Update wolfHSM pointer, fix minor issues

Author: padelsbach

arch.mk

@@ -49,6 +49,8 @@ ifeq ($(ARCH),x86_64)
       endif
     else
       MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_x86_64.o
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_x86_64_asm.o
+      WOLFCRYPT_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/cpuid.o
     endif
   endif
   ifeq ($(TARGET),x86_64_efi)
@@ -1474,8 +1476,17 @@ ifeq ($(ARCH),sim)
     LDFLAGS+=-m32
   endif
   ifeq ($(SPMATH),1)
-    MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
-    CFLAGS+=-DWOLFSSL_SP_DIV_WORD_HALF
+    ifeq ($(FORCE_32BIT),1)
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
+      CFLAGS+=-DWOLFSSL_SP_DIV_WORD_HALF
+    else ifeq ($(shell uname -m),aarch64)
+      CFLAGS += -DARCH_AARCH64 -DFAST_MEMCPY
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_arm64.o
+    else
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
+      CFLAGS+=-DWOLFSSL_SP_DIV_WORD_HALF
+    endif
   endif
   ifeq ($(WOLFHSM_CLIENT),1)
     WOLFHSM_OBJS += $(WOLFBOOT_LIB_WOLFHSM)/port/posix/posix_transport_tcp.o

config/examples/sim-wolfHSM-client-certchain-ecc.config

@@ -19,14 +19,14 @@ WOLFHSM_CLIENT=1
 
 # sizes should be multiple of system page size
 #WOLFBOOT_PARTITION_SIZE=0x40000
-WOLFBOOT_PARTITION_SIZE=0x100000
+WOLFBOOT_PARTITION_SIZE=0x200000
 WOLFBOOT_SECTOR_SIZE=0x1000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
 #WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
 #WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
-WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x180000
-WOLFBOOT_PARTITION_SWAP_ADDRESS=0x280000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x280000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x480000
 
 # required for keytools
 WOLFBOOT_FIXED_PARTITIONS=1

config/examples/sim-wolfHSM-client-certchain-rsa4096.config

@@ -19,14 +19,14 @@ WOLFHSM_CLIENT=1
 
 # sizes should be multiple of system page size
 #WOLFBOOT_PARTITION_SIZE=0x40000
-WOLFBOOT_PARTITION_SIZE=0x100000
+WOLFBOOT_PARTITION_SIZE=0x200000
 WOLFBOOT_SECTOR_SIZE=0x1000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
 #WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
 #WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
-WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x180000
-WOLFBOOT_PARTITION_SWAP_ADDRESS=0x280000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x280000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x480000
 
 # required for keytools
 WOLFBOOT_FIXED_PARTITIONS=1

config/examples/sim-wolfHSM-client-ecc.config

@@ -8,12 +8,12 @@ DEBUG=0
 SPMATH=1
 
 # sizes should be multiple of system page size
-WOLFBOOT_PARTITION_SIZE=0x100000
+WOLFBOOT_PARTITION_SIZE=0x200000
 WOLFBOOT_SECTOR_SIZE=0x1000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
-WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x180000
-WOLFBOOT_PARTITION_SWAP_ADDRESS=0x280000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x280000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x480000
 
 # required for keytools
 WOLFBOOT_FIXED_PARTITIONS=1

config/examples/sim-wolfHSM-client-mldsa.config

@@ -29,12 +29,12 @@ IMAGE_HEADER_SIZE=8192
 #
 
 # sizes should be multiple of system page size
-WOLFBOOT_PARTITION_SIZE=0x100000
+WOLFBOOT_PARTITION_SIZE=0x200000
 WOLFBOOT_SECTOR_SIZE=0x2000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
-WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x180000
-WOLFBOOT_PARTITION_SWAP_ADDRESS=0x280000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x280000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x480000
 
 # required for keytools
 WOLFBOOT_FIXED_PARTITIONS=1

hal/sim.c

@@ -183,9 +183,7 @@ whCommServerConfig cs_conf[1] = {{
 }};
 
 /* Crypto context */
-whServerCryptoContext crypto[1] = {{
-    .devId = INVALID_DEVID,
-}};
+whServerCryptoContext crypto[1] = {0};
 
 #if defined(WOLFHSM_CFG_SHE_EXTENSION)
 whServerSheContext    she[1]    = {{0}};

include/target.h.in

@@ -37,11 +37,13 @@
 #ifdef WOLFBOOT_FIXED_PARTITIONS
 
 #if defined(ARCH_SIM) && !defined(WOLFBOOT_PARTITION_FILENAME)
+#ifndef __ASSEMBLER__
     #include <stdint.h>
     /* use runtime ram base for simulator */
     extern uint8_t *sim_ram_base;
     #undef  ARCH_FLASH_OFFSET
     #define ARCH_FLASH_OFFSET ((size_t)sim_ram_base)
+#endif /* !__ASSEMBLER__ */
     #define WOLFBOOT_PART_USE_ARCH_OFFSET
 #endif
 

include/user_settings.h

@@ -46,7 +46,7 @@
 /* Stdlib Types */
 #define CTYPE_USER /* don't let wolfCrypt types.h include ctype.h */
 
-#ifndef WOLFSSL_ARMASM
+#if !defined(WOLFSSL_ARMASM) && !defined(__ASSEMBLER__)
 #ifndef toupper
 extern int toupper(int c);
 #endif
@@ -77,8 +77,10 @@ extern int tolower(int c);
 #if defined(WOLFBOOT_SIGN_ED25519) || defined(WOLFBOOT_SIGN_SECONDARY_ED25519)
 #   define HAVE_ED25519
 #   define ED25519_SMALL
-#   define NO_ED25519_SIGN
-#   define NO_ED25519_EXPORT
+#   if !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
+#       define NO_ED25519_SIGN
+#       define NO_ED25519_EXPORT
+#   endif
 #   define USE_SLOW_SHA512
 #   define WOLFSSL_SHA512
 #endif
@@ -88,8 +90,10 @@ extern int tolower(int c);
 #   define HAVE_ED448
 #   define HAVE_ED448_VERIFY
 #   define ED448_SMALL
-#   define NO_ED448_SIGN
-#   define NO_ED448_EXPORT
+#   if !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
+#       define NO_ED448_SIGN
+#       define NO_ED448_EXPORT
+#   endif
 #   define WOLFSSL_SHA3
 #   define WOLFSSL_SHAKE256
 #   define WOLFSSL_SHA512
@@ -146,7 +150,6 @@ extern int tolower(int c);
 #endif
 #       define WOLFSSL_SP_MATH
 #       define WOLFSSL_SP_SMALL
-#       define SP_WORD_SIZE 32
 #       define WOLFSSL_HAVE_SP_ECC
 #       define WOLFSSL_KEY_GEN
 #       define HAVE_ECC_KEY_EXPORT
@@ -343,12 +346,20 @@ extern int tolower(int c);
 #       define HAVE___UINT128_T
 #       define SP_WORD_SIZE 64
 #   elif defined(ARCH_x86_64) && !defined(FORCE_32BIT)
+#       define HAVE___UINT128_T
 #       define SP_WORD_SIZE 64
-#       ifndef NO_ASM
+#       if !defined(NO_ASM)
 #           define WOLFSSL_SP_X86_64_ASM
 #       endif
 #   else
 #       define SP_WORD_SIZE 32
+#   endif
+
+    /* x86_64 ASM 4096-bit routines use 2048-bit helpers internally,
+     * so ensure 2048-bit asm is not excluded when 4096-bit is needed */
+#   if defined(WOLFSSL_SP_X86_64_ASM) && defined(WOLFSSL_SP_4096) && \
+       defined(WOLFSSL_SP_NO_2048)
+#       undef WOLFSSL_SP_NO_2048
 #   endif
 
     /* SP Math needs to understand long long */

lib/wolfHSM

@@ -75,6 +75,12 @@ struct xmalloc_slot {
             #define MP_POINT_SIZE (196)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 8)
             #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * 2 * 8 * 6)
+        #elif SP_WORD_SIZE == 64
+            #define MP_POINT_SIZE (200)
+            #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 4)
+            #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * (2 * 4 * 6))
+            #define MP_DIGITS_BUFFER_SIZE_2 (MP_DIGIT_SIZE * (2 * 4 * 6))
+            #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 8)
         #else
             #define MP_POINT_SIZE (220)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 9)
@@ -91,6 +97,12 @@ struct xmalloc_slot {
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 12)
             #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * 2 * 12 * 6)
             #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 12)
+        #elif SP_WORD_SIZE == 64
+            #define MP_POINT_SIZE (344)
+            #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 7)
+            #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * (2 * 7 * 6))
+            #define MP_DIGITS_BUFFER_SIZE_2 (MP_DIGIT_SIZE * (2 * 7 * 6))
+            #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 12)
         #else
             #define MP_POINT_SIZE (364)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 15)
@@ -107,6 +119,12 @@ struct xmalloc_slot {
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 17)
             #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * 2 * 17 * 6)
             #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 12)
+        #elif SP_WORD_SIZE == 64
+            #define MP_POINT_SIZE (440)
+            #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 9)
+            #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * (2 * 9 * 6))
+            #define MP_DIGITS_BUFFER_SIZE_2 (MP_DIGIT_SIZE * (2 * 9 * 6))
+            #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 12)
         #else
             #define MP_POINT_SIZE (508)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 21)
@@ -129,7 +147,13 @@ struct xmalloc_slot {
     #endif
     static uint8_t mp_points_0[MP_POINT_SIZE * 2];
     static uint8_t mp_points_1[MP_POINT_SIZE * 3];
+    /* x86_64 SP always uses win_add_sub with 33+2 precomputed points,
+     * even when WOLFSSL_SP_SMALL is defined */
+    #if SP_WORD_SIZE == 64
+    static uint8_t mp_points_2[MP_POINT_SIZE * (33 + 2)];
+    #else
     static uint8_t mp_points_2[MP_POINT_SIZE * (16 + 1)];
+    #endif
     static uint8_t mp_digits_buffer_0[MP_DIGITS_BUFFER_SIZE_0];
     static uint8_t mp_digits_buffer_1[MP_DIGITS_BUFFER_SIZE_1];
     #if !defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && (defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SIGN_ECC521))
@@ -234,7 +258,11 @@ static struct xmalloc_slot xmalloc_pool[] = {
     { (uint8_t *)mp_digits_buffer_2, MP_DIGITS_BUFFER_SIZE_2, 0 },
     { (uint8_t *)mp_montgomery, MP_MONTGOMERY_SIZE, 0 },
     #endif
+    #if SP_WORD_SIZE == 64
+    { (uint8_t *)mp_points_2, MP_POINT_SIZE * (33 + 2), 0 },
+    #else
     { (uint8_t *)mp_points_2, MP_POINT_SIZE * (16 + 1), 0 },
+    #endif
     { (uint8_t *)mp_digits_buffer_0, MP_DIGITS_BUFFER_SIZE_0, 0},
     { (uint8_t *)mp_digits_buffer_1, MP_DIGITS_BUFFER_SIZE_1, 0},
     #ifndef WC_NO_CACHE_RESISTANT