Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

honor Espressif fp_int used length in s_fp_add operands #6382

Closed
wants to merge 1 commit into from

Conversation

gojimmypi
Copy link
Contributor

@gojimmypi gojimmypi commented May 5, 2023

Description

This PR partly addresses #6380. The TFM s_fp_add() is modified to only add fp_int words up to used length in each respective operand, rather than add all words to the maximum used length between the two operands.

TBD if the fp_cmp code will be revised.

Note this was problematic only with the introduction of Espressif hardware acceleration into a known, good TFM software library.

Fixes zd# n/a

Testing

I confirmed I was able to successfully sign a certificate request using OpenSSL. See #6205

  • edit: this issue does not fully resolve #6205 as noted in #6380 as related to fp_cmp and fp_int values of 1 with mismatched used values in the comparison. See HW fix.

Also tested with testwolfcrypt:

./configure CC=gcc --enable-all --enable-fastmath CFLAGS=-DHAVE_STACK_SIZE && make clean && make && ./wolfcrypt/test/testwolfcrypt

testwolfcrypt output:

Math:   Multi-Precision: Fast max-bits=16384 tfm.c
------------------------------------------------------------------------------
 wolfSSL version 5.6.0
------------------------------------------------------------------------------
error    test passed!
MEMORY   test passed!
base64   test passed!
base16   test passed!
asn      test passed!
RANDOM   test passed!
MD5      test passed!
MD2      test passed!
MD4      test passed!
SHA      test passed!
SHA-224  test passed!
SHA-256  test passed!
SHA-384  test passed!
SHA-512  test passed!
SHA-512/224  test passed!
SHA-512/256  test passed!
SHA-3    test passed!
SHAKE128 test passed!
SHAKE256 test passed!
Hash     test passed!
RIPEMD   test passed!
BLAKE2b  test passed!
BLAKE2s  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA224 test passed!
HMAC-SHA256 test passed!
HMAC-SHA384 test passed!
HMAC-SHA512 test passed!
HMAC-SHA3   test passed!
HMAC-KDF    test passed!
SSH-KDF     test passed!
TLSv1.3 KDF test passed!
X963-KDF    test passed!
HPKE     test passed!
GMAC     test passed!
ARC4     test passed!
Chacha   test passed!
XChacha  test passed!
POLY1305 test passed!
ChaCha20-Poly1305 AEAD test passed!
XChaCha20-Poly1305 AEAD test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
AES192   test passed!
AES256   test passed!
AESOFB   test passed!
AES-GCM  test passed!
AES-CCM  test passed!
AES Key Wrap test passed!
AES-SIV  test passed!
CAMELLIA test passed!
RSA NOPAD test passed!
RSA      test passed!
DH       test passed!
DSA      test passed!
SRP      test passed!
PWDBASED test passed!
openSSL extra test
OPENSSL  test passed!
OPENSSL (EVP MD) passed!
OPENSSL (PKEY0) passed!
OPENSSL (PKEY1) passed!
OPENSSL (EVP Sign/Verify) passed!
ECC      test passed!
ECC Enc  test passed!
CURVE25519 test passed!
ED25519  test passed!
CURVE448 test passed!
ED448    test passed!
ECCSI    test passed!
SAKKE    test passed!
CMAC     test passed!
SipHash  test passed!
PKCS7encrypted  test passed!
PKCS7signed     test passed!
PKCS7enveloped  test passed!
PKCS7authenveloped  test passed!
mp       test passed!
prime    test passed!
ber-der  test passed!
logging  test passed!
time test passed!
mutex    test passed!
memcb    test passed!
crypto callback test passed!
Test complete
stack used = 213992
Exiting main with return code: 0

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@gojimmypi
Copy link
Contributor Author

I've been unable to determine the cause of the Jenkins failure:

RESULT of test harness was: 0
fips harness failed
Build step 'Execute shell' marked build as failure
$ ssh-agent -k
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 935 killed;
[ssh-agent] Stopped.
Unable to get pull request builder trigger!!

The only thing unusual seems to be these 'N/A` results:

image

@dgarske
Copy link
Contributor

dgarske commented May 5, 2023

The Jenkins failure is a FIPS issue. Is it possible you broke something else?

[0m[5/15] ./vectors-v2/CCM/req/VADT192.req
	OUT = ./vectors-v2/CCM/rsp/VADT192.rsp
	Expected: Diffing ./vectors-v2/CCM/rsp/VADT192.rsp
 with ./vectors-ERROR: -251 <-------------------------- ERROR CODE at time of error
v2/CCM/expected/VADT192.rsp

....

Many lines later

...

[1/6] ./vectors-v2/RSA2/req/SigGen15_186-3.req <-------- Test that produced error code once the stdout caught up to stderr
RESULT of test harness was: 0

@gojimmypi
Copy link
Contributor Author

Is it possible you broke something else?

I would think that's unlikely, but possible. I'll take another look.

I've created #6385 as any problems with math should really be captured in wolfcrypt/test

@gojimmypi
Copy link
Contributor Author

As noted in #6380 (comment) , since this issue is so specific to Espressif HW acceleration values, I'm pulling this back as draft and will reconsider making changes to the hardware acceleration code instead.

@gojimmypi gojimmypi marked this pull request as draft May 5, 2023 20:57
@gojimmypi gojimmypi changed the title honor fp_int used length in s_fp_add operands honor Espressif fp_int used length in s_fp_add operands May 5, 2023
@gojimmypi gojimmypi mentioned this pull request Jul 16, 2023
4 tasks
@gojimmypi
Copy link
Contributor Author

Closing this lingering PR draft as the issues were resolved in other PR's related to HW/SW SHA interleaving.

@gojimmypi gojimmypi closed this Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug]: Invalid CSR generated by ESP32s3
2 participants