diff --git a/Makefile.in b/Makefile.in index 3240000..a74881a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -172,7 +172,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \ gmp-glue.c cnd-copy.c \ ecc-mod.c ecc-mod-inv.c \ ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \ - ecc-256.c ecc-384.c ecc-521.c \ + ecc-192.c ecc-224.c ecc-256.c ecc-384.c ecc-521.c \ ecc-25519.c \ ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \ ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c \ @@ -382,7 +382,7 @@ ecc-25519.$(OBJEXT): ecc-25519.h .asm.$(OBJEXT): $(srcdir)/asm.m4 machine.m4 config.m4 $(M4) $(srcdir)/asm.m4 machine.m4 config.m4 $< >$*.s - $(COMPILE) -c -Wa,--generate-missing-build-notes=yes $*.s + $(COMPILE) -c $*.s @echo "$@ : $< $(srcdir)/asm.m4 machine.m4 config.m4" >$@.d # Texinfo rules diff --git a/asm.m4 b/asm.m4 index ee377a7..4018c23 100644 --- a/asm.m4 +++ b/asm.m4 @@ -32,7 +32,7 @@ define(,<>)dnl define(, <.globl C_NAME($1) DECLARE_FUNC(C_NAME($1)) -C_NAME($1): ASM_X86_ENDBR>) +C_NAME($1):>) define(, , <@ASM_TYPE_PROGBITS@>)dnl define(, <@ASM_ALIGN_LOG@>)dnl define(, <@W64_ABI@>)dnl define(, <@ASM_RODATA@>)dnl -define(,<@ASM_X86_ENDBR@>)dnl -define(,<@ASM_X86_MARK_CET_ALIGN@>)dnl divert(1) -@ASM_X86_MARK_CET@ @ASM_MARK_NOEXEC_STACK@ divert diff --git a/configure b/configure index 806e07f..2a64cd8 100755 --- a/configure +++ b/configure @@ -7772,11 +7772,11 @@ LIBS="$old_LIBS" # Set these flags *last*, or else the test programs won't compile if test x$GCC = xyes ; then - # Using -g makes (some versions of) Redhat's gcc-2.96 dump core + # Using -ggdb3 makes (some versions of) Redhat's gcc-2.96 dump core if $CC --version | grep '^2\.96$' 1>/dev/null 2>&1; then true else - CFLAGS="$CFLAGS -g" + CFLAGS="$CFLAGS -ggdb3" fi # FIXME: It would be better to actually test if this option works and/or is needed. # Or perhaps use -funsigned-char. diff --git a/configure.ac b/configure.ac index 090e43a..ec3fbe9 100644 --- a/configure.ac +++ b/configure.ac @@ -787,68 +787,6 @@ EOF ASM_ALIGN_LOG="$nettle_cv_asm_align_log" fi -dnl Define -dnl 1. ASM_X86_ENDBR for endbr32/endbr64. -dnl 2. ASM_X86_MARK_CET to add a .note.gnu.property section to mark -dnl Intel CET support if needed. -dnl 3. ASM_X86_MARK_CET_ALIGN to align ASM_X86_MARK_CET. -AC_CACHE_CHECK([if Intel CET is enabled], - [nettle_cv_asm_x86_intel_cet], - [AC_TRY_COMPILE([ -#ifndef __CET__ -#error Intel CET is not enabled -#endif - ], [], - [nettle_cv_asm_x86_intel_cet=yes], - [nettle_cv_asm_x86_intel_cet=no])]) -if test "$nettle_cv_asm_x86_intel_cet" = yes; then - case $ABI in - 32|standard) - ASM_X86_ENDBR=endbr32 - ASM_X86_MARK_CET_ALIGN=2 - ;; - 64) - ASM_X86_ENDBR=endbr64 - ASM_X86_MARK_CET_ALIGN=3 - ;; - x32) - ASM_X86_ENDBR=endbr64 - ASM_X86_MARK_CET_ALIGN=2 - ;; - esac - AC_CACHE_CHECK([if .note.gnu.property section is needed], - [nettle_cv_asm_x86_gnu_property], - [AC_TRY_COMPILE([ -#if !defined __ELF__ || !defined __CET__ -#error GNU property is not needed -#endif - ], [], - [nettle_cv_asm_x86_gnu_property=yes], - [nettle_cv_asm_x86_gnu_property=no])]) -else - nettle_cv_asm_x86_gnu_property=no -fi -if test "$nettle_cv_asm_x86_gnu_property" = yes; then - ASM_X86_MARK_CET=' - .pushsection ".note.gnu.property", "a" - .p2align ASM_X86_MARK_CET_ALIGN - .long 1f - 0f - .long 4f - 1f - .long 5 -0: - .asciz "GNU" -1: - .p2align ASM_X86_MARK_CET_ALIGN - .long 0xc0000002 - .long 3f - 2f -2: - .long 3 -3: - .p2align ASM_X86_MARK_CET_ALIGN -4: - .popsection' -fi - AC_SUBST(ASM_SYMBOL_PREFIX) AC_SUBST(ASM_ELF_STYLE) AC_SUBST(ASM_COFF_STYLE) @@ -858,9 +796,6 @@ AC_SUBST(ASM_MARK_NOEXEC_STACK) AC_SUBST(ASM_ALIGN_LOG) AC_SUBST(W64_ABI) AC_SUBST(EMULATOR) -AC_SUBST(ASM_X86_ENDBR) -AC_SUBST(ASM_X86_MARK_CET) -AC_SUBST(ASM_X86_MARK_CET_ALIGN) AC_SUBST(LIBNETTLE_MAJOR) AC_SUBST(LIBNETTLE_MINOR) diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c index 720d483..8e5e095 100644 --- a/examples/ecc-benchmark.c +++ b/examples/ecc-benchmark.c @@ -330,6 +330,8 @@ bench_curve (const struct ecc_curve *ecc) } const struct ecc_curve * const curves[] = { + &nettle_secp_192r1, + &nettle_secp_224r1, &_nettle_curve25519, &nettle_secp_256r1, &nettle_secp_384r1, diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c index f13ea18..ebce903 100644 --- a/examples/hogweed-benchmark.c +++ b/examples/hogweed-benchmark.c @@ -393,6 +393,24 @@ bench_ecdsa_init (unsigned size) switch (size) { + case 192: + ecc = &nettle_secp_192r1; + xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599"; + ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736"; + zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd"; + ctx->digest = hash_string (&nettle_sha1, "abc"); + ctx->digest_size = 20; + break; + case 224: + ecc = &nettle_secp_224r1; + xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334"; + ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a"; + zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27"; + ctx->digest = hash_string (&nettle_sha224, "abc"); + ctx->digest_size = 28; + break; + + /* From RFC 4754 */ case 256: ecc = &nettle_secp_256r1; xs = "2442A5CC 0ECD015F A3CA31DC 8E2BBC70 BF42D60C BCA20085 E0822CB0 4235E970"; @@ -563,6 +581,16 @@ bench_openssl_ecdsa_init (unsigned size) switch (size) { + case 192: + ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime192v1); + ctx->digest_length = 24; /* truncated */ + ctx->digest = hash_string (&nettle_sha224, "abc"); + break; + case 224: + ctx->key = EC_KEY_new_by_curve_name (NID_secp224r1); + ctx->digest_length = SHA224_DIGEST_SIZE; + ctx->digest = hash_string (&nettle_sha224, "abc"); + break; case 256: ctx->key = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); ctx->digest_length = SHA256_DIGEST_SIZE; @@ -676,10 +704,14 @@ struct alg alg_list[] = { #if 0 { "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear }, #endif + { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, + { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, { "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, { "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, { "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear }, #if WITH_OPENSSL + { "ecdsa (openssl)", 192, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, + { "ecdsa (openssl)", 224, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, { "ecdsa (openssl)", 256, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, { "ecdsa (openssl)", 384, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, { "ecdsa (openssl)", 521, bench_openssl_ecdsa_init, bench_openssl_ecdsa_sign, bench_openssl_ecdsa_verify, bench_openssl_ecdsa_clear }, diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make index 85ce7d0..82270e9 100644 --- a/testsuite/.test-rules.make +++ b/testsuite/.test-rules.make @@ -166,9 +166,6 @@ yarrow-test$(EXEEXT): yarrow-test.$(OBJEXT) pbkdf2-test$(EXEEXT): pbkdf2-test.$(OBJEXT) $(LINK) pbkdf2-test.$(OBJEXT) $(TEST_OBJS) -o pbkdf2-test$(EXEEXT) -x86-ibt-test$(EXEEXT): x86-ibt-test.$(OBJEXT) - $(LINK) x86-ibt-test.$(OBJEXT) $(TEST_OBJS) -o x86-ibt-test$(EXEEXT) - sexp-test$(EXEEXT): sexp-test.$(OBJEXT) $(LINK) sexp-test.$(OBJEXT) $(TEST_OBJS) -o sexp-test$(EXEEXT) diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in index cf989a7..100997f 100644 --- a/testsuite/Makefile.in +++ b/testsuite/Makefile.in @@ -31,8 +31,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \ hmac-test.c umac-test.c \ meta-hash-test.c meta-cipher-test.c\ meta-aead-test.c meta-armor-test.c \ - buffer-test.c yarrow-test.c pbkdf2-test.c \ - x86-ibt-test.c + buffer-test.c yarrow-test.c pbkdf2-test.c TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \ rsa2sexp-test.c sexp2rsa-test.c \ diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c index 08870b1..5a2b39d 100644 --- a/testsuite/ecdh-test.c +++ b/testsuite/ecdh-test.c @@ -138,6 +138,26 @@ test_dh (const char *name, const struct ecc_curve *ecc, void test_main(void) { + test_dh ("secp-192r1", &nettle_secp_192r1, + "3406157206141798348095184987208239421004566462391397236532", + "1050363442265225480786760666329560655512990381040021438562", + "5298249600854377235107392014200406283816103564916230704184", + "738368960171459956677260317271477822683777845013274506165", + "2585840779771604687467445319428618542927556223024046979917", + "293088185788565313717816218507714888251468410990708684573", + "149293809021051532782730990145509724807636529827149481690", + "2891131861147398318714693938158856874319184314120776776192"); + + test_dh ("secp-224r1", &nettle_secp_224r1, + "1321072106881784386340709783538698930880431939595776773514895067682", + "6768311794185371282972144247871764855860666277647541840973645586477", + "2880077809069104378181313860274147139049600284805670362929579614547", + "13934723037778859565852601874354272638301919827851286722006496784914", + "373124771833407982305885866158843810218322878380632071540538232035", + "24223309755162432227459925493224336241652868856405241018762887667883", + "8330362698029245839097779050425944245826040430538860338085968752913", + "24167244512472228715617822000878192535267113543393576038737592837010"); + test_dh ("secp-256r1", &nettle_secp_256r1, "94731533361265297353914491124013058635674217345912524033267198103710636378786", "22441589863306126152768848344973918725077248391248404659242620344938484650846", diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c index 1ca36c2..559de8e 100644 --- a/testsuite/ecdsa-sign-test.c +++ b/testsuite/ecdsa-sign-test.c @@ -60,6 +60,37 @@ test_main (void) { /* Test cases for the smaller groups, verified with a proof-of-concept implementation done for Yubico AB. */ + test_ecdsa (&nettle_secp_192r1, + "DC51D3866A15BACDE33D96F992FCA99D" + "A7E6EF0934E70975", /* z */ + + "9E56F509196784D963D1C0A401510EE7" + "ADA3DCC5DEE04B15", /* k */ + + SHEX("BA7816BF8F01CFEA414140DE5DAE2223" + "B00361A396177A9C"), /* h */ + + "8c478db6a5c131540cebc739f9c0a9a8" + "c720c2abdd14a891", /* r */ + + "a91fb738f9f175d72f9c98527e881c36" + "8de68cb55ffe589"); /* s */ + + test_ecdsa (&nettle_secp_224r1, + "446df0a771ed58403ca9cb316e617f6b" + "158420465d00a69601e22858", /* z */ + + "4c13f1905ad7eb201178bc08e0c9267b" + "4751c15d5e1831ca214c33f4", /* z */ + + SHEX("1b28a611fe62ab3649350525d06703ba" + "4b979a1e543566fd5caa85c6"), /* h */ + + "2cc280778f3d067df6d3adbe3a6aad63" + "bc75f08f5c5f915411902a99", /* r */ + + "d0f069fd0f108eb07b7bbc54c8d6c88d" + "f2715c38a95c31a2b486995f"); /* s */ /* From RFC 4754 */ test_ecdsa (&nettle_secp_256r1, diff --git a/testsuite/testutils.c b/testsuite/testutils.c index 7f6745a..c965618 100644 --- a/testsuite/testutils.c +++ b/testsuite/testutils.c @@ -1391,6 +1391,8 @@ test_dsa_key(const struct dsa_params *params, } const struct ecc_curve * const ecc_curves[] = { + &nettle_secp_192r1, + &nettle_secp_224r1, &nettle_secp_256r1, &nettle_secp_384r1, &nettle_secp_521r1, @@ -1447,6 +1449,20 @@ test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p) { /* For each curve, the points 2 g, 3 g and 4 g */ static const struct ecc_ref_point ref[6][3] = { + { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888", + "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" }, + { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da", + "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" }, + { "35433907297cc378b0015703374729d7a4fe46647084e4ba", + "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" } + }, + { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6", + "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" }, + { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04", + "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" }, + { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301", + "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" }, + }, { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978", "7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" }, { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c", diff --git a/testsuite/x86-ibt-test.c b/testsuite/x86-ibt-test.c deleted file mode 100644 index 1f3d1d6..0000000 --- a/testsuite/x86-ibt-test.c +++ /dev/null @@ -1,69 +0,0 @@ -#include "testutils.h" -#if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) \ - && defined(__CET__) && defined(__linux__) -#include - -static void -segfault_handler(int signo) -{ - exit(0); -} - -static void -ibt_violation(void) -{ -#ifdef __i386__ - unsigned int reg; - asm volatile("lea 1f, %0\n\t" - "jmp *%0\n" - "1:" : "=r" (reg)); -#else - unsigned long long reg; - asm volatile("lea 1f(%%rip), %0\n\t" - "jmp *%0\n" - "1:" : "=r" (reg)); -#endif -} - -#ifdef __i386__ -static unsigned int -_get_ssp(void) -{ - unsigned int ssp; - asm volatile("xor %0, %0\n\trdsspd %0" : "=r" (ssp)); - return ssp; -} -#else -static unsigned long long -_get_ssp(void) -{ - unsigned long long ssp; - asm volatile("xor %0, %0\n\trdsspq %0" : "=r" (ssp)); - return ssp; -} -#endif - -void -test_main(void) -{ - /* NB: This test should trigger SIGSEGV on CET platforms. _get_ssp - returns the address of shadow stack pointer. If the address of - shadow stack pointer is 0, SHSTK is disabled and we assume that - IBT is also disabled. */ - if (_get_ssp() == 0) - { - ibt_violation(); - SKIP(); - } - - signal(SIGSEGV, segfault_handler); - ibt_violation(); - FAIL(); -} -#else -void -test_main(void) -{ - SKIP(); -} -#endif