diff --git a/crypto/Makefile b/crypto/Makefile index 5578ae726..cd9e5a387 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -84,6 +84,7 @@ CFLAGS += -DUSE_NEM=1 CFLAGS += -DUSE_CARDANO=1 CFLAGS += -DUSE_INSECURE_PRNG=1 CFLAGS += -DAES_128 +CFLAGS += -DAES_VAR CFLAGS += $(shell pkg-config --cflags openssl) # disable certain optimizations and features when small footprint is required @@ -98,7 +99,7 @@ SRCS += ripemd160.c SRCS += sha2.c SRCS += sha3.c SRCS += hasher.c -SRCS += aes/aesccm.c aes/aescrypt.c aes/aeskey.c aes/aestab.c aes/aes_modes.c +SRCS += aes/aesccm.c aes/aescrypt.c aes/aesgcm.c aes/aeskey.c aes/aestab.c aes/aes_modes.c aes/gf128mul.c SRCS += ed25519-donna/curve25519-donna-32bit.c ed25519-donna/curve25519-donna-helpers.c ed25519-donna/modm-donna-32bit.c SRCS += ed25519-donna/ed25519-donna-basepoint-table.c ed25519-donna/ed25519-donna-32bit-tables.c ed25519-donna/ed25519-donna-impl-base.c SRCS += ed25519-donna/ed25519.c ed25519-donna/curve25519-donna-scalarmult-base.c ed25519-donna/ed25519-sha3.c ed25519-donna/ed25519-keccak.c @@ -157,7 +158,7 @@ tests/test_openssl: tests/test_openssl.o $(OBJS) $(CC) $(CFLAGS) tests/test_openssl.o $(OBJS) $(TESTSSLLIBS) -o tests/test_openssl tests/libtrezor-crypto.so: $(SRCS) secp256k1-zkp.o precomputed_ecmult.o precomputed_ecmult_gen.o - $(CC) $(CFLAGS) -DAES_128 -DAES_192 -fPIC -shared $(SRCS) secp256k1-zkp.o precomputed_ecmult.o precomputed_ecmult_gen.o -o tests/libtrezor-crypto.so + $(CC) $(CFLAGS) -fPIC -shared $(SRCS) secp256k1-zkp.o precomputed_ecmult.o precomputed_ecmult_gen.o -o tests/libtrezor-crypto.so tools: tools/xpubaddrgen tools/mktable tools/bip39bruteforce diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 878943b57..f56a64ad7 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -27,7 +27,6 @@ Issue Date: 02/08/2018 #include #include -#define VOID_RETURN void #define INT_RETURN int #define ALIGN_OFFSET(x,n) (((intptr_t)(x)) & ((n) - 1)) #define ALIGN_FLOOR(x,n) ((uint8_t*)(x) - ( ((intptr_t)(x)) & ((n) - 1))) diff --git a/crypto/aes/aesgcm.c b/crypto/aes/aesgcm.c index a6415f97a..4b0edf115 100644 --- a/crypto/aes/aesgcm.c +++ b/crypto/aes/aesgcm.c @@ -29,7 +29,7 @@ Issue Date: 30/03/2011 a bug in the fast buffer operations on big endian systems. */ -#include "gcm.h" +#include "aesgcm.h" #include "mode_hdr.h" /* This GCM implementation needs a Galois Field multiplier for GF(2^128). @@ -176,7 +176,7 @@ ret_type gcm_init_message( /* initialise a new message */ xor_block_aligned(ctx->ctr_val, ctx->ctr_val, iv); n_pos -= BLOCK_SIZE; iv += BLOCK_SIZE; - gf_mul_hh((gf_t*)ctx->ctr_val, ctx); + gf_mul_hh(ctx->ctr_val, ctx); } if(n_pos) @@ -184,12 +184,12 @@ ret_type gcm_init_message( /* initialise a new message */ p = UI8_PTR(ctx->ctr_val); while(n_pos-- > 0) *p++ ^= *iv++; - gf_mul_hh((gf_t*)ctx->ctr_val, ctx); + gf_mul_hh(ctx->ctr_val, ctx); } n_pos = (iv_len << 3); for(i = BLOCK_SIZE - 1; n_pos; --i, n_pos >>= 8) UI8_PTR(ctx->ctr_val)[i] ^= (unsigned char)n_pos; - gf_mul_hh((gf_t*)ctx->ctr_val, ctx); + gf_mul_hh(ctx->ctr_val, ctx); } ctx->y0_val = *UI32_PTR(UI8_PTR(ctx->ctr_val) + CTR_POS); @@ -210,7 +210,7 @@ ret_type gcm_auth_header( /* authenticate the header */ return RETURN_GOOD; if(ctx->hdr_cnt && b_pos == 0) - gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx); + gf_mul_hh(ctx->hdr_ghv, ctx); if(!((hdr - (UI8_PTR(ctx->hdr_ghv) + b_pos)) & BUF_ADRMASK)) { @@ -225,7 +225,7 @@ ret_type gcm_auth_header( /* authenticate the header */ while(cnt + BLOCK_SIZE <= hdr_len) { - gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx); + gf_mul_hh(ctx->hdr_ghv, ctx); xor_block_aligned(ctx->hdr_ghv, ctx->hdr_ghv, hdr + cnt); cnt += BLOCK_SIZE; } @@ -237,7 +237,7 @@ ret_type gcm_auth_header( /* authenticate the header */ while(cnt + BLOCK_SIZE <= hdr_len) { - gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx); + gf_mul_hh(ctx->hdr_ghv, ctx); xor_block(ctx->hdr_ghv, ctx->hdr_ghv, hdr + cnt); cnt += BLOCK_SIZE; } @@ -247,7 +247,7 @@ ret_type gcm_auth_header( /* authenticate the header */ { if(b_pos == BLOCK_SIZE) { - gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx); + gf_mul_hh(ctx->hdr_ghv, ctx); b_pos = 0; } UI8_PTR(ctx->hdr_ghv)[b_pos++] ^= hdr[cnt++]; @@ -267,7 +267,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */ return RETURN_GOOD; if(ctx->txt_acnt && b_pos == 0) - gf_mul_hh((gf_t*)ctx->txt_ghv, ctx); + gf_mul_hh(ctx->txt_ghv, ctx); if(!((data - (UI8_PTR(ctx->txt_ghv) + b_pos)) & BUF_ADRMASK)) { @@ -282,7 +282,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */ while(cnt + BLOCK_SIZE <= data_len) { - gf_mul_hh((gf_t*)ctx->txt_ghv, ctx); + gf_mul_hh(ctx->txt_ghv, ctx); xor_block_aligned(ctx->txt_ghv, ctx->txt_ghv, data + cnt); cnt += BLOCK_SIZE; } @@ -294,7 +294,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */ while(cnt + BLOCK_SIZE <= data_len) { - gf_mul_hh((gf_t*)ctx->txt_ghv, ctx); + gf_mul_hh(ctx->txt_ghv, ctx); xor_block(ctx->txt_ghv, ctx->txt_ghv, data + cnt); cnt += BLOCK_SIZE; } @@ -304,7 +304,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */ { if(b_pos == BLOCK_SIZE) { - gf_mul_hh((gf_t*)ctx->txt_ghv, ctx); + gf_mul_hh(ctx->txt_ghv, ctx); b_pos = 0; } UI8_PTR(ctx->txt_ghv)[b_pos++] ^= data[cnt++]; @@ -385,8 +385,8 @@ ret_type gcm_compute_tag( /* compute authentication tag */ if(ctx->txt_acnt != ctx->txt_ccnt && ctx->txt_ccnt > 0) return RETURN_ERROR; - gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx); - gf_mul_hh((gf_t*)ctx->txt_ghv, ctx); + gf_mul_hh(ctx->hdr_ghv, ctx); + gf_mul_hh(ctx->txt_ghv, ctx); if(ctx->hdr_cnt) { @@ -424,7 +424,7 @@ ret_type gcm_compute_tag( /* compute authentication tag */ convert_representation(tbuf, tbuf, GF_REPRESENTATION); # endif if(i & ln) - gf_mul_hh((gf_t*)tbuf, ctx); + gf_mul_hh(tbuf, ctx); i >>= 1; } # if defined( GF_REPRESENTATION ) @@ -466,7 +466,7 @@ ret_type gcm_compute_tag( /* compute authentication tag */ } #endif - gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx); + gf_mul_hh(ctx->hdr_ghv, ctx); memcpy(ctx->enc_ctr, ctx->ctr_val, BLOCK_SIZE); *UI32_PTR(UI8_PTR(ctx->enc_ctr) + CTR_POS) = ctx->y0_val; diff --git a/crypto/aes/aesopt.h b/crypto/aes/aesopt.h index 550e6f469..3df184c6c 100644 --- a/crypto/aes/aesopt.h +++ b/crypto/aes/aesopt.h @@ -95,9 +95,7 @@ Issue Date: 20/12/2007 /* PLATFORM SPECIFIC INCLUDES */ -#define IS_BIG_ENDIAN 4321 -#define IS_LITTLE_ENDIAN 1234 -#define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN +#include "brg_endian.h" /* CONFIGURATION - THE USE OF DEFINES diff --git a/crypto/aes/gf128mul.h b/crypto/aes/gf128mul.h index 9a59c00dc..8874b9ad5 100644 --- a/crypto/aes/gf128mul.h +++ b/crypto/aes/gf128mul.h @@ -116,7 +116,7 @@ Issue Date: 11/01/2011 # define NEED_UINT_64T #endif -#include "brg_types.h" +#include "mode_hdr.h" /* Choose the Galois Field representation to use (see above) */ #if 0 @@ -141,7 +141,7 @@ Issue Date: 11/01/2011 #if 0 # define TABLES_8K #endif -#if 1 +#if 0 # define TABLES_4K #endif #if 0 diff --git a/crypto/aes/mode_hdr.h b/crypto/aes/mode_hdr.h index ce9408eb4..a0aae0ddd 100644 --- a/crypto/aes/mode_hdr.h +++ b/crypto/aes/mode_hdr.h @@ -51,7 +51,12 @@ This header file is an INTERNAL file which supports mode implementation # define NEED_UINT_64T #endif -#include "brg_types.h" +#include +#define UI_TYPE(size) uint##size##_t +#define UNIT_TYPEDEF(x,size) typedef UI_TYPE(size) x +#define BUFR_TYPEDEF(x,size,bsize) typedef UI_TYPE(size) x[bsize / (size >> 3)] +#define UNIT_CAST(x,size) ((UI_TYPE(size) )(x)) +#define UPTR_CAST(x,size) ((UI_TYPE(size)*)(x)) /* Use of inlines is preferred but code blocks can also be expanded inline using 'defines'. But the latter approach will typically generate a LOT