 4 full @@ -61,7 +62,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config index 49c50e046b..8a99d30db7 100644 --- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config +++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/App.config @@ -1,6 +1,6 @@ - + - + - \ No newline at end of file + diff --git a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj index 7c47cf557f..f1468d14f2 100644 --- a/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj +++ b/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.csproj @@ -9,7 +9,7 @@ Properties wolfSSL_TLS_ServerThreaded wolfSSL-TLS-ServerThreaded - v4.5 + v4.8 512 publish\ true @@ -26,13 +26,14 @@ false false true + AnyCPU true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 3 @@ -41,7 +42,7 @@ AnyCPU pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 @@ -51,7 +52,7 @@ true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE 4 full @@ -61,7 +62,7 @@ true - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly diff --git a/wrapper/CSharp/wolfSSL_CSharp.sln b/wrapper/CSharp/wolfSSL_CSharp.sln index a4898062ae..48e170a48d 100644 --- a/wrapper/CSharp/wolfSSL_CSharp.sln +++ b/wrapper/CSharp/wolfSSL_CSharp.sln @@ -1,9 +1,11 @@  Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio 2012 +# Visual Studio Version 17 +VisualStudioVersion = 17.6.33815.320 +MinimumVisualStudioVersion = 10.0.40219.1 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL_CSharp", "wolfSSL_CSharp\wolfSSL_CSharp.csproj", "{52609808-0418-46D3-8E17-141927A1A39A}" ProjectSection(ProjectDependencies) = postProject - {73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B} + {67932048-D67E-4C86-B55F-90899B9BDA64} = {67932048-D67E-4C86-B55F-90899B9BDA64} EndProjectSection EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-Server", "wolfSSL-TLS-Server\wolfSSL-TLS-Server.csproj", "{8921AD35-4E62-4DAC-8FEE-8C9F8E57DDD2}" @@ -17,11 +19,7 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-DTLS-PSK-Server", " {52609808-0418-46D3-8E17-141927A1A39A} = {52609808-0418-46D3-8E17-141927A1A39A} EndProjectSection EndProject -Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "wolfSSL", "wolfSSL", "{252D09D0-D007-4AEB-9F7A-A74408039A8A}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "..\..\wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testsuite", "..\..\testsuite\testsuite.vcxproj", "{611E8971-46E0-4D0A-B5A1-632C3B00CB80}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl.vcxproj", "{67932048-D67E-4C86-B55F-90899B9BDA64}" EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-Example-IOCallbacks", "wolfSSL-Example-IOCallbacks\wolfSSL-Example-IOCallbacks.csproj", "{E2415718-0A15-48DB-A774-01FB0093B626}" EndProject @@ -31,6 +29,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-ServerThreaded" EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfSSL-TLS-PSK-Client", "wolfSSL-TLS-PSK-Client\wolfSSL-TLS-PSK-Client.csproj", "{4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "wolfCrypt-Test", "wolfCrypt-Test\wolfCrypt-Test.csproj", "{A4F4A244-1306-47F4-A168-31F78D7362FA}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -162,58 +162,35 @@ Global {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.ActiveCfg = Release|x64 {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.DLL Release|x64.Build.0 = Release|x64 {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.ActiveCfg = Release|Any CPU + {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Any CPU.Build.0 = Release|Any CPU {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.ActiveCfg = Release|Any CPU {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|Win32.Build.0 = Release|Any CPU {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.ActiveCfg = Release|x64 {77AEF1BE-4BE3-4837-8188-2A06E4D963F5}.Release|x64.Build.0 = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Any CPU.Build.0 = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Any CPU.Build.0 = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.ActiveCfg = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Any CPU.Build.0 = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64 - {73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Any CPU.Build.0 = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.ActiveCfg = Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Any CPU.Build.0 = DLL Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.ActiveCfg = Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Any CPU.Build.0 = Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64 - {611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.Build.0 = Release|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.ActiveCfg = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Any CPU.Build.0 = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.ActiveCfg = Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|Win32.Build.0 = Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.ActiveCfg = DLL Debug|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Debug|x64.Build.0 = DLL Debug|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.ActiveCfg = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Any CPU.Build.0 = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.ActiveCfg = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Any CPU.Build.0 = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|Win32.Build.0 = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.DLL Release|x64.Build.0 = DLL Release|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.ActiveCfg = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Any CPU.Build.0 = DLL Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.ActiveCfg = Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|Win32.Build.0 = Release|Win32 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.ActiveCfg = DLL Release|x64 + {67932048-D67E-4C86-B55F-90899B9BDA64}.Release|x64.Build.0 = DLL Release|x64 {E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Any CPU.Build.0 = Debug|Any CPU {E2415718-0A15-48DB-A774-01FB0093B626}.Debug|Win32.ActiveCfg = Debug|Any CPU @@ -310,14 +287,34 @@ Global {4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|Win32.Build.0 = Release|Any CPU {4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.ActiveCfg = Release|x64 {4F92ECF5-A1D8-4A13-AD0C-6571EB03C01C}.Release|x64.Build.0 = Release|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Any CPU.Build.0 = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.ActiveCfg = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|Win32.Build.0 = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.ActiveCfg = Debug|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Debug|x64.Build.0 = Debug|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.ActiveCfg = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Any CPU.Build.0 = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.ActiveCfg = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|Win32.Build.0 = Debug|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.ActiveCfg = Debug|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Debug|x64.Build.0 = Debug|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.ActiveCfg = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Any CPU.Build.0 = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.ActiveCfg = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|Win32.Build.0 = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.ActiveCfg = Release|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.DLL Release|x64.Build.0 = Release|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.ActiveCfg = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Any CPU.Build.0 = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.ActiveCfg = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|Win32.Build.0 = Release|Any CPU + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.ActiveCfg = Release|x64 + {A4F4A244-1306-47F4-A168-31F78D7362FA}.Release|x64.Build.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection - GlobalSection(NestedProjects) = preSolution - {73973223-5EE8-41CA-8E88-1D60E89A237B} = {252D09D0-D007-4AEB-9F7A-A74408039A8A} - {611E8971-46E0-4D0A-B5A1-632C3B00CB80} = {252D09D0-D007-4AEB-9F7A-A74408039A8A} - EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {63D316F8-C4EE-449A-B9A6-FC673C4D5D31} EndGlobalSection diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs new file mode 100644 index 0000000000..223beafacc --- /dev/null +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs @@ -0,0 +1,2971 @@ +/* wolfCrypt.cs + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +using System; +using System.Runtime.InteropServices; +using System.Security.Cryptography; +using System.Text; + +namespace wolfSSL.CSharp +{ + public class wolfcrypt + { + private const string wolfssl_dll = "wolfssl.dll"; + + /******************************** + * Init wolfSSL library + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfCrypt_Init(); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfCrypt_Cleanup(); + + + /******************************** + * Random + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_rng_new(IntPtr nonce, UInt32 nonceSz, IntPtr heap); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_rng_free(IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RNG_GenerateBlock(IntPtr rng, IntPtr output, UInt32 sz); + + + /******************************** + * ECC + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_ecc_key_new(IntPtr heap); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_ecc_key_free(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_set_rng(IntPtr key, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_make_key_ex(IntPtr rng, int keysize, IntPtr key, int curve_id); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_sign_hash(IntPtr hashPtr, uint hashlen, IntPtr sigPtr, IntPtr siglen, IntPtr rng, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_verify_hash(IntPtr sigPtr, uint siglen, IntPtr hashPtr, uint hashlen, IntPtr res, IntPtr key); + + /* ASN.1 DER format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_EccPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_EccPublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_EccPrivateKeyToDer(IntPtr key, byte[] output, uint inLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_EccPublicKeyToDer(IntPtr key, byte[] output, uint inLen, int with_AlgCurve); + + + /******************************** + * ECIES + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_ecc_ctx_new(int flags, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_ecc_ctx_new_ex(int flags, IntPtr rng, IntPtr heap); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_ecc_ctx_free(IntPtr ctx); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_reset(IntPtr ctx, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_algo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_ecc_ctx_get_own_salt(IntPtr ctx); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_peer_salt(IntPtr ctx, IntPtr salt); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_own_salt(IntPtr ctx, IntPtr salt, uint sz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_kdf_salt(IntPtr ctx, IntPtr salt, uint sz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_ctx_set_info(IntPtr ctx, IntPtr info, int sz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_encrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_encrypt_ex(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx, int compressed); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_decrypt(IntPtr privKey, IntPtr pubKey, IntPtr msg, uint msgSz, IntPtr outBuffer, IntPtr outSz, IntPtr ctx); + + + /******************************** + * ECDHE + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_ecc_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen); + + + /******************************** + * RSA + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_DeleteRsaKey(IntPtr key, IntPtr key_p); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_InitRsaKey(IntPtr key, IntPtr heap); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_FreeRsaKey(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_MakeRsaKey(IntPtr key, int keysize, Int32 exponent, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaSSL_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, IntPtr key, IntPtr rng); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaSSL_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, IntPtr key); + + /* ASN.1 DER format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPublicEncrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPrivateDecrypt(IntPtr inPtr, int inLen, IntPtr outPtr, int outLen, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPrivateKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPublicKeyDecode(IntPtr keyBuf, IntPtr idx, IntPtr key, uint keyBufSz); + + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPSS_Sign(IntPtr hashPtr, int hashLen, IntPtr sigPtr, int sigLen, int hashType, IntPtr rng, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPSS_Verify(IntPtr sigPtr, int sigLen, IntPtr hashPtr, int hashLen, int hashType, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_RsaPSS_CheckPadding(IntPtr sigPtr, int sigLen, int hashType, IntPtr key); + + + /******************************** + * ED25519 + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_delete(IntPtr key, IntPtr key_p); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_init(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern void wc_ed25519_free(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_make_key(IntPtr rng, int keysize, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_sign_msg(IntPtr inMsg, uint inlen, IntPtr outMsg, ref uint outlen, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_verify_msg(IntPtr sig, uint siglen, IntPtr msg, uint msgLen, ref int ret, IntPtr key); + + /* ASN.1 DER format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519KeyToDer(IntPtr key, byte[] output, uint inLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Ed25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg); + + /* RAW format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_make_public(IntPtr key, IntPtr pubKey, uint pubKeySz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_import_public(IntPtr inMsg, uint inLen, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_export_public(IntPtr key, IntPtr outMsg, ref uint outLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_export_private(IntPtr key, IntPtr outMsg, ref uint outLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_size(IntPtr key); + + + /******************************** + * Curve25519 + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_curve25519_delete(IntPtr key, IntPtr key_p); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_init(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static void wc_curve25519_free(IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_make_key(IntPtr rng, int keysize, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_shared_secret(IntPtr privateKey, IntPtr publicKey, byte[] outSharedSecret, ref int outlen); + + /* ASN.1 DER format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Curve25519PrivateKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Curve25519PublicKeyDecode(byte[] input, ref uint inOutIdx, IntPtr key, uint inSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Curve25519PrivateKeyToDer(IntPtr key, byte[] output, uint inLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_Curve25519PublicKeyToDer(IntPtr key, byte[] output, uint inLen, int withAlg); + + /* RAW format */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_import_private(IntPtr privKey, int privKeySz, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_curve25519_export_public(IntPtr key, byte[] outBuffer, ref uint outLen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_import_public(IntPtr pubKey, int pubKeySz, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_export_public(IntPtr key, IntPtr outPubKey, ref int outlen); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_curve25519_export_key_raw(IntPtr key, byte[] priv, ref uint privSz, byte[] pub, ref uint pubSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_import_private_raw(IntPtr privKey, IntPtr pubKey, IntPtr key); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_curve25519_export_private_raw(IntPtr key, IntPtr outPrivKey, IntPtr outPubKey); + + + /******************************** + * AES-GCM + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_AesNew(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesDelete(IntPtr aes, IntPtr aes_p); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesFree(IntPtr aes); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesInit(IntPtr aes, IntPtr heap, int devId); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesGcmInit(IntPtr aes, IntPtr key, uint len, IntPtr iv, uint ivSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesGcmSetKey(IntPtr aes, IntPtr key, uint len); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesGcmEncrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesGcmDecrypt(IntPtr aes, IntPtr output, IntPtr input, uint sz, IntPtr iv, uint ivSz, IntPtr authTag, uint authTagSz, IntPtr authIn, uint authInSz); + + + /******************************** + * HASH + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashDelete(IntPtr hash, IntPtr hash_p); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashInit(IntPtr hash, uint hashType); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashUpdate(IntPtr hash, uint hashType, IntPtr data, uint dataSz); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashFinal(IntPtr hash, uint hashType, IntPtr output); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashFree(IntPtr hash, uint hashType); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashGetDigestSize(uint hashType); + + + /******************************** + * Logging + */ + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static IntPtr wc_GetErrorString(int error); + + public delegate void loggingCb(int lvl, StringBuilder msg); + private static loggingCb internal_log; + + /// + /// Log a message to set logging function + /// + /// Level of log message + /// Message to log + private static void log(int lvl, string msg) + { + /* if log is not set then print nothing */ + if (internal_log == null) + return; + StringBuilder ptr = new StringBuilder(msg); + internal_log(lvl, ptr); + } + + + /******************************** + * Enum types from wolfSSL library + */ + /* Logging levels */ + public static readonly int ERROR_LOG = 0; + public static readonly int INFO_LOG = 1; + public static readonly int ENTER_LOG = 2; + public static readonly int LEAVE_LOG = 3; + public static readonly int OTHER_LOG = 4; + public static readonly int INVALID_DEVID = -2; + public static readonly int ECC_MAX_SIG_SIZE = 141; /* ECC max sig size */ + public static readonly int ECC_KEY_SIZE = 32; /* ECC key size */ + public static readonly int MAX_ECIES_TEST_SZ = 200; /* ECIES max sig size */ + public static readonly int ED25519_SIG_SIZE = 64; /* ED25519 pub + priv */ + public static readonly int ED25519_KEY_SIZE = 32; /* Private key only */ + public static readonly int ED25519_PUB_KEY_SIZE = 32; /* Compressed public */ + public static readonly int AES_128_KEY_SIZE = 16; /* for 128 bit */ + public static readonly int AES_192_KEY_SIZE = 24; /* for 192 bit */ + public static readonly int AES_256_KEY_SIZE = 32; /* for 256 bit */ + public static readonly int AES_BLOCK_SIZE = 16; + + /* Error codes */ + public static readonly int SUCCESS = 0; + public static readonly int SIG_VERIFY_E = -229; /* wolfcrypt signature verify error */ + public static readonly int MEMORY_E = -125; /* Out of memory error */ + public static readonly int EXCEPTION_E = -1; + public static readonly int BUFFER_E = -131; /* RSA buffer error, output too small/large */ + + + /*********************************************************************** + * Class Public Functions + **********************************************************************/ + + /// + /// Initialize wolfCrypt library + /// + /// 0 on success + public static int Init() + { + int ret; + try + { + ret = wolfCrypt_Init(); + } + catch (Exception e) + { + log(ERROR_LOG, "wolfCrypt init error " + e.ToString()); + ret = EXCEPTION_E; + } + return ret; + } + + /// + /// Clean up wolfCrypt library memory + /// + /// 0 on success + public static int Cleanup() + { + int ret; + try + { + ret = wolfCrypt_Cleanup(); + } + catch (Exception e) + { + log(ERROR_LOG, "wolfCrypt cleanup error " + e.ToString()); + ret = EXCEPTION_E; + } + return ret; + } + + + /*********************************************************************** + * Random + **********************************************************************/ + + /// + /// Create new WC_RNG context + /// + /// Pointer to allocated WC_RNG or null + public static IntPtr RandomNew() + { + IntPtr rng; + + try + { + /* Allocate and init new WC_RNG structure */ + rng = wc_rng_new( + IntPtr.Zero, 0, /* Nonce (optional / used by FIPS only) */ + IntPtr.Zero); /* Heap hint for static memory only */ + } + catch (Exception e) + { + log(ERROR_LOG, "random new exception " + e.ToString()); + rng = IntPtr.Zero; + } + + return rng; + } + + /// + /// Free WC_RNG context + /// + /// Pointer to allocated WC_RNG + public static void RandomFree(IntPtr rng) + { + if (rng != IntPtr.Zero) + { + /* Free WC_RNG structure */ + wc_rng_free(rng); + } + } + + /// + /// Generate random data (use existing WC_RNG context) + /// + /// WC_RNG created from RandomNew() + /// buffer to populate random data + /// size of buffer + /// 0=success or negative for error + public static int Random(IntPtr rng, byte[] buf, int sz) + { + int ret; + IntPtr data; + + try + { + /* Allocate global buffer for wolfAPI random */ + data = Marshal.AllocHGlobal(sz); + if (data != IntPtr.Zero) + { + /* Generate random block */ + ret = wc_RNG_GenerateBlock(rng, data, Convert.ToUInt32(sz)); + if (ret == 0) + { + /* copy returned data */ + Marshal.Copy(data, buf, 0, sz); + } + else + { + log(ERROR_LOG, "random generate block error " + ret + ": " + GetError(ret)); + } + Marshal.FreeHGlobal(data); + } + else + { + ret = MEMORY_E; + } + } + catch (Exception e) + { + log(ERROR_LOG, "random generate block exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Generate random data (single shot) + /// + /// buffer to populate random data + /// size of buffer + /// 0=success or negative for error + public static int Random(byte[] buf, int sz) + { + int ret; + IntPtr rng = RandomNew(); + if (rng == IntPtr.Zero) + { + return MEMORY_E; + } + ret = Random(rng, buf, sz); + RandomFree(rng); + return ret; + } + /* END Random */ + + + /*********************************************************************** + * ECC + **********************************************************************/ + + /// + /// Generate a new ECC private / public key pair + /// + /// Key size in bytes (example: SECP256R1 = 32) + /// Allocated ECC key structure or null + public static IntPtr EccMakeKey(int keysize, IntPtr rng) + { + int ret; + IntPtr key = IntPtr.Zero; + + try + { + /* Allocate and init new WC_RNG structure */ + key = wc_ecc_key_new(IntPtr.Zero); + if (key != IntPtr.Zero) + { + ret = wc_ecc_make_key_ex(rng, keysize, key, 0); /* 0=use default curve */ + if (ret != 0) + { + EccFreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC make key exception " + e.ToString()); + + EccFreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Sets the ECC rng structure + /// + /// Supplied key as a pointer + /// rng context as a pointer + /// Returns 0 on success + public static int EccSetRng(IntPtr key, IntPtr rng) + { + int ret = 0; + + try + { + /* Check */ + if (key == IntPtr.Zero) + { + log(ERROR_LOG, "Invalid key or rng pointer."); + return MEMORY_E; + } + + /* Set ECC rng */ + ret = wc_ecc_set_rng(key, rng); + if (ret != 0) + { + log(ERROR_LOG, "ECC set rng failed returned:" + ret); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC set rng exception " + e.ToString()); + } + + return ret; + } + + /// + /// Generate a new ECC private / public key pair + /// + /// ASN.1 private key buffer (see ecc_clikey_der_256) + /// Allocated ECC key structure or null + public static IntPtr EccImportKey(byte[] keyASN1) + { + int ret; + IntPtr key = IntPtr.Zero; + + try + { + key = wc_ecc_key_new(IntPtr.Zero); + if (key != IntPtr.Zero) + { + IntPtr idx = Marshal.AllocHGlobal(sizeof(uint)); + IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length); + Marshal.WriteInt32(idx, 0); + Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length); + ret = wc_EccPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length)); + if (ret != 0) + { + EccFreeKey(key); + key = IntPtr.Zero; + } + Marshal.FreeHGlobal(idx); /* not used */ + Marshal.FreeHGlobal(keydata); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC import key exception " + e.ToString()); + EccFreeKey(key); /* make sure its free'd */ + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Sign a hash using ECC + /// + /// ECC key structure + /// Hash to sign + /// Buffer to receive the signature + /// Length of the signature on success, otherwise a negative error code + public static int EccSign(IntPtr key, byte[] hash, byte[] signature) + { + int ret; + int signedLength = 0; + IntPtr hashPtr = IntPtr.Zero; + IntPtr sigPtr = IntPtr.Zero; + IntPtr sigLen = IntPtr.Zero; + IntPtr rng = IntPtr.Zero; + + try + { + rng = RandomNew(); + hashPtr = Marshal.AllocHGlobal(hash.Length); + sigPtr = Marshal.AllocHGlobal(signature.Length); + sigLen = Marshal.AllocHGlobal(sizeof(uint)); + + Marshal.WriteInt32(sigLen, signature.Length); + Marshal.Copy(hash, 0, hashPtr, hash.Length); + ret = wc_ecc_sign_hash(hashPtr, Convert.ToUInt32(hash.Length), sigPtr, sigLen, rng, key); + + /* Output actual signature length */ + if (ret == 0) + { + signedLength = Marshal.ReadInt32(sigLen); + if (signedLength <= signature.Length) + { + Marshal.Copy(sigPtr, signature, 0, signedLength); + } + else + { + ret = BUFFER_E; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC sign exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr); + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + if (sigLen != IntPtr.Zero) Marshal.FreeHGlobal(sigLen); + if (rng != IntPtr.Zero) RandomFree(rng); + } + + return ret == 0 ? signedLength : ret; + } + + /// + /// Verify a signature using ECC + /// + /// ECC key structure + /// Signature to verify + /// Expected hash value + /// 0 on success, otherwise an error code + public static int EccVerify(IntPtr key, byte[] signature, byte[] hash) + { + int ret; + IntPtr hashPtr = IntPtr.Zero; + IntPtr sigPtr = IntPtr.Zero; + IntPtr res = IntPtr.Zero; + + try + { + hashPtr = Marshal.AllocHGlobal(hash.Length); + sigPtr = Marshal.AllocHGlobal(signature.Length); + res = Marshal.AllocHGlobal(sizeof(int)); + + Marshal.Copy(hash, 0, hashPtr, hash.Length); + Marshal.Copy(signature, 0, sigPtr, signature.Length); + + ret = wc_ecc_verify_hash(sigPtr, Convert.ToUInt32(signature.Length), hashPtr, Convert.ToUInt32(hash.Length), res, key); + + if (ret == 0) + { + int verifyResult = Marshal.ReadInt32(res); + ret = verifyResult == 1 ? 0 : EXCEPTION_E; + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC verify exception " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr); + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + if (res != IntPtr.Zero) Marshal.FreeHGlobal(res); + } + + return ret; + } + + /// + /// Export ECC Private Key to DER format + /// + /// ECC key structure + /// DER-encoded private key as byte array + public static int EccExportPrivateKeyToDer(IntPtr key, out byte[] derKey) + { + int ret; + derKey = null; + + try + { + int bufferSize = wc_EccPrivateKeyToDer(key, null, 0); + if (bufferSize < 0) { + log(ERROR_LOG, "ECC private key get size failed " + bufferSize.ToString()); + return bufferSize; + } + derKey = new byte[bufferSize]; + ret = wc_EccPrivateKeyToDer(key, derKey, (uint)bufferSize); + if (ret < 0) + { + log(ERROR_LOG, "ECC private key to der failed " + ret.ToString()); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC export private exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Export ECC Public Key to DER format + /// + /// ECC key structure + /// Include algorithm curve in the output + /// DER-encoded public key as byte array + public static int EccExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeCurve) + { + int ret; + derKey = null; + + try + { + int bufferSize = wc_EccPublicKeyToDer(key, null, 0, includeCurve ? 1 : 0); + if (bufferSize < 0) { + log(ERROR_LOG, "ECC public key get size failed " + bufferSize.ToString()); + return bufferSize; + } + derKey = new byte[bufferSize]; + ret = wc_EccPublicKeyToDer(key, derKey, (uint)bufferSize, includeCurve ? 1 : 0); + if (ret < 0) + { + log(ERROR_LOG, "ECC public key to der failed " + ret.ToString()); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC export public exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Import ECC Public Key from DER format + /// + /// DER-encoded public key + /// Allocated ECC key structure or null + public static IntPtr EccImportPublicKeyFromDer(byte[] keyDer) + { + int ret; + IntPtr key = IntPtr.Zero; + + try + { + key = wc_ecc_key_new(IntPtr.Zero); + if (key != IntPtr.Zero) + { + uint idx = 0; + ret = wc_EccPublicKeyDecode(keyDer, ref idx, key, (uint)keyDer.Length); + if (ret != 0) + { + EccFreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC import public key exception " + e.ToString()); + EccFreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Free an ECC key structure + /// + /// ECC key structure allocated using EccMakeKey() or EccImportKey() + public static void EccFreeKey(IntPtr key) + { + if (key != IntPtr.Zero) + { + wc_ecc_key_free(key); + } + } + /* END ECC */ + + + /*********************************************************************** + * ECIES + **********************************************************************/ + + /// + /// Create a new ECIES context with flags, RNG, and custom heap. + /// + /// Flags for the context initialization. + /// Random Number Generator (RNG) pointer. + /// Custom heap pointer for memory allocations. + /// Pointer to the newly created ECIES context or IntPtr.Zero on failure. + public static IntPtr EciesNewCtx(int flags, IntPtr rng, IntPtr heap) + { + IntPtr ctx = IntPtr.Zero; + heap = IntPtr.Zero; + + try + { + ctx = wc_ecc_ctx_new_ex(flags, rng, heap); + if (ctx == IntPtr.Zero) + { + log(ERROR_LOG, "ECIES context creation with custom heap failed: returned IntPtr.Zero"); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES context creation with custom heap failed: " + e.ToString()); + return IntPtr.Zero; + } + + return ctx; + } + + /// + /// Reset the ECIES context with a new RNG. + /// + /// Pointer to the ECIES context to reset. + /// New RNG to set. + /// 0 on success, or a negative error code on failure. + public static int EciesCtxReset(IntPtr ctx, IntPtr rng) + { + int ret; + + try + { + ret = wc_ecc_ctx_reset(ctx, rng); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES context reset exception: " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Set encryption, KDF, and MAC algorithms for the ECIES context. + /// + /// Pointer to the ECIES context. + /// Encryption algorithm identifier. + /// Key Derivation Function (KDF) algorithm identifier. + /// MAC algorithm identifier. + /// 0 on success, or a negative error code on failure. + public static int EciesSetAlgo(IntPtr ctx, byte encAlgo, byte kdfAlgo, byte macAlgo) + { + int ret; + + try + { + ret = wc_ecc_ctx_set_algo(ctx, encAlgo, kdfAlgo, macAlgo); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set algorithm exception: " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Get the ECIES own salt as a byte array. + /// + /// Pointer to the ECIES context. + /// Byte array representing the own salt, or null if there is an error. + public static byte[] EciesGetOwnSalt(IntPtr ctx) + { + IntPtr saltPtr = IntPtr.Zero; + byte[] salt = null; + + try + { + /* Check ctx */ + if (ctx == IntPtr.Zero) + { + log(ERROR_LOG, "Invalid ECIES context pointer."); + return null; + } + + /* Get own salt */ + saltPtr = wc_ecc_ctx_get_own_salt(ctx); + if (saltPtr == IntPtr.Zero) + { + log(ERROR_LOG, "Failed to get own salt."); + return null; + } + + /* Allocate salt size and copy to byte array */ + salt = new byte[(int)ecKeySize.EXCHANGE_SALT_SZ]; + Marshal.Copy(saltPtr, salt, 0, (int)ecKeySize.EXCHANGE_SALT_SZ); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES get own salt exception: " + e.ToString()); + return null; + } + finally + { + /* Cleanup */ + if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr); + } + + return salt; + } + + /// + /// Set the peer salt for the ECIES context. + /// + /// Pointer to the ECIES context. + /// Peer salt as a byte array. + /// 0 on success, or a negative error code on failure. + public static int EciesSetPeerSalt(IntPtr ctx, byte[] salt) + { + IntPtr saltPtr = IntPtr.Zero; + int ret; + + try + { + /* Allocate memory */ + saltPtr = Marshal.AllocHGlobal(salt.Length); + Marshal.Copy(salt, 0, saltPtr, salt.Length); + + /* Set the peer salt */ + ret = wc_ecc_ctx_set_peer_salt(ctx, saltPtr); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set peer salt exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr); + } + + return ret; + } + + /// + /// Set the own salt for the ECIES context. + /// + /// Pointer to the ECIES context. + /// Own salt as a byte array. + /// 0 on success, or a negative error code on failure. + public static int EciesSetOwnSalt(IntPtr ctx, byte[] salt) + { + IntPtr saltPtr = IntPtr.Zero; + uint saltSz; + int ret; + + try + { + /* Allocate memory */ + saltSz = (uint)salt.Length; + saltPtr = Marshal.AllocHGlobal(salt.Length); + Marshal.Copy(salt, 0, saltPtr, salt.Length); + + /* Set the own salt */ + ret = wc_ecc_ctx_set_own_salt(ctx, saltPtr, saltSz); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set own salt exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr); + } + + return ret; + } + + /// + /// Set the KDF salt for the ECIES context. + /// + /// Pointer to the ECIES context. + /// KDF salt as a byte array. + /// 0 on success, or a negative error code on failure. + public static int EciesSetKdfSalt(IntPtr ctx, byte[] salt) + { + IntPtr saltPtr = IntPtr.Zero; + uint saltSz; + int ret; + + try + { + /* Allocate memory */ + saltSz = (uint)salt.Length; + saltPtr = Marshal.AllocHGlobal(salt.Length); + Marshal.Copy(salt, 0, saltPtr, salt.Length); + + /* Set the KDF salt */ + ret = wc_ecc_ctx_set_kdf_salt(ctx, saltPtr, saltSz); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set KDF salt exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (saltPtr != IntPtr.Zero) Marshal.FreeHGlobal(saltPtr); + } + + return ret; + } + + /// + /// Set the info for the ECIES context. + /// + /// Pointer to the ECIES context. + /// Info as a byte array. + /// 0 on success, or a negative error code on failure. + public static int EciesSetInfo(IntPtr ctx, byte[] info) + { + IntPtr infoPtr = IntPtr.Zero; + int ret; + + try + { + /* Allocate memory */ + infoPtr = Marshal.AllocHGlobal(info.Length); + Marshal.Copy(info, 0, infoPtr, info.Length); + + /* Set the info */ + ret = wc_ecc_ctx_set_info(ctx, infoPtr, info.Length); + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES set info exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (infoPtr != IntPtr.Zero) Marshal.FreeHGlobal(infoPtr); + } + + return ret; + } + + /// + /// Encrypt a message using ECIES. + /// + /// Private key. + /// Public key. + /// Message to encrypt. + /// Message size. + /// Output buffer. + /// ECIES context. + /// 0 on success, or a negative error code on failure. + public static int EciesEncrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx) + { + int ret; + int outBufferLength = 0; + IntPtr msgPtr = IntPtr.Zero; + IntPtr outBufferPtr = IntPtr.Zero; + IntPtr outSz = IntPtr.Zero; + + try + { + /* Allocate memory */ + msgPtr = Marshal.AllocHGlobal(msg.Length); + outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length); + outSz = Marshal.AllocHGlobal(sizeof(uint)); + + Marshal.WriteInt32(outSz, outBuffer.Length); + Marshal.Copy(msg, 0, msgPtr, msg.Length); + + /* Encrypt */ + ret = wc_ecc_encrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx); + if (ret < 0) + { + log(ERROR_LOG, "Failed to encrypt message using ECIES. Error code: " + ret); + } + /* Output actual output buffer length */ + if (ret == 0) + { + outBufferLength = Marshal.ReadInt32(outSz); + if (outBufferLength <= outBuffer.Length) + { + Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength); + } + else + { + ret = BUFFER_E; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES encryption exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr); + if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr); + if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz); + } + + return ret == 0 ? outBufferLength : ret; + } + + /// + /// Decrypt a message using ECIES. + /// + /// Private key. + /// Public key. + /// Encrypted message. + /// Message size. + /// Output buffer for the decrypted message. + /// ECIES context. + /// 0 on success, or a negative error code on failure. + public static int EciesDecrypt(IntPtr privKey, IntPtr pubKey, byte[] msg, uint msgSz, byte[] outBuffer, IntPtr ctx) + { + int ret; + int outBufferLength = 0; + IntPtr msgPtr = IntPtr.Zero; + IntPtr outBufferPtr = IntPtr.Zero; + IntPtr outSz = IntPtr.Zero; + + try + { + /* Allocate memory */ + msgPtr = Marshal.AllocHGlobal(msg.Length); + outBufferPtr = Marshal.AllocHGlobal(outBuffer.Length); + outSz = Marshal.AllocHGlobal(sizeof(uint)); + + Marshal.WriteInt32(outSz, outBuffer.Length); + Marshal.Copy(msg, 0, msgPtr, msg.Length); + + /* Decrypt */ + ret = wc_ecc_decrypt(privKey, pubKey, msgPtr, msgSz, outBufferPtr, outSz, ctx); + if (ret < 0) + { + log(ERROR_LOG, "Failed to decrypt message using ECIES. Error code: " + ret); + } + /* Output actual output buffer length */ + if (ret == 0) + { + outBufferLength = Marshal.ReadInt32(outSz); + if (outBufferLength <= outBuffer.Length) + { + Marshal.Copy(outBufferPtr, outBuffer, 0, outBufferLength); + } + else + { + ret = BUFFER_E; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECIES decryption exception: " + e.ToString()); + return EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr); + if (outBufferPtr != IntPtr.Zero) Marshal.FreeHGlobal(outBufferPtr); + if (outSz != IntPtr.Zero) Marshal.FreeHGlobal(outSz); + } + + return ret == 0 ? outBufferLength : ret; + } + + /// + /// Free the ECIES context. + /// + /// Pointer to the ECIES context to free. + public static void EciesFreeCtx(IntPtr ctx) + { + if (ctx != IntPtr.Zero) + { + wc_ecc_ctx_free(ctx); + } + } + + /******************************** + * ENUMS + */ + public enum ecEncAlgo { + ecAES_128_CBC = 1, /* default */ + ecAES_256_CBC = 2, + ecAES_128_CTR = 3, + ecAES_256_CTR = 4 + } + + public enum ecKdfAlgo { + ecHKDF_SHA256 = 1, /* default */ + ecHKDF_SHA1 = 2, + ecKDF_X963_SHA1 = 3, + ecKDF_X963_SHA256 = 4, + ecKDF_SHA1 = 5, + ecKDF_SHA256 = 6 + } + + public enum ecMacAlgo { + ecHMAC_SHA256 = 1, /* default */ + ecHMAC_SHA1 = 2 + } + + public enum ecKeySize { + KEY_SIZE_128 = 16, + KEY_SIZE_256 = 32, + IV_SIZE_64 = 8, + IV_SIZE_128 = 16, + ECC_MAX_IV_SIZE = 16, + EXCHANGE_SALT_SZ = 16, + EXCHANGE_INFO_SZ = 23 + } + + public enum ecFlags { + REQ_RESP_CLIENT = 1, + REQ_RESP_SERVER = 2 + } + /* END ECIES */ + + + /*********************************************************************** + * ECDHE + **********************************************************************/ + + /// + /// Generate a shared secret using ECC + /// + /// ECC private key + /// ECC public key + /// Buffer to receive the shared secret + /// 0 on success, otherwise an error code + public static int EcdheSharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret, IntPtr rng) + { + int ret; + int secretLength = secret.Length; + + try + { + /* set RNG for Public Key */ + ret = EccSetRng(privateKey, rng); + if (ret != 0) + { + throw new Exception("Failed to set Public Key RNG Error code: " + ret); + } + + /* set RNG for Private Key */ + ret = EccSetRng(publicKey, rng); + if (ret != 0) + { + throw new Exception("Failed to set Private Key RNG. Error code: " + ret); + } + + /* Generate shared secret */ + if (privateKey != IntPtr.Zero || publicKey != IntPtr.Zero) + { + ret = wc_ecc_shared_secret(privateKey, publicKey, secret, ref secretLength); + if (ret != 0) + { + throw new Exception("Failed to compute ECC shared secret. Error code: " + ret); + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ECC shared secret exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + /* END ECDHE */ + + + /*********************************************************************** + * RSA + **********************************************************************/ + + /// + /// Generate a new RSA private/public key pair + /// + /// Pointer to the heap for memory allocation + /// (use IntPtr.Zero if not applicable) + /// Device ID (if applicable, otherwise use 0) + /// Key size in bits (example: 2048) + /// Exponent for RSA key generation (default is 65537) + /// Allocated RSA key structure or null on failure + public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize, Int32 exponent) + { + int ret; + IntPtr key = IntPtr.Zero; + IntPtr rng = IntPtr.Zero; + + try + { + /* Allocate and init new RSA key structure */ + key = wc_NewRsaKey(heap, devId, IntPtr.Zero); + if (key != IntPtr.Zero) + { + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to create rng."); + } + + ret = wc_MakeRsaKey(key, keysize, exponent, rng); + if (ret != 0) + { + RsaFreeKey(key); + key = IntPtr.Zero; + } + + RandomFree(rng); + rng = IntPtr.Zero; + } + } + catch (Exception e) + { + log(ERROR_LOG, "RSA make key exception " + e.ToString()); + if (rng != IntPtr.Zero) RandomFree(rng); + if (key != IntPtr.Zero) RsaFreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize) + { + return RsaMakeKey(heap, devId, keysize, 65537); + } + + /// + /// Import an RSA private key from ASN.1 buffer + /// + /// ASN.1 private key buffer + /// Allocated RSA key structure or null + public static IntPtr RsaImportKey(byte[] keyASN1) + { + int ret; + IntPtr key = IntPtr.Zero; + + try + { + key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); + if (key != IntPtr.Zero) + { + IntPtr idx = Marshal.AllocHGlobal(sizeof(uint)); + IntPtr keydata = Marshal.AllocHGlobal(keyASN1.Length); + Marshal.WriteInt32(idx, 0); + Marshal.Copy(keyASN1, 0, keydata, keyASN1.Length); + ret = wc_RsaPrivateKeyDecode(keydata, idx, key, Convert.ToUInt32(keyASN1.Length)); + if (ret != 0) + { + RsaFreeKey(key); + key = IntPtr.Zero; + } + Marshal.FreeHGlobal(idx); /* not used */ + Marshal.FreeHGlobal(keydata); + } + } + catch (Exception e) + { + log(ERROR_LOG, "RSA make key exception " + e.ToString()); + RsaFreeKey(key); /* make sure its free'd */ + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Sign a hash using RSA and SSL-style padding + /// + /// RSA key structure + /// Hash to sign + /// Buffer to receive the signature + /// Length of the signature on success, otherwise an error code + public static int RsaSignSSL(IntPtr key, byte[] hash, byte[] signature) + { + IntPtr hashPtr = Marshal.AllocHGlobal(hash.Length); + IntPtr sigPtr = Marshal.AllocHGlobal(signature.Length); + IntPtr rng = IntPtr.Zero; + int ret; + + try + { + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to create RNG."); + } + + Marshal.Copy(hash, 0, hashPtr, hash.Length); + + ret = wc_RsaSSL_Sign(hashPtr, hash.Length, sigPtr, signature.Length, key, rng); + if (ret >= 0) /* `wc_RsaSSL_Sign` returns the signature length on success */ + { + Marshal.Copy(sigPtr, signature, 0, ret); + } + } + finally + { + if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr); + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + if (rng != IntPtr.Zero) RandomFree(rng); + } + + return ret; + } + + /// + /// Verify a signature using RSA and SSL-style padding + /// + /// RSA key structure + /// Signature to verify + /// Expected hash value + /// 0 on success, otherwise an error code + public static int RsaVerifySSL(IntPtr key, byte[] signature, byte[] hash) + { + IntPtr hashPtr = IntPtr.Zero; + IntPtr sigPtr = IntPtr.Zero; + int ret; + + try + { + hashPtr = Marshal.AllocHGlobal(hash.Length); + sigPtr = Marshal.AllocHGlobal(signature.Length); + + Marshal.Copy(signature, 0, sigPtr, signature.Length); + + ret = wc_RsaSSL_Verify(sigPtr, signature.Length, hashPtr, hash.Length, key); + + if (ret == hash.Length) + { + byte[] verifiedHash = new byte[hash.Length]; + Marshal.Copy(hashPtr, verifiedHash, 0, hash.Length); + + if (ByteArrayVerify(verifiedHash, hash)) + { + ret = 0; + } + else + { + ret = SIG_VERIFY_E; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "RSA verify exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + if (hashPtr != IntPtr.Zero) Marshal.FreeHGlobal(hashPtr); + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + } + + return ret; + } + + /// + /// Encrypt data using RSA public key encryption + /// + /// RSA key structure + /// Data to encrypt + /// Buffer to receive the encrypted data + /// 0 on success, otherwise an error code + public static int RsaPublicEncrypt(IntPtr key, byte[] input, byte[] output) + { + IntPtr inPtr = Marshal.AllocHGlobal(input.Length); + IntPtr outPtr = Marshal.AllocHGlobal(output.Length); + Marshal.Copy(input, 0, inPtr, input.Length); + + int ret = wc_RsaPublicEncrypt(inPtr, input.Length, outPtr, output.Length, key); + + if (ret > 0) + { + Marshal.Copy(outPtr, output, 0, ret); + } + + Marshal.FreeHGlobal(inPtr); + Marshal.FreeHGlobal(outPtr); + + return ret > 0 ? 0 : ret; + } + + /// + /// Decrypt data using RSA private key decryption + /// + /// RSA key structure + /// Encrypted data + /// Buffer to receive the decrypted data + /// 0 on success, otherwise an error code + public static int RsaPrivateDecrypt(IntPtr key, byte[] input, byte[] output) + { + IntPtr inPtr = Marshal.AllocHGlobal(input.Length); + IntPtr outPtr = Marshal.AllocHGlobal(output.Length); + Marshal.Copy(input, 0, inPtr, input.Length); + + int ret = wc_RsaPrivateDecrypt(inPtr, input.Length, outPtr, output.Length, key); + + if (ret > 0) + { + Marshal.Copy(outPtr, output, 0, ret); + } + + Marshal.FreeHGlobal(inPtr); + Marshal.FreeHGlobal(outPtr); + + return ret > 0 ? 0 : ret; + } + + /// + /// Free an RSA key structure + /// + /// RSA key structure allocated using RsaMakeKey() or RsaImportKey() + public static void RsaFreeKey(IntPtr key) + { + if (key != IntPtr.Zero) + { + wc_DeleteRsaKey(key, IntPtr.Zero); + key = IntPtr.Zero; + } + } + /* END RSA */ + + + /*********************************************************************** + * ED25519 + **********************************************************************/ + + /// + /// Generate a new ED25519 key pair with a specified heap, device ID, and internally managed RNG. + /// + /// Heap to use for memory allocations (can be IntPtr.Zero). + /// Device ID for hardware-based keys (can be 0 for software). + /// 0 on success, or an error code on failure. + public static IntPtr Ed25519MakeKey(IntPtr heap, int devId) + { + int ret = 0; + IntPtr rng = IntPtr.Zero; + IntPtr key = IntPtr.Zero; + + try + { + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to create RNG."); + } + + key = wc_ed25519_new(heap, devId, IntPtr.Zero); + if (key != IntPtr.Zero) + { + ret = wc_ed25519_make_key(rng, 32, key); + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 make key exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (rng != IntPtr.Zero) RandomFree(rng); + if (ret != 0) + { + wc_ed25519_delete(key, IntPtr.Zero); + key = IntPtr.Zero; + } + } + + return key; + } + + /// + /// Sign a message with an ED25519 private key. + /// + /// Message to be signed + /// Buffer to receive the signature + /// Private key used for signing + /// 0 on success, otherwise an error code + public static int Ed25519SignMsg(byte[] inMsg, out byte[] outMsg, IntPtr key) + { + int ret; + IntPtr inMsgPtr = Marshal.AllocHGlobal(inMsg.Length); + IntPtr outMsgPtr = Marshal.AllocHGlobal(ED25519_SIG_SIZE); + outMsg = null; + + try + { + Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length); + uint outMsgSize = (uint)ED25519_SIG_SIZE; + ret = wc_ed25519_sign_msg(inMsgPtr, (uint)inMsg.Length, outMsgPtr, ref outMsgSize, key); + if (ret == 0) + { + outMsg = new byte[outMsgSize]; + Marshal.Copy(outMsgPtr, outMsg, 0, (int)outMsgSize); + } + } + finally + { + /* Clenup */ + if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr); + if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr); + } + + return ret; + } + + /// + /// Verify a signature of a message with an ED25519 public key. + /// + /// Signature to verify + /// Message that was signed + /// Public key used for verification + /// 0 if the verification succeeds, otherwise an error code + public static int Ed25519VerifyMsg(byte[] sig, byte[] msg, IntPtr key) + { + IntPtr sigPtr = IntPtr.Zero; + IntPtr msgPtr = IntPtr.Zero; + int ret = 0; + + try + { + /* Allocate memory */ + sigPtr = Marshal.AllocHGlobal(sig.Length); + msgPtr = Marshal.AllocHGlobal(msg.Length); + + Marshal.Copy(sig, 0, sigPtr, sig.Length); + Marshal.Copy(msg, 0, msgPtr, msg.Length); + + int verify = 0; + ret = wc_ed25519_verify_msg(sigPtr, (uint)sig.Length, msgPtr, (uint)msg.Length, ref verify, key); + + if (ret == 0 && verify == 1) + { + ret = 0; + } + else + { + ret = SIG_VERIFY_E; + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 verify exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); + if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr); + } + + return ret; + } + + /// + /// Decode an ED25519 private key from DER format. + /// + /// DER-encoded private key as byte array. + /// Allocated ED25519 key structure or IntPtr.Zero on failure. + public static IntPtr Ed25519PrivateKeyDecode(byte[] input) + { + IntPtr key = IntPtr.Zero; + uint idx = 0; + int ret; + + try + { + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); + if (key != IntPtr.Zero) + { + ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length); + if (ret != 0) + { + Ed25519FreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 private key decode exception: " + e.ToString()); + if (key != IntPtr.Zero) Ed25519FreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Decode an ED25519 public key from DER format. + /// + /// DER-encoded public key as byte array. + /// Allocated ED25519 key structure or IntPtr.Zero on failure. + public static IntPtr Ed25519PublicKeyDecode(byte[] input) + { + IntPtr key = IntPtr.Zero; + uint idx = 0; + int ret; + + try + { + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); + if (key != IntPtr.Zero) + { + ret = wc_Ed25519PublicKeyDecode(input, ref idx, key, (uint)input.Length); + if (ret != 0) + { + Ed25519FreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 public key decode exception: " + e.ToString()); + if (key != IntPtr.Zero) Ed25519FreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Export an ED25519 key to DER format. + /// + /// ED25519 key structure. + /// DER-encoded public key as byte array. + /// DER-encoded key as byte array. + public static int Ed25519ExportKeyToDer(IntPtr key, out byte[] privKey) + { + int ret; + privKey = null; + + try + { + /* Get length */ + int len = wc_Ed25519KeyToDer(key, null, 0); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + privKey = new byte[len]; + ret = wc_Ed25519KeyToDer(key, privKey, (uint)privKey.Length); + + if (ret < 0) + { + log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret); + return ret; + } + } + catch(Exception e) + { + log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString()); + return EXCEPTION_E; + } + + return ret; + } + + /// + /// Export an ED25519 private key to DER format. + /// + /// ED25519 private key structure. + /// DER-encoded private key as byte array. + /// DER-encoded private key as byte array. + public static int Ed25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey) + { + int ret; + derKey = null; + + try + { + /* Determine length */ + int len = wc_Ed25519PrivateKeyToDer(key, null, 0); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + derKey = new byte[len]; + ret = wc_Ed25519PrivateKeyToDer(key, derKey, (uint)derKey.Length); + + if (ret < 0) + { + log(ERROR_LOG, "Failed to export ED25519 private key to DER format. Error code: " + ret); + return ret; + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 export private key to DER exception: " + e.ToString()); + return EXCEPTION_E; + } + + return ret; + } + + /// + /// Export an ED25519 public key to DER format. + /// + /// ED25519 public key structure. + /// Whether to include the algorithm identifier in the output. + /// DER-encoded public key as byte array. + /// An error code indicating success (0) or failure (negative value). + public static int Ed25519ExportPublicKeyToDer(IntPtr key, out byte[] pubKey, bool includeAlg) + { + int ret; + pubKey = null; + + try + { + /* Determine length */ + int len = wc_Ed25519PublicKeyToDer(key, null, 0, 1); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + pubKey = new byte[len]; + ret = wc_Ed25519PublicKeyToDer(key, pubKey, (uint)pubKey.Length, includeAlg ? 1 : 0); + if (ret < 0) + { + log(ERROR_LOG, "Failed to export ED25519 public key to DER format. Error code: " + ret); + return ret; + } + } + catch (Exception e) + { + log(ERROR_LOG, "ED25519 export public key to DER exception: " + e.ToString()); + return EXCEPTION_E; + } + + return ret; + } + + /// + /// Free an ED25519 key. + /// + /// Key to be freed + public static void Ed25519FreeKey(IntPtr key) + { + wc_ed25519_delete(key, IntPtr.Zero); + key = IntPtr.Zero; + } + /* END ED25519 */ + + + /*********************************************************************** + * RAW ED25519 + **********************************************************************/ + + /// + /// Initialize an ED25519 key. + /// + /// Buffer to receive the initialized key + /// 0 on success, otherwise an error code + public static int Ed25519InitKey(out IntPtr key) + { + key = IntPtr.Zero; + try + { + key = Marshal.AllocHGlobal(ED25519_SIG_SIZE); + int ret = wc_ed25519_init(key); + + if (ret != 0) + { + Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + + return ret; + } + catch + { + /* Cleanup */ + Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + throw; + } + } + + /// + /// Import a public key into an ED25519 key structure. + /// + /// Public key to import + /// Length of the public key + /// Buffer to receive the imported key + /// 0 on success, otherwise an error code + public static int Ed25519ImportPublic(byte[] inMsg, uint inLen, out IntPtr key) + { + int ret; + key = IntPtr.Zero; + IntPtr inMsgPtr = IntPtr.Zero; + + try + { + /* Allocate memory */ + key = Marshal.AllocHGlobal(ED25519_PUB_KEY_SIZE); + if (key == IntPtr.Zero) + { + throw new OutOfMemoryException("Failed to allocate memory for the key."); + } + + inMsgPtr = Marshal.AllocHGlobal(inMsg.Length); + if (inMsgPtr == IntPtr.Zero) + { + throw new OutOfMemoryException("Failed to allocate memory for the input message."); + } + Marshal.Copy(inMsg, 0, inMsgPtr, inMsg.Length); + + ret = wc_ed25519_import_public(inMsgPtr, inLen, key); + if (ret != 0) + { + return ret; + } + } + catch (Exception ex) + { + Console.WriteLine($"Exception in EdImportPublic: {ex.Message}"); + + return EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr); + if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); + } + + return ret; + } + + /// + /// Export a public key from an ED25519 key structure. + /// + /// ED25519 key structure + /// Buffer to receive the exported public key + /// Length of the exported public key + /// 0 on success, otherwise an error code + public static int Ed25519ExportPublic(IntPtr key, byte[] outMsg, out uint outLen) + { + int ret; + IntPtr outMsgPtr = IntPtr.Zero; + + try + { + outMsgPtr = Marshal.AllocHGlobal(outMsg.Length); + outLen = (uint)outMsg.Length; + ret = wc_ed25519_export_public(key, outMsgPtr, ref outLen); + if (ret == 0) + { + Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen); + } + else + { + outLen = 0; + } + } + finally + { + /* Cleanup */ + if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr); + } + + return ret; + } + + /// + /// Export a private key from an ED25519 key structure. + /// + /// ED25519 key structure + /// Buffer to receive the exported private key + /// Length of the exported private key + /// 0 on success, otherwise an error code + public static int Ed25519ExportPrivate(IntPtr key, byte[] outMsg, out uint outLen) + { + int ret; + IntPtr outMsgPtr = IntPtr.Zero; + + try + { + outMsgPtr = Marshal.AllocHGlobal(outMsg.Length); + outLen = (uint)outMsg.Length; + ret = wc_ed25519_export_private(key, outMsgPtr, ref outLen); + if (ret == 0) + { + Marshal.Copy(outMsgPtr, outMsg, 0, (int)outLen); + } + else + { + outLen = 0; + } + } + finally + { + /* Cleanup */ + if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr); + } + + return ret; + } + + /// + /// Generate a public key from a private key. + /// + /// The private key used to generate the public key + /// Buffer to receive the public key + /// Size of the public key buffer + /// 0 on success, otherwise an error code + public static int Ed25519MakePublic(IntPtr key, byte[] pubKey, out uint pubKeySz) + { + int ret; + IntPtr pubKeyPtr = Marshal.AllocHGlobal(pubKey.Length); + + try + { + pubKeySz = (uint)pubKey.Length; + ret = wc_ed25519_make_public(key, pubKeyPtr, pubKeySz); + if (ret == 0) + { + Marshal.Copy(pubKeyPtr, pubKey, 0, (int)pubKeySz); + } + } + finally + { + /* Cleanup */ + if (pubKeyPtr != IntPtr.Zero) Marshal.FreeHGlobal(pubKeyPtr); + } + + return ret; + } + + /// + /// Get the size of the ED25519 key. + /// + /// ED25519 key structure + /// Size of the key, or an error code if failed + public static int Ed25519GetKeySize(IntPtr key) + { + return wc_ed25519_size(key); + } + /* END RAW ED25519 */ + + + /*********************************************************************** + * Curve25519 + **********************************************************************/ + + /// + /// Generate a new Curve25519 key pair with a specified heap, device ID, and internally managed RNG. + /// + /// Heap to use for memory allocations (can be IntPtr.Zero). + /// Device ID for hardware-based keys (can be 0 for software). + /// 0 on success, or an error code on failure. + public static IntPtr Curve25519MakeKey(IntPtr heap, int devId) + { + int ret = 0; + IntPtr rng = IntPtr.Zero; + IntPtr key = IntPtr.Zero; + + try + { + rng = RandomNew(); + if (rng == IntPtr.Zero) + { + throw new Exception("Failed to create RNG."); + } + + key = wc_curve25519_new(heap, devId, IntPtr.Zero); + if (key != IntPtr.Zero) + { + ret = wc_curve25519_make_key(rng, 32, key); + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 make key exception: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (rng != IntPtr.Zero) RandomFree(rng); + if (ret != 0) + { + wc_curve25519_delete(key, IntPtr.Zero); + key = IntPtr.Zero; + } + } + + return key; + } + + /// + /// Decode an Curve25519 private key from DER format. + /// + /// DER-encoded private key as byte array. + /// Allocated Curve25519 key structure or IntPtr.Zero on failure. + public static IntPtr Curve25519PrivateKeyDecode(byte[] input) + { + IntPtr key = IntPtr.Zero; + uint idx = 0; + int ret; + + try + { + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); + if (key != IntPtr.Zero) + { + ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length); + if (ret != 0) + { + Curve25519FreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 private key decode exception: " + e.ToString()); + if (key != IntPtr.Zero) Curve25519FreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Decode an Curve25519 public key from DER format. + /// + /// DER-encoded public key as byte array. + /// Allocated Curve25519 key structure or IntPtr.Zero on failure. + public static IntPtr Curve25519PublicKeyDecode(byte[] input) + { + IntPtr key = IntPtr.Zero; + uint idx = 0; + int ret; + + try + { + key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); + if (key != IntPtr.Zero) + { + ret = wc_Curve25519PublicKeyDecode(input, ref idx, key, (uint)input.Length); + if (ret != 0) + { + Curve25519FreeKey(key); + key = IntPtr.Zero; + } + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 public key decode exception: " + e.ToString()); + if (key != IntPtr.Zero) Curve25519FreeKey(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Export an Curve25519 key to DER format. + /// + /// Curve25519 key structure. + /// DER-encoded public key as byte array. + /// DER-encoded key as byte array. + public static int Curve25519ExportPrivateKeyToDer(IntPtr key, out byte[] derKey) + { + int ret; + derKey = null; + + try + { + /* Determine length */ + int len = wc_Curve25519PrivateKeyToDer(key, null, 0); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + derKey = new byte[len]; + ret = wc_Curve25519PrivateKeyToDer(key, derKey, (uint)derKey.Length); + + if (ret < 0) + { + log(ERROR_LOG, "Failed to export Curve25519 private key to DER format. Error code: " + ret); + return ret; + } + } + catch (Exception e) + { + log(ERROR_LOG, "CURVE25519 export private key to DER exception: " + e.ToString()); + return EXCEPTION_E; + } + + return ret; + } + + /// + /// Export an Curve25519 public key to DER format. + /// + /// Curve25519 public key structure. + /// Whether to include the algorithm identifier in the output. + /// DER-encoded public key as byte array. + /// An error code indicating success (0) or failure (negative value). + public static int Curve25519ExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool includeAlg) + { + int ret; + derKey = null; + + try + { + /* Determine length */ + int len = wc_Curve25519PublicKeyToDer(key, null, 0, 1); + if (len < 0) + { + log(ERROR_LOG, "Failed to determine length. Error code: " + len); + return len; + } + + derKey = new byte[len]; + ret = wc_Curve25519PublicKeyToDer(key, derKey, (uint)derKey.Length, includeAlg ? 1 : 0); + if (ret < 0) + { + log(ERROR_LOG, "Failed to export Curve25519 public key to DER format. Error code: " + ret); + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 export public key to DER exception: " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Free an Curve25519 key. + /// + /// Key to be freed + public static void Curve25519FreeKey(IntPtr key) + { + wc_curve25519_delete(key, IntPtr.Zero); + key = IntPtr.Zero; + } + /* END Curve25519 */ + + + /*********************************************************************** + * RAW Curve25519 + **********************************************************************/ + + /// + /// Generate a shared secret using Curve25519 + /// + /// Curve25519 private key + /// Curve25519 public key + /// Buffer to receive the shared secret + /// 0 on success, otherwise an error code + public static int Curve25519SharedSecret(IntPtr privateKey, IntPtr publicKey, byte[] secret) + { + int ret; + int secretLength = secret.Length; + + try + { + ret = wc_curve25519_shared_secret(privateKey, publicKey, secret, ref secretLength); + if (ret != 0) + { + throw new Exception("Failed to compute Curve25519 shared secret. Error code: " + ret); + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 shared secret exception " + e.ToString()); + ret = EXCEPTION_E; + } + + return ret; + } + + /// + /// Import a Curve25519 private key from a byte array + /// + /// Private key byte array + /// Allocated Curve25519 key structure or null + public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey) + { + IntPtr key = IntPtr.Zero; + + try + { + key = Marshal.AllocHGlobal(privateKey.Length); + Marshal.Copy(privateKey, 0, key, privateKey.Length); + int ret = wc_curve25519_import_private(key, privateKey.Length, key); + if (ret != 0) + { + Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 import private key exception " + e.ToString()); + if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Import a Curve25519 public key from a byte array + /// + /// Public key byte array + /// Allocated Curve25519 key structure or null + public static IntPtr Curve25519ImportPublicKey(byte[] publicKey) + { + IntPtr key = IntPtr.Zero; + + try + { + key = Marshal.AllocHGlobal(publicKey.Length); + Marshal.Copy(publicKey, 0, key, publicKey.Length); + int ret = wc_curve25519_import_public(key, publicKey.Length, key); + if (ret != 0) + { + Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + } + catch (Exception e) + { + log(ERROR_LOG, "Curve25519 import public key exception " + e.ToString()); + if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); + key = IntPtr.Zero; + } + + return key; + } + + /// + /// Export a Curve25519 private key to a byte array + /// + /// Curve25519 key structure + /// Private key as byte array + public static byte[] Curve25519ExportPrivateKey(IntPtr key) + { + byte[] privateKey = new byte[ED25519_KEY_SIZE]; + uint privSize = (uint)privateKey.Length; + int ret = wc_curve25519_export_public(key, privateKey, ref privSize); + if (ret != 0) + { + throw new Exception("Failed to export Curve25519 private key. Error code: " + ret); + } + return privateKey; + } + + /// + /// Export a Curve25519 public key to a byte array + /// + /// Curve25519 key structure + /// Public key as byte array + public static byte[] Curve25519ExportPublicKey(IntPtr key) + { + byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE]; + uint pubSize = (uint)publicKey.Length; + int ret = wc_curve25519_export_public(key, publicKey, ref pubSize); + if (ret != 0) + { + throw new Exception("Failed to export Curve25519 public key. Error code: " + ret); + } + return publicKey; + } + + /// + /// Export both private and public keys from a Curve25519 key structure + /// + /// Curve25519 key structure + /// A tuple containing the private key and public key as byte arrays + public static (byte[] privateKey, byte[] publicKey) Curve25519ExportKeyRaw(IntPtr key) + { + byte[] privateKey = new byte[ED25519_KEY_SIZE]; + byte[] publicKey = new byte[ED25519_PUB_KEY_SIZE]; + uint privSize = (uint)privateKey.Length; + uint pubSize = (uint)publicKey.Length; + int ret = wc_curve25519_export_key_raw(key, privateKey, ref privSize, publicKey, ref pubSize); + if (ret != 0) + { + throw new Exception("Failed to export Curve25519 keys. Error code: " + ret); + } + return (privateKey, publicKey); + } + /* END RAW Curve25519 */ + + + /*********************************************************************** + * AES-GCM + **********************************************************************/ + + /// + /// Creates a new AES context. + /// + /// Pointer to a memory heap, or IntPtr.Zero to use the default heap. + /// The device ID to associate with this AES context. + /// A pointer to the newly created AES context, or IntPtr.Zero on failure. + public static IntPtr AesNew(IntPtr heap, int devId) + { + IntPtr aesPtr = IntPtr.Zero; + + try + { + aesPtr = wc_AesNew(heap, devId, IntPtr.Zero); + + if (aesPtr == IntPtr.Zero) + { + throw new Exception("Failed to create AES context."); + } + + } + catch (Exception e) + { + Console.WriteLine($"AES context creation failed: {e.Message}"); + } + + return aesPtr; + } + + /// + /// Initialize and set the AES key for AES-GCM operations. + /// + /// AES-GCM context pointer. + /// The AES key (either 128, 192, or 256 bits). + /// 0 on success, otherwise an error code. + public static int AesGcmSetKey(IntPtr aes, byte[] key) + { + IntPtr keyPtr = IntPtr.Zero; + int ret; + + try + { + /* Allocate memory */ + keyPtr = Marshal.AllocHGlobal(key.Length); + Marshal.Copy(key, 0, keyPtr, key.Length); + + ret = wc_AesGcmSetKey(aes, keyPtr, (uint)key.Length); + if (ret != 0) + { + throw new Exception($"AES-GCM initialization failed with error code {ret}"); + } + } + finally + { + /* Cleanup */ + if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr); + } + + return ret; + } + + /// + /// Wrapper method to initialize the AES-GCM context with a given key and IV. + /// + /// Pointer to the AES-GCM context that needs to be initialized. + /// Byte array containing the AES key. + /// Byte array containing the initialization vector (IV). + public static int AesGcmInit(IntPtr aes, byte[] key, byte[] iv) + { + IntPtr keyPtr = IntPtr.Zero; + IntPtr ivPtr = IntPtr.Zero; + int ret; + + try + { + /* Allocate memory for key and IV */ + keyPtr = Marshal.AllocHGlobal(key.Length); + Marshal.Copy(key, 0, keyPtr, key.Length); + + ivPtr = Marshal.AllocHGlobal(iv.Length); + Marshal.Copy(iv, 0, ivPtr, iv.Length); + + ret = wc_AesGcmInit(aes, keyPtr, (uint)key.Length, ivPtr, (uint)iv.Length); + if (ret != 0) + { + throw new Exception($"AES-GCM initialization failed with error code {ret}"); + } + } + finally + { + /* Cleanup */ + if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr); + if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr); + } + + return ret; + } + + /// + /// Encrypt data using AES-GCM + /// + /// AES-GCM context pointer. + /// Initialization Vector (IV) + /// Data to encrypt + /// Buffer to receive the encrypted data + /// Buffer to receive the authentication tag + /// 0 on success, otherwise an error code + public static int AesGcmEncrypt(IntPtr aes, byte[] iv, byte[] plaintext, + byte[] ciphertext, byte[] authTag, byte[] addAuth = null) + { + int ret; + IntPtr ivPtr = IntPtr.Zero; + IntPtr ciphertextPtr = IntPtr.Zero; + IntPtr plaintextPtr = IntPtr.Zero; + IntPtr authTagPtr = IntPtr.Zero; + IntPtr addAuthPtr = IntPtr.Zero; + uint addAuthSz = 0; + + try + { + /* Allocate memory */ + ivPtr = Marshal.AllocHGlobal(iv.Length); + ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length); + plaintextPtr = Marshal.AllocHGlobal(plaintext.Length); + authTagPtr = Marshal.AllocHGlobal(authTag.Length); + if (addAuth != null) { + addAuthSz = (uint)addAuth.Length; + addAuthPtr = Marshal.AllocHGlobal(addAuth.Length); + Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length); + } + + Marshal.Copy(iv, 0, ivPtr, iv.Length); + Marshal.Copy(plaintext, 0, plaintextPtr, plaintext.Length); + + /* Encrypt data */ + ret = wc_AesGcmEncrypt(aes, ciphertextPtr, plaintextPtr, (uint)plaintext.Length, + ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz); + if (ret < 0) + { + log(ERROR_LOG, "Failed to Encrypt data using AES-GCM. Error code: " + ret); + } + else { + Marshal.Copy(ciphertextPtr, ciphertext, 0, ciphertext.Length); + Marshal.Copy(authTagPtr, authTag, 0, authTag.Length); + ret = 0; + } + } + catch (Exception e) + { + log(ERROR_LOG, "AES-GCM Encryption failed: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr); + if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr); + if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr); + if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr); + if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr); + } + + return ret; + } + + /// + /// Decrypt data using AES-GCM + /// + /// AES-GCM context pointer. + /// Initialization Vector (IV) + /// Data to decrypt + /// Buffer to receive the decrypted data + /// Authentication tag for verification + /// 0 on success, otherwise an error code + public static int AesGcmDecrypt(IntPtr aes, byte[] iv, byte[] ciphertext, + byte[] plaintext, byte[] authTag, byte[] addAuth = null) + { + int ret; + IntPtr ivPtr = IntPtr.Zero; + IntPtr ciphertextPtr = IntPtr.Zero; + IntPtr plaintextPtr = IntPtr.Zero; + IntPtr authTagPtr = IntPtr.Zero; + IntPtr addAuthPtr = IntPtr.Zero; + uint addAuthSz = 0; + + try + { + /* Allocate memory */ + ivPtr = Marshal.AllocHGlobal(iv.Length); + ciphertextPtr = Marshal.AllocHGlobal(ciphertext.Length); + plaintextPtr = Marshal.AllocHGlobal(plaintext.Length); + authTagPtr = Marshal.AllocHGlobal(authTag.Length); + if (addAuth != null) { + addAuthSz = (uint)addAuth.Length; + addAuthPtr = Marshal.AllocHGlobal(addAuth.Length); + Marshal.Copy(addAuth, 0, addAuthPtr, addAuth.Length); + } + + Marshal.Copy(iv, 0, ivPtr, iv.Length); + Marshal.Copy(ciphertext, 0, ciphertextPtr, ciphertext.Length); + Marshal.Copy(authTag, 0, authTagPtr, authTag.Length); + + /* Decrypt data */ + ret = wc_AesGcmDecrypt(aes, plaintextPtr, ciphertextPtr, (uint)ciphertext.Length, + ivPtr, (uint)iv.Length, authTagPtr, (uint)authTag.Length, addAuthPtr, addAuthSz); + if (ret < 0) + { + log(ERROR_LOG, "Failed to Decrypt data using AES-GCM. Error code: " + ret); + } + else { + Marshal.Copy(plaintextPtr, plaintext, 0, plaintext.Length); + ret = 0; + } + } + catch (Exception e) + { + log(ERROR_LOG, "AES-GCM Decryption failed: " + e.ToString()); + ret = EXCEPTION_E; + } + finally + { + /* Cleanup */ + if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr); + if (ciphertextPtr != IntPtr.Zero) Marshal.FreeHGlobal(ciphertextPtr); + if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr); + if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr); + if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr); + } + + return ret; + } + + /// + /// Free AES-GCM context + /// + /// AES-GCM context + public static void AesGcmFree(IntPtr aes) + { + if (aes != IntPtr.Zero) + { + wc_AesDelete(aes, IntPtr.Zero); + aes = IntPtr.Zero; + } + } + /* END AES-GCM */ + + + /*********************************************************************** + * HASH + **********************************************************************/ + + /// + /// Allocate and set up a new hash context with proper error handling + /// + /// The type of hash (SHA-256, SHA-384, etc.) + /// Pointer to the heap for memory allocation (use IntPtr.Zero if not applicable) + /// Device ID (if applicable, otherwise use INVALID_DEVID) + /// Allocated hash context pointer or IntPtr.Zero on failure + public static IntPtr HashNew(uint hashType, IntPtr heap, int devId) + { + IntPtr hash = IntPtr.Zero; + + try + { + /* Allocate new hash */ + hash = wc_HashNew(hashType, heap, devId, IntPtr.Zero); + if (hash == IntPtr.Zero) + { + throw new Exception("Failed to allocate new hash context."); + } + } + catch (Exception e) + { + log(ERROR_LOG, "HashNew Exception: " + e.ToString()); + } + + return hash; + } + + /// + /// Initialize the hash context for a specific hash type with proper error handling + /// + /// Hash context pointer + /// The type of hash (SHA-256, SHA-384, etc.) + /// 0 on success, otherwise an error code + public static int InitHash(IntPtr hash, uint hashType) + { + int ret = 0; + + try + { + /* Check hash */ + if (hash == IntPtr.Zero) + throw new Exception("Hash context is null."); + + ret = wc_HashInit(hash, hashType); + if (ret != 0) + { + throw new Exception($"Failed to initialize hash context. Error code: {ret}"); + } + } + catch (Exception e) + { + /* Cleanup */ + log(ERROR_LOG, "InitHash Exception: " + e.ToString()); + if (hash != IntPtr.Zero) { + wc_HashDelete(hash, IntPtr.Zero); + hash = IntPtr.Zero; + } + } + + return ret; + } + + /// + /// Update the hash with data + /// + /// Hash context pointer + /// The type of hash + /// Byte array of the data to hash + /// 0 on success, otherwise an error code + public static int HashUpdate(IntPtr hash, uint hashType, byte[] data) + { + int ret = 0; + IntPtr dataPtr = IntPtr.Zero; + + try + { + /* Check parameters */ + if (hash == IntPtr.Zero) + throw new Exception("Hash context is null."); + if (data == null || data.Length == 0) + throw new Exception("Invalid data array."); + + /* Allocate memory */ + dataPtr = Marshal.AllocHGlobal(data.Length); + Marshal.Copy(data, 0, dataPtr, data.Length); + + /* Update hash */ + ret = wc_HashUpdate(hash, hashType, dataPtr, (uint)data.Length); + if (ret != 0) + { + throw new Exception($"Failed to update hash. Error code: {ret}"); + } + } + catch (Exception e) + { + log(ERROR_LOG, "HashUpdate Exception: " + e.ToString()); + } + finally + { + /* Cleanup */ + if (dataPtr != IntPtr.Zero) Marshal.FreeHGlobal(dataPtr); + } + + return ret; + } + + /// + /// Finalize the hash and output the result + /// + /// Hash context pointer + /// The type of hash + /// Byte array where the hash output will be stored + /// 0 on success, otherwise an error code + public static int HashFinal(IntPtr hash, uint hashType, out byte[] output) + { + int ret = 0; + IntPtr outputPtr = IntPtr.Zero; + + try + { + /* Get hash size and initialize */ + int hashSize = wc_HashGetDigestSize(hashType); + output = new byte[hashSize]; + + /* Check hash */ + if (hash == IntPtr.Zero) + throw new Exception("Hash context is null."); + if (hashSize <= 0) + throw new Exception("Invalid hash size."); + + /* Allocate memory */ + outputPtr = Marshal.AllocHGlobal(hashSize); + + ret = wc_HashFinal(hash, hashType, outputPtr); + if (ret != 0) + { + throw new Exception($"Failed to finalize hash. Error code: {ret}"); + } + + Marshal.Copy(outputPtr, output, 0, hashSize); + } + catch (Exception e) + { + log(ERROR_LOG, "HashFinal Exception: " + e.ToString()); + output = null; + } + finally + { + /* Cleanup */ + if (outputPtr != IntPtr.Zero) Marshal.FreeHGlobal(outputPtr); + } + + return ret; + } + + /// + /// Free the allocated hash context with proper error handling + /// + /// Hash context pointer to be freed + /// The type of hash + /// 0 on success, otherwise an error code + public static int HashFree(IntPtr hash, uint hashType) + { + int ret = 0; + + try + { + /* Check hash */ + if (hash == IntPtr.Zero) + throw new Exception("Hash context is null, cannot free."); + + /* Free hash */ + ret = wc_HashDelete(hash, IntPtr.Zero); + hash = IntPtr.Zero; + if (ret != 0) + { + throw new Exception($"Failed to free hash context. Error code: {ret}"); + } + } + catch (Exception e) + { + log(ERROR_LOG, "HashFree Exception: " + e.ToString()); + } + + return ret; + } + + /// + /// Hash type enum values + /// + public enum hashType + { + WC_HASH_TYPE_NONE = 0, + WC_HASH_TYPE_MD2 = 1, + WC_HASH_TYPE_MD4 = 2, + WC_HASH_TYPE_MD5 = 3, + WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */ + WC_HASH_TYPE_SHA224 = 5, + WC_HASH_TYPE_SHA256 = 6, + WC_HASH_TYPE_SHA384 = 7, + WC_HASH_TYPE_SHA512 = 8, + WC_HASH_TYPE_MD5_SHA = 9, + WC_HASH_TYPE_SHA3_224 = 10, + WC_HASH_TYPE_SHA3_256 = 11, + WC_HASH_TYPE_SHA3_384 = 12, + WC_HASH_TYPE_SHA3_512 = 13, + WC_HASH_TYPE_BLAKE2B = 14, + WC_HASH_TYPE_BLAKE2S = 15, + } + /* END HASH */ + + + /*********************************************************************** + * Logging / Other + **********************************************************************/ + + /// + /// Set the function to use for logging + /// + /// Function that conforms as to loggingCb + /// 0 on success + public static int SetLogging(loggingCb input) + { + internal_log = input; + return SUCCESS; + } + + /// + /// Get error string for wolfCrypt error codes + /// + /// Negative error number from wolfCrypt API + /// Error string + public static string GetError(int error) + { + try + { + IntPtr errStr = wc_GetErrorString(error); + return Marshal.PtrToStringAnsi(errStr); + } + catch (Exception e) + { + log(ERROR_LOG, "Get error exception " + e.ToString()); + return string.Empty; + } + } + + /// + /// Compares two byte arrays. + /// + /// The first byte array to compare. + /// The second byte array to compare. + /// True if both arrays are equal; otherwise, false. + public static bool ByteArrayVerify(byte[] array1, byte[] array2) + { + if (ReferenceEquals(array1, array2)) return true; + if (array1 == null || array2 == null) return false; + if (array1.Length != array2.Length) return false; + + for (int i = 0; i < array1.Length; i++) + { + if (array1[i] != array2[i]) return false; + } + return true; + } + } +} + + diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj index c7df2aafcd..a560347cc9 100755 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL_CSharp.csproj @@ -17,7 +17,7 @@ true full false - ..\DLL Debug\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE prompt 3 @@ -25,14 +25,14 @@ pdbonly true - ..\DLL Release\Win32\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE prompt 4 true - ..\DLL Debug\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ DEBUG;TRACE 3 full @@ -41,7 +41,7 @@ MinimumRecommendedRules.ruleset - ..\DLL Release\x64\ + $(SolutionDir)$(Configuration)\$(Platform)\ TRACE true pdbonly @@ -60,6 +60,7 @@ + diff --git a/wrapper/CSharp/wolfssl.vcxproj b/wrapper/CSharp/wolfssl.vcxproj new file mode 100644 index 0000000000..534c4255c4 --- /dev/null +++ b/wrapper/CSharp/wolfssl.vcxproj @@ -0,0 +1,456 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + DLL Debug + Win32 + + + DLL Debug + x64 + + + DLL Release + Win32 + + + DLL Release + x64 + + + Release + Win32 + + + Release + x64 + + + + {67932048-d67e-4c86-b55f-90899b9bda64} + wolfssl + Win32Proj + + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + true + + + DynamicLibrary + v143 + Unicode + true + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + StaticLibrary + v143 + Unicode + + + DynamicLibrary + v143 + Unicode + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\AnyCPU\ + $(Configuration)\AnyCPU\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)$(Configuration)\AnyCPU\ + $(Configuration)\AnyCPU\$(ProjectName)_obj\ + + + $(SolutionDir)Release\$(Platform)\ + Release\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)Release\AnyCPU\ + Release\AnyCPU\$(ProjectName)_obj\ + + + $(SolutionDir)Debug\$(Platform)\ + Debug\$(Platform)\$(ProjectName)_obj\ + + + $(SolutionDir)Debug\AnyCPU\ + Debug\AnyCPU\$(ProjectName)_obj\ + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + EditAndContinue + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + false + + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + + + Disabled + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_DLL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + 4206;4214;4706;%(DisableSpecificWarnings) + + + ws2_32.lib;%(AdditionalDependencies) + false + true + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + + + MaxSpeed + true + ./;../../;%(AdditionalIncludeDirectories) + BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + true + + + Level3 + ProgramDatabase + + + ws2_32.lib;%(AdditionalDependencies) + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + false + false + ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity) + ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity) + $(OutDir)%(Filename).obj + $(IntDir)%(Filename).obj + + + + + + true + true + true + true + + + + + +