From bee486146e267b7b8f5104bf7d125a5933da3211 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 25 Oct 2018 12:32:07 +0100 Subject: [PATCH 01/78] ECDH: Add Everest Curve25519 to 3rdparty/everest These files are automatically generated by the Everest toolchain from F* files. They do not respect the mbedTLS code style guidelines as manual modification would invalidate verification guarantees. The files in 3rdparty/everest/include/kremli{n,b} are a customized (minimzed) version of the support headers expected by the code extracted using KreMLin. --- 3rdparty/everest/README.md | 1 + 3rdparty/everest/apache-2.0.txt | 202 +++++ .../everest/include/everest/Hacl_Curve25519.h | 21 + 3rdparty/everest/include/everest/kremlib.h | 29 + .../include/everest/kremlib/FStar_UInt128.h | 124 +++ ...64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h | 280 +++++++ .../include/everest/kremlin/c_endianness.h | 204 +++++ .../everest/kremlin/internal/builtin.h | 16 + .../everest/kremlin/internal/callconv.h | 44 + .../include/everest/kremlin/internal/compat.h | 34 + .../include/everest/kremlin/internal/debug.h | 57 ++ .../include/everest/kremlin/internal/target.h | 102 +++ .../include/everest/kremlin/internal/types.h | 61 ++ .../everest/kremlin/internal/wasmsupport.h | 5 + 3rdparty/everest/library/Hacl_Curve25519.c | 760 ++++++++++++++++++ .../library/kremlib/FStar_UInt128_extracted.c | 413 ++++++++++ ...64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c | 100 +++ .../everest/library/kremlib/fstar_uint128.c | 216 +++++ 18 files changed, 2669 insertions(+) create mode 100644 3rdparty/everest/README.md create mode 100644 3rdparty/everest/apache-2.0.txt create mode 100644 3rdparty/everest/include/everest/Hacl_Curve25519.h create mode 100644 3rdparty/everest/include/everest/kremlib.h create mode 100644 3rdparty/everest/include/everest/kremlib/FStar_UInt128.h create mode 100644 3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h create mode 100644 3rdparty/everest/include/everest/kremlin/c_endianness.h create mode 100644 3rdparty/everest/include/everest/kremlin/internal/builtin.h create mode 100644 3rdparty/everest/include/everest/kremlin/internal/callconv.h create mode 100644 3rdparty/everest/include/everest/kremlin/internal/compat.h create mode 100644 3rdparty/everest/include/everest/kremlin/internal/debug.h create mode 100644 3rdparty/everest/include/everest/kremlin/internal/target.h create mode 100644 3rdparty/everest/include/everest/kremlin/internal/types.h create mode 100644 3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h create mode 100644 3rdparty/everest/library/Hacl_Curve25519.c create mode 100644 3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c create mode 100644 3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c create mode 100644 3rdparty/everest/library/kremlib/fstar_uint128.c diff --git a/3rdparty/everest/README.md b/3rdparty/everest/README.md new file mode 100644 index 000000000..69134f6ac --- /dev/null +++ b/3rdparty/everest/README.md @@ -0,0 +1 @@ +The files in this directory stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. diff --git a/3rdparty/everest/apache-2.0.txt b/3rdparty/everest/apache-2.0.txt new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/3rdparty/everest/apache-2.0.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/3rdparty/everest/include/everest/Hacl_Curve25519.h b/3rdparty/everest/include/everest/Hacl_Curve25519.h new file mode 100644 index 000000000..e3f5ba44b --- /dev/null +++ b/3rdparty/everest/include/everest/Hacl_Curve25519.h @@ -0,0 +1,21 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KreMLin + * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fbuiltin-uint128 -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c + * F* version: 059db0c8 + * KreMLin version: 916c37ac + */ + + + +#ifndef __Hacl_Curve25519_H +#define __Hacl_Curve25519_H + + +#include "kremlib.h" + +void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint); + +#define __Hacl_Curve25519_H_DEFINED +#endif diff --git a/3rdparty/everest/include/everest/kremlib.h b/3rdparty/everest/include/everest/kremlib.h new file mode 100644 index 000000000..f06663f09 --- /dev/null +++ b/3rdparty/everest/include/everest/kremlib.h @@ -0,0 +1,29 @@ +/* + * Copyright 2016-2018 INRIA and Microsoft Corporation + * + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org) and + * originated from Project Everest (https://project-everest.github.io/) + */ + +#ifndef __KREMLIB_H +#define __KREMLIB_H + +#include "kremlin/internal/target.h" +#include "kremlin/internal/types.h" +#include "kremlin/c_endianness.h" + +#endif /* __KREMLIB_H */ diff --git a/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h b/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h new file mode 100644 index 000000000..d71c8820b --- /dev/null +++ b/3rdparty/everest/include/everest/kremlib/FStar_UInt128.h @@ -0,0 +1,124 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KreMLin + * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir dist/uint128 -skip-compilation -extract-uints -add-include -add-include -add-include "kremlin/internal/types.h" -bundle FStar.UInt128=* extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml + * F* version: 059db0c8 + * KreMLin version: 916c37ac + */ + + + +#ifndef __FStar_UInt128_H +#define __FStar_UInt128_H + + +#include +#include +#include "kremlin/internal/types.h" + +uint64_t FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee); + +uint64_t FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee); + +typedef FStar_UInt128_uint128 FStar_UInt128_t; + +FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 +FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 +FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a); + +FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s); + +FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s); + +bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); + +FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a); + +uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Plus_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Plus_Question_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Plus_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Subtraction_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Subtraction_Question_Hat)( + FStar_UInt128_uint128 x0, + FStar_UInt128_uint128 x1 +); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Subtraction_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Amp_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Hat_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Bar_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Less_Less_Hat)(FStar_UInt128_uint128 x0, uint32_t x1); + +extern FStar_UInt128_uint128 +(*FStar_UInt128_op_Greater_Greater_Hat)(FStar_UInt128_uint128 x0, uint32_t x1); + +extern bool (*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern bool +(*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern bool (*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern bool +(*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern bool +(*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y); + +FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y); + +#define __FStar_UInt128_H_DEFINED +#endif diff --git a/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h b/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h new file mode 100644 index 000000000..21560c4a5 --- /dev/null +++ b/3rdparty/everest/include/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h @@ -0,0 +1,280 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KreMLin + * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir dist/minimal -skip-compilation -extract-uints -add-include -add-include -add-include "kremlin/internal/compat.h" -add-include "kremlin/internal/types.h" -bundle FStar.UInt64+FStar.UInt32+FStar.UInt16+FStar.UInt8=* extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml + * F* version: 059db0c8 + * KreMLin version: 916c37ac + */ + + + +#ifndef __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H +#define __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H + + +#include +#include +#include "kremlin/internal/compat.h" +#include "kremlin/internal/types.h" + +extern Prims_int FStar_UInt64_n; + +extern Prims_int FStar_UInt64_v(uint64_t x0); + +extern uint64_t FStar_UInt64_uint_to_t(Prims_int x0); + +extern uint64_t FStar_UInt64_add(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_add_underspec(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_add_mod(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_sub(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_sub_underspec(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_sub_mod(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_mul(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_mul_underspec(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_mul_mod(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_mul_div(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_div(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_rem(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_logand(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_logxor(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_logor(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_lognot(uint64_t x0); + +extern uint64_t FStar_UInt64_shift_right(uint64_t x0, uint32_t x1); + +extern uint64_t FStar_UInt64_shift_left(uint64_t x0, uint32_t x1); + +extern bool FStar_UInt64_eq(uint64_t x0, uint64_t x1); + +extern bool FStar_UInt64_gt(uint64_t x0, uint64_t x1); + +extern bool FStar_UInt64_gte(uint64_t x0, uint64_t x1); + +extern bool FStar_UInt64_lt(uint64_t x0, uint64_t x1); + +extern bool FStar_UInt64_lte(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_minus(uint64_t x0); + +extern uint32_t FStar_UInt64_n_minus_one; + +uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b); + +uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b); + +extern Prims_string FStar_UInt64_to_string(uint64_t x0); + +extern uint64_t FStar_UInt64_of_string(Prims_string x0); + +extern Prims_int FStar_UInt32_n; + +extern Prims_int FStar_UInt32_v(uint32_t x0); + +extern uint32_t FStar_UInt32_uint_to_t(Prims_int x0); + +extern uint32_t FStar_UInt32_add(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_add_underspec(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_add_mod(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_sub(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_sub_underspec(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_sub_mod(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_mul(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_mul_underspec(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_mul_mod(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_mul_div(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_div(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_rem(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_logand(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_logxor(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_logor(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_lognot(uint32_t x0); + +extern uint32_t FStar_UInt32_shift_right(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_shift_left(uint32_t x0, uint32_t x1); + +extern bool FStar_UInt32_eq(uint32_t x0, uint32_t x1); + +extern bool FStar_UInt32_gt(uint32_t x0, uint32_t x1); + +extern bool FStar_UInt32_gte(uint32_t x0, uint32_t x1); + +extern bool FStar_UInt32_lt(uint32_t x0, uint32_t x1); + +extern bool FStar_UInt32_lte(uint32_t x0, uint32_t x1); + +extern uint32_t FStar_UInt32_minus(uint32_t x0); + +extern uint32_t FStar_UInt32_n_minus_one; + +uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b); + +uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b); + +extern Prims_string FStar_UInt32_to_string(uint32_t x0); + +extern uint32_t FStar_UInt32_of_string(Prims_string x0); + +extern Prims_int FStar_UInt16_n; + +extern Prims_int FStar_UInt16_v(uint16_t x0); + +extern uint16_t FStar_UInt16_uint_to_t(Prims_int x0); + +extern uint16_t FStar_UInt16_add(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_add_underspec(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_add_mod(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_sub(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_sub_underspec(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_sub_mod(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_mul(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_mul_underspec(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_mul_mod(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_mul_div(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_div(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_rem(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_logand(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_logxor(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_logor(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_lognot(uint16_t x0); + +extern uint16_t FStar_UInt16_shift_right(uint16_t x0, uint32_t x1); + +extern uint16_t FStar_UInt16_shift_left(uint16_t x0, uint32_t x1); + +extern bool FStar_UInt16_eq(uint16_t x0, uint16_t x1); + +extern bool FStar_UInt16_gt(uint16_t x0, uint16_t x1); + +extern bool FStar_UInt16_gte(uint16_t x0, uint16_t x1); + +extern bool FStar_UInt16_lt(uint16_t x0, uint16_t x1); + +extern bool FStar_UInt16_lte(uint16_t x0, uint16_t x1); + +extern uint16_t FStar_UInt16_minus(uint16_t x0); + +extern uint32_t FStar_UInt16_n_minus_one; + +uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b); + +uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b); + +extern Prims_string FStar_UInt16_to_string(uint16_t x0); + +extern uint16_t FStar_UInt16_of_string(Prims_string x0); + +extern Prims_int FStar_UInt8_n; + +extern Prims_int FStar_UInt8_v(uint8_t x0); + +extern uint8_t FStar_UInt8_uint_to_t(Prims_int x0); + +extern uint8_t FStar_UInt8_add(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_add_underspec(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_add_mod(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_sub(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_sub_underspec(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_sub_mod(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_mul(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_mul_underspec(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_mul_mod(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_mul_div(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_div(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_rem(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_logand(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_logxor(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_logor(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_lognot(uint8_t x0); + +extern uint8_t FStar_UInt8_shift_right(uint8_t x0, uint32_t x1); + +extern uint8_t FStar_UInt8_shift_left(uint8_t x0, uint32_t x1); + +extern bool FStar_UInt8_eq(uint8_t x0, uint8_t x1); + +extern bool FStar_UInt8_gt(uint8_t x0, uint8_t x1); + +extern bool FStar_UInt8_gte(uint8_t x0, uint8_t x1); + +extern bool FStar_UInt8_lt(uint8_t x0, uint8_t x1); + +extern bool FStar_UInt8_lte(uint8_t x0, uint8_t x1); + +extern uint8_t FStar_UInt8_minus(uint8_t x0); + +extern uint32_t FStar_UInt8_n_minus_one; + +uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b); + +uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b); + +extern Prims_string FStar_UInt8_to_string(uint8_t x0); + +extern uint8_t FStar_UInt8_of_string(Prims_string x0); + +typedef uint8_t FStar_UInt8_byte; + +#define __FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8_H_DEFINED +#endif diff --git a/3rdparty/everest/include/everest/kremlin/c_endianness.h b/3rdparty/everest/include/everest/kremlin/c_endianness.h new file mode 100644 index 000000000..5cfde5d9e --- /dev/null +++ b/3rdparty/everest/include/everest/kremlin/c_endianness.h @@ -0,0 +1,204 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KREMLIN_ENDIAN_H +#define __KREMLIN_ENDIAN_H + +#include +#include + +/******************************************************************************/ +/* Implementing C.fst (part 2: endian-ness macros) */ +/******************************************************************************/ + +/* ... for Linux */ +#if defined(__linux__) || defined(__CYGWIN__) +# include + +/* ... for OSX */ +#elif defined(__APPLE__) +# include +# define htole64(x) OSSwapHostToLittleInt64(x) +# define le64toh(x) OSSwapLittleToHostInt64(x) +# define htobe64(x) OSSwapHostToBigInt64(x) +# define be64toh(x) OSSwapBigToHostInt64(x) + +# define htole16(x) OSSwapHostToLittleInt16(x) +# define le16toh(x) OSSwapLittleToHostInt16(x) +# define htobe16(x) OSSwapHostToBigInt16(x) +# define be16toh(x) OSSwapBigToHostInt16(x) + +# define htole32(x) OSSwapHostToLittleInt32(x) +# define le32toh(x) OSSwapLittleToHostInt32(x) +# define htobe32(x) OSSwapHostToBigInt32(x) +# define be32toh(x) OSSwapBigToHostInt32(x) + +/* ... for Solaris */ +#elif defined(__sun__) +# include +# define htole64(x) LE_64(x) +# define le64toh(x) LE_64(x) +# define htobe64(x) BE_64(x) +# define be64toh(x) BE_64(x) + +# define htole16(x) LE_16(x) +# define le16toh(x) LE_16(x) +# define htobe16(x) BE_16(x) +# define be16toh(x) BE_16(x) + +# define htole32(x) LE_32(x) +# define le32toh(x) LE_32(x) +# define htobe32(x) BE_32(x) +# define be32toh(x) BE_32(x) + +/* ... for the BSDs */ +#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) +# include +#elif defined(__OpenBSD__) +# include + +/* ... for Windows (MSVC)... not targeting XBOX 360! */ +#elif defined(_MSC_VER) + +# include +# define htobe16(x) _byteswap_ushort(x) +# define htole16(x) (x) +# define be16toh(x) _byteswap_ushort(x) +# define le16toh(x) (x) + +# define htobe32(x) _byteswap_ulong(x) +# define htole32(x) (x) +# define be32toh(x) _byteswap_ulong(x) +# define le32toh(x) (x) + +# define htobe64(x) _byteswap_uint64(x) +# define htole64(x) (x) +# define be64toh(x) _byteswap_uint64(x) +# define le64toh(x) (x) + +/* ... for Windows (GCC-like, e.g. mingw or clang) */ +#elif (defined(_WIN32) || defined(_WIN64)) && \ + (defined(__GNUC__) || defined(__clang__)) + +# define htobe16(x) __builtin_bswap16(x) +# define htole16(x) (x) +# define be16toh(x) __builtin_bswap16(x) +# define le16toh(x) (x) + +# define htobe32(x) __builtin_bswap32(x) +# define htole32(x) (x) +# define be32toh(x) __builtin_bswap32(x) +# define le32toh(x) (x) + +# define htobe64(x) __builtin_bswap64(x) +# define htole64(x) (x) +# define be64toh(x) __builtin_bswap64(x) +# define le64toh(x) (x) + +/* ... generic big-endian fallback code */ +#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + +/* byte swapping code inspired by: + * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h + * */ + +# define htobe32(x) (x) +# define be32toh(x) (x) +# define htole32(x) \ + (__extension__({ \ + uint32_t _temp = (x); \ + ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ + ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ + })) +# define le32toh(x) (htole32((x))) + +# define htobe64(x) (x) +# define be64toh(x) (x) +# define htole64(x) \ + (__extension__({ \ + uint64_t __temp = (x); \ + uint32_t __low = htobe32((uint32_t)__temp); \ + uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ + (((uint64_t)__low) << 32) | __high; \ + })) +# define le64toh(x) (htole64((x))) + +/* ... generic little-endian fallback code */ +#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + +# define htole32(x) (x) +# define le32toh(x) (x) +# define htobe32(x) \ + (__extension__({ \ + uint32_t _temp = (x); \ + ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ + ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ + })) +# define be32toh(x) (htobe32((x))) + +# define htole64(x) (x) +# define le64toh(x) (x) +# define htobe64(x) \ + (__extension__({ \ + uint64_t __temp = (x); \ + uint32_t __low = htobe32((uint32_t)__temp); \ + uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ + (((uint64_t)__low) << 32) | __high; \ + })) +# define be64toh(x) (htobe64((x))) + +/* ... couldn't determine endian-ness of the target platform */ +#else +# error "Please define __BYTE_ORDER__!" + +#endif /* defined(__linux__) || ... */ + +/* Loads and stores. These avoid undefined behavior due to unaligned memory + * accesses, via memcpy. */ + +inline static uint16_t load16(uint8_t *b) { + uint16_t x; + memcpy(&x, b, 2); + return x; +} + +inline static uint32_t load32(uint8_t *b) { + uint32_t x; + memcpy(&x, b, 4); + return x; +} + +inline static uint64_t load64(uint8_t *b) { + uint64_t x; + memcpy(&x, b, 8); + return x; +} + +inline static void store16(uint8_t *b, uint16_t i) { + memcpy(b, &i, 2); +} + +inline static void store32(uint8_t *b, uint32_t i) { + memcpy(b, &i, 4); +} + +inline static void store64(uint8_t *b, uint64_t i) { + memcpy(b, &i, 8); +} + +#define load16_le(b) (le16toh(load16(b))) +#define store16_le(b, i) (store16(b, htole16(i))) +#define load16_be(b) (be16toh(load16(b))) +#define store16_be(b, i) (store16(b, htobe16(i))) + +#define load32_le(b) (le32toh(load32(b))) +#define store32_le(b, i) (store32(b, htole32(i))) +#define load32_be(b) (be32toh(load32(b))) +#define store32_be(b, i) (store32(b, htobe32(i))) + +#define load64_le(b) (le64toh(load64(b))) +#define store64_le(b, i) (store64(b, htole64(i))) +#define load64_be(b) (be64toh(load64(b))) +#define store64_be(b, i) (store64(b, htobe64(i))) + +#endif diff --git a/3rdparty/everest/include/everest/kremlin/internal/builtin.h b/3rdparty/everest/include/everest/kremlin/internal/builtin.h new file mode 100644 index 000000000..219b26686 --- /dev/null +++ b/3rdparty/everest/include/everest/kremlin/internal/builtin.h @@ -0,0 +1,16 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KREMLIN_BUILTIN_H +#define __KREMLIN_BUILTIN_H + +/* For alloca, when using KreMLin's -falloca */ +#if (defined(_WIN32) || defined(_WIN64)) +# include +#endif + +/* If some globals need to be initialized before the main, then kremlin will + * generate and try to link last a function with this type: */ +void kremlinit_globals(void); + +#endif diff --git a/3rdparty/everest/include/everest/kremlin/internal/callconv.h b/3rdparty/everest/include/everest/kremlin/internal/callconv.h new file mode 100644 index 000000000..24b5fffa8 --- /dev/null +++ b/3rdparty/everest/include/everest/kremlin/internal/callconv.h @@ -0,0 +1,44 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KREMLIN_CALLCONV_H +#define __KREMLIN_CALLCONV_H + +/******************************************************************************/ +/* Some macros to ease compatibility */ +/******************************************************************************/ + +/* We want to generate __cdecl safely without worrying about it being undefined. + * When using MSVC, these are always defined. When using MinGW, these are + * defined too. They have no meaning for other platforms, so we define them to + * be empty macros in other situations. */ +#ifndef _MSC_VER +#ifndef __cdecl +#define __cdecl +#endif +#ifndef __stdcall +#define __stdcall +#endif +#ifndef __fastcall +#define __fastcall +#endif +#endif + +/* TODO: review these two definitions and understand why they're needed. */ +#ifdef __GNUC__ +# define inline __inline__ +#endif + +/* GCC-specific attribute syntax; everyone else gets the standard C inline + * attribute. */ +#ifdef __GNU_C__ +# ifndef __clang__ +# define force_inline inline __attribute__((always_inline)) +# else +# define force_inline inline +# endif +#else +# define force_inline inline +#endif + +#endif diff --git a/3rdparty/everest/include/everest/kremlin/internal/compat.h b/3rdparty/everest/include/everest/kremlin/internal/compat.h new file mode 100644 index 000000000..a5b8889da --- /dev/null +++ b/3rdparty/everest/include/everest/kremlin/internal/compat.h @@ -0,0 +1,34 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef KRML_COMPAT_H +#define KRML_COMPAT_H + +#include + +/* A series of macros that define C implementations of types that are not Low*, + * to facilitate porting programs to Low*. */ + +typedef const char *Prims_string; + +typedef struct { + uint32_t length; + const char *data; +} FStar_Bytes_bytes; + +typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int, + krml_checked_int_t; + +#define RETURN_OR(x) \ + do { \ + int64_t __ret = x; \ + if (__ret < INT32_MIN || INT32_MAX < __ret) { \ + KRML_HOST_PRINTF( \ + "Prims.{int,nat,pos} integer overflow at %s:%d\n", __FILE__, \ + __LINE__); \ + KRML_HOST_EXIT(252); \ + } \ + return (int32_t)__ret; \ + } while (0) + +#endif diff --git a/3rdparty/everest/include/everest/kremlin/internal/debug.h b/3rdparty/everest/include/everest/kremlin/internal/debug.h new file mode 100644 index 000000000..44ac22cd6 --- /dev/null +++ b/3rdparty/everest/include/everest/kremlin/internal/debug.h @@ -0,0 +1,57 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KREMLIN_DEBUG_H +#define __KREMLIN_DEBUG_H + +#include + +#include "kremlin/internal/target.h" + +/******************************************************************************/ +/* Debugging helpers - intended only for KreMLin developers */ +/******************************************************************************/ + +/* In support of "-wasm -d force-c": we might need this function to be + * forward-declared, because the dependency on WasmSupport appears very late, + * after SimplifyWasm, and sadly, after the topological order has been done. */ +void WasmSupport_check_buffer_size(uint32_t s); + +/* A series of GCC atrocities to trace function calls (kremlin's [-d c-calls] + * option). Useful when trying to debug, say, Wasm, to compare traces. */ +/* clang-format off */ +#ifdef __GNUC__ +#define KRML_FORMAT(X) _Generic((X), \ + uint8_t : "0x%08" PRIx8, \ + uint16_t: "0x%08" PRIx16, \ + uint32_t: "0x%08" PRIx32, \ + uint64_t: "0x%08" PRIx64, \ + int8_t : "0x%08" PRIx8, \ + int16_t : "0x%08" PRIx16, \ + int32_t : "0x%08" PRIx32, \ + int64_t : "0x%08" PRIx64, \ + default : "%s") + +#define KRML_FORMAT_ARG(X) _Generic((X), \ + uint8_t : X, \ + uint16_t: X, \ + uint32_t: X, \ + uint64_t: X, \ + int8_t : X, \ + int16_t : X, \ + int32_t : X, \ + int64_t : X, \ + default : "unknown") +/* clang-format on */ + +# define KRML_DEBUG_RETURN(X) \ + ({ \ + __auto_type _ret = (X); \ + KRML_HOST_PRINTF("returning: "); \ + KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \ + KRML_HOST_PRINTF(" \n"); \ + _ret; \ + }) +#endif + +#endif diff --git a/3rdparty/everest/include/everest/kremlin/internal/target.h b/3rdparty/everest/include/everest/kremlin/internal/target.h new file mode 100644 index 000000000..b552f52b0 --- /dev/null +++ b/3rdparty/everest/include/everest/kremlin/internal/target.h @@ -0,0 +1,102 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef __KREMLIN_TARGET_H +#define __KREMLIN_TARGET_H + +#include +#include +#include +#include +#include + +#include "kremlin/internal/callconv.h" + +/******************************************************************************/ +/* Macros that KreMLin will generate. */ +/******************************************************************************/ + +/* For "bare" targets that do not have a C stdlib, the user might want to use + * [-add-early-include '"mydefinitions.h"'] and override these. */ +#ifndef KRML_HOST_PRINTF +# define KRML_HOST_PRINTF printf +#endif + +#if ( \ + (defined __STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ + (!(defined KRML_HOST_EPRINTF))) +# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) +#endif + +#ifndef KRML_HOST_EXIT +# define KRML_HOST_EXIT exit +#endif + +#ifndef KRML_HOST_MALLOC +# define KRML_HOST_MALLOC malloc +#endif + +#ifndef KRML_HOST_CALLOC +# define KRML_HOST_CALLOC calloc +#endif + +#ifndef KRML_HOST_FREE +# define KRML_HOST_FREE free +#endif + +#ifndef KRML_HOST_TIME + +# include + +/* Prims_nat not yet in scope */ +inline static int32_t krml_time() { + return (int32_t)time(NULL); +} + +# define KRML_HOST_TIME krml_time +#endif + +/* In statement position, exiting is easy. */ +#define KRML_EXIT \ + do { \ + KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \ + KRML_HOST_EXIT(254); \ + } while (0) + +/* In expression position, use the comma-operator and a malloc to return an + * expression of the right size. KreMLin passes t as the parameter to the macro. + */ +#define KRML_EABORT(t, msg) \ + (KRML_HOST_PRINTF("KreMLin abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \ + KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t)))) + +/* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of + * *elements*. Do an ugly, run-time check (some of which KreMLin can eliminate). + */ + +#ifdef __GNUC__ +# define _KRML_CHECK_SIZE_PRAGMA \ + _Pragma("GCC diagnostic ignored \"-Wtype-limits\"") +#else +# define _KRML_CHECK_SIZE_PRAGMA +#endif + +#define KRML_CHECK_SIZE(size_elt, sz) \ + do { \ + _KRML_CHECK_SIZE_PRAGMA \ + if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \ + KRML_HOST_PRINTF( \ + "Maximum allocatable size exceeded, aborting before overflow at " \ + "%s:%d\n", \ + __FILE__, __LINE__); \ + KRML_HOST_EXIT(253); \ + } \ + } while (0) + +#if defined(_MSC_VER) && _MSC_VER < 1900 +# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) _snprintf_s(buf, sz, _TRUNCATE, fmt, arg) +#else +# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg) +#endif + +#endif diff --git a/3rdparty/everest/include/everest/kremlin/internal/types.h b/3rdparty/everest/include/everest/kremlin/internal/types.h new file mode 100644 index 000000000..b936f00db --- /dev/null +++ b/3rdparty/everest/include/everest/kremlin/internal/types.h @@ -0,0 +1,61 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +#ifndef KRML_TYPES_H +#define KRML_TYPES_H + +#include +#include +#include + +/* Types which are either abstract, meaning that have to be implemented in C, or + * which are models, meaning that they are swapped out at compile-time for + * hand-written C types (in which case they're marked as noextract). */ + +typedef uint64_t FStar_UInt64_t, FStar_UInt64_t_; +typedef int64_t FStar_Int64_t, FStar_Int64_t_; +typedef uint32_t FStar_UInt32_t, FStar_UInt32_t_; +typedef int32_t FStar_Int32_t, FStar_Int32_t_; +typedef uint16_t FStar_UInt16_t, FStar_UInt16_t_; +typedef int16_t FStar_Int16_t, FStar_Int16_t_; +typedef uint8_t FStar_UInt8_t, FStar_UInt8_t_; +typedef int8_t FStar_Int8_t, FStar_Int8_t_; + +/* Only useful when building Kremlib, because it's in the dependency graph of + * FStar.Int.Cast. */ +typedef uint64_t FStar_UInt63_t, FStar_UInt63_t_; +typedef int64_t FStar_Int63_t, FStar_Int63_t_; + +typedef double FStar_Float_float; +typedef uint32_t FStar_Char_char; +typedef FILE *FStar_IO_fd_read, *FStar_IO_fd_write; + +typedef void *FStar_Dyn_dyn; + +typedef const char *C_String_t, *C_String_t_; + +typedef int exit_code; +typedef FILE *channel; + +typedef unsigned long long TestLib_cycles; + +typedef uint64_t FStar_Date_dateTime, FStar_Date_timeSpan; + +/* The uint128 type is a special case since we offer several implementations of + * it, depending on the compiler and whether the user wants the verified + * implementation or not. */ +#if !defined(KRML_VERIFIED_UINT128) && defined(_MSC_VER) && defined(_M_X64) +# include +typedef __m128i FStar_UInt128_uint128; +#elif !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) +typedef unsigned __int128 FStar_UInt128_uint128; +#else +typedef struct FStar_UInt128_uint128_s { + uint64_t low; + uint64_t high; +} FStar_UInt128_uint128; +#endif + +typedef FStar_UInt128_uint128 FStar_UInt128_t, FStar_UInt128_t_, uint128_t; + +#endif diff --git a/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h b/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h new file mode 100644 index 000000000..b44fa3f75 --- /dev/null +++ b/3rdparty/everest/include/everest/kremlin/internal/wasmsupport.h @@ -0,0 +1,5 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file is automatically included when compiling with -wasm -d force-c */ +#define WasmSupport_check_buffer_size(X) diff --git a/3rdparty/everest/library/Hacl_Curve25519.c b/3rdparty/everest/library/Hacl_Curve25519.c new file mode 100644 index 000000000..450b9f8dd --- /dev/null +++ b/3rdparty/everest/library/Hacl_Curve25519.c @@ -0,0 +1,760 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KreMLin + * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fbuiltin-uint128 -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c + * F* version: 059db0c8 + * KreMLin version: 916c37ac + */ + + +#include "Hacl_Curve25519.h" + +extern uint64_t FStar_UInt64_eq_mask(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_gte_mask(uint64_t x0, uint64_t x1); + +extern uint128_t FStar_UInt128_add(uint128_t x0, uint128_t x1); + +extern uint128_t FStar_UInt128_add_mod(uint128_t x0, uint128_t x1); + +extern uint128_t FStar_UInt128_logand(uint128_t x0, uint128_t x1); + +extern uint128_t FStar_UInt128_shift_right(uint128_t x0, uint32_t x1); + +extern uint128_t FStar_UInt128_uint64_to_uint128(uint64_t x0); + +extern uint64_t FStar_UInt128_uint128_to_uint64(uint128_t x0); + +extern uint128_t FStar_UInt128_mul_wide(uint64_t x0, uint64_t x1); + +static void Hacl_Bignum_Modulo_carry_top(uint64_t *b) +{ + uint64_t b4 = b[4U]; + uint64_t b0 = b[0U]; + uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU; + uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U); + b[4U] = b4_; + b[0U] = b0_; +} + +inline static void Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, uint128_t *input) +{ + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + uint128_t xi = input[i]; + output[i] = (uint64_t)xi; + } +} + +inline static void +Hacl_Bignum_Fproduct_sum_scalar_multiplication_(uint128_t *output, uint64_t *input, uint64_t s) +{ + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + uint128_t xi = output[i]; + uint64_t yi = input[i]; + output[i] = xi + (uint128_t)yi * s; + } +} + +inline static void Hacl_Bignum_Fproduct_carry_wide_(uint128_t *tmp) +{ + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) + { + uint32_t ctr = i; + uint128_t tctr = tmp[ctr]; + uint128_t tctrp1 = tmp[ctr + (uint32_t)1U]; + uint64_t r0 = (uint64_t)tctr & (uint64_t)0x7ffffffffffffU; + uint128_t c = tctr >> (uint32_t)51U; + tmp[ctr] = (uint128_t)r0; + tmp[ctr + (uint32_t)1U] = tctrp1 + c; + } +} + +inline static void Hacl_Bignum_Fmul_shift_reduce(uint64_t *output) +{ + uint64_t tmp = output[4U]; + uint64_t b0; + { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) + { + uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U; + uint64_t z = output[ctr - (uint32_t)1U]; + output[ctr] = z; + } + } + output[0U] = tmp; + b0 = output[0U]; + output[0U] = (uint64_t)19U * b0; +} + +static void +Hacl_Bignum_Fmul_mul_shift_reduce_(uint128_t *output, uint64_t *input, uint64_t *input2) +{ + uint32_t i; + uint64_t input2i; + { + uint32_t i0; + for (i0 = (uint32_t)0U; i0 < (uint32_t)4U; i0 = i0 + (uint32_t)1U) + { + uint64_t input2i0 = input2[i0]; + Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i0); + Hacl_Bignum_Fmul_shift_reduce(input); + } + } + i = (uint32_t)4U; + input2i = input2[i]; + Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); +} + +inline static void Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input2) +{ + uint64_t tmp[5U] = { 0U }; + memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); + KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U); + { + uint128_t t[5U]; + { + uint32_t _i; + for (_i = 0U; _i < (uint32_t)5U; ++_i) + t[_i] = (uint128_t)(uint64_t)0U; + } + { + uint128_t b4; + uint128_t b0; + uint128_t b4_; + uint128_t b0_; + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; + Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); + Hacl_Bignum_Fproduct_carry_wide_(t); + b4 = t[4U]; + b0 = t[0U]; + b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU; + b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U); + t[4U] = b4_; + t[0U] = b0_; + Hacl_Bignum_Fproduct_copy_from_wide_(output, t); + i0 = output[0U]; + i1 = output[1U]; + i0_ = i0 & (uint64_t)0x7ffffffffffffU; + i1_ = i1 + (i0 >> (uint32_t)51U); + output[0U] = i0_; + output[1U] = i1_; + } + } +} + +inline static void Hacl_Bignum_Fsquare_fsquare__(uint128_t *tmp, uint64_t *output) +{ + uint64_t r0 = output[0U]; + uint64_t r1 = output[1U]; + uint64_t r2 = output[2U]; + uint64_t r3 = output[3U]; + uint64_t r4 = output[4U]; + uint64_t d0 = r0 * (uint64_t)2U; + uint64_t d1 = r1 * (uint64_t)2U; + uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U; + uint64_t d419 = r4 * (uint64_t)19U; + uint64_t d4 = d419 * (uint64_t)2U; + uint128_t s0 = (uint128_t)r0 * r0 + (uint128_t)d4 * r1 + (uint128_t)d2 * r3; + uint128_t s1 = (uint128_t)d0 * r1 + (uint128_t)d4 * r2 + (uint128_t)(r3 * (uint64_t)19U) * r3; + uint128_t s2 = (uint128_t)d0 * r2 + (uint128_t)r1 * r1 + (uint128_t)d4 * r3; + uint128_t s3 = (uint128_t)d0 * r3 + (uint128_t)d1 * r2 + (uint128_t)r4 * d419; + uint128_t s4 = (uint128_t)d0 * r4 + (uint128_t)d1 * r3 + (uint128_t)r2 * r2; + tmp[0U] = s0; + tmp[1U] = s1; + tmp[2U] = s2; + tmp[3U] = s3; + tmp[4U] = s4; +} + +inline static void Hacl_Bignum_Fsquare_fsquare_(uint128_t *tmp, uint64_t *output) +{ + uint128_t b4; + uint128_t b0; + uint128_t b4_; + uint128_t b0_; + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; + Hacl_Bignum_Fsquare_fsquare__(tmp, output); + Hacl_Bignum_Fproduct_carry_wide_(tmp); + b4 = tmp[4U]; + b0 = tmp[0U]; + b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU; + b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U); + tmp[4U] = b4_; + tmp[0U] = b0_; + Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); + i0 = output[0U]; + i1 = output[1U]; + i0_ = i0 & (uint64_t)0x7ffffffffffffU; + i1_ = i1 + (i0 >> (uint32_t)51U); + output[0U] = i0_; + output[1U] = i1_; +} + +static void +Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, uint128_t *tmp, uint32_t count1) +{ + uint32_t i; + Hacl_Bignum_Fsquare_fsquare_(tmp, input); + for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U) + Hacl_Bignum_Fsquare_fsquare_(tmp, input); +} + +inline static void +Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1) +{ + KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U); + { + uint128_t t[5U]; + { + uint32_t _i; + for (_i = 0U; _i < (uint32_t)5U; ++_i) + t[_i] = (uint128_t)(uint64_t)0U; + } + memcpy(output, input, (uint32_t)5U * sizeof input[0U]); + Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); + } +} + +inline static void Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1) +{ + KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U); + { + uint128_t t[5U]; + { + uint32_t _i; + for (_i = 0U; _i < (uint32_t)5U; ++_i) + t[_i] = (uint128_t)(uint64_t)0U; + } + Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); + } +} + +inline static void Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z) +{ + uint64_t buf[20U] = { 0U }; + uint64_t *a0 = buf; + uint64_t *t00 = buf + (uint32_t)5U; + uint64_t *b0 = buf + (uint32_t)10U; + uint64_t *t01; + uint64_t *b1; + uint64_t *c0; + uint64_t *a; + uint64_t *t0; + uint64_t *b; + uint64_t *c; + Hacl_Bignum_Fsquare_fsquare_times(a0, z, (uint32_t)1U); + Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)2U); + Hacl_Bignum_Fmul_fmul(b0, t00, z); + Hacl_Bignum_Fmul_fmul(a0, b0, a0); + Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)1U); + Hacl_Bignum_Fmul_fmul(b0, t00, b0); + Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U); + t01 = buf + (uint32_t)5U; + b1 = buf + (uint32_t)10U; + c0 = buf + (uint32_t)15U; + Hacl_Bignum_Fmul_fmul(b1, t01, b1); + Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U); + Hacl_Bignum_Fmul_fmul(c0, t01, b1); + Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U); + Hacl_Bignum_Fmul_fmul(t01, t01, c0); + Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U); + Hacl_Bignum_Fmul_fmul(b1, t01, b1); + Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U); + a = buf; + t0 = buf + (uint32_t)5U; + b = buf + (uint32_t)10U; + c = buf + (uint32_t)15U; + Hacl_Bignum_Fmul_fmul(c, t0, b); + Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U); + Hacl_Bignum_Fmul_fmul(t0, t0, c); + Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U); + Hacl_Bignum_Fmul_fmul(t0, t0, b); + Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U); + Hacl_Bignum_Fmul_fmul(out, t0, a); +} + +inline static void Hacl_Bignum_fsum(uint64_t *a, uint64_t *b) +{ + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + uint64_t xi = a[i]; + uint64_t yi = b[i]; + a[i] = xi + yi; + } +} + +inline static void Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b) +{ + uint64_t tmp[5U] = { 0U }; + uint64_t b0; + uint64_t b1; + uint64_t b2; + uint64_t b3; + uint64_t b4; + memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]); + b0 = tmp[0U]; + b1 = tmp[1U]; + b2 = tmp[2U]; + b3 = tmp[3U]; + b4 = tmp[4U]; + tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U; + tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U; + tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U; + tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U; + tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U; + { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + uint64_t xi = a[i]; + uint64_t yi = tmp[i]; + a[i] = yi - xi; + } + } +} + +inline static void Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s) +{ + KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U); + { + uint128_t tmp[5U]; + { + uint32_t _i; + for (_i = 0U; _i < (uint32_t)5U; ++_i) + tmp[_i] = (uint128_t)(uint64_t)0U; + } + { + uint128_t b4; + uint128_t b0; + uint128_t b4_; + uint128_t b0_; + { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + uint64_t xi = b[i]; + tmp[i] = (uint128_t)xi * s; + } + } + Hacl_Bignum_Fproduct_carry_wide_(tmp); + b4 = tmp[4U]; + b0 = tmp[0U]; + b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU; + b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U); + tmp[4U] = b4_; + tmp[0U] = b0_; + Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); + } + } +} + +inline static void Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b) +{ + Hacl_Bignum_Fmul_fmul(output, a, b); +} + +inline static void Hacl_Bignum_crecip(uint64_t *output, uint64_t *input) +{ + Hacl_Bignum_Crecip_crecip(output, input); +} + +static void +Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr) +{ + uint32_t i = ctr - (uint32_t)1U; + uint64_t ai = a[i]; + uint64_t bi = b[i]; + uint64_t x = swap1 & (ai ^ bi); + uint64_t ai1 = ai ^ x; + uint64_t bi1 = bi ^ x; + a[i] = ai1; + b[i] = bi1; +} + +static void +Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr) +{ + if (!(ctr == (uint32_t)0U)) + { + uint32_t i; + Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr); + i = ctr - (uint32_t)1U; + Hacl_EC_Point_swap_conditional_(a, b, swap1, i); + } +} + +static void Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap) +{ + uint64_t swap1 = (uint64_t)0U - iswap; + Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U); + Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U); +} + +static void Hacl_EC_Point_copy(uint64_t *output, uint64_t *input) +{ + memcpy(output, input, (uint32_t)5U * sizeof input[0U]); + memcpy(output + (uint32_t)5U, + input + (uint32_t)5U, + (uint32_t)5U * sizeof (input + (uint32_t)5U)[0U]); +} + +static void Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input) +{ + uint64_t i0 = load64_le(input); + uint8_t *x00 = input + (uint32_t)6U; + uint64_t i1 = load64_le(x00); + uint8_t *x01 = input + (uint32_t)12U; + uint64_t i2 = load64_le(x01); + uint8_t *x02 = input + (uint32_t)19U; + uint64_t i3 = load64_le(x02); + uint8_t *x0 = input + (uint32_t)24U; + uint64_t i4 = load64_le(x0); + uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU; + uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU; + uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU; + uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU; + uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU; + output[0U] = output0; + output[1U] = output1; + output[2U] = output2; + output[3U] = output3; + output[4U] = output4; +} + +static void Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input) +{ + uint64_t t0 = input[0U]; + uint64_t t1 = input[1U]; + uint64_t t2 = input[2U]; + uint64_t t3 = input[3U]; + uint64_t t4 = input[4U]; + uint64_t t1_ = t1 + (t0 >> (uint32_t)51U); + uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU; + uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U); + uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU; + uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U); + uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU; + uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U); + uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU; + input[0U] = t0_; + input[1U] = t1__; + input[2U] = t2__; + input[3U] = t3__; + input[4U] = t4_; +} + +static void Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input) +{ + Hacl_EC_Format_fcontract_first_carry_pass(input); + Hacl_Bignum_Modulo_carry_top(input); +} + +static void Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input) +{ + uint64_t t0 = input[0U]; + uint64_t t1 = input[1U]; + uint64_t t2 = input[2U]; + uint64_t t3 = input[3U]; + uint64_t t4 = input[4U]; + uint64_t t1_ = t1 + (t0 >> (uint32_t)51U); + uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU; + uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U); + uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU; + uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U); + uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU; + uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U); + uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU; + input[0U] = t0_; + input[1U] = t1__; + input[2U] = t2__; + input[3U] = t3__; + input[4U] = t4_; +} + +static void Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input) +{ + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; + Hacl_EC_Format_fcontract_second_carry_pass(input); + Hacl_Bignum_Modulo_carry_top(input); + i0 = input[0U]; + i1 = input[1U]; + i0_ = i0 & (uint64_t)0x7ffffffffffffU; + i1_ = i1 + (i0 >> (uint32_t)51U); + input[0U] = i0_; + input[1U] = i1_; +} + +static void Hacl_EC_Format_fcontract_trim(uint64_t *input) +{ + uint64_t a0 = input[0U]; + uint64_t a1 = input[1U]; + uint64_t a2 = input[2U]; + uint64_t a3 = input[3U]; + uint64_t a4 = input[4U]; + uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU); + uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU); + uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU); + uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU); + uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU); + uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4; + uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask); + uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask); + uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask); + uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask); + uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask); + input[0U] = a0_; + input[1U] = a1_; + input[2U] = a2_; + input[3U] = a3_; + input[4U] = a4_; +} + +static void Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input) +{ + uint64_t t0 = input[0U]; + uint64_t t1 = input[1U]; + uint64_t t2 = input[2U]; + uint64_t t3 = input[3U]; + uint64_t t4 = input[4U]; + uint64_t o0 = t1 << (uint32_t)51U | t0; + uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U; + uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U; + uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U; + uint8_t *b0 = output; + uint8_t *b1 = output + (uint32_t)8U; + uint8_t *b2 = output + (uint32_t)16U; + uint8_t *b3 = output + (uint32_t)24U; + store64_le(b0, o0); + store64_le(b1, o1); + store64_le(b2, o2); + store64_le(b3, o3); +} + +static void Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input) +{ + Hacl_EC_Format_fcontract_first_carry_full(input); + Hacl_EC_Format_fcontract_second_carry_full(input); + Hacl_EC_Format_fcontract_trim(input); + Hacl_EC_Format_fcontract_store(output, input); +} + +static void Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point) +{ + uint64_t *x = point; + uint64_t *z = point + (uint32_t)5U; + uint64_t buf[10U] = { 0U }; + uint64_t *zmone = buf; + uint64_t *sc = buf + (uint32_t)5U; + Hacl_Bignum_crecip(zmone, z); + Hacl_Bignum_fmul(sc, x, zmone); + Hacl_EC_Format_fcontract(scalar, sc); +} + +static void +Hacl_EC_AddAndDouble_fmonty( + uint64_t *pp, + uint64_t *ppq, + uint64_t *p, + uint64_t *pq, + uint64_t *qmqp +) +{ + uint64_t *qx = qmqp; + uint64_t *x2 = pp; + uint64_t *z2 = pp + (uint32_t)5U; + uint64_t *x3 = ppq; + uint64_t *z3 = ppq + (uint32_t)5U; + uint64_t *x = p; + uint64_t *z = p + (uint32_t)5U; + uint64_t *xprime = pq; + uint64_t *zprime = pq + (uint32_t)5U; + uint64_t buf[40U] = { 0U }; + uint64_t *origx = buf; + uint64_t *origxprime0 = buf + (uint32_t)5U; + uint64_t *xxprime0 = buf + (uint32_t)25U; + uint64_t *zzprime0 = buf + (uint32_t)30U; + uint64_t *origxprime; + uint64_t *xx0; + uint64_t *zz0; + uint64_t *xxprime; + uint64_t *zzprime; + uint64_t *zzzprime; + uint64_t *zzz; + uint64_t *xx; + uint64_t *zz; + uint64_t scalar; + memcpy(origx, x, (uint32_t)5U * sizeof x[0U]); + Hacl_Bignum_fsum(x, z); + Hacl_Bignum_fdifference(z, origx); + memcpy(origxprime0, xprime, (uint32_t)5U * sizeof xprime[0U]); + Hacl_Bignum_fsum(xprime, zprime); + Hacl_Bignum_fdifference(zprime, origxprime0); + Hacl_Bignum_fmul(xxprime0, xprime, z); + Hacl_Bignum_fmul(zzprime0, x, zprime); + origxprime = buf + (uint32_t)5U; + xx0 = buf + (uint32_t)15U; + zz0 = buf + (uint32_t)20U; + xxprime = buf + (uint32_t)25U; + zzprime = buf + (uint32_t)30U; + zzzprime = buf + (uint32_t)35U; + memcpy(origxprime, xxprime, (uint32_t)5U * sizeof xxprime[0U]); + Hacl_Bignum_fsum(xxprime, zzprime); + Hacl_Bignum_fdifference(zzprime, origxprime); + Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U); + Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U); + Hacl_Bignum_fmul(z3, zzzprime, qx); + Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U); + Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U); + zzz = buf + (uint32_t)10U; + xx = buf + (uint32_t)15U; + zz = buf + (uint32_t)20U; + Hacl_Bignum_fmul(x2, xx, zz); + Hacl_Bignum_fdifference(zz, xx); + scalar = (uint64_t)121665U; + Hacl_Bignum_fscalar(zzz, zz, scalar); + Hacl_Bignum_fsum(zzz, xx); + Hacl_Bignum_fmul(z2, zzz, zz); +} + +static void +Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step( + uint64_t *nq, + uint64_t *nqpq, + uint64_t *nq2, + uint64_t *nqpq2, + uint64_t *q, + uint8_t byt +) +{ + uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U); + uint64_t bit; + Hacl_EC_Point_swap_conditional(nq, nqpq, bit0); + Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q); + bit = (uint64_t)(byt >> (uint32_t)7U); + Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit); +} + +static void +Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step( + uint64_t *nq, + uint64_t *nqpq, + uint64_t *nq2, + uint64_t *nqpq2, + uint64_t *q, + uint8_t byt +) +{ + uint8_t byt1; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt); + byt1 = byt << (uint32_t)1U; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1); +} + +static void +Hacl_EC_Ladder_SmallLoop_cmult_small_loop( + uint64_t *nq, + uint64_t *nqpq, + uint64_t *nq2, + uint64_t *nqpq2, + uint64_t *q, + uint8_t byt, + uint32_t i +) +{ + if (!(i == (uint32_t)0U)) + { + uint32_t i_ = i - (uint32_t)1U; + uint8_t byt_; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt); + byt_ = byt << (uint32_t)2U; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_); + } +} + +static void +Hacl_EC_Ladder_BigLoop_cmult_big_loop( + uint8_t *n1, + uint64_t *nq, + uint64_t *nqpq, + uint64_t *nq2, + uint64_t *nqpq2, + uint64_t *q, + uint32_t i +) +{ + if (!(i == (uint32_t)0U)) + { + uint32_t i1 = i - (uint32_t)1U; + uint8_t byte = n1[i1]; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U); + Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1); + } +} + +static void Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q) +{ + uint64_t point_buf[40U] = { 0U }; + uint64_t *nq = point_buf; + uint64_t *nqpq = point_buf + (uint32_t)10U; + uint64_t *nq2 = point_buf + (uint32_t)20U; + uint64_t *nqpq2 = point_buf + (uint32_t)30U; + Hacl_EC_Point_copy(nqpq, q); + nq[0U] = (uint64_t)1U; + Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U); + Hacl_EC_Point_copy(result, nq); +} + +void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint) +{ + uint64_t buf0[10U] = { 0U }; + uint64_t *x0 = buf0; + uint64_t *z = buf0 + (uint32_t)5U; + uint64_t *q; + Hacl_EC_Format_fexpand(x0, basepoint); + z[0U] = (uint64_t)1U; + q = buf0; + { + uint8_t e[32U] = { 0U }; + uint8_t e0; + uint8_t e31; + uint8_t e01; + uint8_t e311; + uint8_t e312; + uint8_t *scalar; + memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]); + e0 = e[0U]; + e31 = e[31U]; + e01 = e0 & (uint8_t)248U; + e311 = e31 & (uint8_t)127U; + e312 = e311 | (uint8_t)64U; + e[0U] = e01; + e[31U] = e312; + scalar = e; + { + uint64_t buf[15U] = { 0U }; + uint64_t *nq = buf; + uint64_t *x = nq; + x[0U] = (uint64_t)1U; + Hacl_EC_Ladder_cmult(nq, scalar, q); + Hacl_EC_Format_scalar_of_point(mypublic, nq); + } + } +} + diff --git a/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c b/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c new file mode 100644 index 000000000..1060515d9 --- /dev/null +++ b/3rdparty/everest/library/kremlib/FStar_UInt128_extracted.c @@ -0,0 +1,413 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KreMLin + * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir extracted -warn-error +9+11 -skip-compilation -extract-uints -add-include -add-include "kremlib.h" -add-include "kremlin/internal/compat.h" extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml + * F* version: 059db0c8 + * KreMLin version: 916c37ac + */ + + +#include "FStar_UInt128.h" +#include "kremlin/c_endianness.h" +#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h" + +uint64_t FStar_UInt128___proj__Mkuint128__item__low(FStar_UInt128_uint128 projectee) +{ + return projectee.low; +} + +uint64_t FStar_UInt128___proj__Mkuint128__item__high(FStar_UInt128_uint128 projectee) +{ + return projectee.high; +} + +static uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b) +{ + return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U; +} + +static uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) +{ + return FStar_UInt128_constant_time_carry(a, b); +} + +FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 + flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) }; + return flat; +} + +FStar_UInt128_uint128 +FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 + flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 + flat = { a.low + b.low, a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 + flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) }; + return flat; +} + +FStar_UInt128_uint128 +FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 + flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) }; + return flat; +} + +static FStar_UInt128_uint128 +FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 + flat = { a.low - b.low, a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return FStar_UInt128_sub_mod_impl(a, b); +} + +FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 flat = { a.low & b.low, a.high & b.high }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 flat = { a.low ^ b.low, a.high ^ b.high }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 flat = { a.low | b.low, a.high | b.high }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) +{ + FStar_UInt128_uint128 flat = { ~a.low, ~a.high }; + return flat; +} + +static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U; + +static uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s) +{ + return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s)); +} + +static uint64_t FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s) +{ + return FStar_UInt128_add_u64_shift_left(hi, lo, s); +} + +static FStar_UInt128_uint128 +FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s == (uint32_t)0U) + { + return a; + } + else + { + FStar_UInt128_uint128 + flat = { a.low << s, FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) }; + return flat; + } +} + +static FStar_UInt128_uint128 +FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) +{ + FStar_UInt128_uint128 flat = { (uint64_t)0U, a.low << (s - FStar_UInt128_u32_64) }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s < FStar_UInt128_u32_64) + { + return FStar_UInt128_shift_left_small(a, s); + } + else + { + return FStar_UInt128_shift_left_large(a, s); + } +} + +static uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s) +{ + return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s)); +} + +static uint64_t FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s) +{ + return FStar_UInt128_add_u64_shift_right(hi, lo, s); +} + +static FStar_UInt128_uint128 +FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s == (uint32_t)0U) + { + return a; + } + else + { + FStar_UInt128_uint128 + flat = { FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s), a.high >> s }; + return flat; + } +} + +static FStar_UInt128_uint128 +FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) +{ + FStar_UInt128_uint128 flat = { a.high >> (s - FStar_UInt128_u32_64), (uint64_t)0U }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) +{ + if (s < FStar_UInt128_u32_64) + { + return FStar_UInt128_shift_right_small(a, s); + } + else + { + return FStar_UInt128_shift_right_large(a, s); + } +} + +bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.low == b.low && a.high == b.high; +} + +bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high > b.high || (a.high == b.high && a.low > b.low); +} + +bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high < b.high || (a.high == b.high && a.low < b.low); +} + +bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high > b.high || (a.high == b.high && a.low >= b.low); +} + +bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + return a.high < b.high || (a.high == b.high && a.low <= b.low); +} + +FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 + flat = + { + FStar_UInt64_eq_mask(a.low, + b.low) + & FStar_UInt64_eq_mask(a.high, b.high), + FStar_UInt64_eq_mask(a.low, + b.low) + & FStar_UInt64_eq_mask(a.high, b.high) + }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) +{ + FStar_UInt128_uint128 + flat = + { + (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) + | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)), + (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) + | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) + }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) +{ + FStar_UInt128_uint128 flat = { a, (uint64_t)0U }; + return flat; +} + +uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a) +{ + return a.low; +} + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Plus_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_add; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Plus_Question_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_add_underspec; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Plus_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_add_mod; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Subtraction_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_sub; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Subtraction_Question_Hat)( + FStar_UInt128_uint128 x0, + FStar_UInt128_uint128 x1 +) = FStar_UInt128_sub_underspec; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Subtraction_Percent_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_sub_mod; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Amp_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_logand; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Hat_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_logxor; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Bar_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_logor; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Less_Less_Hat)(FStar_UInt128_uint128 x0, uint32_t x1) = + FStar_UInt128_shift_left; + +FStar_UInt128_uint128 +(*FStar_UInt128_op_Greater_Greater_Hat)(FStar_UInt128_uint128 x0, uint32_t x1) = + FStar_UInt128_shift_right; + +bool +(*FStar_UInt128_op_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_eq; + +bool +(*FStar_UInt128_op_Greater_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_gt; + +bool +(*FStar_UInt128_op_Less_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_lt; + +bool +(*FStar_UInt128_op_Greater_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_gte; + +bool +(*FStar_UInt128_op_Less_Equals_Hat)(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1) = + FStar_UInt128_lte; + +static uint64_t FStar_UInt128_u64_mod_32(uint64_t a) +{ + return a & (uint64_t)0xffffffffU; +} + +static uint32_t FStar_UInt128_u32_32 = (uint32_t)32U; + +static uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) +{ + return lo + (hi << FStar_UInt128_u32_32); +} + +FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) +{ + FStar_UInt128_uint128 + flat = + { + FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32) + * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)), + ((x >> FStar_UInt128_u32_32) + * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32)) + >> FStar_UInt128_u32_32 + }; + return flat; +} + +typedef struct K___uint64_t_uint64_t_uint64_t_uint64_t_s +{ + uint64_t fst; + uint64_t snd; + uint64_t thd; + uint64_t f3; +} +K___uint64_t_uint64_t_uint64_t_uint64_t; + +static K___uint64_t_uint64_t_uint64_t_uint64_t +FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y) +{ + K___uint64_t_uint64_t_uint64_t_uint64_t + flat = + { + FStar_UInt128_u64_mod_32(x), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)), + x + >> FStar_UInt128_u32_32, + (x >> FStar_UInt128_u32_32) + * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32) + }; + return flat; +} + +static uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) +{ + return lo + (hi << FStar_UInt128_u32_32); +} + +static FStar_UInt128_uint128 FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y) +{ + K___uint64_t_uint64_t_uint64_t_uint64_t scrut = FStar_UInt128_mul_wide_impl_t_(x, y); + uint64_t u1 = scrut.fst; + uint64_t w3 = scrut.snd; + uint64_t x_ = scrut.thd; + uint64_t t_ = scrut.f3; + FStar_UInt128_uint128 + flat = + { + FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), + w3), + x_ + * (y >> FStar_UInt128_u32_32) + + (t_ >> FStar_UInt128_u32_32) + + ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32) + }; + return flat; +} + +FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y) +{ + return FStar_UInt128_mul_wide_impl(x, y); +} + diff --git a/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c b/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c new file mode 100644 index 000000000..08265248f --- /dev/null +++ b/3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c @@ -0,0 +1,100 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KreMLin + * KreMLin invocation: ../krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrB9w -minimal -fparentheses -fcurly-braces -fno-shadow -header copyright-header.txt -minimal -tmpdir dist/minimal -skip-compilation -extract-uints -add-include -add-include -add-include "kremlin/internal/compat.h" -add-include "kremlin/internal/types.h" -bundle FStar.UInt64+FStar.UInt32+FStar.UInt16+FStar.UInt8=* extracted/prims.krml extracted/FStar_Pervasives_Native.krml extracted/FStar_Pervasives.krml extracted/FStar_Mul.krml extracted/FStar_Squash.krml extracted/FStar_Classical.krml extracted/FStar_StrongExcludedMiddle.krml extracted/FStar_FunctionalExtensionality.krml extracted/FStar_List_Tot_Base.krml extracted/FStar_List_Tot_Properties.krml extracted/FStar_List_Tot.krml extracted/FStar_Seq_Base.krml extracted/FStar_Seq_Properties.krml extracted/FStar_Seq.krml extracted/FStar_Math_Lib.krml extracted/FStar_Math_Lemmas.krml extracted/FStar_BitVector.krml extracted/FStar_UInt.krml extracted/FStar_UInt32.krml extracted/FStar_Int.krml extracted/FStar_Int16.krml extracted/FStar_Preorder.krml extracted/FStar_Ghost.krml extracted/FStar_ErasedLogic.krml extracted/FStar_UInt64.krml extracted/FStar_Set.krml extracted/FStar_PropositionalExtensionality.krml extracted/FStar_PredicateExtensionality.krml extracted/FStar_TSet.krml extracted/FStar_Monotonic_Heap.krml extracted/FStar_Heap.krml extracted/FStar_Map.krml extracted/FStar_Monotonic_HyperHeap.krml extracted/FStar_Monotonic_HyperStack.krml extracted/FStar_HyperStack.krml extracted/FStar_Monotonic_Witnessed.krml extracted/FStar_HyperStack_ST.krml extracted/FStar_HyperStack_All.krml extracted/FStar_Date.krml extracted/FStar_Universe.krml extracted/FStar_GSet.krml extracted/FStar_ModifiesGen.krml extracted/LowStar_Monotonic_Buffer.krml extracted/LowStar_Buffer.krml extracted/Spec_Loops.krml extracted/LowStar_BufferOps.krml extracted/C_Loops.krml extracted/FStar_UInt8.krml extracted/FStar_Kremlin_Endianness.krml extracted/FStar_UInt63.krml extracted/FStar_Exn.krml extracted/FStar_ST.krml extracted/FStar_All.krml extracted/FStar_Dyn.krml extracted/FStar_Int63.krml extracted/FStar_Int64.krml extracted/FStar_Int32.krml extracted/FStar_Int8.krml extracted/FStar_UInt16.krml extracted/FStar_Int_Cast.krml extracted/FStar_UInt128.krml extracted/C_Endianness.krml extracted/FStar_List.krml extracted/FStar_Float.krml extracted/FStar_IO.krml extracted/C.krml extracted/FStar_Char.krml extracted/FStar_String.krml extracted/LowStar_Modifies.krml extracted/C_String.krml extracted/FStar_Bytes.krml extracted/FStar_HyperStack_IO.krml extracted/C_Failure.krml extracted/TestLib.krml extracted/FStar_Int_Cast_Full.krml + * F* version: 059db0c8 + * KreMLin version: 916c37ac + */ + + +#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h" + +uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b) +{ + uint64_t x = a ^ b; + uint64_t minus_x = ~x + (uint64_t)1U; + uint64_t x_or_minus_x = x | minus_x; + uint64_t xnx = x_or_minus_x >> (uint32_t)63U; + return xnx - (uint64_t)1U; +} + +uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b) +{ + uint64_t x = a; + uint64_t y = b; + uint64_t x_xor_y = x ^ y; + uint64_t x_sub_y = x - y; + uint64_t x_sub_y_xor_y = x_sub_y ^ y; + uint64_t q = x_xor_y | x_sub_y_xor_y; + uint64_t x_xor_q = x ^ q; + uint64_t x_xor_q_ = x_xor_q >> (uint32_t)63U; + return x_xor_q_ - (uint64_t)1U; +} + +uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b) +{ + uint32_t x = a ^ b; + uint32_t minus_x = ~x + (uint32_t)1U; + uint32_t x_or_minus_x = x | minus_x; + uint32_t xnx = x_or_minus_x >> (uint32_t)31U; + return xnx - (uint32_t)1U; +} + +uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b) +{ + uint32_t x = a; + uint32_t y = b; + uint32_t x_xor_y = x ^ y; + uint32_t x_sub_y = x - y; + uint32_t x_sub_y_xor_y = x_sub_y ^ y; + uint32_t q = x_xor_y | x_sub_y_xor_y; + uint32_t x_xor_q = x ^ q; + uint32_t x_xor_q_ = x_xor_q >> (uint32_t)31U; + return x_xor_q_ - (uint32_t)1U; +} + +uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b) +{ + uint16_t x = a ^ b; + uint16_t minus_x = ~x + (uint16_t)1U; + uint16_t x_or_minus_x = x | minus_x; + uint16_t xnx = x_or_minus_x >> (uint32_t)15U; + return xnx - (uint16_t)1U; +} + +uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b) +{ + uint16_t x = a; + uint16_t y = b; + uint16_t x_xor_y = x ^ y; + uint16_t x_sub_y = x - y; + uint16_t x_sub_y_xor_y = x_sub_y ^ y; + uint16_t q = x_xor_y | x_sub_y_xor_y; + uint16_t x_xor_q = x ^ q; + uint16_t x_xor_q_ = x_xor_q >> (uint32_t)15U; + return x_xor_q_ - (uint16_t)1U; +} + +uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b) +{ + uint8_t x = a ^ b; + uint8_t minus_x = ~x + (uint8_t)1U; + uint8_t x_or_minus_x = x | minus_x; + uint8_t xnx = x_or_minus_x >> (uint32_t)7U; + return xnx - (uint8_t)1U; +} + +uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b) +{ + uint8_t x = a; + uint8_t y = b; + uint8_t x_xor_y = x ^ y; + uint8_t x_sub_y = x - y; + uint8_t x_sub_y_xor_y = x_sub_y ^ y; + uint8_t q = x_xor_y | x_sub_y_xor_y; + uint8_t x_xor_q = x ^ q; + uint8_t x_xor_q_ = x_xor_q >> (uint32_t)7U; + return x_xor_q_ - (uint8_t)1U; +} + diff --git a/3rdparty/everest/library/kremlib/fstar_uint128.c b/3rdparty/everest/library/kremlib/fstar_uint128.c new file mode 100644 index 000000000..cadfbc7fa --- /dev/null +++ b/3rdparty/everest/library/kremlib/fstar_uint128.c @@ -0,0 +1,216 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/******************************************************************************/ +/* Machine integers (128-bit arithmetic) */ +/******************************************************************************/ + +/* This header makes KreMLin-generated C code work with: + * - the default setting where we assume the target compiler defines __int128 + * - the setting where we use FStar.UInt128's implementation instead; in that + * case, generated C files must be compiled with -DKRML_VERIFIED_UINT128 + * - a refinement of the case above, wherein all structures are passed by + * reference, a.k.a. "-fnostruct-passing", meaning that the KreMLin-generated + * must be compiled with -DKRML_NOSTRUCT_PASSING + * Note: no MSVC support in this file. + */ + +#include "FStar_UInt128.h" +#include "kremlin/c_endianness.h" +#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h" + +#if !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) + +/* GCC + using native unsigned __int128 support */ + +uint128_t load128_le(uint8_t *b) { + uint128_t l = (uint128_t)load64_le(b); + uint128_t h = (uint128_t)load64_le(b + 8); + return (h << 64 | l); +} + +void store128_le(uint8_t *b, uint128_t n) { + store64_le(b, (uint64_t)n); + store64_le(b + 8, (uint64_t)(n >> 64)); +} + +uint128_t load128_be(uint8_t *b) { + uint128_t h = (uint128_t)load64_be(b); + uint128_t l = (uint128_t)load64_be(b + 8); + return (h << 64 | l); +} + +void store128_be(uint8_t *b, uint128_t n) { + store64_be(b, (uint64_t)(n >> 64)); + store64_be(b + 8, (uint64_t)n); +} + +uint128_t FStar_UInt128_add(uint128_t x, uint128_t y) { + return x + y; +} + +uint128_t FStar_UInt128_mul(uint128_t x, uint128_t y) { + return x * y; +} + +uint128_t FStar_UInt128_add_mod(uint128_t x, uint128_t y) { + return x + y; +} + +uint128_t FStar_UInt128_sub(uint128_t x, uint128_t y) { + return x - y; +} + +uint128_t FStar_UInt128_sub_mod(uint128_t x, uint128_t y) { + return x - y; +} + +uint128_t FStar_UInt128_logand(uint128_t x, uint128_t y) { + return x & y; +} + +uint128_t FStar_UInt128_logor(uint128_t x, uint128_t y) { + return x | y; +} + +uint128_t FStar_UInt128_logxor(uint128_t x, uint128_t y) { + return x ^ y; +} + +uint128_t FStar_UInt128_lognot(uint128_t x) { + return ~x; +} + +uint128_t FStar_UInt128_shift_left(uint128_t x, uint32_t y) { + return x << y; +} + +uint128_t FStar_UInt128_shift_right(uint128_t x, uint32_t y) { + return x >> y; +} + +uint128_t FStar_UInt128_uint64_to_uint128(uint64_t x) { + return (uint128_t)x; +} + +uint64_t FStar_UInt128_uint128_to_uint64(uint128_t x) { + return (uint64_t)x; +} + +uint128_t FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { + return ((uint128_t) x) * y; +} + +uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) { + uint64_t mask = + FStar_UInt64_eq_mask((uint64_t)(x >> 64), (uint64_t)(y >> 64)) & + FStar_UInt64_eq_mask(x, y); + return ((uint128_t)mask) << 64 | mask; +} + +uint128_t FStar_UInt128_gte_mask(uint128_t x, uint128_t y) { + uint64_t mask = + (FStar_UInt64_gte_mask(x >> 64, y >> 64) & + ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) | + (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask(x, y)); + return ((uint128_t)mask) << 64 | mask; +} + +uint128_t FStar_Int_Cast_Full_uint64_to_uint128(uint64_t x) { + return x; +} + +uint64_t FStar_Int_Cast_Full_uint128_to_uint64(uint128_t x) { + return x; +} + +#elif !defined(_MSC_VER) && defined(KRML_VERIFIED_UINT128) + +/* Verified uint128 implementation. */ + +/* Access 64-bit fields within the int128. */ +#define HIGH64_OF(x) ((x)->high) +#define LOW64_OF(x) ((x)->low) + +typedef FStar_UInt128_uint128 FStar_UInt128_t_, uint128_t; + +/* A series of definitions written using pointers. */ + +void load128_le_(uint8_t *b, uint128_t *r) { + LOW64_OF(r) = load64_le(b); + HIGH64_OF(r) = load64_le(b + 8); +} + +void store128_le_(uint8_t *b, uint128_t *n) { + store64_le(b, LOW64_OF(n)); + store64_le(b + 8, HIGH64_OF(n)); +} + +void load128_be_(uint8_t *b, uint128_t *r) { + HIGH64_OF(r) = load64_be(b); + LOW64_OF(r) = load64_be(b + 8); +} + +void store128_be_(uint8_t *b, uint128_t *n) { + store64_be(b, HIGH64_OF(n)); + store64_be(b + 8, LOW64_OF(n)); +} + +void +FStar_Int_Cast_Full_uint64_to_uint128_(uint64_t x, uint128_t *dst) { + /* C89 */ + LOW64_OF(dst) = x; + HIGH64_OF(dst) = 0; +} + +uint64_t FStar_Int_Cast_Full_uint128_to_uint64_(uint128_t *x) { + return LOW64_OF(x); +} + +# ifndef KRML_NOSTRUCT_PASSING + +uint128_t load128_le(uint8_t *b) { + uint128_t r; + load128_le_(b, &r); + return r; +} + +void store128_le(uint8_t *b, uint128_t n) { + store128_le_(b, &n); +} + +uint128_t load128_be(uint8_t *b) { + uint128_t r; + load128_be_(b, &r); + return r; +} + +void store128_be(uint8_t *b, uint128_t n) { + store128_be_(b, &n); +} + +uint128_t FStar_Int_Cast_Full_uint64_to_uint128(uint64_t x) { + uint128_t dst; + FStar_Int_Cast_Full_uint64_to_uint128_(x, &dst); + return dst; +} + +uint64_t FStar_Int_Cast_Full_uint128_to_uint64(uint128_t x) { + return FStar_Int_Cast_Full_uint128_to_uint64_(&x); +} + +# else /* !defined(KRML_STRUCT_PASSING) */ + +# define print128 print128_ +# define load128_le load128_le_ +# define store128_le store128_le_ +# define load128_be load128_be_ +# define store128_be store128_be_ +# define FStar_Int_Cast_Full_uint128_to_uint64 \ + FStar_Int_Cast_Full_uint128_to_uint64_ +# define FStar_Int_Cast_Full_uint64_to_uint128 \ + FStar_Int_Cast_Full_uint64_to_uint128_ + +# endif /* KRML_STRUCT_PASSING */ + +#endif From 2a9684e7c9475c17351bb0717fc46330a8459dd5 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 25 Oct 2018 12:32:55 +0100 Subject: [PATCH 02/78] ECDH: Add VS2010 support files for Everest Curve25519 --- .../include/everest/vs2010/Hacl_Curve25519.h | 21 + .../everest/include/everest/vs2010/inttypes.h | 36 + .../everest/include/everest/vs2010/stdbool.h | 31 + .../everest/library/vs2010/Hacl_Curve25519.c | 805 ++++++++++++++++++ 4 files changed, 893 insertions(+) create mode 100644 3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h create mode 100644 3rdparty/everest/include/everest/vs2010/inttypes.h create mode 100644 3rdparty/everest/include/everest/vs2010/stdbool.h create mode 100644 3rdparty/everest/library/vs2010/Hacl_Curve25519.c diff --git a/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h b/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h new file mode 100644 index 000000000..27ebe0794 --- /dev/null +++ b/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h @@ -0,0 +1,21 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KreMLin + * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c + * F* version: 059db0c8 + * KreMLin version: 916c37ac + */ + + + +#ifndef __Hacl_Curve25519_H +#define __Hacl_Curve25519_H + + +#include "kremlib.h" + +void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint); + +#define __Hacl_Curve25519_H_DEFINED +#endif diff --git a/3rdparty/everest/include/everest/vs2010/inttypes.h b/3rdparty/everest/include/everest/vs2010/inttypes.h new file mode 100644 index 000000000..d53f87f21 --- /dev/null +++ b/3rdparty/everest/include/everest/vs2010/inttypes.h @@ -0,0 +1,36 @@ +/* + * Custom inttypes.h for VS2010 KreMLin requires these definitions, + * but VS2010 doesn't provide them. + * + * Copyright 2016-2018 INRIA and Microsoft Corporation + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef _INTTYPES_H_VS2010 +#define _INTTYPES_H_VS2010 + +#include + +#ifdef _MSC_VER +#define inline __inline +#endif + +/* VS2010 unsigned long == 8 bytes */ + +#define PRIu64 "I64u" + +#endif diff --git a/3rdparty/everest/include/everest/vs2010/stdbool.h b/3rdparty/everest/include/everest/vs2010/stdbool.h new file mode 100644 index 000000000..5b7039c4f --- /dev/null +++ b/3rdparty/everest/include/everest/vs2010/stdbool.h @@ -0,0 +1,31 @@ +/* + * Custom stdbool.h for VS2010 KreMLin requires these definitions, + * but VS2010 doesn't provide them. + * + * Copyright 2016-2018 INRIA and Microsoft Corporation + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef _STDBOOL_H_VS2010 +#define _STDBOOL_H_VS2010 + +typedef int bool; + +static bool true = 1; +static bool false = 0; + +#endif diff --git a/3rdparty/everest/library/vs2010/Hacl_Curve25519.c b/3rdparty/everest/library/vs2010/Hacl_Curve25519.c new file mode 100644 index 000000000..babebe4f1 --- /dev/null +++ b/3rdparty/everest/library/vs2010/Hacl_Curve25519.c @@ -0,0 +1,805 @@ +/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. + Licensed under the Apache 2.0 License. */ + +/* This file was generated by KreMLin + * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c + * F* version: 059db0c8 + * KreMLin version: 916c37ac + */ + + +#include "Hacl_Curve25519.h" + +extern uint64_t FStar_UInt64_eq_mask(uint64_t x0, uint64_t x1); + +extern uint64_t FStar_UInt64_gte_mask(uint64_t x0, uint64_t x1); + +extern FStar_UInt128_uint128 +FStar_UInt128_add(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +FStar_UInt128_add_mod(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 +FStar_UInt128_logand(FStar_UInt128_uint128 x0, FStar_UInt128_uint128 x1); + +extern FStar_UInt128_uint128 FStar_UInt128_shift_right(FStar_UInt128_uint128 x0, uint32_t x1); + +extern FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t x0); + +extern uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 x0); + +extern FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x0, uint64_t x1); + +static void Hacl_Bignum_Modulo_carry_top(uint64_t *b) +{ + uint64_t b4 = b[4U]; + uint64_t b0 = b[0U]; + uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU; + uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U); + b[4U] = b4_; + b[0U] = b0_; +} + +inline static void +Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, FStar_UInt128_uint128 *input) +{ + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + FStar_UInt128_uint128 xi = input[i]; + output[i] = FStar_UInt128_uint128_to_uint64(xi); + } +} + +inline static void +Hacl_Bignum_Fproduct_sum_scalar_multiplication_( + FStar_UInt128_uint128 *output, + uint64_t *input, + uint64_t s +) +{ + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + FStar_UInt128_uint128 xi = output[i]; + uint64_t yi = input[i]; + output[i] = FStar_UInt128_add_mod(xi, FStar_UInt128_mul_wide(yi, s)); + } +} + +inline static void Hacl_Bignum_Fproduct_carry_wide_(FStar_UInt128_uint128 *tmp) +{ + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) + { + uint32_t ctr = i; + FStar_UInt128_uint128 tctr = tmp[ctr]; + FStar_UInt128_uint128 tctrp1 = tmp[ctr + (uint32_t)1U]; + uint64_t r0 = FStar_UInt128_uint128_to_uint64(tctr) & (uint64_t)0x7ffffffffffffU; + FStar_UInt128_uint128 c = FStar_UInt128_shift_right(tctr, (uint32_t)51U); + tmp[ctr] = FStar_UInt128_uint64_to_uint128(r0); + tmp[ctr + (uint32_t)1U] = FStar_UInt128_add(tctrp1, c); + } +} + +inline static void Hacl_Bignum_Fmul_shift_reduce(uint64_t *output) +{ + uint64_t tmp = output[4U]; + uint64_t b0; + { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) + { + uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U; + uint64_t z = output[ctr - (uint32_t)1U]; + output[ctr] = z; + } + } + output[0U] = tmp; + b0 = output[0U]; + output[0U] = (uint64_t)19U * b0; +} + +static void +Hacl_Bignum_Fmul_mul_shift_reduce_( + FStar_UInt128_uint128 *output, + uint64_t *input, + uint64_t *input2 +) +{ + uint32_t i; + uint64_t input2i; + { + uint32_t i0; + for (i0 = (uint32_t)0U; i0 < (uint32_t)4U; i0 = i0 + (uint32_t)1U) + { + uint64_t input2i0 = input2[i0]; + Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i0); + Hacl_Bignum_Fmul_shift_reduce(input); + } + } + i = (uint32_t)4U; + input2i = input2[i]; + Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); +} + +inline static void Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input2) +{ + uint64_t tmp[5U] = { 0U }; + memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); + KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U); + { + FStar_UInt128_uint128 t[5U]; + { + uint32_t _i; + for (_i = 0U; _i < (uint32_t)5U; ++_i) + t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); + } + { + FStar_UInt128_uint128 b4; + FStar_UInt128_uint128 b0; + FStar_UInt128_uint128 b4_; + FStar_UInt128_uint128 b0_; + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; + Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); + Hacl_Bignum_Fproduct_carry_wide_(t); + b4 = t[4U]; + b0 = t[0U]; + b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); + b0_ = + FStar_UInt128_add(b0, + FStar_UInt128_mul_wide((uint64_t)19U, + FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); + t[4U] = b4_; + t[0U] = b0_; + Hacl_Bignum_Fproduct_copy_from_wide_(output, t); + i0 = output[0U]; + i1 = output[1U]; + i0_ = i0 & (uint64_t)0x7ffffffffffffU; + i1_ = i1 + (i0 >> (uint32_t)51U); + output[0U] = i0_; + output[1U] = i1_; + } + } +} + +inline static void Hacl_Bignum_Fsquare_fsquare__(FStar_UInt128_uint128 *tmp, uint64_t *output) +{ + uint64_t r0 = output[0U]; + uint64_t r1 = output[1U]; + uint64_t r2 = output[2U]; + uint64_t r3 = output[3U]; + uint64_t r4 = output[4U]; + uint64_t d0 = r0 * (uint64_t)2U; + uint64_t d1 = r1 * (uint64_t)2U; + uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U; + uint64_t d419 = r4 * (uint64_t)19U; + uint64_t d4 = d419 * (uint64_t)2U; + FStar_UInt128_uint128 + s0 = + FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0), + FStar_UInt128_mul_wide(d4, r1)), + FStar_UInt128_mul_wide(d2, r3)); + FStar_UInt128_uint128 + s1 = + FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1), + FStar_UInt128_mul_wide(d4, r2)), + FStar_UInt128_mul_wide(r3 * (uint64_t)19U, r3)); + FStar_UInt128_uint128 + s2 = + FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2), + FStar_UInt128_mul_wide(r1, r1)), + FStar_UInt128_mul_wide(d4, r3)); + FStar_UInt128_uint128 + s3 = + FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3), + FStar_UInt128_mul_wide(d1, r2)), + FStar_UInt128_mul_wide(r4, d419)); + FStar_UInt128_uint128 + s4 = + FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4), + FStar_UInt128_mul_wide(d1, r3)), + FStar_UInt128_mul_wide(r2, r2)); + tmp[0U] = s0; + tmp[1U] = s1; + tmp[2U] = s2; + tmp[3U] = s3; + tmp[4U] = s4; +} + +inline static void Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_uint128 *tmp, uint64_t *output) +{ + FStar_UInt128_uint128 b4; + FStar_UInt128_uint128 b0; + FStar_UInt128_uint128 b4_; + FStar_UInt128_uint128 b0_; + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; + Hacl_Bignum_Fsquare_fsquare__(tmp, output); + Hacl_Bignum_Fproduct_carry_wide_(tmp); + b4 = tmp[4U]; + b0 = tmp[0U]; + b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); + b0_ = + FStar_UInt128_add(b0, + FStar_UInt128_mul_wide((uint64_t)19U, + FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); + tmp[4U] = b4_; + tmp[0U] = b0_; + Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); + i0 = output[0U]; + i1 = output[1U]; + i0_ = i0 & (uint64_t)0x7ffffffffffffU; + i1_ = i1 + (i0 >> (uint32_t)51U); + output[0U] = i0_; + output[1U] = i1_; +} + +static void +Hacl_Bignum_Fsquare_fsquare_times_( + uint64_t *input, + FStar_UInt128_uint128 *tmp, + uint32_t count1 +) +{ + uint32_t i; + Hacl_Bignum_Fsquare_fsquare_(tmp, input); + for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U) + Hacl_Bignum_Fsquare_fsquare_(tmp, input); +} + +inline static void +Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1) +{ + KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U); + { + FStar_UInt128_uint128 t[5U]; + { + uint32_t _i; + for (_i = 0U; _i < (uint32_t)5U; ++_i) + t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); + } + memcpy(output, input, (uint32_t)5U * sizeof input[0U]); + Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); + } +} + +inline static void Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1) +{ + KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U); + { + FStar_UInt128_uint128 t[5U]; + { + uint32_t _i; + for (_i = 0U; _i < (uint32_t)5U; ++_i) + t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); + } + Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); + } +} + +inline static void Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z) +{ + uint64_t buf[20U] = { 0U }; + uint64_t *a0 = buf; + uint64_t *t00 = buf + (uint32_t)5U; + uint64_t *b0 = buf + (uint32_t)10U; + uint64_t *t01; + uint64_t *b1; + uint64_t *c0; + uint64_t *a; + uint64_t *t0; + uint64_t *b; + uint64_t *c; + Hacl_Bignum_Fsquare_fsquare_times(a0, z, (uint32_t)1U); + Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)2U); + Hacl_Bignum_Fmul_fmul(b0, t00, z); + Hacl_Bignum_Fmul_fmul(a0, b0, a0); + Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)1U); + Hacl_Bignum_Fmul_fmul(b0, t00, b0); + Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U); + t01 = buf + (uint32_t)5U; + b1 = buf + (uint32_t)10U; + c0 = buf + (uint32_t)15U; + Hacl_Bignum_Fmul_fmul(b1, t01, b1); + Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U); + Hacl_Bignum_Fmul_fmul(c0, t01, b1); + Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U); + Hacl_Bignum_Fmul_fmul(t01, t01, c0); + Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U); + Hacl_Bignum_Fmul_fmul(b1, t01, b1); + Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U); + a = buf; + t0 = buf + (uint32_t)5U; + b = buf + (uint32_t)10U; + c = buf + (uint32_t)15U; + Hacl_Bignum_Fmul_fmul(c, t0, b); + Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U); + Hacl_Bignum_Fmul_fmul(t0, t0, c); + Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U); + Hacl_Bignum_Fmul_fmul(t0, t0, b); + Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U); + Hacl_Bignum_Fmul_fmul(out, t0, a); +} + +inline static void Hacl_Bignum_fsum(uint64_t *a, uint64_t *b) +{ + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + uint64_t xi = a[i]; + uint64_t yi = b[i]; + a[i] = xi + yi; + } +} + +inline static void Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b) +{ + uint64_t tmp[5U] = { 0U }; + uint64_t b0; + uint64_t b1; + uint64_t b2; + uint64_t b3; + uint64_t b4; + memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]); + b0 = tmp[0U]; + b1 = tmp[1U]; + b2 = tmp[2U]; + b3 = tmp[3U]; + b4 = tmp[4U]; + tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U; + tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U; + tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U; + tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U; + tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U; + { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + uint64_t xi = a[i]; + uint64_t yi = tmp[i]; + a[i] = yi - xi; + } + } +} + +inline static void Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s) +{ + KRML_CHECK_SIZE(sizeof (FStar_UInt128_uint128), (uint32_t)5U); + { + FStar_UInt128_uint128 tmp[5U]; + { + uint32_t _i; + for (_i = 0U; _i < (uint32_t)5U; ++_i) + tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); + } + { + FStar_UInt128_uint128 b4; + FStar_UInt128_uint128 b0; + FStar_UInt128_uint128 b4_; + FStar_UInt128_uint128 b0_; + { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + { + uint64_t xi = b[i]; + tmp[i] = FStar_UInt128_mul_wide(xi, s); + } + } + Hacl_Bignum_Fproduct_carry_wide_(tmp); + b4 = tmp[4U]; + b0 = tmp[0U]; + b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); + b0_ = + FStar_UInt128_add(b0, + FStar_UInt128_mul_wide((uint64_t)19U, + FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); + tmp[4U] = b4_; + tmp[0U] = b0_; + Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); + } + } +} + +inline static void Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b) +{ + Hacl_Bignum_Fmul_fmul(output, a, b); +} + +inline static void Hacl_Bignum_crecip(uint64_t *output, uint64_t *input) +{ + Hacl_Bignum_Crecip_crecip(output, input); +} + +static void +Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr) +{ + uint32_t i = ctr - (uint32_t)1U; + uint64_t ai = a[i]; + uint64_t bi = b[i]; + uint64_t x = swap1 & (ai ^ bi); + uint64_t ai1 = ai ^ x; + uint64_t bi1 = bi ^ x; + a[i] = ai1; + b[i] = bi1; +} + +static void +Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr) +{ + if (!(ctr == (uint32_t)0U)) + { + uint32_t i; + Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr); + i = ctr - (uint32_t)1U; + Hacl_EC_Point_swap_conditional_(a, b, swap1, i); + } +} + +static void Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap) +{ + uint64_t swap1 = (uint64_t)0U - iswap; + Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U); + Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U); +} + +static void Hacl_EC_Point_copy(uint64_t *output, uint64_t *input) +{ + memcpy(output, input, (uint32_t)5U * sizeof input[0U]); + memcpy(output + (uint32_t)5U, + input + (uint32_t)5U, + (uint32_t)5U * sizeof (input + (uint32_t)5U)[0U]); +} + +static void Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input) +{ + uint64_t i0 = load64_le(input); + uint8_t *x00 = input + (uint32_t)6U; + uint64_t i1 = load64_le(x00); + uint8_t *x01 = input + (uint32_t)12U; + uint64_t i2 = load64_le(x01); + uint8_t *x02 = input + (uint32_t)19U; + uint64_t i3 = load64_le(x02); + uint8_t *x0 = input + (uint32_t)24U; + uint64_t i4 = load64_le(x0); + uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU; + uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU; + uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU; + uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU; + uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU; + output[0U] = output0; + output[1U] = output1; + output[2U] = output2; + output[3U] = output3; + output[4U] = output4; +} + +static void Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input) +{ + uint64_t t0 = input[0U]; + uint64_t t1 = input[1U]; + uint64_t t2 = input[2U]; + uint64_t t3 = input[3U]; + uint64_t t4 = input[4U]; + uint64_t t1_ = t1 + (t0 >> (uint32_t)51U); + uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU; + uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U); + uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU; + uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U); + uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU; + uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U); + uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU; + input[0U] = t0_; + input[1U] = t1__; + input[2U] = t2__; + input[3U] = t3__; + input[4U] = t4_; +} + +static void Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input) +{ + Hacl_EC_Format_fcontract_first_carry_pass(input); + Hacl_Bignum_Modulo_carry_top(input); +} + +static void Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input) +{ + uint64_t t0 = input[0U]; + uint64_t t1 = input[1U]; + uint64_t t2 = input[2U]; + uint64_t t3 = input[3U]; + uint64_t t4 = input[4U]; + uint64_t t1_ = t1 + (t0 >> (uint32_t)51U); + uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU; + uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U); + uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU; + uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U); + uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU; + uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U); + uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU; + input[0U] = t0_; + input[1U] = t1__; + input[2U] = t2__; + input[3U] = t3__; + input[4U] = t4_; +} + +static void Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input) +{ + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; + Hacl_EC_Format_fcontract_second_carry_pass(input); + Hacl_Bignum_Modulo_carry_top(input); + i0 = input[0U]; + i1 = input[1U]; + i0_ = i0 & (uint64_t)0x7ffffffffffffU; + i1_ = i1 + (i0 >> (uint32_t)51U); + input[0U] = i0_; + input[1U] = i1_; +} + +static void Hacl_EC_Format_fcontract_trim(uint64_t *input) +{ + uint64_t a0 = input[0U]; + uint64_t a1 = input[1U]; + uint64_t a2 = input[2U]; + uint64_t a3 = input[3U]; + uint64_t a4 = input[4U]; + uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU); + uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU); + uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU); + uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU); + uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU); + uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4; + uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask); + uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask); + uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask); + uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask); + uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask); + input[0U] = a0_; + input[1U] = a1_; + input[2U] = a2_; + input[3U] = a3_; + input[4U] = a4_; +} + +static void Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input) +{ + uint64_t t0 = input[0U]; + uint64_t t1 = input[1U]; + uint64_t t2 = input[2U]; + uint64_t t3 = input[3U]; + uint64_t t4 = input[4U]; + uint64_t o0 = t1 << (uint32_t)51U | t0; + uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U; + uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U; + uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U; + uint8_t *b0 = output; + uint8_t *b1 = output + (uint32_t)8U; + uint8_t *b2 = output + (uint32_t)16U; + uint8_t *b3 = output + (uint32_t)24U; + store64_le(b0, o0); + store64_le(b1, o1); + store64_le(b2, o2); + store64_le(b3, o3); +} + +static void Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input) +{ + Hacl_EC_Format_fcontract_first_carry_full(input); + Hacl_EC_Format_fcontract_second_carry_full(input); + Hacl_EC_Format_fcontract_trim(input); + Hacl_EC_Format_fcontract_store(output, input); +} + +static void Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point) +{ + uint64_t *x = point; + uint64_t *z = point + (uint32_t)5U; + uint64_t buf[10U] = { 0U }; + uint64_t *zmone = buf; + uint64_t *sc = buf + (uint32_t)5U; + Hacl_Bignum_crecip(zmone, z); + Hacl_Bignum_fmul(sc, x, zmone); + Hacl_EC_Format_fcontract(scalar, sc); +} + +static void +Hacl_EC_AddAndDouble_fmonty( + uint64_t *pp, + uint64_t *ppq, + uint64_t *p, + uint64_t *pq, + uint64_t *qmqp +) +{ + uint64_t *qx = qmqp; + uint64_t *x2 = pp; + uint64_t *z2 = pp + (uint32_t)5U; + uint64_t *x3 = ppq; + uint64_t *z3 = ppq + (uint32_t)5U; + uint64_t *x = p; + uint64_t *z = p + (uint32_t)5U; + uint64_t *xprime = pq; + uint64_t *zprime = pq + (uint32_t)5U; + uint64_t buf[40U] = { 0U }; + uint64_t *origx = buf; + uint64_t *origxprime0 = buf + (uint32_t)5U; + uint64_t *xxprime0 = buf + (uint32_t)25U; + uint64_t *zzprime0 = buf + (uint32_t)30U; + uint64_t *origxprime; + uint64_t *xx0; + uint64_t *zz0; + uint64_t *xxprime; + uint64_t *zzprime; + uint64_t *zzzprime; + uint64_t *zzz; + uint64_t *xx; + uint64_t *zz; + uint64_t scalar; + memcpy(origx, x, (uint32_t)5U * sizeof x[0U]); + Hacl_Bignum_fsum(x, z); + Hacl_Bignum_fdifference(z, origx); + memcpy(origxprime0, xprime, (uint32_t)5U * sizeof xprime[0U]); + Hacl_Bignum_fsum(xprime, zprime); + Hacl_Bignum_fdifference(zprime, origxprime0); + Hacl_Bignum_fmul(xxprime0, xprime, z); + Hacl_Bignum_fmul(zzprime0, x, zprime); + origxprime = buf + (uint32_t)5U; + xx0 = buf + (uint32_t)15U; + zz0 = buf + (uint32_t)20U; + xxprime = buf + (uint32_t)25U; + zzprime = buf + (uint32_t)30U; + zzzprime = buf + (uint32_t)35U; + memcpy(origxprime, xxprime, (uint32_t)5U * sizeof xxprime[0U]); + Hacl_Bignum_fsum(xxprime, zzprime); + Hacl_Bignum_fdifference(zzprime, origxprime); + Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U); + Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U); + Hacl_Bignum_fmul(z3, zzzprime, qx); + Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U); + Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U); + zzz = buf + (uint32_t)10U; + xx = buf + (uint32_t)15U; + zz = buf + (uint32_t)20U; + Hacl_Bignum_fmul(x2, xx, zz); + Hacl_Bignum_fdifference(zz, xx); + scalar = (uint64_t)121665U; + Hacl_Bignum_fscalar(zzz, zz, scalar); + Hacl_Bignum_fsum(zzz, xx); + Hacl_Bignum_fmul(z2, zzz, zz); +} + +static void +Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step( + uint64_t *nq, + uint64_t *nqpq, + uint64_t *nq2, + uint64_t *nqpq2, + uint64_t *q, + uint8_t byt +) +{ + uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U); + uint64_t bit; + Hacl_EC_Point_swap_conditional(nq, nqpq, bit0); + Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q); + bit = (uint64_t)(byt >> (uint32_t)7U); + Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit); +} + +static void +Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step( + uint64_t *nq, + uint64_t *nqpq, + uint64_t *nq2, + uint64_t *nqpq2, + uint64_t *q, + uint8_t byt +) +{ + uint8_t byt1; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt); + byt1 = byt << (uint32_t)1U; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1); +} + +static void +Hacl_EC_Ladder_SmallLoop_cmult_small_loop( + uint64_t *nq, + uint64_t *nqpq, + uint64_t *nq2, + uint64_t *nqpq2, + uint64_t *q, + uint8_t byt, + uint32_t i +) +{ + if (!(i == (uint32_t)0U)) + { + uint32_t i_ = i - (uint32_t)1U; + uint8_t byt_; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt); + byt_ = byt << (uint32_t)2U; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_); + } +} + +static void +Hacl_EC_Ladder_BigLoop_cmult_big_loop( + uint8_t *n1, + uint64_t *nq, + uint64_t *nqpq, + uint64_t *nq2, + uint64_t *nqpq2, + uint64_t *q, + uint32_t i +) +{ + if (!(i == (uint32_t)0U)) + { + uint32_t i1 = i - (uint32_t)1U; + uint8_t byte = n1[i1]; + Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U); + Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1); + } +} + +static void Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q) +{ + uint64_t point_buf[40U] = { 0U }; + uint64_t *nq = point_buf; + uint64_t *nqpq = point_buf + (uint32_t)10U; + uint64_t *nq2 = point_buf + (uint32_t)20U; + uint64_t *nqpq2 = point_buf + (uint32_t)30U; + Hacl_EC_Point_copy(nqpq, q); + nq[0U] = (uint64_t)1U; + Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U); + Hacl_EC_Point_copy(result, nq); +} + +void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint) +{ + uint64_t buf0[10U] = { 0U }; + uint64_t *x0 = buf0; + uint64_t *z = buf0 + (uint32_t)5U; + uint64_t *q; + Hacl_EC_Format_fexpand(x0, basepoint); + z[0U] = (uint64_t)1U; + q = buf0; + { + uint8_t e[32U] = { 0U }; + uint8_t e0; + uint8_t e31; + uint8_t e01; + uint8_t e311; + uint8_t e312; + uint8_t *scalar; + memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]); + e0 = e[0U]; + e31 = e[31U]; + e01 = e0 & (uint8_t)248U; + e311 = e31 & (uint8_t)127U; + e312 = e311 | (uint8_t)64U; + e[0U] = e01; + e[31U] = e312; + scalar = e; + { + uint64_t buf[15U] = { 0U }; + uint64_t *nq = buf; + uint64_t *x = nq; + x[0U] = (uint64_t)1U; + Hacl_EC_Ladder_cmult(nq, scalar, q); + Hacl_EC_Format_scalar_of_point(mypublic, nq); + } + } +} + From de4fcf2ae3d9146af902c85308cac1a16c614fef Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 25 Oct 2018 12:41:04 +0100 Subject: [PATCH 03/78] ECDH: Add new ECDH context for Everest Curve25519 --- 3rdparty/everest/include/everest/everest.h | 228 +++++++++++++++++++++ 3rdparty/everest/include/everest/x25519.h | 181 ++++++++++++++++ 3rdparty/everest/library/everest.c | 151 ++++++++++++++ 3rdparty/everest/library/x25519.c | 187 +++++++++++++++++ include/mbedtls/config.h | 16 ++ include/mbedtls/ecdh.h | 11 + 6 files changed, 774 insertions(+) create mode 100644 3rdparty/everest/include/everest/everest.h create mode 100644 3rdparty/everest/include/everest/x25519.h create mode 100644 3rdparty/everest/library/everest.c create mode 100644 3rdparty/everest/library/x25519.c diff --git a/3rdparty/everest/include/everest/everest.h b/3rdparty/everest/include/everest/everest.h new file mode 100644 index 000000000..aceeeae69 --- /dev/null +++ b/3rdparty/everest/include/everest/everest.h @@ -0,0 +1,228 @@ +/* + * Interface to code from Project Everest + * + * Copyright 2016-2018 INRIA and Microsoft Corporation + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org). + */ + +#ifndef MBEDTLS_EVEREST_H +#define MBEDTLS_EVEREST_H + +#ifdef __cplusplus +extern "C" { +#endif + +struct mbedtls_ecdh_context; +typedef struct mbedtls_ecdh_context mbedtls_ecdh_context; + +struct mbedtls_x25519_context_; + +typedef struct { + struct mbedtls_x25519_context_ *ctx; +} mbedtls_ecdh_context_everest; + + +/** + * \brief This function sets up the ECDH context with the information + * given. + * + * This function should be called after mbedtls_ecdh_init() but + * before mbedtls_ecdh_make_params(). There is no need to call + * this function before mbedtls_ecdh_read_params(). + * + * This is the first function used by a TLS server for ECDHE + * ciphersuites. + * + * \param ctx The ECDH context to set up. + * \param grp The group id of the group to set up the context for. + * + * \return \c 0 on success. + */ +int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp ); + +/** + * \brief This function frees a context. + * + * \param ctx The context to free. + */ +void mbedtls_everest_free( mbedtls_ecdh_context *ctx ); + +/** + * \brief This function generates a public key and a TLS + * ServerKeyExchange payload. + * + * This is the second function used by a TLS server for ECDHE + * ciphersuites. (It is called after mbedtls_ecdh_setup().) + * + * \note This function assumes that the ECP group (grp) of the + * \p ctx context has already been properly set, + * for example, using mbedtls_ecp_group_load(). + * + * \see ecp.h + * + * \param ctx The ECDH context. + * \param olen The number of characters written. + * \param buf The destination buffer. + * \param blen The length of the destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + */ +int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ); + +/** + * \brief This function parses and processes a TLS ServerKeyExhange + * payload. + * + * This is the first function used by a TLS client for ECDHE + * ciphersuites. + * + * \see ecp.h + * + * \param ctx The ECDH context. + * \param buf The pointer to the start of the input buffer. + * \param end The address for one Byte past the end of the buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + * + */ +int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, + const unsigned char **buf, const unsigned char *end ); + +/** + * \brief This function parses and processes a TLS ServerKeyExhange + * payload. + * + * This is the first function used by a TLS client for ECDHE + * ciphersuites. + * + * \see ecp.h + * + * \param ctx The ECDH context. + * \param buf The pointer to the start of the input buffer. + * \param end The address for one Byte past the end of the buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + * + */ +int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, + const unsigned char **buf, const unsigned char *end ); + +/** + * \brief This function sets up an ECDH context from an EC key. + * + * It is used by clients and servers in place of the + * ServerKeyEchange for static ECDH, and imports ECDH + * parameters from the EC key information of a certificate. + * + * \see ecp.h + * + * \param ctx The ECDH context to set up. + * \param key The EC key to use. + * \param side Defines the source of the key: 1: Our key, or + * 0: The key of the peer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + * + */ +int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, + int side ); + +/** + * \brief This function generates a public key and a TLS + * ClientKeyExchange payload. + * + * This is the second function used by a TLS client for ECDH(E) + * ciphersuites. + * + * \see ecp.h + * + * \param ctx The ECDH context. + * \param olen The number of Bytes written. + * \param buf The destination buffer. + * \param blen The size of the destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + */ +int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ); + +/** + * \brief This function parses and processes a TLS ClientKeyExchange + * payload. + * + * This is the third function used by a TLS server for ECDH(E) + * ciphersuites. (It is called after mbedtls_ecdh_setup() and + * mbedtls_ecdh_make_params().) + * + * \see ecp.h + * + * \param ctx The ECDH context. + * \param buf The start of the input buffer. + * \param blen The length of the input buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + */ +int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx, + const unsigned char *buf, size_t blen ); + +/** + * \brief This function derives and exports the shared secret. + * + * This is the last function used by both TLS client + * and servers. + * + * \note If \p f_rng is not NULL, it is used to implement + * countermeasures against side-channel attacks. + * For more information, see mbedtls_ecp_mul(). + * + * \see ecp.h + * + * \param ctx The ECDH context. + * \param olen The number of Bytes written. + * \param buf The destination buffer. + * \param blen The length of the destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + */ +int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ); + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_EVEREST_H */ diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h new file mode 100644 index 000000000..e332ff23c --- /dev/null +++ b/3rdparty/everest/include/everest/x25519.h @@ -0,0 +1,181 @@ +/* + * ECDH with curve-optimized implementation multiplexing + * + * Copyright 2016-2018 INRIA and Microsoft Corporation + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_X25519_H +#define MBEDTLS_X25519_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define MBEDTLS_ECP_TLS_CURVE25519 0x1d + +/** + * \brief The x25519 context structure. + */ +typedef struct mbedtls_x25519_context_ { + unsigned char our_secret[32]; + unsigned char peer_point[32]; +} mbedtls_x25519_context; + +/** + * \brief This function initializes an x25519 context. + * + * \param ctx The x25519 context to initialize. + */ +void mbedtls_x25519_init( mbedtls_x25519_context *ctx ); + +/** + * \brief This function frees a context. + * + * \param ctx The context to free. + */ +void mbedtls_x25519_free( mbedtls_x25519_context *ctx ); + +/** + * \brief This function generates a public key and a TLS + * ServerKeyExchange payload. + * + * This is the first function used by a TLS server for x25519. + * + * + * \param ctx The x25519 context. + * \param olen The number of characters written. + * \param buf The destination buffer. + * \param blen The length of the destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + */ +int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * \brief This function parses and processes a TLS ServerKeyExchange + * payload. + * + * + * \param ctx The x25519 context. + * \param buf The pointer to the start of the input buffer. + * \param end The address for one Byte past the end of the buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + * + */ +int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, + const unsigned char **buf, const unsigned char *end ); + +/** + * \brief This function sets up an x25519 context from an EC key. + * + * It is used by clients and servers in place of the + * ServerKeyEchange for static ECDH, and imports ECDH + * parameters from the EC key information of a certificate. + * + * \see ecp.h + * + * \param ctx The x25519 context to set up. + * \param key The EC key to use. + * \param side Defines the source of the key: 1: Our key, or + * 0: The key of the peer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + * + */ +int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key, + int side ); + +/** + * \brief This function derives and exports the shared secret. + * + * This is the last function used by both TLS client + * and servers. + * + * + * \param ctx The x25519 context. + * \param olen The number of Bytes written. + * \param buf The destination buffer. + * \param blen The length of the destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + */ +int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * \brief This function generates a public key and a TLS + * ClientKeyExchange payload. + * + * This is the second function used by a TLS client for x25519. + * + * \see ecp.h + * + * \param ctx The x25519 context. + * \param olen The number of Bytes written. + * \param buf The destination buffer. + * \param blen The size of the destination buffer. + * \param f_rng The RNG function. + * \param p_rng The RNG context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + */ +int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * \brief This function parses and processes a TLS ClientKeyExchange + * payload. + * + * This is the second function used by a TLS server for x25519. + * + * \see ecp.h + * + * \param ctx The x25519 context. + * \param buf The start of the input buffer. + * \param blen The length of the input buffer. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. + */ +int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx, + const unsigned char *buf, size_t blen ); + +#ifdef __cplusplus +} +#endif + +#endif /* x25519.h */ diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c new file mode 100644 index 000000000..2b7861de6 --- /dev/null +++ b/3rdparty/everest/library/everest.c @@ -0,0 +1,151 @@ +/* + * Interface to code from Project Everest + * + * Copyright 2016-2018 INRIA and Microsoft Corporation + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org). + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include + +#include "mbedtls/ecdh.h" + +#include "everest/x25519.h" +#include "everest/everest.h" + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + +int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp ) +{ + if( grp != MBEDTLS_ECP_DP_CURVE25519 ) + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + + ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; + ctx->grp_id = grp; + + ctx->ctx.everest_ecdh.ctx = mbedtls_calloc( 1, sizeof( mbedtls_x25519_context ) ); + mbedtls_x25519_init( ctx->ctx.everest_ecdh.ctx ); + + return 0; +} + +void mbedtls_everest_free( mbedtls_ecdh_context *ctx ) +{ + mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; + mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; + + mbedtls_x25519_free( x25519_ctx ); + mbedtls_free( x25519_ctx ); + + ctx->var = MBEDTLS_ECDH_VARIANT_NONE; + ctx->grp_id = MBEDTLS_ECP_DP_NONE; +} + +int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ) +{ + int ret = 0; + size_t grp_len; + mbedtls_ecp_group grp; + mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; + mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; + + if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + + mbedtls_ecp_group_init( &grp ); + + if( ( ret = mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng ) ) != 0 ) + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + + mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE25519 ); + ret = mbedtls_ecp_tls_write_group( &grp, &grp_len, buf, blen ); + mbedtls_ecp_group_free( &grp ); + if (ret != 0) + return( ret ); + + buf += grp_len; + blen -= grp_len; + + if( blen < 32 ) + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + + memcpy( x25519_ctx->peer_point, buf, 32 ); + *olen = grp_len + 1 + 32; + return( ret ); +} + +int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, + const unsigned char **buf, const unsigned char *end ) +{ + mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; + mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; + if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + return mbedtls_x25519_read_params( x25519_ctx, buf, end ); +} + +int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, + int side ) +{ + mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; + mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; + if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + return mbedtls_x25519_get_params( x25519_ctx, key, side ); +} + +int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ) +{ + mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; + mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; + if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + return mbedtls_x25519_make_public( x25519_ctx, olen, buf, blen, f_rng, p_rng ); +} + +int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx, + const unsigned char *buf, size_t blen ) +{ + mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; + mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; + if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + return mbedtls_x25519_read_public ( x25519_ctx, buf, blen ); +} + +int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ) +{ + mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; + mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; + if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng ); +} diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c new file mode 100644 index 000000000..72cab6bbe --- /dev/null +++ b/3rdparty/everest/library/x25519.c @@ -0,0 +1,187 @@ +/* + * ECDH with curve-optimized implementation multiplexing + * + * Copyright 2016-2018 INRIA and Microsoft Corporation + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_ECDH_C) + +#include +#include + +#include "x25519.h" + +#include + +/* + * Initialize context + */ +void mbedtls_x25519_init( mbedtls_x25519_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_x25519_context ) ); +} + +/* + * Free context + */ +void mbedtls_x25519_free( mbedtls_x25519_context *ctx ) +{ + if( ctx == NULL ) + return; + + mbedtls_platform_zeroize( ctx->our_secret, 32 ); + mbedtls_platform_zeroize( ctx->peer_point, 32 ); +} + +int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret = 0; + + uint8_t base[32] = {0}; + + if( ( ret = f_rng( p_rng, ctx->our_secret, 32 ) ) != 0 ) + return ret; + + *olen = 36; + if( blen < *olen ) + return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + + *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE; + *buf++ = MBEDTLS_ECP_TLS_CURVE25519 >> 8; + *buf++ = MBEDTLS_ECP_TLS_CURVE25519 & 0xFF; + *buf++ = 32; + + base[0] = 9; + Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base ); + + base[0] = 0; + if( memcmp( buf, base, 32) == 0 ) + return MBEDTLS_ERR_ECP_RANDOM_FAILED; + + return( 0 ); +} + +int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, + const unsigned char **buf, const unsigned char *end ) +{ + if( end - *buf < 33 ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + if( ( *(*buf)++ != 32 ) ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + memcpy( ctx->peer_point, *buf, 32 ); + *buf += 32; + return( 0 ); +} + +int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key, + int side ) +{ + size_t olen = 0; + + switch( side ) { + case MBEDTLS_ECDH_THEIRS: + mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, 32 ); + /* untested; defensively throw an error for now. */ + return(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); + case MBEDTLS_ECDH_OURS: + mbedtls_mpi_write_binary( &key->d, ctx->our_secret, 32 ); + /* CMW: key->Q = key->d * base; do we need to set up ctx.peer_point here? */ + /* untested; defensively throw an error for now. */ + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + default: + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } +} + +int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )(void *, unsigned char *, size_t), + void *p_rng ) +{ + /* CMW: Is it okay that f_rng, p_rng are not used? */ + (( void )f_rng); + (( void )p_rng); + + *olen = 32; + + if( blen < *olen ) + return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + + Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, ctx->peer_point); + + /* Wipe the DH secret and don't let the peer chose a small subgroup point */ + memset( ctx->our_secret, 0, 32 ); + if( memcmp( buf, ctx->our_secret, 32) == 0 ) + return MBEDTLS_ERR_ECP_RANDOM_FAILED; + + return( 0 ); +} + +int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )(void *, unsigned char *, size_t), + void *p_rng ) +{ + unsigned char base[32] = { 0 }; + + /* CMW: Is it okay that f_rng, p_rng are not used? */ + (( void )f_rng); + (( void )p_rng); + + if( ctx == NULL ) + return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA); + + *olen = 33; + if( blen < *olen ) + return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); + *buf++ = 32; + + base[0] = 9; + Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base ); + + base[0] = 0; + if( memcmp( buf, base, 32 ) == 0 ) + return MBEDTLS_ERR_ECP_RANDOM_FAILED; + + return(0); +} + +int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx, + const unsigned char *buf, size_t blen ) +{ + if( blen < 33 ) + return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); + if( (*buf++ != 32) ) + return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA); + memcpy( ctx->peer_point, buf, 32 ); + return(0); +} + + +#endif /* MBEDTLS_ECDH_C */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index e202cb49b..155a085b8 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2078,6 +2078,22 @@ */ //#define MBEDTLS_PLATFORM_GMTIME_R_ALT +/* + * \def MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + * + * Enable the verified implementations of crypto primitives + * from Project Everest (currently only Curve25519). + * This feature breaks ECDH backward compatibility (see also + * MBEDTLS_ECDH_LEGACY_CONTEXT). + * + */ +#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + +/* \} name SECTION: Customisation configuration options */ + +/* Target and application specific configurations */ +//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h" + /* \} name SECTION: Customisation configuration options */ /* Target and application specific configurations diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index d870a5bd5..4bb704bc5 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -42,6 +42,11 @@ #include "mbedtls/ecp.h" +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) +#undef MBEDTLS_ECDH_LEGACY_CONTEXT +#include "everest/everest.h" +#endif + #ifdef __cplusplus extern "C" { #endif @@ -66,6 +71,9 @@ typedef enum { MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */ MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */ +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */ +#endif } mbedtls_ecdh_variant; /** @@ -119,6 +127,9 @@ typedef struct mbedtls_ecdh_context union { mbedtls_ecdh_context_mbed mbed_ecdh; +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + mbedtls_ecdh_context_everest everest_ecdh; +#endif } ctx; /*!< Implementation-specific context. The context in use is specified by the \c var field. */ From d5fd766c49ec91cff3eb3139d2501bddd9b1fd88 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 25 Oct 2018 12:47:03 +0100 Subject: [PATCH 04/78] ECDH: Include Everest Curve25519 in build scripts --- 3rdparty/everest/.gitignore | 1 + CMakeLists.txt | 2 +- include/CMakeLists.txt | 3 ++- library/CMakeLists.txt | 9 +++++++++ library/Makefile | 14 +++++++++++++- programs/Makefile | 2 ++ tests/Makefile | 2 ++ 7 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 3rdparty/everest/.gitignore diff --git a/3rdparty/everest/.gitignore b/3rdparty/everest/.gitignore new file mode 100644 index 000000000..5761abcfd --- /dev/null +++ b/3rdparty/everest/.gitignore @@ -0,0 +1 @@ +*.o diff --git a/CMakeLists.txt b/CMakeLists.txt index 6115f0588..f756d4331 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -176,7 +176,7 @@ else() set(LIB_INSTALL_DIR lib) endif() -include_directories(include/) +include_directories(include/ 3rdparty/everest/include/ 3rdparty/everest/include/everest/ 3rdparty/everest/include/everest/kremlin/ 3rdparty/everest/include/everest/kremlib/) include_directories(library/) add_subdirectory(library) diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 02f924df4..727fa210c 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -4,8 +4,9 @@ if(INSTALL_MBEDTLS_HEADERS) file(GLOB headers "mbedtls/*.h") file(GLOB psa_headers "psa/*.h") + file(GLOB everest_headers "../3rdparty/everest/include/*.h") - install(FILES ${headers} + install(FILES ${headers} ${everest_headers} DESTINATION include/mbedtls PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index b1f1fb34c..009fb3e74 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -94,6 +94,15 @@ set(src_crypto ) endif() +set(src_everest + ../3rdparty/everest/library/everest.c + ../3rdparty/everest/library/Hacl_Curve25519.c + ../3rdparty/everest/library/x25519.c + ../3rdparty/everest/library/kremlib/fstar_uint128.c + ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c +) + +set(src_crypto ${src_crypto} ${src_everest}) if(CMAKE_COMPILER_IS_GNUCC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") endif(CMAKE_COMPILER_IS_GNUCC) diff --git a/library/Makefile b/library/Makefile index 736ce09b2..58ecb0c27 100644 --- a/library/Makefile +++ b/library/Makefile @@ -19,6 +19,9 @@ endif # To compile on Plan9: # CFLAGS += -D_BSD_EXTENSION +# Include directories for Everest code +CFLAGS+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib + # if were running on Windows build for Windows ifdef WINDOWS WINDOWS_BUILD=1 @@ -101,6 +104,13 @@ OBJS_CRYPTO += version.o OBJS_CRYPTO += version_features.o endif +OBJS_CRYPTO+= \ + ../3rdparty/everest/library/everest.o \ + ../3rdparty/everest/library/Hacl_Curve25519.o \ + ../3rdparty/everest/library/x25519.o \ + ../3rdparty/everest/library/kremlib/fstar_uint128.o \ + ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.o + .SILENT: .PHONY: all static shared clean @@ -148,8 +158,10 @@ libmbedcrypto.dll: $(OBJS_CRYPTO) clean: ifndef WINDOWS - rm -f *.o libmbed* + rm -f *.o libmbed* $(OBJS_CRYPTO) else if exist *.o del /Q /F *.o if exist libmbed* del /Q /F libmbed* + if exist $(OBJS_CRYPTO) del /Q /F $(OBJS_CRYPTO) endif + diff --git a/programs/Makefile b/programs/Makefile index 1a69b7469..871b75b77 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -11,6 +11,8 @@ LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = -L../library \ -lmbedcrypto$(SHARED_SUFFIX) +LOCAL_CFLAGS+=-I../3rdparty/everest/include + ifndef SHARED DEP=../library/libmbedcrypto.a else diff --git a/tests/Makefile b/tests/Makefile index 6b72523eb..00a14bc21 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -10,6 +10,8 @@ LOCAL_CFLAGS = $(WARNING_CFLAGS) $(CRYPTO_INCLUDES) -I../library -D_FILE_OFFSET_ LOCAL_LDFLAGS = -L../library \ -lmbedcrypto$(SHARED_SUFFIX) +LOCAL_CFLAGS+=-I../3rdparty/everest/include + # Enable definition of various functions used throughout the testsuite # (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless # on non-POSIX platforms. From 696dedaed695a82a5f12f6af4150e2e458cde5a9 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 25 Oct 2018 12:47:18 +0100 Subject: [PATCH 05/78] ECDH: Add new (non-legacy) ECDH benchmark --- programs/test/benchmark.c | 47 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 2b8656692..4282276f5 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -97,7 +97,7 @@ int main( void ) /* * Size to use for the alloc buffer if MEMORY_BUFFER_ALLOC_C is defined. */ -#define HEAP_SIZE (1u << 16) // 64k +#define HEAP_SIZE (1u << 16) /* 64k */ #define BUFSIZE 1024 #define HEADER_FORMAT " %-24s : " @@ -988,6 +988,51 @@ int main( int argc, char *argv[] ) } #endif +#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + if( todo.ecdh ) + { + mbedtls_ecdh_context ecdh_srv, ecdh_cli; + unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE]; + const mbedtls_ecp_curve_info * curve_list = mbedtls_ecp_curve_list(); + const mbedtls_ecp_curve_info *curve_info; + size_t olen; + + for( curve_info = curve_list; + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++ ) + { + mbedtls_ecdh_init( &ecdh_srv ); + mbedtls_ecdh_init( &ecdh_cli ); + mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ); + mbedtls_ecdh_setup( &ecdh_cli, curve_info->grp_id ); + + if( ecdh_srv.var == MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0 && ( + mbedtls_ecp_group_load( &ecdh_srv.ctx.mbed_ecdh.grp, curve_info->grp_id ) != 0 || + mbedtls_ecdh_gen_public( &ecdh_srv.ctx.mbed_ecdh.grp, + &ecdh_srv.ctx.mbed_ecdh.d, + &ecdh_srv.ctx.mbed_ecdh.Q, myrand, NULL ) != 0 )) + mbedtls_exit( 1 ); + + mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); + TIME_PUBLIC( title, "handshake", + const unsigned char * p_srv = buf_srv; + ret |= mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ); + + ret |= mbedtls_ecdh_read_params( &ecdh_cli, &p_srv, p_srv + olen ); + ret |= mbedtls_ecdh_make_public( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ); + + ret |= mbedtls_ecdh_read_public( &ecdh_srv, buf_cli, olen ); + ret |= mbedtls_ecdh_calc_secret( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ); + + ret |= mbedtls_ecdh_calc_secret( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ); + ); + + mbedtls_ecdh_free( &ecdh_srv ); + mbedtls_ecdh_free( &ecdh_cli ); + } + } +#endif + mbedtls_printf( "\n" ); #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) From c9f737b4ba075435c6a27f6fff2631762a487c99 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 25 Oct 2018 13:03:05 +0100 Subject: [PATCH 06/78] ECDH: Enable Everest Curve25519 in ECDH/ECDSA/ECP --- library/ecdh.c | 40 +++++++++++++++++++++++++++++++++++++++- library/ecdsa.c | 6 ++++-- library/ecp.c | 3 +++ 3 files changed, 46 insertions(+), 3 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index eecae9131..be3637466 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -47,6 +47,10 @@ #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; +#else +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) +#include "everest/everest.h" +#endif #endif static mbedtls_ecp_group_id mbedtls_ecdh_grp_id( @@ -215,6 +219,11 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) #else switch( grp_id ) { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECP_DP_CURVE25519: + return( mbedtls_everest_setup( ctx, grp_id ) ); +#endif + break; default: ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; @@ -266,6 +275,11 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) #else switch( ctx->var ) { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + mbedtls_everest_free( ctx ); + break; +#endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: ecdh_free_internal( &ctx->ctx.mbed_ecdh ); break; @@ -331,7 +345,7 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, } /* - * Setup and write the ServerKeyExhange parameters (RFC 4492) + * Setup and write the ServerKeyExchange parameters (RFC 4492) * struct { * ECParameters curve_params; * ECPoint public; @@ -360,6 +374,10 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, #else switch( ctx->var ) { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + return( mbedtls_everest_make_params( ctx, olen, buf, blen, f_rng, p_rng ) ); +#endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen, ctx->point_format, buf, blen, @@ -409,6 +427,10 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, #else switch( ctx->var ) { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + return( mbedtls_everest_read_params( ctx, buf, end) ); +#endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh, buf, end ) ); @@ -473,6 +495,10 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, #else switch( ctx->var ) { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + return( mbedtls_everest_get_params( ctx, key, side ) ); +#endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh, key, side ) ); @@ -544,6 +570,10 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, #else switch( ctx->var ) { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + return( mbedtls_everest_make_public( ctx, olen, buf, blen, f_rng, p_rng ) ); +#endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen, ctx->point_format, buf, blen, @@ -585,6 +615,10 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, #else switch( ctx->var ) { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + return( mbedtls_everest_read_public( ctx, buf, blen ) ); +#endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh, buf, blen ) ); @@ -667,6 +701,10 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, #else switch( ctx->var ) { +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + case MBEDTLS_ECDH_VARIANT_EVEREST: + return( mbedtls_everest_calc_secret( ctx, olen, buf, blen, f_rng, p_rng ) ); +#endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf, blen, f_rng, p_rng, diff --git a/library/ecdsa.c b/library/ecdsa.c index 58e1a5fce..6411a5e19 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -263,8 +263,10 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, mbedtls_mpi *pk = &k, *pr = r; /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ - if( grp->N.p == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if( grp->id == MBEDTLS_ECP_DP_CURVE25519 || + grp->id == MBEDTLS_ECP_DP_CURVE448 || + grp->N.p == NULL ) + return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); /* Make sure d is in range 1..n-1 */ if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) diff --git a/library/ecp.c b/library/ecp.c index 38040479a..1420f22cb 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -409,6 +409,9 @@ static const mbedtls_ecp_curve_info ecp_supported_curves[] = #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) { MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" }, +#endif +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + { MBEDTLS_ECP_DP_CURVE25519, 0x001D, 256, "x25519" }, #endif { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, }; From 6817b9e81955eaf77f99b0ea8283bcd4d2289832 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 25 Oct 2018 13:12:05 +0100 Subject: [PATCH 07/78] ECDH: Add #ifdef filter to tests/scripts/list-enum-consts.pl This allows the use of #ifdef ... #endif in enum definitions (e.g., mbedtls_ecdh_variant in ecdh.h). --- tests/scripts/list-enum-consts.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl index 21c25b33e..ebd9b7ebc 100755 --- a/tests/scripts/list-enum-consts.pl +++ b/tests/scripts/list-enum-consts.pl @@ -22,7 +22,7 @@ while (<>) $state = 'in'; } elsif( $state eq 'in' and /}/ ) { $state = 'out'; - } elsif( $state eq 'in' ) { + } elsif( $state eq 'in' and not (/^#if/ or /#endif/)) { s/=.*//; s!/\*.*!!; s/,.*//; s/\s+//g; chomp; push @consts, $_ if $_; } From 65bab9772e75e8c26232c20f220416cb9a50ec6a Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 6 Dec 2018 17:15:12 +0000 Subject: [PATCH 08/78] ECDH: Rename full handshake benchmark --- programs/test/benchmark.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 programs/test/benchmark.c diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c old mode 100644 new mode 100755 index 4282276f5..a7a01074c --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1014,7 +1014,7 @@ int main( int argc, char *argv[] ) mbedtls_exit( 1 ); mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); - TIME_PUBLIC( title, "handshake", + TIME_PUBLIC( title, "full handshake", const unsigned char * p_srv = buf_srv; ret |= mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ); From 78c9c461cff9232cef326bd8213ccbc80595d0c1 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 6 Dec 2018 17:16:32 +0000 Subject: [PATCH 09/78] ECDH: Fix typo in ecdh.c --- library/ecdh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 library/ecdh.c diff --git a/library/ecdh.c b/library/ecdh.c old mode 100644 new mode 100755 index be3637466..b0367ec15 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -222,8 +222,8 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: return( mbedtls_everest_setup( ctx, grp_id ) ); -#endif break; +#endif default: ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; From fba94e97264d33e896dcac80b963579e7f2c3be9 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 6 Dec 2018 17:18:24 +0000 Subject: [PATCH 10/78] ECDH: Fix error code in mbedtls_ecdsa_sign --- library/ecdsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 library/ecdsa.c diff --git a/library/ecdsa.c b/library/ecdsa.c old mode 100644 new mode 100755 index 6411a5e19..2daabeedf --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -266,7 +266,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, if( grp->id == MBEDTLS_ECP_DP_CURVE25519 || grp->id == MBEDTLS_ECP_DP_CURVE448 || grp->N.p == NULL ) - return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); /* Make sure d is in range 1..n-1 */ if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) From fb72367f960d2d4ae48997e308e3b359631841b7 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 6 Dec 2018 17:23:07 +0000 Subject: [PATCH 11/78] ECDH: Remove old code from mbedtls_everest_make_params --- 3rdparty/everest/library/everest.c | 29 ++--------------------------- 1 file changed, 2 insertions(+), 27 deletions(-) mode change 100644 => 100755 3rdparty/everest/library/everest.c diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c old mode 100644 new mode 100755 index 2b7861de6..da1e426f9 --- a/3rdparty/everest/library/everest.c +++ b/3rdparty/everest/library/everest.c @@ -70,35 +70,10 @@ int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ) { - int ret = 0; - size_t grp_len; - mbedtls_ecp_group grp; mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) - return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - - mbedtls_ecp_group_init( &grp ); - - if( ( ret = mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng ) ) != 0 ) - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - - mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE25519 ); - ret = mbedtls_ecp_tls_write_group( &grp, &grp_len, buf, blen ); - mbedtls_ecp_group_free( &grp ); - if (ret != 0) - return( ret ); - - buf += grp_len; - blen -= grp_len; - - if( blen < 32 ) - return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - - memcpy( x25519_ctx->peer_point, buf, 32 ); - *olen = grp_len + 1 + 32; - return( ret ); + if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + return mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng ); } int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, From 86e36c4c2b6ccc6053afa2657ccb5659edf9af6a Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 6 Dec 2018 17:27:31 +0000 Subject: [PATCH 12/78] ECDH: Replace hex literal with decimal in ecp.c --- library/ecp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 library/ecp.c diff --git a/library/ecp.c b/library/ecp.c old mode 100644 new mode 100755 index 1420f22cb..c7f54a195 --- a/library/ecp.c +++ b/library/ecp.c @@ -411,7 +411,7 @@ static const mbedtls_ecp_curve_info ecp_supported_curves[] = { MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" }, #endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - { MBEDTLS_ECP_DP_CURVE25519, 0x001D, 256, "x25519" }, + { MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" }, #endif { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, }; From 6acfbb52d77acc6f119610a1d4debaeaed1d3423 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 7 Dec 2018 13:19:53 +0000 Subject: [PATCH 13/78] ECDH: Add #ifdef to cleanly disable the Everest code --- 3rdparty/everest/library/everest.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c index da1e426f9..2b111af00 100755 --- a/3rdparty/everest/library/everest.c +++ b/3rdparty/everest/library/everest.c @@ -39,6 +39,8 @@ #define mbedtls_free free #endif +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp ) { if( grp != MBEDTLS_ECP_DP_CURVE25519 ) @@ -124,3 +126,5 @@ int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng ); } + +#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ \ No newline at end of file From 79acf95199310cbbdc99be845717a141108478df Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 7 Dec 2018 13:32:59 +0000 Subject: [PATCH 14/78] ECDH: Improve ECDH full handshake benchmark --- programs/test/benchmark.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index a7a01074c..ba2c9370a 100755 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -988,7 +988,7 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +#if defined(MBEDTLS_ECDH_C) if( todo.ecdh ) { mbedtls_ecdh_context ecdh_srv, ecdh_cli; @@ -1006,11 +1006,18 @@ int main( int argc, char *argv[] ) mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ); mbedtls_ecdh_setup( &ecdh_cli, curve_info->grp_id ); +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + if (mbedtls_ecp_group_load(&ecdh_srv.grp, curve_info->grp_id) != 0 || + mbedtls_ecdh_gen_public(&ecdh_srv.grp, + &ecdh_srv.d, + &ecdh_srv.Q, myrand, NULL) != 0) +#else if( ecdh_srv.var == MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0 && ( mbedtls_ecp_group_load( &ecdh_srv.ctx.mbed_ecdh.grp, curve_info->grp_id ) != 0 || mbedtls_ecdh_gen_public( &ecdh_srv.ctx.mbed_ecdh.grp, &ecdh_srv.ctx.mbed_ecdh.d, &ecdh_srv.ctx.mbed_ecdh.Q, myrand, NULL ) != 0 )) +#endif mbedtls_exit( 1 ); mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); From 48d26c21c61c3f0e1c4ca38035366f8ae968401b Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 6 Dec 2018 18:59:19 +0000 Subject: [PATCH 15/78] ECDH: Add Everest Curve25519 to VS project files This being the first 3rdparty-contribution, we may want to consider the structure of the project file generation scripts. Perhaps add small, constribution-specific scripts to each directory in 3rdparty instead of adding all constraints to generate_visualc_files.pl? --- .../data_files/vs2010-app-template.vcxproj | 8 +++--- .../data_files/vs2010-main-template.vcxproj | 16 ++++++------ scripts/generate_visualc_files.pl | 19 +++++++++++--- visualc/VS2010/aescrypt2.vcxproj | 8 +++--- visualc/VS2010/benchmark.vcxproj | 8 +++--- visualc/VS2010/crypt_and_hash.vcxproj | 8 +++--- visualc/VS2010/crypto_examples.vcxproj | 8 +++--- visualc/VS2010/dh_genprime.vcxproj | 8 +++--- visualc/VS2010/ecdh_curve25519.vcxproj | 8 +++--- visualc/VS2010/ecdsa.vcxproj | 8 +++--- visualc/VS2010/gen_entropy.vcxproj | 8 +++--- visualc/VS2010/gen_key.vcxproj | 8 +++--- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 8 +++--- visualc/VS2010/gen_random_havege.vcxproj | 8 +++--- visualc/VS2010/generic_sum.vcxproj | 8 +++--- visualc/VS2010/hello.vcxproj | 8 +++--- visualc/VS2010/key_app.vcxproj | 8 +++--- visualc/VS2010/key_app_writer.vcxproj | 8 +++--- visualc/VS2010/key_ladder_demo.vcxproj | 8 +++--- visualc/VS2010/mbedTLS.vcxproj | 26 +++++++++++++------ visualc/VS2010/mpi_demo.vcxproj | 8 +++--- visualc/VS2010/pem2der.vcxproj | 8 +++--- visualc/VS2010/pk_decrypt.vcxproj | 8 +++--- visualc/VS2010/pk_encrypt.vcxproj | 8 +++--- visualc/VS2010/pk_sign.vcxproj | 8 +++--- visualc/VS2010/pk_verify.vcxproj | 8 +++--- visualc/VS2010/psa_constant_names.vcxproj | 8 +++--- .../VS2010/query_compile_time_config.vcxproj | 8 +++--- visualc/VS2010/rsa_decrypt.vcxproj | 8 +++--- visualc/VS2010/rsa_encrypt.vcxproj | 8 +++--- visualc/VS2010/rsa_genkey.vcxproj | 8 +++--- visualc/VS2010/rsa_sign.vcxproj | 8 +++--- visualc/VS2010/rsa_sign_pss.vcxproj | 8 +++--- visualc/VS2010/rsa_verify.vcxproj | 8 +++--- visualc/VS2010/rsa_verify_pss.vcxproj | 8 +++--- visualc/VS2010/selftest.vcxproj | 8 +++--- visualc/VS2010/strerror.vcxproj | 8 +++--- visualc/VS2010/zeroize.vcxproj | 8 +++--- 38 files changed, 182 insertions(+), 159 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index 1db7ee42a..5480a445c 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -93,7 +93,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -113,7 +113,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -135,7 +135,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -155,7 +155,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index 773b58a33..7071cd28a 100644 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -85,8 +85,8 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) - ../../include + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -100,8 +100,8 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) - ../../include + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -117,8 +117,8 @@ MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) - ../../include + WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Windows @@ -135,8 +135,8 @@ MaxSpeed true true - WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) - ../../include + WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Windows diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 42f302428..5d07b885c 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -22,6 +22,8 @@ my $programs_dir = 'programs'; my $mbedtls_header_dir = 'include/mbedtls'; my $psa_header_dir = 'include/psa'; my $source_dir = 'library'; +my $everest_header_dir = '3rdparty/everest/include/everest'; +my @everest_source_dirs = ('3rdparty/everest/library', '3rdparty/everest/library/kremlib', '3rdparty/everest/library/vs2010'); # Need windows line endings! my $vsx_hdr_tpl = <; + my @everest_sources = (); + foreach my $d (@everest_source_dirs) { push @everest_sources, <$d/*.c>; } + @everest_sources = grep !/3rdparty\/everest\/library\/Hacl_Curve25519.c/, @everest_sources; + map { s!/!\\!g } @everest_headers; + map { s!/!\\!g } @everest_sources; + gen_app_files( @app_list ); gen_main_file( \@mbedtls_headers, \@psa_headers, \@source_headers, - \@sources, $vsx_hdr_tpl, $vsx_src_tpl, - $vsx_main_tpl_file, $vsx_main_file ); + \@everest_headers, \@sources, \@everest_sources, $vsx_hdr_tpl, + $vsx_src_tpl, $vsx_main_tpl_file, $vsx_main_file ); gen_vsx_solution( @app_list ); diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index 63a124aee..f900580a2 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index ffbd1ad4d..e77d4b99e 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index fb7ef77d1..1f7db3014 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/crypto_examples.vcxproj b/visualc/VS2010/crypto_examples.vcxproj index 2fa23a7f9..9df713bdb 100644 --- a/visualc/VS2010/crypto_examples.vcxproj +++ b/visualc/VS2010/crypto_examples.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index fdd6c6fdf..9b2f9f90d 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj index 748b6d121..7e668eac1 100644 --- a/visualc/VS2010/ecdh_curve25519.vcxproj +++ b/visualc/VS2010/ecdh_curve25519.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 03418d082..cf59d45eb 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index 89b41c081..08d23f574 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index c8ea11f42..bd44e9775 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index 64200afbe..338a92835 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 70c8138a0..31d09d4c1 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index 21bd90f62..4ed977a70 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index b5f6eb005..71a13dd58 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index 0fc246a8f..3d8d45735 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index e4ef62b04..b17a485dc 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/key_ladder_demo.vcxproj b/visualc/VS2010/key_ladder_demo.vcxproj index b8fe6a09b..4b419afec 100644 --- a/visualc/VS2010/key_ladder_demo.vcxproj +++ b/visualc/VS2010/key_ladder_demo.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 2db9a162e..fade3d1a2 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -85,8 +85,8 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) - ../../include + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -100,8 +100,8 @@ Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) - ../../include + WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -117,8 +117,8 @@ MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) - ../../include + WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Windows @@ -135,8 +135,8 @@ MaxSpeed true true - WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;%(PreprocessorDefinitions) - ../../include + WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Windows @@ -228,6 +228,10 @@ + + + + @@ -296,6 +300,12 @@ + + + + + + diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index d770d35af..2015cff0e 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 2f1248c5d..45799c1f9 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 168adf34b..baf3d7c30 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index bb09f06aa..38eb66155 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index 98941f4be..2bbea277a 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 6d3006e61..8804a9c1c 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/psa_constant_names.vcxproj b/visualc/VS2010/psa_constant_names.vcxproj index 41cb85b6d..046505a9b 100644 --- a/visualc/VS2010/psa_constant_names.vcxproj +++ b/visualc/VS2010/psa_constant_names.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj index 8e7f07bd0..e95a49f91 100644 --- a/visualc/VS2010/query_compile_time_config.vcxproj +++ b/visualc/VS2010/query_compile_time_config.vcxproj @@ -95,7 +95,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -115,7 +115,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -137,7 +137,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -157,7 +157,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index ffba32a6a..8ba60e38d 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 9f5f32784..af8663193 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index 824e3043c..2a6782423 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index dda4756cd..37bae35b7 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index 31da8cade..2dfe7510e 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index b78dfc338..ee834de5a 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index 220ad2d42..00b4ebe8c 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 1f5e10918..184c3743f 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index c3ec8fa74..91c7ff7d2 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj index dff71d30e..0697ca6fa 100644 --- a/visualc/VS2010/zeroize.vcxproj +++ b/visualc/VS2010/zeroize.vcxproj @@ -94,7 +94,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -114,7 +114,7 @@ Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -136,7 +136,7 @@ true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console @@ -156,7 +156,7 @@ true true WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - ../../include + ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console From 4936beb5136e26271247de49588045f71f740806 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Wed, 12 Dec 2018 17:26:41 +0000 Subject: [PATCH 16/78] ECDH: Clean up the interface to Everest code --- 3rdparty/everest/include/everest/everest.h | 38 +++++++----- 3rdparty/everest/include/everest/x25519.h | 13 +++- 3rdparty/everest/library/everest.c | 70 ++++++++-------------- 3rdparty/everest/library/x25519.c | 8 ++- library/ecdh.c | 35 ++++++++--- 5 files changed, 88 insertions(+), 76 deletions(-) mode change 100644 => 100755 3rdparty/everest/include/everest/everest.h mode change 100644 => 100755 3rdparty/everest/include/everest/x25519.h mode change 100644 => 100755 3rdparty/everest/library/x25519.c diff --git a/3rdparty/everest/include/everest/everest.h b/3rdparty/everest/include/everest/everest.h old mode 100644 new mode 100755 index aceeeae69..58065001f --- a/3rdparty/everest/include/everest/everest.h +++ b/3rdparty/everest/include/everest/everest.h @@ -22,17 +22,23 @@ #ifndef MBEDTLS_EVEREST_H #define MBEDTLS_EVEREST_H +#include "everest/x25519.h" + #ifdef __cplusplus extern "C" { #endif -struct mbedtls_ecdh_context; -typedef struct mbedtls_ecdh_context mbedtls_ecdh_context; - -struct mbedtls_x25519_context_; +/** + * Defines the source of the imported EC key. + */ +typedef enum +{ + MBEDTLS_EVEREST_ECDH_OURS, /**< Our key. */ + MBEDTLS_EVEREST_ECDH_THEIRS, /**< The key of the peer. */ +} mbedtls_everest_ecdh_side; typedef struct { - struct mbedtls_x25519_context_ *ctx; + mbedtls_x25519_context ctx; } mbedtls_ecdh_context_everest; @@ -48,18 +54,18 @@ typedef struct { * ciphersuites. * * \param ctx The ECDH context to set up. - * \param grp The group id of the group to set up the context for. + * \param grp_id The group id of the group to set up the context for. * * \return \c 0 on success. */ -int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp ); +int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id ); /** * \brief This function frees a context. * * \param ctx The context to free. */ -void mbedtls_everest_free( mbedtls_ecdh_context *ctx ); +void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx ); /** * \brief This function generates a public key and a TLS @@ -84,7 +90,7 @@ void mbedtls_everest_free( mbedtls_ecdh_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ); @@ -106,7 +112,7 @@ int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen, * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, +int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx, const unsigned char **buf, const unsigned char *end ); /** @@ -126,7 +132,7 @@ int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, +int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx, const unsigned char **buf, const unsigned char *end ); /** @@ -147,8 +153,8 @@ int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, - int side ); +int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, const mbedtls_ecp_keypair *key, + mbedtls_everest_ecdh_side side ); /** * \brief This function generates a public key and a TLS @@ -169,7 +175,7 @@ int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_key * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ); @@ -191,7 +197,7 @@ int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx, +int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx, const unsigned char *buf, size_t blen ); /** @@ -216,7 +222,7 @@ int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ); diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h old mode 100644 new mode 100755 index e332ff23c..cdfb16f53 --- a/3rdparty/everest/include/everest/x25519.h +++ b/3rdparty/everest/include/everest/x25519.h @@ -22,14 +22,21 @@ #ifndef MBEDTLS_X25519_H #define MBEDTLS_X25519_H -#include - #ifdef __cplusplus extern "C" { #endif #define MBEDTLS_ECP_TLS_CURVE25519 0x1d +/** + * Defines the source of the imported EC key. + */ +typedef enum +{ + MBEDTLS_X25519_ECDH_OURS, /**< Our key. */ + MBEDTLS_X25519_ECDH_THEIRS, /**< The key of the peer. */ +} mbedtls_x25519_ecdh_side; + /** * \brief The x25519 context structure. */ @@ -109,7 +116,7 @@ int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, * */ int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key, - int side ); + mbedtls_x25519_ecdh_side side ); /** * \brief This function derives and exports the shared secret. diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c index 2b111af00..4b3a799dc 100755 --- a/3rdparty/everest/library/everest.c +++ b/3rdparty/everest/library/everest.c @@ -41,89 +41,69 @@ #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) -int mbedtls_everest_setup( mbedtls_ecdh_context *ctx, int grp ) +int mbedtls_everest_setup( mbedtls_ecdh_context_everest *ctx, int grp_id ) { - if( grp != MBEDTLS_ECP_DP_CURVE25519 ) + if( grp_id != MBEDTLS_ECP_DP_CURVE25519 ) return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; - - ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; - ctx->grp_id = grp; - - ctx->ctx.everest_ecdh.ctx = mbedtls_calloc( 1, sizeof( mbedtls_x25519_context ) ); - mbedtls_x25519_init( ctx->ctx.everest_ecdh.ctx ); - + mbedtls_x25519_init( &ctx->ctx ); return 0; } -void mbedtls_everest_free( mbedtls_ecdh_context *ctx ) +void mbedtls_everest_free( mbedtls_ecdh_context_everest *ctx ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - - mbedtls_x25519_free( x25519_ctx ); - mbedtls_free( x25519_ctx ); - - ctx->var = MBEDTLS_ECDH_VARIANT_NONE; - ctx->grp_id = MBEDTLS_ECP_DP_NONE; + mbedtls_x25519_free( &ctx->ctx ); } -int mbedtls_everest_make_params( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_make_params( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_make_params( x25519_ctx, olen, buf, blen, f_rng, p_rng ); } -int mbedtls_everest_read_params( mbedtls_ecdh_context *ctx, - const unsigned char **buf, const unsigned char *end ) +int mbedtls_everest_read_params( mbedtls_ecdh_context_everest *ctx, + const unsigned char **buf, + const unsigned char *end ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_read_params( x25519_ctx, buf, end ); } -int mbedtls_everest_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, - int side ) +int mbedtls_everest_get_params( mbedtls_ecdh_context_everest *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_everest_ecdh_side side ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - return mbedtls_x25519_get_params( x25519_ctx, key, side ); + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; + mbedtls_x25519_ecdh_side s = side == MBEDTLS_EVEREST_ECDH_OURS ? + MBEDTLS_X25519_ECDH_OURS : + MBEDTLS_X25519_ECDH_THEIRS; + return mbedtls_x25519_get_params( x25519_ctx, key, s ); } -int mbedtls_everest_make_public( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_make_public( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_make_public( x25519_ctx, olen, buf, blen, f_rng, p_rng ); } -int mbedtls_everest_read_public( mbedtls_ecdh_context *ctx, +int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx, const unsigned char *buf, size_t blen ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_read_public ( x25519_ctx, buf, blen ); } -int mbedtls_everest_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, +int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen, unsigned char *buf, size_t blen, int( *f_rng )( void *, unsigned char *, size_t ), void *p_rng ) { - mbedtls_ecdh_context_everest *everest_ctx = &ctx->ctx.everest_ecdh; - mbedtls_x25519_context *x25519_ctx = ( mbedtls_x25519_context* )everest_ctx->ctx; - if( ctx->var != MBEDTLS_ECDH_VARIANT_EVEREST ) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_x25519_context *x25519_ctx = &ctx->ctx; return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng ); } diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c old mode 100644 new mode 100755 index 72cab6bbe..830018c46 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -27,6 +27,8 @@ #if defined(MBEDTLS_ECDH_C) +#include + #include #include @@ -100,16 +102,16 @@ int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, } int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key, - int side ) + mbedtls_x25519_ecdh_side side ) { size_t olen = 0; switch( side ) { - case MBEDTLS_ECDH_THEIRS: + case MBEDTLS_X25519_ECDH_THEIRS: mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, 32 ); /* untested; defensively throw an error for now. */ return(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); - case MBEDTLS_ECDH_OURS: + case MBEDTLS_X25519_ECDH_OURS: mbedtls_mpi_write_binary( &key->d, ctx->our_secret, 32 ); /* CMW: key->Q = key->d * base; do we need to set up ctx.peer_point here? */ /* untested; defensively throw an error for now. */ diff --git a/library/ecdh.c b/library/ecdh.c index b0367ec15..fec88d081 100755 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -221,8 +221,12 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: - return( mbedtls_everest_setup( ctx, grp_id ) ); - break; + { + ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; + ctx->grp_id = grp_id; + return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) ); + } #endif default: ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; @@ -277,7 +281,9 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - mbedtls_everest_free( ctx ); + mbedtls_everest_free( &ctx->ctx.everest_ecdh ); + ctx->var = MBEDTLS_ECDH_VARIANT_NONE; + ctx->grp_id = MBEDTLS_ECP_DP_NONE; break; #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: @@ -376,7 +382,8 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_params( ctx, olen, buf, blen, f_rng, p_rng ) ); + return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng ) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen, @@ -429,7 +436,8 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_read_params( ctx, buf, end) ); + return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh, + buf, end) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh, @@ -497,7 +505,13 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_get_params( ctx, key, side ) ); + { + mbedtls_x25519_ecdh_side s = side == MBEDTLS_ECDH_OURS ? + MBEDTLS_EVEREST_ECDH_OURS : + MBEDTLS_EVEREST_ECDH_THEIRS; + return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh, + key, s) ); + } #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh, @@ -572,7 +586,8 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_public( ctx, olen, buf, blen, f_rng, p_rng ) ); + return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng ) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen, @@ -617,7 +632,8 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_read_public( ctx, buf, blen ) ); + return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh, + buf, blen ) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh, @@ -703,7 +719,8 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_calc_secret( ctx, olen, buf, blen, f_rng, p_rng ) ); + return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng ) ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf, From 999f3b53a1cfac57075659d9cacf63f513865afb Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 14 Dec 2018 10:57:01 +0000 Subject: [PATCH 17/78] ECDH: Remove YOTTA config #define --- include/mbedtls/config.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 155a085b8..ce00ca114 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2091,11 +2091,6 @@ /* \} name SECTION: Customisation configuration options */ -/* Target and application specific configurations */ -//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h" - -/* \} name SECTION: Customisation configuration options */ - /* Target and application specific configurations * * Allow user to override any previous default. From c3cbddecb50dd54773bcfeca3a4d10c6361a3f22 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 14 Dec 2018 11:03:02 +0000 Subject: [PATCH 18/78] ECDH: Fix whitespace, permissions --- 3rdparty/everest/include/everest/everest.h | 0 3rdparty/everest/include/everest/x25519.h | 0 3rdparty/everest/library/everest.c | 3 ++- 3rdparty/everest/library/x25519.c | 0 include/mbedtls/config.h | 2 +- include/mbedtls/ecdh.h | 2 +- library/ecdh.c | 0 library/ecdsa.c | 0 library/ecp.c | 0 programs/test/benchmark.c | 2 +- 10 files changed, 5 insertions(+), 4 deletions(-) mode change 100755 => 100644 3rdparty/everest/include/everest/everest.h mode change 100755 => 100644 3rdparty/everest/include/everest/x25519.h mode change 100755 => 100644 3rdparty/everest/library/everest.c mode change 100755 => 100644 3rdparty/everest/library/x25519.c mode change 100755 => 100644 library/ecdh.c mode change 100755 => 100644 library/ecdsa.c mode change 100755 => 100644 library/ecp.c mode change 100755 => 100644 programs/test/benchmark.c diff --git a/3rdparty/everest/include/everest/everest.h b/3rdparty/everest/include/everest/everest.h old mode 100755 new mode 100644 diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h old mode 100755 new mode 100644 diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c old mode 100755 new mode 100644 index 4b3a799dc..2e2422f3e --- a/3rdparty/everest/library/everest.c +++ b/3rdparty/everest/library/everest.c @@ -107,4 +107,5 @@ int mbedtls_everest_calc_secret( mbedtls_ecdh_context_everest *ctx, size_t *olen return mbedtls_x25519_calc_secret( x25519_ctx, olen, buf, blen, f_rng, p_rng ); } -#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ \ No newline at end of file +#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ + diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c old mode 100755 new mode 100644 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ce00ca114..b91fa702b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2078,7 +2078,7 @@ */ //#define MBEDTLS_PLATFORM_GMTIME_R_ALT -/* +/** * \def MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED * * Enable the verified implementations of crypto primitives diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 4bb704bc5..7f61c453c 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -43,7 +43,7 @@ #include "mbedtls/ecp.h" #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) -#undef MBEDTLS_ECDH_LEGACY_CONTEXT +#undef MBEDTLS_ECDH_LEGACY_CONTEXT #include "everest/everest.h" #endif diff --git a/library/ecdh.c b/library/ecdh.c old mode 100755 new mode 100644 diff --git a/library/ecdsa.c b/library/ecdsa.c old mode 100755 new mode 100644 diff --git a/library/ecp.c b/library/ecp.c old mode 100755 new mode 100644 diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c old mode 100755 new mode 100644 index ba2c9370a..a808a84b6 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -988,7 +988,7 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_ECDH_C) if( todo.ecdh ) { mbedtls_ecdh_context ecdh_srv, ecdh_cli; From 34811a8db249f5c7134ac1965ec67fbf060addb4 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 14 Dec 2018 11:46:43 +0000 Subject: [PATCH 19/78] ECDH: Use LOCAL_CFLAGS instead of CFLAGS --- library/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index 58ecb0c27..30663eae2 100644 --- a/library/Makefile +++ b/library/Makefile @@ -20,7 +20,7 @@ endif # CFLAGS += -D_BSD_EXTENSION # Include directories for Everest code -CFLAGS+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib +LOCAL_CFLAGS+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib # if were running on Windows build for Windows ifdef WINDOWS From 3c449621ceaed42fcfe708d3907afff9f1cd6dbe Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 14 Dec 2018 11:54:59 +0000 Subject: [PATCH 20/78] ECDH: Fix error checks in benchmark.c --- programs/test/benchmark.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) mode change 100644 => 100755 programs/test/benchmark.c diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c old mode 100644 new mode 100755 index a808a84b6..0d4837f60 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -225,6 +225,14 @@ static int myrand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } +#if defined(MBEDTLS_ECDH_C) +static void check( int r ) +{ + if( r != 0 ) + mbedtls_exit( 1 ); +} +#endif + /* * Clear some memory that was used to prepare the context */ @@ -1003,8 +1011,8 @@ int main( int argc, char *argv[] ) { mbedtls_ecdh_init( &ecdh_srv ); mbedtls_ecdh_init( &ecdh_cli ); - mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ); - mbedtls_ecdh_setup( &ecdh_cli, curve_info->grp_id ); + check( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) ); + check( mbedtls_ecdh_setup( &ecdh_cli, curve_info->grp_id ) ); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) if (mbedtls_ecp_group_load(&ecdh_srv.grp, curve_info->grp_id) != 0 || @@ -1023,15 +1031,15 @@ int main( int argc, char *argv[] ) mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); TIME_PUBLIC( title, "full handshake", const unsigned char * p_srv = buf_srv; - ret |= mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ); + check( mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) ); - ret |= mbedtls_ecdh_read_params( &ecdh_cli, &p_srv, p_srv + olen ); - ret |= mbedtls_ecdh_make_public( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ); + check( mbedtls_ecdh_read_params( &ecdh_cli, &p_srv, p_srv + olen ) ); + check( mbedtls_ecdh_make_public( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) ); - ret |= mbedtls_ecdh_read_public( &ecdh_srv, buf_cli, olen ); - ret |= mbedtls_ecdh_calc_secret( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ); + check( mbedtls_ecdh_read_public( &ecdh_srv, buf_cli, olen ) ); + check( mbedtls_ecdh_calc_secret( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) ); - ret |= mbedtls_ecdh_calc_secret( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ); + check( mbedtls_ecdh_calc_secret( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) ); ); mbedtls_ecdh_free( &ecdh_srv ); From 24fbceff50cd784d3c0becc0a816ff0bf4b9562a Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 14 Dec 2018 12:36:10 +0000 Subject: [PATCH 21/78] ECDH: Everest: Remove unnecessary file --- .../everest/library/kremlib/fstar_uint128.c | 216 ------------------ library/Makefile | 1 - visualc/VS2010/mbedTLS.vcxproj | 1 - 3 files changed, 218 deletions(-) delete mode 100644 3rdparty/everest/library/kremlib/fstar_uint128.c diff --git a/3rdparty/everest/library/kremlib/fstar_uint128.c b/3rdparty/everest/library/kremlib/fstar_uint128.c deleted file mode 100644 index cadfbc7fa..000000000 --- a/3rdparty/everest/library/kremlib/fstar_uint128.c +++ /dev/null @@ -1,216 +0,0 @@ -/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ - -/******************************************************************************/ -/* Machine integers (128-bit arithmetic) */ -/******************************************************************************/ - -/* This header makes KreMLin-generated C code work with: - * - the default setting where we assume the target compiler defines __int128 - * - the setting where we use FStar.UInt128's implementation instead; in that - * case, generated C files must be compiled with -DKRML_VERIFIED_UINT128 - * - a refinement of the case above, wherein all structures are passed by - * reference, a.k.a. "-fnostruct-passing", meaning that the KreMLin-generated - * must be compiled with -DKRML_NOSTRUCT_PASSING - * Note: no MSVC support in this file. - */ - -#include "FStar_UInt128.h" -#include "kremlin/c_endianness.h" -#include "FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h" - -#if !defined(KRML_VERIFIED_UINT128) && !defined(_MSC_VER) - -/* GCC + using native unsigned __int128 support */ - -uint128_t load128_le(uint8_t *b) { - uint128_t l = (uint128_t)load64_le(b); - uint128_t h = (uint128_t)load64_le(b + 8); - return (h << 64 | l); -} - -void store128_le(uint8_t *b, uint128_t n) { - store64_le(b, (uint64_t)n); - store64_le(b + 8, (uint64_t)(n >> 64)); -} - -uint128_t load128_be(uint8_t *b) { - uint128_t h = (uint128_t)load64_be(b); - uint128_t l = (uint128_t)load64_be(b + 8); - return (h << 64 | l); -} - -void store128_be(uint8_t *b, uint128_t n) { - store64_be(b, (uint64_t)(n >> 64)); - store64_be(b + 8, (uint64_t)n); -} - -uint128_t FStar_UInt128_add(uint128_t x, uint128_t y) { - return x + y; -} - -uint128_t FStar_UInt128_mul(uint128_t x, uint128_t y) { - return x * y; -} - -uint128_t FStar_UInt128_add_mod(uint128_t x, uint128_t y) { - return x + y; -} - -uint128_t FStar_UInt128_sub(uint128_t x, uint128_t y) { - return x - y; -} - -uint128_t FStar_UInt128_sub_mod(uint128_t x, uint128_t y) { - return x - y; -} - -uint128_t FStar_UInt128_logand(uint128_t x, uint128_t y) { - return x & y; -} - -uint128_t FStar_UInt128_logor(uint128_t x, uint128_t y) { - return x | y; -} - -uint128_t FStar_UInt128_logxor(uint128_t x, uint128_t y) { - return x ^ y; -} - -uint128_t FStar_UInt128_lognot(uint128_t x) { - return ~x; -} - -uint128_t FStar_UInt128_shift_left(uint128_t x, uint32_t y) { - return x << y; -} - -uint128_t FStar_UInt128_shift_right(uint128_t x, uint32_t y) { - return x >> y; -} - -uint128_t FStar_UInt128_uint64_to_uint128(uint64_t x) { - return (uint128_t)x; -} - -uint64_t FStar_UInt128_uint128_to_uint64(uint128_t x) { - return (uint64_t)x; -} - -uint128_t FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { - return ((uint128_t) x) * y; -} - -uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) { - uint64_t mask = - FStar_UInt64_eq_mask((uint64_t)(x >> 64), (uint64_t)(y >> 64)) & - FStar_UInt64_eq_mask(x, y); - return ((uint128_t)mask) << 64 | mask; -} - -uint128_t FStar_UInt128_gte_mask(uint128_t x, uint128_t y) { - uint64_t mask = - (FStar_UInt64_gte_mask(x >> 64, y >> 64) & - ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) | - (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask(x, y)); - return ((uint128_t)mask) << 64 | mask; -} - -uint128_t FStar_Int_Cast_Full_uint64_to_uint128(uint64_t x) { - return x; -} - -uint64_t FStar_Int_Cast_Full_uint128_to_uint64(uint128_t x) { - return x; -} - -#elif !defined(_MSC_VER) && defined(KRML_VERIFIED_UINT128) - -/* Verified uint128 implementation. */ - -/* Access 64-bit fields within the int128. */ -#define HIGH64_OF(x) ((x)->high) -#define LOW64_OF(x) ((x)->low) - -typedef FStar_UInt128_uint128 FStar_UInt128_t_, uint128_t; - -/* A series of definitions written using pointers. */ - -void load128_le_(uint8_t *b, uint128_t *r) { - LOW64_OF(r) = load64_le(b); - HIGH64_OF(r) = load64_le(b + 8); -} - -void store128_le_(uint8_t *b, uint128_t *n) { - store64_le(b, LOW64_OF(n)); - store64_le(b + 8, HIGH64_OF(n)); -} - -void load128_be_(uint8_t *b, uint128_t *r) { - HIGH64_OF(r) = load64_be(b); - LOW64_OF(r) = load64_be(b + 8); -} - -void store128_be_(uint8_t *b, uint128_t *n) { - store64_be(b, HIGH64_OF(n)); - store64_be(b + 8, LOW64_OF(n)); -} - -void -FStar_Int_Cast_Full_uint64_to_uint128_(uint64_t x, uint128_t *dst) { - /* C89 */ - LOW64_OF(dst) = x; - HIGH64_OF(dst) = 0; -} - -uint64_t FStar_Int_Cast_Full_uint128_to_uint64_(uint128_t *x) { - return LOW64_OF(x); -} - -# ifndef KRML_NOSTRUCT_PASSING - -uint128_t load128_le(uint8_t *b) { - uint128_t r; - load128_le_(b, &r); - return r; -} - -void store128_le(uint8_t *b, uint128_t n) { - store128_le_(b, &n); -} - -uint128_t load128_be(uint8_t *b) { - uint128_t r; - load128_be_(b, &r); - return r; -} - -void store128_be(uint8_t *b, uint128_t n) { - store128_be_(b, &n); -} - -uint128_t FStar_Int_Cast_Full_uint64_to_uint128(uint64_t x) { - uint128_t dst; - FStar_Int_Cast_Full_uint64_to_uint128_(x, &dst); - return dst; -} - -uint64_t FStar_Int_Cast_Full_uint128_to_uint64(uint128_t x) { - return FStar_Int_Cast_Full_uint128_to_uint64_(&x); -} - -# else /* !defined(KRML_STRUCT_PASSING) */ - -# define print128 print128_ -# define load128_le load128_le_ -# define store128_le store128_le_ -# define load128_be load128_be_ -# define store128_be store128_be_ -# define FStar_Int_Cast_Full_uint128_to_uint64 \ - FStar_Int_Cast_Full_uint128_to_uint64_ -# define FStar_Int_Cast_Full_uint64_to_uint128 \ - FStar_Int_Cast_Full_uint64_to_uint128_ - -# endif /* KRML_STRUCT_PASSING */ - -#endif diff --git a/library/Makefile b/library/Makefile index 30663eae2..ee9ca389b 100644 --- a/library/Makefile +++ b/library/Makefile @@ -108,7 +108,6 @@ OBJS_CRYPTO+= \ ../3rdparty/everest/library/everest.o \ ../3rdparty/everest/library/Hacl_Curve25519.o \ ../3rdparty/everest/library/x25519.o \ - ../3rdparty/everest/library/kremlib/fstar_uint128.o \ ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.o .SILENT: diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index fade3d1a2..2206bb196 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -302,7 +302,6 @@ - From 2e724a18a10c3243b85f9cff15d9b33d7571564c Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 7 Jan 2019 14:19:41 +0000 Subject: [PATCH 22/78] ECDH: Fix Everest ECDH side type --- library/ecdh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 library/ecdh.c diff --git a/library/ecdh.c b/library/ecdh.c old mode 100644 new mode 100755 index fec88d081..58e67bfab --- a/library/ecdh.c +++ b/library/ecdh.c @@ -506,7 +506,7 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: { - mbedtls_x25519_ecdh_side s = side == MBEDTLS_ECDH_OURS ? + mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ? MBEDTLS_EVEREST_ECDH_OURS : MBEDTLS_EVEREST_ECDH_THEIRS; return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh, From 62dddd08fd5a73f7ffdfbe754d5688c9c5277bd3 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 14 Dec 2018 13:07:50 +0000 Subject: [PATCH 23/78] Add new 3rdparty build scripts --- 3rdparty/CMakeLists.txt | 6 ++++++ 3rdparty/Makefile.inc | 1 + 3rdparty/everest/CMakeLists.txt | 9 +++++++++ 3rdparty/everest/Makefile.inc | 7 +++++++ CMakeLists.txt | 1 + library/CMakeLists.txt | 10 +--------- library/Makefile | 12 +++--------- 7 files changed, 28 insertions(+), 18 deletions(-) create mode 100755 3rdparty/CMakeLists.txt create mode 100755 3rdparty/Makefile.inc create mode 100755 3rdparty/everest/CMakeLists.txt create mode 100755 3rdparty/everest/Makefile.inc diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt new file mode 100755 index 000000000..df28699f1 --- /dev/null +++ b/3rdparty/CMakeLists.txt @@ -0,0 +1,6 @@ +add_subdirectory(everest) + +set(src_thirdparty + ${src_everest} + PARENT_SCOPE +) diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc new file mode 100755 index 000000000..757bd5f1b --- /dev/null +++ b/3rdparty/Makefile.inc @@ -0,0 +1 @@ +include ../3rdparty/everest/Makefile.inc \ No newline at end of file diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt new file mode 100755 index 000000000..25f50cae9 --- /dev/null +++ b/3rdparty/everest/CMakeLists.txt @@ -0,0 +1,9 @@ +include_directories(include include/everest include/everest/kremlib) + +set(src_everest + ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c + PARENT_SCOPE +) \ No newline at end of file diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc new file mode 100755 index 000000000..bbdba56a3 --- /dev/null +++ b/3rdparty/everest/Makefile.inc @@ -0,0 +1,7 @@ +THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib + +THIRDPARTY_OBJECTS+= \ + ../3rdparty/everest/library/everest.o \ + ../3rdparty/everest/library/Hacl_Curve25519.o \ + ../3rdparty/everest/library/x25519.o \ + ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.o \ No newline at end of file diff --git a/CMakeLists.txt b/CMakeLists.txt index f756d4331..044ddc281 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -179,6 +179,7 @@ endif() include_directories(include/ 3rdparty/everest/include/ 3rdparty/everest/include/everest/ 3rdparty/everest/include/everest/kremlin/ 3rdparty/everest/include/everest/kremlib/) include_directories(library/) +add_subdirectory(3rdparty) add_subdirectory(library) add_subdirectory(include) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 009fb3e74..a6eb1ed06 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -74,6 +74,7 @@ set(src_crypto threading.c timing.c xtea.c + ${src_thirdparty} ) # For files generated by the parent project (Mbed TLS) when building Mbed @@ -94,15 +95,6 @@ set(src_crypto ) endif() -set(src_everest - ../3rdparty/everest/library/everest.c - ../3rdparty/everest/library/Hacl_Curve25519.c - ../3rdparty/everest/library/x25519.c - ../3rdparty/everest/library/kremlib/fstar_uint128.c - ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c -) - -set(src_crypto ${src_crypto} ${src_everest}) if(CMAKE_COMPILER_IS_GNUCC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") endif(CMAKE_COMPILER_IS_GNUCC) diff --git a/library/Makefile b/library/Makefile index ee9ca389b..31c9208b9 100644 --- a/library/Makefile +++ b/library/Makefile @@ -19,9 +19,6 @@ endif # To compile on Plan9: # CFLAGS += -D_BSD_EXTENSION -# Include directories for Everest code -LOCAL_CFLAGS+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib - # if were running on Windows build for Windows ifdef WINDOWS WINDOWS_BUILD=1 @@ -104,11 +101,9 @@ OBJS_CRYPTO += version.o OBJS_CRYPTO += version_features.o endif -OBJS_CRYPTO+= \ - ../3rdparty/everest/library/everest.o \ - ../3rdparty/everest/library/Hacl_Curve25519.o \ - ../3rdparty/everest/library/x25519.o \ - ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.o +include ../3rdparty/Makefile.inc +LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) +OBJS_CRYPTO+=$(THIRDPARTY_OBJECTS) .SILENT: @@ -163,4 +158,3 @@ else if exist libmbed* del /Q /F libmbed* if exist $(OBJS_CRYPTO) del /Q /F $(OBJS_CRYPTO) endif - From 7cc4c68eb63a24f9cbf814254cd537df819958e5 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 14 Dec 2018 13:18:52 +0000 Subject: [PATCH 24/78] Fix preprocessor directive recognition in list-enum-consts.pl --- tests/scripts/list-enum-consts.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl index ebd9b7ebc..a30421734 100755 --- a/tests/scripts/list-enum-consts.pl +++ b/tests/scripts/list-enum-consts.pl @@ -22,7 +22,7 @@ while (<>) $state = 'in'; } elsif( $state eq 'in' and /}/ ) { $state = 'out'; - } elsif( $state eq 'in' and not (/^#if/ or /#endif/)) { + } elsif( $state eq 'in' and not /^#/) { s/=.*//; s!/\*.*!!; s/,.*//; s/\s+//g; chomp; push @consts, $_ if $_; } From 1083a25a29825e36c70c7dbbd4d6e4f704bb5e1a Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 14 Dec 2018 13:34:06 +0000 Subject: [PATCH 25/78] ECDH: Exclude FStar and Hacl* from exported symbol checks --- tests/scripts/list-symbols.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index 930722c1b..6ecc199bf 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -30,9 +30,9 @@ if [ -n "$make_ret" ]; then fi if uname | grep -F Darwin >/dev/null; then - nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p' + nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p' | grep -v -e ^FStar -e ^Hacl elif uname | grep -F Linux >/dev/null; then - nm -og library/libmbed*.a | grep -v '^[^ ]*: *U \|^$\|^[^ ]*:$' | sed 's/^[^ ]* . //' + nm -og library/libmbed*.a | grep -v '^[^ ]*: *U \|^$\|^[^ ]*:$' | sed 's/^[^ ]* . //' | grep -v -e ^FStar -e ^Hacl fi | sort > exported-symbols make clean From 8a0f5bb3c11196a5bc0df6393a47e56c40adb7ac Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 14 Dec 2018 15:46:34 +0000 Subject: [PATCH 26/78] Make check-names.sh find the right names in 3rdparty Essentially adds the Everest .h and .c files to the various variables. This should be generalized at some point, but there is no infrastructure for this yet. --- 3rdparty/everest/include/everest/x25519.h | 3 ++- tests/scripts/check-names.sh | 4 +++- tests/scripts/list-enum-consts.pl | 3 +++ tests/scripts/list-identifiers.sh | 1 + tests/scripts/list-macros.sh | 1 + 5 files changed, 10 insertions(+), 2 deletions(-) mode change 100644 => 100755 3rdparty/everest/include/everest/x25519.h diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h old mode 100644 new mode 100755 index cdfb16f53..b8cc214f6 --- a/3rdparty/everest/include/everest/x25519.h +++ b/3rdparty/everest/include/everest/x25519.h @@ -40,7 +40,8 @@ typedef enum /** * \brief The x25519 context structure. */ -typedef struct mbedtls_x25519_context_ { +typedef struct +{ unsigned char our_secret[32]; unsigned char peer_point[32]; } mbedtls_x25519_context; diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 7d2302cb2..b07db23d2 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -82,10 +82,12 @@ done printf "Likely typos: " sort -u actual-macros enum-consts > _caps HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-1\.3\.h' ) +HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h" +LIBRARY="$( ls library/*.c ) 3rdparty/everest/library/everest.c 3rdparty/everest/library/x25519.c" NL=' ' sed -n 's/MBED..._[A-Z0-9_]*/\'"$NL"'&\'"$NL"/gp \ - $HEADERS library/*.c \ + $HEADERS $LIBRARY \ | grep MBEDTLS | sort -u > _MBEDTLS_XXX TYPOS=$( diff _caps _MBEDTLS_XXX | sed -n 's/^> //p' \ | egrep -v 'XXX|__|_$|^MBEDTLS_.*CONFIG_FILE$' || true ) diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl index a30421734..e59517b88 100755 --- a/tests/scripts/list-enum-consts.pl +++ b/tests/scripts/list-enum-consts.pl @@ -9,6 +9,9 @@ use open qw(:std utf8); -d 'include/mbedtls' or die "$0: must be run from root\n"; @ARGV = grep { ! /compat-1\.3\.h/ } ; +push @ARGV, "3rdparty/everest/include/everest/everest.h"; +push @ARGV, "3rdparty/everest/include/everest/x25519.h"; + my @consts; my $state = 'out'; diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index 4828c80eb..24e74043b 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -35,6 +35,7 @@ then HEADERS=$( ls include/mbedtls/*_internal.h library/*.h | egrep -v 'compat-1\.3\.h|bn_mul' ) else HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h | egrep -v 'compat-1\.3\.h|bn_mul' ) + HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h" fi rm -f identifiers diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh index 3fa66f191..9a89737df 100755 --- a/tests/scripts/list-macros.sh +++ b/tests/scripts/list-macros.sh @@ -8,6 +8,7 @@ if [ -d include/mbedtls ]; then :; else fi HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-1\.3\.h' ) +HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h" # White-list macros we want to be able to refer to that don't exist in the # crypto library, useful when referring to macros in Mbed TLS from comments. From 0082f9df6f26b982f74a3301399f66ba7a6eb039 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 7 Jan 2019 13:47:30 +0000 Subject: [PATCH 27/78] ECDSA: Add mbedtls_ecdsa_can_do --- include/mbedtls/ecdsa.h | 11 ++++++++++- library/ecdsa.c | 20 ++++++++++++++++---- programs/test/benchmark.c | 6 ++++++ 3 files changed, 32 insertions(+), 5 deletions(-) mode change 100644 => 100755 include/mbedtls/ecdsa.h mode change 100644 => 100755 library/ecdsa.c diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h old mode 100644 new mode 100755 index effbb1ed0..e19d8d1c1 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -125,6 +125,16 @@ typedef void mbedtls_ecdsa_restart_ctx; #endif /* MBEDTLS_ECP_RESTARTABLE */ +/** + * \brief This function checks whether a given group can be used + * for ECDSA. + * + * \param gid The ECP group ID to check. + * + * \return \c 1 if the group can be used, \c 0 otherwise + */ +int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ); + /** * \brief This function computes the ECDSA signature of a * previously-hashed message. @@ -469,7 +479,6 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen, mbedtls_ecdsa_restart_ctx *rs_ctx ); - /** * \brief This function generates an ECDSA keypair on the given curve. * diff --git a/library/ecdsa.c b/library/ecdsa.c old mode 100644 new mode 100755 index 2daabeedf..f34652650 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -263,9 +263,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, mbedtls_mpi *pk = &k, *pr = r; /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ - if( grp->id == MBEDTLS_ECP_DP_CURVE25519 || - grp->id == MBEDTLS_ECP_DP_CURVE448 || - grp->N.p == NULL ) + if( !mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); /* Make sure d is in range 1..n-1 */ @@ -380,6 +378,20 @@ cleanup: return( ret ); } +int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ) +{ + switch( gid ) + { +#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED + case MBEDTLS_ECP_DP_CURVE25519: return 0; +#endif +#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED + case MBEDTLS_ECP_DP_CURVE448: return 0; +#endif + default: return 1; + } +} + /* * Compute ECDSA signature of a hashed message */ @@ -504,7 +516,7 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ - if( grp->N.p == NULL ) + if( !mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); ECDSA_RS_ENTER( ver ); diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 0d4837f60..a53851acb 100755 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -835,6 +835,9 @@ int main( int argc, char *argv[] ) curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) { + if( mbedtls_ecdsa_can_do( curve_info->grp_id ) == 0 ) + continue; + mbedtls_ecdsa_init( &ecdsa ); if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 ) @@ -854,6 +857,9 @@ int main( int argc, char *argv[] ) curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) { + if( mbedtls_ecdsa_can_do( curve_info->grp_id ) == 0 ) + continue; + mbedtls_ecdsa_init( &ecdsa ); if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 || From ea24394c03ce5947237f3b015a14dd20a3c34d2c Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 7 Jan 2019 14:12:25 +0000 Subject: [PATCH 28/78] ECDH: Fix whitespace and permission problems --- 3rdparty/CMakeLists.txt | 12 +++++----- 3rdparty/everest/CMakeLists.txt | 19 ++++++++------- .../everest/kremlin/internal/callconv.h | 4 +++- 3rdparty/everest/include/everest/x25519.h | 0 include/mbedtls/ecdsa.h | 0 library/ecdh.c | 24 +++++++++---------- library/ecdsa.c | 0 programs/test/benchmark.c | 0 8 files changed, 30 insertions(+), 29 deletions(-) mode change 100755 => 100644 3rdparty/CMakeLists.txt mode change 100755 => 100644 3rdparty/everest/CMakeLists.txt mode change 100755 => 100644 3rdparty/everest/include/everest/x25519.h mode change 100755 => 100644 include/mbedtls/ecdsa.h mode change 100755 => 100644 library/ecdh.c mode change 100755 => 100644 library/ecdsa.c mode change 100755 => 100644 programs/test/benchmark.c diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt old mode 100755 new mode 100644 index df28699f1..4511e4358 --- a/3rdparty/CMakeLists.txt +++ b/3rdparty/CMakeLists.txt @@ -1,6 +1,6 @@ -add_subdirectory(everest) - -set(src_thirdparty - ${src_everest} - PARENT_SCOPE -) +add_subdirectory(everest) + +set(src_thirdparty + ${src_everest} + PARENT_SCOPE +) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt old mode 100755 new mode 100644 index 25f50cae9..84e2763c8 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -1,9 +1,10 @@ -include_directories(include include/everest include/everest/kremlib) - -set(src_everest - ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c - PARENT_SCOPE -) \ No newline at end of file +include_directories(include include/everest include/everest/kremlib) + +set(src_everest + ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c + PARENT_SCOPE +) + diff --git a/3rdparty/everest/include/everest/kremlin/internal/callconv.h b/3rdparty/everest/include/everest/kremlin/internal/callconv.h index 24b5fffa8..bf631ff46 100644 --- a/3rdparty/everest/include/everest/kremlin/internal/callconv.h +++ b/3rdparty/everest/include/everest/kremlin/internal/callconv.h @@ -24,7 +24,9 @@ #endif #endif -/* TODO: review these two definitions and understand why they're needed. */ +/* Since KreMLin emits the inline keyword unconditionally, we follow the + * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this + * __inline__ to ensure the code compiles with -std=c90 and earlier. */ #ifdef __GNUC__ # define inline __inline__ #endif diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h old mode 100755 new mode 100644 diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h old mode 100755 new mode 100644 diff --git a/library/ecdh.c b/library/ecdh.c old mode 100755 new mode 100644 index 58e67bfab..66a2d1687 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -220,20 +220,18 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) switch( grp_id ) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) - case MBEDTLS_ECP_DP_CURVE25519: - { - ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED; - ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; - ctx->grp_id = grp_id; - return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) ); - } + case MBEDTLS_ECP_DP_CURVE25519: + ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; + ctx->grp_id = grp_id; + return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) ); #endif - default: - ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; - ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; - ctx->grp_id = grp_id; - ecdh_init_internal( &ctx->ctx.mbed_ecdh ); - return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); + default: + ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; + ctx->grp_id = grp_id; + ecdh_init_internal( &ctx->ctx.mbed_ecdh ); + return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); } #endif } diff --git a/library/ecdsa.c b/library/ecdsa.c old mode 100755 new mode 100644 diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c old mode 100755 new mode 100644 From 78450a3dd145730d1ee2440eb6a6d3b9643577fa Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 17 Jan 2019 12:17:54 +0000 Subject: [PATCH 29/78] ECDH: Disables MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED by default --- include/mbedtls/config.h | 2 +- scripts/config.pl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b91fa702b..f040c932c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2087,7 +2087,7 @@ * MBEDTLS_ECDH_LEGACY_CONTEXT). * */ -#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED +//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED /* \} name SECTION: Customisation configuration options */ diff --git a/scripts/config.pl b/scripts/config.pl index 458875768..ed0967d56 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -91,6 +91,7 @@ MBEDTLS_PSA_CRYPTO_SPM MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER MBEDTLS_PSA_INJECT_ENTROPY MBEDTLS_ECP_RESTARTABLE +MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED _ALT\s*$ ); From 405b371a840dc9a5ed2c45965044757d0bd61e29 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Thu, 17 Jan 2019 13:40:58 +0000 Subject: [PATCH 30/78] Silences missing documentation warning for MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED --- include/mbedtls/config.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f040c932c..2e246e4a2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2079,8 +2079,6 @@ //#define MBEDTLS_PLATFORM_GMTIME_R_ALT /** - * \def MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - * * Enable the verified implementations of crypto primitives * from Project Everest (currently only Curve25519). * This feature breaks ECDH backward compatibility (see also From 6ea2dea1c5aa1f1cc6ffe3f7ef7c56a2259a2668 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 21 Jan 2019 17:26:19 +0000 Subject: [PATCH 31/78] 3rdparty: Add additional build facilities for 3rd-party code --- 3rdparty/CMakeLists.txt | 13 ++++-- 3rdparty/everest/CMakeLists.txt | 46 +++++++++++++++---- 3rdparty/everest/Makefile.inc | 25 +++++++--- .../{vs2010 => legacy}/Hacl_Curve25519.c | 0 CMakeLists.txt | 6 ++- include/CMakeLists.txt | 3 +- library/CMakeLists.txt | 3 +- programs/Makefile | 3 +- scripts/generate_visualc_files.pl | 2 +- tests/Makefile | 3 +- visualc/VS2010/mbedTLS.vcxproj | 2 +- 11 files changed, 79 insertions(+), 27 deletions(-) rename 3rdparty/everest/library/{vs2010 => legacy}/Hacl_Curve25519.c (100%) diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt index 4511e4358..dca4bd76b 100644 --- a/3rdparty/CMakeLists.txt +++ b/3rdparty/CMakeLists.txt @@ -1,6 +1,11 @@ +list (APPEND thirdparty_src) +list (APPEND thirdparty_lib) +list (APPEND thirdparty_inc) +list (APPEND thirdparty_def) + add_subdirectory(everest) -set(src_thirdparty - ${src_everest} - PARENT_SCOPE -) +set(thirdparty_src ${thirdparty_src} PARENT_SCOPE) +set(thirdparty_lib ${thirdparty_lib} PARENT_SCOPE) +set(thirdparty_inc ${thirdparty_inc} PARENT_SCOPE) +set(thirdparty_def ${thirdparty_def} PARENT_SCOPE) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index 84e2763c8..5b0a078dd 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -1,10 +1,40 @@ -include_directories(include include/everest include/everest/kremlib) +list (APPEND everest_src) +list (APPEND everest_inc) +list (APPEND everest_def) -set(src_everest - ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c - PARENT_SCOPE -) +execute_process(COMMAND ${PERL_EXECUTABLE} scripts/config.pl -f include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) +if(${result} EQUAL 0) + set(everest_src + ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c + ) + + if (${CMAKE_LIBRARY_ARCHITECTURE} STREQUAL "x86_64-linux-gnu") + list(APPEND everest_src ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519.c) + else() + list(APPEND everest_def -DKRML_VERIFIED_UINT128) + list(APPEND everest_src + ${CMAKE_CURRENT_SOURCE_DIR}/library/legacy/Hacl_Curve25519.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/kremlib/FStar_UInt128_extracted.c + ) + endif() + + list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/../../include ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) + + if(INSTALL_MBEDTLS_HEADERS) + + file(GLOB_RECURSE headers "${CMAKE_CURRENT_SOURCE_DIR}/include/everest/*.h") + + install(FILES ${headers} + DESTINATION include/everest + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) + + endif(INSTALL_MBEDTLS_HEADERS) + +endif() + +set(thirdparty_src ${thirdparty_src} ${everest_src} PARENT_SCOPE) +set(thirdparty_inc ${thirdparty_inc} ${everest_inc} PARENT_SCOPE) +set(thirdparty_def ${thirdparty_def} ${everest_def} PARENT_SCOPE) diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc index bbdba56a3..0b71e2a9f 100755 --- a/3rdparty/everest/Makefile.inc +++ b/3rdparty/everest/Makefile.inc @@ -1,7 +1,18 @@ -THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib - -THIRDPARTY_OBJECTS+= \ - ../3rdparty/everest/library/everest.o \ - ../3rdparty/everest/library/Hacl_Curve25519.o \ - ../3rdparty/everest/library/x25519.o \ - ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.o \ No newline at end of file +EVEREST_ENABLED=$(shell perl ../scripts/config.pl -f ../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED; echo $$?) + +ifeq ($(EVEREST_ENABLED),0) +THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib + +THIRDPARTY_OBJECTS+= \ + ../3rdparty/everest/library/everest.o \ + ../3rdparty/everest/library/x25519.o \ + ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.o + +ifeq ($(shell getconf LONG_BIT),64) +THIRDPARTY_OBJECTS+=../3rdparty/everest/library/Hacl_Curve25519.o +else +CFLAGS+="-DKRML_VERIFIED_UINT128" +THIRDPARTY_OBJECTS+=../3rdparty/everest/library/legacy/Hacl_Curve25519.o \ + ../3rdparty/everest/library/kremlib/FStar_UInt128_extracted.o +endif +endif diff --git a/3rdparty/everest/library/vs2010/Hacl_Curve25519.c b/3rdparty/everest/library/legacy/Hacl_Curve25519.c similarity index 100% rename from 3rdparty/everest/library/vs2010/Hacl_Curve25519.c rename to 3rdparty/everest/library/legacy/Hacl_Curve25519.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 044ddc281..5a0921926 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -176,10 +176,14 @@ else() set(LIB_INSTALL_DIR lib) endif() -include_directories(include/ 3rdparty/everest/include/ 3rdparty/everest/include/everest/ 3rdparty/everest/include/everest/kremlin/ 3rdparty/everest/include/everest/kremlib/) +include_directories(include/) include_directories(library/) add_subdirectory(3rdparty) +include_directories(${thirdparty_inc}) +list(APPEND libs ${thirdparty_lib}) +add_definitions(${thirdparty_def}) + add_subdirectory(library) add_subdirectory(include) diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 727fa210c..02f924df4 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -4,9 +4,8 @@ if(INSTALL_MBEDTLS_HEADERS) file(GLOB headers "mbedtls/*.h") file(GLOB psa_headers "psa/*.h") - file(GLOB everest_headers "../3rdparty/everest/include/*.h") - install(FILES ${headers} ${everest_headers} + install(FILES ${headers} DESTINATION include/mbedtls PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index a6eb1ed06..f4bb4725c 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -74,7 +74,6 @@ set(src_crypto threading.c timing.c xtea.c - ${src_thirdparty} ) # For files generated by the parent project (Mbed TLS) when building Mbed @@ -95,6 +94,8 @@ set(src_crypto ) endif() +list(APPEND src_crypto ${thirdparty_src}) + if(CMAKE_COMPILER_IS_GNUCC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") endif(CMAKE_COMPILER_IS_GNUCC) diff --git a/programs/Makefile b/programs/Makefile index 871b75b77..add1a8649 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -11,7 +11,8 @@ LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = -L../library \ -lmbedcrypto$(SHARED_SUFFIX) -LOCAL_CFLAGS+=-I../3rdparty/everest/include +include ../3rdparty/Makefile.inc +LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) ifndef SHARED DEP=../library/libmbedcrypto.a diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 5d07b885c..2134f53a6 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -23,7 +23,7 @@ my $mbedtls_header_dir = 'include/mbedtls'; my $psa_header_dir = 'include/psa'; my $source_dir = 'library'; my $everest_header_dir = '3rdparty/everest/include/everest'; -my @everest_source_dirs = ('3rdparty/everest/library', '3rdparty/everest/library/kremlib', '3rdparty/everest/library/vs2010'); +my @everest_source_dirs = ('3rdparty/everest/library', '3rdparty/everest/library/kremlib', '3rdparty/everest/library/legacy'); # Need windows line endings! my $vsx_hdr_tpl = < - + From 9597238058ddd72ac82a25c2eaa06dcc5ec3780b Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Wed, 6 Feb 2019 18:06:15 +0000 Subject: [PATCH 32/78] ECDH: Make benchmarks check MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED --- programs/test/benchmark.c | 127 +++++++++++++++++++------------------- 1 file changed, 62 insertions(+), 65 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index a53851acb..e90ef2de7 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -190,7 +190,12 @@ do { \ CODE; \ } \ \ - if( ret != 0 ) \ + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) \ + { \ + mbedtls_printf( "Feature Not Supported. Skipping.\n" ); \ + ret = 0; \ + } \ + else if( ret != 0 ) \ { \ PRINT_ERROR; \ } \ @@ -225,13 +230,17 @@ static int myrand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -#if defined(MBEDTLS_ECDH_C) -static void check( int r ) -{ - if( r != 0 ) - mbedtls_exit( 1 ); -} -#endif +#define CHECK_AND_CONTINUE( R ) \ + { \ + int ret = ( R ); \ + if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) { \ + mbedtls_printf( "Feature not supported. Skipping.\n" ); \ + continue; \ + } \ + else if( ret != 0 ) { \ + mbedtls_exit( 1 ); \ + } \ + } /* * Clear some memory that was used to prepare the context @@ -904,22 +913,19 @@ int main( int argc, char *argv[] ) { mbedtls_ecdh_init( &ecdh ); - if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || - mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), - myrand, NULL ) != 0 || - mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 ) - { - mbedtls_exit( 1 ); - } + CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), + myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) ); ecp_clear_precomputed( &ecdh.grp ); mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); TIME_PUBLIC( title, "handshake", - ret |= mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), - myrand, NULL ); - ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ), + CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ), + myrand, NULL ) ) ); mbedtls_ecdh_free( &ecdh ); } @@ -931,19 +937,16 @@ int main( int argc, char *argv[] ) mbedtls_ecdh_init( &ecdh ); mbedtls_mpi_init( &z ); - if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) != 0 ) - { - mbedtls_exit( 1 ); - } + CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL ) ); mbedtls_snprintf( title, sizeof(title), "ECDHE-%s", curve_info->name ); TIME_PUBLIC( title, "handshake", - ret |= mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, - myrand, NULL ); - ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, - myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, + myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, + myrand, NULL ) ) ); mbedtls_ecdh_free( &ecdh ); mbedtls_mpi_free( &z ); @@ -955,22 +958,19 @@ int main( int argc, char *argv[] ) { mbedtls_ecdh_init( &ecdh ); - if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || - mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), - myrand, NULL ) != 0 || - mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) != 0 || - mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), - myrand, NULL ) != 0 ) - { - mbedtls_exit( 1 ); - } + CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), + myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecp_copy( &ecdh.Qp, &ecdh.Q ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh, &olen, buf, sizeof( buf), + myrand, NULL ) ); ecp_clear_precomputed( &ecdh.grp ); mbedtls_snprintf( title, sizeof( title ), "ECDH-%s", curve_info->name ); TIME_PUBLIC( title, "handshake", - ret |= mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ), - myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh, &olen, buf, sizeof( buf ), + myrand, NULL ) ) ); mbedtls_ecdh_free( &ecdh ); } @@ -982,19 +982,16 @@ int main( int argc, char *argv[] ) mbedtls_ecdh_init( &ecdh ); mbedtls_mpi_init( &z ); - if( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, - myrand, NULL ) != 0 || - mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) != 0 ) - { - mbedtls_exit( 1 ); - } + CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Qp, + myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL ) ); mbedtls_snprintf( title, sizeof(title), "ECDH-%s", curve_info->name ); TIME_PUBLIC( title, "handshake", - ret |= mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, - myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_compute_shared( &ecdh.grp, &z, &ecdh.Qp, &ecdh.d, + myrand, NULL ) ) ); mbedtls_ecdh_free( &ecdh ); mbedtls_mpi_free( &z ); @@ -1017,35 +1014,35 @@ int main( int argc, char *argv[] ) { mbedtls_ecdh_init( &ecdh_srv ); mbedtls_ecdh_init( &ecdh_cli ); - check( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) ); - check( mbedtls_ecdh_setup( &ecdh_cli, curve_info->grp_id ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_cli, curve_info->grp_id ) ); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - if (mbedtls_ecp_group_load(&ecdh_srv.grp, curve_info->grp_id) != 0 || - mbedtls_ecdh_gen_public(&ecdh_srv.grp, - &ecdh_srv.d, - &ecdh_srv.Q, myrand, NULL) != 0) + CHECK_AND_CONTINUE( mbedtls_ecp_group_load(&ecdh_srv.grp, curve_info->grp_id)); + CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public(&ecdh_srv.grp, + &ecdh_srv.d, + &ecdh_srv.Q, myrand, NULL)); #else - if( ecdh_srv.var == MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0 && ( - mbedtls_ecp_group_load( &ecdh_srv.ctx.mbed_ecdh.grp, curve_info->grp_id ) != 0 || - mbedtls_ecdh_gen_public( &ecdh_srv.ctx.mbed_ecdh.grp, - &ecdh_srv.ctx.mbed_ecdh.d, - &ecdh_srv.ctx.mbed_ecdh.Q, myrand, NULL ) != 0 )) + if( ecdh_srv.var == MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0 ) { + CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh_srv.ctx.mbed_ecdh.grp, curve_info->grp_id )); + CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh_srv.ctx.mbed_ecdh.grp, + &ecdh_srv.ctx.mbed_ecdh.d, + &ecdh_srv.ctx.mbed_ecdh.Q, myrand, NULL )); + } #endif - mbedtls_exit( 1 ); mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); TIME_PUBLIC( title, "full handshake", const unsigned char * p_srv = buf_srv; - check( mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) ); - check( mbedtls_ecdh_read_params( &ecdh_cli, &p_srv, p_srv + olen ) ); - check( mbedtls_ecdh_make_public( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_read_params( &ecdh_cli, &p_srv, p_srv + olen ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_make_public( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) ); - check( mbedtls_ecdh_read_public( &ecdh_srv, buf_cli, olen ) ); - check( mbedtls_ecdh_calc_secret( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_read_public( &ecdh_srv, buf_cli, olen ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) ); - check( mbedtls_ecdh_calc_secret( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) ); + CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) ); ); mbedtls_ecdh_free( &ecdh_srv ); From 1fdf2c2d1c17bc915b5d2d3a3e8bbd15de247da7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 Feb 2019 18:23:42 +0100 Subject: [PATCH 33/78] Fix build with gcc -Wshadow --- programs/test/benchmark.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e90ef2de7..7524f5cb4 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -232,12 +232,12 @@ static int myrand( void *rng_state, unsigned char *output, size_t len ) #define CHECK_AND_CONTINUE( R ) \ { \ - int ret = ( R ); \ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) { \ + int CHECK_AND_CONTINUE_ret = ( R ); \ + if( CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) { \ mbedtls_printf( "Feature not supported. Skipping.\n" ); \ continue; \ } \ - else if( ret != 0 ) { \ + else if( CHECK_AND_CONTINUE_ret != 0 ) { \ mbedtls_exit( 1 ); \ } \ } From 20b3ef3caddc65d25904e6585a4e6d3b858ad157 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 Feb 2019 18:41:27 +0100 Subject: [PATCH 34/78] Add mbedtls_ecdh_can_do All curves can currently do ECDH, but to make the API symmetric and future-proof, add mbedtls_ecdh_can_do() to go with mbedtls_ecdsa_can_do(). --- include/mbedtls/ecdh.h | 9 +++++++++ library/ecdh.c | 7 +++++++ programs/test/benchmark.c | 9 +++++++++ 3 files changed, 25 insertions(+) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 7f61c453c..3948d7c98 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -144,6 +144,15 @@ typedef struct mbedtls_ecdh_context } mbedtls_ecdh_context; +/** + * \brief Check whether a given group can be used for ECDH. + * + * \param gid The ECP group ID to check. + * + * \return \c 1 if the group can be used, \c 0 otherwise + */ +int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ); + /** * \brief This function generates an ECDH keypair on an elliptic * curve. diff --git a/library/ecdh.c b/library/ecdh.c index 66a2d1687..648becbe4 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -63,6 +63,13 @@ static mbedtls_ecp_group_id mbedtls_ecdh_grp_id( #endif } +int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ) +{ + /* At this time, all groups support ECDH. */ + (void) gid; + return 1; +} + #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) /* * Generate public key (restartable version) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 7524f5cb4..502b15d9a 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -911,6 +911,9 @@ int main( int argc, char *argv[] ) curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) { + if( ! mbedtls_ecdh_can_do( curve_info->grp_id ) ) + continue; + mbedtls_ecdh_init( &ecdh ); CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) ); @@ -956,6 +959,9 @@ int main( int argc, char *argv[] ) curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) { + if( ! mbedtls_ecdh_can_do( curve_info->grp_id ) ) + continue; + mbedtls_ecdh_init( &ecdh ); CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh.grp, curve_info->grp_id ) ); @@ -1012,6 +1018,9 @@ int main( int argc, char *argv[] ) curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) { + if( ! mbedtls_ecdh_can_do( curve_info->grp_id ) ) + continue; + mbedtls_ecdh_init( &ecdh_srv ); mbedtls_ecdh_init( &ecdh_cli ); CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) ); From d2085f5a17adea8a502fd289f173b9ab07139454 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 Feb 2019 18:43:55 +0100 Subject: [PATCH 35/78] Document that curve lists can include partially-supported curves Document that a curve returned by mbedtls_ecp_curve_list() or mbedtls_ecp_grp_id_list() may lack support for ECDH or ECDSA. Add a corresponding changelog entry, under "API Changes" because we have changed the behavior: formerly, these functions skipped ECDH-only curves, although this was not documented. --- include/mbedtls/ecp.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 6aa677ad0..d04cc49b6 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -437,6 +437,12 @@ mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ); * mbedtls_ecp_curve_info() for all supported curves in order * of preference. * + * \note This function returns information about all curves + * supported by the library. Some curves may not be + * supported for all algorithms. Call mbedtls_ecdh_can_do() + * or mbedtls_ecdsa_can_do() to check if a curve is + * supported for ECDH or ECDSA. + * * \return A statically allocated array. The last entry is 0. */ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); @@ -446,6 +452,12 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); * identifiers of all supported curves in the order of * preference. * + * \note This function returns information about all curves + * supported by the library. Some curves may not be + * supported for all algorithms. Call mbedtls_ecdh_can_do() + * or mbedtls_ecdsa_can_do() to check if a curve is + * supported for ECDH or ECDSA. + * * \return A statically allocated array, * terminated with MBEDTLS_ECP_DP_NONE. */ From 41fb2c05e807f842ba01e902c857db1dbf2029a9 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 12:34:40 +0000 Subject: [PATCH 36/78] ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do --- programs/test/benchmark.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) mode change 100644 => 100755 programs/test/benchmark.c diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c old mode 100644 new mode 100755 index 502b15d9a..7cdff10b1 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -844,7 +844,7 @@ int main( int argc, char *argv[] ) curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) { - if( mbedtls_ecdsa_can_do( curve_info->grp_id ) == 0 ) + if( ! mbedtls_ecdsa_can_do( curve_info->grp_id ) ) continue; mbedtls_ecdsa_init( &ecdsa ); @@ -866,7 +866,7 @@ int main( int argc, char *argv[] ) curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) { - if( mbedtls_ecdsa_can_do( curve_info->grp_id ) == 0 ) + if( ! mbedtls_ecdsa_can_do( curve_info->grp_id ) ) continue; mbedtls_ecdsa_init( &ecdsa ); From 02174b90dcdc79bdfebcfd4fe0aa9a2efcfca89e Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 12:39:21 +0000 Subject: [PATCH 37/78] 3rdparty: Fix Makefile coding conventions --- 3rdparty/Makefile.inc | 3 ++- 3rdparty/everest/Makefile.inc | 1 + tests/scripts/check-files.py | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) mode change 100755 => 100644 3rdparty/everest/Makefile.inc diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc index 757bd5f1b..51080b7df 100755 --- a/3rdparty/Makefile.inc +++ b/3rdparty/Makefile.inc @@ -1 +1,2 @@ -include ../3rdparty/everest/Makefile.inc \ No newline at end of file +include ../3rdparty/everest/Makefile.inc + diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc old mode 100755 new mode 100644 index 0b71e2a9f..7ca70ece7 --- a/3rdparty/everest/Makefile.inc +++ b/3rdparty/everest/Makefile.inc @@ -16,3 +16,4 @@ THIRDPARTY_OBJECTS+=../3rdparty/everest/library/legacy/Hacl_Curve25519.o \ ../3rdparty/everest/library/kremlib/FStar_UInt128_extracted.o endif endif + diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 255bed8b9..6e35f5224 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -144,6 +144,7 @@ class TabIssueTracker(LineIssueTracker): heading = "Tabs present:" files_exemptions = frozenset([ "Makefile", + "Makefile.inc", "generate_visualc_files.pl", ]) @@ -181,7 +182,7 @@ class IntegrityChecker(object): self.setup_logger(log_file) self.files_to_check = ( ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data", - "Makefile", "CMakeLists.txt", "ChangeLog" + "Makefile", "Makefile.inc", "CMakeLists.txt", "ChangeLog" ) self.excluded_directories = ['.git', 'mbed-os'] self.excluded_paths = list(map(os.path.normpath, [ From 20819afcad3448babb8c8a4ca7067c679ef19bb1 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 12:43:12 +0000 Subject: [PATCH 38/78] 3rdparty: Adjust .gitignore --- 3rdparty/.gitignore | 1 + 3rdparty/everest/.gitignore | 1 + 2 files changed, 2 insertions(+) create mode 100644 3rdparty/.gitignore diff --git a/3rdparty/.gitignore b/3rdparty/.gitignore new file mode 100644 index 000000000..f3c7a7c5d --- /dev/null +++ b/3rdparty/.gitignore @@ -0,0 +1 @@ +Makefile diff --git a/3rdparty/everest/.gitignore b/3rdparty/everest/.gitignore index 5761abcfd..6eb25f66a 100644 --- a/3rdparty/everest/.gitignore +++ b/3rdparty/everest/.gitignore @@ -1 +1,2 @@ *.o +Makefile From f43e1d942f33133d0fab682b588c499dd7ea3538 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 12:44:35 +0000 Subject: [PATCH 39/78] 3rdparty: Remove unnecessary copy of license file --- 3rdparty/everest/apache-2.0.txt | 202 -------------------------------- 1 file changed, 202 deletions(-) delete mode 100644 3rdparty/everest/apache-2.0.txt diff --git a/3rdparty/everest/apache-2.0.txt b/3rdparty/everest/apache-2.0.txt deleted file mode 100644 index d64569567..000000000 --- a/3rdparty/everest/apache-2.0.txt +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. From 5833de7ab2f853ff46de3638df87be7eae062998 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 12:49:27 +0000 Subject: [PATCH 40/78] 3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED --- include/mbedtls/config.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) mode change 100644 => 100755 include/mbedtls/config.h diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h old mode 100644 new mode 100755 index 2e246e4a2..95ab1f2c2 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2079,11 +2079,11 @@ //#define MBEDTLS_PLATFORM_GMTIME_R_ALT /** - * Enable the verified implementations of crypto primitives - * from Project Everest (currently only Curve25519). - * This feature breaks ECDH backward compatibility (see also - * MBEDTLS_ECDH_LEGACY_CONTEXT). - * + * Enable the verified implementations of ECDH primitives from Project Everest + * (currently only Curve25519). This feature changes the layout of ECDH + * contexts and therefore is a compatibility break for applications that access + * fields of a mbedtls_ecdh_context structure directly. See also + * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. */ //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED From ef17e3b59c0c2335031f7b0bf94012cc501f34be Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 12:52:09 +0000 Subject: [PATCH 41/78] ECDSA: Fix formatting --- include/mbedtls/ecdsa.h | 1 + 1 file changed, 1 insertion(+) mode change 100644 => 100755 include/mbedtls/ecdsa.h diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h old mode 100644 new mode 100755 index e19d8d1c1..ad5118814 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -479,6 +479,7 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen, mbedtls_ecdsa_restart_ctx *rs_ctx ); + /** * \brief This function generates an ECDSA keypair on the given curve. * From 3ff60bcf1ae96ea40ab98ffd51d6b0c82e7aa5ba Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 12:59:59 +0000 Subject: [PATCH 42/78] ECDH/ECDSA: Fix indentation --- library/ecdh.c | 22 +++++++++++----------- library/ecdsa.c | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 648becbe4..d795ec4da 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -227,18 +227,18 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) switch( grp_id ) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) - case MBEDTLS_ECP_DP_CURVE25519: - ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED; - ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; - ctx->grp_id = grp_id; - return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) ); + case MBEDTLS_ECP_DP_CURVE25519: + ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; + ctx->grp_id = grp_id; + return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) ); #endif - default: - ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; - ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; - ctx->grp_id = grp_id; - ecdh_init_internal( &ctx->ctx.mbed_ecdh ); - return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); + default: + ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; + ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; + ctx->grp_id = grp_id; + ecdh_init_internal( &ctx->ctx.mbed_ecdh ); + return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); } #endif } diff --git a/library/ecdsa.c b/library/ecdsa.c index f34652650..162e62f02 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -383,10 +383,10 @@ int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ) switch( gid ) { #ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED - case MBEDTLS_ECP_DP_CURVE25519: return 0; + case MBEDTLS_ECP_DP_CURVE25519: return 0; #endif #ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED - case MBEDTLS_ECP_DP_CURVE448: return 0; + case MBEDTLS_ECP_DP_CURVE448: return 0; #endif default: return 1; } From 2d4725f204cdc61eed48da5b22b10afd0fc56af4 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 13:35:04 +0000 Subject: [PATCH 43/78] 3rdparty: Rename THIRDPARTY_OBJECTS --- 3rdparty/everest/Makefile.inc | 6 +++--- library/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc index 7ca70ece7..7aaa37446 100644 --- a/3rdparty/everest/Makefile.inc +++ b/3rdparty/everest/Makefile.inc @@ -3,16 +3,16 @@ EVEREST_ENABLED=$(shell perl ../scripts/config.pl -f ../include/mbedtls/config.h ifeq ($(EVEREST_ENABLED),0) THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib -THIRDPARTY_OBJECTS+= \ +THIRDPARTY_CRYPTO_OBJECTS+= \ ../3rdparty/everest/library/everest.o \ ../3rdparty/everest/library/x25519.o \ ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.o ifeq ($(shell getconf LONG_BIT),64) -THIRDPARTY_OBJECTS+=../3rdparty/everest/library/Hacl_Curve25519.o +THIRDPARTY_CRYPTO_OBJECTS+=../3rdparty/everest/library/Hacl_Curve25519.o else CFLAGS+="-DKRML_VERIFIED_UINT128" -THIRDPARTY_OBJECTS+=../3rdparty/everest/library/legacy/Hacl_Curve25519.o \ +THIRDPARTY_CRYPTO_OBJECTS+=../3rdparty/everest/library/legacy/Hacl_Curve25519.o \ ../3rdparty/everest/library/kremlib/FStar_UInt128_extracted.o endif endif diff --git a/library/Makefile b/library/Makefile index 31c9208b9..8e276941d 100644 --- a/library/Makefile +++ b/library/Makefile @@ -103,7 +103,7 @@ endif include ../3rdparty/Makefile.inc LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) -OBJS_CRYPTO+=$(THIRDPARTY_OBJECTS) +OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS) .SILENT: From 9b5e77e2e3fa3555c385c1b170a8dd99455253c9 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 13:38:18 +0000 Subject: [PATCH 44/78] 3rdparty: Use LOCAL_FLAGS instead of CFLAGS --- 3rdparty/everest/Makefile.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc index 7aaa37446..5387e180f 100644 --- a/3rdparty/everest/Makefile.inc +++ b/3rdparty/everest/Makefile.inc @@ -11,7 +11,7 @@ THIRDPARTY_CRYPTO_OBJECTS+= \ ifeq ($(shell getconf LONG_BIT),64) THIRDPARTY_CRYPTO_OBJECTS+=../3rdparty/everest/library/Hacl_Curve25519.o else -CFLAGS+="-DKRML_VERIFIED_UINT128" +LOCAL_CFLAGS+="-DKRML_VERIFIED_UINT128" THIRDPARTY_CRYPTO_OBJECTS+=../3rdparty/everest/library/legacy/Hacl_Curve25519.o \ ../3rdparty/everest/library/kremlib/FStar_UInt128_extracted.o endif From 737df0c755992bb44771051b9ec4b165fb29b839 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 13:46:31 +0000 Subject: [PATCH 45/78] Fix file permissions --- 3rdparty/Makefile.inc | 0 include/mbedtls/config.h | 0 include/mbedtls/ecdsa.h | 0 programs/test/benchmark.c | 0 4 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 3rdparty/Makefile.inc mode change 100755 => 100644 include/mbedtls/config.h mode change 100755 => 100644 include/mbedtls/ecdsa.h mode change 100755 => 100644 programs/test/benchmark.c diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc old mode 100755 new mode 100644 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h old mode 100755 new mode 100644 diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h old mode 100755 new mode 100644 diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c old mode 100755 new mode 100644 From 4061f04acd76bce06fd70b90088a0ca6c3446105 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 15:18:52 +0000 Subject: [PATCH 46/78] ECDH: Remove unnecessary #include --- library/ecdh.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index d795ec4da..35e3f4efc 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -47,10 +47,6 @@ #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; -#else -#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) -#include "everest/everest.h" -#endif #endif static mbedtls_ecp_group_id mbedtls_ecdh_grp_id( From cb31073e1c505cbc0a7898dc8420826061be3db4 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 15:50:38 +0000 Subject: [PATCH 47/78] ECP: add Curve448 to ecp_supported_curves --- library/ecp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ecp.c b/library/ecp.c index c7f54a195..8ee517e38 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -366,7 +366,7 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, /* * List of supported curves: * - internal ID - * - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2) + * - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2, RFC 8446 sec. 4.2.7) * - size in bits * - readable name * @@ -412,6 +412,9 @@ static const mbedtls_ecp_curve_info ecp_supported_curves[] = #endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) { MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" }, +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + { MBEDTLS_ECP_DP_CURVE448, 30, 448, "x448" }, #endif { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, }; From f21aba4cb2869d0f229c5a2d9e8461ce23592ea0 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 16:06:19 +0000 Subject: [PATCH 48/78] 3rdparty: Fix Everest platform detection for CMake --- 3rdparty/everest/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index 5b0a078dd..2c5d7d5b7 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -11,7 +11,7 @@ if(${result} EQUAL 0) ${CMAKE_CURRENT_SOURCE_DIR}/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c ) - if (${CMAKE_LIBRARY_ARCHITECTURE} STREQUAL "x86_64-linux-gnu") + if ("${CMAKE_LIBRARY_ARCHITECTURE}" STREQUAL "x86_64-linux-gnu") list(APPEND everest_src ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519.c) else() list(APPEND everest_def -DKRML_VERIFIED_UINT128) From fb779f17000ff50d02c97788f0647b820c4bc422 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 16:20:54 +0000 Subject: [PATCH 49/78] 3rdparty: Pull Everest x25519 key size into macro --- 3rdparty/everest/include/everest/x25519.h | 5 +-- 3rdparty/everest/library/x25519.c | 38 +++++++++++------------ 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h index b8cc214f6..7a973dcf0 100644 --- a/3rdparty/everest/include/everest/x25519.h +++ b/3rdparty/everest/include/everest/x25519.h @@ -27,6 +27,7 @@ extern "C" { #endif #define MBEDTLS_ECP_TLS_CURVE25519 0x1d +#define MBEDTLS_X25519_KEY_SIZE_BYTES 32 /** * Defines the source of the imported EC key. @@ -42,8 +43,8 @@ typedef enum */ typedef struct { - unsigned char our_secret[32]; - unsigned char peer_point[32]; + unsigned char our_secret[MBEDTLS_X25519_KEY_SIZE_BYTES]; + unsigned char peer_point[MBEDTLS_X25519_KEY_SIZE_BYTES]; } mbedtls_x25519_context; /** diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index 830018c46..52496c6e1 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -52,8 +52,8 @@ void mbedtls_x25519_free( mbedtls_x25519_context *ctx ) if( ctx == NULL ) return; - mbedtls_platform_zeroize( ctx->our_secret, 32 ); - mbedtls_platform_zeroize( ctx->peer_point, 32 ); + mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ); + mbedtls_platform_zeroize( ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES ); } int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen, @@ -63,9 +63,9 @@ int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen, { int ret = 0; - uint8_t base[32] = {0}; + uint8_t base[MBEDTLS_X25519_KEY_SIZE_BYTES] = {0}; - if( ( ret = f_rng( p_rng, ctx->our_secret, 32 ) ) != 0 ) + if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 ) return ret; *olen = 36; @@ -75,13 +75,13 @@ int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen, *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE; *buf++ = MBEDTLS_ECP_TLS_CURVE25519 >> 8; *buf++ = MBEDTLS_ECP_TLS_CURVE25519 & 0xFF; - *buf++ = 32; + *buf++ = MBEDTLS_X25519_KEY_SIZE_BYTES; base[0] = 9; Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base ); base[0] = 0; - if( memcmp( buf, base, 32) == 0 ) + if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 ) return MBEDTLS_ERR_ECP_RANDOM_FAILED; return( 0 ); @@ -93,11 +93,11 @@ int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, if( end - *buf < 33 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - if( ( *(*buf)++ != 32 ) ) + if( ( *(*buf)++ != MBEDTLS_X25519_KEY_SIZE_BYTES ) ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - memcpy( ctx->peer_point, *buf, 32 ); - *buf += 32; + memcpy( ctx->peer_point, *buf, MBEDTLS_X25519_KEY_SIZE_BYTES ); + *buf += MBEDTLS_X25519_KEY_SIZE_BYTES; return( 0 ); } @@ -108,11 +108,11 @@ int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_ke switch( side ) { case MBEDTLS_X25519_ECDH_THEIRS: - mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, 32 ); + mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES ); /* untested; defensively throw an error for now. */ return(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); case MBEDTLS_X25519_ECDH_OURS: - mbedtls_mpi_write_binary( &key->d, ctx->our_secret, 32 ); + mbedtls_mpi_write_binary( &key->d, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ); /* CMW: key->Q = key->d * base; do we need to set up ctx.peer_point here? */ /* untested; defensively throw an error for now. */ return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); @@ -130,7 +130,7 @@ int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen, (( void )f_rng); (( void )p_rng); - *olen = 32; + *olen = MBEDTLS_X25519_KEY_SIZE_BYTES; if( blen < *olen ) return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); @@ -138,8 +138,8 @@ int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen, Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, ctx->peer_point); /* Wipe the DH secret and don't let the peer chose a small subgroup point */ - memset( ctx->our_secret, 0, 32 ); - if( memcmp( buf, ctx->our_secret, 32) == 0 ) + memset( ctx->our_secret, 0, MBEDTLS_X25519_KEY_SIZE_BYTES ); + if( memcmp( buf, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 ) return MBEDTLS_ERR_ECP_RANDOM_FAILED; return( 0 ); @@ -150,7 +150,7 @@ int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, int( *f_rng )(void *, unsigned char *, size_t), void *p_rng ) { - unsigned char base[32] = { 0 }; + unsigned char base[MBEDTLS_X25519_KEY_SIZE_BYTES] = { 0 }; /* CMW: Is it okay that f_rng, p_rng are not used? */ (( void )f_rng); @@ -162,13 +162,13 @@ int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, *olen = 33; if( blen < *olen ) return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - *buf++ = 32; + *buf++ = MBEDTLS_X25519_KEY_SIZE_BYTES; base[0] = 9; Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base ); base[0] = 0; - if( memcmp( buf, base, 32 ) == 0 ) + if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES ) == 0 ) return MBEDTLS_ERR_ECP_RANDOM_FAILED; return(0); @@ -179,9 +179,9 @@ int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx, { if( blen < 33 ) return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - if( (*buf++ != 32) ) + if( (*buf++ != MBEDTLS_X25519_KEY_SIZE_BYTES) ) return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - memcpy( ctx->peer_point, buf, 32 ); + memcpy( ctx->peer_point, buf, MBEDTLS_X25519_KEY_SIZE_BYTES ); return(0); } From 088ef49681737fb4968c464a8e7a494a5cceed64 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 16:25:48 +0000 Subject: [PATCH 50/78] 3rdparty: Make proper use of mbedtls_platform_zeroize in Everest x25519 --- 3rdparty/everest/library/x25519.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index 52496c6e1..7660b6433 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -41,7 +41,7 @@ */ void mbedtls_x25519_init( mbedtls_x25519_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_x25519_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x25519_context ) ); } /* @@ -138,7 +138,8 @@ int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen, Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, ctx->peer_point); /* Wipe the DH secret and don't let the peer chose a small subgroup point */ - memset( ctx->our_secret, 0, MBEDTLS_X25519_KEY_SIZE_BYTES ); + mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ); + if( memcmp( buf, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 ) return MBEDTLS_ERR_ECP_RANDOM_FAILED; From 537f41ebbf2cb848cc5c6ef95bb41fc1e12fb354 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 16:50:54 +0000 Subject: [PATCH 51/78] 3rdparty: Updated comments for Everest x25519 --- 3rdparty/everest/library/x25519.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index 7660b6433..e5ec2e832 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -126,7 +126,8 @@ int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen, int( *f_rng )(void *, unsigned char *, size_t), void *p_rng ) { - /* CMW: Is it okay that f_rng, p_rng are not used? */ + /* f_rng and p_rng are not used here because this implementation does not + need blinding since it has constant trace. */ (( void )f_rng); (( void )p_rng); From efdf4d7baa25762e7564738333492ad8876278b9 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 17:21:04 +0000 Subject: [PATCH 52/78] ECDH: Fix Everest x25519 make_public --- 3rdparty/everest/library/x25519.c | 14 +++++++------- programs/test/benchmark.c | 9 +-------- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index e5ec2e832..edaf5da1d 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -152,14 +152,14 @@ int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, int( *f_rng )(void *, unsigned char *, size_t), void *p_rng ) { + int ret = 0; unsigned char base[MBEDTLS_X25519_KEY_SIZE_BYTES] = { 0 }; - /* CMW: Is it okay that f_rng, p_rng are not used? */ - (( void )f_rng); - (( void )p_rng); - if( ctx == NULL ) - return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA); + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 ) + return ret; *olen = 33; if( blen < *olen ) @@ -173,7 +173,7 @@ int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES ) == 0 ) return MBEDTLS_ERR_ECP_RANDOM_FAILED; - return(0); + return( ret ); } int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx, @@ -184,7 +184,7 @@ int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx, if( (*buf++ != MBEDTLS_X25519_KEY_SIZE_BYTES) ) return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA); memcpy( ctx->peer_point, buf, MBEDTLS_X25519_KEY_SIZE_BYTES ); - return(0); + return( 0 ); } diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 7cdff10b1..244174ddf 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1028,16 +1028,9 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) CHECK_AND_CONTINUE( mbedtls_ecp_group_load(&ecdh_srv.grp, curve_info->grp_id)); - CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public(&ecdh_srv.grp, - &ecdh_srv.d, - &ecdh_srv.Q, myrand, NULL)); #else - if( ecdh_srv.var == MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0 ) { + if( ecdh_srv.var == MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0 ) CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh_srv.ctx.mbed_ecdh.grp, curve_info->grp_id )); - CHECK_AND_CONTINUE( mbedtls_ecdh_gen_public( &ecdh_srv.ctx.mbed_ecdh.grp, - &ecdh_srv.ctx.mbed_ecdh.d, - &ecdh_srv.ctx.mbed_ecdh.Q, myrand, NULL )); - } #endif mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); From ac0e64df6819a1b0970dd7f34015c90f67b31afc Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 15 Feb 2019 19:04:26 +0000 Subject: [PATCH 53/78] ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark --- programs/test/benchmark.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 244174ddf..e05470a8a 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1026,13 +1026,6 @@ int main( int argc, char *argv[] ) CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) ); CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_cli, curve_info->grp_id ) ); -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - CHECK_AND_CONTINUE( mbedtls_ecp_group_load(&ecdh_srv.grp, curve_info->grp_id)); -#else - if( ecdh_srv.var == MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0 ) - CHECK_AND_CONTINUE( mbedtls_ecp_group_load( &ecdh_srv.ctx.mbed_ecdh.grp, curve_info->grp_id )); -#endif - mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); TIME_PUBLIC( title, "full handshake", const unsigned char * p_srv = buf_srv; From 2be66d44a5b395b669b7712d46d34b25ee45266a Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 18 Feb 2019 13:04:39 +0000 Subject: [PATCH 54/78] ECDH: Remove duplicate lines of code --- library/ecdh.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 35e3f4efc..f1609bde0 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -283,8 +283,6 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: mbedtls_everest_free( &ctx->ctx.everest_ecdh ); - ctx->var = MBEDTLS_ECDH_VARIANT_NONE; - ctx->grp_id = MBEDTLS_ECP_DP_NONE; break; #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: From 2f563e3482460c237e19e931ed2e5bfb7ac49b81 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 18 Feb 2019 13:06:02 +0000 Subject: [PATCH 55/78] ECDH: Fix memory leaks due to context re-initialization --- library/ecdh.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ecdh.c b/library/ecdh.c index f1609bde0..9c4ddce9c 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -162,6 +162,12 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) { + mbedtls_ecp_group_free( &ctx->grp ); + mbedtls_mpi_free( &ctx->d ); + mbedtls_ecp_point_free( &ctx->Q ); + mbedtls_ecp_point_free( &ctx->Qp ); + mbedtls_mpi_free( &ctx->z ); + mbedtls_ecp_group_init( &ctx->grp ); mbedtls_mpi_init( &ctx->d ); mbedtls_ecp_point_init( &ctx->Q ); @@ -169,6 +175,7 @@ static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) mbedtls_mpi_init( &ctx->z ); #if defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecp_restart_free( &ctx->rs ); mbedtls_ecp_restart_init( &ctx->rs ); #endif } From 8592958205bc446a80fe4c9ee7b7fb25db95fb29 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 18 Feb 2019 13:20:33 +0000 Subject: [PATCH 56/78] ECDH: Use macro-based sizes in Everest x25519 --- 3rdparty/everest/library/x25519.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index edaf5da1d..f5856c2c5 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -68,7 +68,7 @@ int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen, if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 ) return ret; - *olen = 36; + *olen = MBEDTLS_X25519_KEY_SIZE_BYTES + 4; if( blen < *olen ) return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); @@ -90,7 +90,7 @@ int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen, int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, const unsigned char **buf, const unsigned char *end ) { - if( end - *buf < 33 ) + if( end - *buf < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); if( ( *(*buf)++ != MBEDTLS_X25519_KEY_SIZE_BYTES ) ) @@ -161,7 +161,7 @@ int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, if( ( ret = f_rng( p_rng, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) ) != 0 ) return ret; - *olen = 33; + *olen = MBEDTLS_X25519_KEY_SIZE_BYTES + 1; if( blen < *olen ) return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); *buf++ = MBEDTLS_X25519_KEY_SIZE_BYTES; @@ -179,7 +179,7 @@ int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx, const unsigned char *buf, size_t blen ) { - if( blen < 33 ) + if( blen < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 ) return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); if( (*buf++ != MBEDTLS_X25519_KEY_SIZE_BYTES) ) return(MBEDTLS_ERR_ECP_BAD_INPUT_DATA); From 1b73a71ac16b1383d03e17e7452678258b14b43b Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 18 Feb 2019 13:22:19 +0000 Subject: [PATCH 57/78] 3rdparty: Fix .gitignore --- 3rdparty/.gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/.gitignore b/3rdparty/.gitignore index f3c7a7c5d..5fc607b9e 100644 --- a/3rdparty/.gitignore +++ b/3rdparty/.gitignore @@ -1 +1 @@ -Makefile +/Makefile From e7e74ba33b0e8be4d141f0441a26203b7c2d203c Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 18 Feb 2019 14:13:44 +0000 Subject: [PATCH 58/78] 3rdparty: Improve Everest README.md --- 3rdparty/everest/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/3rdparty/everest/README.md b/3rdparty/everest/README.md index 69134f6ac..aa7d04d46 100644 --- a/3rdparty/everest/README.md +++ b/3rdparty/everest/README.md @@ -1 +1,5 @@ The files in this directory stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. + +This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS. + +The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc, clang, or arm-cc, and Visual C (2010 and later). From 30bc9cebda27d0682a1e5ca828a27e9ba4d4c27b Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 18 Feb 2019 15:45:23 +0000 Subject: [PATCH 59/78] ECDH: Fix context initialization --- library/ecdh.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 9c4ddce9c..4f50e6ef1 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -186,6 +186,7 @@ static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) { ECDH_VALIDATE( ctx != NULL ); + memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) ecdh_init_internal( ctx ); @@ -193,8 +194,6 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) mbedtls_ecp_point_init( &ctx->Vf ); mbedtls_mpi_init( &ctx->_d ); #else - memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); - ctx->var = MBEDTLS_ECDH_VARIANT_NONE; #endif ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; From d8c45d5550f072991fd2c5c5bf6f92e137353d71 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Wed, 20 Feb 2019 17:16:53 +0000 Subject: [PATCH 60/78] Revert "ECDH: Fix context initialization" This reverts commit 4a43d14146220e8550d6ad87cb798f74ce9ee209. --- library/ecdh.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ecdh.c b/library/ecdh.c index 4f50e6ef1..9c4ddce9c 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -186,7 +186,6 @@ static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) { ECDH_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) ecdh_init_internal( ctx ); @@ -194,6 +193,8 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) mbedtls_ecp_point_init( &ctx->Vf ); mbedtls_mpi_init( &ctx->_d ); #else + memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); + ctx->var = MBEDTLS_ECDH_VARIANT_NONE; #endif ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; From bfc8eb2b78f2b7eaedebea5b9070cf10ef6f73de Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Wed, 20 Feb 2019 17:17:22 +0000 Subject: [PATCH 61/78] Revert "ECDH: Fix memory leaks due to context re-initialization" This reverts commit 2340f03c597b923c0f427c76b4c3d2cd11638410. --- library/ecdh.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index 9c4ddce9c..f1609bde0 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -162,12 +162,6 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) { - mbedtls_ecp_group_free( &ctx->grp ); - mbedtls_mpi_free( &ctx->d ); - mbedtls_ecp_point_free( &ctx->Q ); - mbedtls_ecp_point_free( &ctx->Qp ); - mbedtls_mpi_free( &ctx->z ); - mbedtls_ecp_group_init( &ctx->grp ); mbedtls_mpi_init( &ctx->d ); mbedtls_ecp_point_init( &ctx->Q ); @@ -175,7 +169,6 @@ static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) mbedtls_mpi_init( &ctx->z ); #if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_free( &ctx->rs ); mbedtls_ecp_restart_init( &ctx->rs ); #endif } From 3b58700d3895971c9500fc34b7b9d494a011a337 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Wed, 20 Feb 2019 17:26:42 +0000 Subject: [PATCH 62/78] ECDH: Fix use of ECDH API in full handshake benchmark --- programs/test/benchmark.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e05470a8a..ada42df99 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1022,13 +1022,13 @@ int main( int argc, char *argv[] ) continue; mbedtls_ecdh_init( &ecdh_srv ); - mbedtls_ecdh_init( &ecdh_cli ); - CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) ); - CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_cli, curve_info->grp_id ) ); + mbedtls_ecdh_init( &ecdh_cli ); mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); TIME_PUBLIC( title, "full handshake", const unsigned char * p_srv = buf_srv; + + CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) ); CHECK_AND_CONTINUE( mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) ); CHECK_AND_CONTINUE( mbedtls_ecdh_read_params( &ecdh_cli, &p_srv, p_srv + olen ) ); @@ -1038,10 +1038,11 @@ int main( int argc, char *argv[] ) CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) ); CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) ); + mbedtls_ecdh_free( &ecdh_cli ); + + mbedtls_ecdh_free( &ecdh_srv ); ); - mbedtls_ecdh_free( &ecdh_srv ); - mbedtls_ecdh_free( &ecdh_cli ); } } #endif From cf5603f712fba54fb06ec6b73dcaa649f2d1e50d Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Wed, 20 Feb 2019 18:06:00 +0000 Subject: [PATCH 63/78] ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED --- programs/test/benchmark.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index ada42df99..fc84f5756 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -25,9 +25,8 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else +#if !defined(MBEDTLS_PLATFORM_C) #include #include #define mbedtls_exit exit From 7ec367ffc169dc42b76f3f222c4f9f3842f5e1ed Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Wed, 20 Feb 2019 18:12:09 +0000 Subject: [PATCH 64/78] 3rdparty: don't claim armcc support in Everest Readme.md --- 3rdparty/everest/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/everest/README.md b/3rdparty/everest/README.md index aa7d04d46..0e2546662 100644 --- a/3rdparty/everest/README.md +++ b/3rdparty/everest/README.md @@ -2,4 +2,4 @@ The files in this directory stem from [Project Everest](https://project-everest. This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS. -The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc, clang, or arm-cc, and Visual C (2010 and later). +The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later). From 2c69d10bac678d0d86615de3d01b3d5bbb4b8c45 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 22 Feb 2019 15:05:02 +0000 Subject: [PATCH 65/78] 3rdparty: Adjust use of Everest in ecp_supported_curves --- library/ecp.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 8ee517e38..c281d8419 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -410,11 +410,8 @@ static const mbedtls_ecp_curve_info ecp_supported_curves[] = #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) { MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" }, #endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) { MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - { MBEDTLS_ECP_DP_CURVE448, 30, 448, "x448" }, #endif { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, }; From 6e0cac1f577db5042655c11e3562dcc53fb9df55 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 22 Feb 2019 17:02:12 +0000 Subject: [PATCH 66/78] 3rdparty: Fix Everest build to not depend on build-time macros --- 3rdparty/everest/CMakeLists.txt | 25 ++++------- 3rdparty/everest/Makefile.inc | 15 +------ .../everest/library/Hacl_Curve25519_joined.c | 44 +++++++++++++++++++ 3rdparty/everest/library/x25519.c | 8 +++- 4 files changed, 59 insertions(+), 33 deletions(-) create mode 100644 3rdparty/everest/library/Hacl_Curve25519_joined.c diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index 2c5d7d5b7..ede0e8313 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -2,26 +2,17 @@ list (APPEND everest_src) list (APPEND everest_inc) list (APPEND everest_def) +set(everest_src + ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519_joined.c +) + +list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/../../include ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) + execute_process(COMMAND ${PERL_EXECUTABLE} scripts/config.pl -f include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) if(${result} EQUAL 0) - set(everest_src - ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c - ) - - if ("${CMAKE_LIBRARY_ARCHITECTURE}" STREQUAL "x86_64-linux-gnu") - list(APPEND everest_src ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519.c) - else() - list(APPEND everest_def -DKRML_VERIFIED_UINT128) - list(APPEND everest_src - ${CMAKE_CURRENT_SOURCE_DIR}/library/legacy/Hacl_Curve25519.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/kremlib/FStar_UInt128_extracted.c - ) - endif() - - list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/../../include ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) if(INSTALL_MBEDTLS_HEADERS) diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc index 5387e180f..77a6b4965 100644 --- a/3rdparty/everest/Makefile.inc +++ b/3rdparty/everest/Makefile.inc @@ -1,19 +1,6 @@ -EVEREST_ENABLED=$(shell perl ../scripts/config.pl -f ../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED; echo $$?) - -ifeq ($(EVEREST_ENABLED),0) THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib THIRDPARTY_CRYPTO_OBJECTS+= \ ../3rdparty/everest/library/everest.o \ ../3rdparty/everest/library/x25519.o \ - ../3rdparty/everest/library/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.o - -ifeq ($(shell getconf LONG_BIT),64) -THIRDPARTY_CRYPTO_OBJECTS+=../3rdparty/everest/library/Hacl_Curve25519.o -else -LOCAL_CFLAGS+="-DKRML_VERIFIED_UINT128" -THIRDPARTY_CRYPTO_OBJECTS+=../3rdparty/everest/library/legacy/Hacl_Curve25519.o \ - ../3rdparty/everest/library/kremlib/FStar_UInt128_extracted.o -endif -endif - + ../3rdparty/everest/library/Hacl_Curve25519_joined.o diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c new file mode 100644 index 000000000..8a764bbf2 --- /dev/null +++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c @@ -0,0 +1,44 @@ +/* + * Interface to code from Project Everest + * + * Copyright 2016-2018 INRIA and Microsoft Corporation + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + +#if defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16) +#define MBEDTLS_HAVE_INT128 +#endif + +#if defined(MBEDTLS_HAVE_INT128) +#include "Hacl_Curve25519.c" +#else +#define KRML_VERIFIED_UINT128 +#include "kremlib/FStar_UInt128_extracted.c" +#include "legacy/Hacl_Curve25519.c" +#endif + +#include "kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c" + +#endif /* defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) */ \ No newline at end of file diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index f5856c2c5..c3bc8626c 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -25,10 +25,14 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) #include +#if !(defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) +#define KRML_VERIFIED_UINT128 +#endif + #include #include @@ -188,4 +192,4 @@ int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx, } -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ From 26b98e12c55c24bb93d5985447cd74e9b5abe815 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Tue, 26 Feb 2019 12:26:04 +0000 Subject: [PATCH 67/78] 3rdparty: Fix newlines and trailing whitespace --- 3rdparty/everest/CMakeLists.txt | 2 +- 3rdparty/everest/library/Hacl_Curve25519_joined.c | 3 ++- programs/test/benchmark.c | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index ede0e8313..c7749d8cb 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -4,7 +4,7 @@ list (APPEND everest_def) set(everest_src ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c + ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519_joined.c ) diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c index 8a764bbf2..18b32d200 100644 --- a/3rdparty/everest/library/Hacl_Curve25519_joined.c +++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c @@ -41,4 +41,5 @@ #include "kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.c" -#endif /* defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) */ \ No newline at end of file +#endif /* defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) */ + diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index fc84f5756..74fcaa673 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -1021,12 +1021,12 @@ int main( int argc, char *argv[] ) continue; mbedtls_ecdh_init( &ecdh_srv ); - mbedtls_ecdh_init( &ecdh_cli ); + mbedtls_ecdh_init( &ecdh_cli ); mbedtls_snprintf( title, sizeof( title ), "ECDHE-%s", curve_info->name ); TIME_PUBLIC( title, "full handshake", const unsigned char * p_srv = buf_srv; - + CHECK_AND_CONTINUE( mbedtls_ecdh_setup( &ecdh_srv, curve_info->grp_id ) ); CHECK_AND_CONTINUE( mbedtls_ecdh_make_params( &ecdh_srv, &olen, buf_srv, sizeof( buf_srv ), myrand, NULL ) ); @@ -1038,7 +1038,7 @@ int main( int argc, char *argv[] ) CHECK_AND_CONTINUE( mbedtls_ecdh_calc_secret( &ecdh_cli, &olen, buf_cli, sizeof( buf_cli ), myrand, NULL ) ); mbedtls_ecdh_free( &ecdh_cli ); - + mbedtls_ecdh_free( &ecdh_srv ); ); From ec70771a71bbe79a4b91cf2007927c9eb39e78bb Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 5 Apr 2019 14:17:51 +0100 Subject: [PATCH 68/78] 3rdparty: fix paths in Everest build scripts --- 3rdparty/everest/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index c7749d8cb..babd18314 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -10,7 +10,7 @@ set(everest_src list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/../../include ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) -execute_process(COMMAND ${PERL_EXECUTABLE} scripts/config.pl -f include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) +execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) if(${result} EQUAL 0) From d64e1e1e1ce632b2f013ee610e907f03ad803c0f Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 8 Apr 2019 14:08:02 +0100 Subject: [PATCH 69/78] 3rdparty: Fix Everest header installation --- 3rdparty/everest/CMakeLists.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index babd18314..3eff1c7df 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -16,11 +16,11 @@ if(${result} EQUAL 0) if(INSTALL_MBEDTLS_HEADERS) - file(GLOB_RECURSE headers "${CMAKE_CURRENT_SOURCE_DIR}/include/everest/*.h") - - install(FILES ${headers} - DESTINATION include/everest - PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) + install(DIRECTORY include/everest + DESTINATION include + FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ + DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE + FILES_MATCHING PATTERN "*.h") endif(INSTALL_MBEDTLS_HEADERS) From 7b747fcdc9832e8e733078fc106a831d2a738238 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 8 Apr 2019 17:00:34 +0100 Subject: [PATCH 70/78] 3rdparty: fix inclusion order of CMakeLists.txt This is so that third-party modules pick up the INSTALL_MBEDTLS_HEADERS variable. --- CMakeLists.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5a0921926..16d71979a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -179,13 +179,14 @@ endif() include_directories(include/) include_directories(library/) +add_subdirectory(include) + add_subdirectory(3rdparty) include_directories(${thirdparty_inc}) list(APPEND libs ${thirdparty_lib}) add_definitions(${thirdparty_def}) add_subdirectory(library) -add_subdirectory(include) if(ENABLE_PROGRAMS) add_subdirectory(programs) From f8d4c883a78637798e71772003c6043c719eca4b Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Fri, 12 Apr 2019 18:01:08 +0100 Subject: [PATCH 71/78] Update generated files --- programs/test/query_config.c | 8 ++++++++ visualc/VS2010/mbedTLS.vcxproj | 1 + 2 files changed, 9 insertions(+) diff --git a/programs/test/query_config.c b/programs/test/query_config.c index f57ca3107..4f2800917 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1972,6 +1972,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */ +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) + if( strcmp( "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED ); + return( 0 ); + } +#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ + /* If the symbol is not found, return an error */ return( 1 ); } diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index d3bfaade8..0456bc225 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -301,6 +301,7 @@ + From 6212617097634aeda4b3b1b529f0cd2ed73e7e1d Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 15 Apr 2019 11:09:00 +0100 Subject: [PATCH 72/78] Fix macros in benchmark.c #2124 may suffer from the same problem. --- programs/test/benchmark.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 74fcaa673..b005c203a 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -31,11 +31,7 @@ #include #define mbedtls_exit exit #define mbedtls_printf printf -#define mbedtls_snprintf snprintf #define mbedtls_free free -#define mbedtls_exit exit -#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if !defined(MBEDTLS_TIMING_C) From 19d5c80c338b6e71ec0d4ff7b27c578bf2b97c75 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 15 Apr 2019 11:09:33 +0100 Subject: [PATCH 73/78] 3rdparty: Added config checks for Everest --- include/mbedtls/check_config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 13210746d..4965e1743 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -125,6 +125,11 @@ #error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT" #endif +#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) && \ + defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +#error "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED defined, but MBEDTLS_ECDH_LEGACY_CONTEXT not disabled" +#endif + #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) #error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites" #endif From 0969eeecbc85f2df7561b1598efa1f611d26479f Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Mon, 15 Apr 2019 12:00:16 +0100 Subject: [PATCH 74/78] 3rdparty: Fix Everest's mbedtls_x25519_get_params --- 3rdparty/everest/library/x25519.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index c3bc8626c..990bb4d6d 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -112,14 +112,9 @@ int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_ke switch( side ) { case MBEDTLS_X25519_ECDH_THEIRS: - mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES ); - /* untested; defensively throw an error for now. */ - return(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); + return mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES ); case MBEDTLS_X25519_ECDH_OURS: - mbedtls_mpi_write_binary( &key->d, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ); - /* CMW: key->Q = key->d * base; do we need to set up ctx.peer_point here? */ - /* untested; defensively throw an error for now. */ - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return mbedtls_mpi_write_binary_le( &key->d, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ); default: return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } From 09a24b3ddae1288495c06d7dc9f1405a88a2cf26 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Apr 2019 20:29:48 +0200 Subject: [PATCH 75/78] Add Everest components to all.sh Test a native build and a 32-bit build. For variety, the native build is with CMake and clang, and the 32-bit build is with GNU make and gcc. --- tests/scripts/all.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 513cf9b0d..244fdc327 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -618,6 +618,17 @@ component_test_new_ecdh_context () { make test } +component_test_everest () { + msg "build: Everest ECDH context (ASan build)" # ~ 6 min + scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT + scripts/config.pl set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s + make test +} + component_test_full_cmake_clang () { msg "build: cmake, full config, clang" # ~ 50s scripts/config.pl full @@ -904,6 +915,19 @@ support_test_m32_o1 () { support_test_m32_o0 "$@" } +component_test_m32_everest () { + msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min + scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT + scripts/config.pl set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -m32 -fsanitize=address' + + msg "test: i386, Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s + make test +} +support_test_m32_everest () { + support_test_m32_o0 "$@" +} + component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s scripts/config.pl full From c25df6848b5b26279a098a24a025bd2b24c90c02 Mon Sep 17 00:00:00 2001 From: "Christoph M. Wintersteiger" Date: Tue, 16 Apr 2019 12:54:56 +0100 Subject: [PATCH 76/78] Fix code style --- library/ecdh.c | 2 +- library/ecdsa.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ecdh.c b/library/ecdh.c index f1609bde0..914eb5055 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -63,7 +63,7 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ) { /* At this time, all groups support ECDH. */ (void) gid; - return 1; + return( 1 ); } #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) diff --git a/library/ecdsa.c b/library/ecdsa.c index 162e62f02..5c3038048 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -263,7 +263,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, mbedtls_mpi *pk = &k, *pr = r; /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ - if( !mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) + if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); /* Make sure d is in range 1..n-1 */ @@ -516,7 +516,7 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ - if( !mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) + if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); ECDSA_RS_ENTER( ver ); From 20082cb488d24b5f7817e440e800b52ad14d550d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 20 Aug 2019 15:18:19 +0100 Subject: [PATCH 77/78] Correct 3rdparty include path for Mbed TLS --- 3rdparty/Makefile.inc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc index 51080b7df..c93fcbcc6 100644 --- a/3rdparty/Makefile.inc +++ b/3rdparty/Makefile.inc @@ -1,2 +1,5 @@ +ifeq ($(INCLUDING_FROM_MBEDTLS), 1) +include ../crypto/3rdparty/everest/Makefile.inc +else include ../3rdparty/everest/Makefile.inc - +endif From 71dcefbb8a04865dfc3e4c1b16301d3a353b936e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 21 Aug 2019 13:01:18 +0100 Subject: [PATCH 78/78] Remove Mbed Crypto headers from everest_inc At this point Mbed TLS and Mbed Crypto headers with the same name, including the Mbed Crypto headers in `everest_inc` breaks Mbed TLS builds. --- 3rdparty/everest/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index 3eff1c7df..18c8731bd 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -8,7 +8,7 @@ set(everest_src ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519_joined.c ) -list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/../../include ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) +list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)