Update wolfHSM pointer, fix minor issues

arch.mk

@@ -49,6 +49,8 @@ ifeq ($(ARCH),x86_64)
       endif
     else
       MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_x86_64.o
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_x86_64_asm.o
+      WOLFCRYPT_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/cpuid.o
     endif
   endif
   ifeq ($(TARGET),x86_64_efi)
@@ -1474,8 +1476,17 @@ ifeq ($(ARCH),sim)
     LDFLAGS+=-m32
   endif
   ifeq ($(SPMATH),1)
-    MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
-    CFLAGS+=-DWOLFSSL_SP_DIV_WORD_HALF
+    ifeq ($(FORCE_32BIT),1)
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
+      CFLAGS+=-DWOLFSSL_SP_DIV_WORD_HALF
+    else ifeq ($(shell uname -m),aarch64)
+      CFLAGS += -DARCH_AARCH64 -DFAST_MEMCPY
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_arm64.o
+    else
+      MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
+      CFLAGS+=-DWOLFSSL_SP_DIV_WORD_HALF
+    endif
   endif
   ifeq ($(WOLFHSM_CLIENT),1)
     WOLFHSM_OBJS += $(WOLFBOOT_LIB_WOLFHSM)/port/posix/posix_transport_tcp.o

config/examples/sim-wolfHSM-client-certchain-ecc.config

@@ -19,14 +19,14 @@ WOLFHSM_CLIENT=1
 
 # sizes should be multiple of system page size
 #WOLFBOOT_PARTITION_SIZE=0x40000
-WOLFBOOT_PARTITION_SIZE=0x100000
+WOLFBOOT_PARTITION_SIZE=0x200000
 WOLFBOOT_SECTOR_SIZE=0x1000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
 #WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
 #WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
-WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x180000
-WOLFBOOT_PARTITION_SWAP_ADDRESS=0x280000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x280000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x480000
 
 # required for keytools
 WOLFBOOT_FIXED_PARTITIONS=1

config/examples/sim-wolfHSM-client-certchain-rsa4096.config

@@ -19,14 +19,14 @@ WOLFHSM_CLIENT=1
 
 # sizes should be multiple of system page size
 #WOLFBOOT_PARTITION_SIZE=0x40000
-WOLFBOOT_PARTITION_SIZE=0x100000
+WOLFBOOT_PARTITION_SIZE=0x200000
 WOLFBOOT_SECTOR_SIZE=0x1000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
 #WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
 #WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
-WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x180000
-WOLFBOOT_PARTITION_SWAP_ADDRESS=0x280000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x280000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x480000
 
 # required for keytools
 WOLFBOOT_FIXED_PARTITIONS=1

config/examples/sim-wolfHSM-client-ecc.config

@@ -8,12 +8,12 @@ DEBUG=0
 SPMATH=1
 
 # sizes should be multiple of system page size
-WOLFBOOT_PARTITION_SIZE=0x100000
+WOLFBOOT_PARTITION_SIZE=0x200000
 WOLFBOOT_SECTOR_SIZE=0x1000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
-WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x180000
-WOLFBOOT_PARTITION_SWAP_ADDRESS=0x280000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x280000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x480000
 
 # required for keytools
 WOLFBOOT_FIXED_PARTITIONS=1

config/examples/sim-wolfHSM-client-mldsa.config

@@ -29,12 +29,12 @@ IMAGE_HEADER_SIZE=8192
 #
 
 # sizes should be multiple of system page size
-WOLFBOOT_PARTITION_SIZE=0x100000
+WOLFBOOT_PARTITION_SIZE=0x200000
 WOLFBOOT_SECTOR_SIZE=0x2000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
-WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x180000
-WOLFBOOT_PARTITION_SWAP_ADDRESS=0x280000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x280000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x480000
 
 # required for keytools
 WOLFBOOT_FIXED_PARTITIONS=1

hal/sim.c

@@ -183,9 +183,7 @@ whCommServerConfig cs_conf[1] = {{
 }};
 
 /* Crypto context */
-whServerCryptoContext crypto[1] = {{
-    .devId = INVALID_DEVID,
-}};
+whServerCryptoContext crypto[1] = {0};
 
 #if defined(WOLFHSM_CFG_SHE_EXTENSION)
 whServerSheContext    she[1]    = {{0}};

include/user_settings.h

@@ -77,8 +77,10 @@ extern int tolower(int c);
 #if defined(WOLFBOOT_SIGN_ED25519) || defined(WOLFBOOT_SIGN_SECONDARY_ED25519)
 #   define HAVE_ED25519
 #   define ED25519_SMALL
-#   define NO_ED25519_SIGN
-#   define NO_ED25519_EXPORT
+#   if !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
+#       define NO_ED25519_SIGN
+#       define NO_ED25519_EXPORT
+#   endif
 #   define USE_SLOW_SHA512
 #   define WOLFSSL_SHA512
 #endif
@@ -88,8 +90,10 @@ extern int tolower(int c);
 #   define HAVE_ED448
 #   define HAVE_ED448_VERIFY
 #   define ED448_SMALL
-#   define NO_ED448_SIGN
-#   define NO_ED448_EXPORT
+#   if !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
+#       define NO_ED448_SIGN
+#       define NO_ED448_EXPORT
+#   endif
 #   define WOLFSSL_SHA3
 #   define WOLFSSL_SHAKE256
 #   define WOLFSSL_SHA512
@@ -146,7 +150,6 @@ extern int tolower(int c);
 #endif
 #       define WOLFSSL_SP_MATH
 #       define WOLFSSL_SP_SMALL
-#       define SP_WORD_SIZE 32
 #       define WOLFSSL_HAVE_SP_ECC
 #       define WOLFSSL_KEY_GEN
 #       define HAVE_ECC_KEY_EXPORT
@@ -343,8 +346,9 @@ extern int tolower(int c);
 #       define HAVE___UINT128_T
 #       define SP_WORD_SIZE 64
 #   elif defined(ARCH_x86_64) && !defined(FORCE_32BIT)
+#       define HAVE___UINT128_T
 #       define SP_WORD_SIZE 64
-#       ifndef NO_ASM
+#       if !defined(NO_ASM)
 #           define WOLFSSL_SP_X86_64_ASM
 #       endif
 #   else

src/multiboot.c

@@ -379,13 +379,18 @@ uint8_t *mb2_find_header(uint8_t *image, int size)
 
 void mb2_jump(uintptr_t entry, uint32_t mb2_boot_info)
 {
+#if defined(__x86_64__) || defined(__i386__)
     __asm__(
             "mov $0x36d76289, %%eax\r\n"
             "mov %0, %%ebx\r\n"
             "jmp *%1\r\n"
             :
             : "g"(mb2_boot_info), "g"(entry)
             : "eax", "ebx");
+#else
+    (void)entry;
+    (void)mb2_boot_info;
+#endif
 }
 
 #endif /* WOLFBOOT_MULTIBOOT2 */

src/xmalloc.c

@@ -75,6 +75,12 @@ struct xmalloc_slot {
             #define MP_POINT_SIZE (196)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 8)
             #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * 2 * 8 * 6)
+        #elif SP_WORD_SIZE == 64
+            #define MP_POINT_SIZE (200)
+            #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 4)
+            #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * (2 * 4 * 6))
+            #define MP_DIGITS_BUFFER_SIZE_2 (MP_DIGIT_SIZE * (2 * 4 * 6))
+            #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 8)
         #else
             #define MP_POINT_SIZE (220)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 9)
@@ -91,6 +97,12 @@ struct xmalloc_slot {
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 12)
             #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * 2 * 12 * 6)
             #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 12)
+        #elif SP_WORD_SIZE == 64
+            #define MP_POINT_SIZE (344)
+            #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 7)
+            #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * (2 * 7 * 6))
+            #define MP_DIGITS_BUFFER_SIZE_2 (MP_DIGIT_SIZE * (2 * 7 * 6))
+            #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 12)
         #else
             #define MP_POINT_SIZE (364)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 15)
@@ -107,6 +119,12 @@ struct xmalloc_slot {
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 17)
             #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * 2 * 17 * 6)
             #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 12)
+        #elif SP_WORD_SIZE == 64
+            #define MP_POINT_SIZE (440)
+            #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 9)
+            #define MP_DIGITS_BUFFER_SIZE_1 (MP_DIGIT_SIZE * (2 * 9 * 6))
+            #define MP_DIGITS_BUFFER_SIZE_2 (MP_DIGIT_SIZE * (2 * 9 * 6))
+            #define MP_MONTGOMERY_SIZE (sizeof(int64_t) * 2 * 12)
         #else
             #define MP_POINT_SIZE (508)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 21)
@@ -129,7 +147,13 @@ struct xmalloc_slot {
     #endif
     static uint8_t mp_points_0[MP_POINT_SIZE * 2];
     static uint8_t mp_points_1[MP_POINT_SIZE * 3];
+    /* x86_64 SP always uses win_add_sub with 33+2 precomputed points,
+     * even when WOLFSSL_SP_SMALL is defined */
+    #if SP_WORD_SIZE == 64
+    static uint8_t mp_points_2[MP_POINT_SIZE * (33 + 2)];
+    #else
     static uint8_t mp_points_2[MP_POINT_SIZE * (16 + 1)];
+    #endif
     static uint8_t mp_digits_buffer_0[MP_DIGITS_BUFFER_SIZE_0];
     static uint8_t mp_digits_buffer_1[MP_DIGITS_BUFFER_SIZE_1];
     #if !defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && (defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SIGN_ECC521))
@@ -234,7 +258,11 @@ static struct xmalloc_slot xmalloc_pool[] = {
     { (uint8_t *)mp_digits_buffer_2, MP_DIGITS_BUFFER_SIZE_2, 0 },
     { (uint8_t *)mp_montgomery, MP_MONTGOMERY_SIZE, 0 },
     #endif
+    #if SP_WORD_SIZE == 64
+    { (uint8_t *)mp_points_2, MP_POINT_SIZE * (33 + 2), 0 },
+    #else
     { (uint8_t *)mp_points_2, MP_POINT_SIZE * (16 + 1), 0 },
+    #endif
     { (uint8_t *)mp_digits_buffer_0, MP_DIGITS_BUFFER_SIZE_0, 0},
     { (uint8_t *)mp_digits_buffer_1, MP_DIGITS_BUFFER_SIZE_1, 0},
     #ifndef WC_NO_CACHE_RESISTANT

test-app/Makefile

@@ -970,6 +970,11 @@ $(WOLFSSL_LOCAL_OBJDIR)/%.o: %.c
 	$(Q)mkdir -p $(dir $@)
 	$(Q)$(CC) $(WOLFSSL_CFLAGS) -c $(OUTPUT_FLAG) $@ $<
 
+$(WOLFSSL_LOCAL_OBJDIR)/%.o: %.S
+	@echo "\t[AS-$(ARCH)] $@"
+	$(Q)mkdir -p $(dir $@)
+	$(Q)$(CC) $(WOLFSSL_CFLAGS) -c $(OUTPUT_FLAG) $@ $<
+
 clean:
 	$(Q)rm -f *.bin *.elf tags *.o $(LSCRIPT) $(APP_OBJS) wcs/*.o
 	$(Q)rm -rf $(WOLFSSL_LOCAL_OBJDIR)