From 8d981b4d5ae24c469189181d445c3b206b2a2c14 Mon Sep 17 00:00:00 2001 From: armfazh Date: Mon, 16 Oct 2023 16:41:23 -0700 Subject: [PATCH 01/53] zeta: updating format rule and removing linter rule. --- zeta/.clang-format | 2 +- zeta/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/zeta/.clang-format b/zeta/.clang-format index 8c826f32067e9..72d680c57861b 100644 --- a/zeta/.clang-format +++ b/zeta/.clang-format @@ -675,7 +675,7 @@ SpaceBeforeInheritanceColon: true SpaceBeforeParens: ControlStatementsExceptForEachMacros SpaceBeforeRangeBasedForLoopColon: true SpaceInEmptyParentheses: false -SpacesBeforeTrailingComments: 1 +SpacesBeforeTrailingComments: 2 SpacesInAngles: false SpacesInContainerLiterals: false SpacesInCStyleCastParentheses: false diff --git a/zeta/Makefile b/zeta/Makefile index c16b40572124c..4e0d502ee7806 100644 --- a/zeta/Makefile +++ b/zeta/Makefile @@ -28,4 +28,4 @@ format: check-env lint: check-env # Tested with cpplint v1.5.5 - cpplint --filter=-whitespace/braces,-readability/casting ${ALL_FILES} + cpplint --filter=-whitespace/braces,-readability/casting,-build/include_subdir ${ALL_FILES} From 2e040b68a0f5aa70be693a2a038d7a299b2167ef Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 5 Oct 2023 14:54:13 +0200 Subject: [PATCH 02/53] HACL SHA2 code --- crypto/hacl_hash.h | 392 +++++++++++++++ crypto/hacl_lib.h | 231 +++++++++ crypto/sha2-hacl-generated.c | 939 +++++++++++++++++++++++++++++++++++ crypto/sha2-hacl.c | 187 +++++++ 4 files changed, 1749 insertions(+) create mode 100644 crypto/hacl_hash.h create mode 100644 crypto/hacl_lib.h create mode 100644 crypto/sha2-hacl-generated.c create mode 100644 crypto/sha2-hacl.c diff --git a/crypto/hacl_hash.h b/crypto/hacl_hash.h new file mode 100644 index 0000000000000..38901e36dbe8c --- /dev/null +++ b/crypto/hacl_hash.h @@ -0,0 +1,392 @@ +/* + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * Copyright (c) 2023 Cryspen + */ + +#ifndef CRYPTO_HACL_HASH_H_ +#define CRYPTO_HACL_HASH_H_ + +#include "./hacl_lib.h" + +#define Spec_Hash_Definitions_SHA2_224 0 +#define Spec_Hash_Definitions_SHA2_256 1 +#define Spec_Hash_Definitions_SHA2_384 2 +#define Spec_Hash_Definitions_SHA2_512 3 +#define Spec_Hash_Definitions_SHA1 4 +#define Spec_Hash_Definitions_MD5 5 +#define Spec_Hash_Definitions_Blake2S 6 +#define Spec_Hash_Definitions_Blake2B 7 +#define Spec_Hash_Definitions_SHA3_256 8 +#define Spec_Hash_Definitions_SHA3_224 9 +#define Spec_Hash_Definitions_SHA3_384 10 +#define Spec_Hash_Definitions_SHA3_512 11 +#define Spec_Hash_Definitions_Shake128 12 +#define Spec_Hash_Definitions_Shake256 13 + +typedef uint8_t Spec_Hash_Definitions_hash_alg; + +#define Hacl_Streaming_Types_Success 0 +#define Hacl_Streaming_Types_InvalidAlgorithm 1 +#define Hacl_Streaming_Types_InvalidLength 2 +#define Hacl_Streaming_Types_MaximumLengthExceeded 3 + +uint32_t Hacl_Hash_Definitions_word_len(Spec_Hash_Definitions_hash_alg a); + +uint32_t Hacl_Hash_Definitions_block_len(Spec_Hash_Definitions_hash_alg a); + +uint32_t Hacl_Hash_Definitions_hash_word_len(Spec_Hash_Definitions_hash_alg a); + +uint32_t Hacl_Hash_Definitions_hash_len(Spec_Hash_Definitions_hash_alg a); + +typedef uint8_t *Hacl_Hash_Definitions_hash_t; + +typedef uint8_t Hacl_Streaming_Types_error_code; + +typedef struct Hacl_Streaming_MD_state_32_s { + uint32_t *block_state; + uint8_t *buf; + uint64_t total_len; +} Hacl_Streaming_MD_state_32; + +typedef struct Hacl_Streaming_MD_state_64_s { + uint64_t *block_state; + uint8_t *buf; + uint64_t total_len; +} Hacl_Streaming_MD_state_64; + +static const uint32_t Hacl_Impl_SHA2_Generic_h224[8U] = { + (uint32_t)0xc1059ed8U, (uint32_t)0x367cd507U, (uint32_t)0x3070dd17U, + (uint32_t)0xf70e5939U, (uint32_t)0xffc00b31U, (uint32_t)0x68581511U, + (uint32_t)0x64f98fa7U, (uint32_t)0xbefa4fa4U +}; + +static const uint32_t Hacl_Impl_SHA2_Generic_h256[8U] = { + (uint32_t)0x6a09e667U, (uint32_t)0xbb67ae85U, (uint32_t)0x3c6ef372U, + (uint32_t)0xa54ff53aU, (uint32_t)0x510e527fU, (uint32_t)0x9b05688cU, + (uint32_t)0x1f83d9abU, (uint32_t)0x5be0cd19U +}; + +static const uint64_t Hacl_Impl_SHA2_Generic_h384[8U] = { + (uint64_t)0xcbbb9d5dc1059ed8U, (uint64_t)0x629a292a367cd507U, + (uint64_t)0x9159015a3070dd17U, (uint64_t)0x152fecd8f70e5939U, + (uint64_t)0x67332667ffc00b31U, (uint64_t)0x8eb44a8768581511U, + (uint64_t)0xdb0c2e0d64f98fa7U, (uint64_t)0x47b5481dbefa4fa4U +}; + +static const uint64_t Hacl_Impl_SHA2_Generic_h512[8U] = { + (uint64_t)0x6a09e667f3bcc908U, (uint64_t)0xbb67ae8584caa73bU, + (uint64_t)0x3c6ef372fe94f82bU, (uint64_t)0xa54ff53a5f1d36f1U, + (uint64_t)0x510e527fade682d1U, (uint64_t)0x9b05688c2b3e6c1fU, + (uint64_t)0x1f83d9abfb41bd6bU, (uint64_t)0x5be0cd19137e2179U +}; + +static const uint32_t Hacl_Impl_SHA2_Generic_k224_256[64U] = { + (uint32_t)0x428a2f98U, (uint32_t)0x71374491U, (uint32_t)0xb5c0fbcfU, + (uint32_t)0xe9b5dba5U, (uint32_t)0x3956c25bU, (uint32_t)0x59f111f1U, + (uint32_t)0x923f82a4U, (uint32_t)0xab1c5ed5U, (uint32_t)0xd807aa98U, + (uint32_t)0x12835b01U, (uint32_t)0x243185beU, (uint32_t)0x550c7dc3U, + (uint32_t)0x72be5d74U, (uint32_t)0x80deb1feU, (uint32_t)0x9bdc06a7U, + (uint32_t)0xc19bf174U, (uint32_t)0xe49b69c1U, (uint32_t)0xefbe4786U, + (uint32_t)0x0fc19dc6U, (uint32_t)0x240ca1ccU, (uint32_t)0x2de92c6fU, + (uint32_t)0x4a7484aaU, (uint32_t)0x5cb0a9dcU, (uint32_t)0x76f988daU, + (uint32_t)0x983e5152U, (uint32_t)0xa831c66dU, (uint32_t)0xb00327c8U, + (uint32_t)0xbf597fc7U, (uint32_t)0xc6e00bf3U, (uint32_t)0xd5a79147U, + (uint32_t)0x06ca6351U, (uint32_t)0x14292967U, (uint32_t)0x27b70a85U, + (uint32_t)0x2e1b2138U, (uint32_t)0x4d2c6dfcU, (uint32_t)0x53380d13U, + (uint32_t)0x650a7354U, (uint32_t)0x766a0abbU, (uint32_t)0x81c2c92eU, + (uint32_t)0x92722c85U, (uint32_t)0xa2bfe8a1U, (uint32_t)0xa81a664bU, + (uint32_t)0xc24b8b70U, (uint32_t)0xc76c51a3U, (uint32_t)0xd192e819U, + (uint32_t)0xd6990624U, (uint32_t)0xf40e3585U, (uint32_t)0x106aa070U, + (uint32_t)0x19a4c116U, (uint32_t)0x1e376c08U, (uint32_t)0x2748774cU, + (uint32_t)0x34b0bcb5U, (uint32_t)0x391c0cb3U, (uint32_t)0x4ed8aa4aU, + (uint32_t)0x5b9cca4fU, (uint32_t)0x682e6ff3U, (uint32_t)0x748f82eeU, + (uint32_t)0x78a5636fU, (uint32_t)0x84c87814U, (uint32_t)0x8cc70208U, + (uint32_t)0x90befffaU, (uint32_t)0xa4506cebU, (uint32_t)0xbef9a3f7U, + (uint32_t)0xc67178f2U +}; + +static const uint64_t Hacl_Impl_SHA2_Generic_k384_512[80U] = { + (uint64_t)0x428a2f98d728ae22U, (uint64_t)0x7137449123ef65cdU, + (uint64_t)0xb5c0fbcfec4d3b2fU, (uint64_t)0xe9b5dba58189dbbcU, + (uint64_t)0x3956c25bf348b538U, (uint64_t)0x59f111f1b605d019U, + (uint64_t)0x923f82a4af194f9bU, (uint64_t)0xab1c5ed5da6d8118U, + (uint64_t)0xd807aa98a3030242U, (uint64_t)0x12835b0145706fbeU, + (uint64_t)0x243185be4ee4b28cU, (uint64_t)0x550c7dc3d5ffb4e2U, + (uint64_t)0x72be5d74f27b896fU, (uint64_t)0x80deb1fe3b1696b1U, + (uint64_t)0x9bdc06a725c71235U, (uint64_t)0xc19bf174cf692694U, + (uint64_t)0xe49b69c19ef14ad2U, (uint64_t)0xefbe4786384f25e3U, + (uint64_t)0x0fc19dc68b8cd5b5U, (uint64_t)0x240ca1cc77ac9c65U, + (uint64_t)0x2de92c6f592b0275U, (uint64_t)0x4a7484aa6ea6e483U, + (uint64_t)0x5cb0a9dcbd41fbd4U, (uint64_t)0x76f988da831153b5U, + (uint64_t)0x983e5152ee66dfabU, (uint64_t)0xa831c66d2db43210U, + (uint64_t)0xb00327c898fb213fU, (uint64_t)0xbf597fc7beef0ee4U, + (uint64_t)0xc6e00bf33da88fc2U, (uint64_t)0xd5a79147930aa725U, + (uint64_t)0x06ca6351e003826fU, (uint64_t)0x142929670a0e6e70U, + (uint64_t)0x27b70a8546d22ffcU, (uint64_t)0x2e1b21385c26c926U, + (uint64_t)0x4d2c6dfc5ac42aedU, (uint64_t)0x53380d139d95b3dfU, + (uint64_t)0x650a73548baf63deU, (uint64_t)0x766a0abb3c77b2a8U, + (uint64_t)0x81c2c92e47edaee6U, (uint64_t)0x92722c851482353bU, + (uint64_t)0xa2bfe8a14cf10364U, (uint64_t)0xa81a664bbc423001U, + (uint64_t)0xc24b8b70d0f89791U, (uint64_t)0xc76c51a30654be30U, + (uint64_t)0xd192e819d6ef5218U, (uint64_t)0xd69906245565a910U, + (uint64_t)0xf40e35855771202aU, (uint64_t)0x106aa07032bbd1b8U, + (uint64_t)0x19a4c116b8d2d0c8U, (uint64_t)0x1e376c085141ab53U, + (uint64_t)0x2748774cdf8eeb99U, (uint64_t)0x34b0bcb5e19b48a8U, + (uint64_t)0x391c0cb3c5c95a63U, (uint64_t)0x4ed8aa4ae3418acbU, + (uint64_t)0x5b9cca4f7763e373U, (uint64_t)0x682e6ff3d6b2b8a3U, + (uint64_t)0x748f82ee5defb2fcU, (uint64_t)0x78a5636f43172f60U, + (uint64_t)0x84c87814a1f0ab72U, (uint64_t)0x8cc702081a6439ecU, + (uint64_t)0x90befffa23631e28U, (uint64_t)0xa4506cebde82bde9U, + (uint64_t)0xbef9a3f7b2c67915U, (uint64_t)0xc67178f2e372532bU, + (uint64_t)0xca273eceea26619cU, (uint64_t)0xd186b8c721c0c207U, + (uint64_t)0xeada7dd6cde0eb1eU, (uint64_t)0xf57d4f7fee6ed178U, + (uint64_t)0x06f067aa72176fbaU, (uint64_t)0x0a637dc5a2c898a6U, + (uint64_t)0x113f9804bef90daeU, (uint64_t)0x1b710b35131c471bU, + (uint64_t)0x28db77f523047d84U, (uint64_t)0x32caab7b40c72493U, + (uint64_t)0x3c9ebe0a15c9bebcU, (uint64_t)0x431d67c49c100d4cU, + (uint64_t)0x4cc5d4becb3e42b6U, (uint64_t)0x597f299cfc657e2aU, + (uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U +}; + +void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash); + +void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, + uint32_t *st); + +void Hacl_SHA2_Scalar32_sha256_update_last(uint64_t totlen, uint32_t len, + uint8_t *b, uint32_t *hash); + +void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h); + +void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash); + +void Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, + uint8_t *b, uint32_t *st); + +void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h); + +void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash); + +void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, + uint64_t *st); + +void Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_uint128 totlen, + uint32_t len, uint8_t *b, + uint64_t *hash); + +void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h); + +void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash); + +void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, + uint64_t *st); + +void Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_uint128 totlen, + uint32_t len, uint8_t *b, + uint64_t *st); + +void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h); + +typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_224; + +typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_256; + +typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_384; + +typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_512; + +/** +Allocate initial state for the SHA2_256 hash. The state is to be freed by +calling `free_256`. +*/ +Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void); + +/** +Copies the state passed as argument into a newly allocated state (deep copy). +The state is to be freed by calling `free_256`. Cloning the state this way is +useful, for instance, if your control-flow diverges and you need to feed +more (different) data into the hash in each branch. +*/ +Hacl_Streaming_MD_state_32 * +Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0); + +/** +Reset an existing state to the initial hash state with empty data. +*/ +void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s); + +/** +Feed an arbitrary amount of data into the hash. This function returns 0 for +success, or 1 if the combined length of all of the data passed to `update_256` +(since the last call to `init_256`) exceeds 2^61-1 bytes. + +This function is identical to the update function for SHA2_224. +*/ +Hacl_Streaming_Types_error_code +Hacl_Streaming_SHA2_update_256(Hacl_Streaming_MD_state_32 *p, uint8_t *input, + uint32_t input_len); + +/** +Write the resulting hash into `dst`, an array of 32 bytes. The state remains +valid after a call to `finish_256`, meaning the user may feed more data into +the hash via `update_256`. (The finish_256 function operates on an internal copy +of the state and therefore does not invalidate the client-held state `p`.) +*/ +void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, + uint8_t *dst); + +/** +Free a state allocated with `create_in_256`. + +This function is identical to the free function for SHA2_224. +*/ +void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s); + +/** +Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes. +*/ +void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, + uint8_t *dst); + +Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void); + +void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s); + +Hacl_Streaming_Types_error_code +Hacl_Streaming_SHA2_update_224(Hacl_Streaming_MD_state_32 *p, uint8_t *input, + uint32_t input_len); + +/** +Write the resulting hash into `dst`, an array of 28 bytes. The state remains +valid after a call to `finish_224`, meaning the user may feed more data into +the hash via `update_224`. +*/ +void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, + uint8_t *dst); + +void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p); + +/** +Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes. +*/ +void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, + uint8_t *dst); + +Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void); + +/** +Copies the state passed as argument into a newly allocated state (deep copy). +The state is to be freed by calling `free_512`. Cloning the state this way is +useful, for instance, if your control-flow diverges and you need to feed +more (different) data into the hash in each branch. +*/ +Hacl_Streaming_MD_state_64 * +Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0); + +void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s); + +/** +Feed an arbitrary amount of data into the hash. This function returns 0 for +success, or 1 if the combined length of all of the data passed to `update_512` +(since the last call to `init_512`) exceeds 2^125-1 bytes. + +This function is identical to the update function for SHA2_384. +*/ +Hacl_Streaming_Types_error_code +Hacl_Streaming_SHA2_update_512(Hacl_Streaming_MD_state_64 *p, uint8_t *input, + uint32_t input_len); + +/** +Write the resulting hash into `dst`, an array of 64 bytes. The state remains +valid after a call to `finish_512`, meaning the user may feed more data into +the hash via `update_512`. (The finish_512 function operates on an internal copy +of the state and therefore does not invalidate the client-held state `p`.) +*/ +void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, + uint8_t *dst); + +/** +Free a state allocated with `create_in_512`. + +This function is identical to the free function for SHA2_384. +*/ +void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s); + +/** +Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes. +*/ +void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, + uint8_t *dst); + +Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void); + +void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s); + +Hacl_Streaming_Types_error_code +Hacl_Streaming_SHA2_update_384(Hacl_Streaming_MD_state_64 *p, uint8_t *input, + uint32_t input_len); + +/** +Write the resulting hash into `dst`, an array of 48 bytes. The state remains +valid after a call to `finish_384`, meaning the user may feed more data into +the hash via `update_384`. +*/ +void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, + uint8_t *dst); + +void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p); + +/** +Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes. +*/ +void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, + uint8_t *dst); + +typedef struct Hacl_Impl_SHA2_Types_uint8_2p_s { + uint8_t *fst; + uint8_t *snd; +} Hacl_Impl_SHA2_Types_uint8_2p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_3p_s { + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_2p snd; +} Hacl_Impl_SHA2_Types_uint8_3p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_4p_s { + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_3p snd; +} Hacl_Impl_SHA2_Types_uint8_4p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_5p_s { + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_4p snd; +} Hacl_Impl_SHA2_Types_uint8_5p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_6p_s { + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_5p snd; +} Hacl_Impl_SHA2_Types_uint8_6p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_7p_s { + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_6p snd; +} Hacl_Impl_SHA2_Types_uint8_7p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_8p_s { + uint8_t *fst; + Hacl_Impl_SHA2_Types_uint8_7p snd; +} Hacl_Impl_SHA2_Types_uint8_8p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_2x4p_s { + Hacl_Impl_SHA2_Types_uint8_4p fst; + Hacl_Impl_SHA2_Types_uint8_4p snd; +} Hacl_Impl_SHA2_Types_uint8_2x4p; + +typedef struct Hacl_Impl_SHA2_Types_uint8_2x8p_s { + Hacl_Impl_SHA2_Types_uint8_8p fst; + Hacl_Impl_SHA2_Types_uint8_8p snd; +} Hacl_Impl_SHA2_Types_uint8_2x8p; + +#define __Hacl_Hash_H_DEFINED +#endif // CRYPTO_HACL_HASH_H_ diff --git a/crypto/hacl_lib.h b/crypto/hacl_lib.h new file mode 100644 index 0000000000000..44c8038ed124d --- /dev/null +++ b/crypto/hacl_lib.h @@ -0,0 +1,231 @@ +/* + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * Copyright (c) 2023 Cryspen + */ + +#ifndef CRYPTO_HACL_LIB_H_ +#define CRYPTO_HACL_LIB_H_ + +#include +#include +#include +#include +#include + +typedef u128 FStar_UInt128_uint128; + +static inline u128 FStar_UInt128_shift_left(u128 x, u32 y) +{ + return (x << y); +} + +static inline u128 FStar_UInt128_add(u128 x, u128 y) +{ + return (x + y); +} + +static inline u128 FStar_UInt128_uint64_to_uint128(u64 x) +{ + return ((u128)x); +} + +/* Loads and stores. These avoid undefined behavior due to unaligned memory + * accesses, via memcpy. */ + +#define load32_be(b) (get_unaligned_be32(b)) +#define store32_be(b, i) put_unaligned_be32(i, b); +#define load64_be(b) (get_unaligned_be64(b)) +#define store64_be(b, i) put_unaligned_be64(i, b); + +static inline void store128_be(u8 *buf, u128 x) +{ + store64_be(buf, (u64)(x >> 64)); + store64_be(buf + 8, (u64)(x)); +} + +/* Macros for prettier unrolling of loops */ +#define KRML_LOOP1(i, n, x) \ + { \ + x i += n; \ + } + +#define KRML_LOOP2(i, n, x) \ + KRML_LOOP1(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP3(i, n, x) \ + KRML_LOOP2(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP4(i, n, x) \ + KRML_LOOP2(i, n, x) \ + KRML_LOOP2(i, n, x) + +#define KRML_LOOP5(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP6(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP2(i, n, x) + +#define KRML_LOOP7(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP3(i, n, x) + +#define KRML_LOOP8(i, n, x) \ + KRML_LOOP4(i, n, x) \ + KRML_LOOP4(i, n, x) + +#define KRML_LOOP9(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP1(i, n, x) + +#define KRML_LOOP10(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP2(i, n, x) + +#define KRML_LOOP11(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP3(i, n, x) + +#define KRML_LOOP12(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP4(i, n, x) + +#define KRML_LOOP13(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP5(i, n, x) + +#define KRML_LOOP14(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP6(i, n, x) + +#define KRML_LOOP15(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP7(i, n, x) + +#define KRML_LOOP16(i, n, x) \ + KRML_LOOP8(i, n, x) \ + KRML_LOOP8(i, n, x) + +#define KRML_UNROLL_FOR(i, z, n, k, x) \ + do { \ + uint32_t i = z; \ + KRML_LOOP##n(i, k, x) \ + } while (0) + +#define KRML_ACTUAL_FOR(i, z, n, k, x) \ + do { \ + for (uint32_t i = z; i < n; i += k) { \ + x \ + } \ + } while (0) + +#define KRML_UNROLL_MAX 16 + +/* 1 is the number of loop iterations, i.e. (n - z)/k as evaluated by krml */ +#if 0 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR0(i, z, n, k, x) +#else +#define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 1 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x) +#else +#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 2 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x) +#else +#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 3 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x) +#else +#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 4 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x) +#else +#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 5 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x) +#else +#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 6 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x) +#else +#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 7 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x) +#else +#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 8 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x) +#else +#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 9 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x) +#else +#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 10 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x) +#else +#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 11 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x) +#else +#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 12 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x) +#else +#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 13 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x) +#else +#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 14 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x) +#else +#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 15 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x) +#else +#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#if 16 <= KRML_UNROLL_MAX +#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x) +#else +#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + +#endif // CRYPTO_HACL_LIB_H_" diff --git a/crypto/sha2-hacl-generated.c b/crypto/sha2-hacl-generated.c new file mode 100644 index 0000000000000..9a5e081915b74 --- /dev/null +++ b/crypto/sha2-hacl-generated.c @@ -0,0 +1,939 @@ +/* GPLv2 or MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + */ + +#include "./hacl_hash.h" +#include "./hacl_lib.h" + +void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash) +{ + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + uint32_t *os = hash; + uint32_t x = Hacl_Impl_SHA2_Generic_h256[i]; + os[i] = x;); +} + +static inline void sha256_update_(uint8_t *b, uint32_t *hash) +{ + uint32_t hash_old[8U] = { 0U }; + uint32_t ws[16U] = { 0U }; + memcpy(hash_old, hash, (uint32_t)8U * sizeof(uint32_t)); + uint8_t *b10 = b; + uint32_t u = load32_be(b10); + ws[0U] = u; + uint32_t u0 = load32_be(b10 + (uint32_t)4U); + ws[1U] = u0; + uint32_t u1 = load32_be(b10 + (uint32_t)8U); + ws[2U] = u1; + uint32_t u2 = load32_be(b10 + (uint32_t)12U); + ws[3U] = u2; + uint32_t u3 = load32_be(b10 + (uint32_t)16U); + ws[4U] = u3; + uint32_t u4 = load32_be(b10 + (uint32_t)20U); + ws[5U] = u4; + uint32_t u5 = load32_be(b10 + (uint32_t)24U); + ws[6U] = u5; + uint32_t u6 = load32_be(b10 + (uint32_t)28U); + ws[7U] = u6; + uint32_t u7 = load32_be(b10 + (uint32_t)32U); + ws[8U] = u7; + uint32_t u8 = load32_be(b10 + (uint32_t)36U); + ws[9U] = u8; + uint32_t u9 = load32_be(b10 + (uint32_t)40U); + ws[10U] = u9; + uint32_t u10 = load32_be(b10 + (uint32_t)44U); + ws[11U] = u10; + uint32_t u11 = load32_be(b10 + (uint32_t)48U); + ws[12U] = u11; + uint32_t u12 = load32_be(b10 + (uint32_t)52U); + ws[13U] = u12; + uint32_t u13 = load32_be(b10 + (uint32_t)56U); + ws[14U] = u13; + uint32_t u14 = load32_be(b10 + (uint32_t)60U); + ws[15U] = u14; + KRML_MAYBE_FOR4( + i0, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, + KRML_MAYBE_FOR16( + i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, + uint32_t k_t = Hacl_Impl_SHA2_Generic_k224_256 + [(uint32_t)16U * i0 + i]; + uint32_t ws_t = ws[i]; uint32_t a0 = hash[0U]; + uint32_t b0 = hash[1U]; uint32_t c0 = hash[2U]; + uint32_t d0 = hash[3U]; uint32_t e0 = hash[4U]; + uint32_t f0 = hash[5U]; uint32_t g0 = hash[6U]; + uint32_t h02 = hash[7U]; uint32_t k_e_t = k_t; + uint32_t t1 = + h02 + + ((e0 << (uint32_t)26U | e0 >> (uint32_t)6U) ^ + ((e0 << (uint32_t)21U | e0 >> (uint32_t)11U) ^ + (e0 << (uint32_t)7U | e0 >> (uint32_t)25U))) + + ((e0 & f0) ^ (~e0 & g0)) + k_e_t + ws_t; + uint32_t t2 = + ((a0 << (uint32_t)30U | a0 >> (uint32_t)2U) ^ + ((a0 << (uint32_t)19U | a0 >> (uint32_t)13U) ^ + (a0 << (uint32_t)10U | a0 >> (uint32_t)22U))) + + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))); + uint32_t a1 = t1 + t2; uint32_t b1 = a0; + uint32_t c1 = b0; uint32_t d1 = c0; + uint32_t e1 = d0 + t1; uint32_t f1 = e0; + uint32_t g1 = f0; uint32_t h12 = g0; hash[0U] = a1; + hash[1U] = b1; hash[2U] = c1; hash[3U] = d1; + hash[4U] = e1; hash[5U] = f1; hash[6U] = g1; + hash[7U] = h12;); + if (i0 < (uint32_t)3U) { + KRML_MAYBE_FOR16( + i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, + uint32_t t16 = ws[i]; + uint32_t t15 = + ws[(i + (uint32_t)1U) % (uint32_t)16U]; + uint32_t t7 = + ws[(i + (uint32_t)9U) % (uint32_t)16U]; + uint32_t t2 = + ws[(i + (uint32_t)14U) % (uint32_t)16U]; + uint32_t s1 = (t2 << (uint32_t)15U | + t2 >> (uint32_t)17U) ^ + ((t2 << (uint32_t)13U | + t2 >> (uint32_t)19U) ^ + t2 >> (uint32_t)10U); + uint32_t s0 = (t15 << (uint32_t)25U | + t15 >> (uint32_t)7U) ^ + ((t15 << (uint32_t)14U | + t15 >> (uint32_t)18U) ^ + t15 >> (uint32_t)3U); + ws[i] = s1 + t7 + s0 + t16;); + }); + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + uint32_t *os = hash; + uint32_t x = hash[i] + hash_old[i]; os[i] = x;); +} + +void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, + uint32_t *st) +{ + uint32_t blocks = len / (uint32_t)64U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) { + uint8_t *b0 = b; + uint8_t *mb = b0 + i * (uint32_t)64U; + sha256_update_(mb, st); + } +} + +void Hacl_SHA2_Scalar32_sha256_update_last(uint64_t totlen, uint32_t len, + uint8_t *b, uint32_t *hash) +{ + uint32_t blocks; + if (len + (uint32_t)8U + (uint32_t)1U <= (uint32_t)64U) { + blocks = (uint32_t)1U; + } else { + blocks = (uint32_t)2U; + } + uint32_t fin = blocks * (uint32_t)64U; + uint8_t last[128U] = { 0U }; + uint8_t totlen_buf[8U] = { 0U }; + uint64_t total_len_bits = totlen << (uint32_t)3U; + store64_be(totlen_buf, total_len_bits); + uint8_t *b0 = b; + memcpy(last, b0, len * sizeof(uint8_t)); + last[len] = (uint8_t)0x80U; + memcpy(last + fin - (uint32_t)8U, totlen_buf, + (uint32_t)8U * sizeof(uint8_t)); + uint8_t *last00 = last; + uint8_t *last10 = last + (uint32_t)64U; + uint8_t *l0 = last00; + uint8_t *l1 = last10; + uint8_t *lb0 = l0; + uint8_t *lb1 = l1; + uint8_t *last0 = lb0; + uint8_t *last1 = lb1; + sha256_update_(last0, hash); + if (blocks > (uint32_t)1U) { + sha256_update_(last1, hash); + return; + } +} + +void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h) +{ + uint8_t hbuf[32U] = { 0U }; + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + store32_be(hbuf + i * (uint32_t)4U, st[i]);); + memcpy(h, hbuf, (uint32_t)32U * sizeof(uint8_t)); +} + +void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash) +{ + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + uint32_t *os = hash; + uint32_t x = Hacl_Impl_SHA2_Generic_h224[i]; + os[i] = x;); +} + +static inline void sha224_update_nblocks(uint32_t len, uint8_t *b, uint32_t *st) +{ + Hacl_SHA2_Scalar32_sha256_update_nblocks(len, b, st); +} + +void Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, + uint8_t *b, uint32_t *st) +{ + Hacl_SHA2_Scalar32_sha256_update_last(totlen, len, b, st); +} + +void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h) +{ + uint8_t hbuf[32U] = { 0U }; + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + store32_be(hbuf + i * (uint32_t)4U, st[i]);); + memcpy(h, hbuf, (uint32_t)28U * sizeof(uint8_t)); +} + +/** +Reset an existing state to the initial hash state with empty data. +*/ +void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s) +{ + Hacl_Streaming_MD_state_32 scrut = *s; + uint8_t *buf = scrut.buf; + uint32_t *block_state = scrut.block_state; + Hacl_SHA2_Scalar32_sha256_init(block_state); + Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, + .buf = buf, + .total_len = + (uint64_t)(uint32_t)0U }; + s[0U] = tmp; +} + +static inline Hacl_Streaming_Types_error_code +update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len) +{ + Hacl_Streaming_MD_state_32 s = *p; + uint64_t total_len = s.total_len; + if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len) { + return Hacl_Streaming_Types_MaximumLengthExceeded; + } + uint32_t sz; + if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && + total_len > (uint64_t)0U) { + sz = (uint32_t)64U; + } else { + sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U); + } + if (len <= (uint32_t)64U - sz) { + Hacl_Streaming_MD_state_32 s1 = *p; + uint32_t *block_state1 = s1.block_state; + uint8_t *buf = s1.buf; + uint64_t total_len1 = s1.total_len; + uint32_t sz1; + if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && + total_len1 > (uint64_t)0U) { + sz1 = (uint32_t)64U; + } else { + sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U); + } + uint8_t *buf2 = buf + sz1; + memcpy(buf2, data, len * sizeof(uint8_t)); + uint64_t total_len2 = total_len1 + (uint64_t)len; + *p = ((Hacl_Streaming_MD_state_32){ .block_state = block_state1, + .buf = buf, + .total_len = total_len2 }); + } else if (sz == (uint32_t)0U) { + Hacl_Streaming_MD_state_32 s1 = *p; + uint32_t *block_state1 = s1.block_state; + uint8_t *buf = s1.buf; + uint64_t total_len1 = s1.total_len; + uint32_t sz1; + if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && + total_len1 > (uint64_t)0U) { + sz1 = (uint32_t)64U; + } else { + sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U); + } + if (!(sz1 == (uint32_t)0U)) { + Hacl_SHA2_Scalar32_sha256_update_nblocks( + (uint32_t)64U, buf, block_state1); + } + uint32_t ite; + if ((uint64_t)len % (uint64_t)(uint32_t)64U == (uint64_t)0U && + (uint64_t)len > (uint64_t)0U) { + ite = (uint32_t)64U; + } else { + ite = (uint32_t)((uint64_t)len % + (uint64_t)(uint32_t)64U); + } + uint32_t n_blocks = (len - ite) / (uint32_t)64U; + uint32_t data1_len = n_blocks * (uint32_t)64U; + uint32_t data2_len = len - data1_len; + uint8_t *data1 = data; + uint8_t *data2 = data + data1_len; + Hacl_SHA2_Scalar32_sha256_update_nblocks( + data1_len / (uint32_t)64U * (uint32_t)64U, data1, + block_state1); + uint8_t *dst = buf; + memcpy(dst, data2, data2_len * sizeof(uint8_t)); + *p = ((Hacl_Streaming_MD_state_32){ + .block_state = block_state1, + .buf = buf, + .total_len = total_len1 + (uint64_t)len }); + } else { + uint32_t diff = (uint32_t)64U - sz; + uint8_t *data1 = data; + uint8_t *data2 = data + diff; + Hacl_Streaming_MD_state_32 s1 = *p; + uint32_t *block_state10 = s1.block_state; + uint8_t *buf0 = s1.buf; + uint64_t total_len10 = s1.total_len; + uint32_t sz10; + if (total_len10 % (uint64_t)(uint32_t)64U == (uint64_t)0U && + total_len10 > (uint64_t)0U) { + sz10 = (uint32_t)64U; + } else { + sz10 = (uint32_t)(total_len10 % + (uint64_t)(uint32_t)64U); + } + uint8_t *buf2 = buf0 + sz10; + memcpy(buf2, data1, diff * sizeof(uint8_t)); + uint64_t total_len2 = total_len10 + (uint64_t)diff; + *p = ((Hacl_Streaming_MD_state_32){ .block_state = + block_state10, + .buf = buf0, + .total_len = total_len2 }); + Hacl_Streaming_MD_state_32 s10 = *p; + uint32_t *block_state1 = s10.block_state; + uint8_t *buf = s10.buf; + uint64_t total_len1 = s10.total_len; + uint32_t sz1; + if (total_len1 % (uint64_t)(uint32_t)64U == (uint64_t)0U && + total_len1 > (uint64_t)0U) { + sz1 = (uint32_t)64U; + } else { + sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)64U); + } + if (!(sz1 == (uint32_t)0U)) { + Hacl_SHA2_Scalar32_sha256_update_nblocks( + (uint32_t)64U, buf, block_state1); + } + uint32_t ite; + if ((uint64_t)(len - diff) % (uint64_t)(uint32_t)64U == + (uint64_t)0U && + (uint64_t)(len - diff) > (uint64_t)0U) { + ite = (uint32_t)64U; + } else { + ite = (uint32_t)((uint64_t)(len - diff) % + (uint64_t)(uint32_t)64U); + } + uint32_t n_blocks = (len - diff - ite) / (uint32_t)64U; + uint32_t data1_len = n_blocks * (uint32_t)64U; + uint32_t data2_len = len - diff - data1_len; + uint8_t *data11 = data2; + uint8_t *data21 = data2 + data1_len; + Hacl_SHA2_Scalar32_sha256_update_nblocks( + data1_len / (uint32_t)64U * (uint32_t)64U, data11, + block_state1); + uint8_t *dst = buf; + memcpy(dst, data21, data2_len * sizeof(uint8_t)); + *p = ((Hacl_Streaming_MD_state_32){ + .block_state = block_state1, + .buf = buf, + .total_len = total_len1 + (uint64_t)(len - diff) }); + } + return Hacl_Streaming_Types_Success; +} + +/** +Feed an arbitrary amount of data into the hash. This function returns 0 for +success, or 1 if the combined length of all of the data passed to `update_256` +(since the last call to `init_256`) exceeds 2^61-1 bytes. + +This function is identical to the update function for SHA2_224. +*/ +Hacl_Streaming_Types_error_code +Hacl_Streaming_SHA2_update_256(Hacl_Streaming_MD_state_32 *p, uint8_t *input, + uint32_t input_len) +{ + return update_224_256(p, input, input_len); +} + +/** +Write the resulting hash into `dst`, an array of 32 bytes. The state remains +valid after a call to `finish_256`, meaning the user may feed more data into +the hash via `update_256`. (The finish_256 function operates on an internal copy +of the state and therefore does not invalidate the client-held state `p`.) +*/ +void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst) +{ + Hacl_Streaming_MD_state_32 scrut = *p; + uint32_t *block_state = scrut.block_state; + uint8_t *buf_ = scrut.buf; + uint64_t total_len = scrut.total_len; + uint32_t r; + if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && + total_len > (uint64_t)0U) { + r = (uint32_t)64U; + } else { + r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U); + } + uint8_t *buf_1 = buf_; + uint32_t tmp_block_state[8U] = { 0U }; + memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof(uint32_t)); + uint32_t ite; + if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U) { + ite = (uint32_t)64U; + } else { + ite = r % (uint32_t)64U; + } + uint8_t *buf_last = buf_1 + r - ite; + uint8_t *buf_multi = buf_1; + Hacl_SHA2_Scalar32_sha256_update_nblocks((uint32_t)0U, buf_multi, + tmp_block_state); + uint64_t prev_len_last = total_len - (uint64_t)r; + Hacl_SHA2_Scalar32_sha256_update_last(prev_len_last + (uint64_t)r, r, + buf_last, tmp_block_state); + Hacl_SHA2_Scalar32_sha256_finish(tmp_block_state, dst); +} + +/** +Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes. +*/ +void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, + uint8_t *dst) +{ + uint8_t *ib = input; + uint8_t *rb = dst; + uint32_t st[8U] = { 0U }; + Hacl_SHA2_Scalar32_sha256_init(st); + uint32_t rem = input_len % (uint32_t)64U; + uint64_t len_ = (uint64_t)input_len; + Hacl_SHA2_Scalar32_sha256_update_nblocks(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)64U; + uint8_t *b0 = ib; + uint8_t *lb = b0 + input_len - rem1; + Hacl_SHA2_Scalar32_sha256_update_last(len_, rem, lb, st); + Hacl_SHA2_Scalar32_sha256_finish(st, rb); +} + +void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s) +{ + Hacl_Streaming_MD_state_32 scrut = *s; + uint8_t *buf = scrut.buf; + uint32_t *block_state = scrut.block_state; + Hacl_SHA2_Scalar32_sha224_init(block_state); + Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, + .buf = buf, + .total_len = + (uint64_t)(uint32_t)0U }; + s[0U] = tmp; +} + +Hacl_Streaming_Types_error_code +Hacl_Streaming_SHA2_update_224(Hacl_Streaming_MD_state_32 *p, uint8_t *input, + uint32_t input_len) +{ + return update_224_256(p, input, input_len); +} + +/** +Write the resulting hash into `dst`, an array of 28 bytes. The state remains +valid after a call to `finish_224`, meaning the user may feed more data into +the hash via `update_224`. +*/ +void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst) +{ + Hacl_Streaming_MD_state_32 scrut = *p; + uint32_t *block_state = scrut.block_state; + uint8_t *buf_ = scrut.buf; + uint64_t total_len = scrut.total_len; + uint32_t r; + if (total_len % (uint64_t)(uint32_t)64U == (uint64_t)0U && + total_len > (uint64_t)0U) { + r = (uint32_t)64U; + } else { + r = (uint32_t)(total_len % (uint64_t)(uint32_t)64U); + } + uint8_t *buf_1 = buf_; + uint32_t tmp_block_state[8U] = { 0U }; + memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof(uint32_t)); + uint32_t ite; + if (r % (uint32_t)64U == (uint32_t)0U && r > (uint32_t)0U) { + ite = (uint32_t)64U; + } else { + ite = r % (uint32_t)64U; + } + uint8_t *buf_last = buf_1 + r - ite; + uint8_t *buf_multi = buf_1; + sha224_update_nblocks((uint32_t)0U, buf_multi, tmp_block_state); + uint64_t prev_len_last = total_len - (uint64_t)r; + Hacl_SHA2_Scalar32_sha224_update_last(prev_len_last + (uint64_t)r, r, + buf_last, tmp_block_state); + Hacl_SHA2_Scalar32_sha224_finish(tmp_block_state, dst); +} + +/** +Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes. +*/ +void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, + uint8_t *dst) +{ + uint8_t *ib = input; + uint8_t *rb = dst; + uint32_t st[8U] = { 0U }; + Hacl_SHA2_Scalar32_sha224_init(st); + uint32_t rem = input_len % (uint32_t)64U; + uint64_t len_ = (uint64_t)input_len; + sha224_update_nblocks(input_len, ib, st); + uint32_t rem1 = input_len % (uint32_t)64U; + uint8_t *b0 = ib; + uint8_t *lb = b0 + input_len - rem1; + Hacl_SHA2_Scalar32_sha224_update_last(len_, rem, lb, st); + Hacl_SHA2_Scalar32_sha224_finish(st, rb); +} + +void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash) +{ + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + uint64_t *os = hash; + uint64_t x = Hacl_Impl_SHA2_Generic_h512[i]; + os[i] = x;); +} + +static inline void sha512_update(uint8_t *b, uint64_t *hash) +{ + uint64_t hash_old[8U] = { 0U }; + uint64_t ws[16U] = { 0U }; + memcpy(hash_old, hash, (uint32_t)8U * sizeof(uint64_t)); + uint8_t *b10 = b; + uint64_t u = load64_be(b10); + ws[0U] = u; + uint64_t u0 = load64_be(b10 + (uint32_t)8U); + ws[1U] = u0; + uint64_t u1 = load64_be(b10 + (uint32_t)16U); + ws[2U] = u1; + uint64_t u2 = load64_be(b10 + (uint32_t)24U); + ws[3U] = u2; + uint64_t u3 = load64_be(b10 + (uint32_t)32U); + ws[4U] = u3; + uint64_t u4 = load64_be(b10 + (uint32_t)40U); + ws[5U] = u4; + uint64_t u5 = load64_be(b10 + (uint32_t)48U); + ws[6U] = u5; + uint64_t u6 = load64_be(b10 + (uint32_t)56U); + ws[7U] = u6; + uint64_t u7 = load64_be(b10 + (uint32_t)64U); + ws[8U] = u7; + uint64_t u8 = load64_be(b10 + (uint32_t)72U); + ws[9U] = u8; + uint64_t u9 = load64_be(b10 + (uint32_t)80U); + ws[10U] = u9; + uint64_t u10 = load64_be(b10 + (uint32_t)88U); + ws[11U] = u10; + uint64_t u11 = load64_be(b10 + (uint32_t)96U); + ws[12U] = u11; + uint64_t u12 = load64_be(b10 + (uint32_t)104U); + ws[13U] = u12; + uint64_t u13 = load64_be(b10 + (uint32_t)112U); + ws[14U] = u13; + uint64_t u14 = load64_be(b10 + (uint32_t)120U); + ws[15U] = u14; + KRML_MAYBE_FOR5( + i0, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, + KRML_MAYBE_FOR16( + i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, + uint64_t k_t = Hacl_Impl_SHA2_Generic_k384_512 + [(uint32_t)16U * i0 + i]; + uint64_t ws_t = ws[i]; uint64_t a0 = hash[0U]; + uint64_t b0 = hash[1U]; uint64_t c0 = hash[2U]; + uint64_t d0 = hash[3U]; uint64_t e0 = hash[4U]; + uint64_t f0 = hash[5U]; uint64_t g0 = hash[6U]; + uint64_t h02 = hash[7U]; uint64_t k_e_t = k_t; + uint64_t t1 = + h02 + + ((e0 << (uint32_t)50U | e0 >> (uint32_t)14U) ^ + ((e0 << (uint32_t)46U | e0 >> (uint32_t)18U) ^ + (e0 << (uint32_t)23U | e0 >> (uint32_t)41U))) + + ((e0 & f0) ^ (~e0 & g0)) + k_e_t + ws_t; + uint64_t t2 = + ((a0 << (uint32_t)36U | a0 >> (uint32_t)28U) ^ + ((a0 << (uint32_t)30U | a0 >> (uint32_t)34U) ^ + (a0 << (uint32_t)25U | a0 >> (uint32_t)39U))) + + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))); + uint64_t a1 = t1 + t2; uint64_t b1 = a0; + uint64_t c1 = b0; uint64_t d1 = c0; + uint64_t e1 = d0 + t1; uint64_t f1 = e0; + uint64_t g1 = f0; uint64_t h12 = g0; hash[0U] = a1; + hash[1U] = b1; hash[2U] = c1; hash[3U] = d1; + hash[4U] = e1; hash[5U] = f1; hash[6U] = g1; + hash[7U] = h12;); + if (i0 < (uint32_t)4U) { + KRML_MAYBE_FOR16( + i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, + uint64_t t16 = ws[i]; + uint64_t t15 = + ws[(i + (uint32_t)1U) % (uint32_t)16U]; + uint64_t t7 = + ws[(i + (uint32_t)9U) % (uint32_t)16U]; + uint64_t t2 = + ws[(i + (uint32_t)14U) % (uint32_t)16U]; + uint64_t s1 = (t2 << (uint32_t)45U | + t2 >> (uint32_t)19U) ^ + ((t2 << (uint32_t)3U | + t2 >> (uint32_t)61U) ^ + t2 >> (uint32_t)6U); + uint64_t s0 = (t15 << (uint32_t)63U | + t15 >> (uint32_t)1U) ^ + ((t15 << (uint32_t)56U | + t15 >> (uint32_t)8U) ^ + t15 >> (uint32_t)7U); + ws[i] = s1 + t7 + s0 + t16;); + }); + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + uint64_t *os = hash; + uint64_t x = hash[i] + hash_old[i]; os[i] = x;); +} + +void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, + uint64_t *st) +{ + uint32_t blocks = len / (uint32_t)128U; + for (uint32_t i = (uint32_t)0U; i < blocks; i++) { + uint8_t *b0 = b; + uint8_t *mb = b0 + i * (uint32_t)128U; + sha512_update(mb, st); + } +} + +void Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_uint128 totlen, + uint32_t len, uint8_t *b, + uint64_t *hash) +{ + uint32_t blocks; + if (len + (uint32_t)16U + (uint32_t)1U <= (uint32_t)128U) { + blocks = (uint32_t)1U; + } else { + blocks = (uint32_t)2U; + } + uint32_t fin = blocks * (uint32_t)128U; + uint8_t last[256U] = { 0U }; + uint8_t totlen_buf[16U] = { 0U }; + FStar_UInt128_uint128 total_len_bits = + FStar_UInt128_shift_left(totlen, (uint32_t)3U); + store128_be(totlen_buf, total_len_bits); + uint8_t *b0 = b; + memcpy(last, b0, len * sizeof(uint8_t)); + last[len] = (uint8_t)0x80U; + memcpy(last + fin - (uint32_t)16U, totlen_buf, + (uint32_t)16U * sizeof(uint8_t)); + uint8_t *last00 = last; + uint8_t *last10 = last + (uint32_t)128U; + uint8_t *l0 = last00; + uint8_t *l1 = last10; + uint8_t *lb0 = l0; + uint8_t *lb1 = l1; + uint8_t *last0 = lb0; + uint8_t *last1 = lb1; + sha512_update(last0, hash); + if (blocks > (uint32_t)1U) { + sha512_update(last1, hash); + return; + } +} + +void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h) +{ + uint8_t hbuf[64U] = { 0U }; + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + store64_be(hbuf + i * (uint32_t)8U, st[i]);); + memcpy(h, hbuf, (uint32_t)64U * sizeof(uint8_t)); +} + +void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash) +{ + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + uint64_t *os = hash; + uint64_t x = Hacl_Impl_SHA2_Generic_h384[i]; + os[i] = x;); +} + +void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, + uint64_t *st) +{ + Hacl_SHA2_Scalar32_sha512_update_nblocks(len, b, st); +} + +void Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_uint128 totlen, + uint32_t len, uint8_t *b, + uint64_t *st) +{ + Hacl_SHA2_Scalar32_sha512_update_last(totlen, len, b, st); +} + +void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h) +{ + uint8_t hbuf[64U] = { 0U }; + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, + store64_be(hbuf + i * (uint32_t)8U, st[i]);); + memcpy(h, hbuf, (uint32_t)48U * sizeof(uint8_t)); +} + +void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s) +{ + Hacl_Streaming_MD_state_64 scrut = *s; + uint8_t *buf = scrut.buf; + uint64_t *block_state = scrut.block_state; + Hacl_SHA2_Scalar32_sha512_init(block_state); + Hacl_Streaming_MD_state_64 tmp = { .block_state = block_state, + .buf = buf, + .total_len = + (uint64_t)(uint32_t)0U }; + s[0U] = tmp; +} + +static inline Hacl_Streaming_Types_error_code +update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len) +{ + Hacl_Streaming_MD_state_64 s = *p; + uint64_t total_len = s.total_len; + if ((uint64_t)len > (uint64_t)18446744073709551615U - total_len) { + return Hacl_Streaming_Types_MaximumLengthExceeded; + } + uint32_t sz; + if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && + total_len > (uint64_t)0U) { + sz = (uint32_t)128U; + } else { + sz = (uint32_t)(total_len % (uint64_t)(uint32_t)128U); + } + if (len <= (uint32_t)128U - sz) { + Hacl_Streaming_MD_state_64 s1 = *p; + uint64_t *block_state1 = s1.block_state; + uint8_t *buf = s1.buf; + uint64_t total_len1 = s1.total_len; + uint32_t sz1; + if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && + total_len1 > (uint64_t)0U) { + sz1 = (uint32_t)128U; + } else { + sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U); + } + uint8_t *buf2 = buf + sz1; + memcpy(buf2, data, len * sizeof(uint8_t)); + uint64_t total_len2 = total_len1 + (uint64_t)len; + *p = ((Hacl_Streaming_MD_state_64){ .block_state = block_state1, + .buf = buf, + .total_len = total_len2 }); + } else if (sz == (uint32_t)0U) { + Hacl_Streaming_MD_state_64 s1 = *p; + uint64_t *block_state1 = s1.block_state; + uint8_t *buf = s1.buf; + uint64_t total_len1 = s1.total_len; + uint32_t sz1; + if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && + total_len1 > (uint64_t)0U) { + sz1 = (uint32_t)128U; + } else { + sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U); + } + if (!(sz1 == (uint32_t)0U)) { + Hacl_SHA2_Scalar32_sha512_update_nblocks( + (uint32_t)128U, buf, block_state1); + } + uint32_t ite; + if ((uint64_t)len % (uint64_t)(uint32_t)128U == (uint64_t)0U && + (uint64_t)len > (uint64_t)0U) { + ite = (uint32_t)128U; + } else { + ite = (uint32_t)((uint64_t)len % + (uint64_t)(uint32_t)128U); + } + uint32_t n_blocks = (len - ite) / (uint32_t)128U; + uint32_t data1_len = n_blocks * (uint32_t)128U; + uint32_t data2_len = len - data1_len; + uint8_t *data1 = data; + uint8_t *data2 = data + data1_len; + Hacl_SHA2_Scalar32_sha512_update_nblocks( + data1_len / (uint32_t)128U * (uint32_t)128U, data1, + block_state1); + uint8_t *dst = buf; + memcpy(dst, data2, data2_len * sizeof(uint8_t)); + *p = ((Hacl_Streaming_MD_state_64){ + .block_state = block_state1, + .buf = buf, + .total_len = total_len1 + (uint64_t)len }); + } else { + uint32_t diff = (uint32_t)128U - sz; + uint8_t *data1 = data; + uint8_t *data2 = data + diff; + Hacl_Streaming_MD_state_64 s1 = *p; + uint64_t *block_state10 = s1.block_state; + uint8_t *buf0 = s1.buf; + uint64_t total_len10 = s1.total_len; + uint32_t sz10; + if (total_len10 % (uint64_t)(uint32_t)128U == (uint64_t)0U && + total_len10 > (uint64_t)0U) { + sz10 = (uint32_t)128U; + } else { + sz10 = (uint32_t)(total_len10 % + (uint64_t)(uint32_t)128U); + } + uint8_t *buf2 = buf0 + sz10; + memcpy(buf2, data1, diff * sizeof(uint8_t)); + uint64_t total_len2 = total_len10 + (uint64_t)diff; + *p = ((Hacl_Streaming_MD_state_64){ .block_state = + block_state10, + .buf = buf0, + .total_len = total_len2 }); + Hacl_Streaming_MD_state_64 s10 = *p; + uint64_t *block_state1 = s10.block_state; + uint8_t *buf = s10.buf; + uint64_t total_len1 = s10.total_len; + uint32_t sz1; + if (total_len1 % (uint64_t)(uint32_t)128U == (uint64_t)0U && + total_len1 > (uint64_t)0U) { + sz1 = (uint32_t)128U; + } else { + sz1 = (uint32_t)(total_len1 % (uint64_t)(uint32_t)128U); + } + if (!(sz1 == (uint32_t)0U)) { + Hacl_SHA2_Scalar32_sha512_update_nblocks( + (uint32_t)128U, buf, block_state1); + } + uint32_t ite; + if ((uint64_t)(len - diff) % (uint64_t)(uint32_t)128U == + (uint64_t)0U && + (uint64_t)(len - diff) > (uint64_t)0U) { + ite = (uint32_t)128U; + } else { + ite = (uint32_t)((uint64_t)(len - diff) % + (uint64_t)(uint32_t)128U); + } + uint32_t n_blocks = (len - diff - ite) / (uint32_t)128U; + uint32_t data1_len = n_blocks * (uint32_t)128U; + uint32_t data2_len = len - diff - data1_len; + uint8_t *data11 = data2; + uint8_t *data21 = data2 + data1_len; + Hacl_SHA2_Scalar32_sha512_update_nblocks( + data1_len / (uint32_t)128U * (uint32_t)128U, data11, + block_state1); + uint8_t *dst = buf; + memcpy(dst, data21, data2_len * sizeof(uint8_t)); + *p = ((Hacl_Streaming_MD_state_64){ + .block_state = block_state1, + .buf = buf, + .total_len = total_len1 + (uint64_t)(len - diff) }); + } + return Hacl_Streaming_Types_Success; +} + +/** +Feed an arbitrary amount of data into the hash. This function returns 0 for +success, or 1 if the combined length of all of the data passed to `update_512` +(since the last call to `init_512`) exceeds 2^125-1 bytes. + +This function is identical to the update function for SHA2_384. +*/ +Hacl_Streaming_Types_error_code +Hacl_Streaming_SHA2_update_512(Hacl_Streaming_MD_state_64 *p, uint8_t *input, + uint32_t input_len) +{ + return update_384_512(p, input, input_len); +} + +/** +Write the resulting hash into `dst`, an array of 64 bytes. The state remains +valid after a call to `finish_512`, meaning the user may feed more data into +the hash via `update_512`. (The finish_512 function operates on an internal copy +of the state and therefore does not invalidate the client-held state `p`.) +*/ +void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst) +{ + Hacl_Streaming_MD_state_64 scrut = *p; + uint64_t *block_state = scrut.block_state; + uint8_t *buf_ = scrut.buf; + uint64_t total_len = scrut.total_len; + uint32_t r; + if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && + total_len > (uint64_t)0U) { + r = (uint32_t)128U; + } else { + r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U); + } + uint8_t *buf_1 = buf_; + uint64_t tmp_block_state[8U] = { 0U }; + memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof(uint64_t)); + uint32_t ite; + if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U) { + ite = (uint32_t)128U; + } else { + ite = r % (uint32_t)128U; + } + uint8_t *buf_last = buf_1 + r - ite; + uint8_t *buf_multi = buf_1; + Hacl_SHA2_Scalar32_sha512_update_nblocks((uint32_t)0U, buf_multi, + tmp_block_state); + uint64_t prev_len_last = total_len - (uint64_t)r; + Hacl_SHA2_Scalar32_sha512_update_last( + FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last), + FStar_UInt128_uint64_to_uint128((uint64_t)r)), + r, buf_last, tmp_block_state); + Hacl_SHA2_Scalar32_sha512_finish(tmp_block_state, dst); +} + +void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s) +{ + Hacl_Streaming_MD_state_64 scrut = *s; + uint8_t *buf = scrut.buf; + uint64_t *block_state = scrut.block_state; + Hacl_SHA2_Scalar32_sha384_init(block_state); + Hacl_Streaming_MD_state_64 tmp = { .block_state = block_state, + .buf = buf, + .total_len = + (uint64_t)(uint32_t)0U }; + s[0U] = tmp; +} + +Hacl_Streaming_Types_error_code +Hacl_Streaming_SHA2_update_384(Hacl_Streaming_MD_state_64 *p, uint8_t *input, + uint32_t input_len) +{ + return update_384_512(p, input, input_len); +} + +/** +Write the resulting hash into `dst`, an array of 48 bytes. The state remains +valid after a call to `finish_384`, meaning the user may feed more data into +the hash via `update_384`. +*/ +void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst) +{ + Hacl_Streaming_MD_state_64 scrut = *p; + uint64_t *block_state = scrut.block_state; + uint8_t *buf_ = scrut.buf; + uint64_t total_len = scrut.total_len; + uint32_t r; + if (total_len % (uint64_t)(uint32_t)128U == (uint64_t)0U && + total_len > (uint64_t)0U) { + r = (uint32_t)128U; + } else { + r = (uint32_t)(total_len % (uint64_t)(uint32_t)128U); + } + uint8_t *buf_1 = buf_; + uint64_t tmp_block_state[8U] = { 0U }; + memcpy(tmp_block_state, block_state, (uint32_t)8U * sizeof(uint64_t)); + uint32_t ite; + if (r % (uint32_t)128U == (uint32_t)0U && r > (uint32_t)0U) { + ite = (uint32_t)128U; + } else { + ite = r % (uint32_t)128U; + } + uint8_t *buf_last = buf_1 + r - ite; + uint8_t *buf_multi = buf_1; + Hacl_SHA2_Scalar32_sha384_update_nblocks((uint32_t)0U, buf_multi, + tmp_block_state); + uint64_t prev_len_last = total_len - (uint64_t)r; + Hacl_SHA2_Scalar32_sha384_update_last( + FStar_UInt128_add(FStar_UInt128_uint64_to_uint128(prev_len_last), + FStar_UInt128_uint64_to_uint128((uint64_t)r)), + r, buf_last, tmp_block_state); + Hacl_SHA2_Scalar32_sha384_finish(tmp_block_state, dst); +} diff --git a/crypto/sha2-hacl.c b/crypto/sha2-hacl.c new file mode 100644 index 0000000000000..51565911b167e --- /dev/null +++ b/crypto/sha2-hacl.c @@ -0,0 +1,187 @@ +/* + * GPLv2 or MIT License + * + * Copyright (c) 2023 Cryspen + * + */ + +#include +#include + +#include "./hacl_hash.h" +#include "./hacl_lib.h" + +int hacl_sha256_update(struct shash_desc *desc, const u8 *data, + unsigned int len) +{ + struct sha256_state *sctx = shash_desc_ctx(desc); + Hacl_Streaming_MD_state_32 st; + st.block_state = sctx->state; + st.buf = sctx->buf; + st.total_len = sctx->count; + Hacl_Streaming_SHA2_update_256(&st, (u8 *)data, len); + sctx->count = st.total_len; + return 0; +} +EXPORT_SYMBOL(hacl_sha256_update); + +static int hacl_sha256_final(struct shash_desc *desc, u8 *out) +{ + struct sha256_state *sctx = shash_desc_ctx(desc); + Hacl_Streaming_MD_state_32 st; + st.block_state = sctx->state; + st.buf = sctx->buf; + st.total_len = sctx->count; + if (crypto_shash_digestsize(desc->tfm) == SHA224_DIGEST_SIZE) + Hacl_Streaming_SHA2_finish_224(&st, out); + else + Hacl_Streaming_SHA2_finish_256(&st, out); + return 0; +} + +int hacl_sha256_finup(struct shash_desc *desc, const u8 *data, unsigned int len, + u8 *hash) +{ + struct sha256_state *sctx = shash_desc_ctx(desc); + Hacl_Streaming_MD_state_32 st; + st.block_state = sctx->state; + st.buf = sctx->buf; + st.total_len = sctx->count; + Hacl_Streaming_SHA2_update_256(&st, (u8 *)data, len); + if (crypto_shash_digestsize(desc->tfm) == SHA224_DIGEST_SIZE) + Hacl_Streaming_SHA2_finish_224(&st, hash); + else + Hacl_Streaming_SHA2_finish_256(&st, hash); + return 0; +} +EXPORT_SYMBOL(hacl_sha256_finup); + +int hacl_sha512_update(struct shash_desc *desc, const u8 *data, + unsigned int len) +{ + struct sha512_state *sctx = shash_desc_ctx(desc); + Hacl_Streaming_MD_state_64 st; + st.block_state = sctx->state; + st.buf = sctx->buf; + st.total_len = sctx->count[0]; + Hacl_Streaming_SHA2_update_512(&st, (u8 *)data, len); + sctx->count[0] = st.total_len; + return 0; +} +EXPORT_SYMBOL(hacl_sha512_update); + +static int hacl_sha512_final(struct shash_desc *desc, u8 *hash) +{ + struct sha512_state *sctx = shash_desc_ctx(desc); + Hacl_Streaming_MD_state_64 st; + st.block_state = sctx->state; + st.buf = sctx->buf; + st.total_len = sctx->count[0]; + if (crypto_shash_digestsize(desc->tfm) == SHA384_DIGEST_SIZE) + Hacl_Streaming_SHA2_finish_384(&st, hash); + else + Hacl_Streaming_SHA2_finish_512(&st, hash); + return 0; +} + +int hacl_sha512_finup(struct shash_desc *desc, const u8 *data, unsigned int len, + u8 *hash) +{ + struct sha512_state *sctx = shash_desc_ctx(desc); + Hacl_Streaming_MD_state_64 st; + st.block_state = sctx->state; + st.buf = sctx->buf; + st.total_len = sctx->count[0]; + Hacl_Streaming_SHA2_update_512(&st, (u8 *)data, len); + if (crypto_shash_digestsize(desc->tfm) == SHA384_DIGEST_SIZE) + Hacl_Streaming_SHA2_finish_384(&st, hash); + else + Hacl_Streaming_SHA2_finish_512(&st, hash); + return 0; +} +EXPORT_SYMBOL(hacl_sha512_finup); + +static struct shash_alg sha2_hacl_algs[4] = { { + .digestsize = SHA256_DIGEST_SIZE, + .init = sha256_base_init, + .update = hacl_sha256_update, + .final = hacl_sha256_final, + .finup = hacl_sha256_finup, + .descsize = sizeof(struct sha256_state), + .base = { + .cra_name = "sha256", + .cra_driver_name = "sha256-hacl", + .cra_priority = 100, + .cra_blocksize = SHA256_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } + }, { + .digestsize = SHA224_DIGEST_SIZE, + .init = sha224_base_init, + .update = hacl_sha256_update, + .final = hacl_sha256_final, + .finup = hacl_sha256_finup, + .descsize = sizeof(struct sha256_state), + .base = { + .cra_name = "sha224", + .cra_driver_name = "sha224-hacl", + .cra_priority = 100, + .cra_blocksize = SHA224_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } + }, { + .digestsize = SHA384_DIGEST_SIZE, + .init = sha384_base_init, + .update = hacl_sha512_update, + .final = hacl_sha512_final, + .finup = hacl_sha512_finup, + .descsize = sizeof(struct sha512_state), + .base = { + .cra_name = "sha384", + .cra_driver_name = "sha384-hacl", + .cra_priority = 100, + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } + }, { + .digestsize = SHA512_DIGEST_SIZE, + .init = sha512_base_init, + .update = hacl_sha512_update, + .final = hacl_sha512_final, + .finup = hacl_sha512_finup, + .descsize = sizeof(struct sha512_state), + .base = { + .cra_name = "sha512", + .cra_driver_name = "sha512-hacl", + .cra_priority = 100, + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } + } +}; + +static int __init sha2_hacl_mod_init(void) +{ + return crypto_register_shashes(sha2_hacl_algs, + ARRAY_SIZE(sha2_hacl_algs)); +} + +static void __exit sha2_hacl_mod_fini(void) +{ + crypto_unregister_shashes(sha2_hacl_algs, ARRAY_SIZE(sha2_hacl_algs)); +} + +subsys_initcall(sha2_hacl_mod_init); +module_exit(sha2_hacl_mod_fini); + +MODULE_LICENSE("GPLv2 or MIT"); +MODULE_DESCRIPTION("Formally Verified SHA-2 Secure Hash Algorithm from HACL*"); + +MODULE_ALIAS_CRYPTO("sha224"); +MODULE_ALIAS_CRYPTO("sha224-hacl"); +MODULE_ALIAS_CRYPTO("sha256"); +MODULE_ALIAS_CRYPTO("sha256-hacl"); +MODULE_ALIAS_CRYPTO("sha384"); +MODULE_ALIAS_CRYPTO("sha384-hacl"); +MODULE_ALIAS_CRYPTO("sha512"); +MODULE_ALIAS_CRYPTO("sha512-hacl"); From fe222e6ef8a6134fbb6fa7112ec40344cffb263c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 5 Oct 2023 14:55:16 +0200 Subject: [PATCH 03/53] Add HACL SHA2 to Makefile and config --- crypto/Kconfig | 6 ++++++ crypto/Makefile | 1 + 2 files changed, 7 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index 650b1b3620d81..e35350102a433 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1026,6 +1026,12 @@ config CRYPTO_SHA256 This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP). Used by the btrfs filesystem, Ceph, NFS, and SMB. +config CRYPTO_SHA2_HACL + tristate "SHA-224 and SHA-256 and SHA-384 and SHA-512" + select CRYPTO_HASH + help + SHA-2 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) from HACL* + config CRYPTO_SHA512 tristate "SHA-384 and SHA-512" select CRYPTO_HASH diff --git a/crypto/Makefile b/crypto/Makefile index 953a7e105e58c..2c88f3c8ce4db 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -77,6 +77,7 @@ obj-$(CONFIG_CRYPTO_MD5) += md5.o obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o +obj-$(CONFIG_CRYPTO_SHA2_HACL) += sha2-hacl-generated.o sha2-hacl.o obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o obj-$(CONFIG_CRYPTO_SM3) += sm3.o From ade4975d28b7a5499f561b89b296579c516f70a3 Mon Sep 17 00:00:00 2001 From: Karthik Bhargavan Date: Fri, 13 Oct 2023 11:25:56 +0200 Subject: [PATCH 04/53] addressed review comments --- crypto/hacl_hash.h | 201 +++-------------------------------- crypto/sha2-hacl-generated.c | 100 ++++++++--------- crypto/sha2-hacl.c | 12 +-- 3 files changed, 73 insertions(+), 240 deletions(-) diff --git a/crypto/hacl_hash.h b/crypto/hacl_hash.h index 38901e36dbe8c..32c4f33d7a809 100644 --- a/crypto/hacl_hash.h +++ b/crypto/hacl_hash.h @@ -9,51 +9,24 @@ #include "./hacl_lib.h" -#define Spec_Hash_Definitions_SHA2_224 0 -#define Spec_Hash_Definitions_SHA2_256 1 -#define Spec_Hash_Definitions_SHA2_384 2 -#define Spec_Hash_Definitions_SHA2_512 3 -#define Spec_Hash_Definitions_SHA1 4 -#define Spec_Hash_Definitions_MD5 5 -#define Spec_Hash_Definitions_Blake2S 6 -#define Spec_Hash_Definitions_Blake2B 7 -#define Spec_Hash_Definitions_SHA3_256 8 -#define Spec_Hash_Definitions_SHA3_224 9 -#define Spec_Hash_Definitions_SHA3_384 10 -#define Spec_Hash_Definitions_SHA3_512 11 -#define Spec_Hash_Definitions_Shake128 12 -#define Spec_Hash_Definitions_Shake256 13 - -typedef uint8_t Spec_Hash_Definitions_hash_alg; - #define Hacl_Streaming_Types_Success 0 #define Hacl_Streaming_Types_InvalidAlgorithm 1 #define Hacl_Streaming_Types_InvalidLength 2 #define Hacl_Streaming_Types_MaximumLengthExceeded 3 -uint32_t Hacl_Hash_Definitions_word_len(Spec_Hash_Definitions_hash_alg a); - -uint32_t Hacl_Hash_Definitions_block_len(Spec_Hash_Definitions_hash_alg a); - -uint32_t Hacl_Hash_Definitions_hash_word_len(Spec_Hash_Definitions_hash_alg a); - -uint32_t Hacl_Hash_Definitions_hash_len(Spec_Hash_Definitions_hash_alg a); - -typedef uint8_t *Hacl_Hash_Definitions_hash_t; - typedef uint8_t Hacl_Streaming_Types_error_code; -typedef struct Hacl_Streaming_MD_state_32_s { +struct Hacl_Streaming_MD_state_32_s { uint32_t *block_state; uint8_t *buf; uint64_t total_len; -} Hacl_Streaming_MD_state_32; +}; -typedef struct Hacl_Streaming_MD_state_64_s { +struct Hacl_Streaming_MD_state_64_s { uint64_t *block_state; uint8_t *buf; uint64_t total_len; -} Hacl_Streaming_MD_state_64; +}; static const uint32_t Hacl_Impl_SHA2_Generic_h224[8U] = { (uint32_t)0xc1059ed8U, (uint32_t)0x367cd507U, (uint32_t)0x3070dd17U, @@ -149,72 +122,10 @@ static const uint64_t Hacl_Impl_SHA2_Generic_k384_512[80U] = { (uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U }; -void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash); - -void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, - uint32_t *st); - -void Hacl_SHA2_Scalar32_sha256_update_last(uint64_t totlen, uint32_t len, - uint8_t *b, uint32_t *hash); - -void Hacl_SHA2_Scalar32_sha256_finish(uint32_t *st, uint8_t *h); - -void Hacl_SHA2_Scalar32_sha224_init(uint32_t *hash); - -void Hacl_SHA2_Scalar32_sha224_update_last(uint64_t totlen, uint32_t len, - uint8_t *b, uint32_t *st); - -void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h); - -void Hacl_SHA2_Scalar32_sha512_init(uint64_t *hash); - -void Hacl_SHA2_Scalar32_sha512_update_nblocks(uint32_t len, uint8_t *b, - uint64_t *st); - -void Hacl_SHA2_Scalar32_sha512_update_last(FStar_UInt128_uint128 totlen, - uint32_t len, uint8_t *b, - uint64_t *hash); - -void Hacl_SHA2_Scalar32_sha512_finish(uint64_t *st, uint8_t *h); - -void Hacl_SHA2_Scalar32_sha384_init(uint64_t *hash); - -void Hacl_SHA2_Scalar32_sha384_update_nblocks(uint32_t len, uint8_t *b, - uint64_t *st); - -void Hacl_SHA2_Scalar32_sha384_update_last(FStar_UInt128_uint128 totlen, - uint32_t len, uint8_t *b, - uint64_t *st); - -void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h); - -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_224; - -typedef Hacl_Streaming_MD_state_32 Hacl_Streaming_SHA2_state_sha2_256; - -typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_384; - -typedef Hacl_Streaming_MD_state_64 Hacl_Streaming_SHA2_state_sha2_512; - -/** -Allocate initial state for the SHA2_256 hash. The state is to be freed by -calling `free_256`. -*/ -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_256(void); - -/** -Copies the state passed as argument into a newly allocated state (deep copy). -The state is to be freed by calling `free_256`. Cloning the state this way is -useful, for instance, if your control-flow diverges and you need to feed -more (different) data into the hash in each branch. -*/ -Hacl_Streaming_MD_state_32 * -Hacl_Streaming_SHA2_copy_256(Hacl_Streaming_MD_state_32 *s0); - /** Reset an existing state to the initial hash state with empty data. */ -void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s); +void Hacl_Streaming_SHA2_init_256(struct Hacl_Streaming_MD_state_32_s *s); /** Feed an arbitrary amount of data into the hash. This function returns 0 for @@ -224,7 +135,7 @@ success, or 1 if the combined length of all of the data passed to `update_256` This function is identical to the update function for SHA2_224. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_256(Hacl_Streaming_MD_state_32 *p, uint8_t *input, +Hacl_Streaming_SHA2_update_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, uint32_t input_len); /** @@ -233,28 +144,19 @@ valid after a call to `finish_256`, meaning the user may feed more data into the hash via `update_256`. (The finish_256 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, +void Hacl_Streaming_SHA2_finish_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *dst); -/** -Free a state allocated with `create_in_256`. - -This function is identical to the free function for SHA2_224. -*/ -void Hacl_Streaming_SHA2_free_256(Hacl_Streaming_MD_state_32 *s); - /** Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes. */ void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst); -Hacl_Streaming_MD_state_32 *Hacl_Streaming_SHA2_create_in_224(void); - -void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s); +void Hacl_Streaming_SHA2_init_224(struct Hacl_Streaming_MD_state_32_s *s); Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_224(Hacl_Streaming_MD_state_32 *p, uint8_t *input, +Hacl_Streaming_SHA2_update_224(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, uint32_t input_len); /** @@ -262,29 +164,16 @@ Write the resulting hash into `dst`, an array of 28 bytes. The state remains valid after a call to `finish_224`, meaning the user may feed more data into the hash via `update_224`. */ -void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, +void Hacl_Streaming_SHA2_finish_224(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *dst); -void Hacl_Streaming_SHA2_free_224(Hacl_Streaming_MD_state_32 *p); - /** Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes. */ void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst); -Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_512(void); - -/** -Copies the state passed as argument into a newly allocated state (deep copy). -The state is to be freed by calling `free_512`. Cloning the state this way is -useful, for instance, if your control-flow diverges and you need to feed -more (different) data into the hash in each branch. -*/ -Hacl_Streaming_MD_state_64 * -Hacl_Streaming_SHA2_copy_512(Hacl_Streaming_MD_state_64 *s0); - -void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s); +void Hacl_Streaming_SHA2_init_512(struct Hacl_Streaming_MD_state_64_s *s); /** Feed an arbitrary amount of data into the hash. This function returns 0 for @@ -294,7 +183,7 @@ success, or 1 if the combined length of all of the data passed to `update_512` This function is identical to the update function for SHA2_384. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_512(Hacl_Streaming_MD_state_64 *p, uint8_t *input, +Hacl_Streaming_SHA2_update_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, uint32_t input_len); /** @@ -303,28 +192,19 @@ valid after a call to `finish_512`, meaning the user may feed more data into the hash via `update_512`. (The finish_512 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, +void Hacl_Streaming_SHA2_finish_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *dst); -/** -Free a state allocated with `create_in_512`. - -This function is identical to the free function for SHA2_384. -*/ -void Hacl_Streaming_SHA2_free_512(Hacl_Streaming_MD_state_64 *s); - /** Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes. */ void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, uint8_t *dst); -Hacl_Streaming_MD_state_64 *Hacl_Streaming_SHA2_create_in_384(void); - -void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s); +void Hacl_Streaming_SHA2_init_384(struct Hacl_Streaming_MD_state_64_s *s); Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_384(Hacl_Streaming_MD_state_64 *p, uint8_t *input, +Hacl_Streaming_SHA2_update_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, uint32_t input_len); /** @@ -332,61 +212,12 @@ Write the resulting hash into `dst`, an array of 48 bytes. The state remains valid after a call to `finish_384`, meaning the user may feed more data into the hash via `update_384`. */ -void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, +void Hacl_Streaming_SHA2_finish_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *dst); - -void Hacl_Streaming_SHA2_free_384(Hacl_Streaming_MD_state_64 *p); - /** Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes. */ void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst); -typedef struct Hacl_Impl_SHA2_Types_uint8_2p_s { - uint8_t *fst; - uint8_t *snd; -} Hacl_Impl_SHA2_Types_uint8_2p; - -typedef struct Hacl_Impl_SHA2_Types_uint8_3p_s { - uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_2p snd; -} Hacl_Impl_SHA2_Types_uint8_3p; - -typedef struct Hacl_Impl_SHA2_Types_uint8_4p_s { - uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_3p snd; -} Hacl_Impl_SHA2_Types_uint8_4p; - -typedef struct Hacl_Impl_SHA2_Types_uint8_5p_s { - uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_4p snd; -} Hacl_Impl_SHA2_Types_uint8_5p; - -typedef struct Hacl_Impl_SHA2_Types_uint8_6p_s { - uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_5p snd; -} Hacl_Impl_SHA2_Types_uint8_6p; - -typedef struct Hacl_Impl_SHA2_Types_uint8_7p_s { - uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_6p snd; -} Hacl_Impl_SHA2_Types_uint8_7p; - -typedef struct Hacl_Impl_SHA2_Types_uint8_8p_s { - uint8_t *fst; - Hacl_Impl_SHA2_Types_uint8_7p snd; -} Hacl_Impl_SHA2_Types_uint8_8p; - -typedef struct Hacl_Impl_SHA2_Types_uint8_2x4p_s { - Hacl_Impl_SHA2_Types_uint8_4p fst; - Hacl_Impl_SHA2_Types_uint8_4p snd; -} Hacl_Impl_SHA2_Types_uint8_2x4p; - -typedef struct Hacl_Impl_SHA2_Types_uint8_2x8p_s { - Hacl_Impl_SHA2_Types_uint8_8p fst; - Hacl_Impl_SHA2_Types_uint8_8p snd; -} Hacl_Impl_SHA2_Types_uint8_2x8p; - -#define __Hacl_Hash_H_DEFINED #endif // CRYPTO_HACL_HASH_H_ diff --git a/crypto/sha2-hacl-generated.c b/crypto/sha2-hacl-generated.c index 9a5e081915b74..ca0b6de5736fc 100644 --- a/crypto/sha2-hacl-generated.c +++ b/crypto/sha2-hacl-generated.c @@ -1,4 +1,5 @@ -/* GPLv2 or MIT License +/* + * GPLv2 or MIT License * * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation * Copyright (c) 2022-2023 HACL* Contributors @@ -16,7 +17,7 @@ void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash) os[i] = x;); } -static inline void sha256_update_(uint8_t *b, uint32_t *hash) +static inline void hacl_sha256_update(uint8_t *b, uint32_t *hash) { uint32_t hash_old[8U] = { 0U }; uint32_t ws[16U] = { 0U }; @@ -117,7 +118,7 @@ void Hacl_SHA2_Scalar32_sha256_update_nblocks(uint32_t len, uint8_t *b, for (uint32_t i = (uint32_t)0U; i < blocks; i++) { uint8_t *b0 = b; uint8_t *mb = b0 + i * (uint32_t)64U; - sha256_update_(mb, st); + hacl_sha256_update(mb, st); } } @@ -148,9 +149,9 @@ void Hacl_SHA2_Scalar32_sha256_update_last(uint64_t totlen, uint32_t len, uint8_t *lb1 = l1; uint8_t *last0 = lb0; uint8_t *last1 = lb1; - sha256_update_(last0, hash); + hacl_sha256_update(last0, hash); if (blocks > (uint32_t)1U) { - sha256_update_(last1, hash); + hacl_sha256_update(last1, hash); return; } } @@ -193,13 +194,14 @@ void Hacl_SHA2_Scalar32_sha224_finish(uint32_t *st, uint8_t *h) /** Reset an existing state to the initial hash state with empty data. */ -void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s) + +void Hacl_Streaming_SHA2_init_256(struct Hacl_Streaming_MD_state_32_s *s) { - Hacl_Streaming_MD_state_32 scrut = *s; + struct Hacl_Streaming_MD_state_32_s scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; Hacl_SHA2_Scalar32_sha256_init(block_state); - Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, + struct Hacl_Streaming_MD_state_32_s tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -207,9 +209,9 @@ void Hacl_Streaming_SHA2_init_256(Hacl_Streaming_MD_state_32 *s) } static inline Hacl_Streaming_Types_error_code -update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len) +update_224_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *data, uint32_t len) { - Hacl_Streaming_MD_state_32 s = *p; + struct Hacl_Streaming_MD_state_32_s s = *p; uint64_t total_len = s.total_len; if ((uint64_t)len > (uint64_t)2305843009213693951U - total_len) { return Hacl_Streaming_Types_MaximumLengthExceeded; @@ -222,7 +224,7 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len) sz = (uint32_t)(total_len % (uint64_t)(uint32_t)64U); } if (len <= (uint32_t)64U - sz) { - Hacl_Streaming_MD_state_32 s1 = *p; + struct Hacl_Streaming_MD_state_32_s s1 = *p; uint32_t *block_state1 = s1.block_state; uint8_t *buf = s1.buf; uint64_t total_len1 = s1.total_len; @@ -236,11 +238,11 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len) uint8_t *buf2 = buf + sz1; memcpy(buf2, data, len * sizeof(uint8_t)); uint64_t total_len2 = total_len1 + (uint64_t)len; - *p = ((Hacl_Streaming_MD_state_32){ .block_state = block_state1, + *p = ((struct Hacl_Streaming_MD_state_32_s){ .block_state = block_state1, .buf = buf, .total_len = total_len2 }); } else if (sz == (uint32_t)0U) { - Hacl_Streaming_MD_state_32 s1 = *p; + struct Hacl_Streaming_MD_state_32_s s1 = *p; uint32_t *block_state1 = s1.block_state; uint8_t *buf = s1.buf; uint64_t total_len1 = s1.total_len; @@ -273,7 +275,7 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len) block_state1); uint8_t *dst = buf; memcpy(dst, data2, data2_len * sizeof(uint8_t)); - *p = ((Hacl_Streaming_MD_state_32){ + *p = ((struct Hacl_Streaming_MD_state_32_s){ .block_state = block_state1, .buf = buf, .total_len = total_len1 + (uint64_t)len }); @@ -281,7 +283,7 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len) uint32_t diff = (uint32_t)64U - sz; uint8_t *data1 = data; uint8_t *data2 = data + diff; - Hacl_Streaming_MD_state_32 s1 = *p; + struct Hacl_Streaming_MD_state_32_s s1 = *p; uint32_t *block_state10 = s1.block_state; uint8_t *buf0 = s1.buf; uint64_t total_len10 = s1.total_len; @@ -296,11 +298,11 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len) uint8_t *buf2 = buf0 + sz10; memcpy(buf2, data1, diff * sizeof(uint8_t)); uint64_t total_len2 = total_len10 + (uint64_t)diff; - *p = ((Hacl_Streaming_MD_state_32){ .block_state = + *p = ((struct Hacl_Streaming_MD_state_32_s){ .block_state = block_state10, .buf = buf0, .total_len = total_len2 }); - Hacl_Streaming_MD_state_32 s10 = *p; + struct Hacl_Streaming_MD_state_32_s s10 = *p; uint32_t *block_state1 = s10.block_state; uint8_t *buf = s10.buf; uint64_t total_len1 = s10.total_len; @@ -334,7 +336,7 @@ update_224_256(Hacl_Streaming_MD_state_32 *p, uint8_t *data, uint32_t len) block_state1); uint8_t *dst = buf; memcpy(dst, data21, data2_len * sizeof(uint8_t)); - *p = ((Hacl_Streaming_MD_state_32){ + *p = ((struct Hacl_Streaming_MD_state_32_s){ .block_state = block_state1, .buf = buf, .total_len = total_len1 + (uint64_t)(len - diff) }); @@ -350,7 +352,7 @@ success, or 1 if the combined length of all of the data passed to `update_256` This function is identical to the update function for SHA2_224. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_256(Hacl_Streaming_MD_state_32 *p, uint8_t *input, +Hacl_Streaming_SHA2_update_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, uint32_t input_len) { return update_224_256(p, input, input_len); @@ -362,9 +364,9 @@ valid after a call to `finish_256`, meaning the user may feed more data into the hash via `update_256`. (The finish_256 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_256(Hacl_Streaming_MD_state_32 *p, uint8_t *dst) +void Hacl_Streaming_SHA2_finish_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *dst) { - Hacl_Streaming_MD_state_32 scrut = *p; + struct Hacl_Streaming_MD_state_32_s scrut = *p; uint32_t *block_state = scrut.block_state; uint8_t *buf_ = scrut.buf; uint64_t total_len = scrut.total_len; @@ -414,13 +416,13 @@ void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, Hacl_SHA2_Scalar32_sha256_finish(st, rb); } -void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s) +void Hacl_Streaming_SHA2_init_224(struct Hacl_Streaming_MD_state_32_s *s) { - Hacl_Streaming_MD_state_32 scrut = *s; + struct Hacl_Streaming_MD_state_32_s scrut = *s; uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; Hacl_SHA2_Scalar32_sha224_init(block_state); - Hacl_Streaming_MD_state_32 tmp = { .block_state = block_state, + struct Hacl_Streaming_MD_state_32_s tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -428,7 +430,7 @@ void Hacl_Streaming_SHA2_init_224(Hacl_Streaming_MD_state_32 *s) } Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_224(Hacl_Streaming_MD_state_32 *p, uint8_t *input, +Hacl_Streaming_SHA2_update_224(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, uint32_t input_len) { return update_224_256(p, input, input_len); @@ -439,9 +441,9 @@ Write the resulting hash into `dst`, an array of 28 bytes. The state remains valid after a call to `finish_224`, meaning the user may feed more data into the hash via `update_224`. */ -void Hacl_Streaming_SHA2_finish_224(Hacl_Streaming_MD_state_32 *p, uint8_t *dst) +void Hacl_Streaming_SHA2_finish_224(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *dst) { - Hacl_Streaming_MD_state_32 scrut = *p; + struct Hacl_Streaming_MD_state_32_s scrut = *p; uint32_t *block_state = scrut.block_state; uint8_t *buf_ = scrut.buf; uint64_t total_len = scrut.total_len; @@ -676,13 +678,13 @@ void Hacl_SHA2_Scalar32_sha384_finish(uint64_t *st, uint8_t *h) memcpy(h, hbuf, (uint32_t)48U * sizeof(uint8_t)); } -void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s) +void Hacl_Streaming_SHA2_init_512(struct Hacl_Streaming_MD_state_64_s *s) { - Hacl_Streaming_MD_state_64 scrut = *s; + struct Hacl_Streaming_MD_state_64_s scrut = *s; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; Hacl_SHA2_Scalar32_sha512_init(block_state); - Hacl_Streaming_MD_state_64 tmp = { .block_state = block_state, + struct Hacl_Streaming_MD_state_64_s tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -690,9 +692,9 @@ void Hacl_Streaming_SHA2_init_512(Hacl_Streaming_MD_state_64 *s) } static inline Hacl_Streaming_Types_error_code -update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len) +update_384_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *data, uint32_t len) { - Hacl_Streaming_MD_state_64 s = *p; + struct Hacl_Streaming_MD_state_64_s s = *p; uint64_t total_len = s.total_len; if ((uint64_t)len > (uint64_t)18446744073709551615U - total_len) { return Hacl_Streaming_Types_MaximumLengthExceeded; @@ -705,7 +707,7 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len) sz = (uint32_t)(total_len % (uint64_t)(uint32_t)128U); } if (len <= (uint32_t)128U - sz) { - Hacl_Streaming_MD_state_64 s1 = *p; + struct Hacl_Streaming_MD_state_64_s s1 = *p; uint64_t *block_state1 = s1.block_state; uint8_t *buf = s1.buf; uint64_t total_len1 = s1.total_len; @@ -719,11 +721,11 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len) uint8_t *buf2 = buf + sz1; memcpy(buf2, data, len * sizeof(uint8_t)); uint64_t total_len2 = total_len1 + (uint64_t)len; - *p = ((Hacl_Streaming_MD_state_64){ .block_state = block_state1, + *p = ((struct Hacl_Streaming_MD_state_64_s){ .block_state = block_state1, .buf = buf, .total_len = total_len2 }); } else if (sz == (uint32_t)0U) { - Hacl_Streaming_MD_state_64 s1 = *p; + struct Hacl_Streaming_MD_state_64_s s1 = *p; uint64_t *block_state1 = s1.block_state; uint8_t *buf = s1.buf; uint64_t total_len1 = s1.total_len; @@ -756,7 +758,7 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len) block_state1); uint8_t *dst = buf; memcpy(dst, data2, data2_len * sizeof(uint8_t)); - *p = ((Hacl_Streaming_MD_state_64){ + *p = ((struct Hacl_Streaming_MD_state_64_s){ .block_state = block_state1, .buf = buf, .total_len = total_len1 + (uint64_t)len }); @@ -764,7 +766,7 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len) uint32_t diff = (uint32_t)128U - sz; uint8_t *data1 = data; uint8_t *data2 = data + diff; - Hacl_Streaming_MD_state_64 s1 = *p; + struct Hacl_Streaming_MD_state_64_s s1 = *p; uint64_t *block_state10 = s1.block_state; uint8_t *buf0 = s1.buf; uint64_t total_len10 = s1.total_len; @@ -779,11 +781,11 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len) uint8_t *buf2 = buf0 + sz10; memcpy(buf2, data1, diff * sizeof(uint8_t)); uint64_t total_len2 = total_len10 + (uint64_t)diff; - *p = ((Hacl_Streaming_MD_state_64){ .block_state = + *p = ((struct Hacl_Streaming_MD_state_64_s){ .block_state = block_state10, .buf = buf0, .total_len = total_len2 }); - Hacl_Streaming_MD_state_64 s10 = *p; + struct Hacl_Streaming_MD_state_64_s s10 = *p; uint64_t *block_state1 = s10.block_state; uint8_t *buf = s10.buf; uint64_t total_len1 = s10.total_len; @@ -817,7 +819,7 @@ update_384_512(Hacl_Streaming_MD_state_64 *p, uint8_t *data, uint32_t len) block_state1); uint8_t *dst = buf; memcpy(dst, data21, data2_len * sizeof(uint8_t)); - *p = ((Hacl_Streaming_MD_state_64){ + *p = ((struct Hacl_Streaming_MD_state_64_s){ .block_state = block_state1, .buf = buf, .total_len = total_len1 + (uint64_t)(len - diff) }); @@ -833,7 +835,7 @@ success, or 1 if the combined length of all of the data passed to `update_512` This function is identical to the update function for SHA2_384. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_512(Hacl_Streaming_MD_state_64 *p, uint8_t *input, +Hacl_Streaming_SHA2_update_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, uint32_t input_len) { return update_384_512(p, input, input_len); @@ -845,9 +847,9 @@ valid after a call to `finish_512`, meaning the user may feed more data into the hash via `update_512`. (The finish_512 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst) +void Hacl_Streaming_SHA2_finish_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *dst) { - Hacl_Streaming_MD_state_64 scrut = *p; + struct Hacl_Streaming_MD_state_64_s scrut = *p; uint64_t *block_state = scrut.block_state; uint8_t *buf_ = scrut.buf; uint64_t total_len = scrut.total_len; @@ -879,13 +881,13 @@ void Hacl_Streaming_SHA2_finish_512(Hacl_Streaming_MD_state_64 *p, uint8_t *dst) Hacl_SHA2_Scalar32_sha512_finish(tmp_block_state, dst); } -void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s) +void Hacl_Streaming_SHA2_init_384(struct Hacl_Streaming_MD_state_64_s *s) { - Hacl_Streaming_MD_state_64 scrut = *s; + struct Hacl_Streaming_MD_state_64_s scrut = *s; uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; Hacl_SHA2_Scalar32_sha384_init(block_state); - Hacl_Streaming_MD_state_64 tmp = { .block_state = block_state, + struct Hacl_Streaming_MD_state_64_s tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U }; @@ -893,7 +895,7 @@ void Hacl_Streaming_SHA2_init_384(Hacl_Streaming_MD_state_64 *s) } Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_384(Hacl_Streaming_MD_state_64 *p, uint8_t *input, +Hacl_Streaming_SHA2_update_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, uint32_t input_len) { return update_384_512(p, input, input_len); @@ -904,9 +906,9 @@ Write the resulting hash into `dst`, an array of 48 bytes. The state remains valid after a call to `finish_384`, meaning the user may feed more data into the hash via `update_384`. */ -void Hacl_Streaming_SHA2_finish_384(Hacl_Streaming_MD_state_64 *p, uint8_t *dst) +void Hacl_Streaming_SHA2_finish_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *dst) { - Hacl_Streaming_MD_state_64 scrut = *p; + struct Hacl_Streaming_MD_state_64_s scrut = *p; uint64_t *block_state = scrut.block_state; uint8_t *buf_ = scrut.buf; uint64_t total_len = scrut.total_len; diff --git a/crypto/sha2-hacl.c b/crypto/sha2-hacl.c index 51565911b167e..89e4ec2e2c457 100644 --- a/crypto/sha2-hacl.c +++ b/crypto/sha2-hacl.c @@ -15,7 +15,7 @@ int hacl_sha256_update(struct shash_desc *desc, const u8 *data, unsigned int len) { struct sha256_state *sctx = shash_desc_ctx(desc); - Hacl_Streaming_MD_state_32 st; + struct Hacl_Streaming_MD_state_32_s st; st.block_state = sctx->state; st.buf = sctx->buf; st.total_len = sctx->count; @@ -28,7 +28,7 @@ EXPORT_SYMBOL(hacl_sha256_update); static int hacl_sha256_final(struct shash_desc *desc, u8 *out) { struct sha256_state *sctx = shash_desc_ctx(desc); - Hacl_Streaming_MD_state_32 st; + struct Hacl_Streaming_MD_state_32_s st; st.block_state = sctx->state; st.buf = sctx->buf; st.total_len = sctx->count; @@ -43,7 +43,7 @@ int hacl_sha256_finup(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *hash) { struct sha256_state *sctx = shash_desc_ctx(desc); - Hacl_Streaming_MD_state_32 st; + struct Hacl_Streaming_MD_state_32_s st; st.block_state = sctx->state; st.buf = sctx->buf; st.total_len = sctx->count; @@ -60,7 +60,7 @@ int hacl_sha512_update(struct shash_desc *desc, const u8 *data, unsigned int len) { struct sha512_state *sctx = shash_desc_ctx(desc); - Hacl_Streaming_MD_state_64 st; + struct Hacl_Streaming_MD_state_64_s st; st.block_state = sctx->state; st.buf = sctx->buf; st.total_len = sctx->count[0]; @@ -73,7 +73,7 @@ EXPORT_SYMBOL(hacl_sha512_update); static int hacl_sha512_final(struct shash_desc *desc, u8 *hash) { struct sha512_state *sctx = shash_desc_ctx(desc); - Hacl_Streaming_MD_state_64 st; + struct Hacl_Streaming_MD_state_64_s st; st.block_state = sctx->state; st.buf = sctx->buf; st.total_len = sctx->count[0]; @@ -88,7 +88,7 @@ int hacl_sha512_finup(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *hash) { struct sha512_state *sctx = shash_desc_ctx(desc); - Hacl_Streaming_MD_state_64 st; + struct Hacl_Streaming_MD_state_64_s st; st.block_state = sctx->state; st.buf = sctx->buf; st.total_len = sctx->count[0]; From fec0bdcb860fcb948625fc20a2cb75337efcf37b Mon Sep 17 00:00:00 2001 From: Karthik Bhargavan Date: Fri, 13 Oct 2023 11:34:21 +0200 Subject: [PATCH 05/53] propagating errors --- crypto/sha2-hacl.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/crypto/sha2-hacl.c b/crypto/sha2-hacl.c index 89e4ec2e2c457..efc9e09b1f1b9 100644 --- a/crypto/sha2-hacl.c +++ b/crypto/sha2-hacl.c @@ -19,9 +19,9 @@ int hacl_sha256_update(struct shash_desc *desc, const u8 *data, st.block_state = sctx->state; st.buf = sctx->buf; st.total_len = sctx->count; - Hacl_Streaming_SHA2_update_256(&st, (u8 *)data, len); + uint8_t res = Hacl_Streaming_SHA2_update_256(&st, (u8 *)data, len); sctx->count = st.total_len; - return 0; + return res; } EXPORT_SYMBOL(hacl_sha256_update); @@ -64,9 +64,9 @@ int hacl_sha512_update(struct shash_desc *desc, const u8 *data, st.block_state = sctx->state; st.buf = sctx->buf; st.total_len = sctx->count[0]; - Hacl_Streaming_SHA2_update_512(&st, (u8 *)data, len); + uint8_t res = Hacl_Streaming_SHA2_update_512(&st, (u8 *)data, len); sctx->count[0] = st.total_len; - return 0; + return res; } EXPORT_SYMBOL(hacl_sha512_update); @@ -92,12 +92,15 @@ int hacl_sha512_finup(struct shash_desc *desc, const u8 *data, unsigned int len, st.block_state = sctx->state; st.buf = sctx->buf; st.total_len = sctx->count[0]; - Hacl_Streaming_SHA2_update_512(&st, (u8 *)data, len); - if (crypto_shash_digestsize(desc->tfm) == SHA384_DIGEST_SIZE) - Hacl_Streaming_SHA2_finish_384(&st, hash); - else - Hacl_Streaming_SHA2_finish_512(&st, hash); - return 0; + uint8_t res = Hacl_Streaming_SHA2_update_512(&st, (u8 *)data, len); + if (res == 0) { + if (crypto_shash_digestsize(desc->tfm) == SHA384_DIGEST_SIZE) + Hacl_Streaming_SHA2_finish_384(&st, hash); + else + Hacl_Streaming_SHA2_finish_512(&st, hash); + return 0; + } else + return res; } EXPORT_SYMBOL(hacl_sha512_finup); From 350282dd8ca3fb437ab627926495997e8ddf02a6 Mon Sep 17 00:00:00 2001 From: armfazh Date: Mon, 16 Oct 2023 16:42:06 -0700 Subject: [PATCH 06/53] Formatting files according to clang-format. --- crypto/hacl_hash.h | 20 +++---- crypto/hacl_lib.h | 2 +- crypto/sha2-hacl-generated.c | 106 +++++++++++++++++++---------------- crypto/sha2-hacl.c | 21 +++---- 4 files changed, 81 insertions(+), 68 deletions(-) diff --git a/crypto/hacl_hash.h b/crypto/hacl_hash.h index 32c4f33d7a809..a9524994e9023 100644 --- a/crypto/hacl_hash.h +++ b/crypto/hacl_hash.h @@ -7,7 +7,7 @@ #ifndef CRYPTO_HACL_HASH_H_ #define CRYPTO_HACL_HASH_H_ -#include "./hacl_lib.h" +#include "hacl_lib.h" #define Hacl_Streaming_Types_Success 0 #define Hacl_Streaming_Types_InvalidAlgorithm 1 @@ -135,8 +135,8 @@ success, or 1 if the combined length of all of the data passed to `update_256` This function is identical to the update function for SHA2_224. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, - uint32_t input_len); +Hacl_Streaming_SHA2_update_256(struct Hacl_Streaming_MD_state_32_s *p, + uint8_t *input, uint32_t input_len); /** Write the resulting hash into `dst`, an array of 32 bytes. The state remains @@ -156,8 +156,8 @@ void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, void Hacl_Streaming_SHA2_init_224(struct Hacl_Streaming_MD_state_32_s *s); Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_224(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, - uint32_t input_len); +Hacl_Streaming_SHA2_update_224(struct Hacl_Streaming_MD_state_32_s *p, + uint8_t *input, uint32_t input_len); /** Write the resulting hash into `dst`, an array of 28 bytes. The state remains @@ -183,8 +183,8 @@ success, or 1 if the combined length of all of the data passed to `update_512` This function is identical to the update function for SHA2_384. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, - uint32_t input_len); +Hacl_Streaming_SHA2_update_512(struct Hacl_Streaming_MD_state_64_s *p, + uint8_t *input, uint32_t input_len); /** Write the resulting hash into `dst`, an array of 64 bytes. The state remains @@ -204,8 +204,8 @@ void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, void Hacl_Streaming_SHA2_init_384(struct Hacl_Streaming_MD_state_64_s *s); Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, - uint32_t input_len); +Hacl_Streaming_SHA2_update_384(struct Hacl_Streaming_MD_state_64_s *p, + uint8_t *input, uint32_t input_len); /** Write the resulting hash into `dst`, an array of 48 bytes. The state remains @@ -220,4 +220,4 @@ Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes. void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst); -#endif // CRYPTO_HACL_HASH_H_ +#endif // CRYPTO_HACL_HASH_H_ diff --git a/crypto/hacl_lib.h b/crypto/hacl_lib.h index 44c8038ed124d..b6e3e015294d3 100644 --- a/crypto/hacl_lib.h +++ b/crypto/hacl_lib.h @@ -228,4 +228,4 @@ static inline void store128_be(u8 *buf, u128 x) #define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif -#endif // CRYPTO_HACL_LIB_H_" +#endif // CRYPTO_HACL_LIB_H_ diff --git a/crypto/sha2-hacl-generated.c b/crypto/sha2-hacl-generated.c index ca0b6de5736fc..9f3bfa4824219 100644 --- a/crypto/sha2-hacl-generated.c +++ b/crypto/sha2-hacl-generated.c @@ -1,4 +1,4 @@ -/* +/* * GPLv2 or MIT License * * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation @@ -6,8 +6,8 @@ * */ -#include "./hacl_hash.h" -#include "./hacl_lib.h" +#include "hacl_hash.h" +#include "hacl_lib.h" void Hacl_SHA2_Scalar32_sha256_init(uint32_t *hash) { @@ -201,15 +201,17 @@ void Hacl_Streaming_SHA2_init_256(struct Hacl_Streaming_MD_state_32_s *s) uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; Hacl_SHA2_Scalar32_sha256_init(block_state); - struct Hacl_Streaming_MD_state_32_s tmp = { .block_state = block_state, - .buf = buf, - .total_len = - (uint64_t)(uint32_t)0U }; + struct Hacl_Streaming_MD_state_32_s tmp = { + .block_state = block_state, + .buf = buf, + .total_len = (uint64_t)(uint32_t)0U + }; s[0U] = tmp; } static inline Hacl_Streaming_Types_error_code -update_224_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *data, uint32_t len) +update_224_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *data, + uint32_t len) { struct Hacl_Streaming_MD_state_32_s s = *p; uint64_t total_len = s.total_len; @@ -238,9 +240,10 @@ update_224_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *data, uint32_t l uint8_t *buf2 = buf + sz1; memcpy(buf2, data, len * sizeof(uint8_t)); uint64_t total_len2 = total_len1 + (uint64_t)len; - *p = ((struct Hacl_Streaming_MD_state_32_s){ .block_state = block_state1, - .buf = buf, - .total_len = total_len2 }); + *p = ((struct Hacl_Streaming_MD_state_32_s){ + .block_state = block_state1, + .buf = buf, + .total_len = total_len2 }); } else if (sz == (uint32_t)0U) { struct Hacl_Streaming_MD_state_32_s s1 = *p; uint32_t *block_state1 = s1.block_state; @@ -298,10 +301,10 @@ update_224_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *data, uint32_t l uint8_t *buf2 = buf0 + sz10; memcpy(buf2, data1, diff * sizeof(uint8_t)); uint64_t total_len2 = total_len10 + (uint64_t)diff; - *p = ((struct Hacl_Streaming_MD_state_32_s){ .block_state = - block_state10, - .buf = buf0, - .total_len = total_len2 }); + *p = ((struct Hacl_Streaming_MD_state_32_s){ + .block_state = block_state10, + .buf = buf0, + .total_len = total_len2 }); struct Hacl_Streaming_MD_state_32_s s10 = *p; uint32_t *block_state1 = s10.block_state; uint8_t *buf = s10.buf; @@ -352,8 +355,8 @@ success, or 1 if the combined length of all of the data passed to `update_256` This function is identical to the update function for SHA2_224. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, - uint32_t input_len) +Hacl_Streaming_SHA2_update_256(struct Hacl_Streaming_MD_state_32_s *p, + uint8_t *input, uint32_t input_len) { return update_224_256(p, input, input_len); } @@ -364,7 +367,8 @@ valid after a call to `finish_256`, meaning the user may feed more data into the hash via `update_256`. (The finish_256 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *dst) +void Hacl_Streaming_SHA2_finish_256(struct Hacl_Streaming_MD_state_32_s *p, + uint8_t *dst) { struct Hacl_Streaming_MD_state_32_s scrut = *p; uint32_t *block_state = scrut.block_state; @@ -422,16 +426,17 @@ void Hacl_Streaming_SHA2_init_224(struct Hacl_Streaming_MD_state_32_s *s) uint8_t *buf = scrut.buf; uint32_t *block_state = scrut.block_state; Hacl_SHA2_Scalar32_sha224_init(block_state); - struct Hacl_Streaming_MD_state_32_s tmp = { .block_state = block_state, - .buf = buf, - .total_len = - (uint64_t)(uint32_t)0U }; + struct Hacl_Streaming_MD_state_32_s tmp = { + .block_state = block_state, + .buf = buf, + .total_len = (uint64_t)(uint32_t)0U + }; s[0U] = tmp; } Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_224(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, - uint32_t input_len) +Hacl_Streaming_SHA2_update_224(struct Hacl_Streaming_MD_state_32_s *p, + uint8_t *input, uint32_t input_len) { return update_224_256(p, input, input_len); } @@ -441,7 +446,8 @@ Write the resulting hash into `dst`, an array of 28 bytes. The state remains valid after a call to `finish_224`, meaning the user may feed more data into the hash via `update_224`. */ -void Hacl_Streaming_SHA2_finish_224(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *dst) +void Hacl_Streaming_SHA2_finish_224(struct Hacl_Streaming_MD_state_32_s *p, + uint8_t *dst) { struct Hacl_Streaming_MD_state_32_s scrut = *p; uint32_t *block_state = scrut.block_state; @@ -684,15 +690,17 @@ void Hacl_Streaming_SHA2_init_512(struct Hacl_Streaming_MD_state_64_s *s) uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; Hacl_SHA2_Scalar32_sha512_init(block_state); - struct Hacl_Streaming_MD_state_64_s tmp = { .block_state = block_state, - .buf = buf, - .total_len = - (uint64_t)(uint32_t)0U }; + struct Hacl_Streaming_MD_state_64_s tmp = { + .block_state = block_state, + .buf = buf, + .total_len = (uint64_t)(uint32_t)0U + }; s[0U] = tmp; } static inline Hacl_Streaming_Types_error_code -update_384_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *data, uint32_t len) +update_384_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *data, + uint32_t len) { struct Hacl_Streaming_MD_state_64_s s = *p; uint64_t total_len = s.total_len; @@ -721,9 +729,10 @@ update_384_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *data, uint32_t l uint8_t *buf2 = buf + sz1; memcpy(buf2, data, len * sizeof(uint8_t)); uint64_t total_len2 = total_len1 + (uint64_t)len; - *p = ((struct Hacl_Streaming_MD_state_64_s){ .block_state = block_state1, - .buf = buf, - .total_len = total_len2 }); + *p = ((struct Hacl_Streaming_MD_state_64_s){ + .block_state = block_state1, + .buf = buf, + .total_len = total_len2 }); } else if (sz == (uint32_t)0U) { struct Hacl_Streaming_MD_state_64_s s1 = *p; uint64_t *block_state1 = s1.block_state; @@ -781,10 +790,10 @@ update_384_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *data, uint32_t l uint8_t *buf2 = buf0 + sz10; memcpy(buf2, data1, diff * sizeof(uint8_t)); uint64_t total_len2 = total_len10 + (uint64_t)diff; - *p = ((struct Hacl_Streaming_MD_state_64_s){ .block_state = - block_state10, - .buf = buf0, - .total_len = total_len2 }); + *p = ((struct Hacl_Streaming_MD_state_64_s){ + .block_state = block_state10, + .buf = buf0, + .total_len = total_len2 }); struct Hacl_Streaming_MD_state_64_s s10 = *p; uint64_t *block_state1 = s10.block_state; uint8_t *buf = s10.buf; @@ -835,8 +844,8 @@ success, or 1 if the combined length of all of the data passed to `update_512` This function is identical to the update function for SHA2_384. */ Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, - uint32_t input_len) +Hacl_Streaming_SHA2_update_512(struct Hacl_Streaming_MD_state_64_s *p, + uint8_t *input, uint32_t input_len) { return update_384_512(p, input, input_len); } @@ -847,7 +856,8 @@ valid after a call to `finish_512`, meaning the user may feed more data into the hash via `update_512`. (The finish_512 function operates on an internal copy of the state and therefore does not invalidate the client-held state `p`.) */ -void Hacl_Streaming_SHA2_finish_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *dst) +void Hacl_Streaming_SHA2_finish_512(struct Hacl_Streaming_MD_state_64_s *p, + uint8_t *dst) { struct Hacl_Streaming_MD_state_64_s scrut = *p; uint64_t *block_state = scrut.block_state; @@ -887,16 +897,17 @@ void Hacl_Streaming_SHA2_init_384(struct Hacl_Streaming_MD_state_64_s *s) uint8_t *buf = scrut.buf; uint64_t *block_state = scrut.block_state; Hacl_SHA2_Scalar32_sha384_init(block_state); - struct Hacl_Streaming_MD_state_64_s tmp = { .block_state = block_state, - .buf = buf, - .total_len = - (uint64_t)(uint32_t)0U }; + struct Hacl_Streaming_MD_state_64_s tmp = { + .block_state = block_state, + .buf = buf, + .total_len = (uint64_t)(uint32_t)0U + }; s[0U] = tmp; } Hacl_Streaming_Types_error_code -Hacl_Streaming_SHA2_update_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, - uint32_t input_len) +Hacl_Streaming_SHA2_update_384(struct Hacl_Streaming_MD_state_64_s *p, + uint8_t *input, uint32_t input_len) { return update_384_512(p, input, input_len); } @@ -906,7 +917,8 @@ Write the resulting hash into `dst`, an array of 48 bytes. The state remains valid after a call to `finish_384`, meaning the user may feed more data into the hash via `update_384`. */ -void Hacl_Streaming_SHA2_finish_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *dst) +void Hacl_Streaming_SHA2_finish_384(struct Hacl_Streaming_MD_state_64_s *p, + uint8_t *dst) { struct Hacl_Streaming_MD_state_64_s scrut = *p; uint64_t *block_state = scrut.block_state; diff --git a/crypto/sha2-hacl.c b/crypto/sha2-hacl.c index efc9e09b1f1b9..6400fbce0ae0b 100644 --- a/crypto/sha2-hacl.c +++ b/crypto/sha2-hacl.c @@ -8,8 +8,8 @@ #include #include -#include "./hacl_hash.h" -#include "./hacl_lib.h" +#include "hacl_hash.h" +#include "hacl_lib.h" int hacl_sha256_update(struct shash_desc *desc, const u8 *data, unsigned int len) @@ -93,14 +93,15 @@ int hacl_sha512_finup(struct shash_desc *desc, const u8 *data, unsigned int len, st.buf = sctx->buf; st.total_len = sctx->count[0]; uint8_t res = Hacl_Streaming_SHA2_update_512(&st, (u8 *)data, len); - if (res == 0) { - if (crypto_shash_digestsize(desc->tfm) == SHA384_DIGEST_SIZE) - Hacl_Streaming_SHA2_finish_384(&st, hash); - else - Hacl_Streaming_SHA2_finish_512(&st, hash); - return 0; - } else - return res; + if (res == 0) { + if (crypto_shash_digestsize(desc->tfm) == SHA384_DIGEST_SIZE) + Hacl_Streaming_SHA2_finish_384(&st, hash); + else + Hacl_Streaming_SHA2_finish_512(&st, hash); + return 0; + } else { + return res; + } } EXPORT_SYMBOL(hacl_sha512_finup); From 3e1e8d2b597719a5b6b29dda8e19c423d192e837 Mon Sep 17 00:00:00 2001 From: armfazh Date: Mon, 16 Oct 2023 16:47:21 -0700 Subject: [PATCH 07/53] Updating comment style. --- crypto/hacl_hash.h | 104 ++++++++++++++++++----------------- crypto/hacl_lib.h | 6 +- crypto/sha2-hacl-generated.c | 10 ++-- 3 files changed, 62 insertions(+), 58 deletions(-) diff --git a/crypto/hacl_hash.h b/crypto/hacl_hash.h index a9524994e9023..1e10e54dfd6c2 100644 --- a/crypto/hacl_hash.h +++ b/crypto/hacl_hash.h @@ -122,34 +122,35 @@ static const uint64_t Hacl_Impl_SHA2_Generic_k384_512[80U] = { (uint64_t)0x5fcb6fab3ad6faecU, (uint64_t)0x6c44198c4a475817U }; -/** -Reset an existing state to the initial hash state with empty data. -*/ +/* + * Reset an existing state to the initial hash state with empty data. + */ void Hacl_Streaming_SHA2_init_256(struct Hacl_Streaming_MD_state_32_s *s); -/** -Feed an arbitrary amount of data into the hash. This function returns 0 for -success, or 1 if the combined length of all of the data passed to `update_256` -(since the last call to `init_256`) exceeds 2^61-1 bytes. - -This function is identical to the update function for SHA2_224. -*/ +/* + * Feed an arbitrary amount of data into the hash. This function returns 0 for + * success, or 1 if the combined length of all of the data passed to + * `update_256` (since the last call to `init_256`) exceeds 2^61-1 bytes. + * + * This function is identical to the update function for SHA2_224. + */ Hacl_Streaming_Types_error_code Hacl_Streaming_SHA2_update_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, uint32_t input_len); -/** -Write the resulting hash into `dst`, an array of 32 bytes. The state remains -valid after a call to `finish_256`, meaning the user may feed more data into -the hash via `update_256`. (The finish_256 function operates on an internal copy -of the state and therefore does not invalidate the client-held state `p`.) -*/ +/* + * Write the resulting hash into `dst`, an array of 32 bytes. The state remains + * valid after a call to `finish_256`, meaning the user may feed more data into + * the hash via `update_256`. (The finish_256 function operates on an internal + * copy of the state and therefore does not invalidate the client-held state + * `p`.) + */ void Hacl_Streaming_SHA2_finish_256(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *dst); -/** -Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes. -*/ +/* + * Hash `input`, of len `input_len`, into `dst`, an array of 32 bytes. + */ void Hacl_Streaming_SHA2_hash_256(uint8_t *input, uint32_t input_len, uint8_t *dst); @@ -159,45 +160,46 @@ Hacl_Streaming_Types_error_code Hacl_Streaming_SHA2_update_224(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *input, uint32_t input_len); -/** -Write the resulting hash into `dst`, an array of 28 bytes. The state remains -valid after a call to `finish_224`, meaning the user may feed more data into -the hash via `update_224`. -*/ +/* + * Write the resulting hash into `dst`, an array of 28 bytes. The state remains + * valid after a call to `finish_224`, meaning the user may feed more data into + * the hash via `update_224`. + */ void Hacl_Streaming_SHA2_finish_224(struct Hacl_Streaming_MD_state_32_s *p, uint8_t *dst); -/** -Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes. -*/ +/* + * Hash `input`, of len `input_len`, into `dst`, an array of 28 bytes. + */ void Hacl_Streaming_SHA2_hash_224(uint8_t *input, uint32_t input_len, uint8_t *dst); void Hacl_Streaming_SHA2_init_512(struct Hacl_Streaming_MD_state_64_s *s); -/** -Feed an arbitrary amount of data into the hash. This function returns 0 for -success, or 1 if the combined length of all of the data passed to `update_512` -(since the last call to `init_512`) exceeds 2^125-1 bytes. - -This function is identical to the update function for SHA2_384. -*/ +/* + * Feed an arbitrary amount of data into the hash. This function returns 0 for + * success, or 1 if the combined length of all of the data passed to + * `update_512` (since the last call to `init_512`) exceeds 2^125-1 bytes. + * + * This function is identical to the update function for SHA2_384. + */ Hacl_Streaming_Types_error_code Hacl_Streaming_SHA2_update_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, uint32_t input_len); -/** -Write the resulting hash into `dst`, an array of 64 bytes. The state remains -valid after a call to `finish_512`, meaning the user may feed more data into -the hash via `update_512`. (The finish_512 function operates on an internal copy -of the state and therefore does not invalidate the client-held state `p`.) -*/ +/* + * Write the resulting hash into `dst`, an array of 64 bytes. The state remains + * valid after a call to `finish_512`, meaning the user may feed more data into + * the hash via `update_512`. (The finish_512 function operates on an internal + * copy of the state and therefore does not invalidate the client-held state + * `p`.) + */ void Hacl_Streaming_SHA2_finish_512(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *dst); -/** -Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes. -*/ +/* + * Hash `input`, of len `input_len`, into `dst`, an array of 64 bytes. + */ void Hacl_Streaming_SHA2_hash_512(uint8_t *input, uint32_t input_len, uint8_t *dst); @@ -207,16 +209,16 @@ Hacl_Streaming_Types_error_code Hacl_Streaming_SHA2_update_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *input, uint32_t input_len); -/** -Write the resulting hash into `dst`, an array of 48 bytes. The state remains -valid after a call to `finish_384`, meaning the user may feed more data into -the hash via `update_384`. -*/ +/* + * Write the resulting hash into `dst`, an array of 48 bytes. The state remains + * valid after a call to `finish_384`, meaning the user may feed more data into + * the hash via `update_384`. + */ void Hacl_Streaming_SHA2_finish_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *dst); -/** -Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes. -*/ +/* + * Hash `input`, of len `input_len`, into `dst`, an array of 48 bytes. + */ void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst); diff --git a/crypto/hacl_lib.h b/crypto/hacl_lib.h index b6e3e015294d3..7ecb4db961767 100644 --- a/crypto/hacl_lib.h +++ b/crypto/hacl_lib.h @@ -30,8 +30,10 @@ static inline u128 FStar_UInt128_uint64_to_uint128(u64 x) return ((u128)x); } -/* Loads and stores. These avoid undefined behavior due to unaligned memory - * accesses, via memcpy. */ +/* + * Loads and stores. These avoid undefined behavior due to unaligned memory + * accesses, via memcpy. + */ #define load32_be(b) (get_unaligned_be32(b)) #define store32_be(b, i) put_unaligned_be32(i, b); diff --git a/crypto/sha2-hacl-generated.c b/crypto/sha2-hacl-generated.c index 9f3bfa4824219..a90e1cdc24a9f 100644 --- a/crypto/sha2-hacl-generated.c +++ b/crypto/sha2-hacl-generated.c @@ -912,11 +912,11 @@ Hacl_Streaming_SHA2_update_384(struct Hacl_Streaming_MD_state_64_s *p, return update_384_512(p, input, input_len); } -/** -Write the resulting hash into `dst`, an array of 48 bytes. The state remains -valid after a call to `finish_384`, meaning the user may feed more data into -the hash via `update_384`. -*/ +/* + * Write the resulting hash into `dst`, an array of 48 bytes. The state remains + * valid after a call to `finish_384`, meaning the user may feed more data into + * the hash via `update_384`. + */ void Hacl_Streaming_SHA2_finish_384(struct Hacl_Streaming_MD_state_64_s *p, uint8_t *dst) { From d9921ac0734ba9d3004fd22f5546c3d06ee6bb18 Mon Sep 17 00:00:00 2001 From: armfazh Date: Mon, 16 Oct 2023 16:47:46 -0700 Subject: [PATCH 08/53] Adding CRYPTO_SHA2_HACL module. --- zeta/test-artifacts/config-um | 6 ++++++ zeta/test-artifacts/test-script.sh | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/zeta/test-artifacts/config-um b/zeta/test-artifacts/config-um index 06d98e23e21b5..b7c9b183457c6 100644 --- a/zeta/test-artifacts/config-um +++ b/zeta/test-artifacts/config-um @@ -1403,6 +1403,12 @@ CONFIG_CRYPTO_AUTHENC=y CONFIG_CRYPTO_TEST=m # end of Crypto core or helper +# +# HACL implementation +# +CONFIG_CRYPTO_SHA2_HACL=y +# end of HACL implementation + # # Public-key cryptography # diff --git a/zeta/test-artifacts/test-script.sh b/zeta/test-artifacts/test-script.sh index 1ff9b2df6fe9d..3a7b53c6db47d 100755 --- a/zeta/test-artifacts/test-script.sh +++ b/zeta/test-artifacts/test-script.sh @@ -1,5 +1,11 @@ #!/bin/busybox sh +echo "tcrypt: starting CRYPTO_SHA2_HACL" +modprobe tcrypt mode=300 alg=sha224-hacl sec=2 +modprobe tcrypt mode=300 alg=sha256-hacl sec=2 +modprobe tcrypt mode=300 alg=sha384-hacl sec=2 +modprobe tcrypt mode=300 alg=sha512-hacl sec=2 + echo "tcrypt: starting SHA2 (256) test" echo "tcrypt: testing sha256 generic implementation" modprobe tcrypt mode=300 alg=sha256-generic sec=2 From b8d989ed3117cd5acb3ac6387168af7d72b1f640 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 24 Oct 2023 16:32:13 +0200 Subject: [PATCH 09/53] hacl sha3 --- crypto/Kconfig | 6 + crypto/Makefile | 1 + crypto/hacl_hash.h | 42 +++ crypto/hacl_lib.h | 9 + crypto/sha3-hacl-generated.c | 581 +++++++++++++++++++++++++++++++++++ crypto/sha3-hacl.c | 149 +++++++++ 6 files changed, 788 insertions(+) create mode 100644 crypto/sha3-hacl-generated.c create mode 100644 crypto/sha3-hacl.c diff --git a/crypto/Kconfig b/crypto/Kconfig index e35350102a433..f4a1ce2c9bffc 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1044,6 +1044,12 @@ config CRYPTO_SHA3 help SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) +config CRYPTO_SHA3_HACL + tristate "SHA-3" + select CRYPTO_HASH + help + SHA-3 secure hash algorithms (FIPS 202, ISO/IEC 10118-3) from HACL* + config CRYPTO_SM3 tristate diff --git a/crypto/Makefile b/crypto/Makefile index 2c88f3c8ce4db..c76607910477e 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -80,6 +80,7 @@ obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o obj-$(CONFIG_CRYPTO_SHA2_HACL) += sha2-hacl-generated.o sha2-hacl.o obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o +obj-$(CONFIG_CRYPTO_SHA3_HACL) += sha3-hacl-generated.o sha3-hacl.o obj-$(CONFIG_CRYPTO_SM3) += sm3.o obj-$(CONFIG_CRYPTO_SM3_GENERIC) += sm3_generic.o obj-$(CONFIG_CRYPTO_STREEBOG) += streebog_generic.o diff --git a/crypto/hacl_hash.h b/crypto/hacl_hash.h index 1e10e54dfd6c2..89a60a04a042a 100644 --- a/crypto/hacl_hash.h +++ b/crypto/hacl_hash.h @@ -9,6 +9,15 @@ #include "hacl_lib.h" +#define Spec_Hash_Definitions_SHA3_256 8 +#define Spec_Hash_Definitions_SHA3_224 9 +#define Spec_Hash_Definitions_SHA3_384 10 +#define Spec_Hash_Definitions_SHA3_512 11 +#define Spec_Hash_Definitions_Shake128 12 +#define Spec_Hash_Definitions_Shake256 13 + +typedef uint8_t Spec_Hash_Definitions_hash_alg; + #define Hacl_Streaming_Types_Success 0 #define Hacl_Streaming_Types_InvalidAlgorithm 1 #define Hacl_Streaming_Types_InvalidLength 2 @@ -222,4 +231,37 @@ void Hacl_Streaming_SHA2_finish_384(struct Hacl_Streaming_MD_state_64_s *p, void Hacl_Streaming_SHA2_hash_384(uint8_t *input, uint32_t input_len, uint8_t *dst); +struct Hacl_Streaming_Keccak_hash_buf_s { + Spec_Hash_Definitions_hash_alg fst; + uint64_t *snd; +}; + +struct Hacl_Streaming_Keccak_state_s { + struct Hacl_Streaming_Keccak_hash_buf_s block_state; + uint8_t *buf; + uint64_t total_len; +}; + +Hacl_Streaming_Types_error_code +Hacl_Streaming_Keccak_update(struct Hacl_Streaming_Keccak_state_s *p, + uint8_t *data, uint32_t len); + +Hacl_Streaming_Types_error_code +Hacl_Streaming_Keccak_finish(struct Hacl_Streaming_Keccak_state_s *p, + uint8_t *out); + +void Hacl_SHA3_shake128_hacl(uint32_t inputByteLen, uint8_t *input, + uint32_t outputByteLen, uint8_t *output); + +void Hacl_SHA3_shake256_hacl(uint32_t inputByteLen, uint8_t *input, + uint32_t outputByteLen, uint8_t *output); + +void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + +void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output); + #endif // CRYPTO_HACL_HASH_H_ diff --git a/crypto/hacl_lib.h b/crypto/hacl_lib.h index 7ecb4db961767..619ac3abfde8b 100644 --- a/crypto/hacl_lib.h +++ b/crypto/hacl_lib.h @@ -40,6 +40,11 @@ static inline u128 FStar_UInt128_uint64_to_uint128(u64 x) #define load64_be(b) (get_unaligned_be64(b)) #define store64_be(b, i) put_unaligned_be64(i, b); +#define load32_le(b) (get_unaligned_le32(b)) +#define store32_le(b, i) put_unaligned_le32(i, b); +#define load64_le(b) (get_unaligned_le64(b)) +#define store64_le(b, i) put_unaligned_le64(i, b); + static inline void store128_be(u8 *buf, u128 x) { store64_be(buf, (u64)(x >> 64)); @@ -230,4 +235,8 @@ static inline void store128_be(u8 *buf, u128 x) #define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif +#ifndef KRML_HOST_IGNORE +#define KRML_HOST_IGNORE(x) (void)(x) +#endif + #endif // CRYPTO_HACL_LIB_H_ diff --git a/crypto/sha3-hacl-generated.c b/crypto/sha3-hacl-generated.c new file mode 100644 index 0000000000000..53d624ccb166d --- /dev/null +++ b/crypto/sha3-hacl-generated.c @@ -0,0 +1,581 @@ +/* GPLv2 or MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + */ + +#include "hacl_hash.h" +#include "hacl_lib.h" + +static uint32_t block_len(Spec_Hash_Definitions_hash_alg a) +{ + switch (a) { + case Spec_Hash_Definitions_SHA3_224: { + return (uint32_t)144U; + } + case Spec_Hash_Definitions_SHA3_256: { + return (uint32_t)136U; + } + case Spec_Hash_Definitions_SHA3_384: { + return (uint32_t)104U; + } + case Spec_Hash_Definitions_SHA3_512: { + return (uint32_t)72U; + } + case Spec_Hash_Definitions_Shake128: { + return (uint32_t)168U; + } + case Spec_Hash_Definitions_Shake256: { + return (uint32_t)136U; + } + default: { + return (uint32_t)144U; + } + } +} + +static uint32_t hash_len(Spec_Hash_Definitions_hash_alg a) +{ + switch (a) { + case Spec_Hash_Definitions_SHA3_224: { + return (uint32_t)28U; + } + case Spec_Hash_Definitions_SHA3_256: { + return (uint32_t)32U; + } + case Spec_Hash_Definitions_SHA3_384: { + return (uint32_t)48U; + } + case Spec_Hash_Definitions_SHA3_512: { + return (uint32_t)64U; + } + default: { + return (uint32_t)64U; + } + } +} + +static void Hacl_Impl_SHA3_loadState(uint32_t rateInBytes, uint8_t *input, + uint64_t *s) +{ + uint8_t block[200U] = { 0U }; + memcpy(block, input, rateInBytes * sizeof(uint8_t)); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++) { + uint64_t u = load64_le(block + i * (uint32_t)8U); + uint64_t x = u; + s[i] = s[i] ^ x; + } +} + +static void storeState(uint32_t rateInBytes, uint64_t *s, uint8_t *res) +{ + uint8_t block[200U] = { 0U }; + for (uint32_t i = (uint32_t)0U; i < (uint32_t)25U; i++) { + uint64_t sj = s[i]; + store64_le(block + i * (uint32_t)8U, sj); + } + memcpy(res, block, rateInBytes * sizeof(uint8_t)); +} + +static const uint32_t keccak_rotc[24U] = { + (uint32_t)1U, (uint32_t)3U, (uint32_t)6U, (uint32_t)10U, + (uint32_t)15U, (uint32_t)21U, (uint32_t)28U, (uint32_t)36U, + (uint32_t)45U, (uint32_t)55U, (uint32_t)2U, (uint32_t)14U, + (uint32_t)27U, (uint32_t)41U, (uint32_t)56U, (uint32_t)8U, + (uint32_t)25U, (uint32_t)43U, (uint32_t)62U, (uint32_t)18U, + (uint32_t)39U, (uint32_t)61U, (uint32_t)20U, (uint32_t)44U +}; + +static const uint32_t keccak_piln[24U] = { + (uint32_t)10U, (uint32_t)7U, (uint32_t)11U, (uint32_t)17U, + (uint32_t)18U, (uint32_t)3U, (uint32_t)5U, (uint32_t)16U, + (uint32_t)8U, (uint32_t)21U, (uint32_t)24U, (uint32_t)4U, + (uint32_t)15U, (uint32_t)23U, (uint32_t)19U, (uint32_t)13U, + (uint32_t)12U, (uint32_t)2U, (uint32_t)20U, (uint32_t)14U, + (uint32_t)22U, (uint32_t)9U, (uint32_t)6U, (uint32_t)1U +}; + +static const uint64_t keccak_rndc[24U] = { + (uint64_t)0x0000000000000001U, (uint64_t)0x0000000000008082U, + (uint64_t)0x800000000000808aU, (uint64_t)0x8000000080008000U, + (uint64_t)0x000000000000808bU, (uint64_t)0x0000000080000001U, + (uint64_t)0x8000000080008081U, (uint64_t)0x8000000000008009U, + (uint64_t)0x000000000000008aU, (uint64_t)0x0000000000000088U, + (uint64_t)0x0000000080008009U, (uint64_t)0x000000008000000aU, + (uint64_t)0x000000008000808bU, (uint64_t)0x800000000000008bU, + (uint64_t)0x8000000000008089U, (uint64_t)0x8000000000008003U, + (uint64_t)0x8000000000008002U, (uint64_t)0x8000000000000080U, + (uint64_t)0x000000000000800aU, (uint64_t)0x800000008000000aU, + (uint64_t)0x8000000080008081U, (uint64_t)0x8000000000008080U, + (uint64_t)0x0000000080000001U, (uint64_t)0x8000000080008008U +}; + +static void Hacl_Impl_SHA3_state_permute(uint64_t *s) +{ + for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)24U; i0++) { + uint64_t _C[5U] = { 0U }; + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, + _C[i] = s[i + (uint32_t)0U] ^ + (s[i + (uint32_t)5U] ^ + (s[i + (uint32_t)10U] ^ + (s[i + (uint32_t)15U] ^ + s[i + (uint32_t)20U])));); + KRML_MAYBE_FOR5( + i1, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, + uint64_t uu____0 = + _C[(i1 + (uint32_t)1U) % (uint32_t)5U]; + uint64_t _D = _C[(i1 + (uint32_t)4U) % (uint32_t)5U] ^ + (uu____0 << (uint32_t)1U | + uu____0 >> (uint32_t)63U); + KRML_MAYBE_FOR5( + i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, + s[i1 + (uint32_t)5U * i] = + s[i1 + (uint32_t)5U * i] ^ _D;);); + uint64_t x = s[1U]; + uint64_t curr = x; + for (uint32_t i = (uint32_t)0U; i < (uint32_t)24U; i++) { + uint32_t _Y = keccak_piln[i]; + uint32_t r = keccak_rotc[i]; + uint64_t temp = s[_Y]; + uint64_t uu____1 = curr; + s[_Y] = uu____1 << r | uu____1 >> ((uint32_t)64U - r); + curr = temp; + } + KRML_MAYBE_FOR5( + i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, + uint64_t v0 = s[(uint32_t)0U + (uint32_t)5U * i] ^ + (~s[(uint32_t)1U + (uint32_t)5U * i] & + s[(uint32_t)2U + (uint32_t)5U * i]); + uint64_t v1 = s[(uint32_t)1U + (uint32_t)5U * i] ^ + (~s[(uint32_t)2U + (uint32_t)5U * i] & + s[(uint32_t)3U + (uint32_t)5U * i]); + uint64_t v2 = s[(uint32_t)2U + (uint32_t)5U * i] ^ + (~s[(uint32_t)3U + (uint32_t)5U * i] & + s[(uint32_t)4U + (uint32_t)5U * i]); + uint64_t v3 = s[(uint32_t)3U + (uint32_t)5U * i] ^ + (~s[(uint32_t)4U + (uint32_t)5U * i] & + s[(uint32_t)0U + (uint32_t)5U * i]); + uint64_t v4 = s[(uint32_t)4U + (uint32_t)5U * i] ^ + (~s[(uint32_t)0U + (uint32_t)5U * i] & + s[(uint32_t)1U + (uint32_t)5U * i]); + s[(uint32_t)0U + (uint32_t)5U * i] = v0; + s[(uint32_t)1U + (uint32_t)5U * i] = v1; + s[(uint32_t)2U + (uint32_t)5U * i] = v2; + s[(uint32_t)3U + (uint32_t)5U * i] = v3; + s[(uint32_t)4U + (uint32_t)5U * i] = v4;); + uint64_t c = keccak_rndc[i0]; + s[0U] = s[0U] ^ c; + } +} + +static void Hacl_Impl_SHA3_absorb_inner(uint32_t rateInBytes, uint8_t *block, + uint64_t *s) +{ + Hacl_Impl_SHA3_loadState(rateInBytes, block, s); + Hacl_Impl_SHA3_state_permute(s); +} + +static void absorb(uint64_t *s, uint32_t rateInBytes, uint32_t inputByteLen, + uint8_t *input, uint8_t delimitedSuffix) +{ + uint32_t n_blocks = inputByteLen / rateInBytes; + uint32_t rem = inputByteLen % rateInBytes; + for (uint32_t i = (uint32_t)0U; i < n_blocks; i++) { + uint8_t *block = input + i * rateInBytes; + Hacl_Impl_SHA3_absorb_inner(rateInBytes, block, s); + } + uint8_t *last = input + n_blocks * rateInBytes; + uint8_t lastBlock_[200U] = { 0U }; + uint8_t *lastBlock = lastBlock_; + memcpy(lastBlock, last, rem * sizeof(uint8_t)); + lastBlock[rem] = delimitedSuffix; + Hacl_Impl_SHA3_loadState(rateInBytes, lastBlock, s); + if (!((delimitedSuffix & (uint8_t)0x80U) == (uint8_t)0U) && + rem == rateInBytes - (uint32_t)1U) { + Hacl_Impl_SHA3_state_permute(s); + } + uint8_t nextBlock_[200U] = { 0U }; + uint8_t *nextBlock = nextBlock_; + nextBlock[rateInBytes - (uint32_t)1U] = (uint8_t)0x80U; + Hacl_Impl_SHA3_loadState(rateInBytes, nextBlock, s); + Hacl_Impl_SHA3_state_permute(s); +} + +static void Hacl_Hash_SHA3_update_multi_sha3(Spec_Hash_Definitions_hash_alg a, + uint64_t *s, uint8_t *blocks, + uint32_t n_blocks) +{ + for (uint32_t i = (uint32_t)0U; i < n_blocks; i++) { + uint8_t *block = blocks + i * block_len(a); + Hacl_Impl_SHA3_absorb_inner(block_len(a), block, s); + } +} + +static void Hacl_Hash_SHA3_update_last_sha3(Spec_Hash_Definitions_hash_alg a, + uint64_t *s, uint8_t *input, + uint32_t input_len) +{ + uint8_t suffix; + if (a == Spec_Hash_Definitions_Shake128 || + a == Spec_Hash_Definitions_Shake256) { + suffix = (uint8_t)0x1fU; + } else { + suffix = (uint8_t)0x06U; + } + uint32_t len = block_len(a); + if (input_len == len) { + Hacl_Impl_SHA3_absorb_inner(len, input, s); + uint8_t *uu____0 = input + input_len; + uint8_t lastBlock_[200U] = { 0U }; + uint8_t *lastBlock = lastBlock_; + memcpy(lastBlock, uu____0, (uint32_t)0U * sizeof(uint8_t)); + lastBlock[0U] = suffix; + Hacl_Impl_SHA3_loadState(len, lastBlock, s); + if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && + (uint32_t)0U == len - (uint32_t)1U) { + Hacl_Impl_SHA3_state_permute(s); + } + uint8_t nextBlock_[200U] = { 0U }; + uint8_t *nextBlock = nextBlock_; + nextBlock[len - (uint32_t)1U] = (uint8_t)0x80U; + Hacl_Impl_SHA3_loadState(len, nextBlock, s); + Hacl_Impl_SHA3_state_permute(s); + return; + } + uint8_t lastBlock_[200U] = { 0U }; + uint8_t *lastBlock = lastBlock_; + memcpy(lastBlock, input, input_len * sizeof(uint8_t)); + lastBlock[input_len] = suffix; + Hacl_Impl_SHA3_loadState(len, lastBlock, s); + if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && + input_len == len - (uint32_t)1U) { + Hacl_Impl_SHA3_state_permute(s); + } + uint8_t nextBlock_[200U] = { 0U }; + uint8_t *nextBlock = nextBlock_; + nextBlock[len - (uint32_t)1U] = (uint8_t)0x80U; + Hacl_Impl_SHA3_loadState(len, nextBlock, s); + Hacl_Impl_SHA3_state_permute(s); +} + +typedef struct hash_buf2_s { + struct Hacl_Streaming_Keccak_hash_buf_s fst; + struct Hacl_Streaming_Keccak_hash_buf_s snd; +} hash_buf2; + +static Spec_Hash_Definitions_hash_alg +Hacl_Streaming_Keccak_get_alg(struct Hacl_Streaming_Keccak_state_s *s) +{ + struct Hacl_Streaming_Keccak_state_s scrut = *s; + struct Hacl_Streaming_Keccak_hash_buf_s block_state = scrut.block_state; + return block_state.fst; +} + +void Hacl_Streaming_Keccak_reset(struct Hacl_Streaming_Keccak_state_s *s) +{ + struct Hacl_Streaming_Keccak_state_s scrut = *s; + uint8_t *buf = scrut.buf; + struct Hacl_Streaming_Keccak_hash_buf_s block_state = scrut.block_state; + Spec_Hash_Definitions_hash_alg i = block_state.fst; + KRML_HOST_IGNORE(i); + uint64_t *s1 = block_state.snd; + memset(s1, 0U, (uint32_t)25U * sizeof(uint64_t)); + struct Hacl_Streaming_Keccak_state_s tmp = { + .block_state = block_state, + .buf = buf, + .total_len = (uint64_t)(uint32_t)0U + }; + s[0U] = tmp; +} + +Hacl_Streaming_Types_error_code +Hacl_Streaming_Keccak_update(struct Hacl_Streaming_Keccak_state_s *p, + uint8_t *data, uint32_t len) +{ + struct Hacl_Streaming_Keccak_state_s s = *p; + struct Hacl_Streaming_Keccak_hash_buf_s block_state = s.block_state; + uint64_t total_len = s.total_len; + Spec_Hash_Definitions_hash_alg i = block_state.fst; + if ((uint64_t)len > (uint64_t)0xFFFFFFFFFFFFFFFFU - total_len) { + return Hacl_Streaming_Types_MaximumLengthExceeded; + } + uint32_t sz; + if (total_len % (uint64_t)block_len(i) == (uint64_t)0U && + total_len > (uint64_t)0U) { + sz = block_len(i); + } else { + sz = (uint32_t)(total_len % (uint64_t)block_len(i)); + } + if (len <= block_len(i) - sz) { + struct Hacl_Streaming_Keccak_state_s s1 = *p; + struct Hacl_Streaming_Keccak_hash_buf_s block_state1 = + s1.block_state; + uint8_t *buf = s1.buf; + uint64_t total_len1 = s1.total_len; + uint32_t sz1; + if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && + total_len1 > (uint64_t)0U) { + sz1 = block_len(i); + } else { + sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i)); + } + uint8_t *buf2 = buf + sz1; + memcpy(buf2, data, len * sizeof(uint8_t)); + uint64_t total_len2 = total_len1 + (uint64_t)len; + *p = ((struct Hacl_Streaming_Keccak_state_s){ + .block_state = block_state1, + .buf = buf, + .total_len = total_len2 }); + } else if (sz == (uint32_t)0U) { + struct Hacl_Streaming_Keccak_state_s s1 = *p; + struct Hacl_Streaming_Keccak_hash_buf_s block_state1 = + s1.block_state; + uint8_t *buf = s1.buf; + uint64_t total_len1 = s1.total_len; + uint32_t sz1; + if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && + total_len1 > (uint64_t)0U) { + sz1 = block_len(i); + } else { + sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i)); + } + if (!(sz1 == (uint32_t)0U)) { + Spec_Hash_Definitions_hash_alg a1 = block_state1.fst; + uint64_t *s2 = block_state1.snd; + Hacl_Hash_SHA3_update_multi_sha3( + a1, s2, buf, block_len(i) / block_len(a1)); + } + uint32_t ite; + if ((uint64_t)len % (uint64_t)block_len(i) == (uint64_t)0U && + (uint64_t)len > (uint64_t)0U) { + ite = block_len(i); + } else { + ite = (uint32_t)((uint64_t)len % + (uint64_t)block_len(i)); + } + uint32_t n_blocks = (len - ite) / block_len(i); + uint32_t data1_len = n_blocks * block_len(i); + uint32_t data2_len = len - data1_len; + uint8_t *data1 = data; + uint8_t *data2 = data + data1_len; + Spec_Hash_Definitions_hash_alg a1 = block_state1.fst; + uint64_t *s2 = block_state1.snd; + Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data1, + data1_len / block_len(a1)); + uint8_t *dst = buf; + memcpy(dst, data2, data2_len * sizeof(uint8_t)); + *p = ((struct Hacl_Streaming_Keccak_state_s){ + .block_state = block_state1, + .buf = buf, + .total_len = total_len1 + (uint64_t)len }); + } else { + uint32_t diff = block_len(i) - sz; + uint8_t *data1 = data; + uint8_t *data2 = data + diff; + struct Hacl_Streaming_Keccak_state_s s1 = *p; + struct Hacl_Streaming_Keccak_hash_buf_s block_state10 = + s1.block_state; + uint8_t *buf0 = s1.buf; + uint64_t total_len10 = s1.total_len; + uint32_t sz10; + if (total_len10 % (uint64_t)block_len(i) == (uint64_t)0U && + total_len10 > (uint64_t)0U) { + sz10 = block_len(i); + } else { + sz10 = (uint32_t)(total_len10 % (uint64_t)block_len(i)); + } + uint8_t *buf2 = buf0 + sz10; + memcpy(buf2, data1, diff * sizeof(uint8_t)); + uint64_t total_len2 = total_len10 + (uint64_t)diff; + *p = ((struct Hacl_Streaming_Keccak_state_s){ + .block_state = block_state10, + .buf = buf0, + .total_len = total_len2 }); + struct Hacl_Streaming_Keccak_state_s s10 = *p; + struct Hacl_Streaming_Keccak_hash_buf_s block_state1 = + s10.block_state; + uint8_t *buf = s10.buf; + uint64_t total_len1 = s10.total_len; + uint32_t sz1; + if (total_len1 % (uint64_t)block_len(i) == (uint64_t)0U && + total_len1 > (uint64_t)0U) { + sz1 = block_len(i); + } else { + sz1 = (uint32_t)(total_len1 % (uint64_t)block_len(i)); + } + if (!(sz1 == (uint32_t)0U)) { + Spec_Hash_Definitions_hash_alg a1 = block_state1.fst; + uint64_t *s2 = block_state1.snd; + Hacl_Hash_SHA3_update_multi_sha3( + a1, s2, buf, block_len(i) / block_len(a1)); + } + uint32_t ite; + if ((uint64_t)(len - diff) % (uint64_t)block_len(i) == + (uint64_t)0U && + (uint64_t)(len - diff) > (uint64_t)0U) { + ite = block_len(i); + } else { + ite = (uint32_t)((uint64_t)(len - diff) % + (uint64_t)block_len(i)); + } + uint32_t n_blocks = (len - diff - ite) / block_len(i); + uint32_t data1_len = n_blocks * block_len(i); + uint32_t data2_len = len - diff - data1_len; + uint8_t *data11 = data2; + uint8_t *data21 = data2 + data1_len; + Spec_Hash_Definitions_hash_alg a1 = block_state1.fst; + uint64_t *s2 = block_state1.snd; + Hacl_Hash_SHA3_update_multi_sha3(a1, s2, data11, + data1_len / block_len(a1)); + uint8_t *dst = buf; + memcpy(dst, data21, data2_len * sizeof(uint8_t)); + *p = ((struct Hacl_Streaming_Keccak_state_s){ + .block_state = block_state1, + .buf = buf, + .total_len = total_len1 + (uint64_t)(len - diff) }); + } + return Hacl_Streaming_Types_Success; +} + +static void Hacl_Impl_SHA3_squeeze(uint64_t *s, uint32_t rateInBytes, + uint32_t outputByteLen, uint8_t *output) +{ + uint32_t outBlocks = outputByteLen / rateInBytes; + uint32_t remOut = outputByteLen % rateInBytes; + uint8_t *last = output + outputByteLen - remOut; + uint8_t *blocks = output; + for (uint32_t i = (uint32_t)0U; i < outBlocks; i++) { + storeState(rateInBytes, s, blocks + i * rateInBytes); + Hacl_Impl_SHA3_state_permute(s); + } + storeState(remOut, s, last); +} + +static void finish_(Spec_Hash_Definitions_hash_alg a, + struct Hacl_Streaming_Keccak_state_s *p, uint8_t *dst, + uint32_t l) +{ + struct Hacl_Streaming_Keccak_state_s scrut0 = *p; + struct Hacl_Streaming_Keccak_hash_buf_s block_state = + scrut0.block_state; + uint8_t *buf_ = scrut0.buf; + uint64_t total_len = scrut0.total_len; + uint32_t r; + if (total_len % (uint64_t)block_len(a) == (uint64_t)0U && + total_len > (uint64_t)0U) { + r = block_len(a); + } else { + r = (uint32_t)(total_len % (uint64_t)block_len(a)); + } + uint8_t *buf_1 = buf_; + uint64_t buf[25U] = { 0U }; + struct Hacl_Streaming_Keccak_hash_buf_s tmp_block_state = { + .fst = a, .snd = buf + }; + hash_buf2 scrut = { .fst = block_state, .snd = tmp_block_state }; + uint64_t *s_dst = scrut.snd.snd; + uint64_t *s_src = scrut.fst.snd; + memcpy(s_dst, s_src, (uint32_t)25U * sizeof(uint64_t)); + uint32_t ite; + if (r % block_len(a) == (uint32_t)0U && r > (uint32_t)0U) { + ite = block_len(a); + } else { + ite = r % block_len(a); + } + uint8_t *buf_last = buf_1 + r - ite; + uint8_t *buf_multi = buf_1; + Spec_Hash_Definitions_hash_alg a1 = tmp_block_state.fst; + uint64_t *s0 = tmp_block_state.snd; + Hacl_Hash_SHA3_update_multi_sha3(a1, s0, buf_multi, + (uint32_t)0U / block_len(a1)); + Spec_Hash_Definitions_hash_alg a10 = tmp_block_state.fst; + uint64_t *s1 = tmp_block_state.snd; + Hacl_Hash_SHA3_update_last_sha3(a10, s1, buf_last, r); + Spec_Hash_Definitions_hash_alg a11 = tmp_block_state.fst; + uint64_t *s = tmp_block_state.snd; + if (a11 == Spec_Hash_Definitions_Shake128 || + a11 == Spec_Hash_Definitions_Shake256) { + Hacl_Impl_SHA3_squeeze(s, block_len(a11), l, dst); + return; + } + Hacl_Impl_SHA3_squeeze(s, block_len(a11), hash_len(a11), dst); +} + +Hacl_Streaming_Types_error_code +Hacl_Streaming_Keccak_finish(struct Hacl_Streaming_Keccak_state_s *s, + uint8_t *dst) +{ + Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s); + if (a1 == Spec_Hash_Definitions_Shake128 || + a1 == Spec_Hash_Definitions_Shake256) { + return Hacl_Streaming_Types_InvalidAlgorithm; + } + finish_(a1, s, dst, hash_len(a1)); + return Hacl_Streaming_Types_Success; +} + +Hacl_Streaming_Types_error_code +Hacl_Streaming_Keccak_squeeze(struct Hacl_Streaming_Keccak_state_s *s, + uint8_t *dst, uint32_t l) +{ + Spec_Hash_Definitions_hash_alg a1 = Hacl_Streaming_Keccak_get_alg(s); + if (!(a1 == Spec_Hash_Definitions_Shake128 || + a1 == Spec_Hash_Definitions_Shake256)) { + return Hacl_Streaming_Types_InvalidAlgorithm; + } + if (l == (uint32_t)0U) { + return Hacl_Streaming_Types_InvalidLength; + } + finish_(a1, s, dst, l); + return Hacl_Streaming_Types_Success; +} + +static void Hacl_Impl_SHA3_keccak(uint32_t rate, uint32_t capacity, + uint32_t inputByteLen, uint8_t *input, + uint8_t delimitedSuffix, + uint32_t outputByteLen, uint8_t *output) +{ + uint32_t rateInBytes = rate / (uint32_t)8U; + uint64_t s[25U] = { 0U }; + absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix); + Hacl_Impl_SHA3_squeeze(s, rateInBytes, outputByteLen, output); +} + +void Hacl_SHA3_shake128_hacl(uint32_t inputByteLen, uint8_t *input, + uint32_t outputByteLen, uint8_t *output) +{ + Hacl_Impl_SHA3_keccak((uint32_t)1344U, (uint32_t)256U, inputByteLen, + input, (uint8_t)0x1FU, outputByteLen, output); +} + +void Hacl_SHA3_shake256_hacl(uint32_t inputByteLen, uint8_t *input, + uint32_t outputByteLen, uint8_t *output) +{ + Hacl_Impl_SHA3_keccak((uint32_t)1088U, (uint32_t)512U, inputByteLen, + input, (uint8_t)0x1FU, outputByteLen, output); +} + +void Hacl_SHA3_sha3_224(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + Hacl_Impl_SHA3_keccak((uint32_t)1152U, (uint32_t)448U, inputByteLen, + input, (uint8_t)0x06U, (uint32_t)28U, output); +} + +void Hacl_SHA3_sha3_256(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + Hacl_Impl_SHA3_keccak((uint32_t)1088U, (uint32_t)512U, inputByteLen, + input, (uint8_t)0x06U, (uint32_t)32U, output); +} + +void Hacl_SHA3_sha3_384(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + Hacl_Impl_SHA3_keccak((uint32_t)832U, (uint32_t)768U, inputByteLen, + input, (uint8_t)0x06U, (uint32_t)48U, output); +} + +void Hacl_SHA3_sha3_512(uint32_t inputByteLen, uint8_t *input, uint8_t *output) +{ + Hacl_Impl_SHA3_keccak((uint32_t)576U, (uint32_t)1024U, inputByteLen, + input, (uint8_t)0x06U, (uint32_t)64U, output); +} diff --git a/crypto/sha3-hacl.c b/crypto/sha3-hacl.c new file mode 100644 index 0000000000000..70957a40166d6 --- /dev/null +++ b/crypto/sha3-hacl.c @@ -0,0 +1,149 @@ +/* GPLv2 or MIT License + * + * Copyright (c) 2023 Cryspen + * + */ + +#include + +#include "hacl_hash.h" +#include "hacl_lib.h" + +int hacl_sha3_init(struct shash_desc *desc) +{ + struct sha3_state *sctx = shash_desc_ctx(desc); + unsigned int digest_size = crypto_shash_digestsize(desc->tfm); + sctx->rsiz = 200 - 2 * digest_size; + sctx->rsizw = sctx->rsiz / 8; + sctx->partial = 0; + memset(sctx->st, 0, sizeof(sctx->st)); + return 0; +} +EXPORT_SYMBOL(hacl_sha3_init); + +Spec_Hash_Definitions_hash_alg hacl_sha3_alg(unsigned int rsiz) +{ + switch (rsiz) { + case 144: { + return Spec_Hash_Definitions_SHA3_224; + } + case 136: { + return Spec_Hash_Definitions_SHA3_256; + } + case 104: { + return Spec_Hash_Definitions_SHA3_384; + } + case 72: { + return Spec_Hash_Definitions_SHA3_512; + } + default: { + return Spec_Hash_Definitions_SHA3_256; + } + } +} + +int hacl_sha3_update(struct shash_desc *desc, const u8 *data, unsigned int len) +{ + struct sha3_state *sctx = shash_desc_ctx(desc); + struct Hacl_Streaming_Keccak_state_s st; + st.block_state.fst = hacl_sha3_alg(sctx->rsiz); + st.block_state.snd = sctx->st; + st.buf = sctx->buf; + st.total_len = 0; + uint8_t ret = Hacl_Streaming_Keccak_update(&st, (uint8_t *)data, len); + if (ret > 0) { + return -1; + } else { + return 0; + } +} +EXPORT_SYMBOL(hacl_sha3_update); + +int hacl_sha3_final(struct shash_desc *desc, u8 *out) +{ + struct sha3_state *sctx = shash_desc_ctx(desc); + struct Hacl_Streaming_Keccak_state_s st; + st.block_state.fst = hacl_sha3_alg(sctx->rsiz); + st.block_state.snd = sctx->st; + st.buf = sctx->buf; + st.total_len = 0; + uint8_t ret = Hacl_Streaming_Keccak_finish(&st, out); + if (ret > 0) { + return -1; + } else { + return 0; + } +} +EXPORT_SYMBOL(hacl_sha3_final); + +static struct shash_alg algs[] = { + { + .digestsize = SHA3_224_DIGEST_SIZE, + .init = hacl_sha3_init, + .update = hacl_sha3_update, + .final = hacl_sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-224", + .base.cra_driver_name = "sha3-224-hacl", + .base.cra_blocksize = SHA3_224_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, + }, + { + .digestsize = SHA3_256_DIGEST_SIZE, + .init = hacl_sha3_init, + .update = hacl_sha3_update, + .final = hacl_sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-256", + .base.cra_driver_name = "sha3-256-hacl", + .base.cra_blocksize = SHA3_256_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, + }, + { + .digestsize = SHA3_384_DIGEST_SIZE, + .init = hacl_sha3_init, + .update = hacl_sha3_update, + .final = hacl_sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-384", + .base.cra_driver_name = "sha3-384-hacl", + .base.cra_blocksize = SHA3_384_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, + }, + { + .digestsize = SHA3_512_DIGEST_SIZE, + .init = hacl_sha3_init, + .update = hacl_sha3_update, + .final = hacl_sha3_final, + .descsize = sizeof(struct sha3_state), + .base.cra_name = "sha3-512", + .base.cra_driver_name = "sha3-512-hacl", + .base.cra_blocksize = SHA3_512_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, + } +}; + +static int __init sha3_hacl_mod_init(void) +{ + return crypto_register_shashes(algs, ARRAY_SIZE(algs)); +} + +static void __exit sha3_hacl_mod_fini(void) +{ + crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); +} + +subsys_initcall(sha3_hacl_mod_init); +module_exit(sha3_hacl_mod_fini); + +MODULE_LICENSE("GPLv2 or MIT"); +MODULE_DESCRIPTION("Formally Verified SHA-3 Secure Hash Algorithm from HACL*"); + +MODULE_ALIAS_CRYPTO("sha3-224"); +MODULE_ALIAS_CRYPTO("sha3-224-hacl"); +MODULE_ALIAS_CRYPTO("sha3-256"); +MODULE_ALIAS_CRYPTO("sha3-256-hacl"); +MODULE_ALIAS_CRYPTO("sha3-384"); +MODULE_ALIAS_CRYPTO("sha3-384-hacl"); +MODULE_ALIAS_CRYPTO("sha3-512"); +MODULE_ALIAS_CRYPTO("sha3-512-hacl"); From 9065b5878c4ef2bda092e30b91e38e0d027f7e6b Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 24 Oct 2023 17:18:30 +0200 Subject: [PATCH 10/53] run ci --- .github/workflows/crypto-test-harness.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/crypto-test-harness.yml b/.github/workflows/crypto-test-harness.yml index 19e1791e838c8..67fc1a643eec1 100644 --- a/.github/workflows/crypto-test-harness.yml +++ b/.github/workflows/crypto-test-harness.yml @@ -3,7 +3,6 @@ name: Linux on: pull_request: - branches: ["cf-zeta"] workflow_dispatch: jobs: From 0b5753a080c21308d111cac92be27427f3b30b40 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 24 Nov 2023 18:44:22 +0100 Subject: [PATCH 11/53] ecdsa sign (unverified) --- crypto/Kconfig | 3 +- crypto/Makefile | 4 +- crypto/asymmetric_keys/pkcs8.asn1 | 2 +- crypto/asymmetric_keys/pkcs8_parser.c | 53 +++- crypto/ecc.c | 9 +- crypto/ecdsa.c | 371 +++++++++++++++++++++++++- crypto/ecprivkey.asn1 | 6 + crypto/sha3-hacl.c | 4 +- include/crypto/internal/ecc.h | 10 + 9 files changed, 442 insertions(+), 20 deletions(-) create mode 100644 crypto/ecprivkey.asn1 diff --git a/crypto/Kconfig b/crypto/Kconfig index f4a1ce2c9bffc..44ed953370915 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -290,14 +290,13 @@ config CRYPTO_ECDSA tristate "ECDSA (Elliptic Curve Digital Signature Algorithm)" select CRYPTO_ECC select CRYPTO_AKCIPHER + select CRYPTO_DRBG_HMAC select ASN1 help ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186, ISO/IEC 14888-3) using curves P-192, P-256, and P-384 - Only signature verification is implemented. - config CRYPTO_ECRDSA tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" select CRYPTO_ECC diff --git a/crypto/Makefile b/crypto/Makefile index c76607910477e..fc8cc4143d154 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -51,9 +51,11 @@ sm2_generic-y += sm2.o obj-$(CONFIG_CRYPTO_SM2) += sm2_generic.o +$(obj)/ecprivkey.asn1.o: $(obj)/ecprivkey.asn1.c $(obj)/ecprivkey.asn1.h $(obj)/ecdsasignature.asn1.o: $(obj)/ecdsasignature.asn1.c $(obj)/ecdsasignature.asn1.h -$(obj)/ecdsa.o: $(obj)/ecdsasignature.asn1.h +$(obj)/ecdsa.o: $(obj)/ecdsasignature.asn1.h $(obj)/ecprivkey.asn1.h ecdsa_generic-y += ecdsa.o +ecdsa_generic-y += ecprivkey.asn1.o ecdsa_generic-y += ecdsasignature.asn1.o obj-$(CONFIG_CRYPTO_ECDSA) += ecdsa_generic.o diff --git a/crypto/asymmetric_keys/pkcs8.asn1 b/crypto/asymmetric_keys/pkcs8.asn1 index 702c41a3c7137..1791ddf4168a8 100644 --- a/crypto/asymmetric_keys/pkcs8.asn1 +++ b/crypto/asymmetric_keys/pkcs8.asn1 @@ -20,5 +20,5 @@ Attribute ::= ANY AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER ({ pkcs8_note_OID }), - parameters ANY OPTIONAL + parameters ANY OPTIONAL ({ pkcs8_note_algo_parameter }) } diff --git a/crypto/asymmetric_keys/pkcs8_parser.c b/crypto/asymmetric_keys/pkcs8_parser.c index 105dcce27f711..d603811d4faa4 100644 --- a/crypto/asymmetric_keys/pkcs8_parser.c +++ b/crypto/asymmetric_keys/pkcs8_parser.c @@ -21,9 +21,10 @@ struct pkcs8_parse_context { struct public_key *pub; unsigned long data; /* Start of data */ enum OID last_oid; /* Last OID encountered */ - enum OID algo_oid; /* Algorithm OID */ u32 key_size; const void *key; + const void *algo_param; + u32 algo_param_len; }; /* @@ -47,6 +48,17 @@ int pkcs8_note_OID(void *context, size_t hdrlen, return 0; } +int pkcs8_note_algo_parameter(void *context, size_t hdrlen, + unsigned char tag, + const void *value, size_t vlen) +{ + struct pkcs8_parse_context *ctx = context; + + ctx->algo_param = value; + ctx->algo_param_len = vlen; + return 0; +} + /* * Note the version number of the ASN.1 blob. */ @@ -70,12 +82,39 @@ int pkcs8_note_algo(void *context, size_t hdrlen, { struct pkcs8_parse_context *ctx = context; - if (ctx->last_oid != OID_rsaEncryption) - return -ENOPKG; - - ctx->pub->pkey_algo = "rsa"; - return 0; -} + enum OID curve_id; + + switch (ctx->last_oid) { + case OID_id_ecPublicKey: + if (!ctx->algo_param || ctx->algo_param_len == 0) + return -EBADMSG; + curve_id = look_up_OID(ctx->algo_param, ctx->algo_param_len); + + switch (curve_id) { + case OID_id_prime192v1: + ctx->pub->pkey_algo = "ecdsa-nist-p192"; + break; + case OID_id_prime256v1: + ctx->pub->pkey_algo = "ecdsa-nist-p256"; + break; + case OID_id_ansip384r1: + ctx->pub->pkey_algo = "ecdsa-nist-p384"; + break; + default: + return -ENOPKG; + } + break; + + case OID_rsaEncryption: + ctx->pub->pkey_algo = "rsa"; + break; + + default: + return -ENOPKG; + } + + return 0; + } /* * Note the key data of the ASN.1 blob. diff --git a/crypto/ecc.c b/crypto/ecc.c index f53fb4d6af992..daccb2c55abb2 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -488,7 +488,7 @@ static void vli_square(u64 *result, const u64 *left, unsigned int ndigits) /* Computes result = (left + right) % mod. * Assumes that left < mod and right < mod, result != mod. */ -static void vli_mod_add(u64 *result, const u64 *left, const u64 *right, +void vli_mod_add(u64 *result, const u64 *left, const u64 *right, const u64 *mod, unsigned int ndigits) { u64 carry; @@ -501,6 +501,7 @@ static void vli_mod_add(u64 *result, const u64 *left, const u64 *right, if (carry || vli_cmp(result, mod, ndigits) >= 0) vli_sub(result, result, mod, ndigits); } +EXPORT_SYMBOL(vli_mod_add); /* Computes result = (left - right) % mod. * Assumes that left < mod and right < mod, result != mod. @@ -963,7 +964,7 @@ void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right, EXPORT_SYMBOL(vli_mod_mult_slow); /* Computes result = (left * right) % curve_prime. */ -static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right, +void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right, const struct ecc_curve *curve) { u64 product[2 * ECC_MAX_DIGITS]; @@ -971,6 +972,7 @@ static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right, vli_mult(product, left, right, curve->g.ndigits); vli_mmod_fast(result, product, curve); } +EXPORT_SYMBOL(vli_mod_mult_fast); /* Computes result = left^2 % curve_prime. */ static void vli_mod_square_fast(u64 *result, const u64 *left, @@ -1277,7 +1279,7 @@ static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2, vli_set(x1, t7, ndigits); } -static void ecc_point_mult(struct ecc_point *result, +void ecc_point_mult(struct ecc_point *result, const struct ecc_point *point, const u64 *scalar, u64 *initial_z, const struct ecc_curve *curve, unsigned int ndigits) @@ -1335,6 +1337,7 @@ static void ecc_point_mult(struct ecc_point *result, vli_set(result->x, rx[0], ndigits); vli_set(result->y, ry[0], ndigits); } +EXPORT_SYMBOL(ecc_point_mult); /* Computes R = P + Q mod p */ static void ecc_point_add(const struct ecc_point *result, diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index fbd76498aba83..fd54060fefa04 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -6,18 +6,27 @@ #include #include #include +#include +#include +#include +#include #include #include #include #include +#include +#include "ecprivkey.asn1.h" #include "ecdsasignature.asn1.h" struct ecc_ctx { unsigned int curve_id; const struct ecc_curve *curve; + bool key_set; + bool is_private; bool pub_key_set; + u64 d[ECC_MAX_DIGITS]; /* priv key big integer */ u64 x[ECC_MAX_DIGITS]; /* pub key x and y coordinates */ u64 y[ECC_MAX_DIGITS]; struct ecc_point pub_key; @@ -148,7 +157,7 @@ static int ecdsa_verify(struct akcipher_request *req) ssize_t diff; int ret; - if (unlikely(!ctx->pub_key_set)) + if (unlikely(!ctx->key_set)) return -EINVAL; buffer = kmalloc(req->src_len + req->dst_len, GFP_KERNEL); @@ -185,6 +194,241 @@ static int ecdsa_verify(struct akcipher_request *req) return ret; } +static int _ecdsa_sign(struct ecc_ctx *ctx, const u64 *hash, const u64 *k, + struct ecdsa_signature_ctx *sig_ctx) +{ + unsigned int ndigits = ctx->curve->g.ndigits; + u64 rd_h[ECC_MAX_DIGITS]; + u64 kinv[ECC_MAX_DIGITS]; + /* we can use s as y coordinate here as we're discarding it anyway later */ + struct ecc_point K = ECC_POINT_INIT(sig_ctx->r, sig_ctx->s, ndigits); + + ecc_point_mult(&K, &ctx->curve->g, k, NULL, ctx->curve, ndigits); + + if (vli_cmp(sig_ctx->r, ctx->curve->n, ndigits) >= 0) + vli_sub(sig_ctx->r, sig_ctx->r, ctx->curve->n, ndigits); + + if (vli_is_zero(sig_ctx->r, ndigits)) + return -EAGAIN; + + vli_mod_mult_slow(rd_h, sig_ctx->r, ctx->d, ctx->curve->n, ndigits); + vli_mod_add(rd_h, rd_h, hash, ctx->curve->n, ndigits); + vli_mod_inv(kinv, k, ctx->curve->n, ndigits); + vli_mod_mult_slow(sig_ctx->s, kinv, rd_h, ctx->curve->n, ndigits); + + if (vli_is_zero(sig_ctx->s, ndigits)) + return -EAGAIN; + + memzero_explicit(rd_h, sizeof(rd_h)); + memzero_explicit(kinv, sizeof(kinv)); + return 0; +} + +/* RFC 6979 p. 3.1.1 selects the same hash function that was used to + * process the input message. However, we don't have this information in + * the context and can only guess based on the size of the hash. This is + * OK, because p. 3.6 states that a different function may be used of the + * same (or higher) strength. Therefore, we pick SHA-512 as the default + * case. The only disadvantage would be that the KAT vectors from the RFC + * will not be verifiable. Userspace should not depend on it anyway as any + * higher priority ECDSA crypto drivers may actually not implement + * deterministic signatures + */ +static struct crypto_rng *rfc6979_alloc_rng(struct ecc_ctx *ctx, + size_t hash_size, u8 *rawhash) +{ + u64 seed[2 * ECC_MAX_DIGITS]; + unsigned int ndigits = ctx->curve->g.ndigits; + struct drbg_string entropy, pers = {0}; + struct drbg_test_data seed_data; + const char *alg; + struct crypto_rng *rng; + int err; + + switch (hash_size) { + case SHA1_DIGEST_SIZE: + alg = "drbg_nopr_hmac_sha1"; + break; + case SHA256_DIGEST_SIZE: + alg = "drbg_nopr_hmac_sha256"; + break; + case SHA384_DIGEST_SIZE: + alg = "drbg_nopr_hmac_sha384"; + break; + default: + alg = "drbg_nopr_hmac_sha512"; + } + + rng = crypto_alloc_rng(alg, 0, 0); + if (IS_ERR(rng)) + return rng; + + ecc_swap_digits(ctx->d, seed, ndigits); + memcpy(seed + ndigits, rawhash, ndigits << ECC_DIGITS_TO_BYTES_SHIFT); + drbg_string_fill(&entropy, (u8 *)seed, (ndigits * 2) << ECC_DIGITS_TO_BYTES_SHIFT); + seed_data.testentropy = &entropy; + err = crypto_drbg_reset_test(rng, &pers, &seed_data); + if (err) { + crypto_free_rng(rng); + return ERR_PTR(err); + } + + return rng; +} + +static int rfc6979_gen_k(struct ecc_ctx *ctx, struct crypto_rng *rng, u64 *k) +{ + unsigned int ndigits = ctx->curve->g.ndigits; + u8 K[ECC_MAX_BYTES]; + int ret; + + do { + ret = crypto_rng_get_bytes(rng, K, ndigits << ECC_DIGITS_TO_BYTES_SHIFT); + if (ret) + return ret; + + ecc_swap_digits((u64 *)K, k, ndigits); + } while (vli_cmp(k, ctx->curve->n, ndigits) >= 0); + + memzero_explicit(K, sizeof(K)); + return 0; +} + +/* scratch buffer should be at least ECC_MAX_BYTES */ +static int asn1_encode_signature_sg(struct akcipher_request *req, + struct ecdsa_signature_ctx *sig_ctx, + u8 *scratch) +{ + unsigned int ndigits = sig_ctx->curve->g.ndigits; + unsigned int r_bits = vli_num_bits(sig_ctx->r, ndigits); + unsigned int s_bits = vli_num_bits(sig_ctx->s, ndigits); + struct sg_mapping_iter miter; + unsigned int nents; + u8 *buf, *p; + size_t needed = 2; /* tag and len for the top ASN1 sequence */ + + needed += 2; /* tag and len for r as an ASN1 integer */ + needed += BITS_TO_BYTES(r_bits); + if (r_bits % 8 == 0) + /* leftmost bit is set, so need another byte for 0x00 to make the + * integer positive + */ + needed++; + + needed += 2; /* tag and len for s as an ASN1 integer */ + needed += BITS_TO_BYTES(s_bits); + if (s_bits % 8 == 0) + /* leftmost bit is set, so need another byte for 0x00 to make the + * integer positive + */ + needed++; + + if (req->dst_len < needed) { + req->dst_len = needed; + return -EOVERFLOW; + } + + nents = sg_nents_for_len(req->dst, needed); + if (nents == 1) { + sg_miter_start(&miter, req->dst, nents, SG_MITER_ATOMIC | SG_MITER_TO_SG); + sg_miter_next(&miter); + buf = miter.addr; + } else { + buf = kmalloc(needed, GFP_KERNEL); + if (!buf) + return -ENOMEM; + } + + /* we will begin from the end */ + ecc_swap_digits(sig_ctx->s, (u64 *)scratch, ndigits); + p = buf + needed - BITS_TO_BYTES(s_bits); + memcpy(p, scratch + + (ndigits << ECC_DIGITS_TO_BYTES_SHIFT) - BITS_TO_BYTES(s_bits), + BITS_TO_BYTES(s_bits)); + if (s_bits % 8 == 0) { + p--; + *p = 0; + } + p -= 2; + p[0] = ASN1_INT; + p[1] = (s_bits % 8 == 0) ? BITS_TO_BYTES(s_bits) + 1 : BITS_TO_BYTES(s_bits); + + ecc_swap_digits(sig_ctx->r, (u64 *)scratch, ndigits); + p -= BITS_TO_BYTES(r_bits); + memcpy(p, scratch + + (ndigits << ECC_DIGITS_TO_BYTES_SHIFT) - BITS_TO_BYTES(r_bits), + BITS_TO_BYTES(r_bits)); + if (r_bits % 8 == 0) { + p--; + *p = 0; + } + p -= 2; + p[0] = ASN1_INT; + p[1] = (r_bits % 8 == 0) ? BITS_TO_BYTES(r_bits) + 1 : BITS_TO_BYTES(r_bits); + + buf[0] = ASN1_CONS_BIT | ASN1_SEQ; + buf[1] = (needed - 2) & 0xff; + + if (nents == 1) + sg_miter_stop(&miter); + else { + sg_copy_from_buffer(req->dst, nents, buf, needed); + kfree(buf); + } + req->dst_len = needed; + + return 0; +} + +static int ecdsa_sign(struct akcipher_request *req) +{ + struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); + struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); + size_t keylen = ctx->curve->g.ndigits << ECC_DIGITS_TO_BYTES_SHIFT; + u8 rawhash_k[ECC_MAX_BYTES]; + u64 hash[ECC_MAX_DIGITS]; + struct ecdsa_signature_ctx sig_ctx = { + .curve = ctx->curve, + }; + struct crypto_rng *rng; + ssize_t diff; + int ret; + + /* if the hash is shorter then we will add leading zeros to fit to ndigits */ + diff = keylen - req->src_len; + if (diff >= 0) { + if (diff) + memset(rawhash_k, 0, diff); + sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len), + &rawhash_k[diff], req->src_len); + } else if (diff < 0) { + /* given hash is longer, we take the left-most bytes */ + sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len), + rawhash_k, req->src_len); + } + + ecc_swap_digits((u64 *)rawhash_k, hash, ctx->curve->g.ndigits); + + rng = rfc6979_alloc_rng(ctx, req->src_len, rawhash_k); + if (IS_ERR(rng)) + return PTR_ERR(rng); + + do { + ret = rfc6979_gen_k(ctx, rng, (u64 *)rawhash_k); + if (ret) + goto alloc_rng; + + ret = _ecdsa_sign(ctx, hash, (u64 *)rawhash_k, &sig_ctx); + } while (ret == -EAGAIN); + memzero_explicit(rawhash_k, sizeof(rawhash_k)); + + ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); + +alloc_rng: + crypto_free_rng(rng); + return ret; +} + static int ecdsa_ecc_ctx_init(struct ecc_ctx *ctx, unsigned int curve_id) { ctx->curve_id = curve_id; @@ -198,7 +442,9 @@ static int ecdsa_ecc_ctx_init(struct ecc_ctx *ctx, unsigned int curve_id) static void ecdsa_ecc_ctx_deinit(struct ecc_ctx *ctx) { - ctx->pub_key_set = false; + ctx->key_set = false; + if (ctx->is_private) + memzero_explicit(ctx->d, sizeof(ctx->d)); } static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx) @@ -246,11 +492,107 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig ecc_swap_digits(&digits[ndigits], ctx->pub_key.y, ndigits); ret = ecc_is_pubkey_valid_full(ctx->curve, &ctx->pub_key); - ctx->pub_key_set = ret == 0; + ctx->key_set = ret == 0; + ctx->is_private = false; return ret; } +int ecc_get_priv_key(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct ecc_ctx *ctx = context; + size_t dlen = ctx->curve->g.ndigits * sizeof(u64); + ssize_t diff = vlen - dlen; + const char *d = value; + u8 priv[ECC_MAX_BYTES]; + + /* diff = 0: 'value' has exacly the right size + * diff > 0: 'value' has too many bytes; one leading zero is allowed that + * makes the value a positive integer; error on more + * diff < 0: 'value' is missing leading zeros, which we add + */ + if (diff > 0) { + /* skip over leading zeros that make 'value' a positive int */ + if (*d == 0) { + vlen -= 1; + diff--; + d++; + } + if (diff) + return -EINVAL; + } + if (-diff >= dlen) + return -EINVAL; + + if (diff) { + /* leading zeros not given in 'value' */ + memset(priv, 0, -diff); + } + + memcpy(&priv[-diff], d, vlen); + + ecc_swap_digits((u64 *)priv, ctx->d, ctx->curve->g.ndigits); + memzero_explicit(priv, sizeof(priv)); + return ecc_is_key_valid(ctx->curve_id, ctx->curve->g.ndigits, ctx->d, dlen); +} + +int ecc_get_priv_params(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct ecc_ctx *ctx = context; + + switch (look_up_OID(value, vlen)) { + case OID_id_prime192v1: + return (ctx->curve_id == ECC_CURVE_NIST_P192) ? 0 : -EINVAL; + case OID_id_prime256v1: + return (ctx->curve_id == ECC_CURVE_NIST_P256) ? 0 : -EINVAL; + case OID_id_ansip384r1: + return (ctx->curve_id == ECC_CURVE_NIST_P384) ? 0 : -EINVAL; + default: + break; + } + + return -EINVAL; +} + +int ecc_get_priv_version(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + if (vlen == 1) { + if (*((u8 *)value) == 1) + return 0; + } + + return -EINVAL; +} + +static int ecdsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, + unsigned int keylen) +{ + struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); + int ret; + + ret = ecdsa_ecc_ctx_reset(ctx); + if (ret < 0) + return ret; + + ret = asn1_ber_decoder(&ecprivkey_decoder, ctx, key, keylen); + if (ret) + return ret; + + ecc_point_mult(&ctx->pub_key, &ctx->curve->g, ctx->d, NULL, ctx->curve, + ctx->curve->g.ndigits); + ret = ecc_is_pubkey_valid_full(ctx->curve, &ctx->pub_key); + if (ret) + return ret; + + ctx->key_set = ret == 0; + ctx->is_private = true; + + return ret; + } + static void ecdsa_exit_tfm(struct crypto_akcipher *tfm) { struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); @@ -262,7 +604,22 @@ static unsigned int ecdsa_max_size(struct crypto_akcipher *tfm) { struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); - return ctx->pub_key.ndigits << ECC_DIGITS_TO_BYTES_SHIFT; + if (!ctx->key_set) + return 0; + + if (ctx->is_private) { + /* see ecdsasignature.asn1 + * for a max 384 bit curve we would only need 1 byte length + * ASN1 encoding for the top level sequence and r,s integers + * 1 byte sequence tag + 1 byte sequence length (max 102 for 384 + * bit curve) + 2 (for r and s) * (1 byte integer tag + 1 byte + * integer length (max 49 for 384 bit curve) + 1 zero byte (if r + * or s has leftmost bit set) + sizeof(r or s) + */ + return 2 + 2 * (3 + (ctx->curve->g.ndigits << ECC_DIGITS_TO_BYTES_SHIFT)); + } + + return ctx->curve->g.ndigits << ECC_DIGITS_TO_BYTES_SHIFT; } static int ecdsa_nist_p384_init_tfm(struct crypto_akcipher *tfm) @@ -273,7 +630,9 @@ static int ecdsa_nist_p384_init_tfm(struct crypto_akcipher *tfm) } static struct akcipher_alg ecdsa_nist_p384 = { + .sign = ecdsa_sign, .verify = ecdsa_verify, + .set_priv_key = ecdsa_set_priv_key, .set_pub_key = ecdsa_set_pub_key, .max_size = ecdsa_max_size, .init = ecdsa_nist_p384_init_tfm, @@ -295,7 +654,9 @@ static int ecdsa_nist_p256_init_tfm(struct crypto_akcipher *tfm) } static struct akcipher_alg ecdsa_nist_p256 = { + .sign = ecdsa_sign, .verify = ecdsa_verify, + .set_priv_key = ecdsa_set_priv_key, .set_pub_key = ecdsa_set_pub_key, .max_size = ecdsa_max_size, .init = ecdsa_nist_p256_init_tfm, @@ -317,7 +678,9 @@ static int ecdsa_nist_p192_init_tfm(struct crypto_akcipher *tfm) } static struct akcipher_alg ecdsa_nist_p192 = { + .sign = ecdsa_sign, .verify = ecdsa_verify, + .set_priv_key = ecdsa_set_priv_key, .set_pub_key = ecdsa_set_pub_key, .max_size = ecdsa_max_size, .init = ecdsa_nist_p192_init_tfm, diff --git a/crypto/ecprivkey.asn1 b/crypto/ecprivkey.asn1 new file mode 100644 index 0000000000000..92e7d7d0703ce --- /dev/null +++ b/crypto/ecprivkey.asn1 @@ -0,0 +1,6 @@ +ECPrivateKey ::= SEQUENCE { + version INTEGER ({ ecc_get_priv_version }), + privateKey OCTET STRING ({ ecc_get_priv_key }), + parameters [0] OBJECT IDENTIFIER OPTIONAL ({ ecc_get_priv_params }), + publicKey [1] BIT STRING OPTIONAL +} diff --git a/crypto/sha3-hacl.c b/crypto/sha3-hacl.c index 70957a40166d6..c9241aa4aaf24 100644 --- a/crypto/sha3-hacl.c +++ b/crypto/sha3-hacl.c @@ -4,11 +4,11 @@ * */ -#include - #include "hacl_hash.h" #include "hacl_lib.h" +#include + int hacl_sha3_init(struct shash_desc *desc) { struct sha3_state *sctx = shash_desc_ctx(desc); diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/ecc.h index 4f6c1a68882fa..5601da0a1ff36 100644 --- a/include/crypto/internal/ecc.h +++ b/include/crypto/internal/ecc.h @@ -182,6 +182,9 @@ int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits); u64 vli_sub(u64 *result, const u64 *left, const u64 *right, unsigned int ndigits); +void vli_mod_add(u64 *result, const u64 *left, const u64 *right, + const u64 *mod, unsigned int ndigits); + /** * vli_from_be64() - Load vli from big-endian u64 array * @@ -225,6 +228,9 @@ void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod, void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right, const u64 *mod, unsigned int ndigits); +void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right, + const struct ecc_curve *curve); + /** * vli_num_bits() - Counts the number of bits required for vli. * @@ -260,6 +266,10 @@ void ecc_free_point(struct ecc_point *p); */ bool ecc_point_is_zero(const struct ecc_point *point); +void ecc_point_mult(struct ecc_point *result, const struct ecc_point *point, + const u64 *scalar, u64 *initial_z, + const struct ecc_curve *curve, unsigned int ndigits); + /** * ecc_point_mult_shamir() - Add two points multiplied by scalars * From f7ae697cd78e271ea26eb4b111f03ac3d197c937 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sat, 25 Nov 2023 15:55:15 +0100 Subject: [PATCH 12/53] hacl p256 ecdsa wip --- crypto/Kconfig | 1 + crypto/Makefile | 2 +- crypto/ecdsa.c | 19 +- crypto/hacl_lib.h | 63 ++ crypto/hacl_p256.h | 718 ++++++++++++++ crypto/p256-hacl-generated.c | 1808 ++++++++++++++++++++++++++++++++++ 6 files changed, 2606 insertions(+), 5 deletions(-) create mode 100644 crypto/hacl_p256.h create mode 100644 crypto/p256-hacl-generated.c diff --git a/crypto/Kconfig b/crypto/Kconfig index 44ed953370915..620708f428f26 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -296,6 +296,7 @@ config CRYPTO_ECDSA ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186, ISO/IEC 14888-3) using curves P-192, P-256, and P-384 + P-256 uses formally a verified implementation from HACL* config CRYPTO_ECRDSA tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" diff --git a/crypto/Makefile b/crypto/Makefile index fc8cc4143d154..306f5e2c9a6a7 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -57,7 +57,7 @@ $(obj)/ecdsa.o: $(obj)/ecdsasignature.asn1.h $(obj)/ecprivkey.asn1.h ecdsa_generic-y += ecdsa.o ecdsa_generic-y += ecprivkey.asn1.o ecdsa_generic-y += ecdsasignature.asn1.o -obj-$(CONFIG_CRYPTO_ECDSA) += ecdsa_generic.o +obj-$(CONFIG_CRYPTO_ECDSA) += ecdsa_generic.o p256-hacl-generated.o crypto_acompress-y := acompress.o crypto_acompress-y += scompress.o diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index fd54060fefa04..79b6c6f1efff3 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -19,6 +19,8 @@ #include "ecprivkey.asn1.h" #include "ecdsasignature.asn1.h" +#include "hacl_p256.h" + struct ecc_ctx { unsigned int curve_id; const struct ecc_curve *curve; @@ -26,7 +28,7 @@ struct ecc_ctx { bool is_private; bool pub_key_set; - u64 d[ECC_MAX_DIGITS]; /* priv key big integer */ + u64 d[ECC_MAX_DIGITS]; /* privkey big integer */ u64 x[ECC_MAX_DIGITS]; /* pub key x and y coordinates */ u64 y[ECC_MAX_DIGITS]; struct ecc_point pub_key; @@ -184,9 +186,18 @@ static int ecdsa_verify(struct akcipher_request *req) memcpy(&rawhash, buffer + req->src_len, keylen); } - ecc_swap_digits((u64 *)rawhash, hash, ctx->curve->g.ndigits); - - ret = _ecdsa_verify(ctx, hash, sig_ctx.r, sig_ctx.s); + if (strncmp(ctx->curve->name, "nist_256", 8) == 0) { + if (Hacl_P256_ecdsa_verif_without_hash(req->dst_len, rawhash, + (u8*)ctx->x, + (u8*)sig_ctx.r, (u8*)sig_ctx.s)) { + ret = 0; + } else { + ret = -1; + } + } else { + ecc_swap_digits((u64 *)rawhash, hash, ctx->curve->g.ndigits); + ret = _ecdsa_verify(ctx, hash, sig_ctx.r, sig_ctx.s); + } error: kfree(buffer); diff --git a/crypto/hacl_lib.h b/crypto/hacl_lib.h index 619ac3abfde8b..fb60d284f7010 100644 --- a/crypto/hacl_lib.h +++ b/crypto/hacl_lib.h @@ -30,6 +30,69 @@ static inline u128 FStar_UInt128_uint64_to_uint128(u64 x) return ((u128)x); } +inline static u128 FStar_UInt128_mul_wide(u64 x, u64 y) { + return ((u128) x) * y; +} + +inline static uint64_t FStar_UInt128_uint128_to_uint64(u128 x) { + return (u64)x; +} + +inline static u128 FStar_UInt128_shift_right(u128 x, u32 y) { + return x >> y; +} + +static u64 FStar_UInt64_eq_mask(u64 a, u64 b) +{ + u64 x = a ^ b; + u64 minus_x = ~x + (u64)1U; + u64 x_or_minus_x = x | minus_x; + u64 xnx = x_or_minus_x >> (u32)63U; + return xnx - (u64)1U; +} + +static u64 FStar_UInt64_gte_mask(u64 a, u64 b) +{ + u64 x = a; + u64 y = b; + u64 x_xor_y = x ^ y; + u64 x_sub_y = x - y; + u64 x_sub_y_xor_y = x_sub_y ^ y; + u64 q = x_xor_y | x_sub_y_xor_y; + u64 x_xor_q = x ^ q; + u64 x_xor_q_ = x_xor_q >> (u32)63U; + return x_xor_q_ - (u64)1U; +} + +static inline uint64_t +Hacl_IntTypes_Intrinsics_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) +{ + uint64_t res = x - y - cin; + uint64_t + c = + ((FStar_UInt64_gte_mask(res, x) & ~FStar_UInt64_eq_mask(res, x)) + | (FStar_UInt64_eq_mask(res, x) & cin)) + & (uint64_t)1U; + r[0U] = res; + return c; +} + +static inline uint64_t +Hacl_IntTypes_Intrinsics_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) +{ + uint64_t res = x + cin + y; + uint64_t + c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & (uint64_t)1U; + r[0U] = res; + return c; +} + +#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ + (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)) + +#define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \ + (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4)) + /* * Loads and stores. These avoid undefined behavior due to unaligned memory * accesses, via memcpy. diff --git a/crypto/hacl_p256.h b/crypto/hacl_p256.h new file mode 100644 index 0000000000000..33a21ac06c8fa --- /dev/null +++ b/crypto/hacl_p256.h @@ -0,0 +1,718 @@ +/* + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * Copyright (c) 2023 Cryspen + */ + +#ifndef CRYPTO_HACL_P256_H_ +#define CRYPTO_HACL_P256_H_ + +#include "hacl_lib.h" + +/******************************************************************************* + + Verified C library for ECDSA and ECDH functions over the P-256 NIST curve. + + This module implements signing and verification, key validation, conversions + between various point representations, and ECDH key agreement. + +*******************************************************************************/ + +/*****************/ +/* ECDSA signing */ +/*****************/ + +/** +Create an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-sign combined functions above. + + The argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`). + + NOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs + smaller than 32 bytes. These libraries left-pad the input with enough zeroes to + reach the minimum 32 byte size. Clients who need behavior identical to OpenSSL + need to perform the left-padding themselves. + + The function returns `true` for successful creation of an ECDSA signature and `false` otherwise. + + The outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `private_key` and `nonce` are valid values: + • 0 < `private_key` < the order of the curve + • 0 < `nonce` < the order of the curve +*/ +bool +Hacl_P256_ecdsa_sign_p256_without_hash( + uint8_t *signature, + uint32_t msg_len, + uint8_t *msg, + uint8_t *private_key, + uint8_t *nonce +); + + +/**********************/ +/* ECDSA verification */ +/**********************/ + +/** +Verify an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-verify combined functions above. + + The argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`). + + The function returns `true` if the signature is valid and `false` otherwise. + + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `public_key` is valid +*/ +bool +Hacl_P256_ecdsa_verif_without_hash( + uint32_t msg_len, + uint8_t *msg, + uint8_t *public_key, + uint8_t *signature_r, + uint8_t *signature_s +); + + +/******************/ +/* Key validation */ +/******************/ + +/** +Public key validation. + + The function returns `true` if a public key is valid and `false` otherwise. + + The argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The public key (x || y) is valid (with respect to SP 800-56A): + • the public key is not the “point at infinity”, represented as O. + • the affine x and y coordinates of the point represented by the public key are + in the range [0, p – 1] where p is the prime defining the finite field. + • y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation. + The last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/ +*/ +bool Hacl_P256_validate_public_key(uint8_t *public_key); + +/** +Private key validation. + + The function returns `true` if a private key is valid and `false` otherwise. + + The argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]. + + The private key is valid: + • 0 < `private_key` < the order of the curve +*/ +bool Hacl_P256_validate_private_key(uint8_t *private_key); + +/******************************************************************************* + Parsing and Serializing public keys. + + A public key is a point (x, y) on the P-256 NIST curve. + + The point can be represented in the following three ways. + • raw = [ x || y ], 64 bytes + • uncompressed = [ 0x04 || x || y ], 65 bytes + • compressed = [ (0x02 for even `y` and 0x03 for odd `y`) || x ], 33 bytes + +*******************************************************************************/ + + +/** +Convert a public key from uncompressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +bool Hacl_P256_uncompressed_to_raw(uint8_t *pk, uint8_t *pk_raw); + +/** +Convert a public key from compressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + + The function also checks whether (x, y) is a valid point. +*/ +bool Hacl_P256_compressed_to_raw(uint8_t *pk, uint8_t *pk_raw); + +/** +Convert a public key from raw to its uncompressed form. + + The outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65]. + The argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +void Hacl_P256_raw_to_uncompressed(uint8_t *pk_raw, uint8_t *pk); + +/** +Convert a public key from raw to its compressed form. + + The outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + The argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +void Hacl_P256_raw_to_compressed(uint8_t *pk_raw, uint8_t *pk); + + +static const +uint64_t +Hacl_P256_PrecompTable_precomp_basepoint_table_w4[192U] = + { + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, + (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U, + (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U, + (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U, + (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U, + (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, + (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U, + (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U, + (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U, + (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U, + (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U, + (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U, + (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U, + (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U, + (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U, + (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U, + (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U, + (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U, + (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U, + (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U, + (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U, + (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U, + (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U, + (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U, + (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U, + (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U, + (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U, + (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U, + (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U, + (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U, + (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U, + (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U, + (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U, + (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U, + (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U, + (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U, + (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U, + (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U, + (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U, + (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U, + (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U, + (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U, + (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U, + (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U, + (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U, + (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U, + (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U, + (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U, + (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U, + (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U, + (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U, + (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U, + (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U, + (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U, + (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U, + (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U, + (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U, + (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U, + (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U, + (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U, + (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U, + (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U, + (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U, + (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U, + (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U, + (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U, + (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U, + (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U, + (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U, + (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U, + (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U + }; + +static const +uint64_t +Hacl_P256_PrecompTable_precomp_g_pow2_64_table_w4[192U] = + { + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, + (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1499621593102562565U, + (uint64_t)16692369783039433128U, (uint64_t)15337520135922861848U, + (uint64_t)5455737214495366228U, (uint64_t)17827017231032529600U, + (uint64_t)12413621606240782649U, (uint64_t)2290483008028286132U, + (uint64_t)15752017553340844820U, (uint64_t)4846430910634234874U, + (uint64_t)10861682798464583253U, (uint64_t)15404737222404363049U, (uint64_t)363586619281562022U, + (uint64_t)9866710912401645115U, (uint64_t)1162548847543228595U, (uint64_t)7649967190445130486U, + (uint64_t)5212340432230915749U, (uint64_t)7572620550182916491U, (uint64_t)14876145112448665096U, + (uint64_t)2063227348838176167U, (uint64_t)3519435548295415847U, (uint64_t)8390400282019023103U, + (uint64_t)17666843593163037841U, (uint64_t)9450204148816496323U, (uint64_t)8483374507652916768U, + (uint64_t)6254661047265818424U, (uint64_t)16382127809582285023U, (uint64_t)125359443771153172U, + (uint64_t)1374336701588437897U, (uint64_t)11362596098420127726U, (uint64_t)2101654420738681387U, + (uint64_t)12772780342444840510U, (uint64_t)12546934328908550060U, + (uint64_t)8331880412333790397U, (uint64_t)11687262051473819904U, (uint64_t)8926848496503457587U, + (uint64_t)9603974142010467857U, (uint64_t)13199952163826973175U, (uint64_t)2189856264898797734U, + (uint64_t)11356074861870267226U, (uint64_t)2027714896422561895U, (uint64_t)5261606367808050149U, + (uint64_t)153855954337762312U, (uint64_t)6375919692894573986U, (uint64_t)12364041207536146533U, + (uint64_t)1891896010455057160U, (uint64_t)1568123795087313171U, (uint64_t)18138710056556660101U, + (uint64_t)6004886947510047736U, (uint64_t)4811859325589542932U, (uint64_t)3618763430148954981U, + (uint64_t)11434521746258554122U, (uint64_t)10086341535864049427U, + (uint64_t)8073421629570399570U, (uint64_t)12680586148814729338U, (uint64_t)9619958020761569612U, + (uint64_t)15827203580658384478U, (uint64_t)12832694810937550406U, + (uint64_t)14977975484447400910U, (uint64_t)5478002389061063653U, + (uint64_t)14731136312639060880U, (uint64_t)4317867687275472033U, (uint64_t)6642650962855259884U, + (uint64_t)2514254944289495285U, (uint64_t)14231405641534478436U, (uint64_t)4045448346091518946U, + (uint64_t)8985477013445972471U, (uint64_t)8869039454457032149U, (uint64_t)4356978486208692970U, + (uint64_t)10805288613335538577U, (uint64_t)12832353127812502042U, + (uint64_t)4576590051676547490U, (uint64_t)6728053735138655107U, (uint64_t)17814206719173206184U, + (uint64_t)79790138573994940U, (uint64_t)17920293215101822267U, (uint64_t)13422026625585728864U, + (uint64_t)5018058010492547271U, (uint64_t)110232326023384102U, (uint64_t)10834264070056942976U, + (uint64_t)15222249086119088588U, (uint64_t)15119439519142044997U, + (uint64_t)11655511970063167313U, (uint64_t)1614477029450566107U, (uint64_t)3619322817271059794U, + (uint64_t)9352862040415412867U, (uint64_t)14017522553242747074U, + (uint64_t)13138513643674040327U, (uint64_t)3610195242889455765U, (uint64_t)8371069193996567291U, + (uint64_t)12670227996544662654U, (uint64_t)1205961025092146303U, + (uint64_t)13106709934003962112U, (uint64_t)4350113471327723407U, + (uint64_t)15060941403739680459U, (uint64_t)13639127647823205030U, + (uint64_t)10790943339357725715U, (uint64_t)498760574280648264U, (uint64_t)17922071907832082887U, + (uint64_t)15122670976670152145U, (uint64_t)6275027991110214322U, (uint64_t)7250912847491816402U, + (uint64_t)15206617260142982380U, (uint64_t)3385668313694152877U, + (uint64_t)17522479771766801905U, (uint64_t)2965919117476170655U, (uint64_t)1553238516603269404U, + (uint64_t)5820770015631050991U, (uint64_t)4999445222232605348U, (uint64_t)9245650860833717444U, + (uint64_t)1508811811724230728U, (uint64_t)5190684913765614385U, (uint64_t)15692927070934536166U, + (uint64_t)12981978499190500902U, (uint64_t)5143491963193394698U, (uint64_t)7705698092144084129U, + (uint64_t)581120653055084783U, (uint64_t)13886552864486459714U, (uint64_t)6290301270652587255U, + (uint64_t)8663431529954393128U, (uint64_t)17033405846475472443U, (uint64_t)5206780355442651635U, + (uint64_t)12580364474736467688U, (uint64_t)17934601912005283310U, + (uint64_t)15119491731028933652U, (uint64_t)17848231399859044858U, + (uint64_t)4427673319524919329U, (uint64_t)2673607337074368008U, (uint64_t)14034876464294699949U, + (uint64_t)10938948975420813697U, (uint64_t)15202340615298669183U, + (uint64_t)5496603454069431071U, (uint64_t)2486526142064906845U, (uint64_t)4507882119510526802U, + (uint64_t)13888151172411390059U, (uint64_t)15049027856908071726U, + (uint64_t)9667231543181973158U, (uint64_t)6406671575277563202U, (uint64_t)3395801050331215139U, + (uint64_t)9813607433539108308U, (uint64_t)2681417728820980381U, (uint64_t)18407064643927113994U, + (uint64_t)7707177692113485527U, (uint64_t)14218149384635317074U, (uint64_t)3658668346206375919U, + (uint64_t)15404713991002362166U, (uint64_t)10152074687696195207U, + (uint64_t)10926946599582128139U, (uint64_t)16907298600007085320U, + (uint64_t)16544287219664720279U, (uint64_t)11007075933432813205U, + (uint64_t)8652245965145713599U, (uint64_t)7857626748965990384U, (uint64_t)5602306604520095870U, + (uint64_t)2525139243938658618U, (uint64_t)14405696176872077447U, + (uint64_t)18432270482137885332U, (uint64_t)9913880809120071177U, + (uint64_t)16896141737831216972U, (uint64_t)7484791498211214829U, + (uint64_t)15635259968266497469U, (uint64_t)8495118537612215624U, (uint64_t)4915477980562575356U, + (uint64_t)16453519279754924350U, (uint64_t)14462108244565406969U, + (uint64_t)14837837755237096687U, (uint64_t)14130171078892575346U, + (uint64_t)15423793222528491497U, (uint64_t)5460399262075036084U, + (uint64_t)16085440580308415349U, (uint64_t)26873200736954488U, (uint64_t)5603655807457499550U, + (uint64_t)3342202915871129617U, (uint64_t)1604413932150236626U, (uint64_t)9684226585089458974U, + (uint64_t)1213229904006618539U, (uint64_t)6782978662408837236U, (uint64_t)11197029877749307372U, + (uint64_t)14085968786551657744U, (uint64_t)17352273610494009342U, + (uint64_t)7876582961192434984U + }; + +static const +uint64_t +Hacl_P256_PrecompTable_precomp_g_pow2_128_table_w4[192U] = + { + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, + (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)14619254753077084366U, + (uint64_t)13913835116514008593U, (uint64_t)15060744674088488145U, + (uint64_t)17668414598203068685U, (uint64_t)10761169236902342334U, + (uint64_t)15467027479157446221U, (uint64_t)14989185522423469618U, + (uint64_t)14354539272510107003U, (uint64_t)14298211796392133693U, + (uint64_t)13270323784253711450U, (uint64_t)13380964971965046957U, + (uint64_t)8686204248456909699U, (uint64_t)17434630286744937066U, (uint64_t)1355903775279084720U, + (uint64_t)7554695053550308662U, (uint64_t)11354971222741863570U, (uint64_t)564601613420749879U, + (uint64_t)8466325837259054896U, (uint64_t)10752965181772434263U, + (uint64_t)11405876547368426319U, (uint64_t)13791894568738930940U, + (uint64_t)8230587134406354675U, (uint64_t)12415514098722758608U, + (uint64_t)18414183046995786744U, (uint64_t)15508000368227372870U, + (uint64_t)5781062464627999307U, (uint64_t)15339429052219195590U, + (uint64_t)16038703753810741903U, (uint64_t)9587718938298980714U, (uint64_t)4822658817952386407U, + (uint64_t)1376351024833260660U, (uint64_t)1120174910554766702U, (uint64_t)1730170933262569274U, + (uint64_t)5187428548444533500U, (uint64_t)16242053503368957131U, (uint64_t)3036811119519868279U, + (uint64_t)1760267587958926638U, (uint64_t)170244572981065185U, (uint64_t)8063080791967388171U, + (uint64_t)4824892826607692737U, (uint64_t)16286391083472040552U, + (uint64_t)11945158615253358747U, (uint64_t)14096887760410224200U, + (uint64_t)1613720831904557039U, (uint64_t)14316966673761197523U, + (uint64_t)17411006201485445341U, (uint64_t)8112301506943158801U, (uint64_t)2069889233927989984U, + (uint64_t)10082848378277483927U, (uint64_t)3609691194454404430U, (uint64_t)6110437205371933689U, + (uint64_t)9769135977342231601U, (uint64_t)11977962151783386478U, + (uint64_t)18088718692559983573U, (uint64_t)11741637975753055U, (uint64_t)11110390325701582190U, + (uint64_t)1341402251566067019U, (uint64_t)3028229550849726478U, (uint64_t)10438984083997451310U, + (uint64_t)12730851885100145709U, (uint64_t)11524169532089894189U, + (uint64_t)4523375903229602674U, (uint64_t)2028602258037385622U, (uint64_t)17082839063089388410U, + (uint64_t)6103921364634113167U, (uint64_t)17066180888225306102U, + (uint64_t)11395680486707876195U, (uint64_t)10952892272443345484U, + (uint64_t)8792831960605859401U, (uint64_t)14194485427742325139U, + (uint64_t)15146020821144305250U, (uint64_t)1654766014957123343U, (uint64_t)7955526243090948551U, + (uint64_t)3989277566080493308U, (uint64_t)12229385116397931231U, + (uint64_t)13430548930727025562U, (uint64_t)3434892688179800602U, (uint64_t)8431998794645622027U, + (uint64_t)12132530981596299272U, (uint64_t)2289461608863966999U, + (uint64_t)18345870950201487179U, (uint64_t)13517947207801901576U, + (uint64_t)5213113244172561159U, (uint64_t)17632986594098340879U, (uint64_t)4405251818133148856U, + (uint64_t)11783009269435447793U, (uint64_t)9332138983770046035U, + (uint64_t)12863411548922539505U, (uint64_t)3717030292816178224U, + (uint64_t)10026078446427137374U, (uint64_t)11167295326594317220U, + (uint64_t)12425328773141588668U, (uint64_t)5760335125172049352U, (uint64_t)9016843701117277863U, + (uint64_t)5657892835694680172U, (uint64_t)11025130589305387464U, (uint64_t)1368484957977406173U, + (uint64_t)17361351345281258834U, (uint64_t)1907113641956152700U, + (uint64_t)16439233413531427752U, (uint64_t)5893322296986588932U, + (uint64_t)14000206906171746627U, (uint64_t)14979266987545792900U, + (uint64_t)6926291766898221120U, (uint64_t)7162023296083360752U, (uint64_t)14762747553625382529U, + (uint64_t)12610831658612406849U, (uint64_t)10462926899548715515U, + (uint64_t)4794017723140405312U, (uint64_t)5234438200490163319U, (uint64_t)8019519110339576320U, + (uint64_t)7194604241290530100U, (uint64_t)12626770134810813246U, + (uint64_t)10793074474236419890U, (uint64_t)11323224347913978783U, + (uint64_t)16831128015895380245U, (uint64_t)18323094195124693378U, + (uint64_t)2361097165281567692U, (uint64_t)15755578675014279498U, + (uint64_t)14289876470325854580U, (uint64_t)12856787656093616839U, + (uint64_t)3578928531243900594U, (uint64_t)3847532758790503699U, (uint64_t)8377953190224748743U, + (uint64_t)3314546646092744596U, (uint64_t)800810188859334358U, (uint64_t)4626344124229343596U, + (uint64_t)6620381605850876621U, (uint64_t)11422073570955989527U, + (uint64_t)12676813626484814469U, (uint64_t)16725029886764122240U, + (uint64_t)16648497372773830008U, (uint64_t)9135702594931291048U, + (uint64_t)16080949688826680333U, (uint64_t)11528096561346602947U, + (uint64_t)2632498067099740984U, (uint64_t)11583842699108800714U, (uint64_t)8378404864573610526U, + (uint64_t)1076560261627788534U, (uint64_t)13836015994325032828U, + (uint64_t)11234295937817067909U, (uint64_t)5893659808396722708U, + (uint64_t)11277421142886984364U, (uint64_t)8968549037166726491U, + (uint64_t)14841374331394032822U, (uint64_t)9967344773947889341U, (uint64_t)8799244393578496085U, + (uint64_t)5094686877301601410U, (uint64_t)8780316747074726862U, (uint64_t)9119697306829835718U, + (uint64_t)15381243327921855368U, (uint64_t)2686250164449435196U, + (uint64_t)16466917280442198358U, (uint64_t)13791704489163125216U, + (uint64_t)16955859337117924272U, (uint64_t)17112836394923783642U, + (uint64_t)4639176427338618063U, (uint64_t)16770029310141094964U, + (uint64_t)11049953922966416185U, (uint64_t)12012669590884098968U, + (uint64_t)4859326885929417214U, (uint64_t)896380084392586061U, (uint64_t)7153028362977034008U, + (uint64_t)10540021163316263301U, (uint64_t)9318277998512936585U, + (uint64_t)18344496977694796523U, (uint64_t)11374737400567645494U, + (uint64_t)17158800051138212954U, (uint64_t)18343197867863253153U, + (uint64_t)18204799297967861226U, (uint64_t)15798973531606348828U, + (uint64_t)9870158263408310459U, (uint64_t)17578869832774612627U, (uint64_t)8395748875822696932U, + (uint64_t)15310679007370670872U, (uint64_t)11205576736030808860U, + (uint64_t)10123429210002838967U, (uint64_t)5910544144088393959U, + (uint64_t)14016615653353687369U, (uint64_t)11191676704772957822U + }; + +static const +uint64_t +Hacl_P256_PrecompTable_precomp_g_pow2_192_table_w4[192U] = + { + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, + (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)7870395003430845958U, + (uint64_t)18001862936410067720U, (uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U, + (uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U, (uint64_t)7139806720777708306U, + (uint64_t)8253938546650739833U, (uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U, + (uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U, (uint64_t)8392845221328116213U, + (uint64_t)14630296398338540788U, (uint64_t)4268947906723414372U, (uint64_t)9231207002243517909U, + (uint64_t)14261219637616504262U, (uint64_t)7786881626982345356U, + (uint64_t)11412720751765882139U, (uint64_t)14119585051365330009U, + (uint64_t)15281626286521302128U, (uint64_t)6350171933454266732U, + (uint64_t)16559468304937127866U, (uint64_t)13200760478271693417U, + (uint64_t)6733381546280350776U, (uint64_t)3801404890075189193U, (uint64_t)2741036364686993903U, + (uint64_t)3218612940540174008U, (uint64_t)10894914335165419505U, + (uint64_t)11862941430149998362U, (uint64_t)4223151729402839584U, (uint64_t)2913215088487087887U, + (uint64_t)14562168920104952953U, (uint64_t)2170089393468287453U, + (uint64_t)10520900655016579352U, (uint64_t)7040362608949989273U, (uint64_t)8376510559381705307U, + (uint64_t)9142237200448131532U, (uint64_t)5696859948123854080U, (uint64_t)925422306716081180U, + (uint64_t)11155545953469186421U, (uint64_t)1888208646862572812U, + (uint64_t)11151095998248845721U, (uint64_t)15793503271680275267U, + (uint64_t)7729877044494854851U, (uint64_t)6235134673193032913U, (uint64_t)7364280682182401564U, + (uint64_t)5479679373325519985U, (uint64_t)17966037684582301763U, + (uint64_t)14140891609330279185U, (uint64_t)5814744449740463867U, (uint64_t)5652588426712591652U, + (uint64_t)774745682988690912U, (uint64_t)13228255573220500373U, (uint64_t)11949122068786859397U, + (uint64_t)8021166392900770376U, (uint64_t)7994323710948720063U, (uint64_t)9924618472877849977U, + (uint64_t)17618517523141194266U, (uint64_t)2750424097794401714U, + (uint64_t)15481749570715253207U, (uint64_t)14646964509921760497U, + (uint64_t)1037442848094301355U, (uint64_t)6295995947389299132U, (uint64_t)16915049722317579514U, + (uint64_t)10493877400992990313U, (uint64_t)18391008753060553521U, (uint64_t)483942209623707598U, + (uint64_t)2017775662838016613U, (uint64_t)5933251998459363553U, (uint64_t)11789135019970707407U, + (uint64_t)5484123723153268336U, (uint64_t)13246954648848484954U, (uint64_t)4774374393926023505U, + (uint64_t)14863995618704457336U, (uint64_t)13220153167104973625U, + (uint64_t)5988445485312390826U, (uint64_t)17580359464028944682U, (uint64_t)7297100131969874771U, + (uint64_t)379931507867989375U, (uint64_t)10927113096513421444U, (uint64_t)17688881974428340857U, + (uint64_t)4259872578781463333U, (uint64_t)8573076295966784472U, (uint64_t)16389829450727275032U, + (uint64_t)1667243868963568259U, (uint64_t)17730726848925960919U, + (uint64_t)11408899874569778008U, (uint64_t)3576527582023272268U, + (uint64_t)16492920640224231656U, (uint64_t)7906130545972460130U, + (uint64_t)13878604278207681266U, (uint64_t)41446695125652041U, (uint64_t)8891615271337333503U, + (uint64_t)2594537723613594470U, (uint64_t)7699579176995770924U, (uint64_t)147458463055730655U, + (uint64_t)12120406862739088406U, (uint64_t)12044892493010567063U, + (uint64_t)8554076749615475136U, (uint64_t)1005097692260929999U, (uint64_t)2687202654471188715U, + (uint64_t)9457588752176879209U, (uint64_t)17472884880062444019U, (uint64_t)9792097892056020166U, + (uint64_t)2525246678512797150U, (uint64_t)15958903035313115662U, + (uint64_t)11336038170342247032U, (uint64_t)11560342382835141123U, + (uint64_t)6212009033479929024U, (uint64_t)8214308203775021229U, (uint64_t)8475469210070503698U, + (uint64_t)13287024123485719563U, (uint64_t)12956951963817520723U, + (uint64_t)10693035819908470465U, (uint64_t)11375478788224786725U, + (uint64_t)16934625208487120398U, (uint64_t)10094585729115874495U, + (uint64_t)2763884524395905776U, (uint64_t)13535890148969964883U, + (uint64_t)13514657411765064358U, (uint64_t)9903074440788027562U, + (uint64_t)17324720726421199990U, (uint64_t)2273931039117368789U, (uint64_t)3442641041506157854U, + (uint64_t)1119853641236409612U, (uint64_t)12037070344296077989U, (uint64_t)581736433335671746U, + (uint64_t)6019150647054369174U, (uint64_t)14864096138068789375U, (uint64_t)6652995210998318662U, + (uint64_t)12773883697029175304U, (uint64_t)12751275631451845119U, + (uint64_t)11449095003038250478U, (uint64_t)1025805267334366480U, (uint64_t)2764432500300815015U, + (uint64_t)18274564429002844381U, (uint64_t)10445634195592600351U, + (uint64_t)11814099592837202735U, (uint64_t)5006796893679120289U, (uint64_t)6908397253997261914U, + (uint64_t)13266696965302879279U, (uint64_t)7768715053015037430U, (uint64_t)3569923738654785686U, + (uint64_t)5844853453464857549U, (uint64_t)1837340805629559110U, (uint64_t)1034657624388283114U, + (uint64_t)711244516069456460U, (uint64_t)12519286026957934814U, (uint64_t)2613464944620837619U, + (uint64_t)10003023321338286213U, (uint64_t)7291332092642881376U, (uint64_t)9832199564117004897U, + (uint64_t)3280736694860799890U, (uint64_t)6416452202849179874U, (uint64_t)7326961381798642069U, + (uint64_t)8435688798040635029U, (uint64_t)16630141263910982958U, + (uint64_t)17222635514422533318U, (uint64_t)9482787389178881499U, (uint64_t)836561194658263905U, + (uint64_t)3405319043337616649U, (uint64_t)2786146577568026518U, (uint64_t)7625483685691626321U, + (uint64_t)6728084875304656716U, (uint64_t)1140997959232544268U, (uint64_t)12847384827606303792U, + (uint64_t)1719121337754572070U, (uint64_t)12863589482936438532U, (uint64_t)3880712899640530862U, + (uint64_t)2748456882813671564U, (uint64_t)4775988900044623019U, (uint64_t)8937847374382191162U, + (uint64_t)3767367347172252295U, (uint64_t)13468672401049388646U, + (uint64_t)14359032216842397576U, (uint64_t)2002555958685443975U, + (uint64_t)16488678606651526810U, (uint64_t)11826135409597474760U, + (uint64_t)15296495673182508601U + }; + +static const +uint64_t +Hacl_P256_PrecompTable_precomp_basepoint_table_w5[384U] = + { + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)1U, + (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, + (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)0U, (uint64_t)8784043285714375740U, + (uint64_t)8483257759279461889U, (uint64_t)8789745728267363600U, (uint64_t)1770019616739251654U, + (uint64_t)15992936863339206154U, (uint64_t)10037038012062884956U, + (uint64_t)15197544864945402661U, (uint64_t)9615747158586711429U, (uint64_t)1U, + (uint64_t)18446744069414584320U, (uint64_t)18446744073709551615U, (uint64_t)4294967294U, + (uint64_t)10634854829044225757U, (uint64_t)351552716085025155U, (uint64_t)10645315080955407736U, + (uint64_t)3609262091244858135U, (uint64_t)15760741698986874125U, + (uint64_t)14936374388219697827U, (uint64_t)15751360096993017895U, + (uint64_t)18012233706239762398U, (uint64_t)1993877568177495041U, + (uint64_t)10345888787846536528U, (uint64_t)7746511691117935375U, + (uint64_t)14517043990409914413U, (uint64_t)14122549297570634151U, + (uint64_t)16934610359517083771U, (uint64_t)5724511325497097418U, (uint64_t)8983432969107448705U, + (uint64_t)2687429970334080245U, (uint64_t)16525396802810050288U, (uint64_t)7602596488871585854U, + (uint64_t)4813919589149203084U, (uint64_t)7680395813780804519U, (uint64_t)6687709583048023590U, + (uint64_t)18086445169104142027U, (uint64_t)9637814708330203929U, + (uint64_t)14785108459960679090U, (uint64_t)3838023279095023581U, (uint64_t)3555615526157830307U, + (uint64_t)5177066488380472871U, (uint64_t)18218186719108038403U, + (uint64_t)16281556341699656105U, (uint64_t)1524227924561461191U, (uint64_t)4148060517641909597U, + (uint64_t)2858290374115363433U, (uint64_t)8942772026334130620U, (uint64_t)3034451298319885113U, + (uint64_t)8447866036736640940U, (uint64_t)11204933433076256578U, + (uint64_t)18333595740249588297U, (uint64_t)8259597024804538246U, (uint64_t)9539734295777539786U, + (uint64_t)9797290423046626413U, (uint64_t)5777303437849646537U, (uint64_t)8739356909899132020U, + (uint64_t)14815960973766782158U, (uint64_t)15286581798204509801U, + (uint64_t)17597362577777019682U, (uint64_t)13259283710820519742U, + (uint64_t)10501322996899164670U, (uint64_t)1221138904338319642U, + (uint64_t)14586685489551951885U, (uint64_t)895326705426031212U, (uint64_t)14398171728560617847U, + (uint64_t)9592550823745097391U, (uint64_t)17240998489162206026U, (uint64_t)8085479283308189196U, + (uint64_t)14844657737893882826U, (uint64_t)15923425394150618234U, + (uint64_t)2997808084773249525U, (uint64_t)494323555453660587U, (uint64_t)1215695327517794764U, + (uint64_t)9476207381098391690U, (uint64_t)7480789678419122995U, (uint64_t)15212230329321082489U, + (uint64_t)436189395349576388U, (uint64_t)17377474396456660834U, (uint64_t)15237013929655017939U, + (uint64_t)11444428846883781676U, (uint64_t)5112749694521428575U, (uint64_t)950829367509872073U, + (uint64_t)17665036182057559519U, (uint64_t)17205133339690002313U, + (uint64_t)16233765170251334549U, (uint64_t)10122775683257972591U, + (uint64_t)3352514236455632420U, (uint64_t)9143148522359954691U, (uint64_t)601191684005658860U, + (uint64_t)13398772186646349998U, (uint64_t)15512696600132928431U, + (uint64_t)9128416073728948653U, (uint64_t)11233051033546138578U, (uint64_t)6769345682610122833U, + (uint64_t)10823233224575054288U, (uint64_t)9997725227559980175U, (uint64_t)6733425642852897415U, + (uint64_t)16302206918151466066U, (uint64_t)1669330822143265921U, (uint64_t)2661645605036546002U, + (uint64_t)17182558479745802165U, (uint64_t)1165082692376932040U, (uint64_t)9470595929011488359U, + (uint64_t)6142147329285324932U, (uint64_t)4829075085998111287U, (uint64_t)10231370681107338930U, + (uint64_t)9591876895322495239U, (uint64_t)10316468561384076618U, + (uint64_t)11592503647238064235U, (uint64_t)13395813606055179632U, (uint64_t)511127033980815508U, + (uint64_t)12434976573147649880U, (uint64_t)3425094795384359127U, (uint64_t)6816971736303023445U, + (uint64_t)15444670609021139344U, (uint64_t)9464349818322082360U, + (uint64_t)16178216413042376883U, (uint64_t)9595540370774317348U, (uint64_t)7229365182662875710U, + (uint64_t)4601177649460012843U, (uint64_t)5455046447382487090U, (uint64_t)10854066421606187521U, + (uint64_t)15913416821879788071U, (uint64_t)2297365362023460173U, (uint64_t)2603252216454941350U, + (uint64_t)6768791943870490934U, (uint64_t)15705936687122754810U, (uint64_t)9537096567546600694U, + (uint64_t)17580538144855035062U, (uint64_t)4496542856965746638U, (uint64_t)8444341625922124942U, + (uint64_t)12191263903636183168U, (uint64_t)17427332907535974165U, + (uint64_t)14307569739254103736U, (uint64_t)13900598742063266169U, + (uint64_t)7176996424355977650U, (uint64_t)5709008170379717479U, (uint64_t)14471312052264549092U, + (uint64_t)1464519909491759867U, (uint64_t)3328154641049602121U, (uint64_t)13020349337171136774U, + (uint64_t)2772166279972051938U, (uint64_t)10854476939425975292U, (uint64_t)1967189930534630940U, + (uint64_t)2802919076529341959U, (uint64_t)14792226094833519208U, + (uint64_t)14675640928566522177U, (uint64_t)14838974364643800837U, + (uint64_t)17631460696099549980U, (uint64_t)17434186275364935469U, + (uint64_t)2665648200587705473U, (uint64_t)13202122464492564051U, (uint64_t)7576287350918073341U, + (uint64_t)2272206013910186424U, (uint64_t)14558761641743937843U, (uint64_t)5675729149929979729U, + (uint64_t)9043135187561613166U, (uint64_t)11750149293830589225U, (uint64_t)740555197954307911U, + (uint64_t)9871738005087190699U, (uint64_t)17178667634283502053U, + (uint64_t)18046255991533013265U, (uint64_t)4458222096988430430U, (uint64_t)8452427758526311627U, + (uint64_t)13825286929656615266U, (uint64_t)13956286357198391218U, + (uint64_t)15875692916799995079U, (uint64_t)10634895319157013920U, + (uint64_t)13230116118036304207U, (uint64_t)8795317393614625606U, (uint64_t)7001710806858862020U, + (uint64_t)7949746088586183478U, (uint64_t)14677556044923602317U, + (uint64_t)11184023437485843904U, (uint64_t)11215864722023085094U, + (uint64_t)6444464081471519014U, (uint64_t)1706241174022415217U, (uint64_t)8243975633057550613U, + (uint64_t)15502902453836085864U, (uint64_t)3799182188594003953U, (uint64_t)3538840175098724094U, + (uint64_t)13240193491554624643U, (uint64_t)12365034249541329920U, + (uint64_t)2924326828590977357U, (uint64_t)5687195797140589099U, (uint64_t)16880427227292834531U, + (uint64_t)9691471435758991112U, (uint64_t)16642385273732487288U, + (uint64_t)12173806747523009914U, (uint64_t)13142722756877876849U, + (uint64_t)8370377548305121979U, (uint64_t)17988526053752025426U, (uint64_t)4818750752684100334U, + (uint64_t)5669241919350361655U, (uint64_t)4964810303238518540U, (uint64_t)16709712747671533191U, + (uint64_t)4461414404267448242U, (uint64_t)3971798785139504238U, (uint64_t)6276818948740422136U, + (uint64_t)1426735892164275762U, (uint64_t)7943622674892418919U, (uint64_t)9864274225563929680U, + (uint64_t)57815533745003233U, (uint64_t)10893588105168960233U, (uint64_t)15739162732907069535U, + (uint64_t)3923866849462073470U, (uint64_t)12279826158399226875U, (uint64_t)1533015761334846582U, + (uint64_t)15860156818568437510U, (uint64_t)8252625373831297988U, (uint64_t)9666953804812706358U, + (uint64_t)8767785238646914634U, (uint64_t)14382179044941403551U, + (uint64_t)10401039907264254245U, (uint64_t)8584860003763157350U, (uint64_t)3120462679504470266U, + (uint64_t)8670255778748340069U, (uint64_t)5313789577940369984U, (uint64_t)16977072364454789224U, + (uint64_t)12199578693972188324U, (uint64_t)18211098771672599237U, + (uint64_t)12868831556008795030U, (uint64_t)5310155061431048194U, + (uint64_t)18114153238435112606U, (uint64_t)14482365809278304512U, + (uint64_t)12520721662723001511U, (uint64_t)405943624021143002U, (uint64_t)8146944101507657423U, + (uint64_t)181739317780393495U, (uint64_t)81743892273670099U, (uint64_t)14759561962550473930U, + (uint64_t)4592623849546992939U, (uint64_t)6916440441743449719U, (uint64_t)1304610503530809833U, + (uint64_t)5464930909232486441U, (uint64_t)15414883617496224671U, (uint64_t)8129283345256790U, + (uint64_t)18294252198413739489U, (uint64_t)17394115281884857288U, + (uint64_t)7808348415224731235U, (uint64_t)13195566655747230608U, (uint64_t)8568194219353949094U, + (uint64_t)15329813048672122440U, (uint64_t)9604275495885785744U, (uint64_t)1577712551205219835U, + (uint64_t)15964209008022052790U, (uint64_t)15087297920782098160U, + (uint64_t)3946031512438511898U, (uint64_t)10050061168984440631U, + (uint64_t)11382452014533138316U, (uint64_t)6313670788911952792U, + (uint64_t)12015989229696164014U, (uint64_t)5946702628076168852U, (uint64_t)5219995658774362841U, + (uint64_t)12230141881068377972U, (uint64_t)12361195202673441956U, + (uint64_t)4732862275653856711U, (uint64_t)17221430380805252370U, + (uint64_t)15397525953897375810U, (uint64_t)16557437297239563045U, + (uint64_t)10101683801868971351U, (uint64_t)1402611372245592868U, (uint64_t)1931806383735563658U, + (uint64_t)10991705207471512479U, (uint64_t)861333583207471392U, (uint64_t)15207766844626322355U, + (uint64_t)9224628129811432393U, (uint64_t)3497069567089055613U, (uint64_t)11956632757898590316U, + (uint64_t)8733729372586312960U, (uint64_t)18091521051714930927U, (uint64_t)77582787724373283U, + (uint64_t)9922437373519669237U, (uint64_t)3079321456325704615U, (uint64_t)12171198408512478457U, + (uint64_t)17179130884012147596U, (uint64_t)6839115479620367181U, (uint64_t)4421032569964105406U, + (uint64_t)10353331468657256053U, (uint64_t)17400988720335968824U, + (uint64_t)17138855889417480540U, (uint64_t)4507980080381370611U, + (uint64_t)10703175719793781886U, (uint64_t)12598516658725890426U, + (uint64_t)8353463412173898932U, (uint64_t)17703029389228422404U, (uint64_t)9313111267107226233U, + (uint64_t)5441322942995154196U, (uint64_t)8952817660034465484U, (uint64_t)17571113341183703118U, + (uint64_t)7375087953801067019U, (uint64_t)13381466302076453648U, (uint64_t)3218165271423914596U, + (uint64_t)16956372157249382685U, (uint64_t)509080090049418841U, (uint64_t)13374233893294084913U, + (uint64_t)2988537624204297086U, (uint64_t)4979195832939384620U, (uint64_t)3803931594068976394U, + (uint64_t)10731535883829627646U, (uint64_t)12954845047607194278U, + (uint64_t)10494298062560667399U, (uint64_t)4967351022190213065U, + (uint64_t)13391917938145756456U, (uint64_t)951370484866918160U, (uint64_t)13531334179067685307U, + (uint64_t)12868421357919390599U, (uint64_t)15918857042998130258U, + (uint64_t)17769743831936974016U, (uint64_t)7137921979260368809U, + (uint64_t)12461369180685892062U, (uint64_t)827476514081935199U, (uint64_t)15107282134224767230U, + (uint64_t)10084765752802805748U, (uint64_t)3303739059392464407U, + (uint64_t)17859532612136591428U, (uint64_t)10949414770405040164U, + (uint64_t)12838613589371008785U, (uint64_t)5554397169231540728U, + (uint64_t)18375114572169624408U, (uint64_t)15649286703242390139U, + (uint64_t)2957281557463706877U, (uint64_t)14000350446219393213U, + (uint64_t)14355199721749620351U, (uint64_t)2730856240099299695U, + (uint64_t)17528131000714705752U, (uint64_t)2537498525883536360U, (uint64_t)6121058967084509393U, + (uint64_t)16897667060435514221U, (uint64_t)12367869599571112440U, + (uint64_t)3388831797050807508U, (uint64_t)16791449724090982798U, (uint64_t)2673426123453294928U, + (uint64_t)11369313542384405846U, (uint64_t)15641960333586432634U, + (uint64_t)15080962589658958379U, (uint64_t)7747943772340226569U, (uint64_t)8075023376199159152U, + (uint64_t)8485093027378306528U, (uint64_t)13503706844122243648U, (uint64_t)8401961362938086226U, + (uint64_t)8125426002124226402U, (uint64_t)9005399361407785203U, (uint64_t)6847968030066906634U, + (uint64_t)11934937736309295197U, (uint64_t)5116750888594772351U, (uint64_t)2817039227179245227U, + (uint64_t)17724206901239332980U, (uint64_t)4985702708254058578U, (uint64_t)5786345435756642871U, + (uint64_t)17772527414940936938U, (uint64_t)1201320251272957006U, + (uint64_t)15787430120324348129U, (uint64_t)6305488781359965661U, + (uint64_t)12423900845502858433U, (uint64_t)17485949424202277720U, + (uint64_t)2062237315546855852U, (uint64_t)10353639467860902375U, (uint64_t)2315398490451287299U, + (uint64_t)15394572894814882621U, (uint64_t)232866113801165640U, (uint64_t)7413443736109338926U, + (uint64_t)902719806551551191U, (uint64_t)16568853118619045174U, (uint64_t)14202214862428279177U, + (uint64_t)11719595395278861192U, (uint64_t)5890053236389907647U, (uint64_t)9996196494965833627U, + (uint64_t)12967056942364782577U, (uint64_t)9034128755157395787U, + (uint64_t)17898204904710512655U, (uint64_t)8229373445062993977U, + (uint64_t)13580036169519833644U + }; + +static inline uint64_t +Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) +{ + uint64_t c = (uint64_t)0U; + for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + { + uint64_t t1 = a[(uint32_t)4U * i]; + uint64_t t20 = b[(uint32_t)4U * i]; + uint64_t *res_i0 = res + (uint32_t)4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0); + uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1); + uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2); + uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i); + } + for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + { + uint64_t t1 = a[i]; + uint64_t t2 = b[i]; + uint64_t *res_i = res + i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i); + } + return c; +} + +static inline uint64_t +Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t l) +{ + uint32_t i1 = i / (uint32_t)64U; + uint32_t j = i % (uint32_t)64U; + uint64_t p1 = b[i1] >> j; + uint64_t ite; + if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) + { + ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)64U - j); + } + else + { + ite = p1; + } + return ite & (((uint64_t)1U << l) - (uint64_t)1U); +} + +static inline uint64_t +Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64_t *out) +{ + uint64_t out0 = out[0U]; + FStar_UInt128_uint128 + res = + FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(a, b), + FStar_UInt128_uint64_to_uint128(c_in)), + FStar_UInt128_uint64_to_uint128(out0)); + out[0U] = FStar_UInt128_uint128_to_uint64(res); + return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)); +} + +#endif // CRYPTO_HACL_P256_H_ diff --git a/crypto/p256-hacl-generated.c b/crypto/p256-hacl-generated.c new file mode 100644 index 0000000000000..5829b9269cb1a --- /dev/null +++ b/crypto/p256-hacl-generated.c @@ -0,0 +1,1808 @@ +/* GPLv2 or MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + */ + + +#include "hacl_p256.h" + +static inline uint64_t +bn_is_zero_mask4(uint64_t *f) +{ + uint64_t bn_zero[4U] = { 0U }; + uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t uu____0 = FStar_UInt64_eq_mask(f[i], bn_zero[i]); + mask = uu____0 & mask;); + uint64_t mask1 = mask; + uint64_t res = mask1; + return res; +} + +static inline bool +bn_is_zero_vartime4(uint64_t *f) +{ + uint64_t m = bn_is_zero_mask4(f); + return m == (uint64_t)0xFFFFFFFFFFFFFFFFU; +} + +static inline uint64_t +bn_is_eq_mask4(uint64_t *a, uint64_t *b) +{ + uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t uu____0 = FStar_UInt64_eq_mask(a[i], b[i]); + mask = uu____0 & mask;); + uint64_t mask1 = mask; + return mask1; +} + +static inline bool +bn_is_eq_vartime4(uint64_t *a, uint64_t *b) +{ + uint64_t m = bn_is_eq_mask4(a, b); + return m == (uint64_t)0xFFFFFFFFFFFFFFFFU; +} + +static inline void +bn_cmovznz4(uint64_t *res, uint64_t cin, uint64_t *x, uint64_t *y) +{ + uint64_t mask = ~FStar_UInt64_eq_mask(cin, (uint64_t)0U); + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = res; + uint64_t uu____0 = x[i]; + uint64_t x1 = uu____0 ^ (mask & (y[i] ^ uu____0)); + os[i] = x1;); +} + +static inline void +bn_add_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t *y) +{ + uint64_t c0 = (uint64_t)0U; + { + uint64_t t1 = x[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = y[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0); + uint64_t t10 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1); + uint64_t t11 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2); + uint64_t t12 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i); + } + uint64_t c00 = c0; + uint64_t tmp[4U] = { 0U }; + uint64_t c = (uint64_t)0U; + { + uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); + uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); + uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); + uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); + } + uint64_t c1 = c; + uint64_t c2 = c00 - c1; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = res; + uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]); + os[i] = x1;); +} + +static inline uint64_t +bn_sub4(uint64_t *res, uint64_t *x, uint64_t *y) +{ + uint64_t c = (uint64_t)0U; + { + uint64_t t1 = x[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = y[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); + uint64_t t10 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); + uint64_t t11 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); + uint64_t t12 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); + } + uint64_t c0 = c; + return c0; +} + +static inline void +bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t *y) +{ + uint64_t c0 = (uint64_t)0U; + { + uint64_t t1 = x[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = y[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = res + (uint32_t)4U * (uint32_t)0U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0); + uint64_t t10 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1); + uint64_t t11 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2); + uint64_t t12 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = y[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = res + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i); + } + uint64_t c00 = c0; + uint64_t tmp[4U] = { 0U }; + uint64_t c = (uint64_t)0U; + { + uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0); + uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1); + uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2); + uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i); + } + uint64_t c1 = c; + KRML_HOST_IGNORE(c1); + uint64_t c2 = (uint64_t)0U - c00; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = res; + uint64_t x1 = (c2 & tmp[i]) | (~c2 & res[i]); + os[i] = x1;); +} + +static inline void +bn_mul4(uint64_t *res, uint64_t *x, uint64_t *y) +{ + memset(res, 0U, (uint32_t)8U * sizeof(uint64_t)); + KRML_MAYBE_FOR4( + i0, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t bj = y[i0]; + uint64_t *res_j = res + i0; + uint64_t c = (uint64_t)0U; + { + uint64_t a_i = x[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0); + uint64_t a_i0 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1); + uint64_t a_i1 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2); + uint64_t a_i2 = x[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i); + } uint64_t r = c; + res[(uint32_t)4U + i0] = r;); +} + +static inline void +bn_sqr4(uint64_t *res, uint64_t *x) +{ + memset(res, 0U, (uint32_t)8U * sizeof(uint64_t)); + KRML_MAYBE_FOR4( + i0, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *ab = x; + uint64_t a_j = x[i0]; + uint64_t *res_j = res + i0; + uint64_t c = (uint64_t)0U; + for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) { + uint64_t a_i = ab[(uint32_t)4U * i]; + uint64_t *res_i0 = res_j + (uint32_t)4U * i; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0); + uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1); + uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2); + uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i); + } for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) { + uint64_t a_i = ab[i]; + uint64_t *res_i = res_j + i; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i); + } uint64_t r = c; + res[i0 + i0] = r;); + uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res); + KRML_HOST_IGNORE(c0); + uint64_t tmp[8U] = { 0U }; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(x[i], x[i]); + uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U)); + uint64_t lo = FStar_UInt128_uint128_to_uint64(res1); + tmp[(uint32_t)2U * i] = lo; + tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;); + uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res); + KRML_HOST_IGNORE(c1); +} + +static inline void +bn_to_bytes_be4(uint8_t *res, uint64_t *f) +{ + uint8_t tmp[32U] = { 0U }; + KRML_HOST_IGNORE(tmp); + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + store64_be(res + i * (uint32_t)8U, f[(uint32_t)4U - i - (uint32_t)1U]);); +} + +static inline void +bn_from_bytes_be4(uint64_t *res, uint8_t *b) +{ + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = res; + uint64_t u = load64_be(b + ((uint32_t)4U - i - (uint32_t)1U) * (uint32_t)8U); + uint64_t x = u; + os[i] = x;); +} + +static inline void +bn2_to_bytes_be4(uint8_t *res, uint64_t *x, uint64_t *y) +{ + bn_to_bytes_be4(res, x); + bn_to_bytes_be4(res + (uint32_t)32U, y); +} + +static inline void +make_prime(uint64_t *n) +{ + n[0U] = (uint64_t)0xffffffffffffffffU; + n[1U] = (uint64_t)0xffffffffU; + n[2U] = (uint64_t)0x0U; + n[3U] = (uint64_t)0xffffffff00000001U; +} + +static inline void +make_order(uint64_t *n) +{ + n[0U] = (uint64_t)0xf3b9cac2fc632551U; + n[1U] = (uint64_t)0xbce6faada7179e84U; + n[2U] = (uint64_t)0xffffffffffffffffU; + n[3U] = (uint64_t)0xffffffff00000000U; +} + +static inline void +make_a_coeff(uint64_t *a) +{ + a[0U] = (uint64_t)0xfffffffffffffffcU; + a[1U] = (uint64_t)0x3ffffffffU; + a[2U] = (uint64_t)0x0U; + a[3U] = (uint64_t)0xfffffffc00000004U; +} + +static inline void +make_b_coeff(uint64_t *b) +{ + b[0U] = (uint64_t)0xd89cdf6229c4bddfU; + b[1U] = (uint64_t)0xacf005cd78843090U; + b[2U] = (uint64_t)0xe5a220abf7212ed6U; + b[3U] = (uint64_t)0xdc30061d04874834U; +} + +static inline void +make_g_x(uint64_t *n) +{ + n[0U] = (uint64_t)0x79e730d418a9143cU; + n[1U] = (uint64_t)0x75ba95fc5fedb601U; + n[2U] = (uint64_t)0x79fb732b77622510U; + n[3U] = (uint64_t)0x18905f76a53755c6U; +} + +static inline void +make_g_y(uint64_t *n) +{ + n[0U] = (uint64_t)0xddf25357ce95560aU; + n[1U] = (uint64_t)0x8b4ab8e4ba19e45cU; + n[2U] = (uint64_t)0xd2e88688dd21f325U; + n[3U] = (uint64_t)0x8571ff1825885d85U; +} + +static inline void +make_fmont_R2(uint64_t *n) +{ + n[0U] = (uint64_t)0x3U; + n[1U] = (uint64_t)0xfffffffbffffffffU; + n[2U] = (uint64_t)0xfffffffffffffffeU; + n[3U] = (uint64_t)0x4fffffffdU; +} + +static inline void +make_fzero(uint64_t *n) +{ + n[0U] = (uint64_t)0U; + n[1U] = (uint64_t)0U; + n[2U] = (uint64_t)0U; + n[3U] = (uint64_t)0U; +} + +static inline void +make_fone(uint64_t *n) +{ + n[0U] = (uint64_t)0x1U; + n[1U] = (uint64_t)0xffffffff00000000U; + n[2U] = (uint64_t)0xffffffffffffffffU; + n[3U] = (uint64_t)0xfffffffeU; +} + +static inline uint64_t +bn_is_lt_prime_mask4(uint64_t *f) +{ + uint64_t tmp[4U] = { 0U }; + make_prime(tmp); + uint64_t c = bn_sub4(tmp, f, tmp); + return (uint64_t)0U - c; +} + +static inline uint64_t +feq_mask(uint64_t *a, uint64_t *b) +{ + uint64_t r = bn_is_eq_mask4(a, b); + return r; +} + +static inline void +fadd0(uint64_t *res, uint64_t *x, uint64_t *y) +{ + uint64_t n[4U] = { 0U }; + make_prime(n); + bn_add_mod4(res, n, x, y); +} + +static inline void +fsub0(uint64_t *res, uint64_t *x, uint64_t *y) +{ + uint64_t n[4U] = { 0U }; + make_prime(n); + bn_sub_mod4(res, n, x, y); +} + +static inline void +fnegate_conditional_vartime(uint64_t *f, bool is_negate) +{ + uint64_t zero[4U] = { 0U }; + if (is_negate) { + fsub0(f, zero, f); + } +} + +static inline void +mont_reduction(uint64_t *res, uint64_t *x) +{ + uint64_t n[4U] = { 0U }; + make_prime(n); + uint64_t c0 = (uint64_t)0U; + KRML_MAYBE_FOR4( + i0, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t qj = (uint64_t)1U * x[i0]; + uint64_t *res_j0 = x + i0; + uint64_t c = (uint64_t)0U; + { + uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0); + uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1); + uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2); + uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i); + } uint64_t r = c; + uint64_t c1 = r; + uint64_t *resb = x + (uint32_t)4U + i0; + uint64_t res_j = x[(uint32_t)4U + i0]; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb);); + memcpy(res, x + (uint32_t)4U, (uint32_t)4U * sizeof(uint64_t)); + uint64_t c00 = c0; + uint64_t tmp[4U] = { 0U }; + uint64_t c = (uint64_t)0U; + { + uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); + uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); + uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); + uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); + } + uint64_t c1 = c; + uint64_t c2 = c00 - c1; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = res; + uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]); + os[i] = x1;); +} + +static inline void +fmul0(uint64_t *res, uint64_t *x, uint64_t *y) +{ + uint64_t tmp[8U] = { 0U }; + bn_mul4(tmp, x, y); + mont_reduction(res, tmp); +} + +static inline void +fsqr0(uint64_t *res, uint64_t *x) +{ + uint64_t tmp[8U] = { 0U }; + bn_sqr4(tmp, x); + mont_reduction(res, tmp); +} + +static inline void +from_mont(uint64_t *res, uint64_t *a) +{ + uint64_t tmp[8U] = { 0U }; + memcpy(tmp, a, (uint32_t)4U * sizeof(uint64_t)); + mont_reduction(res, tmp); +} + +static inline void +to_mont(uint64_t *res, uint64_t *a) +{ + uint64_t r2modn[4U] = { 0U }; + make_fmont_R2(r2modn); + fmul0(res, a, r2modn); +} + +static inline void +fmul_by_b_coeff(uint64_t *res, uint64_t *x) +{ + uint64_t b_coeff[4U] = { 0U }; + make_b_coeff(b_coeff); + fmul0(res, b_coeff, x); +} + +static inline void +fcube(uint64_t *res, uint64_t *x) +{ + fsqr0(res, x); + fmul0(res, res, x); +} + +static inline void +finv(uint64_t *res, uint64_t *a) +{ + uint64_t tmp[16U] = { 0U }; + uint64_t *x30 = tmp; + uint64_t *x2 = tmp + (uint32_t)4U; + uint64_t *tmp1 = tmp + (uint32_t)8U; + uint64_t *tmp2 = tmp + (uint32_t)12U; + memcpy(x2, a, (uint32_t)4U * sizeof(uint64_t)); + { + fsqr0(x2, x2); + } + fmul0(x2, x2, a); + memcpy(x30, x2, (uint32_t)4U * sizeof(uint64_t)); + { + fsqr0(x30, x30); + } + fmul0(x30, x30, a); + memcpy(tmp1, x30, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, fsqr0(tmp1, tmp1);); + fmul0(tmp1, tmp1, x30); + memcpy(tmp2, tmp1, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, fsqr0(tmp2, tmp2);); + fmul0(tmp2, tmp2, tmp1); + memcpy(tmp1, tmp2, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, fsqr0(tmp1, tmp1);); + fmul0(tmp1, tmp1, x30); + memcpy(x30, tmp1, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR15(i, (uint32_t)0U, (uint32_t)15U, (uint32_t)1U, fsqr0(x30, x30);); + fmul0(x30, x30, tmp1); + memcpy(tmp1, x30, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, fsqr0(tmp1, tmp1);); + fmul0(tmp1, tmp1, x2); + memcpy(x2, tmp1, (uint32_t)4U * sizeof(uint64_t)); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++) { + fsqr0(x2, x2); + } + fmul0(x2, x2, a); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++) { + fsqr0(x2, x2); + } + fmul0(x2, x2, tmp1); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++) { + fsqr0(x2, x2); + } + fmul0(x2, x2, tmp1); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)30U; i++) { + fsqr0(x2, x2); + } + fmul0(x2, x2, x30); + KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, fsqr0(x2, x2);); + fmul0(tmp1, x2, a); + memcpy(res, tmp1, (uint32_t)4U * sizeof(uint64_t)); +} + +static inline void +fsqrt(uint64_t *res, uint64_t *a) +{ + uint64_t tmp[8U] = { 0U }; + uint64_t *tmp1 = tmp; + uint64_t *tmp2 = tmp + (uint32_t)4U; + memcpy(tmp1, a, (uint32_t)4U * sizeof(uint64_t)); + { + fsqr0(tmp1, tmp1); + } + fmul0(tmp1, tmp1, a); + memcpy(tmp2, tmp1, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, fsqr0(tmp2, tmp2);); + fmul0(tmp2, tmp2, tmp1); + memcpy(tmp1, tmp2, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, fsqr0(tmp1, tmp1);); + fmul0(tmp1, tmp1, tmp2); + memcpy(tmp2, tmp1, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, fsqr0(tmp2, tmp2);); + fmul0(tmp2, tmp2, tmp1); + memcpy(tmp1, tmp2, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR16(i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, fsqr0(tmp1, tmp1);); + fmul0(tmp1, tmp1, tmp2); + memcpy(tmp2, tmp1, (uint32_t)4U * sizeof(uint64_t)); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++) { + fsqr0(tmp2, tmp2); + } + fmul0(tmp2, tmp2, a); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)96U; i++) { + fsqr0(tmp2, tmp2); + } + fmul0(tmp2, tmp2, a); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)94U; i++) { + fsqr0(tmp2, tmp2); + } + memcpy(res, tmp2, (uint32_t)4U * sizeof(uint64_t)); +} + +static inline void +make_base_point(uint64_t *p) +{ + uint64_t *x = p; + uint64_t *y = p + (uint32_t)4U; + uint64_t *z = p + (uint32_t)8U; + make_g_x(x); + make_g_y(y); + make_fone(z); +} + +static inline void +make_point_at_inf(uint64_t *p) +{ + uint64_t *x = p; + uint64_t *y = p + (uint32_t)4U; + uint64_t *z = p + (uint32_t)8U; + make_fzero(x); + make_fone(y); + make_fzero(z); +} + +static inline bool +is_point_at_inf_vartime(uint64_t *p) +{ + uint64_t *pz = p + (uint32_t)8U; + return bn_is_zero_vartime4(pz); +} + +static inline void +to_aff_point(uint64_t *res, uint64_t *p) +{ + uint64_t zinv[4U] = { 0U }; + uint64_t *px = p; + uint64_t *py = p + (uint32_t)4U; + uint64_t *pz = p + (uint32_t)8U; + uint64_t *x = res; + uint64_t *y = res + (uint32_t)4U; + finv(zinv, pz); + fmul0(x, px, zinv); + fmul0(y, py, zinv); + from_mont(x, x); + from_mont(y, y); +} + +static inline void +to_aff_point_x(uint64_t *res, uint64_t *p) +{ + uint64_t zinv[4U] = { 0U }; + uint64_t *px = p; + uint64_t *pz = p + (uint32_t)8U; + finv(zinv, pz); + fmul0(res, px, zinv); + from_mont(res, res); +} + +static inline void +to_proj_point(uint64_t *res, uint64_t *p) +{ + uint64_t *px = p; + uint64_t *py = p + (uint32_t)4U; + uint64_t *rx = res; + uint64_t *ry = res + (uint32_t)4U; + uint64_t *rz = res + (uint32_t)8U; + to_mont(rx, px); + to_mont(ry, py); + make_fone(rz); +} + +static inline bool +is_on_curve_vartime(uint64_t *p) +{ + uint64_t rp[4U] = { 0U }; + uint64_t tx[4U] = { 0U }; + uint64_t ty[4U] = { 0U }; + uint64_t *px = p; + uint64_t *py = p + (uint32_t)4U; + to_mont(tx, px); + to_mont(ty, py); + uint64_t tmp[4U] = { 0U }; + fcube(rp, tx); + make_a_coeff(tmp); + fmul0(tmp, tmp, tx); + fadd0(rp, tmp, rp); + make_b_coeff(tmp); + fadd0(rp, tmp, rp); + fsqr0(ty, ty); + uint64_t r = feq_mask(ty, rp); + bool r0 = r == (uint64_t)0xFFFFFFFFFFFFFFFFU; + return r0; +} + +static inline void +aff_point_store(uint8_t *res, uint64_t *p) +{ + uint64_t *px = p; + uint64_t *py = p + (uint32_t)4U; + bn2_to_bytes_be4(res, px, py); +} + +static inline void +point_store(uint8_t *res, uint64_t *p) +{ + uint64_t aff_p[8U] = { 0U }; + to_aff_point(aff_p, p); + aff_point_store(res, aff_p); +} + +static inline bool +aff_point_load_vartime(uint64_t *p, uint8_t *b) +{ + uint8_t *p_x = b; + uint8_t *p_y = b + (uint32_t)32U; + uint64_t *bn_p_x = p; + uint64_t *bn_p_y = p + (uint32_t)4U; + bn_from_bytes_be4(bn_p_x, p_x); + bn_from_bytes_be4(bn_p_y, p_y); + uint64_t *px = p; + uint64_t *py = p + (uint32_t)4U; + uint64_t lessX = bn_is_lt_prime_mask4(px); + uint64_t lessY = bn_is_lt_prime_mask4(py); + uint64_t res = lessX & lessY; + bool is_xy_valid = res == (uint64_t)0xFFFFFFFFFFFFFFFFU; + if (!is_xy_valid) { + return false; + } + return is_on_curve_vartime(p); +} + +static inline bool +load_point_vartime(uint64_t *p, uint8_t *b) +{ + uint64_t p_aff[8U] = { 0U }; + bool res = aff_point_load_vartime(p_aff, b); + if (res) { + to_proj_point(p, p_aff); + } + return res; +} + +static inline bool +aff_point_decompress_vartime(uint64_t *x, uint64_t *y, uint8_t *s) +{ + uint8_t s0 = s[0U]; + uint8_t s01 = s0; + if (!(s01 == (uint8_t)0x02U || s01 == (uint8_t)0x03U)) { + return false; + } + uint8_t *xb = s + (uint32_t)1U; + bn_from_bytes_be4(x, xb); + uint64_t is_x_valid = bn_is_lt_prime_mask4(x); + bool is_x_valid1 = is_x_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU; + bool is_y_odd = s01 == (uint8_t)0x03U; + if (!is_x_valid1) { + return false; + } + uint64_t y2M[4U] = { 0U }; + uint64_t xM[4U] = { 0U }; + uint64_t yM[4U] = { 0U }; + to_mont(xM, x); + uint64_t tmp[4U] = { 0U }; + fcube(y2M, xM); + make_a_coeff(tmp); + fmul0(tmp, tmp, xM); + fadd0(y2M, tmp, y2M); + make_b_coeff(tmp); + fadd0(y2M, tmp, y2M); + fsqrt(yM, y2M); + from_mont(y, yM); + fsqr0(yM, yM); + uint64_t r = feq_mask(yM, y2M); + bool is_y_valid = r == (uint64_t)0xFFFFFFFFFFFFFFFFU; + bool is_y_valid0 = is_y_valid; + if (!is_y_valid0) { + return false; + } + uint64_t is_y_odd1 = y[0U] & (uint64_t)1U; + bool is_y_odd2 = is_y_odd1 == (uint64_t)1U; + fnegate_conditional_vartime(y, is_y_odd2 != is_y_odd); + return true; +} + +static inline void +point_double(uint64_t *res, uint64_t *p) +{ + uint64_t tmp[20U] = { 0U }; + uint64_t *x = p; + uint64_t *z = p + (uint32_t)8U; + uint64_t *x3 = res; + uint64_t *y3 = res + (uint32_t)4U; + uint64_t *z3 = res + (uint32_t)8U; + uint64_t *t0 = tmp; + uint64_t *t1 = tmp + (uint32_t)4U; + uint64_t *t2 = tmp + (uint32_t)8U; + uint64_t *t3 = tmp + (uint32_t)12U; + uint64_t *t4 = tmp + (uint32_t)16U; + uint64_t *x1 = p; + uint64_t *y = p + (uint32_t)4U; + uint64_t *z1 = p + (uint32_t)8U; + fsqr0(t0, x1); + fsqr0(t1, y); + fsqr0(t2, z1); + fmul0(t3, x1, y); + fadd0(t3, t3, t3); + fmul0(t4, y, z1); + fmul0(z3, x, z); + fadd0(z3, z3, z3); + fmul_by_b_coeff(y3, t2); + fsub0(y3, y3, z3); + fadd0(x3, y3, y3); + fadd0(y3, x3, y3); + fsub0(x3, t1, y3); + fadd0(y3, t1, y3); + fmul0(y3, x3, y3); + fmul0(x3, x3, t3); + fadd0(t3, t2, t2); + fadd0(t2, t2, t3); + fmul_by_b_coeff(z3, z3); + fsub0(z3, z3, t2); + fsub0(z3, z3, t0); + fadd0(t3, z3, z3); + fadd0(z3, z3, t3); + fadd0(t3, t0, t0); + fadd0(t0, t3, t0); + fsub0(t0, t0, t2); + fmul0(t0, t0, z3); + fadd0(y3, y3, t0); + fadd0(t0, t4, t4); + fmul0(z3, t0, z3); + fsub0(x3, x3, z3); + fmul0(z3, t0, t1); + fadd0(z3, z3, z3); + fadd0(z3, z3, z3); +} + +static inline void +point_add(uint64_t *res, uint64_t *p, uint64_t *q) +{ + uint64_t tmp[36U] = { 0U }; + uint64_t *t0 = tmp; + uint64_t *t1 = tmp + (uint32_t)24U; + uint64_t *x3 = t1; + uint64_t *y3 = t1 + (uint32_t)4U; + uint64_t *z3 = t1 + (uint32_t)8U; + uint64_t *t01 = t0; + uint64_t *t11 = t0 + (uint32_t)4U; + uint64_t *t2 = t0 + (uint32_t)8U; + uint64_t *t3 = t0 + (uint32_t)12U; + uint64_t *t4 = t0 + (uint32_t)16U; + uint64_t *t5 = t0 + (uint32_t)20U; + uint64_t *x1 = p; + uint64_t *y1 = p + (uint32_t)4U; + uint64_t *z10 = p + (uint32_t)8U; + uint64_t *x20 = q; + uint64_t *y20 = q + (uint32_t)4U; + uint64_t *z20 = q + (uint32_t)8U; + fmul0(t01, x1, x20); + fmul0(t11, y1, y20); + fmul0(t2, z10, z20); + fadd0(t3, x1, y1); + fadd0(t4, x20, y20); + fmul0(t3, t3, t4); + fadd0(t4, t01, t11); + uint64_t *y10 = p + (uint32_t)4U; + uint64_t *z11 = p + (uint32_t)8U; + uint64_t *y2 = q + (uint32_t)4U; + uint64_t *z21 = q + (uint32_t)8U; + fsub0(t3, t3, t4); + fadd0(t4, y10, z11); + fadd0(t5, y2, z21); + fmul0(t4, t4, t5); + fadd0(t5, t11, t2); + fsub0(t4, t4, t5); + uint64_t *x10 = p; + uint64_t *z1 = p + (uint32_t)8U; + uint64_t *x2 = q; + uint64_t *z2 = q + (uint32_t)8U; + fadd0(x3, x10, z1); + fadd0(y3, x2, z2); + fmul0(x3, x3, y3); + fadd0(y3, t01, t2); + fsub0(y3, x3, y3); + fmul_by_b_coeff(z3, t2); + fsub0(x3, y3, z3); + fadd0(z3, x3, x3); + fadd0(x3, x3, z3); + fsub0(z3, t11, x3); + fadd0(x3, t11, x3); + fmul_by_b_coeff(y3, y3); + fadd0(t11, t2, t2); + fadd0(t2, t11, t2); + fsub0(y3, y3, t2); + fsub0(y3, y3, t01); + fadd0(t11, y3, y3); + fadd0(y3, t11, y3); + fadd0(t11, t01, t01); + fadd0(t01, t11, t01); + fsub0(t01, t01, t2); + fmul0(t11, t4, y3); + fmul0(t2, t01, y3); + fmul0(y3, x3, z3); + fadd0(y3, y3, t2); + fmul0(x3, t3, x3); + fsub0(x3, x3, t11); + fmul0(z3, t4, z3); + fmul0(t11, t3, t01); + fadd0(z3, z3, t11); + memcpy(res, t1, (uint32_t)12U * sizeof(uint64_t)); +} + +static inline void +point_mul(uint64_t *res, uint64_t *scalar, uint64_t *p) +{ + uint64_t table[192U] = { 0U }; + uint64_t tmp[12U] = { 0U }; + uint64_t *t0 = table; + uint64_t *t1 = table + (uint32_t)12U; + make_point_at_inf(t0); + memcpy(t1, p, (uint32_t)12U * sizeof(uint64_t)); + KRML_MAYBE_FOR7(i, + (uint32_t)0U, + (uint32_t)7U, + (uint32_t)1U, + uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)12U; + point_double(tmp, t11); + memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U, + tmp, + (uint32_t)12U * sizeof(uint64_t)); + uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U; + point_add(tmp, p, t2); + memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)12U, + tmp, + (uint32_t)12U * sizeof(uint64_t));); + make_point_at_inf(res); + uint64_t tmp0[12U] = { 0U }; + for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)64U; i0++) { + KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, point_double(res, res);); + uint32_t k = (uint32_t)256U - (uint32_t)4U * i0 - (uint32_t)4U; + uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar, k, (uint32_t)4U); + memcpy(tmp0, (uint64_t *)table, (uint32_t)12U * sizeof(uint64_t)); + KRML_MAYBE_FOR15(i1, + (uint32_t)0U, + (uint32_t)15U, + (uint32_t)1U, + uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + (uint32_t)1U)); + const uint64_t *res_j = table + (i1 + (uint32_t)1U) * (uint32_t)12U; + KRML_MAYBE_FOR12(i, + (uint32_t)0U, + (uint32_t)12U, + (uint32_t)1U, + uint64_t *os = tmp0; + uint64_t x = (c & res_j[i]) | (~c & tmp0[i]); + os[i] = x;);); + point_add(res, res, tmp0); + } +} + +static inline void +precomp_get_consttime(const uint64_t *table, uint64_t bits_l, uint64_t *tmp) +{ + memcpy(tmp, (uint64_t *)table, (uint32_t)12U * sizeof(uint64_t)); + KRML_MAYBE_FOR15(i0, + (uint32_t)0U, + (uint32_t)15U, + (uint32_t)1U, + uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i0 + (uint32_t)1U)); + const uint64_t *res_j = table + (i0 + (uint32_t)1U) * (uint32_t)12U; + KRML_MAYBE_FOR12(i, + (uint32_t)0U, + (uint32_t)12U, + (uint32_t)1U, + uint64_t *os = tmp; + uint64_t x = (c & res_j[i]) | (~c & tmp[i]); + os[i] = x;);); +} + +static inline void +point_mul_g(uint64_t *res, uint64_t *scalar) +{ + uint64_t q1[12U] = { 0U }; + make_base_point(q1); + uint64_t + q2[12U] = { + (uint64_t)1499621593102562565U, (uint64_t)16692369783039433128U, + (uint64_t)15337520135922861848U, (uint64_t)5455737214495366228U, + (uint64_t)17827017231032529600U, (uint64_t)12413621606240782649U, + (uint64_t)2290483008028286132U, (uint64_t)15752017553340844820U, + (uint64_t)4846430910634234874U, (uint64_t)10861682798464583253U, + (uint64_t)15404737222404363049U, (uint64_t)363586619281562022U + }; + uint64_t + q3[12U] = { + (uint64_t)14619254753077084366U, (uint64_t)13913835116514008593U, + (uint64_t)15060744674088488145U, (uint64_t)17668414598203068685U, + (uint64_t)10761169236902342334U, (uint64_t)15467027479157446221U, + (uint64_t)14989185522423469618U, (uint64_t)14354539272510107003U, + (uint64_t)14298211796392133693U, (uint64_t)13270323784253711450U, + (uint64_t)13380964971965046957U, (uint64_t)8686204248456909699U + }; + uint64_t + q4[12U] = { + (uint64_t)7870395003430845958U, (uint64_t)18001862936410067720U, + (uint64_t)8006461232116967215U, (uint64_t)5921313779532424762U, + (uint64_t)10702113371959864307U, (uint64_t)8070517410642379879U, + (uint64_t)7139806720777708306U, (uint64_t)8253938546650739833U, + (uint64_t)17490482834545705718U, (uint64_t)1065249776797037500U, + (uint64_t)5018258455937968775U, (uint64_t)14100621120178668337U + }; + uint64_t *r1 = scalar; + uint64_t *r2 = scalar + (uint32_t)1U; + uint64_t *r3 = scalar + (uint32_t)2U; + uint64_t *r4 = scalar + (uint32_t)3U; + make_point_at_inf(res); + uint64_t tmp[12U] = { 0U }; + KRML_MAYBE_FOR16(i, + (uint32_t)0U, + (uint32_t)16U, + (uint32_t)1U, + KRML_MAYBE_FOR4(i0, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, point_double(res, res);); + uint32_t k = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U; + uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r4, k, (uint32_t)4U); + precomp_get_consttime(Hacl_P256_PrecompTable_precomp_g_pow2_192_table_w4, bits_l, tmp); + point_add(res, res, tmp); + uint32_t k0 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U; + uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r3, k0, (uint32_t)4U); + precomp_get_consttime(Hacl_P256_PrecompTable_precomp_g_pow2_128_table_w4, bits_l0, tmp); + point_add(res, res, tmp); + uint32_t k1 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U; + uint64_t bits_l1 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r2, k1, (uint32_t)4U); + precomp_get_consttime(Hacl_P256_PrecompTable_precomp_g_pow2_64_table_w4, bits_l1, tmp); + point_add(res, res, tmp); + uint32_t k2 = (uint32_t)64U - (uint32_t)4U * i - (uint32_t)4U; + uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U); + precomp_get_consttime(Hacl_P256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp); + point_add(res, res, tmp);); + KRML_HOST_IGNORE(q1); + KRML_HOST_IGNORE(q2); + KRML_HOST_IGNORE(q3); + KRML_HOST_IGNORE(q4); +} + +static inline void +point_mul_double_g(uint64_t *res, uint64_t *scalar1, uint64_t *scalar2, uint64_t *q2) +{ + uint64_t q1[12U] = { 0U }; + make_base_point(q1); + uint64_t table2[384U] = { 0U }; + uint64_t tmp[12U] = { 0U }; + uint64_t *t0 = table2; + uint64_t *t1 = table2 + (uint32_t)12U; + make_point_at_inf(t0); + memcpy(t1, q2, (uint32_t)12U * sizeof(uint64_t)); + KRML_MAYBE_FOR15(i, + (uint32_t)0U, + (uint32_t)15U, + (uint32_t)1U, + uint64_t *t11 = table2 + (i + (uint32_t)1U) * (uint32_t)12U; + point_double(tmp, t11); + memcpy(table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U, + tmp, + (uint32_t)12U * sizeof(uint64_t)); + uint64_t *t2 = table2 + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)12U; + point_add(tmp, q2, t2); + memcpy(table2 + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)12U, + tmp, + (uint32_t)12U * sizeof(uint64_t));); + uint64_t tmp0[12U] = { 0U }; + uint32_t i0 = (uint32_t)255U; + uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, i0, (uint32_t)5U); + uint32_t bits_l32 = (uint32_t)bits_c; + const uint64_t + *a_bits_l = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l32 * (uint32_t)12U; + memcpy(res, (uint64_t *)a_bits_l, (uint32_t)12U * sizeof(uint64_t)); + uint32_t i1 = (uint32_t)255U; + uint64_t bits_c0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, i1, (uint32_t)5U); + uint32_t bits_l320 = (uint32_t)bits_c0; + const uint64_t *a_bits_l0 = table2 + bits_l320 * (uint32_t)12U; + memcpy(tmp0, (uint64_t *)a_bits_l0, (uint32_t)12U * sizeof(uint64_t)); + point_add(res, res, tmp0); + uint64_t tmp1[12U] = { 0U }; + for (uint32_t i = (uint32_t)0U; i < (uint32_t)51U; i++) { + KRML_MAYBE_FOR5(i2, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, point_double(res, res);); + uint32_t k = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U; + uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar2, k, (uint32_t)5U); + uint32_t bits_l321 = (uint32_t)bits_l; + const uint64_t *a_bits_l1 = table2 + bits_l321 * (uint32_t)12U; + memcpy(tmp1, (uint64_t *)a_bits_l1, (uint32_t)12U * sizeof(uint64_t)); + point_add(res, res, tmp1); + uint32_t k0 = (uint32_t)255U - (uint32_t)5U * i - (uint32_t)5U; + uint64_t bits_l0 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)4U, scalar1, k0, (uint32_t)5U); + uint32_t bits_l322 = (uint32_t)bits_l0; + const uint64_t + *a_bits_l2 = Hacl_P256_PrecompTable_precomp_basepoint_table_w5 + bits_l322 * (uint32_t)12U; + memcpy(tmp1, (uint64_t *)a_bits_l2, (uint32_t)12U * sizeof(uint64_t)); + point_add(res, res, tmp1); + } +} + +static inline uint64_t +bn_is_lt_order_mask4(uint64_t *f) +{ + uint64_t tmp[4U] = { 0U }; + make_order(tmp); + uint64_t c = bn_sub4(tmp, f, tmp); + return (uint64_t)0U - c; +} + +static inline uint64_t +bn_is_lt_order_and_gt_zero_mask4(uint64_t *f) +{ + uint64_t is_lt_order = bn_is_lt_order_mask4(f); + uint64_t is_eq_zero = bn_is_zero_mask4(f); + return is_lt_order & ~is_eq_zero; +} + +static inline void +qmod_short(uint64_t *res, uint64_t *x) +{ + uint64_t tmp[4U] = { 0U }; + make_order(tmp); + uint64_t c = bn_sub4(tmp, x, tmp); + bn_cmovznz4(res, c, tmp, x); +} + +static inline void +qadd(uint64_t *res, uint64_t *x, uint64_t *y) +{ + uint64_t n[4U] = { 0U }; + make_order(n); + bn_add_mod4(res, n, x, y); +} + +static inline void +qmont_reduction(uint64_t *res, uint64_t *x) +{ + uint64_t n[4U] = { 0U }; + make_order(n); + uint64_t c0 = (uint64_t)0U; + KRML_MAYBE_FOR4( + i0, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t qj = (uint64_t)0xccd1c8aaee00bc4fU * x[i0]; + uint64_t *res_j0 = x + i0; + uint64_t c = (uint64_t)0U; + { + uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, res_i0); + uint64_t a_i0 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, res_i1); + uint64_t a_i1 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, res_i2); + uint64_t a_i2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, res_i); + } uint64_t r = c; + uint64_t c1 = r; + uint64_t *resb = x + (uint32_t)4U + i0; + uint64_t res_j = x[(uint32_t)4U + i0]; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, resb);); + memcpy(res, x + (uint32_t)4U, (uint32_t)4U * sizeof(uint64_t)); + uint64_t c00 = c0; + uint64_t tmp[4U] = { 0U }; + uint64_t c = (uint64_t)0U; + { + uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); + uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); + uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); + uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); + } + uint64_t c1 = c; + uint64_t c2 = c00 - c1; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = res; + uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]); + os[i] = x1;); +} + +static inline void +from_qmont(uint64_t *res, uint64_t *x) +{ + uint64_t tmp[8U] = { 0U }; + memcpy(tmp, x, (uint32_t)4U * sizeof(uint64_t)); + qmont_reduction(res, tmp); +} + +static inline void +qmul(uint64_t *res, uint64_t *x, uint64_t *y) +{ + uint64_t tmp[8U] = { 0U }; + bn_mul4(tmp, x, y); + qmont_reduction(res, tmp); +} + +static inline void +qsqr(uint64_t *res, uint64_t *x) +{ + uint64_t tmp[8U] = { 0U }; + bn_sqr4(tmp, x); + qmont_reduction(res, tmp); +} + +bool +Hacl_Impl_P256_DH_ecp256dh_i(uint8_t *public_key, uint8_t *private_key) +{ + uint64_t tmp[16U] = { 0U }; + uint64_t *sk = tmp; + uint64_t *pk = tmp + (uint32_t)4U; + bn_from_bytes_be4(sk, private_key); + uint64_t is_b_valid = bn_is_lt_order_and_gt_zero_mask4(sk); + uint64_t oneq[4U] = { 0U }; + oneq[0U] = (uint64_t)1U; + oneq[1U] = (uint64_t)0U; + oneq[2U] = (uint64_t)0U; + oneq[3U] = (uint64_t)0U; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = sk; + uint64_t uu____0 = oneq[i]; + uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0)); + os[i] = x;); + uint64_t is_sk_valid = is_b_valid; + point_mul_g(pk, sk); + point_store(public_key, pk); + return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU; +} + +bool +Hacl_Impl_P256_DH_ecp256dh_r( + uint8_t *shared_secret, + uint8_t *their_pubkey, + uint8_t *private_key) +{ + uint64_t tmp[16U] = { 0U }; + uint64_t *sk = tmp; + uint64_t *pk = tmp + (uint32_t)4U; + bool is_pk_valid = load_point_vartime(pk, their_pubkey); + bn_from_bytes_be4(sk, private_key); + uint64_t is_b_valid = bn_is_lt_order_and_gt_zero_mask4(sk); + uint64_t oneq[4U] = { 0U }; + oneq[0U] = (uint64_t)1U; + oneq[1U] = (uint64_t)0U; + oneq[2U] = (uint64_t)0U; + oneq[3U] = (uint64_t)0U; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = sk; + uint64_t uu____0 = oneq[i]; + uint64_t x = uu____0 ^ (is_b_valid & (sk[i] ^ uu____0)); + os[i] = x;); + uint64_t is_sk_valid = is_b_valid; + uint64_t ss_proj[12U] = { 0U }; + if (is_pk_valid) { + point_mul(ss_proj, sk, pk); + point_store(shared_secret, ss_proj); + } + return is_sk_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU && is_pk_valid; +} + +static inline void +qinv(uint64_t *res, uint64_t *r) +{ + uint64_t tmp[28U] = { 0U }; + uint64_t *x6 = tmp; + uint64_t *x_11 = tmp + (uint32_t)4U; + uint64_t *x_101 = tmp + (uint32_t)8U; + uint64_t *x_111 = tmp + (uint32_t)12U; + uint64_t *x_1111 = tmp + (uint32_t)16U; + uint64_t *x_10101 = tmp + (uint32_t)20U; + uint64_t *x_101111 = tmp + (uint32_t)24U; + memcpy(x6, r, (uint32_t)4U * sizeof(uint64_t)); + { + qsqr(x6, x6); + } + qmul(x_11, x6, r); + qmul(x_101, x6, x_11); + qmul(x_111, x6, x_101); + memcpy(x6, x_101, (uint32_t)4U * sizeof(uint64_t)); + { + qsqr(x6, x6); + } + qmul(x_1111, x_101, x6); + { + qsqr(x6, x6); + } + qmul(x_10101, x6, r); + memcpy(x6, x_10101, (uint32_t)4U * sizeof(uint64_t)); + { + qsqr(x6, x6); + } + qmul(x_101111, x_101, x6); + qmul(x6, x_10101, x6); + uint64_t tmp1[4U] = { 0U }; + KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, qsqr(x6, x6);); + qmul(x6, x6, x_11); + memcpy(tmp1, x6, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR8(i, (uint32_t)0U, (uint32_t)8U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x6); + memcpy(x6, tmp1, (uint32_t)4U * sizeof(uint64_t)); + KRML_MAYBE_FOR16(i, (uint32_t)0U, (uint32_t)16U, (uint32_t)1U, qsqr(x6, x6);); + qmul(x6, x6, tmp1); + memcpy(tmp1, x6, (uint32_t)4U * sizeof(uint64_t)); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++) { + qsqr(tmp1, tmp1); + } + qmul(tmp1, tmp1, x6); + for (uint32_t i = (uint32_t)0U; i < (uint32_t)32U; i++) { + qsqr(tmp1, tmp1); + } + qmul(tmp1, tmp1, x6); + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_101111); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_111); + KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_11); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_1111); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_10101); + KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_101); + KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_101); + KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_101); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_111); + KRML_MAYBE_FOR9(i, (uint32_t)0U, (uint32_t)9U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_101111); + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_1111); + KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, r); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, r); + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_1111); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_111); + KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_111); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_111); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_101); + KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_11); + KRML_MAYBE_FOR10(i, (uint32_t)0U, (uint32_t)10U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_101111); + KRML_MAYBE_FOR2(i, (uint32_t)0U, (uint32_t)2U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_11); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_11); + KRML_MAYBE_FOR5(i, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_11); + KRML_MAYBE_FOR3(i, (uint32_t)0U, (uint32_t)3U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, r); + KRML_MAYBE_FOR7(i, (uint32_t)0U, (uint32_t)7U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_10101); + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, qsqr(tmp1, tmp1);); + qmul(tmp1, tmp1, x_1111); + memcpy(x6, tmp1, (uint32_t)4U * sizeof(uint64_t)); + memcpy(res, x6, (uint32_t)4U * sizeof(uint64_t)); +} + +static inline void +qmul_mont(uint64_t *sinv, uint64_t *b, uint64_t *res) +{ + uint64_t tmp[4U] = { 0U }; + from_qmont(tmp, b); + qmul(res, sinv, tmp); +} + +static inline bool +ecdsa_verify_msg_as_qelem( + uint64_t *m_q, + uint8_t *public_key, + uint8_t *signature_r, + uint8_t *signature_s) +{ + uint64_t tmp[28U] = { 0U }; + uint64_t *pk = tmp; + uint64_t *r_q = tmp + (uint32_t)12U; + uint64_t *s_q = tmp + (uint32_t)16U; + uint64_t *u1 = tmp + (uint32_t)20U; + uint64_t *u2 = tmp + (uint32_t)24U; + bool is_pk_valid = load_point_vartime(pk, public_key); + bn_from_bytes_be4(r_q, signature_r); + bn_from_bytes_be4(s_q, signature_s); + uint64_t is_r_valid = bn_is_lt_order_and_gt_zero_mask4(r_q); + uint64_t is_s_valid = bn_is_lt_order_and_gt_zero_mask4(s_q); + bool + is_rs_valid = + is_r_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU && is_s_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU; + if (!(is_pk_valid && is_rs_valid)) { + return false; + } + uint64_t sinv[4U] = { 0U }; + qinv(sinv, s_q); + qmul_mont(sinv, m_q, u1); + qmul_mont(sinv, r_q, u2); + uint64_t res[12U] = { 0U }; + point_mul_double_g(res, u1, u2, pk); + if (is_point_at_inf_vartime(res)) { + return false; + } + uint64_t x[4U] = { 0U }; + to_aff_point_x(x, res); + qmod_short(x, x); + bool res1 = bn_is_eq_vartime4(x, r_q); + return res1; +} + +static inline bool +ecdsa_sign_msg_as_qelem( + uint8_t *signature, + uint64_t *m_q, + uint8_t *private_key, + uint8_t *nonce) +{ + uint64_t rsdk_q[16U] = { 0U }; + uint64_t *r_q = rsdk_q; + uint64_t *s_q = rsdk_q + (uint32_t)4U; + uint64_t *d_a = rsdk_q + (uint32_t)8U; + uint64_t *k_q = rsdk_q + (uint32_t)12U; + bn_from_bytes_be4(d_a, private_key); + uint64_t is_b_valid0 = bn_is_lt_order_and_gt_zero_mask4(d_a); + uint64_t oneq0[4U] = { 0U }; + oneq0[0U] = (uint64_t)1U; + oneq0[1U] = (uint64_t)0U; + oneq0[2U] = (uint64_t)0U; + oneq0[3U] = (uint64_t)0U; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = d_a; + uint64_t uu____0 = oneq0[i]; + uint64_t x = uu____0 ^ (is_b_valid0 & (d_a[i] ^ uu____0)); + os[i] = x;); + uint64_t is_sk_valid = is_b_valid0; + bn_from_bytes_be4(k_q, nonce); + uint64_t is_b_valid = bn_is_lt_order_and_gt_zero_mask4(k_q); + uint64_t oneq[4U] = { 0U }; + oneq[0U] = (uint64_t)1U; + oneq[1U] = (uint64_t)0U; + oneq[2U] = (uint64_t)0U; + oneq[3U] = (uint64_t)0U; + KRML_MAYBE_FOR4(i, + (uint32_t)0U, + (uint32_t)4U, + (uint32_t)1U, + uint64_t *os = k_q; + uint64_t uu____1 = oneq[i]; + uint64_t x = uu____1 ^ (is_b_valid & (k_q[i] ^ uu____1)); + os[i] = x;); + uint64_t is_nonce_valid = is_b_valid; + uint64_t are_sk_nonce_valid = is_sk_valid & is_nonce_valid; + uint64_t p[12U] = { 0U }; + point_mul_g(p, k_q); + to_aff_point_x(r_q, p); + qmod_short(r_q, r_q); + uint64_t kinv[4U] = { 0U }; + qinv(kinv, k_q); + qmul(s_q, r_q, d_a); + from_qmont(m_q, m_q); + qadd(s_q, m_q, s_q); + qmul(s_q, kinv, s_q); + bn2_to_bytes_be4(signature, r_q, s_q); + uint64_t is_r_zero = bn_is_zero_mask4(r_q); + uint64_t is_s_zero = bn_is_zero_mask4(s_q); + uint64_t m = are_sk_nonce_valid & (~is_r_zero & ~is_s_zero); + bool res = m == (uint64_t)0xFFFFFFFFFFFFFFFFU; + return res; +} + +/******************************************************************************* + + Verified C library for ECDSA and ECDH functions over the P-256 NIST curve. + + This module implements signing and verification, key validation, conversions + between various point representations, and ECDH key agreement. + +*******************************************************************************/ + +/*****************/ +/* ECDSA signing */ +/*****************/ + +/** +Create an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-sign combined functions above. + + The argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`). + + NOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs + smaller than 32 bytes. These libraries left-pad the input with enough zeroes to + reach the minimum 32 byte size. Clients who need behavior identical to OpenSSL + need to perform the left-padding themselves. + + The function returns `true` for successful creation of an ECDSA signature and `false` otherwise. + + The outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `private_key` and `nonce` are valid values: + • 0 < `private_key` < the order of the curve + • 0 < `nonce` < the order of the curve +*/ +bool +Hacl_P256_ecdsa_sign_p256_without_hash( + uint8_t *signature, + uint32_t msg_len, + uint8_t *msg, + uint8_t *private_key, + uint8_t *nonce) +{ + uint64_t m_q[4U] = { 0U }; + uint8_t mHash[32U] = { 0U }; + memcpy(mHash, msg, (uint32_t)32U * sizeof(uint8_t)); + KRML_HOST_IGNORE(msg_len); + uint8_t *mHash32 = mHash; + bn_from_bytes_be4(m_q, mHash32); + qmod_short(m_q, m_q); + bool res = ecdsa_sign_msg_as_qelem(signature, m_q, private_key, nonce); + return res; +} + +/**********************/ +/* ECDSA verification */ +/**********************/ + +/** +Verify an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-verify combined functions above. + + The argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`). + + The function returns `true` if the signature is valid and `false` otherwise. + + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `public_key` is valid +*/ +bool +Hacl_P256_ecdsa_verif_without_hash( + uint32_t msg_len, + uint8_t *msg, + uint8_t *public_key, + uint8_t *signature_r, + uint8_t *signature_s) +{ + uint64_t m_q[4U] = { 0U }; + uint8_t mHash[32U] = { 0U }; + memcpy(mHash, msg, (uint32_t)32U * sizeof(uint8_t)); + KRML_HOST_IGNORE(msg_len); + uint8_t *mHash32 = mHash; + bn_from_bytes_be4(m_q, mHash32); + qmod_short(m_q, m_q); + bool res = ecdsa_verify_msg_as_qelem(m_q, public_key, signature_r, signature_s); + return res; +} + +/******************/ +/* Key validation */ +/******************/ + +/** +Public key validation. + + The function returns `true` if a public key is valid and `false` otherwise. + + The argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The public key (x || y) is valid (with respect to SP 800-56A): + • the public key is not the “point at infinity”, represented as O. + • the affine x and y coordinates of the point represented by the public key are + in the range [0, p – 1] where p is the prime defining the finite field. + • y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation. + The last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/ +*/ +bool +Hacl_P256_validate_public_key(uint8_t *public_key) +{ + uint64_t point_jac[12U] = { 0U }; + bool res = load_point_vartime(point_jac, public_key); + return res; +} + +/** +Private key validation. + + The function returns `true` if a private key is valid and `false` otherwise. + + The argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]. + + The private key is valid: + • 0 < `private_key` < the order of the curve +*/ +bool +Hacl_P256_validate_private_key(uint8_t *private_key) +{ + uint64_t bn_sk[4U] = { 0U }; + bn_from_bytes_be4(bn_sk, private_key); + uint64_t res = bn_is_lt_order_and_gt_zero_mask4(bn_sk); + return res == (uint64_t)0xFFFFFFFFFFFFFFFFU; +} + +/******************************************************************************* + Parsing and Serializing public keys. + + A public key is a point (x, y) on the P-256 NIST curve. + + The point can be represented in the following three ways. + • raw = [ x || y ], 64 bytes + • uncompressed = [ 0x04 || x || y ], 65 bytes + • compressed = [ (0x02 for even `y` and 0x03 for odd `y`) || x ], 33 bytes + +*******************************************************************************/ + +/** +Convert a public key from uncompressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +bool +Hacl_P256_uncompressed_to_raw(uint8_t *pk, uint8_t *pk_raw) +{ + uint8_t pk0 = pk[0U]; + if (pk0 != (uint8_t)0x04U) { + return false; + } + memcpy(pk_raw, pk + (uint32_t)1U, (uint32_t)64U * sizeof(uint8_t)); + return true; +} + +/** +Convert a public key from compressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + + The function also checks whether (x, y) is a valid point. +*/ +bool +Hacl_P256_compressed_to_raw(uint8_t *pk, uint8_t *pk_raw) +{ + uint64_t xa[4U] = { 0U }; + uint64_t ya[4U] = { 0U }; + uint8_t *pk_xb = pk + (uint32_t)1U; + bool b = aff_point_decompress_vartime(xa, ya, pk); + if (b) { + memcpy(pk_raw, pk_xb, (uint32_t)32U * sizeof(uint8_t)); + bn_to_bytes_be4(pk_raw + (uint32_t)32U, ya); + } + return b; +} + +/** +Convert a public key from raw to its uncompressed form. + + The outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65]. + The argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +void +Hacl_P256_raw_to_uncompressed(uint8_t *pk_raw, uint8_t *pk) +{ + pk[0U] = (uint8_t)0x04U; + memcpy(pk + (uint32_t)1U, pk_raw, (uint32_t)64U * sizeof(uint8_t)); +} + +/** +Convert a public key from raw to its compressed form. + + The outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + The argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +void +Hacl_P256_raw_to_compressed(uint8_t *pk_raw, uint8_t *pk) +{ + uint8_t *pk_x = pk_raw; + uint8_t *pk_y = pk_raw + (uint32_t)32U; + uint64_t bn_f[4U] = { 0U }; + bn_from_bytes_be4(bn_f, pk_y); + uint64_t is_odd_f = bn_f[0U] & (uint64_t)1U; + pk[0U] = (uint8_t)is_odd_f + (uint8_t)0x02U; + memcpy(pk + (uint32_t)1U, pk_x, (uint32_t)32U * sizeof(uint8_t)); +} + +/******************/ +/* ECDH agreement */ +/******************/ + +/** +Compute the public key from the private key. + + The function returns `true` if a private key is valid and `false` otherwise. + + The outparam `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]. + + The private key is valid: + • 0 < `private_key` < the order of the curve. +*/ +bool +Hacl_P256_dh_initiator(uint8_t *public_key, uint8_t *private_key) +{ + return Hacl_Impl_P256_DH_ecp256dh_i(public_key, private_key); +} + +/** +Execute the diffie-hellmann key exchange. + + The function returns `true` for successful creation of an ECDH shared secret and + `false` otherwise. + + The outparam `shared_secret` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `their_pubkey` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `private_key` and `their_pubkey` are valid. +*/ +bool +Hacl_P256_dh_responder(uint8_t *shared_secret, uint8_t *their_pubkey, uint8_t *private_key) +{ + return Hacl_Impl_P256_DH_ecp256dh_r(shared_secret, their_pubkey, private_key); +} From a9a0412ce0beeec3d6b2e3b4f630d9acdd74b3e0 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 26 Nov 2023 13:44:30 +0100 Subject: [PATCH 13/53] add hacl p256 ecdsa --- crypto/ecdsa.c | 84 ++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 71 insertions(+), 13 deletions(-) diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index 79b6c6f1efff3..e411d24ed80a0 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -187,12 +187,30 @@ static int ecdsa_verify(struct akcipher_request *req) } if (strncmp(ctx->curve->name, "nist_256", 8) == 0) { - if (Hacl_P256_ecdsa_verif_without_hash(req->dst_len, rawhash, - (u8*)ctx->x, - (u8*)sig_ctx.r, (u8*)sig_ctx.s)) { + u8 pk[64]; + u8 r[32]; + u8 s[32]; + // printk(KERN_INFO " >>> HACL P256"); + // printk(KERN_INFO " >>> x: "); + // for(int i = 0; i < ECC_MAX_DIGITS; ++i) { + // pr_cont(KERN_INFO "%02llx ", ctx->x[i]); + // } + // printk(KERN_INFO "\n"); + ecc_swap_digits(ctx->x, (u64*)pk, 4); + ecc_swap_digits(ctx->y, (u64*)(pk + 32), 4); + // printk(KERN_INFO " >>> pk (bytes): "); + // for(int i = 0; i < 64; ++i) { + // pr_cont(KERN_INFO "%02x ", pk[i]); + // } + // printk(KERN_INFO "\n"); + ecc_swap_digits(sig_ctx.r, (u64*)r, ctx->curve->g.ndigits); + ecc_swap_digits(sig_ctx.s, (u64*)s, ctx->curve->g.ndigits); + if (Hacl_P256_ecdsa_verif_without_hash(req->dst_len, rawhash, pk, r, s)) { ret = 0; + // printk(KERN_INFO " >>> HACL P256 - DONE OK\n"); } else { - ret = -1; + ret = -EKEYREJECTED; + // printk(KERN_INFO " >>> HACL P256 - DONE ERROR\n"); } } else { ecc_swap_digits((u64 *)rawhash, hash, ctx->curve->g.ndigits); @@ -305,6 +323,21 @@ static int rfc6979_gen_k(struct ecc_ctx *ctx, struct crypto_rng *rng, u64 *k) return 0; } +static int rfc6979_gen_k_hacl(struct ecc_ctx *ctx, struct crypto_rng *rng, u8 *k) +{ + unsigned int ndigits = ctx->curve->g.ndigits; + int ret; + + do { + ret = crypto_rng_get_bytes(rng, k, ndigits << ECC_DIGITS_TO_BYTES_SHIFT); + if (ret) + return ret; + + } while (!Hacl_P256_validate_private_key(k)); + + return 0; +} + /* scratch buffer should be at least ECC_MAX_BYTES */ static int asn1_encode_signature_sg(struct akcipher_request *req, struct ecdsa_signature_ctx *sig_ctx, @@ -418,22 +451,47 @@ static int ecdsa_sign(struct akcipher_request *req) rawhash_k, req->src_len); } - ecc_swap_digits((u64 *)rawhash_k, hash, ctx->curve->g.ndigits); - rng = rfc6979_alloc_rng(ctx, req->src_len, rawhash_k); if (IS_ERR(rng)) return PTR_ERR(rng); - do { - ret = rfc6979_gen_k(ctx, rng, (u64 *)rawhash_k); - if (ret) + if (strncmp(ctx->curve->name, "nist_256", 8) == 0) { + u8 private_key[32]; + u8 signature[64]; + u8 nonce[32]; + ecc_swap_digits(ctx->d, (u64*)private_key, 2); + ret = rfc6979_gen_k_hacl(ctx, rng, nonce); + if (ret) { goto alloc_rng; + } + /* The signing function also checks that the scalars are valid. */ + /* XXX: Is the value blinded already or should this be done here? */ + do { + if (Hacl_P256_ecdsa_sign_p256_without_hash(signature, req->dst_len, + rawhash_k, private_key, nonce)) { + ret = 0; + } else { + ret = -EAGAIN; + } + } while (ret == -EAGAIN); + /* Encode the signature. Note that this could be more efficient when + done directly and not first converting it to u64s. */ + ecc_swap_digits(signature, sig_ctx.r, 2); + ecc_swap_digits(signature + 32, sig_ctx.s, 2); + ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); + } else { + ecc_swap_digits((u64 *)rawhash_k, hash, ctx->curve->g.ndigits); + do { + ret = rfc6979_gen_k(ctx, rng, (u64 *)rawhash_k); + if (ret) + goto alloc_rng; - ret = _ecdsa_sign(ctx, hash, (u64 *)rawhash_k, &sig_ctx); - } while (ret == -EAGAIN); - memzero_explicit(rawhash_k, sizeof(rawhash_k)); + ret = _ecdsa_sign(ctx, hash, (u64 *)rawhash_k, &sig_ctx); + } while (ret == -EAGAIN); + memzero_explicit(rawhash_k, sizeof(rawhash_k)); - ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); + ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); + } alloc_rng: crypto_free_rng(rng); From edfbb8e099200dd90a56773a985d63d944d37049 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 26 Nov 2023 13:44:52 +0100 Subject: [PATCH 14/53] drop debug prints --- crypto/ecdsa.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index e411d24ed80a0..f22c95a09d2e0 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -190,27 +190,14 @@ static int ecdsa_verify(struct akcipher_request *req) u8 pk[64]; u8 r[32]; u8 s[32]; - // printk(KERN_INFO " >>> HACL P256"); - // printk(KERN_INFO " >>> x: "); - // for(int i = 0; i < ECC_MAX_DIGITS; ++i) { - // pr_cont(KERN_INFO "%02llx ", ctx->x[i]); - // } - // printk(KERN_INFO "\n"); ecc_swap_digits(ctx->x, (u64*)pk, 4); ecc_swap_digits(ctx->y, (u64*)(pk + 32), 4); - // printk(KERN_INFO " >>> pk (bytes): "); - // for(int i = 0; i < 64; ++i) { - // pr_cont(KERN_INFO "%02x ", pk[i]); - // } - // printk(KERN_INFO "\n"); ecc_swap_digits(sig_ctx.r, (u64*)r, ctx->curve->g.ndigits); ecc_swap_digits(sig_ctx.s, (u64*)s, ctx->curve->g.ndigits); if (Hacl_P256_ecdsa_verif_without_hash(req->dst_len, rawhash, pk, r, s)) { ret = 0; - // printk(KERN_INFO " >>> HACL P256 - DONE OK\n"); } else { ret = -EKEYREJECTED; - // printk(KERN_INFO " >>> HACL P256 - DONE ERROR\n"); } } else { ecc_swap_digits((u64 *)rawhash, hash, ctx->curve->g.ndigits); From e4969f0e2fc76719754f60c2cd64743a72feaad2 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 28 Nov 2023 11:00:18 +0100 Subject: [PATCH 15/53] raw rsa first draft --- crypto/Makefile | 9 +- crypto/hacl_bignum.h | 441 ++++++++++++++++++++++++++++++++++++ crypto/hacl_rsa.h | 91 ++++++++ crypto/rsa-hacl-generated.c | 395 ++++++++++++++++++++++++++++++++ crypto/rsa-hacl.c | 248 ++++++++++++++++++++ 5 files changed, 1183 insertions(+), 1 deletion(-) create mode 100644 crypto/hacl_bignum.h create mode 100644 crypto/hacl_rsa.h create mode 100644 crypto/rsa-hacl-generated.c create mode 100644 crypto/rsa-hacl.c diff --git a/crypto/Makefile b/crypto/Makefile index 306f5e2c9a6a7..d5f138f34e46d 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -38,11 +38,18 @@ $(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h $(obj)/rsaprivkey.asn1.h rsa_generic-y := rsapubkey.asn1.o rsa_generic-y += rsaprivkey.asn1.o -rsa_generic-y += rsa.o rsa_generic-y += rsa_helper.o +rsa_generic-y += rsa.o rsa_generic-y += rsa-pkcs1pad.o obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o +rsa_hacl-y := rsapubkey.asn1.o +rsa_hacl-y += rsaprivkey.asn1.o +rsa_hacl-y += rsa-hacl-generated.o +rsa_hacl-y += rsa_helper.o +rsa_hacl-y += rsa-hacl.o +obj-$(CONFIG_CRYPTO_RSA_HACL) += rsa_hacl.o + $(obj)/sm2signature.asn1.o: $(obj)/sm2signature.asn1.c $(obj)/sm2signature.asn1.h $(obj)/sm2.o: $(obj)/sm2signature.asn1.h diff --git a/crypto/hacl_bignum.h b/crypto/hacl_bignum.h new file mode 100644 index 0000000000000..056eca048dbd9 --- /dev/null +++ b/crypto/hacl_bignum.h @@ -0,0 +1,441 @@ +/* + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * Copyright (c) 2023 Cryspen + */ + +#ifndef CRYPTO_HACL_BIGNUM_H_ +#define CRYPTO_HACL_BIGNUM_H_ + +#include "hacl_lib.h" + +static inline uint32_t +Hacl_Bignum_Base_mul_wide_add2_u32(uint32_t a, uint32_t b, uint32_t c_in, uint32_t *out) +{ + uint32_t out0 = out[0U]; + uint64_t res = (uint64_t)a * (uint64_t)b + (uint64_t)c_in + (uint64_t)out0; + out[0U] = (uint32_t)res; + return (uint32_t)(res >> (uint32_t)32U); +} + +static inline uint64_t +Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64_t *out) +{ + uint64_t out0 = out[0U]; + FStar_UInt128_uint128 + res = + FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(a, b), + FStar_UInt128_uint64_to_uint128(c_in)), + FStar_UInt128_uint64_to_uint128(out0)); + out[0U] = FStar_UInt128_uint128_to_uint64(res); + return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)); +} + +static inline void +Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t *res) +{ + uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; + uint32_t tmpLen = (uint32_t)8U * bnLen; + KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen); + uint8_t tmp[tmpLen]; + memset(tmp, 0U, tmpLen * sizeof (uint8_t)); + memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t)); + for (uint32_t i = (uint32_t)0U; i < bnLen; i++) + { + uint64_t *os = res; + uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U); + uint64_t x = u; + os[i] = x; + } +} + +static inline void +Hacl_Bignum_Convert_bn_to_bytes_be_uint64(uint32_t len, uint64_t *b, uint8_t *res) +{ + uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; + uint32_t tmpLen = (uint32_t)8U * bnLen; + KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen); + uint8_t tmp[tmpLen]; + memset(tmp, 0U, tmpLen * sizeof (uint8_t)); + for (uint32_t i = (uint32_t)0U; i < bnLen; i++) + { + store64_be(tmp + i * (uint32_t)8U, b[bnLen - i - (uint32_t)1U]); + } + memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t)); +} + +static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32_t *b) +{ + uint32_t priv = (uint32_t)0U; + for (uint32_t i = (uint32_t)0U; i < len; i++) + { + uint32_t mask = FStar_UInt32_eq_mask(b[i], (uint32_t)0U); + priv = (mask & priv) | (~mask & i); + } + return priv; +} + +static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64_t *b) +{ + uint64_t priv = (uint64_t)0U; + for (uint32_t i = (uint32_t)0U; i < len; i++) + { + uint64_t mask = FStar_UInt64_eq_mask(b[i], (uint64_t)0U); + priv = (mask & priv) | (~mask & (uint64_t)i); + } + return priv; +} + +static inline uint32_t +Hacl_Bignum_Lib_bn_get_bits_u32(uint32_t len, uint32_t *b, uint32_t i, uint32_t l) +{ + uint32_t i1 = i / (uint32_t)32U; + uint32_t j = i % (uint32_t)32U; + uint32_t p1 = b[i1] >> j; + uint32_t ite; + if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) + { + ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)32U - j); + } + else + { + ite = p1; + } + return ite & (((uint32_t)1U << l) - (uint32_t)1U); +} + +static inline uint64_t +Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t l) +{ + uint32_t i1 = i / (uint32_t)64U; + uint32_t j = i % (uint32_t)64U; + uint64_t p1 = b[i1] >> j; + uint64_t ite; + if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) + { + ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)64U - j); + } + else + { + ite = p1; + } + return ite & (((uint64_t)1U << l) - (uint64_t)1U); +} + +static inline uint32_t +Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res) +{ + uint32_t c = (uint32_t)0U; + for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + { + uint32_t t1 = a[(uint32_t)4U * i]; + uint32_t t20 = b[(uint32_t)4U * i]; + uint32_t *res_i0 = res + (uint32_t)4U * i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0); + uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; + uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; + uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1); + uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; + uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; + uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2); + uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; + uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; + uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i); + } + for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + { + uint32_t t1 = a[i]; + uint32_t t2 = b[i]; + uint32_t *res_i = res + i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t2, res_i); + } + return c; +} + +static inline uint64_t +Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) +{ + uint64_t c = (uint64_t)0U; + for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + { + uint64_t t1 = a[(uint32_t)4U * i]; + uint64_t t20 = b[(uint32_t)4U * i]; + uint64_t *res_i0 = res + (uint32_t)4U * i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); + uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); + uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); + uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); + } + for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + { + uint64_t t1 = a[i]; + uint64_t t2 = b[i]; + uint64_t *res_i = res + i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t2, res_i); + } + return c; +} + +static inline uint32_t +Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res) +{ + uint32_t c = (uint32_t)0U; + for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + { + uint32_t t1 = a[(uint32_t)4U * i]; + uint32_t t20 = b[(uint32_t)4U * i]; + uint32_t *res_i0 = res + (uint32_t)4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0); + uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; + uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; + uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1); + uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; + uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; + uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2); + uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; + uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; + uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i); + } + for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + { + uint32_t t1 = a[i]; + uint32_t t2 = b[i]; + uint32_t *res_i = res + i; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t2, res_i); + } + return c; +} + +static inline uint64_t +Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) +{ + uint64_t c = (uint64_t)0U; + for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + { + uint64_t t1 = a[(uint32_t)4U * i]; + uint64_t t20 = b[(uint32_t)4U * i]; + uint64_t *res_i0 = res + (uint32_t)4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0); + uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1); + uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2); + uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i); + } + for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + { + uint64_t t1 = a[i]; + uint64_t t2 = b[i]; + uint64_t *res_i = res + i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i); + } + return c; +} + +static inline void +Hacl_Bignum_Multiplication_bn_mul_u32( + uint32_t aLen, + uint32_t *a, + uint32_t bLen, + uint32_t *b, + uint32_t *res +) +{ + memset(res, 0U, (aLen + bLen) * sizeof (uint32_t)); + for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) + { + uint32_t bj = b[i0]; + uint32_t *res_j = res + i0; + uint32_t c = (uint32_t)0U; + for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + { + uint32_t a_i = a[(uint32_t)4U * i]; + uint32_t *res_i0 = res_j + (uint32_t)4U * i; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i0); + uint32_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U]; + uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c, res_i1); + uint32_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U]; + uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c, res_i2); + uint32_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U]; + uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c, res_i); + } + for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + { + uint32_t a_i = a[i]; + uint32_t *res_i = res_j + i; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i); + } + uint32_t r = c; + res[aLen + i0] = r; + } +} + +static inline void +Hacl_Bignum_Multiplication_bn_mul_u64( + uint32_t aLen, + uint64_t *a, + uint32_t bLen, + uint64_t *b, + uint64_t *res +) +{ + memset(res, 0U, (aLen + bLen) * sizeof (uint64_t)); + for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) + { + uint64_t bj = b[i0]; + uint64_t *res_j = res + i0; + uint64_t c = (uint64_t)0U; + for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + { + uint64_t a_i = a[(uint32_t)4U * i]; + uint64_t *res_i0 = res_j + (uint32_t)4U * i; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0); + uint64_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1); + uint64_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2); + uint64_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i); + } + for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + { + uint64_t a_i = a[i]; + uint64_t *res_i = res_j + i; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i); + } + uint64_t r = c; + res[aLen + i0] = r; + } +} + +static inline void +Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res) +{ + memset(res, 0U, (aLen + aLen) * sizeof (uint32_t)); + for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) + { + uint32_t *ab = a; + uint32_t a_j = a[i0]; + uint32_t *res_j = res + i0; + uint32_t c = (uint32_t)0U; + for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) + { + uint32_t a_i = ab[(uint32_t)4U * i]; + uint32_t *res_i0 = res_j + (uint32_t)4U * i; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i0); + uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; + uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c, res_i1); + uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; + uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c, res_i2); + uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; + uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c, res_i); + } + for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) + { + uint32_t a_i = ab[i]; + uint32_t *res_i = res_j + i; + c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i); + } + uint32_t r = c; + res[i0 + i0] = r; + } + uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res); + KRML_HOST_IGNORE(c0); + KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen); + uint32_t tmp[aLen + aLen]; + memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t)); + for (uint32_t i = (uint32_t)0U; i < aLen; i++) + { + uint64_t res1 = (uint64_t)a[i] * (uint64_t)a[i]; + uint32_t hi = (uint32_t)(res1 >> (uint32_t)32U); + uint32_t lo = (uint32_t)res1; + tmp[(uint32_t)2U * i] = lo; + tmp[(uint32_t)2U * i + (uint32_t)1U] = hi; + } + uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res); + KRML_HOST_IGNORE(c1); +} + +static inline void +Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res) +{ + memset(res, 0U, (aLen + aLen) * sizeof (uint64_t)); + for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) + { + uint64_t *ab = a; + uint64_t a_j = a[i0]; + uint64_t *res_j = res + i0; + uint64_t c = (uint64_t)0U; + for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) + { + uint64_t a_i = ab[(uint32_t)4U * i]; + uint64_t *res_i0 = res_j + (uint32_t)4U * i; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0); + uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1); + uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2); + uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i); + } + for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) + { + uint64_t a_i = ab[i]; + uint64_t *res_i = res_j + i; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i); + } + uint64_t r = c; + res[i0 + i0] = r; + } + uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res); + KRML_HOST_IGNORE(c0); + KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen); + uint64_t tmp[aLen + aLen]; + memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t)); + for (uint32_t i = (uint32_t)0U; i < aLen; i++) + { + FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]); + uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U)); + uint64_t lo = FStar_UInt128_uint128_to_uint64(res1); + tmp[(uint32_t)2U * i] = lo; + tmp[(uint32_t)2U * i + (uint32_t)1U] = hi; + } + uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res); + KRML_HOST_IGNORE(c1); +} + +#endif diff --git a/crypto/hacl_rsa.h b/crypto/hacl_rsa.h new file mode 100644 index 0000000000000..bbdcf01477d5c --- /dev/null +++ b/crypto/hacl_rsa.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * Copyright (c) 2023 Cryspen + */ + +#ifndef CRYPTO_HACL_RSA_H_ +#define CRYPTO_HACL_RSA_H_ + +#include "hacl_lib.h" +#include "hacl_bignum.h" + +/** +Decrypt a message `cipher` and write the plaintext to `plain`. + +@param modBits Count of bits in the modulus (`n`). +@param eBits Count of bits in `e` value. +@param dBits Count of bits in `d` value. +@param skey Pointer to secret key created by `Hacl_RSA_new_rsa_load_skey`. +@param cipher Pointer to `ceil(modBits - 1 / 8)` bytes where the ciphertext is read from. +@param plain Pointer to `ceil(modBits / 8)` bytes where the plaintext is written to. + +@return Returns true if and only if decryption was successful. +*/ +bool +Hacl_RSA_rsa_dec( + uint32_t modBits, + uint32_t eBits, + uint32_t dBits, + uint64_t *skey, + uint8_t *cipher, + uint8_t *plain +); + +/** +Encrypt a message `plain` and write the ciphertext to `cipher`. + +@param modBits Count of bits in the modulus (`n`). +@param eBits Count of bits in `e` value. +@param dBits Count of bits in `d` value. +@param skey Pointer to secret key created by `Hacl_RSA_new_rsa_load_skey`. +@param plain Pointer to `ceil(modBits / 8)` bytes where the plaintext is written to. +@param cipher Pointer to `ceil(modBits - 1 / 8)` bytes where the ciphertext is read from. + +@return Returns true if and only if decryption was successful. +*/ +bool +Hacl_RSA_rsa_enc( + uint32_t modBits, + uint32_t eBits, + uint64_t *pkey, + uint8_t *plain, + uint8_t *cipher +); + +/** +Load a public key from key parts. + +@param modBits Count of bits in modulus (`n`). +@param eBits Count of bits in `e` value. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. + +@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. +*/ +uint64_t +*Hacl_RSA_new_rsa_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb); + +l/** +Load a secret key from key parts. + +@param modBits Count of bits in modulus (`n`). +@param eBits Count of bits in `e` value. +@param dBits Count of bits in `d` value. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. + +@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. +*/ +uint64_t +*Hacl_RSA_new_rsa_load_skey( + uint32_t modBits, + uint32_t eBits, + uint32_t dBits, + uint8_t *nb, + uint8_t *eb, + uint8_t *db +); + +#endif diff --git a/crypto/rsa-hacl-generated.c b/crypto/rsa-hacl-generated.c new file mode 100644 index 0000000000000..285df0f74cf09 --- /dev/null +++ b/crypto/rsa-hacl-generated.c @@ -0,0 +1,395 @@ +/* GPLv2 or MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + */ + +#include "hacl_rsa.h" + +static inline uint64_t check_num_bits_u64(uint32_t bs, uint64_t *b) +{ + uint32_t bLen = (bs - 1U) / 64U + 1U; + if (bs == 64U * bLen) + { + return 0xFFFFFFFFFFFFFFFFULL; + } + KRML_CHECK_SIZE(sizeof (uint64_t), bLen); + uint64_t b2[bLen]; + memset(b2, 0U, bLen * sizeof (uint64_t)); + uint32_t i0 = bs / 64U; + uint32_t j = bs % 64U; + b2[i0] = b2[i0] | 1ULL << j; + uint64_t acc = 0ULL; + for (uint32_t i = 0U; i < bLen; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t res = acc; + return res; +} + +uint64_t Hacl_Impl_RSA_Keys_check_modulus_u64(uint32_t modBits, uint64_t *n) +{ + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint64_t bits0 = n[0U] & 1ULL; + uint64_t m0 = 0ULL - bits0; + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t b2[nLen]; + memset(b2, 0U, nLen * sizeof (uint64_t)); + uint32_t i0 = (modBits - 1U) / 64U; + uint32_t j = (modBits - 1U) % 64U; + b2[i0] = b2[i0] | 1ULL << j; + uint64_t acc = 0ULL; + for (uint32_t i = 0U; i < nLen; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(b2[i], n[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(b2[i], n[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t res = acc; + uint64_t m1 = res; + uint64_t m2 = check_num_bits_u64(modBits, n); + return m0 & (m1 & m2); +} + +uint64_t Hacl_Impl_RSA_Keys_check_exponent_u64(uint32_t eBits, uint64_t *e) +{ + uint32_t eLen = (eBits - 1U) / 64U + 1U; + KRML_CHECK_SIZE(sizeof (uint64_t), eLen); + uint64_t bn_zero[eLen]; + memset(bn_zero, 0U, eLen * sizeof (uint64_t)); + uint64_t mask = 0xFFFFFFFFFFFFFFFFULL; + for (uint32_t i = 0U; i < eLen; i++) + { + uint64_t uu____0 = FStar_UInt64_eq_mask(e[i], bn_zero[i]); + mask = uu____0 & mask; + } + uint64_t mask1 = mask; + uint64_t res = mask1; + uint64_t m0 = res; + uint64_t m1 = check_num_bits_u64(eBits, e); + return ~m0 & m1; +} + +/** +Decrypt a message `cipher` and write the plaintext to `plain`. + +@param modBits Count of bits in the modulus (`n`). +@param eBits Count of bits in `e` value. +@param dBits Count of bits in `d` value. +@param skey Pointer to secret key created by `Hacl_RSA_new_rsa_load_skey`. +@param cipher Pointer to `ceil(modBits - 1 / 8)` bytes where the ciphertext is read from. +@param plain Pointer to `ceil(modBits / 8)` bytes where the plaintext is written to. + +@return Returns true if and only if decryption was successful. +*/ +bool +Hacl_RSA_rsa_dec( + uint32_t modBits, + uint32_t eBits, + uint32_t dBits, + uint64_t *skey, + uint8_t *cipher, + uint8_t *plain +) +{ + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t emBits = modBits - 1U; + uint32_t emLen = (emBits - 1U) / 8U + 1U; + uint32_t k = (modBits - 1U) / 8U + 1U; + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t m[nLen]; + memset(m, 0U, nLen * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t s[nLen]; + memset(s, 0U, nLen * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t m_[nLen]; + memset(m_, 0U, nLen * sizeof (uint64_t)); + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(emLen, cipher, m); + uint32_t nLen1 = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + uint64_t *n = skey; + uint64_t *r2 = skey + nLen1; + uint64_t *e = skey + nLen1 + nLen1; + uint64_t *d = skey + nLen1 + nLen1 + eLen; + uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((modBits - 1U) / 64U + 1U, + n, + mu, + r2, + m, + dBits, + d, + s); + uint64_t mu0 = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U, + n, + mu0, + r2, + s, + eBits, + e, + m_); + uint64_t mask = 0xFFFFFFFFFFFFFFFFULL; + for (uint32_t i = 0U; i < nLen1; i++) + { + uint64_t uu____0 = FStar_UInt64_eq_mask(m[i], m_[i]); + mask = uu____0 & mask; + } + uint64_t mask1 = mask; + uint64_t eq_m = mask1; + for (uint32_t i = 0U; i < nLen1; i++) + { + uint64_t *os = s; + uint64_t x = s[i]; + uint64_t x0 = eq_m & x; + os[i] = x0; + } + bool eq_b = eq_m == 0xFFFFFFFFFFFFFFFFULL; + Hacl_Bignum_Convert_bn_to_bytes_be_uint64(k, s, plain); + return eq_b; +} + +/** +Encrypt a message `plain` and write the ciphertext to `cipher`. + +@param modBits Count of bits in the modulus (`n`). +@param eBits Count of bits in `e` value. +@param dBits Count of bits in `d` value. +@param skey Pointer to secret key created by `Hacl_RSA_new_rsa_load_skey`. +@param plain Pointer to `ceil(modBits / 8)` bytes where the plaintext is written to. +@param cipher Pointer to `ceil(modBits - 1 / 8)` bytes where the ciphertext is read from. + +@return Returns true if and only if decryption was successful. +*/ +bool +Hacl_RSA_rsa_enc( + uint32_t modBits, + uint32_t eBits, + uint64_t *pkey, + uint8_t *plain, + uint8_t *cipher +) +{ + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t k = (modBits - 1U) / 8U + 1U; + uint32_t emBits = modBits - 1U; + uint32_t emLen = (emBits - 1U) / 8U + 1U; + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t s[nLen]; + memset(s, 0U, nLen * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), (modBits - 1U) / 64U + 1U); + uint64_t m[(modBits - 1U) / 64U + 1U]; + memset(m, 0U, ((modBits - 1U) / 64U + 1U) * sizeof (uint64_t)); + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(k, plain, s); + uint32_t nLen1 = (modBits - 1U) / 64U + 1U; + uint64_t *n = pkey; + uint64_t *r2 = pkey + nLen1; + uint64_t *e = pkey + nLen1 + nLen1; + uint64_t acc = 0ULL; + for (uint32_t i = 0U; i < nLen1; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(s[i], n[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(s[i], n[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t mask = acc; + bool res; + if (mask == 0xFFFFFFFFFFFFFFFFULL) + { + uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U, + n, + mu, + r2, + s, + eBits, + e, + m); + bool ite; + if (!((modBits - 1U) % 8U == 0U)) + { + ite = true; + } + else + { + uint32_t i = (modBits - 1U) / 64U; + uint32_t j = (modBits - 1U) % 64U; + uint64_t tmp = m[i]; + uint64_t get_bit = tmp >> j & 1ULL; + ite = get_bit == 0ULL; + } + if (ite) + { + res = true; + } + else + { + res = false; + } + } + else + { + res = false; + } + bool b = res; + uint64_t *m1 = m; + Hacl_Bignum_Convert_bn_to_bytes_be_uint64(emLen, m1, cipher); + return b; +} + +/** +Load a public key from key parts. + +@param modBits Count of bits in modulus (`n`). +@param eBits Count of bits in `e` value. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. + +@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. +*/ +uint64_t +*Hacl_RSA_new_rsa_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb) +{ + bool ite; + if (1U < modBits && 0U < eBits) + { + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + ite = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen; + } + else + { + ite = false; + } + if (!ite) + { + return NULL; + } + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + uint32_t pkeyLen = nLen + nLen + eLen; + KRML_CHECK_SIZE(sizeof (uint64_t), pkeyLen); + uint64_t *pkey = (uint64_t *)KRML_HOST_CALLOC(pkeyLen, sizeof (uint64_t)); + if (pkey == NULL) + { + return pkey; + } + uint64_t *pkey1 = pkey; + uint64_t *pkey2 = pkey1; + uint32_t nbLen = (modBits - 1U) / 8U + 1U; + uint32_t ebLen = (eBits - 1U) / 8U + 1U; + uint32_t nLen1 = (modBits - 1U) / 64U + 1U; + uint64_t *n = pkey2; + uint64_t *r2 = pkey2 + nLen1; + uint64_t *e = pkey2 + nLen1 + nLen1; + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen, nb, n); + Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2); + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen, eb, e); + uint64_t m0 = Hacl_Impl_RSA_Keys_check_modulus_u64(modBits, n); + uint64_t m1 = Hacl_Impl_RSA_Keys_check_exponent_u64(eBits, e); + uint64_t m = m0 & m1; + bool b = m == 0xFFFFFFFFFFFFFFFFULL; + if (b) + { + return pkey2; + } + KRML_HOST_FREE(pkey2); + return NULL; +} + +/** +Load a secret key from key parts. + +@param modBits Count of bits in modulus (`n`). +@param eBits Count of bits in `e` value. +@param dBits Count of bits in `d` value. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. + +@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. +*/ +uint64_t +*Hacl_RSA_new_rsa_load_skey( + uint32_t modBits, + uint32_t eBits, + uint32_t dBits, + uint8_t *nb, + uint8_t *eb, + uint8_t *db +) +{ + bool ite0; + if (1U < modBits && 0U < eBits) + { + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + ite0 = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen; + } + else + { + ite0 = false; + } + bool ite; + if (ite0 && 0U < dBits) + { + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + uint32_t dLen = (dBits - 1U) / 64U + 1U; + ite = dLen <= 67108863U && 2U * nLen <= 0xffffffffU - eLen - dLen; + } + else + { + ite = false; + } + if (!ite) + { + return NULL; + } + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + uint32_t dLen = (dBits - 1U) / 64U + 1U; + uint32_t skeyLen = nLen + nLen + eLen + dLen; + KRML_CHECK_SIZE(sizeof (uint64_t), skeyLen); + uint64_t *skey = (uint64_t *)KRML_HOST_CALLOC(skeyLen, sizeof (uint64_t)); + if (skey == NULL) + { + return skey; + } + uint64_t *skey1 = skey; + uint64_t *skey2 = skey1; + uint32_t dbLen = (dBits - 1U) / 8U + 1U; + uint32_t nLen1 = (modBits - 1U) / 64U + 1U; + uint32_t eLen1 = (eBits - 1U) / 64U + 1U; + uint32_t pkeyLen = nLen1 + nLen1 + eLen1; + uint64_t *pkey = skey2; + uint64_t *d = skey2 + pkeyLen; + uint32_t nbLen1 = (modBits - 1U) / 8U + 1U; + uint32_t ebLen1 = (eBits - 1U) / 8U + 1U; + uint32_t nLen2 = (modBits - 1U) / 64U + 1U; + uint64_t *n = pkey; + uint64_t *r2 = pkey + nLen2; + uint64_t *e = pkey + nLen2 + nLen2; + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen1, nb, n); + Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2); + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen1, eb, e); + uint64_t m0 = Hacl_Impl_RSA_Keys_check_modulus_u64(modBits, n); + uint64_t m10 = Hacl_Impl_RSA_Keys_check_exponent_u64(eBits, e); + uint64_t m = m0 & m10; + bool b = m == 0xFFFFFFFFFFFFFFFFULL; + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(dbLen, db, d); + uint64_t m1 = Hacl_Impl_RSA_Keys_check_exponent_u64(dBits, d); + bool b0 = b && m1 == 0xFFFFFFFFFFFFFFFFULL; + if (b0) + { + return skey2; + } + KRML_HOST_FREE(skey2); + return NULL; +} + diff --git a/crypto/rsa-hacl.c b/crypto/rsa-hacl.c new file mode 100644 index 0000000000000..f52f45e54fd2d --- /dev/null +++ b/crypto/rsa-hacl.c @@ -0,0 +1,248 @@ +/* + * GPLv2 or MIT License + * + * Copyright (c) 2023 Cryspen + * + */ + +#include "hacl_rsa.h" + +#include +#include +#include +#include +#include +#include +#include + +/** +RSA Key data structure +**/ + +struct hacl_rsa_key { + uint32_t modBits; + uint32_t eBits; + uint32_t dBits; + uint8_t *nb; + uint8_t *eb; + uint8_t *db; +} + +static inline struct hacl_rsa_key *rsa_get_key(struct crypto_akcipher *tfm) +{ + return akcipher_tfm_ctx(tfm); +} + +static int rsa_enc(struct akcipher_request *req) +{ + struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); + const struct hacl_rsa_key *pkey = rsa_get_key(tfm); + int ret = 0; + + if (unlikely(!pkey->nb || !pkey->eb)) { + ret = -EINVAL; + goto done; + } + unsigned int plain_len = (pkey->modBits - 1)/8 + 1; + unsigned int cipher_len = (pkey->modBits - 2)/8 + 1; + + if (req->src_len != plain_len || req->dst_len != cipher_len) { + ret = -EINVAL; + goto done; + } + + uint64_t *pk = HACL_RSA_new_rsa_load_pkey(pkey->modBits,pkey->eBits,pkey->nb,pkey->eb); + + if (!pk) { + ret = -EINVAL; + goto done; + } + + ret = HACL_RSA_rsa_enc(pkey->modBits,pkey->eBits,pk, req->src, req->dst); + + if (!ret) + ret = -EBADMSG; + + free(pk); + + done: return ret; +} + +static int rsa_dec(struct akcipher_request *req) +{ + struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); + const struct hacl_rsa_key *skey = rsa_get_key(tfm); + int ret = 0; + + if (unlikely(!skey->nb || !skey->db)) { + ret = -EINVAL; + goto done; + } + unsigned int plain_len = (skey->modBits - 1)/8 + 1; + unsigned int cipher_len = (skey->modBits - 2)/8 + 1; + + if (req->src_len != cipher_len || req->dst_len != plain_len) { + ret = -EINVAL; + goto done; + } + + uint64_t *sk = HACL_RSA_new_rsa_load_skey(skey->modBits,skey->eBits,skey->dBits,skey->nb,skey->eb,skey->db); + + if (!sk) { + ret = -EINVAL; + goto done; + } + + ret = HACL_RSA_rsa_dec(skey->modBits,skey->eBits,skey->dBits,sk,req->src,req->dst); + + if (!ret) + ret = -EBADMSG; + + free(sk); + + done: return ret; +} + +static void rsa_free_key(struct hacl_rsa_key *key) +{ + free(key->db); + free(key->eb); + free(key->nb); + key->db = NULL; + key->eb = NULL; + key->nb = NULL; +} + +static int rsa_check_key_length(unsigned int len) +{ + switch (len) { + case 512: + case 1024: + case 1536: + if (fips_enabled) + return -EINVAL; + fallthrough; + case 2048: + case 3072: + case 4096: + return 0; + } + + return -EINVAL; +} + + +static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, + unsigned int keylen) +{ + struct hacl_rsa_key *pkey = rsa_get_key(tfm); + struct rsa_key raw_key = {0}; + + int ret = 0; + + /* Free the old MPI key if any */ + rsa_free_key(pkey); + + ret = rsa_parse_pub_key(&raw_key, key, keylen); + if (ret) + return ret; + + pkey->modBits = raw_key.n_sz * 8; + pkey->eBits = raw_key.e_sz * 8; + pkey->nb = raw_key.n; + pkey->eb = raw_key.e; + + if (!pkey->nb || !pkey->eb) + goto err; + + return ret; + +err: + rsa_free_key(pkey); + return -ENOMEM; +} + +static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, + unsigned int keylen) +{ + struct hacl_rsa_key *skey = rsa_get_key(tfm); + struct rsa_key raw_key = {0}; + + int ret = 0; + + /* Free the old MPI key if any */ + rsa_free_key(skey); + + ret = rsa_parse_priv_key(&raw_key, key, keylen); + if (ret) + return ret; + + skey->modBits = raw_key.n_sz * 8; + skey->eBits = raw_key.e_sz * 8; + skey->dBits = raw_key.d_sz * 8; + skey->nb = raw_key.n; + skey->eb = raw_key.e; + skey->db = raw_key.d; + + if (!skey->nb || !skey->eb || !skey->db) + goto err; + + return ret; + +err: + rsa_free_key(skey); + return -ENOMEM; +} + +static unsigned int rsa_max_size(struct crypto_akcipher *tfm) +{ + struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); + + return mpi_get_size(pkey->modBits); +} + +static void rsa_exit_tfm(struct crypto_akcipher *tfm) +{ + struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); + + rsa_free_key(pkey); +} + +static struct akcipher_alg hacl_rsa = { + .encrypt = rsa_enc, + .decrypt = rsa_dec, + .set_priv_key = rsa_set_priv_key, + .set_pub_key = rsa_set_pub_key, + .max_size = rsa_max_size, + .exit = rsa_exit_tfm, + .base = { + .cra_name = "rsa", + .cra_driver_name = "rsa-hacl", + .cra_priority = 100, + .cra_module = THIS_MODULE, + .cra_ctxsize = sizeof(struct hacl_rsa_key), + }, +}; + +static int __init hacl_rsa_init(void) +{ + int err; + + err = crypto_register_akcipher(&rsa); + if (err) + return err; + + return 0; +} + +static void __exit hacl_rsa_exit(void) +{ + crypto_unregister_akcipher(&rsa); +} + +subsys_initcall(hacl_rsa_init); +module_exit(hacl_rsa_exit); +MODULE_ALIAS_CRYPTO("rsa"); +MODULE_ALIAS_CRYPTO("rsa-hacl"); +MODULE_LICENSE("GPLv2 or MIT"); +MODULE_DESCRIPTION("Formally Verified RSA algorithm from HACL*"); From c7a5b042078df8fbc049770ad6e0d048dacf0b8d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 29 Nov 2023 11:53:19 +0100 Subject: [PATCH 16/53] msvc --- crypto/hacl-rsa-msvc.c | 416 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 416 insertions(+) create mode 100644 crypto/hacl-rsa-msvc.c diff --git a/crypto/hacl-rsa-msvc.c b/crypto/hacl-rsa-msvc.c new file mode 100644 index 0000000000000..2d5d427f28194 --- /dev/null +++ b/crypto/hacl-rsa-msvc.c @@ -0,0 +1,416 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#include "internal/Hacl_RSA.h" + +#include "internal/Hacl_Bignum_Base.h" +#include "internal/Hacl_Bignum.h" + +static inline uint64_t check_num_bits_u64(uint32_t bs, uint64_t *b) +{ + uint32_t bLen = (bs - 1U) / 64U + 1U; + if (bs == 64U * bLen) + { + return 0xFFFFFFFFFFFFFFFFULL; + } + KRML_CHECK_SIZE(sizeof (uint64_t), bLen); + uint64_t *b2 = (uint64_t *)alloca(bLen * sizeof (uint64_t)); + memset(b2, 0U, bLen * sizeof (uint64_t)); + uint32_t i0 = bs / 64U; + uint32_t j = bs % 64U; + b2[i0] = b2[i0] | 1ULL << j; + uint64_t acc = 0ULL; + for (uint32_t i = 0U; i < bLen; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t res = acc; + return res; +} + +uint64_t Hacl_Impl_RSA_Keys_check_modulus_u64(uint32_t modBits, uint64_t *n) +{ + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint64_t bits0 = n[0U] & 1ULL; + uint64_t m0 = 0ULL - bits0; + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t *b2 = (uint64_t *)alloca(nLen * sizeof (uint64_t)); + memset(b2, 0U, nLen * sizeof (uint64_t)); + uint32_t i0 = (modBits - 1U) / 64U; + uint32_t j = (modBits - 1U) % 64U; + b2[i0] = b2[i0] | 1ULL << j; + uint64_t acc = 0ULL; + for (uint32_t i = 0U; i < nLen; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(b2[i], n[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(b2[i], n[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t res = acc; + uint64_t m1 = res; + uint64_t m2 = check_num_bits_u64(modBits, n); + return m0 & (m1 & m2); +} + +uint64_t Hacl_Impl_RSA_Keys_check_exponent_u64(uint32_t eBits, uint64_t *e) +{ + uint32_t eLen = (eBits - 1U) / 64U + 1U; + KRML_CHECK_SIZE(sizeof (uint64_t), eLen); + uint64_t *bn_zero = (uint64_t *)alloca(eLen * sizeof (uint64_t)); + memset(bn_zero, 0U, eLen * sizeof (uint64_t)); + uint64_t mask = 0xFFFFFFFFFFFFFFFFULL; + for (uint32_t i = 0U; i < eLen; i++) + { + uint64_t uu____0 = FStar_UInt64_eq_mask(e[i], bn_zero[i]); + mask = uu____0 & mask; + } + uint64_t mask1 = mask; + uint64_t res = mask1; + uint64_t m0 = res; + uint64_t m1 = check_num_bits_u64(eBits, e); + return ~m0 & m1; +} + +/** +Decrypt a message `cipher` and write the plaintext to `plain`. + +@param modBits Count of bits in the modulus (`n`). +@param eBits Count of bits in `e` value. +@param dBits Count of bits in `d` value. +@param skey Pointer to secret key created by `Hacl_RSA_new_rsa_load_skey`. +@param cipher Pointer to `ceil(modBits - 1 / 8)` bytes where the ciphertext is read from. +@param plain Pointer to `ceil(modBits / 8)` bytes where the plaintext is written to. + +@return Returns true if and only if decryption was successful. +*/ +bool +Hacl_RSA_rsa_dec( + uint32_t modBits, + uint32_t eBits, + uint32_t dBits, + uint64_t *skey, + uint8_t *cipher, + uint8_t *plain +) +{ + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t emBits = modBits - 1U; + uint32_t emLen = (emBits - 1U) / 8U + 1U; + uint32_t k = (modBits - 1U) / 8U + 1U; + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t *m = (uint64_t *)alloca(nLen * sizeof (uint64_t)); + memset(m, 0U, nLen * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t *s = (uint64_t *)alloca(nLen * sizeof (uint64_t)); + memset(s, 0U, nLen * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t *m_ = (uint64_t *)alloca(nLen * sizeof (uint64_t)); + memset(m_, 0U, nLen * sizeof (uint64_t)); + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(emLen, cipher, m); + uint32_t nLen1 = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + uint64_t *n = skey; + uint64_t *r2 = skey + nLen1; + uint64_t *e = skey + nLen1 + nLen1; + uint64_t *d = skey + nLen1 + nLen1 + eLen; + uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((modBits - 1U) / 64U + 1U, + n, + mu, + r2, + m, + dBits, + d, + s); + uint64_t mu0 = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U, + n, + mu0, + r2, + s, + eBits, + e, + m_); + uint64_t mask = 0xFFFFFFFFFFFFFFFFULL; + for (uint32_t i = 0U; i < nLen1; i++) + { + uint64_t uu____0 = FStar_UInt64_eq_mask(m[i], m_[i]); + mask = uu____0 & mask; + } + uint64_t mask1 = mask; + uint64_t eq_m = mask1; + for (uint32_t i = 0U; i < nLen1; i++) + { + uint64_t *os = s; + uint64_t x = s[i]; + uint64_t x0 = eq_m & x; + os[i] = x0; + } + bool eq_b = eq_m == 0xFFFFFFFFFFFFFFFFULL; + Hacl_Bignum_Convert_bn_to_bytes_be_uint64(k, s, plain); + return eq_b; +} + +/** +Encrypt a message `plain` and write the ciphertext to `cipher`. + +@param modBits Count of bits in the modulus (`n`). +@param eBits Count of bits in `e` value. +@param dBits Count of bits in `d` value. +@param skey Pointer to secret key created by `Hacl_RSA_new_rsa_load_skey`. +@param plain Pointer to `ceil(modBits / 8)` bytes where the plaintext is written to. +@param cipher Pointer to `ceil(modBits - 1 / 8)` bytes where the ciphertext is read from. + +@return Returns true if and only if decryption was successful. +*/ +bool +Hacl_RSA_rsa_enc( + uint32_t modBits, + uint32_t eBits, + uint64_t *pkey, + uint8_t *plain, + uint8_t *cipher +) +{ + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t k = (modBits - 1U) / 8U + 1U; + uint32_t emBits = modBits - 1U; + uint32_t emLen = (emBits - 1U) / 8U + 1U; + KRML_CHECK_SIZE(sizeof (uint64_t), nLen); + uint64_t *s = (uint64_t *)alloca(nLen * sizeof (uint64_t)); + memset(s, 0U, nLen * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), (modBits - 1U) / 64U + 1U); + uint64_t *m = (uint64_t *)alloca(((modBits - 1U) / 64U + 1U) * sizeof (uint64_t)); + memset(m, 0U, ((modBits - 1U) / 64U + 1U) * sizeof (uint64_t)); + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(k, plain, s); + uint32_t nLen1 = (modBits - 1U) / 64U + 1U; + uint64_t *n = pkey; + uint64_t *r2 = pkey + nLen1; + uint64_t *e = pkey + nLen1 + nLen1; + uint64_t acc = 0ULL; + for (uint32_t i = 0U; i < nLen1; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(s[i], n[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(s[i], n[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t mask = acc; + bool res; + if (mask == 0xFFFFFFFFFFFFFFFFULL) + { + uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U, + n, + mu, + r2, + s, + eBits, + e, + m); + bool ite; + if (!((modBits - 1U) % 8U == 0U)) + { + ite = true; + } + else + { + uint32_t i = (modBits - 1U) / 64U; + uint32_t j = (modBits - 1U) % 64U; + uint64_t tmp = m[i]; + uint64_t get_bit = tmp >> j & 1ULL; + ite = get_bit == 0ULL; + } + if (ite) + { + res = true; + } + else + { + res = false; + } + } + else + { + res = false; + } + bool b = res; + uint64_t *m1 = m; + Hacl_Bignum_Convert_bn_to_bytes_be_uint64(emLen, m1, cipher); + return b; +} + +/** +Load a public key from key parts. + +@param modBits Count of bits in modulus (`n`). +@param eBits Count of bits in `e` value. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. + +@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. +*/ +uint64_t +*Hacl_RSA_new_rsa_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb) +{ + bool ite; + if (1U < modBits && 0U < eBits) + { + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + ite = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen; + } + else + { + ite = false; + } + if (!ite) + { + return NULL; + } + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + uint32_t pkeyLen = nLen + nLen + eLen; + KRML_CHECK_SIZE(sizeof (uint64_t), pkeyLen); + uint64_t *pkey = (uint64_t *)KRML_HOST_CALLOC(pkeyLen, sizeof (uint64_t)); + if (pkey == NULL) + { + return pkey; + } + uint64_t *pkey1 = pkey; + uint64_t *pkey2 = pkey1; + uint32_t nbLen = (modBits - 1U) / 8U + 1U; + uint32_t ebLen = (eBits - 1U) / 8U + 1U; + uint32_t nLen1 = (modBits - 1U) / 64U + 1U; + uint64_t *n = pkey2; + uint64_t *r2 = pkey2 + nLen1; + uint64_t *e = pkey2 + nLen1 + nLen1; + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen, nb, n); + Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2); + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen, eb, e); + uint64_t m0 = Hacl_Impl_RSA_Keys_check_modulus_u64(modBits, n); + uint64_t m1 = Hacl_Impl_RSA_Keys_check_exponent_u64(eBits, e); + uint64_t m = m0 & m1; + bool b = m == 0xFFFFFFFFFFFFFFFFULL; + if (b) + { + return pkey2; + } + KRML_HOST_FREE(pkey2); + return NULL; +} + +/** +Load a secret key from key parts. + +@param modBits Count of bits in modulus (`n`). +@param eBits Count of bits in `e` value. +@param dBits Count of bits in `d` value. +@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. +@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. +@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. + +@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. +*/ +uint64_t +*Hacl_RSA_new_rsa_load_skey( + uint32_t modBits, + uint32_t eBits, + uint32_t dBits, + uint8_t *nb, + uint8_t *eb, + uint8_t *db +) +{ + bool ite0; + if (1U < modBits && 0U < eBits) + { + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + ite0 = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen; + } + else + { + ite0 = false; + } + bool ite; + if (ite0 && 0U < dBits) + { + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + uint32_t dLen = (dBits - 1U) / 64U + 1U; + ite = dLen <= 67108863U && 2U * nLen <= 0xffffffffU - eLen - dLen; + } + else + { + ite = false; + } + if (!ite) + { + return NULL; + } + uint32_t nLen = (modBits - 1U) / 64U + 1U; + uint32_t eLen = (eBits - 1U) / 64U + 1U; + uint32_t dLen = (dBits - 1U) / 64U + 1U; + uint32_t skeyLen = nLen + nLen + eLen + dLen; + KRML_CHECK_SIZE(sizeof (uint64_t), skeyLen); + uint64_t *skey = (uint64_t *)KRML_HOST_CALLOC(skeyLen, sizeof (uint64_t)); + if (skey == NULL) + { + return skey; + } + uint64_t *skey1 = skey; + uint64_t *skey2 = skey1; + uint32_t dbLen = (dBits - 1U) / 8U + 1U; + uint32_t nLen1 = (modBits - 1U) / 64U + 1U; + uint32_t eLen1 = (eBits - 1U) / 64U + 1U; + uint32_t pkeyLen = nLen1 + nLen1 + eLen1; + uint64_t *pkey = skey2; + uint64_t *d = skey2 + pkeyLen; + uint32_t nbLen1 = (modBits - 1U) / 8U + 1U; + uint32_t ebLen1 = (eBits - 1U) / 8U + 1U; + uint32_t nLen2 = (modBits - 1U) / 64U + 1U; + uint64_t *n = pkey; + uint64_t *r2 = pkey + nLen2; + uint64_t *e = pkey + nLen2 + nLen2; + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen1, nb, n); + Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2); + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen1, eb, e); + uint64_t m0 = Hacl_Impl_RSA_Keys_check_modulus_u64(modBits, n); + uint64_t m10 = Hacl_Impl_RSA_Keys_check_exponent_u64(eBits, e); + uint64_t m = m0 & m10; + bool b = m == 0xFFFFFFFFFFFFFFFFULL; + Hacl_Bignum_Convert_bn_from_bytes_be_uint64(dbLen, db, d); + uint64_t m1 = Hacl_Impl_RSA_Keys_check_exponent_u64(dBits, d); + bool b0 = b && m1 == 0xFFFFFFFFFFFFFFFFULL; + if (b0) + { + return skey2; + } + KRML_HOST_FREE(skey2); + return NULL; +} + From 5bbf9c588d394c2111708ee53aab64841d4d4972 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 29 Nov 2023 17:35:10 +0100 Subject: [PATCH 17/53] bignum --- crypto/hacl_bignum.c | 2184 ++++++++++++++++++++++++++++++++++++++++++ crypto/hacl_bignum.h | 616 +++++++++--- 2 files changed, 2650 insertions(+), 150 deletions(-) create mode 100644 crypto/hacl_bignum.c diff --git a/crypto/hacl_bignum.c b/crypto/hacl_bignum.c new file mode 100644 index 0000000000000..b99423f38bb77 --- /dev/null +++ b/crypto/hacl_bignum.c @@ -0,0 +1,2184 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + + +#include "internal/Hacl_Bignum.h" + +#include "internal/Hacl_Krmllib.h" +#include "internal/Hacl_Bignum_Base.h" + +void +Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32( + uint32_t aLen, + uint32_t *a, + uint32_t *b, + uint32_t *tmp, + uint32_t *res +) +{ + if (aLen < 32U || aLen % 2U == 1U) + { + Hacl_Bignum_Multiplication_bn_mul_u32(aLen, a, aLen, b, res); + return; + } + uint32_t len2 = aLen / 2U; + uint32_t *a0 = a; + uint32_t *a1 = a + len2; + uint32_t *b0 = b; + uint32_t *b1 = b + len2; + uint32_t *t0 = tmp; + uint32_t *t1 = tmp + len2; + uint32_t *tmp_ = tmp + aLen; + uint32_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a0, a1, tmp_); + uint32_t c10 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a1, a0, t0); + for (uint32_t i = 0U; i < len2; i++) + { + uint32_t *os = t0; + uint32_t x = ((0U - c0) & t0[i]) | (~(0U - c0) & tmp_[i]); + os[i] = x; + } + KRML_MAYBE_UNUSED_VAR(c10); + uint32_t c00 = c0; + uint32_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b0, b1, tmp_); + uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b1, b0, t1); + for (uint32_t i = 0U; i < len2; i++) + { + uint32_t *os = t1; + uint32_t x = ((0U - c010) & t1[i]) | (~(0U - c010) & tmp_[i]); + os[i] = x; + } + KRML_MAYBE_UNUSED_VAR(c1); + uint32_t c11 = c010; + uint32_t *t23 = tmp + aLen; + uint32_t *tmp1 = tmp + aLen + aLen; + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len2, t0, t1, tmp1, t23); + uint32_t *r01 = res; + uint32_t *r23 = res + aLen; + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len2, a0, b0, tmp1, r01); + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len2, a1, b1, tmp1, r23); + uint32_t *r011 = res; + uint32_t *r231 = res + aLen; + uint32_t *t01 = tmp; + uint32_t *t231 = tmp + aLen; + uint32_t *t45 = tmp + 2U * aLen; + uint32_t *t67 = tmp + 3U * aLen; + uint32_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r011, r231, t01); + uint32_t c_sign = c00 ^ c11; + uint32_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(aLen, t01, t231, t67); + uint32_t c31 = c2 - c3; + uint32_t c4 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, t01, t231, t45); + uint32_t c41 = c2 + c4; + uint32_t mask = 0U - c_sign; + for (uint32_t i = 0U; i < aLen; i++) + { + uint32_t *os = t45; + uint32_t x = (mask & t45[i]) | (~mask & t67[i]); + os[i] = x; + } + uint32_t c5 = (mask & c41) | (~mask & c31); + uint32_t aLen2 = aLen / 2U; + uint32_t *r0 = res + aLen2; + uint32_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r0, t45, r0); + uint32_t c6 = r10; + uint32_t c60 = c6; + uint32_t c7 = c5 + c60; + uint32_t *r = res + aLen + aLen2; + uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32(0U, r[0U], c7, r); + uint32_t r1; + if (1U < aLen + aLen - (aLen + aLen2)) + { + uint32_t *a11 = r + 1U; + uint32_t *res1 = r + 1U; + uint32_t c = c01; + for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++) + { + uint32_t t11 = a11[4U * i]; + uint32_t *res_i0 = res1 + 4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, 0U, res_i0); + uint32_t t110 = a11[4U * i + 1U]; + uint32_t *res_i1 = res1 + 4U * i + 1U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t110, 0U, res_i1); + uint32_t t111 = a11[4U * i + 2U]; + uint32_t *res_i2 = res1 + 4U * i + 2U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t111, 0U, res_i2); + uint32_t t112 = a11[4U * i + 3U]; + uint32_t *res_i = res1 + 4U * i + 3U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t112, 0U, res_i); + } + for + (uint32_t + i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U; + i + < aLen + aLen - (aLen + aLen2) - 1U; + i++) + { + uint32_t t11 = a11[i]; + uint32_t *res_i = res1 + i; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, 0U, res_i); + } + uint32_t c110 = c; + r1 = c110; + } + else + { + r1 = c01; + } + uint32_t c8 = r1; + uint32_t c = c8; + uint32_t c9 = c; + KRML_MAYBE_UNUSED_VAR(c9); +} + +void +Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64( + uint32_t aLen, + uint64_t *a, + uint64_t *b, + uint64_t *tmp, + uint64_t *res +) +{ + if (aLen < 32U || aLen % 2U == 1U) + { + Hacl_Bignum_Multiplication_bn_mul_u64(aLen, a, aLen, b, res); + return; + } + uint32_t len2 = aLen / 2U; + uint64_t *a0 = a; + uint64_t *a1 = a + len2; + uint64_t *b0 = b; + uint64_t *b1 = b + len2; + uint64_t *t0 = tmp; + uint64_t *t1 = tmp + len2; + uint64_t *tmp_ = tmp + aLen; + uint64_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a0, a1, tmp_); + uint64_t c10 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a1, a0, t0); + for (uint32_t i = 0U; i < len2; i++) + { + uint64_t *os = t0; + uint64_t x = ((0ULL - c0) & t0[i]) | (~(0ULL - c0) & tmp_[i]); + os[i] = x; + } + KRML_MAYBE_UNUSED_VAR(c10); + uint64_t c00 = c0; + uint64_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b0, b1, tmp_); + uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b1, b0, t1); + for (uint32_t i = 0U; i < len2; i++) + { + uint64_t *os = t1; + uint64_t x = ((0ULL - c010) & t1[i]) | (~(0ULL - c010) & tmp_[i]); + os[i] = x; + } + KRML_MAYBE_UNUSED_VAR(c1); + uint64_t c11 = c010; + uint64_t *t23 = tmp + aLen; + uint64_t *tmp1 = tmp + aLen + aLen; + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len2, t0, t1, tmp1, t23); + uint64_t *r01 = res; + uint64_t *r23 = res + aLen; + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len2, a0, b0, tmp1, r01); + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len2, a1, b1, tmp1, r23); + uint64_t *r011 = res; + uint64_t *r231 = res + aLen; + uint64_t *t01 = tmp; + uint64_t *t231 = tmp + aLen; + uint64_t *t45 = tmp + 2U * aLen; + uint64_t *t67 = tmp + 3U * aLen; + uint64_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r011, r231, t01); + uint64_t c_sign = c00 ^ c11; + uint64_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(aLen, t01, t231, t67); + uint64_t c31 = c2 - c3; + uint64_t c4 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, t01, t231, t45); + uint64_t c41 = c2 + c4; + uint64_t mask = 0ULL - c_sign; + for (uint32_t i = 0U; i < aLen; i++) + { + uint64_t *os = t45; + uint64_t x = (mask & t45[i]) | (~mask & t67[i]); + os[i] = x; + } + uint64_t c5 = (mask & c41) | (~mask & c31); + uint32_t aLen2 = aLen / 2U; + uint64_t *r0 = res + aLen2; + uint64_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r0, t45, r0); + uint64_t c6 = r10; + uint64_t c60 = c6; + uint64_t c7 = c5 + c60; + uint64_t *r = res + aLen + aLen2; + uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64(0ULL, r[0U], c7, r); + uint64_t r1; + if (1U < aLen + aLen - (aLen + aLen2)) + { + uint64_t *a11 = r + 1U; + uint64_t *res1 = r + 1U; + uint64_t c = c01; + for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++) + { + uint64_t t11 = a11[4U * i]; + uint64_t *res_i0 = res1 + 4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i0); + uint64_t t110 = a11[4U * i + 1U]; + uint64_t *res_i1 = res1 + 4U * i + 1U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t110, 0ULL, res_i1); + uint64_t t111 = a11[4U * i + 2U]; + uint64_t *res_i2 = res1 + 4U * i + 2U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t111, 0ULL, res_i2); + uint64_t t112 = a11[4U * i + 3U]; + uint64_t *res_i = res1 + 4U * i + 3U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t112, 0ULL, res_i); + } + for + (uint32_t + i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U; + i + < aLen + aLen - (aLen + aLen2) - 1U; + i++) + { + uint64_t t11 = a11[i]; + uint64_t *res_i = res1 + i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i); + } + uint64_t c110 = c; + r1 = c110; + } + else + { + r1 = c01; + } + uint64_t c8 = r1; + uint64_t c = c8; + uint64_t c9 = c; + KRML_MAYBE_UNUSED_VAR(c9); +} + +void +Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32( + uint32_t aLen, + uint32_t *a, + uint32_t *tmp, + uint32_t *res +) +{ + if (aLen < 32U || aLen % 2U == 1U) + { + Hacl_Bignum_Multiplication_bn_sqr_u32(aLen, a, res); + return; + } + uint32_t len2 = aLen / 2U; + uint32_t *a0 = a; + uint32_t *a1 = a + len2; + uint32_t *t0 = tmp; + uint32_t *tmp_ = tmp + aLen; + uint32_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a0, a1, tmp_); + uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, a1, a0, t0); + for (uint32_t i = 0U; i < len2; i++) + { + uint32_t *os = t0; + uint32_t x = ((0U - c0) & t0[i]) | (~(0U - c0) & tmp_[i]); + os[i] = x; + } + KRML_MAYBE_UNUSED_VAR(c1); + uint32_t c00 = c0; + KRML_MAYBE_UNUSED_VAR(c00); + uint32_t *t23 = tmp + aLen; + uint32_t *tmp1 = tmp + aLen + aLen; + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len2, t0, tmp1, t23); + uint32_t *r01 = res; + uint32_t *r23 = res + aLen; + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len2, a0, tmp1, r01); + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len2, a1, tmp1, r23); + uint32_t *r011 = res; + uint32_t *r231 = res + aLen; + uint32_t *t01 = tmp; + uint32_t *t231 = tmp + aLen; + uint32_t *t45 = tmp + 2U * aLen; + uint32_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r011, r231, t01); + uint32_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(aLen, t01, t231, t45); + uint32_t c5 = c2 - c3; + uint32_t aLen2 = aLen / 2U; + uint32_t *r0 = res + aLen2; + uint32_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen, r0, t45, r0); + uint32_t c4 = r10; + uint32_t c6 = c4; + uint32_t c7 = c5 + c6; + uint32_t *r = res + aLen + aLen2; + uint32_t c01 = Lib_IntTypes_Intrinsics_add_carry_u32(0U, r[0U], c7, r); + uint32_t r1; + if (1U < aLen + aLen - (aLen + aLen2)) + { + uint32_t *a11 = r + 1U; + uint32_t *res1 = r + 1U; + uint32_t c = c01; + for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++) + { + uint32_t t1 = a11[4U * i]; + uint32_t *res_i0 = res1 + 4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, 0U, res_i0); + uint32_t t10 = a11[4U * i + 1U]; + uint32_t *res_i1 = res1 + 4U * i + 1U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, 0U, res_i1); + uint32_t t11 = a11[4U * i + 2U]; + uint32_t *res_i2 = res1 + 4U * i + 2U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, 0U, res_i2); + uint32_t t12 = a11[4U * i + 3U]; + uint32_t *res_i = res1 + 4U * i + 3U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, 0U, res_i); + } + for + (uint32_t + i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U; + i + < aLen + aLen - (aLen + aLen2) - 1U; + i++) + { + uint32_t t1 = a11[i]; + uint32_t *res_i = res1 + i; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, 0U, res_i); + } + uint32_t c10 = c; + r1 = c10; + } + else + { + r1 = c01; + } + uint32_t c8 = r1; + uint32_t c = c8; + uint32_t c9 = c; + KRML_MAYBE_UNUSED_VAR(c9); +} + +void +Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64( + uint32_t aLen, + uint64_t *a, + uint64_t *tmp, + uint64_t *res +) +{ + if (aLen < 32U || aLen % 2U == 1U) + { + Hacl_Bignum_Multiplication_bn_sqr_u64(aLen, a, res); + return; + } + uint32_t len2 = aLen / 2U; + uint64_t *a0 = a; + uint64_t *a1 = a + len2; + uint64_t *t0 = tmp; + uint64_t *tmp_ = tmp + aLen; + uint64_t c0 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a0, a1, tmp_); + uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, a1, a0, t0); + for (uint32_t i = 0U; i < len2; i++) + { + uint64_t *os = t0; + uint64_t x = ((0ULL - c0) & t0[i]) | (~(0ULL - c0) & tmp_[i]); + os[i] = x; + } + KRML_MAYBE_UNUSED_VAR(c1); + uint64_t c00 = c0; + KRML_MAYBE_UNUSED_VAR(c00); + uint64_t *t23 = tmp + aLen; + uint64_t *tmp1 = tmp + aLen + aLen; + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len2, t0, tmp1, t23); + uint64_t *r01 = res; + uint64_t *r23 = res + aLen; + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len2, a0, tmp1, r01); + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len2, a1, tmp1, r23); + uint64_t *r011 = res; + uint64_t *r231 = res + aLen; + uint64_t *t01 = tmp; + uint64_t *t231 = tmp + aLen; + uint64_t *t45 = tmp + 2U * aLen; + uint64_t c2 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r011, r231, t01); + uint64_t c3 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(aLen, t01, t231, t45); + uint64_t c5 = c2 - c3; + uint32_t aLen2 = aLen / 2U; + uint64_t *r0 = res + aLen2; + uint64_t r10 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen, r0, t45, r0); + uint64_t c4 = r10; + uint64_t c6 = c4; + uint64_t c7 = c5 + c6; + uint64_t *r = res + aLen + aLen2; + uint64_t c01 = Lib_IntTypes_Intrinsics_add_carry_u64(0ULL, r[0U], c7, r); + uint64_t r1; + if (1U < aLen + aLen - (aLen + aLen2)) + { + uint64_t *a11 = r + 1U; + uint64_t *res1 = r + 1U; + uint64_t c = c01; + for (uint32_t i = 0U; i < (aLen + aLen - (aLen + aLen2) - 1U) / 4U; i++) + { + uint64_t t1 = a11[4U * i]; + uint64_t *res_i0 = res1 + 4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i0); + uint64_t t10 = a11[4U * i + 1U]; + uint64_t *res_i1 = res1 + 4U * i + 1U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, 0ULL, res_i1); + uint64_t t11 = a11[4U * i + 2U]; + uint64_t *res_i2 = res1 + 4U * i + 2U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, 0ULL, res_i2); + uint64_t t12 = a11[4U * i + 3U]; + uint64_t *res_i = res1 + 4U * i + 3U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, 0ULL, res_i); + } + for + (uint32_t + i = (aLen + aLen - (aLen + aLen2) - 1U) / 4U * 4U; + i + < aLen + aLen - (aLen + aLen2) - 1U; + i++) + { + uint64_t t1 = a11[i]; + uint64_t *res_i = res1 + i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, 0ULL, res_i); + } + uint64_t c10 = c; + r1 = c10; + } + else + { + r1 = c01; + } + uint64_t c8 = r1; + uint64_t c = c8; + uint64_t c9 = c; + KRML_MAYBE_UNUSED_VAR(c9); +} + +void +Hacl_Bignum_bn_add_mod_n_u32( + uint32_t len1, + uint32_t *n, + uint32_t *a, + uint32_t *b, + uint32_t *res +) +{ + uint32_t c0 = 0U; + for (uint32_t i = 0U; i < len1 / 4U; i++) + { + uint32_t t1 = a[4U * i]; + uint32_t t20 = b[4U * i]; + uint32_t *res_i0 = res + 4U * i; + c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t1, t20, res_i0); + uint32_t t10 = a[4U * i + 1U]; + uint32_t t21 = b[4U * i + 1U]; + uint32_t *res_i1 = res + 4U * i + 1U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t10, t21, res_i1); + uint32_t t11 = a[4U * i + 2U]; + uint32_t t22 = b[4U * i + 2U]; + uint32_t *res_i2 = res + 4U * i + 2U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t11, t22, res_i2); + uint32_t t12 = a[4U * i + 3U]; + uint32_t t2 = b[4U * i + 3U]; + uint32_t *res_i = res + 4U * i + 3U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t12, t2, res_i); + } + for (uint32_t i = len1 / 4U * 4U; i < len1; i++) + { + uint32_t t1 = a[i]; + uint32_t t2 = b[i]; + uint32_t *res_i = res + i; + c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, t1, t2, res_i); + } + uint32_t c00 = c0; + KRML_CHECK_SIZE(sizeof (uint32_t), len1); + uint32_t *tmp = (uint32_t *)alloca(len1 * sizeof (uint32_t)); + memset(tmp, 0U, len1 * sizeof (uint32_t)); + uint32_t c = 0U; + for (uint32_t i = 0U; i < len1 / 4U; i++) + { + uint32_t t1 = res[4U * i]; + uint32_t t20 = n[4U * i]; + uint32_t *res_i0 = tmp + 4U * i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0); + uint32_t t10 = res[4U * i + 1U]; + uint32_t t21 = n[4U * i + 1U]; + uint32_t *res_i1 = tmp + 4U * i + 1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1); + uint32_t t11 = res[4U * i + 2U]; + uint32_t t22 = n[4U * i + 2U]; + uint32_t *res_i2 = tmp + 4U * i + 2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2); + uint32_t t12 = res[4U * i + 3U]; + uint32_t t2 = n[4U * i + 3U]; + uint32_t *res_i = tmp + 4U * i + 3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i); + } + for (uint32_t i = len1 / 4U * 4U; i < len1; i++) + { + uint32_t t1 = res[i]; + uint32_t t2 = n[i]; + uint32_t *res_i = tmp + i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t2, res_i); + } + uint32_t c1 = c; + uint32_t c2 = c00 - c1; + for (uint32_t i = 0U; i < len1; i++) + { + uint32_t *os = res; + uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]); + os[i] = x; + } +} + +void +Hacl_Bignum_bn_add_mod_n_u64( + uint32_t len1, + uint64_t *n, + uint64_t *a, + uint64_t *b, + uint64_t *res +) +{ + uint64_t c0 = 0ULL; + for (uint32_t i = 0U; i < len1 / 4U; i++) + { + uint64_t t1 = a[4U * i]; + uint64_t t20 = b[4U * i]; + uint64_t *res_i0 = res + 4U * i; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t20, res_i0); + uint64_t t10 = a[4U * i + 1U]; + uint64_t t21 = b[4U * i + 1U]; + uint64_t *res_i1 = res + 4U * i + 1U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t10, t21, res_i1); + uint64_t t11 = a[4U * i + 2U]; + uint64_t t22 = b[4U * i + 2U]; + uint64_t *res_i2 = res + 4U * i + 2U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t11, t22, res_i2); + uint64_t t12 = a[4U * i + 3U]; + uint64_t t2 = b[4U * i + 3U]; + uint64_t *res_i = res + 4U * i + 3U; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t12, t2, res_i); + } + for (uint32_t i = len1 / 4U * 4U; i < len1; i++) + { + uint64_t t1 = a[i]; + uint64_t t2 = b[i]; + uint64_t *res_i = res + i; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, t1, t2, res_i); + } + uint64_t c00 = c0; + KRML_CHECK_SIZE(sizeof (uint64_t), len1); + uint64_t *tmp = (uint64_t *)alloca(len1 * sizeof (uint64_t)); + memset(tmp, 0U, len1 * sizeof (uint64_t)); + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < len1 / 4U; i++) + { + uint64_t t1 = res[4U * i]; + uint64_t t20 = n[4U * i]; + uint64_t *res_i0 = tmp + 4U * i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); + uint64_t t10 = res[4U * i + 1U]; + uint64_t t21 = n[4U * i + 1U]; + uint64_t *res_i1 = tmp + 4U * i + 1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); + uint64_t t11 = res[4U * i + 2U]; + uint64_t t22 = n[4U * i + 2U]; + uint64_t *res_i2 = tmp + 4U * i + 2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); + uint64_t t12 = res[4U * i + 3U]; + uint64_t t2 = n[4U * i + 3U]; + uint64_t *res_i = tmp + 4U * i + 3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); + } + for (uint32_t i = len1 / 4U * 4U; i < len1; i++) + { + uint64_t t1 = res[i]; + uint64_t t2 = n[i]; + uint64_t *res_i = tmp + i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t2, res_i); + } + uint64_t c1 = c; + uint64_t c2 = c00 - c1; + for (uint32_t i = 0U; i < len1; i++) + { + uint64_t *os = res; + uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]); + os[i] = x; + } +} + +void +Hacl_Bignum_bn_sub_mod_n_u32( + uint32_t len1, + uint32_t *n, + uint32_t *a, + uint32_t *b, + uint32_t *res +) +{ + uint32_t c0 = 0U; + for (uint32_t i = 0U; i < len1 / 4U; i++) + { + uint32_t t1 = a[4U * i]; + uint32_t t20 = b[4U * i]; + uint32_t *res_i0 = res + 4U * i; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t1, t20, res_i0); + uint32_t t10 = a[4U * i + 1U]; + uint32_t t21 = b[4U * i + 1U]; + uint32_t *res_i1 = res + 4U * i + 1U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t10, t21, res_i1); + uint32_t t11 = a[4U * i + 2U]; + uint32_t t22 = b[4U * i + 2U]; + uint32_t *res_i2 = res + 4U * i + 2U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t11, t22, res_i2); + uint32_t t12 = a[4U * i + 3U]; + uint32_t t2 = b[4U * i + 3U]; + uint32_t *res_i = res + 4U * i + 3U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t12, t2, res_i); + } + for (uint32_t i = len1 / 4U * 4U; i < len1; i++) + { + uint32_t t1 = a[i]; + uint32_t t2 = b[i]; + uint32_t *res_i = res + i; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c0, t1, t2, res_i); + } + uint32_t c00 = c0; + KRML_CHECK_SIZE(sizeof (uint32_t), len1); + uint32_t *tmp = (uint32_t *)alloca(len1 * sizeof (uint32_t)); + memset(tmp, 0U, len1 * sizeof (uint32_t)); + uint32_t c = 0U; + for (uint32_t i = 0U; i < len1 / 4U; i++) + { + uint32_t t1 = res[4U * i]; + uint32_t t20 = n[4U * i]; + uint32_t *res_i0 = tmp + 4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0); + uint32_t t10 = res[4U * i + 1U]; + uint32_t t21 = n[4U * i + 1U]; + uint32_t *res_i1 = tmp + 4U * i + 1U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1); + uint32_t t11 = res[4U * i + 2U]; + uint32_t t22 = n[4U * i + 2U]; + uint32_t *res_i2 = tmp + 4U * i + 2U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2); + uint32_t t12 = res[4U * i + 3U]; + uint32_t t2 = n[4U * i + 3U]; + uint32_t *res_i = tmp + 4U * i + 3U; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i); + } + for (uint32_t i = len1 / 4U * 4U; i < len1; i++) + { + uint32_t t1 = res[i]; + uint32_t t2 = n[i]; + uint32_t *res_i = tmp + i; + c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t2, res_i); + } + uint32_t c1 = c; + KRML_MAYBE_UNUSED_VAR(c1); + uint32_t c2 = 0U - c00; + for (uint32_t i = 0U; i < len1; i++) + { + uint32_t *os = res; + uint32_t x = (c2 & tmp[i]) | (~c2 & res[i]); + os[i] = x; + } +} + +void +Hacl_Bignum_bn_sub_mod_n_u64( + uint32_t len1, + uint64_t *n, + uint64_t *a, + uint64_t *b, + uint64_t *res +) +{ + uint64_t c0 = 0ULL; + for (uint32_t i = 0U; i < len1 / 4U; i++) + { + uint64_t t1 = a[4U * i]; + uint64_t t20 = b[4U * i]; + uint64_t *res_i0 = res + 4U * i; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t20, res_i0); + uint64_t t10 = a[4U * i + 1U]; + uint64_t t21 = b[4U * i + 1U]; + uint64_t *res_i1 = res + 4U * i + 1U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t10, t21, res_i1); + uint64_t t11 = a[4U * i + 2U]; + uint64_t t22 = b[4U * i + 2U]; + uint64_t *res_i2 = res + 4U * i + 2U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t11, t22, res_i2); + uint64_t t12 = a[4U * i + 3U]; + uint64_t t2 = b[4U * i + 3U]; + uint64_t *res_i = res + 4U * i + 3U; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t12, t2, res_i); + } + for (uint32_t i = len1 / 4U * 4U; i < len1; i++) + { + uint64_t t1 = a[i]; + uint64_t t2 = b[i]; + uint64_t *res_i = res + i; + c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c0, t1, t2, res_i); + } + uint64_t c00 = c0; + KRML_CHECK_SIZE(sizeof (uint64_t), len1); + uint64_t *tmp = (uint64_t *)alloca(len1 * sizeof (uint64_t)); + memset(tmp, 0U, len1 * sizeof (uint64_t)); + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < len1 / 4U; i++) + { + uint64_t t1 = res[4U * i]; + uint64_t t20 = n[4U * i]; + uint64_t *res_i0 = tmp + 4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0); + uint64_t t10 = res[4U * i + 1U]; + uint64_t t21 = n[4U * i + 1U]; + uint64_t *res_i1 = tmp + 4U * i + 1U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1); + uint64_t t11 = res[4U * i + 2U]; + uint64_t t22 = n[4U * i + 2U]; + uint64_t *res_i2 = tmp + 4U * i + 2U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2); + uint64_t t12 = res[4U * i + 3U]; + uint64_t t2 = n[4U * i + 3U]; + uint64_t *res_i = tmp + 4U * i + 3U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i); + } + for (uint32_t i = len1 / 4U * 4U; i < len1; i++) + { + uint64_t t1 = res[i]; + uint64_t t2 = n[i]; + uint64_t *res_i = tmp + i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i); + } + uint64_t c1 = c; + KRML_MAYBE_UNUSED_VAR(c1); + uint64_t c2 = 0ULL - c00; + for (uint32_t i = 0U; i < len1; i++) + { + uint64_t *os = res; + uint64_t x = (c2 & tmp[i]) | (~c2 & res[i]); + os[i] = x; + } +} + +uint32_t Hacl_Bignum_ModInvLimb_mod_inv_uint32(uint32_t n0) +{ + uint32_t alpha = 2147483648U; + uint32_t beta = n0; + uint32_t ub = 0U; + uint32_t vb = 0U; + ub = 1U; + vb = 0U; + for (uint32_t i = 0U; i < 32U; i++) + { + uint32_t us = ub; + uint32_t vs = vb; + uint32_t u_is_odd = 0U - (us & 1U); + uint32_t beta_if_u_is_odd = beta & u_is_odd; + ub = ((us ^ beta_if_u_is_odd) >> 1U) + (us & beta_if_u_is_odd); + uint32_t alpha_if_u_is_odd = alpha & u_is_odd; + vb = (vs >> 1U) + alpha_if_u_is_odd; + } + return vb; +} + +uint64_t Hacl_Bignum_ModInvLimb_mod_inv_uint64(uint64_t n0) +{ + uint64_t alpha = 9223372036854775808ULL; + uint64_t beta = n0; + uint64_t ub = 0ULL; + uint64_t vb = 0ULL; + ub = 1ULL; + vb = 0ULL; + for (uint32_t i = 0U; i < 64U; i++) + { + uint64_t us = ub; + uint64_t vs = vb; + uint64_t u_is_odd = 0ULL - (us & 1ULL); + uint64_t beta_if_u_is_odd = beta & u_is_odd; + ub = ((us ^ beta_if_u_is_odd) >> 1U) + (us & beta_if_u_is_odd); + uint64_t alpha_if_u_is_odd = alpha & u_is_odd; + vb = (vs >> 1U) + alpha_if_u_is_odd; + } + return vb; +} + +uint32_t Hacl_Bignum_Montgomery_bn_check_modulus_u32(uint32_t len, uint32_t *n) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *one = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(one, 0U, len * sizeof (uint32_t)); + memset(one, 0U, len * sizeof (uint32_t)); + one[0U] = 1U; + uint32_t bit0 = n[0U] & 1U; + uint32_t m0 = 0U - bit0; + uint32_t acc = 0U; + for (uint32_t i = 0U; i < len; i++) + { + uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]); + uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))); + } + uint32_t m1 = acc; + return m0 & m1; +} + +void +Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32( + uint32_t len, + uint32_t nBits, + uint32_t *n, + uint32_t *res +) +{ + memset(res, 0U, len * sizeof (uint32_t)); + uint32_t i = nBits / 32U; + uint32_t j = nBits % 32U; + res[i] = res[i] | 1U << j; + for (uint32_t i0 = 0U; i0 < 64U * len - nBits; i0++) + { + Hacl_Bignum_bn_add_mod_n_u32(len, n, res, res, res); + } +} + +static void +bn_mont_reduction_u32(uint32_t len, uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t *res) +{ + uint32_t c0 = 0U; + for (uint32_t i0 = 0U; i0 < len; i0++) + { + uint32_t qj = nInv * c[i0]; + uint32_t *res_j0 = c + i0; + uint32_t c1 = 0U; + for (uint32_t i = 0U; i < len / 4U; i++) + { + uint32_t a_i = n[4U * i]; + uint32_t *res_i0 = res_j0 + 4U * i; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0); + uint32_t a_i0 = n[4U * i + 1U]; + uint32_t *res_i1 = res_j0 + 4U * i + 1U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1); + uint32_t a_i1 = n[4U * i + 2U]; + uint32_t *res_i2 = res_j0 + 4U * i + 2U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2); + uint32_t a_i2 = n[4U * i + 3U]; + uint32_t *res_i = res_j0 + 4U * i + 3U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i); + } + for (uint32_t i = len / 4U * 4U; i < len; i++) + { + uint32_t a_i = n[i]; + uint32_t *res_i = res_j0 + i; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i); + } + uint32_t r = c1; + uint32_t c10 = r; + uint32_t *resb = c + len + i0; + uint32_t res_j = c[len + i0]; + c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb); + } + memcpy(res, c + len, (len + len - len) * sizeof (uint32_t)); + uint32_t c00 = c0; + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(tmp, 0U, len * sizeof (uint32_t)); + uint32_t c1 = 0U; + for (uint32_t i = 0U; i < len / 4U; i++) + { + uint32_t t1 = res[4U * i]; + uint32_t t20 = n[4U * i]; + uint32_t *res_i0 = tmp + 4U * i; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t1, t20, res_i0); + uint32_t t10 = res[4U * i + 1U]; + uint32_t t21 = n[4U * i + 1U]; + uint32_t *res_i1 = tmp + 4U * i + 1U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t10, t21, res_i1); + uint32_t t11 = res[4U * i + 2U]; + uint32_t t22 = n[4U * i + 2U]; + uint32_t *res_i2 = tmp + 4U * i + 2U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t11, t22, res_i2); + uint32_t t12 = res[4U * i + 3U]; + uint32_t t2 = n[4U * i + 3U]; + uint32_t *res_i = tmp + 4U * i + 3U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t12, t2, res_i); + } + for (uint32_t i = len / 4U * 4U; i < len; i++) + { + uint32_t t1 = res[i]; + uint32_t t2 = n[i]; + uint32_t *res_i = tmp + i; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u32(c1, t1, t2, res_i); + } + uint32_t c10 = c1; + uint32_t c2 = c00 - c10; + for (uint32_t i = 0U; i < len; i++) + { + uint32_t *os = res; + uint32_t x = (c2 & res[i]) | (~c2 & tmp[i]); + os[i] = x; + } +} + +void +Hacl_Bignum_Montgomery_bn_to_mont_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv, + uint32_t *r2, + uint32_t *a, + uint32_t *aM +) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(c, 0U, (len + len) * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len); + uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t)); + memset(tmp, 0U, 4U * len * sizeof (uint32_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, a, r2, tmp, c); + bn_mont_reduction_u32(len, n, nInv, c, aM); +} + +void +Hacl_Bignum_Montgomery_bn_from_mont_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv_u64, + uint32_t *aM, + uint32_t *a +) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *tmp = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(tmp, 0U, (len + len) * sizeof (uint32_t)); + memcpy(tmp, aM, len * sizeof (uint32_t)); + bn_mont_reduction_u32(len, n, nInv_u64, tmp, a); +} + +void +Hacl_Bignum_Montgomery_bn_mont_mul_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv_u64, + uint32_t *aM, + uint32_t *bM, + uint32_t *resM +) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(c, 0U, (len + len) * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len); + uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t)); + memset(tmp, 0U, 4U * len * sizeof (uint32_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, aM, bM, tmp, c); + bn_mont_reduction_u32(len, n, nInv_u64, c, resM); +} + +void +Hacl_Bignum_Montgomery_bn_mont_sqr_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv_u64, + uint32_t *aM, + uint32_t *resM +) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(c, 0U, (len + len) * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len); + uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t)); + memset(tmp, 0U, 4U * len * sizeof (uint32_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len, aM, tmp, c); + bn_mont_reduction_u32(len, n, nInv_u64, c, resM); +} + +uint64_t Hacl_Bignum_Montgomery_bn_check_modulus_u64(uint32_t len, uint64_t *n) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *one = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(one, 0U, len * sizeof (uint64_t)); + memset(one, 0U, len * sizeof (uint64_t)); + one[0U] = 1ULL; + uint64_t bit0 = n[0U] & 1ULL; + uint64_t m0 = 0ULL - bit0; + uint64_t acc = 0ULL; + for (uint32_t i = 0U; i < len; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t m1 = acc; + return m0 & m1; +} + +void +Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64( + uint32_t len, + uint32_t nBits, + uint64_t *n, + uint64_t *res +) +{ + memset(res, 0U, len * sizeof (uint64_t)); + uint32_t i = nBits / 64U; + uint32_t j = nBits % 64U; + res[i] = res[i] | 1ULL << j; + for (uint32_t i0 = 0U; i0 < 128U * len - nBits; i0++) + { + Hacl_Bignum_bn_add_mod_n_u64(len, n, res, res, res); + } +} + +static void +bn_mont_reduction_u64(uint32_t len, uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t *res) +{ + uint64_t c0 = 0ULL; + for (uint32_t i0 = 0U; i0 < len; i0++) + { + uint64_t qj = nInv * c[i0]; + uint64_t *res_j0 = c + i0; + uint64_t c1 = 0ULL; + for (uint32_t i = 0U; i < len / 4U; i++) + { + uint64_t a_i = n[4U * i]; + uint64_t *res_i0 = res_j0 + 4U * i; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0); + uint64_t a_i0 = n[4U * i + 1U]; + uint64_t *res_i1 = res_j0 + 4U * i + 1U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1); + uint64_t a_i1 = n[4U * i + 2U]; + uint64_t *res_i2 = res_j0 + 4U * i + 2U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2); + uint64_t a_i2 = n[4U * i + 3U]; + uint64_t *res_i = res_j0 + 4U * i + 3U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i); + } + for (uint32_t i = len / 4U * 4U; i < len; i++) + { + uint64_t a_i = n[i]; + uint64_t *res_i = res_j0 + i; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i); + } + uint64_t r = c1; + uint64_t c10 = r; + uint64_t *resb = c + len + i0; + uint64_t res_j = c[len + i0]; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb); + } + memcpy(res, c + len, (len + len - len) * sizeof (uint64_t)); + uint64_t c00 = c0; + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(tmp, 0U, len * sizeof (uint64_t)); + uint64_t c1 = 0ULL; + for (uint32_t i = 0U; i < len / 4U; i++) + { + uint64_t t1 = res[4U * i]; + uint64_t t20 = n[4U * i]; + uint64_t *res_i0 = tmp + 4U * i; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t20, res_i0); + uint64_t t10 = res[4U * i + 1U]; + uint64_t t21 = n[4U * i + 1U]; + uint64_t *res_i1 = tmp + 4U * i + 1U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t10, t21, res_i1); + uint64_t t11 = res[4U * i + 2U]; + uint64_t t22 = n[4U * i + 2U]; + uint64_t *res_i2 = tmp + 4U * i + 2U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t11, t22, res_i2); + uint64_t t12 = res[4U * i + 3U]; + uint64_t t2 = n[4U * i + 3U]; + uint64_t *res_i = tmp + 4U * i + 3U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t12, t2, res_i); + } + for (uint32_t i = len / 4U * 4U; i < len; i++) + { + uint64_t t1 = res[i]; + uint64_t t2 = n[i]; + uint64_t *res_i = tmp + i; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t2, res_i); + } + uint64_t c10 = c1; + uint64_t c2 = c00 - c10; + for (uint32_t i = 0U; i < len; i++) + { + uint64_t *os = res; + uint64_t x = (c2 & res[i]) | (~c2 & tmp[i]); + os[i] = x; + } +} + +void +Hacl_Bignum_Montgomery_bn_to_mont_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv, + uint64_t *r2, + uint64_t *a, + uint64_t *aM +) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(c, 0U, (len + len) * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len); + uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t)); + memset(tmp, 0U, 4U * len * sizeof (uint64_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, a, r2, tmp, c); + bn_mont_reduction_u64(len, n, nInv, c, aM); +} + +void +Hacl_Bignum_Montgomery_bn_from_mont_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv_u64, + uint64_t *aM, + uint64_t *a +) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *tmp = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(tmp, 0U, (len + len) * sizeof (uint64_t)); + memcpy(tmp, aM, len * sizeof (uint64_t)); + bn_mont_reduction_u64(len, n, nInv_u64, tmp, a); +} + +void +Hacl_Bignum_Montgomery_bn_mont_mul_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv_u64, + uint64_t *aM, + uint64_t *bM, + uint64_t *resM +) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(c, 0U, (len + len) * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len); + uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t)); + memset(tmp, 0U, 4U * len * sizeof (uint64_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, aM, bM, tmp, c); + bn_mont_reduction_u64(len, n, nInv_u64, c, resM); +} + +void +Hacl_Bignum_Montgomery_bn_mont_sqr_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv_u64, + uint64_t *aM, + uint64_t *resM +) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(c, 0U, (len + len) * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len); + uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t)); + memset(tmp, 0U, 4U * len * sizeof (uint64_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len, aM, tmp, c); + bn_mont_reduction_u64(len, n, nInv_u64, c, resM); +} + +void +Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv, + uint32_t *c, + uint32_t *res +) +{ + uint32_t c0 = 0U; + for (uint32_t i0 = 0U; i0 < len; i0++) + { + uint32_t qj = nInv * c[i0]; + uint32_t *res_j0 = c + i0; + uint32_t c1 = 0U; + for (uint32_t i = 0U; i < len / 4U; i++) + { + uint32_t a_i = n[4U * i]; + uint32_t *res_i0 = res_j0 + 4U * i; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i0); + uint32_t a_i0 = n[4U * i + 1U]; + uint32_t *res_i1 = res_j0 + 4U * i + 1U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, qj, c1, res_i1); + uint32_t a_i1 = n[4U * i + 2U]; + uint32_t *res_i2 = res_j0 + 4U * i + 2U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, qj, c1, res_i2); + uint32_t a_i2 = n[4U * i + 3U]; + uint32_t *res_i = res_j0 + 4U * i + 3U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, qj, c1, res_i); + } + for (uint32_t i = len / 4U * 4U; i < len; i++) + { + uint32_t a_i = n[i]; + uint32_t *res_i = res_j0 + i; + c1 = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, qj, c1, res_i); + } + uint32_t r = c1; + uint32_t c10 = r; + uint32_t *resb = c + len + i0; + uint32_t res_j = c[len + i0]; + c0 = Lib_IntTypes_Intrinsics_add_carry_u32(c0, c10, res_j, resb); + } + memcpy(res, c + len, (len + len - len) * sizeof (uint32_t)); + uint32_t c00 = c0; + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(tmp, 0U, len * sizeof (uint32_t)); + uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, res, n, tmp); + KRML_MAYBE_UNUSED_VAR(c1); + uint32_t m = 0U - c00; + for (uint32_t i = 0U; i < len; i++) + { + uint32_t *os = res; + uint32_t x = (m & tmp[i]) | (~m & res[i]); + os[i] = x; + } +} + +static void +bn_almost_mont_mul_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv_u64, + uint32_t *aM, + uint32_t *bM, + uint32_t *resM +) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(c, 0U, (len + len) * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len); + uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t)); + memset(tmp, 0U, 4U * len * sizeof (uint32_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(len, aM, bM, tmp, c); + Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM); +} + +static void +bn_almost_mont_sqr_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv_u64, + uint32_t *aM, + uint32_t *resM +) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *c = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(c, 0U, (len + len) * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), 4U * len); + uint32_t *tmp = (uint32_t *)alloca(4U * len * sizeof (uint32_t)); + memset(tmp, 0U, 4U * len * sizeof (uint32_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len, aM, tmp, c); + Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32(len, n, nInv_u64, c, resM); +} + +void +Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv, + uint64_t *c, + uint64_t *res +) +{ + uint64_t c0 = 0ULL; + for (uint32_t i0 = 0U; i0 < len; i0++) + { + uint64_t qj = nInv * c[i0]; + uint64_t *res_j0 = c + i0; + uint64_t c1 = 0ULL; + for (uint32_t i = 0U; i < len / 4U; i++) + { + uint64_t a_i = n[4U * i]; + uint64_t *res_i0 = res_j0 + 4U * i; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0); + uint64_t a_i0 = n[4U * i + 1U]; + uint64_t *res_i1 = res_j0 + 4U * i + 1U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1); + uint64_t a_i1 = n[4U * i + 2U]; + uint64_t *res_i2 = res_j0 + 4U * i + 2U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2); + uint64_t a_i2 = n[4U * i + 3U]; + uint64_t *res_i = res_j0 + 4U * i + 3U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i); + } + for (uint32_t i = len / 4U * 4U; i < len; i++) + { + uint64_t a_i = n[i]; + uint64_t *res_i = res_j0 + i; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i); + } + uint64_t r = c1; + uint64_t c10 = r; + uint64_t *resb = c + len + i0; + uint64_t res_j = c[len + i0]; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c10, res_j, resb); + } + memcpy(res, c + len, (len + len - len) * sizeof (uint64_t)); + uint64_t c00 = c0; + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(tmp, 0U, len * sizeof (uint64_t)); + uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, res, n, tmp); + KRML_MAYBE_UNUSED_VAR(c1); + uint64_t m = 0ULL - c00; + for (uint32_t i = 0U; i < len; i++) + { + uint64_t *os = res; + uint64_t x = (m & tmp[i]) | (~m & res[i]); + os[i] = x; + } +} + +static void +bn_almost_mont_mul_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv_u64, + uint64_t *aM, + uint64_t *bM, + uint64_t *resM +) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(c, 0U, (len + len) * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len); + uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t)); + memset(tmp, 0U, 4U * len * sizeof (uint64_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(len, aM, bM, tmp, c); + Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM); +} + +static void +bn_almost_mont_sqr_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv_u64, + uint64_t *aM, + uint64_t *resM +) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *c = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(c, 0U, (len + len) * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), 4U * len); + uint64_t *tmp = (uint64_t *)alloca(4U * len * sizeof (uint64_t)); + memset(tmp, 0U, 4U * len * sizeof (uint64_t)); + Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len, aM, tmp, c); + Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64(len, n, nInv_u64, c, resM); +} + +uint32_t +Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32( + uint32_t len, + uint32_t *n, + uint32_t *a, + uint32_t bBits, + uint32_t *b +) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *one = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(one, 0U, len * sizeof (uint32_t)); + memset(one, 0U, len * sizeof (uint32_t)); + one[0U] = 1U; + uint32_t bit0 = n[0U] & 1U; + uint32_t m0 = 0U - bit0; + uint32_t acc0 = 0U; + for (uint32_t i = 0U; i < len; i++) + { + uint32_t beq = FStar_UInt32_eq_mask(one[i], n[i]); + uint32_t blt = ~FStar_UInt32_gte_mask(one[i], n[i]); + acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))); + } + uint32_t m10 = acc0; + uint32_t m00 = m0 & m10; + uint32_t bLen; + if (bBits == 0U) + { + bLen = 1U; + } + else + { + bLen = (bBits - 1U) / 32U + 1U; + } + uint32_t m1; + if (bBits < 32U * bLen) + { + KRML_CHECK_SIZE(sizeof (uint32_t), bLen); + uint32_t *b2 = (uint32_t *)alloca(bLen * sizeof (uint32_t)); + memset(b2, 0U, bLen * sizeof (uint32_t)); + uint32_t i0 = bBits / 32U; + uint32_t j = bBits % 32U; + b2[i0] = b2[i0] | 1U << j; + uint32_t acc = 0U; + for (uint32_t i = 0U; i < bLen; i++) + { + uint32_t beq = FStar_UInt32_eq_mask(b[i], b2[i]); + uint32_t blt = ~FStar_UInt32_gte_mask(b[i], b2[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))); + } + uint32_t res = acc; + m1 = res; + } + else + { + m1 = 0xFFFFFFFFU; + } + uint32_t acc = 0U; + for (uint32_t i = 0U; i < len; i++) + { + uint32_t beq = FStar_UInt32_eq_mask(a[i], n[i]); + uint32_t blt = ~FStar_UInt32_gte_mask(a[i], n[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFU) | (~blt & 0U))); + } + uint32_t m2 = acc; + uint32_t m = m1 & m2; + return m00 & m; +} + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32( + uint32_t len, + uint32_t *n, + uint32_t mu, + uint32_t *r2, + uint32_t *a, + uint32_t bBits, + uint32_t *b, + uint32_t *res +) +{ + if (bBits < 200U) + { + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *aM = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(aM, 0U, len * sizeof (uint32_t)); + Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM); + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *resM = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(resM, 0U, len * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *ctx = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(ctx, 0U, (len + len) * sizeof (uint32_t)); + memcpy(ctx, n, len * sizeof (uint32_t)); + memcpy(ctx + len, r2, len * sizeof (uint32_t)); + uint32_t *ctx_n = ctx; + uint32_t *ctx_r2 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM); + for (uint32_t i = 0U; i < bBits; i++) + { + uint32_t i1 = i / 32U; + uint32_t j = i % 32U; + uint32_t tmp = b[i1]; + uint32_t bit = tmp >> j & 1U; + if (!(bit == 0U)) + { + uint32_t *ctx_n0 = ctx; + bn_almost_mont_mul_u32(len, ctx_n0, mu, resM, aM, resM); + } + uint32_t *ctx_n0 = ctx; + bn_almost_mont_sqr_u32(len, ctx_n0, mu, aM, aM); + } + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res); + return; + } + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *aM = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(aM, 0U, len * sizeof (uint32_t)); + Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM); + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *resM = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(resM, 0U, len * sizeof (uint32_t)); + uint32_t bLen; + if (bBits == 0U) + { + bLen = 1U; + } + else + { + bLen = (bBits - 1U) / 32U + 1U; + } + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *ctx = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(ctx, 0U, (len + len) * sizeof (uint32_t)); + memcpy(ctx, n, len * sizeof (uint32_t)); + memcpy(ctx + len, r2, len * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len); + uint32_t *table = (uint32_t *)alloca(16U * len * sizeof (uint32_t)); + memset(table, 0U, 16U * len * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(tmp, 0U, len * sizeof (uint32_t)); + uint32_t *t0 = table; + uint32_t *t1 = table + len; + uint32_t *ctx_n0 = ctx; + uint32_t *ctx_r20 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n0, mu, ctx_r20, t0); + memcpy(t1, aM, len * sizeof (uint32_t)); + KRML_MAYBE_FOR7(i, + 0U, + 7U, + 1U, + uint32_t *t11 = table + (i + 1U) * len; + uint32_t *ctx_n1 = ctx; + bn_almost_mont_sqr_u32(len, ctx_n1, mu, t11, tmp); + memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint32_t)); + uint32_t *t2 = table + (2U * i + 2U) * len; + uint32_t *ctx_n = ctx; + bn_almost_mont_mul_u32(len, ctx_n, mu, aM, t2, tmp); + memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint32_t));); + if (bBits % 4U != 0U) + { + uint32_t i = bBits / 4U * 4U; + uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i, 4U); + uint32_t bits_l32 = bits_c; + const uint32_t *a_bits_l = table + bits_l32 * len; + memcpy(resM, (uint32_t *)a_bits_l, len * sizeof (uint32_t)); + } + else + { + uint32_t *ctx_n = ctx; + uint32_t *ctx_r2 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM); + } + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *tmp0 = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(tmp0, 0U, len * sizeof (uint32_t)); + for (uint32_t i = 0U; i < bBits / 4U; i++) + { + KRML_MAYBE_FOR4(i0, + 0U, + 4U, + 1U, + uint32_t *ctx_n = ctx; + bn_almost_mont_sqr_u32(len, ctx_n, mu, resM, resM);); + uint32_t k = bBits - bBits % 4U - 4U * i - 4U; + uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U); + uint32_t bits_l32 = bits_l; + const uint32_t *a_bits_l = table + bits_l32 * len; + memcpy(tmp0, (uint32_t *)a_bits_l, len * sizeof (uint32_t)); + uint32_t *ctx_n = ctx; + bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp0, resM); + } + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res); +} + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32( + uint32_t len, + uint32_t *n, + uint32_t mu, + uint32_t *r2, + uint32_t *a, + uint32_t bBits, + uint32_t *b, + uint32_t *res +) +{ + if (bBits < 200U) + { + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *aM = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(aM, 0U, len * sizeof (uint32_t)); + Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM); + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *resM = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(resM, 0U, len * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *ctx = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(ctx, 0U, (len + len) * sizeof (uint32_t)); + memcpy(ctx, n, len * sizeof (uint32_t)); + memcpy(ctx + len, r2, len * sizeof (uint32_t)); + uint32_t sw = 0U; + uint32_t *ctx_n = ctx; + uint32_t *ctx_r2 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM); + for (uint32_t i0 = 0U; i0 < bBits; i0++) + { + uint32_t i1 = (bBits - i0 - 1U) / 32U; + uint32_t j = (bBits - i0 - 1U) % 32U; + uint32_t tmp = b[i1]; + uint32_t bit = tmp >> j & 1U; + uint32_t sw1 = bit ^ sw; + for (uint32_t i = 0U; i < len; i++) + { + uint32_t dummy = (0U - sw1) & (resM[i] ^ aM[i]); + resM[i] = resM[i] ^ dummy; + aM[i] = aM[i] ^ dummy; + } + uint32_t *ctx_n0 = ctx; + bn_almost_mont_mul_u32(len, ctx_n0, mu, aM, resM, aM); + uint32_t *ctx_n1 = ctx; + bn_almost_mont_sqr_u32(len, ctx_n1, mu, resM, resM); + sw = bit; + } + uint32_t sw0 = sw; + for (uint32_t i = 0U; i < len; i++) + { + uint32_t dummy = (0U - sw0) & (resM[i] ^ aM[i]); + resM[i] = resM[i] ^ dummy; + aM[i] = aM[i] ^ dummy; + } + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res); + return; + } + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *aM = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(aM, 0U, len * sizeof (uint32_t)); + Hacl_Bignum_Montgomery_bn_to_mont_u32(len, n, mu, r2, a, aM); + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *resM = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(resM, 0U, len * sizeof (uint32_t)); + uint32_t bLen; + if (bBits == 0U) + { + bLen = 1U; + } + else + { + bLen = (bBits - 1U) / 32U + 1U; + } + KRML_CHECK_SIZE(sizeof (uint32_t), len + len); + uint32_t *ctx = (uint32_t *)alloca((len + len) * sizeof (uint32_t)); + memset(ctx, 0U, (len + len) * sizeof (uint32_t)); + memcpy(ctx, n, len * sizeof (uint32_t)); + memcpy(ctx + len, r2, len * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), 16U * len); + uint32_t *table = (uint32_t *)alloca(16U * len * sizeof (uint32_t)); + memset(table, 0U, 16U * len * sizeof (uint32_t)); + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(tmp, 0U, len * sizeof (uint32_t)); + uint32_t *t0 = table; + uint32_t *t1 = table + len; + uint32_t *ctx_n0 = ctx; + uint32_t *ctx_r20 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n0, mu, ctx_r20, t0); + memcpy(t1, aM, len * sizeof (uint32_t)); + KRML_MAYBE_FOR7(i, + 0U, + 7U, + 1U, + uint32_t *t11 = table + (i + 1U) * len; + uint32_t *ctx_n1 = ctx; + bn_almost_mont_sqr_u32(len, ctx_n1, mu, t11, tmp); + memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint32_t)); + uint32_t *t2 = table + (2U * i + 2U) * len; + uint32_t *ctx_n = ctx; + bn_almost_mont_mul_u32(len, ctx_n, mu, aM, t2, tmp); + memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint32_t));); + if (bBits % 4U != 0U) + { + uint32_t i0 = bBits / 4U * 4U; + uint32_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, i0, 4U); + memcpy(resM, (uint32_t *)(table + 0U * len), len * sizeof (uint32_t)); + KRML_MAYBE_FOR15(i1, + 0U, + 15U, + 1U, + uint32_t c = FStar_UInt32_eq_mask(bits_c, i1 + 1U); + const uint32_t *res_j = table + (i1 + 1U) * len; + for (uint32_t i = 0U; i < len; i++) + { + uint32_t *os = resM; + uint32_t x = (c & res_j[i]) | (~c & resM[i]); + os[i] = x; + }); + } + else + { + uint32_t *ctx_n = ctx; + uint32_t *ctx_r2 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, ctx_n, mu, ctx_r2, resM); + } + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *tmp0 = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(tmp0, 0U, len * sizeof (uint32_t)); + for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++) + { + KRML_MAYBE_FOR4(i, + 0U, + 4U, + 1U, + uint32_t *ctx_n = ctx; + bn_almost_mont_sqr_u32(len, ctx_n, mu, resM, resM);); + uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U; + uint32_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u32(bLen, b, k, 4U); + memcpy(tmp0, (uint32_t *)(table + 0U * len), len * sizeof (uint32_t)); + KRML_MAYBE_FOR15(i1, + 0U, + 15U, + 1U, + uint32_t c = FStar_UInt32_eq_mask(bits_l, i1 + 1U); + const uint32_t *res_j = table + (i1 + 1U) * len; + for (uint32_t i = 0U; i < len; i++) + { + uint32_t *os = tmp0; + uint32_t x = (c & res_j[i]) | (~c & tmp0[i]); + os[i] = x; + }); + uint32_t *ctx_n = ctx; + bn_almost_mont_mul_u32(len, ctx_n, mu, resM, tmp0, resM); + } + Hacl_Bignum_Montgomery_bn_from_mont_u32(len, n, mu, resM, res); +} + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32( + uint32_t len, + uint32_t nBits, + uint32_t *n, + uint32_t *a, + uint32_t bBits, + uint32_t *b, + uint32_t *res +) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *r2 = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(r2, 0U, len * sizeof (uint32_t)); + Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(len, nBits, n, r2); + uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(len, n, mu, r2, a, bBits, b, res); +} + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_u32( + uint32_t len, + uint32_t nBits, + uint32_t *n, + uint32_t *a, + uint32_t bBits, + uint32_t *b, + uint32_t *res +) +{ + KRML_CHECK_SIZE(sizeof (uint32_t), len); + uint32_t *r2 = (uint32_t *)alloca(len * sizeof (uint32_t)); + memset(r2, 0U, len * sizeof (uint32_t)); + Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32(len, nBits, n, r2); + uint32_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint32(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32(len, n, mu, r2, a, bBits, b, res); +} + +uint64_t +Hacl_Bignum_Exponentiation_bn_check_mod_exp_u64( + uint32_t len, + uint64_t *n, + uint64_t *a, + uint32_t bBits, + uint64_t *b +) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *one = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(one, 0U, len * sizeof (uint64_t)); + memset(one, 0U, len * sizeof (uint64_t)); + one[0U] = 1ULL; + uint64_t bit0 = n[0U] & 1ULL; + uint64_t m0 = 0ULL - bit0; + uint64_t acc0 = 0ULL; + for (uint32_t i = 0U; i < len; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(one[i], n[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(one[i], n[i]); + acc0 = (beq & acc0) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t m10 = acc0; + uint64_t m00 = m0 & m10; + uint32_t bLen; + if (bBits == 0U) + { + bLen = 1U; + } + else + { + bLen = (bBits - 1U) / 64U + 1U; + } + uint64_t m1; + if (bBits < 64U * bLen) + { + KRML_CHECK_SIZE(sizeof (uint64_t), bLen); + uint64_t *b2 = (uint64_t *)alloca(bLen * sizeof (uint64_t)); + memset(b2, 0U, bLen * sizeof (uint64_t)); + uint32_t i0 = bBits / 64U; + uint32_t j = bBits % 64U; + b2[i0] = b2[i0] | 1ULL << j; + uint64_t acc = 0ULL; + for (uint32_t i = 0U; i < bLen; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t res = acc; + m1 = res; + } + else + { + m1 = 0xFFFFFFFFFFFFFFFFULL; + } + uint64_t acc = 0ULL; + for (uint32_t i = 0U; i < len; i++) + { + uint64_t beq = FStar_UInt64_eq_mask(a[i], n[i]); + uint64_t blt = ~FStar_UInt64_gte_mask(a[i], n[i]); + acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); + } + uint64_t m2 = acc; + uint64_t m = m1 & m2; + return m00 & m; +} + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64( + uint32_t len, + uint64_t *n, + uint64_t mu, + uint64_t *r2, + uint64_t *a, + uint32_t bBits, + uint64_t *b, + uint64_t *res +) +{ + if (bBits < 200U) + { + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *aM = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(aM, 0U, len * sizeof (uint64_t)); + Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM); + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *resM = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(resM, 0U, len * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *ctx = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(ctx, 0U, (len + len) * sizeof (uint64_t)); + memcpy(ctx, n, len * sizeof (uint64_t)); + memcpy(ctx + len, r2, len * sizeof (uint64_t)); + uint64_t *ctx_n = ctx; + uint64_t *ctx_r2 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM); + for (uint32_t i = 0U; i < bBits; i++) + { + uint32_t i1 = i / 64U; + uint32_t j = i % 64U; + uint64_t tmp = b[i1]; + uint64_t bit = tmp >> j & 1ULL; + if (!(bit == 0ULL)) + { + uint64_t *ctx_n0 = ctx; + bn_almost_mont_mul_u64(len, ctx_n0, mu, resM, aM, resM); + } + uint64_t *ctx_n0 = ctx; + bn_almost_mont_sqr_u64(len, ctx_n0, mu, aM, aM); + } + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res); + return; + } + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *aM = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(aM, 0U, len * sizeof (uint64_t)); + Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM); + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *resM = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(resM, 0U, len * sizeof (uint64_t)); + uint32_t bLen; + if (bBits == 0U) + { + bLen = 1U; + } + else + { + bLen = (bBits - 1U) / 64U + 1U; + } + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *ctx = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(ctx, 0U, (len + len) * sizeof (uint64_t)); + memcpy(ctx, n, len * sizeof (uint64_t)); + memcpy(ctx + len, r2, len * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len); + uint64_t *table = (uint64_t *)alloca(16U * len * sizeof (uint64_t)); + memset(table, 0U, 16U * len * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(tmp, 0U, len * sizeof (uint64_t)); + uint64_t *t0 = table; + uint64_t *t1 = table + len; + uint64_t *ctx_n0 = ctx; + uint64_t *ctx_r20 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n0, mu, ctx_r20, t0); + memcpy(t1, aM, len * sizeof (uint64_t)); + KRML_MAYBE_FOR7(i, + 0U, + 7U, + 1U, + uint64_t *t11 = table + (i + 1U) * len; + uint64_t *ctx_n1 = ctx; + bn_almost_mont_sqr_u64(len, ctx_n1, mu, t11, tmp); + memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint64_t)); + uint64_t *t2 = table + (2U * i + 2U) * len; + uint64_t *ctx_n = ctx; + bn_almost_mont_mul_u64(len, ctx_n, mu, aM, t2, tmp); + memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint64_t));); + if (bBits % 4U != 0U) + { + uint32_t i = bBits / 4U * 4U; + uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i, 4U); + uint32_t bits_l32 = (uint32_t)bits_c; + const uint64_t *a_bits_l = table + bits_l32 * len; + memcpy(resM, (uint64_t *)a_bits_l, len * sizeof (uint64_t)); + } + else + { + uint64_t *ctx_n = ctx; + uint64_t *ctx_r2 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM); + } + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *tmp0 = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(tmp0, 0U, len * sizeof (uint64_t)); + for (uint32_t i = 0U; i < bBits / 4U; i++) + { + KRML_MAYBE_FOR4(i0, + 0U, + 4U, + 1U, + uint64_t *ctx_n = ctx; + bn_almost_mont_sqr_u64(len, ctx_n, mu, resM, resM);); + uint32_t k = bBits - bBits % 4U - 4U * i - 4U; + uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U); + uint32_t bits_l32 = (uint32_t)bits_l; + const uint64_t *a_bits_l = table + bits_l32 * len; + memcpy(tmp0, (uint64_t *)a_bits_l, len * sizeof (uint64_t)); + uint64_t *ctx_n = ctx; + bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp0, resM); + } + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res); +} + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64( + uint32_t len, + uint64_t *n, + uint64_t mu, + uint64_t *r2, + uint64_t *a, + uint32_t bBits, + uint64_t *b, + uint64_t *res +) +{ + if (bBits < 200U) + { + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *aM = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(aM, 0U, len * sizeof (uint64_t)); + Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM); + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *resM = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(resM, 0U, len * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *ctx = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(ctx, 0U, (len + len) * sizeof (uint64_t)); + memcpy(ctx, n, len * sizeof (uint64_t)); + memcpy(ctx + len, r2, len * sizeof (uint64_t)); + uint64_t sw = 0ULL; + uint64_t *ctx_n = ctx; + uint64_t *ctx_r2 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM); + for (uint32_t i0 = 0U; i0 < bBits; i0++) + { + uint32_t i1 = (bBits - i0 - 1U) / 64U; + uint32_t j = (bBits - i0 - 1U) % 64U; + uint64_t tmp = b[i1]; + uint64_t bit = tmp >> j & 1ULL; + uint64_t sw1 = bit ^ sw; + for (uint32_t i = 0U; i < len; i++) + { + uint64_t dummy = (0ULL - sw1) & (resM[i] ^ aM[i]); + resM[i] = resM[i] ^ dummy; + aM[i] = aM[i] ^ dummy; + } + uint64_t *ctx_n0 = ctx; + bn_almost_mont_mul_u64(len, ctx_n0, mu, aM, resM, aM); + uint64_t *ctx_n1 = ctx; + bn_almost_mont_sqr_u64(len, ctx_n1, mu, resM, resM); + sw = bit; + } + uint64_t sw0 = sw; + for (uint32_t i = 0U; i < len; i++) + { + uint64_t dummy = (0ULL - sw0) & (resM[i] ^ aM[i]); + resM[i] = resM[i] ^ dummy; + aM[i] = aM[i] ^ dummy; + } + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res); + return; + } + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *aM = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(aM, 0U, len * sizeof (uint64_t)); + Hacl_Bignum_Montgomery_bn_to_mont_u64(len, n, mu, r2, a, aM); + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *resM = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(resM, 0U, len * sizeof (uint64_t)); + uint32_t bLen; + if (bBits == 0U) + { + bLen = 1U; + } + else + { + bLen = (bBits - 1U) / 64U + 1U; + } + KRML_CHECK_SIZE(sizeof (uint64_t), len + len); + uint64_t *ctx = (uint64_t *)alloca((len + len) * sizeof (uint64_t)); + memset(ctx, 0U, (len + len) * sizeof (uint64_t)); + memcpy(ctx, n, len * sizeof (uint64_t)); + memcpy(ctx + len, r2, len * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), 16U * len); + uint64_t *table = (uint64_t *)alloca(16U * len * sizeof (uint64_t)); + memset(table, 0U, 16U * len * sizeof (uint64_t)); + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(tmp, 0U, len * sizeof (uint64_t)); + uint64_t *t0 = table; + uint64_t *t1 = table + len; + uint64_t *ctx_n0 = ctx; + uint64_t *ctx_r20 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n0, mu, ctx_r20, t0); + memcpy(t1, aM, len * sizeof (uint64_t)); + KRML_MAYBE_FOR7(i, + 0U, + 7U, + 1U, + uint64_t *t11 = table + (i + 1U) * len; + uint64_t *ctx_n1 = ctx; + bn_almost_mont_sqr_u64(len, ctx_n1, mu, t11, tmp); + memcpy(table + (2U * i + 2U) * len, tmp, len * sizeof (uint64_t)); + uint64_t *t2 = table + (2U * i + 2U) * len; + uint64_t *ctx_n = ctx; + bn_almost_mont_mul_u64(len, ctx_n, mu, aM, t2, tmp); + memcpy(table + (2U * i + 3U) * len, tmp, len * sizeof (uint64_t));); + if (bBits % 4U != 0U) + { + uint32_t i0 = bBits / 4U * 4U; + uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, i0, 4U); + memcpy(resM, (uint64_t *)(table + 0U * len), len * sizeof (uint64_t)); + KRML_MAYBE_FOR15(i1, + 0U, + 15U, + 1U, + uint64_t c = FStar_UInt64_eq_mask(bits_c, (uint64_t)(i1 + 1U)); + const uint64_t *res_j = table + (i1 + 1U) * len; + for (uint32_t i = 0U; i < len; i++) + { + uint64_t *os = resM; + uint64_t x = (c & res_j[i]) | (~c & resM[i]); + os[i] = x; + }); + } + else + { + uint64_t *ctx_n = ctx; + uint64_t *ctx_r2 = ctx + len; + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, ctx_n, mu, ctx_r2, resM); + } + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *tmp0 = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(tmp0, 0U, len * sizeof (uint64_t)); + for (uint32_t i0 = 0U; i0 < bBits / 4U; i0++) + { + KRML_MAYBE_FOR4(i, + 0U, + 4U, + 1U, + uint64_t *ctx_n = ctx; + bn_almost_mont_sqr_u64(len, ctx_n, mu, resM, resM);); + uint32_t k = bBits - bBits % 4U - 4U * i0 - 4U; + uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64(bLen, b, k, 4U); + memcpy(tmp0, (uint64_t *)(table + 0U * len), len * sizeof (uint64_t)); + KRML_MAYBE_FOR15(i1, + 0U, + 15U, + 1U, + uint64_t c = FStar_UInt64_eq_mask(bits_l, (uint64_t)(i1 + 1U)); + const uint64_t *res_j = table + (i1 + 1U) * len; + for (uint32_t i = 0U; i < len; i++) + { + uint64_t *os = tmp0; + uint64_t x = (c & res_j[i]) | (~c & tmp0[i]); + os[i] = x; + }); + uint64_t *ctx_n = ctx; + bn_almost_mont_mul_u64(len, ctx_n, mu, resM, tmp0, resM); + } + Hacl_Bignum_Montgomery_bn_from_mont_u64(len, n, mu, resM, res); +} + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64( + uint32_t len, + uint32_t nBits, + uint64_t *n, + uint64_t *a, + uint32_t bBits, + uint64_t *b, + uint64_t *res +) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *r2 = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(r2, 0U, len * sizeof (uint64_t)); + Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(len, nBits, n, r2); + uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(len, n, mu, r2, a, bBits, b, res); +} + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_u64( + uint32_t len, + uint32_t nBits, + uint64_t *n, + uint64_t *a, + uint32_t bBits, + uint64_t *b, + uint64_t *res +) +{ + KRML_CHECK_SIZE(sizeof (uint64_t), len); + uint64_t *r2 = (uint64_t *)alloca(len * sizeof (uint64_t)); + memset(r2, 0U, len * sizeof (uint64_t)); + Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64(len, nBits, n, r2); + uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); + Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64(len, n, mu, r2, a, bBits, b, res); +} + diff --git a/crypto/hacl_bignum.h b/crypto/hacl_bignum.h index 056eca048dbd9..c739898260752 100644 --- a/crypto/hacl_bignum.h +++ b/crypto/hacl_bignum.h @@ -15,7 +15,7 @@ Hacl_Bignum_Base_mul_wide_add2_u32(uint32_t a, uint32_t b, uint32_t c_in, uint32 uint32_t out0 = out[0U]; uint64_t res = (uint64_t)a * (uint64_t)b + (uint64_t)c_in + (uint64_t)out0; out[0U] = (uint32_t)res; - return (uint32_t)(res >> (uint32_t)32U); + return (uint32_t)(res >> 32U); } static inline uint64_t @@ -28,22 +28,22 @@ Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64 FStar_UInt128_uint64_to_uint128(c_in)), FStar_UInt128_uint64_to_uint128(out0)); out[0U] = FStar_UInt128_uint128_to_uint64(res); - return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)); + return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)); } static inline void Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t *res) { - uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; - uint32_t tmpLen = (uint32_t)8U * bnLen; + uint32_t bnLen = (len - 1U) / 8U + 1U; + uint32_t tmpLen = 8U * bnLen; KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen); - uint8_t tmp[tmpLen]; + uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t)); memset(tmp, 0U, tmpLen * sizeof (uint8_t)); memcpy(tmp + tmpLen - len, b, len * sizeof (uint8_t)); - for (uint32_t i = (uint32_t)0U; i < bnLen; i++) + for (uint32_t i = 0U; i < bnLen; i++) { uint64_t *os = res; - uint64_t u = load64_be(tmp + (bnLen - i - (uint32_t)1U) * (uint32_t)8U); + uint64_t u = load64_be(tmp + (bnLen - i - 1U) * 8U); uint64_t x = u; os[i] = x; } @@ -52,24 +52,24 @@ Hacl_Bignum_Convert_bn_from_bytes_be_uint64(uint32_t len, uint8_t *b, uint64_t * static inline void Hacl_Bignum_Convert_bn_to_bytes_be_uint64(uint32_t len, uint64_t *b, uint8_t *res) { - uint32_t bnLen = (len - (uint32_t)1U) / (uint32_t)8U + (uint32_t)1U; - uint32_t tmpLen = (uint32_t)8U * bnLen; + uint32_t bnLen = (len - 1U) / 8U + 1U; + uint32_t tmpLen = 8U * bnLen; KRML_CHECK_SIZE(sizeof (uint8_t), tmpLen); - uint8_t tmp[tmpLen]; + uint8_t *tmp = (uint8_t *)alloca(tmpLen * sizeof (uint8_t)); memset(tmp, 0U, tmpLen * sizeof (uint8_t)); - for (uint32_t i = (uint32_t)0U; i < bnLen; i++) + for (uint32_t i = 0U; i < bnLen; i++) { - store64_be(tmp + i * (uint32_t)8U, b[bnLen - i - (uint32_t)1U]); + store64_be(tmp + i * 8U, b[bnLen - i - 1U]); } memcpy(res, tmp + tmpLen - len, len * sizeof (uint8_t)); } static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32_t *b) { - uint32_t priv = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < len; i++) + uint32_t priv = 0U; + for (uint32_t i = 0U; i < len; i++) { - uint32_t mask = FStar_UInt32_eq_mask(b[i], (uint32_t)0U); + uint32_t mask = FStar_UInt32_eq_mask(b[i], 0U); priv = (mask & priv) | (~mask & i); } return priv; @@ -77,10 +77,10 @@ static inline uint32_t Hacl_Bignum_Lib_bn_get_top_index_u32(uint32_t len, uint32 static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64_t *b) { - uint64_t priv = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < len; i++) + uint64_t priv = 0ULL; + for (uint32_t i = 0U; i < len; i++) { - uint64_t mask = FStar_UInt64_eq_mask(b[i], (uint64_t)0U); + uint64_t mask = FStar_UInt64_eq_mask(b[i], 0ULL); priv = (mask & priv) | (~mask & (uint64_t)i); } return priv; @@ -89,63 +89,63 @@ static inline uint64_t Hacl_Bignum_Lib_bn_get_top_index_u64(uint32_t len, uint64 static inline uint32_t Hacl_Bignum_Lib_bn_get_bits_u32(uint32_t len, uint32_t *b, uint32_t i, uint32_t l) { - uint32_t i1 = i / (uint32_t)32U; - uint32_t j = i % (uint32_t)32U; + uint32_t i1 = i / 32U; + uint32_t j = i % 32U; uint32_t p1 = b[i1] >> j; uint32_t ite; - if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) + if (i1 + 1U < len && 0U < j) { - ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)32U - j); + ite = p1 | b[i1 + 1U] << (32U - j); } else { ite = p1; } - return ite & (((uint32_t)1U << l) - (uint32_t)1U); + return ite & ((1U << l) - 1U); } static inline uint64_t Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t l) { - uint32_t i1 = i / (uint32_t)64U; - uint32_t j = i % (uint32_t)64U; + uint32_t i1 = i / 64U; + uint32_t j = i % 64U; uint64_t p1 = b[i1] >> j; uint64_t ite; - if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) + if (i1 + 1U < len && 0U < j) { - ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)64U - j); + ite = p1 | b[i1 + 1U] << (64U - j); } else { ite = p1; } - return ite & (((uint64_t)1U << l) - (uint64_t)1U); + return ite & ((1ULL << l) - 1ULL); } static inline uint32_t Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res) { - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint32_t t1 = a[(uint32_t)4U * i]; - uint32_t t20 = b[(uint32_t)4U * i]; - uint32_t *res_i0 = res + (uint32_t)4U * i; + uint32_t t1 = a[4U * i]; + uint32_t t20 = b[4U * i]; + uint32_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, t20, res_i0); - uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint32_t t10 = a[4U * i + 1U]; + uint32_t t21 = b[4U * i + 1U]; + uint32_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t10, t21, res_i1); - uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint32_t t11 = a[4U * i + 2U]; + uint32_t t22 = b[4U * i + 2U]; + uint32_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t11, t22, res_i2); - uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint32_t t12 = a[4U * i + 3U]; + uint32_t t2 = b[4U * i + 3U]; + uint32_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint32_t t1 = a[i]; uint32_t t2 = b[i]; @@ -158,27 +158,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, static inline uint64_t Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) { - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t t1 = a[(uint32_t)4U * i]; - uint64_t t20 = b[(uint32_t)4U * i]; - uint64_t *res_i0 = res + (uint32_t)4U * i; + uint64_t t1 = a[4U * i]; + uint64_t t20 = b[4U * i]; + uint64_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); - uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint64_t t10 = a[4U * i + 1U]; + uint64_t t21 = b[4U * i + 1U]; + uint64_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); - uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint64_t t11 = a[4U * i + 2U]; + uint64_t t22 = b[4U * i + 2U]; + uint64_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); - uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint64_t t12 = a[4U * i + 3U]; + uint64_t t2 = b[4U * i + 3U]; + uint64_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint64_t t1 = a[i]; uint64_t t2 = b[i]; @@ -191,27 +191,27 @@ Hacl_Bignum_Addition_bn_sub_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, static inline uint32_t Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, uint32_t *res) { - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint32_t t1 = a[(uint32_t)4U * i]; - uint32_t t20 = b[(uint32_t)4U * i]; - uint32_t *res_i0 = res + (uint32_t)4U * i; + uint32_t t1 = a[4U * i]; + uint32_t t20 = b[4U * i]; + uint32_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t20, res_i0); - uint32_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint32_t t10 = a[4U * i + 1U]; + uint32_t t21 = b[4U * i + 1U]; + uint32_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t10, t21, res_i1); - uint32_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint32_t t11 = a[4U * i + 2U]; + uint32_t t22 = b[4U * i + 2U]; + uint32_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t11, t22, res_i2); - uint32_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint32_t t12 = a[4U * i + 3U]; + uint32_t t2 = b[4U * i + 3U]; + uint32_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint32_t t1 = a[i]; uint32_t t2 = b[i]; @@ -224,27 +224,27 @@ Hacl_Bignum_Addition_bn_add_eq_len_u32(uint32_t aLen, uint32_t *a, uint32_t *b, static inline uint64_t Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) { - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t t1 = a[(uint32_t)4U * i]; - uint64_t t20 = b[(uint32_t)4U * i]; - uint64_t *res_i0 = res + (uint32_t)4U * i; + uint64_t t1 = a[4U * i]; + uint64_t t20 = b[4U * i]; + uint64_t *res_i0 = res + 4U * i; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0); - uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + uint64_t t10 = a[4U * i + 1U]; + uint64_t t21 = b[4U * i + 1U]; + uint64_t *res_i1 = res + 4U * i + 1U; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1); - uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + uint64_t t11 = a[4U * i + 2U]; + uint64_t t22 = b[4U * i + 2U]; + uint64_t *res_i2 = res + 4U * i + 2U; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2); - uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + uint64_t t12 = a[4U * i + 3U]; + uint64_t t2 = b[4U * i + 3U]; + uint64_t *res_i = res + 4U * i + 3U; c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint64_t t1 = a[i]; uint64_t t2 = b[i]; @@ -264,27 +264,27 @@ Hacl_Bignum_Multiplication_bn_mul_u32( ) { memset(res, 0U, (aLen + bLen) * sizeof (uint32_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) + for (uint32_t i0 = 0U; i0 < bLen; i0++) { uint32_t bj = b[i0]; uint32_t *res_j = res + i0; - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint32_t a_i = a[(uint32_t)4U * i]; - uint32_t *res_i0 = res_j + (uint32_t)4U * i; + uint32_t a_i = a[4U * i]; + uint32_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, bj, c, res_i0); - uint32_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint32_t a_i0 = a[4U * i + 1U]; + uint32_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, bj, c, res_i1); - uint32_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint32_t a_i1 = a[4U * i + 2U]; + uint32_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, bj, c, res_i2); - uint32_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint32_t a_i2 = a[4U * i + 3U]; + uint32_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, bj, c, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint32_t a_i = a[i]; uint32_t *res_i = res_j + i; @@ -305,27 +305,27 @@ Hacl_Bignum_Multiplication_bn_mul_u64( ) { memset(res, 0U, (aLen + bLen) * sizeof (uint64_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < bLen; i0++) + for (uint32_t i0 = 0U; i0 < bLen; i0++) { uint64_t bj = b[i0]; uint64_t *res_j = res + i0; - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t a_i = a[(uint32_t)4U * i]; - uint64_t *res_i0 = res_j + (uint32_t)4U * i; + uint64_t a_i = a[4U * i]; + uint64_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0); - uint64_t a_i0 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint64_t a_i0 = a[4U * i + 1U]; + uint64_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1); - uint64_t a_i1 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint64_t a_i1 = a[4U * i + 2U]; + uint64_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2); - uint64_t a_i2 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint64_t a_i2 = a[4U * i + 3U]; + uint64_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i); } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) + for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { uint64_t a_i = a[i]; uint64_t *res_i = res_j + i; @@ -340,28 +340,28 @@ static inline void Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res) { memset(res, 0U, (aLen + aLen) * sizeof (uint32_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) + for (uint32_t i0 = 0U; i0 < aLen; i0++) { uint32_t *ab = a; uint32_t a_j = a[i0]; uint32_t *res_j = res + i0; - uint32_t c = (uint32_t)0U; - for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) + uint32_t c = 0U; + for (uint32_t i = 0U; i < i0 / 4U; i++) { - uint32_t a_i = ab[(uint32_t)4U * i]; - uint32_t *res_i0 = res_j + (uint32_t)4U * i; + uint32_t a_i = ab[4U * i]; + uint32_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i, a_j, c, res_i0); - uint32_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; - uint32_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint32_t a_i0 = ab[4U * i + 1U]; + uint32_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i0, a_j, c, res_i1); - uint32_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; - uint32_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint32_t a_i1 = ab[4U * i + 2U]; + uint32_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i1, a_j, c, res_i2); - uint32_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; - uint32_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint32_t a_i2 = ab[4U * i + 3U]; + uint32_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u32(a_i2, a_j, c, res_i); } - for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) + for (uint32_t i = i0 / 4U * 4U; i < i0; i++) { uint32_t a_i = ab[i]; uint32_t *res_i = res_j + i; @@ -371,48 +371,48 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res) res[i0 + i0] = r; } uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res); - KRML_HOST_IGNORE(c0); + KRML_MAYBE_UNUSED_VAR(c0); KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen); - uint32_t tmp[aLen + aLen]; + uint32_t *tmp = (uint32_t *)alloca((aLen + aLen) * sizeof (uint32_t)); memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t)); - for (uint32_t i = (uint32_t)0U; i < aLen; i++) + for (uint32_t i = 0U; i < aLen; i++) { uint64_t res1 = (uint64_t)a[i] * (uint64_t)a[i]; - uint32_t hi = (uint32_t)(res1 >> (uint32_t)32U); + uint32_t hi = (uint32_t)(res1 >> 32U); uint32_t lo = (uint32_t)res1; - tmp[(uint32_t)2U * i] = lo; - tmp[(uint32_t)2U * i + (uint32_t)1U] = hi; + tmp[2U * i] = lo; + tmp[2U * i + 1U] = hi; } uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res); - KRML_HOST_IGNORE(c1); + KRML_MAYBE_UNUSED_VAR(c1); } static inline void Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res) { memset(res, 0U, (aLen + aLen) * sizeof (uint64_t)); - for (uint32_t i0 = (uint32_t)0U; i0 < aLen; i0++) + for (uint32_t i0 = 0U; i0 < aLen; i0++) { uint64_t *ab = a; uint64_t a_j = a[i0]; uint64_t *res_j = res + i0; - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) + uint64_t c = 0ULL; + for (uint32_t i = 0U; i < i0 / 4U; i++) { - uint64_t a_i = ab[(uint32_t)4U * i]; - uint64_t *res_i0 = res_j + (uint32_t)4U * i; + uint64_t a_i = ab[4U * i]; + uint64_t *res_i0 = res_j + 4U * i; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0); - uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res_j + (uint32_t)4U * i + (uint32_t)1U; + uint64_t a_i0 = ab[4U * i + 1U]; + uint64_t *res_i1 = res_j + 4U * i + 1U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1); - uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res_j + (uint32_t)4U * i + (uint32_t)2U; + uint64_t a_i1 = ab[4U * i + 2U]; + uint64_t *res_i2 = res_j + 4U * i + 2U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2); - uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res_j + (uint32_t)4U * i + (uint32_t)3U; + uint64_t a_i2 = ab[4U * i + 3U]; + uint64_t *res_i = res_j + 4U * i + 3U; c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i); } - for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; i++) + for (uint32_t i = i0 / 4U * 4U; i < i0; i++) { uint64_t a_i = ab[i]; uint64_t *res_i = res_j + i; @@ -422,20 +422,336 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res) res[i0 + i0] = r; } uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res); - KRML_HOST_IGNORE(c0); + KRML_MAYBE_UNUSED_VAR(c0); KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen); - uint64_t tmp[aLen + aLen]; + uint64_t *tmp = (uint64_t *)alloca((aLen + aLen) * sizeof (uint64_t)); memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t)); - for (uint32_t i = (uint32_t)0U; i < aLen; i++) + for (uint32_t i = 0U; i < aLen; i++) { FStar_UInt128_uint128 res1 = FStar_UInt128_mul_wide(a[i], a[i]); - uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, (uint32_t)64U)); + uint64_t hi = FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res1, 64U)); uint64_t lo = FStar_UInt128_uint128_to_uint64(res1); - tmp[(uint32_t)2U * i] = lo; - tmp[(uint32_t)2U * i + (uint32_t)1U] = hi; + tmp[2U * i] = lo; + tmp[2U * i + 1U] = hi; } uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res); - KRML_HOST_IGNORE(c1); + KRML_MAYBE_UNUSED_VAR(c1); } +typedef struct Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32_s +{ + uint32_t len; + uint32_t *n; + uint32_t mu; + uint32_t *r2; +} +Hacl_Bignum_MontArithmetic_bn_mont_ctx_u32; + +typedef struct Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64_s +{ + uint32_t len; + uint64_t *n; + uint64_t mu; + uint64_t *r2; +} +Hacl_Bignum_MontArithmetic_bn_mont_ctx_u64; + +void +Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32( + uint32_t aLen, + uint32_t *a, + uint32_t *b, + uint32_t *tmp, + uint32_t *res +); + +void +Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64( + uint32_t aLen, + uint64_t *a, + uint64_t *b, + uint64_t *tmp, + uint64_t *res +); + +void +Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32( + uint32_t aLen, + uint32_t *a, + uint32_t *tmp, + uint32_t *res +); + +void +Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64( + uint32_t aLen, + uint64_t *a, + uint64_t *tmp, + uint64_t *res +); + +void +Hacl_Bignum_bn_add_mod_n_u32( + uint32_t len1, + uint32_t *n, + uint32_t *a, + uint32_t *b, + uint32_t *res +); + +void +Hacl_Bignum_bn_add_mod_n_u64( + uint32_t len1, + uint64_t *n, + uint64_t *a, + uint64_t *b, + uint64_t *res +); + +void +Hacl_Bignum_bn_sub_mod_n_u32( + uint32_t len1, + uint32_t *n, + uint32_t *a, + uint32_t *b, + uint32_t *res +); + +void +Hacl_Bignum_bn_sub_mod_n_u64( + uint32_t len1, + uint64_t *n, + uint64_t *a, + uint64_t *b, + uint64_t *res +); + +uint32_t Hacl_Bignum_ModInvLimb_mod_inv_uint32(uint32_t n0); + +uint64_t Hacl_Bignum_ModInvLimb_mod_inv_uint64(uint64_t n0); + +uint32_t Hacl_Bignum_Montgomery_bn_check_modulus_u32(uint32_t len, uint32_t *n); + +void +Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u32( + uint32_t len, + uint32_t nBits, + uint32_t *n, + uint32_t *res +); + +void +Hacl_Bignum_Montgomery_bn_to_mont_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv, + uint32_t *r2, + uint32_t *a, + uint32_t *aM +); + +void +Hacl_Bignum_Montgomery_bn_from_mont_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv_u64, + uint32_t *aM, + uint32_t *a +); + +void +Hacl_Bignum_Montgomery_bn_mont_mul_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv_u64, + uint32_t *aM, + uint32_t *bM, + uint32_t *resM +); + +void +Hacl_Bignum_Montgomery_bn_mont_sqr_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv_u64, + uint32_t *aM, + uint32_t *resM +); + +uint64_t Hacl_Bignum_Montgomery_bn_check_modulus_u64(uint32_t len, uint64_t *n); + +void +Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64( + uint32_t len, + uint32_t nBits, + uint64_t *n, + uint64_t *res +); + +void +Hacl_Bignum_Montgomery_bn_to_mont_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv, + uint64_t *r2, + uint64_t *a, + uint64_t *aM +); + +void +Hacl_Bignum_Montgomery_bn_from_mont_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv_u64, + uint64_t *aM, + uint64_t *a +); + +void +Hacl_Bignum_Montgomery_bn_mont_mul_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv_u64, + uint64_t *aM, + uint64_t *bM, + uint64_t *resM +); + +void +Hacl_Bignum_Montgomery_bn_mont_sqr_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv_u64, + uint64_t *aM, + uint64_t *resM +); + +void +Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u32( + uint32_t len, + uint32_t *n, + uint32_t nInv, + uint32_t *c, + uint32_t *res +); + +void +Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64( + uint32_t len, + uint64_t *n, + uint64_t nInv, + uint64_t *c, + uint64_t *res +); + +uint32_t +Hacl_Bignum_Exponentiation_bn_check_mod_exp_u32( + uint32_t len, + uint32_t *n, + uint32_t *a, + uint32_t bBits, + uint32_t *b +); + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32( + uint32_t len, + uint32_t *n, + uint32_t mu, + uint32_t *r2, + uint32_t *a, + uint32_t bBits, + uint32_t *b, + uint32_t *res +); + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u32( + uint32_t len, + uint32_t *n, + uint32_t mu, + uint32_t *r2, + uint32_t *a, + uint32_t bBits, + uint32_t *b, + uint32_t *res +); + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32( + uint32_t len, + uint32_t nBits, + uint32_t *n, + uint32_t *a, + uint32_t bBits, + uint32_t *b, + uint32_t *res +); + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_u32( + uint32_t len, + uint32_t nBits, + uint32_t *n, + uint32_t *a, + uint32_t bBits, + uint32_t *b, + uint32_t *res +); + +uint64_t +Hacl_Bignum_Exponentiation_bn_check_mod_exp_u64( + uint32_t len, + uint64_t *n, + uint64_t *a, + uint32_t bBits, + uint64_t *b +); + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64( + uint32_t len, + uint64_t *n, + uint64_t mu, + uint64_t *r2, + uint64_t *a, + uint32_t bBits, + uint64_t *b, + uint64_t *res +); + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64( + uint32_t len, + uint64_t *n, + uint64_t mu, + uint64_t *r2, + uint64_t *a, + uint32_t bBits, + uint64_t *b, + uint64_t *res +); + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64( + uint32_t len, + uint32_t nBits, + uint64_t *n, + uint64_t *a, + uint32_t bBits, + uint64_t *b, + uint64_t *res +); + +void +Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_u64( + uint32_t len, + uint32_t nBits, + uint64_t *n, + uint64_t *a, + uint32_t bBits, + uint64_t *b, + uint64_t *res +); + #endif From 617a78e5476073a03bc820b4477a8b33c1c70246 Mon Sep 17 00:00:00 2001 From: Karthik Bhargavan Date: Thu, 30 Nov 2023 06:45:29 +0100 Subject: [PATCH 18/53] hacl rsa compiles --- crypto/Kconfig | 9 + crypto/Makefile | 1 + crypto/hacl-rsa-msvc.c | 416 ------------------------------------ crypto/hacl_bignum.c | 25 +-- crypto/hacl_lib.h | 66 +++++- crypto/hacl_rsa.h | 2 +- crypto/rsa-hacl-generated.c | 16 +- crypto/rsa-hacl.c | 86 ++++---- 8 files changed, 128 insertions(+), 493 deletions(-) delete mode 100644 crypto/hacl-rsa-msvc.c diff --git a/crypto/Kconfig b/crypto/Kconfig index 620708f428f26..78ece1ce483b6 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -246,6 +246,15 @@ endmenu menu "Public-key cryptography" config CRYPTO_RSA + tristate "RSA (Rivest-Shamir-Adleman)" + select CRYPTO_AKCIPHER + select CRYPTO_MANAGER + select MPILIB + select ASN1 + help + RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) from HACL* + +config CRYPTO_RSA_HACL tristate "RSA (Rivest-Shamir-Adleman)" select CRYPTO_AKCIPHER select CRYPTO_MANAGER diff --git a/crypto/Makefile b/crypto/Makefile index d5f138f34e46d..e3b896b6d8316 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -45,6 +45,7 @@ obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o rsa_hacl-y := rsapubkey.asn1.o rsa_hacl-y += rsaprivkey.asn1.o +rsa_hacl-y += hacl_bignum.o rsa_hacl-y += rsa-hacl-generated.o rsa_hacl-y += rsa_helper.o rsa_hacl-y += rsa-hacl.o diff --git a/crypto/hacl-rsa-msvc.c b/crypto/hacl-rsa-msvc.c deleted file mode 100644 index 2d5d427f28194..0000000000000 --- a/crypto/hacl-rsa-msvc.c +++ /dev/null @@ -1,416 +0,0 @@ -/* MIT License - * - * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation - * Copyright (c) 2022-2023 HACL* Contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - - -#include "internal/Hacl_RSA.h" - -#include "internal/Hacl_Bignum_Base.h" -#include "internal/Hacl_Bignum.h" - -static inline uint64_t check_num_bits_u64(uint32_t bs, uint64_t *b) -{ - uint32_t bLen = (bs - 1U) / 64U + 1U; - if (bs == 64U * bLen) - { - return 0xFFFFFFFFFFFFFFFFULL; - } - KRML_CHECK_SIZE(sizeof (uint64_t), bLen); - uint64_t *b2 = (uint64_t *)alloca(bLen * sizeof (uint64_t)); - memset(b2, 0U, bLen * sizeof (uint64_t)); - uint32_t i0 = bs / 64U; - uint32_t j = bs % 64U; - b2[i0] = b2[i0] | 1ULL << j; - uint64_t acc = 0ULL; - for (uint32_t i = 0U; i < bLen; i++) - { - uint64_t beq = FStar_UInt64_eq_mask(b[i], b2[i]); - uint64_t blt = ~FStar_UInt64_gte_mask(b[i], b2[i]); - acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); - } - uint64_t res = acc; - return res; -} - -uint64_t Hacl_Impl_RSA_Keys_check_modulus_u64(uint32_t modBits, uint64_t *n) -{ - uint32_t nLen = (modBits - 1U) / 64U + 1U; - uint64_t bits0 = n[0U] & 1ULL; - uint64_t m0 = 0ULL - bits0; - KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t *b2 = (uint64_t *)alloca(nLen * sizeof (uint64_t)); - memset(b2, 0U, nLen * sizeof (uint64_t)); - uint32_t i0 = (modBits - 1U) / 64U; - uint32_t j = (modBits - 1U) % 64U; - b2[i0] = b2[i0] | 1ULL << j; - uint64_t acc = 0ULL; - for (uint32_t i = 0U; i < nLen; i++) - { - uint64_t beq = FStar_UInt64_eq_mask(b2[i], n[i]); - uint64_t blt = ~FStar_UInt64_gte_mask(b2[i], n[i]); - acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); - } - uint64_t res = acc; - uint64_t m1 = res; - uint64_t m2 = check_num_bits_u64(modBits, n); - return m0 & (m1 & m2); -} - -uint64_t Hacl_Impl_RSA_Keys_check_exponent_u64(uint32_t eBits, uint64_t *e) -{ - uint32_t eLen = (eBits - 1U) / 64U + 1U; - KRML_CHECK_SIZE(sizeof (uint64_t), eLen); - uint64_t *bn_zero = (uint64_t *)alloca(eLen * sizeof (uint64_t)); - memset(bn_zero, 0U, eLen * sizeof (uint64_t)); - uint64_t mask = 0xFFFFFFFFFFFFFFFFULL; - for (uint32_t i = 0U; i < eLen; i++) - { - uint64_t uu____0 = FStar_UInt64_eq_mask(e[i], bn_zero[i]); - mask = uu____0 & mask; - } - uint64_t mask1 = mask; - uint64_t res = mask1; - uint64_t m0 = res; - uint64_t m1 = check_num_bits_u64(eBits, e); - return ~m0 & m1; -} - -/** -Decrypt a message `cipher` and write the plaintext to `plain`. - -@param modBits Count of bits in the modulus (`n`). -@param eBits Count of bits in `e` value. -@param dBits Count of bits in `d` value. -@param skey Pointer to secret key created by `Hacl_RSA_new_rsa_load_skey`. -@param cipher Pointer to `ceil(modBits - 1 / 8)` bytes where the ciphertext is read from. -@param plain Pointer to `ceil(modBits / 8)` bytes where the plaintext is written to. - -@return Returns true if and only if decryption was successful. -*/ -bool -Hacl_RSA_rsa_dec( - uint32_t modBits, - uint32_t eBits, - uint32_t dBits, - uint64_t *skey, - uint8_t *cipher, - uint8_t *plain -) -{ - uint32_t nLen = (modBits - 1U) / 64U + 1U; - uint32_t emBits = modBits - 1U; - uint32_t emLen = (emBits - 1U) / 8U + 1U; - uint32_t k = (modBits - 1U) / 8U + 1U; - KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t *m = (uint64_t *)alloca(nLen * sizeof (uint64_t)); - memset(m, 0U, nLen * sizeof (uint64_t)); - KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t *s = (uint64_t *)alloca(nLen * sizeof (uint64_t)); - memset(s, 0U, nLen * sizeof (uint64_t)); - KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t *m_ = (uint64_t *)alloca(nLen * sizeof (uint64_t)); - memset(m_, 0U, nLen * sizeof (uint64_t)); - Hacl_Bignum_Convert_bn_from_bytes_be_uint64(emLen, cipher, m); - uint32_t nLen1 = (modBits - 1U) / 64U + 1U; - uint32_t eLen = (eBits - 1U) / 64U + 1U; - uint64_t *n = skey; - uint64_t *r2 = skey + nLen1; - uint64_t *e = skey + nLen1 + nLen1; - uint64_t *d = skey + nLen1 + nLen1 + eLen; - uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); - Hacl_Bignum_Exponentiation_bn_mod_exp_consttime_precomp_u64((modBits - 1U) / 64U + 1U, - n, - mu, - r2, - m, - dBits, - d, - s); - uint64_t mu0 = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); - Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U, - n, - mu0, - r2, - s, - eBits, - e, - m_); - uint64_t mask = 0xFFFFFFFFFFFFFFFFULL; - for (uint32_t i = 0U; i < nLen1; i++) - { - uint64_t uu____0 = FStar_UInt64_eq_mask(m[i], m_[i]); - mask = uu____0 & mask; - } - uint64_t mask1 = mask; - uint64_t eq_m = mask1; - for (uint32_t i = 0U; i < nLen1; i++) - { - uint64_t *os = s; - uint64_t x = s[i]; - uint64_t x0 = eq_m & x; - os[i] = x0; - } - bool eq_b = eq_m == 0xFFFFFFFFFFFFFFFFULL; - Hacl_Bignum_Convert_bn_to_bytes_be_uint64(k, s, plain); - return eq_b; -} - -/** -Encrypt a message `plain` and write the ciphertext to `cipher`. - -@param modBits Count of bits in the modulus (`n`). -@param eBits Count of bits in `e` value. -@param dBits Count of bits in `d` value. -@param skey Pointer to secret key created by `Hacl_RSA_new_rsa_load_skey`. -@param plain Pointer to `ceil(modBits / 8)` bytes where the plaintext is written to. -@param cipher Pointer to `ceil(modBits - 1 / 8)` bytes where the ciphertext is read from. - -@return Returns true if and only if decryption was successful. -*/ -bool -Hacl_RSA_rsa_enc( - uint32_t modBits, - uint32_t eBits, - uint64_t *pkey, - uint8_t *plain, - uint8_t *cipher -) -{ - uint32_t nLen = (modBits - 1U) / 64U + 1U; - uint32_t k = (modBits - 1U) / 8U + 1U; - uint32_t emBits = modBits - 1U; - uint32_t emLen = (emBits - 1U) / 8U + 1U; - KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t *s = (uint64_t *)alloca(nLen * sizeof (uint64_t)); - memset(s, 0U, nLen * sizeof (uint64_t)); - KRML_CHECK_SIZE(sizeof (uint64_t), (modBits - 1U) / 64U + 1U); - uint64_t *m = (uint64_t *)alloca(((modBits - 1U) / 64U + 1U) * sizeof (uint64_t)); - memset(m, 0U, ((modBits - 1U) / 64U + 1U) * sizeof (uint64_t)); - Hacl_Bignum_Convert_bn_from_bytes_be_uint64(k, plain, s); - uint32_t nLen1 = (modBits - 1U) / 64U + 1U; - uint64_t *n = pkey; - uint64_t *r2 = pkey + nLen1; - uint64_t *e = pkey + nLen1 + nLen1; - uint64_t acc = 0ULL; - for (uint32_t i = 0U; i < nLen1; i++) - { - uint64_t beq = FStar_UInt64_eq_mask(s[i], n[i]); - uint64_t blt = ~FStar_UInt64_gte_mask(s[i], n[i]); - acc = (beq & acc) | (~beq & ((blt & 0xFFFFFFFFFFFFFFFFULL) | (~blt & 0ULL))); - } - uint64_t mask = acc; - bool res; - if (mask == 0xFFFFFFFFFFFFFFFFULL) - { - uint64_t mu = Hacl_Bignum_ModInvLimb_mod_inv_uint64(n[0U]); - Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64((modBits - 1U) / 64U + 1U, - n, - mu, - r2, - s, - eBits, - e, - m); - bool ite; - if (!((modBits - 1U) % 8U == 0U)) - { - ite = true; - } - else - { - uint32_t i = (modBits - 1U) / 64U; - uint32_t j = (modBits - 1U) % 64U; - uint64_t tmp = m[i]; - uint64_t get_bit = tmp >> j & 1ULL; - ite = get_bit == 0ULL; - } - if (ite) - { - res = true; - } - else - { - res = false; - } - } - else - { - res = false; - } - bool b = res; - uint64_t *m1 = m; - Hacl_Bignum_Convert_bn_to_bytes_be_uint64(emLen, m1, cipher); - return b; -} - -/** -Load a public key from key parts. - -@param modBits Count of bits in modulus (`n`). -@param eBits Count of bits in `e` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. - -@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. -*/ -uint64_t -*Hacl_RSA_new_rsa_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb) -{ - bool ite; - if (1U < modBits && 0U < eBits) - { - uint32_t nLen = (modBits - 1U) / 64U + 1U; - uint32_t eLen = (eBits - 1U) / 64U + 1U; - ite = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen; - } - else - { - ite = false; - } - if (!ite) - { - return NULL; - } - uint32_t nLen = (modBits - 1U) / 64U + 1U; - uint32_t eLen = (eBits - 1U) / 64U + 1U; - uint32_t pkeyLen = nLen + nLen + eLen; - KRML_CHECK_SIZE(sizeof (uint64_t), pkeyLen); - uint64_t *pkey = (uint64_t *)KRML_HOST_CALLOC(pkeyLen, sizeof (uint64_t)); - if (pkey == NULL) - { - return pkey; - } - uint64_t *pkey1 = pkey; - uint64_t *pkey2 = pkey1; - uint32_t nbLen = (modBits - 1U) / 8U + 1U; - uint32_t ebLen = (eBits - 1U) / 8U + 1U; - uint32_t nLen1 = (modBits - 1U) / 64U + 1U; - uint64_t *n = pkey2; - uint64_t *r2 = pkey2 + nLen1; - uint64_t *e = pkey2 + nLen1 + nLen1; - Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen, nb, n); - Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2); - Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen, eb, e); - uint64_t m0 = Hacl_Impl_RSA_Keys_check_modulus_u64(modBits, n); - uint64_t m1 = Hacl_Impl_RSA_Keys_check_exponent_u64(eBits, e); - uint64_t m = m0 & m1; - bool b = m == 0xFFFFFFFFFFFFFFFFULL; - if (b) - { - return pkey2; - } - KRML_HOST_FREE(pkey2); - return NULL; -} - -/** -Load a secret key from key parts. - -@param modBits Count of bits in modulus (`n`). -@param eBits Count of bits in `e` value. -@param dBits Count of bits in `d` value. -@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from. -@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from. -@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from. - -@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key. -*/ -uint64_t -*Hacl_RSA_new_rsa_load_skey( - uint32_t modBits, - uint32_t eBits, - uint32_t dBits, - uint8_t *nb, - uint8_t *eb, - uint8_t *db -) -{ - bool ite0; - if (1U < modBits && 0U < eBits) - { - uint32_t nLen = (modBits - 1U) / 64U + 1U; - uint32_t eLen = (eBits - 1U) / 64U + 1U; - ite0 = nLen <= 33554431U && eLen <= 67108863U && nLen + nLen <= 0xffffffffU - eLen; - } - else - { - ite0 = false; - } - bool ite; - if (ite0 && 0U < dBits) - { - uint32_t nLen = (modBits - 1U) / 64U + 1U; - uint32_t eLen = (eBits - 1U) / 64U + 1U; - uint32_t dLen = (dBits - 1U) / 64U + 1U; - ite = dLen <= 67108863U && 2U * nLen <= 0xffffffffU - eLen - dLen; - } - else - { - ite = false; - } - if (!ite) - { - return NULL; - } - uint32_t nLen = (modBits - 1U) / 64U + 1U; - uint32_t eLen = (eBits - 1U) / 64U + 1U; - uint32_t dLen = (dBits - 1U) / 64U + 1U; - uint32_t skeyLen = nLen + nLen + eLen + dLen; - KRML_CHECK_SIZE(sizeof (uint64_t), skeyLen); - uint64_t *skey = (uint64_t *)KRML_HOST_CALLOC(skeyLen, sizeof (uint64_t)); - if (skey == NULL) - { - return skey; - } - uint64_t *skey1 = skey; - uint64_t *skey2 = skey1; - uint32_t dbLen = (dBits - 1U) / 8U + 1U; - uint32_t nLen1 = (modBits - 1U) / 64U + 1U; - uint32_t eLen1 = (eBits - 1U) / 64U + 1U; - uint32_t pkeyLen = nLen1 + nLen1 + eLen1; - uint64_t *pkey = skey2; - uint64_t *d = skey2 + pkeyLen; - uint32_t nbLen1 = (modBits - 1U) / 8U + 1U; - uint32_t ebLen1 = (eBits - 1U) / 8U + 1U; - uint32_t nLen2 = (modBits - 1U) / 64U + 1U; - uint64_t *n = pkey; - uint64_t *r2 = pkey + nLen2; - uint64_t *e = pkey + nLen2 + nLen2; - Hacl_Bignum_Convert_bn_from_bytes_be_uint64(nbLen1, nb, n); - Hacl_Bignum_Montgomery_bn_precomp_r2_mod_n_u64((modBits - 1U) / 64U + 1U, modBits - 1U, n, r2); - Hacl_Bignum_Convert_bn_from_bytes_be_uint64(ebLen1, eb, e); - uint64_t m0 = Hacl_Impl_RSA_Keys_check_modulus_u64(modBits, n); - uint64_t m10 = Hacl_Impl_RSA_Keys_check_exponent_u64(eBits, e); - uint64_t m = m0 & m10; - bool b = m == 0xFFFFFFFFFFFFFFFFULL; - Hacl_Bignum_Convert_bn_from_bytes_be_uint64(dbLen, db, d); - uint64_t m1 = Hacl_Impl_RSA_Keys_check_exponent_u64(dBits, d); - bool b0 = b && m1 == 0xFFFFFFFFFFFFFFFFULL; - if (b0) - { - return skey2; - } - KRML_HOST_FREE(skey2); - return NULL; -} - diff --git a/crypto/hacl_bignum.c b/crypto/hacl_bignum.c index b99423f38bb77..c5f59d9731a6b 100644 --- a/crypto/hacl_bignum.c +++ b/crypto/hacl_bignum.c @@ -1,32 +1,11 @@ -/* MIT License +/* GPLv2 or MIT License * * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation * Copyright (c) 2022-2023 HACL* Contributors * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in all - * copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. */ - -#include "internal/Hacl_Bignum.h" - -#include "internal/Hacl_Krmllib.h" -#include "internal/Hacl_Bignum_Base.h" +#include "hacl_bignum.h" void Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32( diff --git a/crypto/hacl_lib.h b/crypto/hacl_lib.h index fb60d284f7010..3d2ffbb311d1f 100644 --- a/crypto/hacl_lib.h +++ b/crypto/hacl_lib.h @@ -12,6 +12,9 @@ #include #include #include +#include + +#define alloca __builtin_alloca typedef u128 FStar_UInt128_uint128; @@ -42,7 +45,35 @@ inline static u128 FStar_UInt128_shift_right(u128 x, u32 y) { return x >> y; } -static u64 FStar_UInt64_eq_mask(u64 a, u64 b) +#define KRML_NOINLINE noinline __maybe_unused +#define KRML_MAYBE_UNUSED_VAR(x) (void)(x) +#define KRML_HOST_CALLOC(x,y) kcalloc(x,y,GFP_KERNEL) +#define KRML_HOST_FREE(x) kfree(x) + +static KRML_NOINLINE u32 FStar_UInt32_eq_mask(u32 a, u32 b) +{ + u32 x = a ^ b; + u32 minus_x = ~x + (u32)1U; + u32 x_or_minus_x = x | minus_x; + u32 xnx = x_or_minus_x >> (u32)31U; + return xnx - (u32)1U; +} + +static KRML_NOINLINE u32 FStar_UInt32_gte_mask(u32 a, u32 b) +{ + u32 x = a; + u32 y = b; + u32 x_xor_y = x ^ y; + u32 x_sub_y = x - y; + u32 x_sub_y_xor_y = x_sub_y ^ y; + u32 q = x_xor_y | x_sub_y_xor_y; + u32 x_xor_q = x ^ q; + u32 x_xor_q_ = x_xor_q >> (u32)31U; + return x_xor_q_ - (u32)1U; +} + + +static KRML_NOINLINE u64 FStar_UInt64_eq_mask(u64 a, u64 b) { u64 x = a ^ b; u64 minus_x = ~x + (u64)1U; @@ -51,7 +82,7 @@ static u64 FStar_UInt64_eq_mask(u64 a, u64 b) return xnx - (u64)1U; } -static u64 FStar_UInt64_gte_mask(u64 a, u64 b) +static KRML_NOINLINE u64 FStar_UInt64_gte_mask(u64 a, u64 b) { u64 x = a; u64 y = b; @@ -64,6 +95,25 @@ static u64 FStar_UInt64_gte_mask(u64 a, u64 b) return x_xor_q_ - (u64)1U; } +static inline uint32_t +Hacl_IntTypes_Intrinsics_add_carry_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r) +{ + uint64_t res = (uint64_t)x + (uint64_t)cin + (uint64_t)y; + uint32_t c = (uint32_t)(res >> 32U); + r[0U] = (uint32_t)res; + return c; +} + +static inline uint32_t +Hacl_IntTypes_Intrinsics_sub_borrow_u32(uint32_t cin, uint32_t x, uint32_t y, uint32_t *r) +{ + uint64_t res = (uint64_t)x - (uint64_t)y - (uint64_t)cin; + uint32_t c = (uint32_t)(res >> 32U) & 1U; + r[0U] = (uint32_t)res; + return c; +} + + static inline uint64_t Hacl_IntTypes_Intrinsics_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) { @@ -87,6 +137,12 @@ Hacl_IntTypes_Intrinsics_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, uin return c; } +#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ + (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)) + +#define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \ + (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4)) + #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \ (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)) @@ -114,6 +170,8 @@ static inline void store128_be(u8 *buf, u128 x) store64_be(buf + 8, (u64)(x)); } +#define KRML_CHECK_SIZE(size_elt, sz) {} + /* Macros for prettier unrolling of loops */ #define KRML_LOOP1(i, n, x) \ { \ @@ -182,13 +240,13 @@ static inline void store128_be(u8 *buf, u128 x) #define KRML_UNROLL_FOR(i, z, n, k, x) \ do { \ - uint32_t i = z; \ + u32 i = z; \ KRML_LOOP##n(i, k, x) \ } while (0) #define KRML_ACTUAL_FOR(i, z, n, k, x) \ do { \ - for (uint32_t i = z; i < n; i += k) { \ + for (u32 i = z; i < n; i += k) { \ x \ } \ } while (0) diff --git a/crypto/hacl_rsa.h b/crypto/hacl_rsa.h index bbdcf01477d5c..4c68b10c71f1d 100644 --- a/crypto/hacl_rsa.h +++ b/crypto/hacl_rsa.h @@ -66,7 +66,7 @@ Load a public key from key parts. uint64_t *Hacl_RSA_new_rsa_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb); -l/** +/** Load a secret key from key parts. @param modBits Count of bits in modulus (`n`). diff --git a/crypto/rsa-hacl-generated.c b/crypto/rsa-hacl-generated.c index 285df0f74cf09..551868b5dbcd5 100644 --- a/crypto/rsa-hacl-generated.c +++ b/crypto/rsa-hacl-generated.c @@ -15,7 +15,7 @@ static inline uint64_t check_num_bits_u64(uint32_t bs, uint64_t *b) return 0xFFFFFFFFFFFFFFFFULL; } KRML_CHECK_SIZE(sizeof (uint64_t), bLen); - uint64_t b2[bLen]; + uint64_t *b2 = (uint64_t *)alloca(bLen * sizeof (uint64_t)); memset(b2, 0U, bLen * sizeof (uint64_t)); uint32_t i0 = bs / 64U; uint32_t j = bs % 64U; @@ -37,7 +37,7 @@ uint64_t Hacl_Impl_RSA_Keys_check_modulus_u64(uint32_t modBits, uint64_t *n) uint64_t bits0 = n[0U] & 1ULL; uint64_t m0 = 0ULL - bits0; KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t b2[nLen]; + uint64_t *b2 = (uint64_t *)alloca(nLen * sizeof (uint64_t)); memset(b2, 0U, nLen * sizeof (uint64_t)); uint32_t i0 = (modBits - 1U) / 64U; uint32_t j = (modBits - 1U) % 64U; @@ -59,7 +59,7 @@ uint64_t Hacl_Impl_RSA_Keys_check_exponent_u64(uint32_t eBits, uint64_t *e) { uint32_t eLen = (eBits - 1U) / 64U + 1U; KRML_CHECK_SIZE(sizeof (uint64_t), eLen); - uint64_t bn_zero[eLen]; + uint64_t *bn_zero = (uint64_t *)alloca(eLen * sizeof (uint64_t)); memset(bn_zero, 0U, eLen * sizeof (uint64_t)); uint64_t mask = 0xFFFFFFFFFFFFFFFFULL; for (uint32_t i = 0U; i < eLen; i++) @@ -101,13 +101,13 @@ Hacl_RSA_rsa_dec( uint32_t emLen = (emBits - 1U) / 8U + 1U; uint32_t k = (modBits - 1U) / 8U + 1U; KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t m[nLen]; + uint64_t *m = (uint64_t *)alloca(nLen * sizeof (uint64_t)); memset(m, 0U, nLen * sizeof (uint64_t)); KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t s[nLen]; + uint64_t *s = (uint64_t *)alloca(nLen * sizeof (uint64_t)); memset(s, 0U, nLen * sizeof (uint64_t)); KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t m_[nLen]; + uint64_t *m_ = (uint64_t *)alloca(nLen * sizeof (uint64_t)); memset(m_, 0U, nLen * sizeof (uint64_t)); Hacl_Bignum_Convert_bn_from_bytes_be_uint64(emLen, cipher, m); uint32_t nLen1 = (modBits - 1U) / 64U + 1U; @@ -180,10 +180,10 @@ Hacl_RSA_rsa_enc( uint32_t emBits = modBits - 1U; uint32_t emLen = (emBits - 1U) / 8U + 1U; KRML_CHECK_SIZE(sizeof (uint64_t), nLen); - uint64_t s[nLen]; + uint64_t *s = (uint64_t *)alloca(nLen * sizeof (uint64_t)); memset(s, 0U, nLen * sizeof (uint64_t)); KRML_CHECK_SIZE(sizeof (uint64_t), (modBits - 1U) / 64U + 1U); - uint64_t m[(modBits - 1U) / 64U + 1U]; + uint64_t *m = (uint64_t *)alloca(((modBits - 1U) / 64U + 1U) * sizeof (uint64_t)); memset(m, 0U, ((modBits - 1U) / 64U + 1U) * sizeof (uint64_t)); Hacl_Bignum_Convert_bn_from_bytes_be_uint64(k, plain, s); uint32_t nLen1 = (modBits - 1U) / 64U + 1U; diff --git a/crypto/rsa-hacl.c b/crypto/rsa-hacl.c index f52f45e54fd2d..77047d148e8cd 100644 --- a/crypto/rsa-hacl.c +++ b/crypto/rsa-hacl.c @@ -26,7 +26,7 @@ struct hacl_rsa_key { uint8_t *nb; uint8_t *eb; uint8_t *db; -} +}; static inline struct hacl_rsa_key *rsa_get_key(struct crypto_akcipher *tfm) { @@ -51,21 +51,32 @@ static int rsa_enc(struct akcipher_request *req) goto done; } - uint64_t *pk = HACL_RSA_new_rsa_load_pkey(pkey->modBits,pkey->eBits,pkey->nb,pkey->eb); + unsigned char* buffer = kmalloc(req->src_len + req->dst_len, GFP_KERNEL); + if (!buffer) + return -ENOMEM; + sg_copy_to_buffer(req->src, + sg_nents_for_len(req->src, req->src_len), + buffer, req->src_len); + + uint64_t *pk = Hacl_RSA_new_rsa_load_pkey(pkey->modBits,pkey->eBits,pkey->nb,pkey->eb); if (!pk) { ret = -EINVAL; goto done; } - ret = HACL_RSA_rsa_enc(pkey->modBits,pkey->eBits,pk, req->src, req->dst); + ret = Hacl_RSA_rsa_enc(pkey->modBits,pkey->eBits,pk, buffer, buffer+req->src_len); if (!ret) ret = -EBADMSG; - free(pk); + sg_copy_from_buffer(req->dst, + sg_nents_for_len(req->dst, req->dst_len), + buffer+req->src_len, req->dst_len); + kfree(pk); - done: return ret; + done: kfree(buffer); + return ret; } static int rsa_dec(struct akcipher_request *req) @@ -86,52 +97,45 @@ static int rsa_dec(struct akcipher_request *req) goto done; } - uint64_t *sk = HACL_RSA_new_rsa_load_skey(skey->modBits,skey->eBits,skey->dBits,skey->nb,skey->eb,skey->db); + unsigned char* buffer = kmalloc(req->src_len + req->dst_len, GFP_KERNEL); + if (!buffer) + return -ENOMEM; + sg_copy_to_buffer(req->src, + sg_nents_for_len(req->src, req->src_len), + buffer, req->src_len); + + uint64_t *sk = Hacl_RSA_new_rsa_load_skey(skey->modBits,skey->eBits,skey->dBits,skey->nb,skey->eb,skey->db); if (!sk) { ret = -EINVAL; goto done; } - ret = HACL_RSA_rsa_dec(skey->modBits,skey->eBits,skey->dBits,sk,req->src,req->dst); + ret = Hacl_RSA_rsa_dec(skey->modBits,skey->eBits,skey->dBits,sk,buffer,buffer+req->src_len); if (!ret) ret = -EBADMSG; - free(sk); + sg_copy_from_buffer(req->dst, + sg_nents_for_len(req->dst, req->dst_len), + buffer+req->src_len, req->dst_len); + + kfree(sk); - done: return ret; + done: kfree(buffer); + return ret; } static void rsa_free_key(struct hacl_rsa_key *key) { - free(key->db); - free(key->eb); - free(key->nb); + kfree(key->db); + kfree(key->eb); + kfree(key->nb); key->db = NULL; key->eb = NULL; key->nb = NULL; } -static int rsa_check_key_length(unsigned int len) -{ - switch (len) { - case 512: - case 1024: - case 1536: - if (fips_enabled) - return -EINVAL; - fallthrough; - case 2048: - case 3072: - case 4096: - return 0; - } - - return -EINVAL; -} - - static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { @@ -149,8 +153,8 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, pkey->modBits = raw_key.n_sz * 8; pkey->eBits = raw_key.e_sz * 8; - pkey->nb = raw_key.n; - pkey->eb = raw_key.e; + pkey->nb = (uint8_t*) raw_key.n; + pkey->eb = (uint8_t*) raw_key.e; if (!pkey->nb || !pkey->eb) goto err; @@ -180,9 +184,9 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, skey->modBits = raw_key.n_sz * 8; skey->eBits = raw_key.e_sz * 8; skey->dBits = raw_key.d_sz * 8; - skey->nb = raw_key.n; - skey->eb = raw_key.e; - skey->db = raw_key.d; + skey->nb = (uint8_t*) raw_key.n; + skey->eb = (uint8_t*) raw_key.e; + skey->db = (uint8_t*) raw_key.d; if (!skey->nb || !skey->eb || !skey->db) goto err; @@ -196,14 +200,14 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, static unsigned int rsa_max_size(struct crypto_akcipher *tfm) { - struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); + struct hacl_rsa_key *pkey = akcipher_tfm_ctx(tfm); - return mpi_get_size(pkey->modBits); + return pkey->modBits; } static void rsa_exit_tfm(struct crypto_akcipher *tfm) { - struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); + struct hacl_rsa_key *pkey = akcipher_tfm_ctx(tfm); rsa_free_key(pkey); } @@ -228,7 +232,7 @@ static int __init hacl_rsa_init(void) { int err; - err = crypto_register_akcipher(&rsa); + err = crypto_register_akcipher(&hacl_rsa); if (err) return err; @@ -237,7 +241,7 @@ static int __init hacl_rsa_init(void) static void __exit hacl_rsa_exit(void) { - crypto_unregister_akcipher(&rsa); + crypto_unregister_akcipher(&hacl_rsa); } subsys_initcall(hacl_rsa_init); From b4168a7e2bec3e481cbfda36a9123a322fba7d66 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 30 Nov 2023 10:06:42 +0100 Subject: [PATCH 19/53] config - remove again --- .config | 5188 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 5188 insertions(+) create mode 100644 .config diff --git a/.config b/.config new file mode 100644 index 0000000000000..18d57badcc76e --- /dev/null +++ b/.config @@ -0,0 +1,5188 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 6.5.4 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=110400 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23800 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=23800 +CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y +CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y +CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y +CONFIG_TOOLS_SUPPORT_RELR=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_PAHOLE_VERSION=0 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +CONFIG_WERROR=y +CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION_AUTO=y +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_HAVE_KERNEL_ZSTD=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +# CONFIG_KERNEL_ZSTD is not set +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_SYSVIPC_COMPAT=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +# CONFIG_WATCH_QUEUE is not set +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_USELIB is not set +CONFIG_AUDIT=y +CONFIG_HAVE_ARCH_AUDITSYSCALL=y +CONFIG_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_PENDING_IRQ=y +CONFIG_GENERIC_IRQ_MIGRATION=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_IRQ_MSI_IOMMU=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# CONFIG_GENERIC_IRQ_DEBUGFS is not set +# end of IRQ subsystem + +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_INIT=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_CONTEXT_TRACKING_IDLE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ_FULL is not set +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=125 +# end of Timers subsystem + +CONFIG_BPF=y +CONFIG_HAVE_EBPF_JIT=y +CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y + +# +# BPF subsystem +# +# CONFIG_BPF_SYSCALL is not set +# CONFIG_BPF_JIT is not set +# end of BPF subsystem + +CONFIG_PREEMPT_BUILD=y +# CONFIG_PREEMPT_NONE is not set +CONFIG_PREEMPT_VOLUNTARY=y +# CONFIG_PREEMPT is not set +CONFIG_PREEMPT_COUNT=y +CONFIG_PREEMPTION=y +CONFIG_PREEMPT_DYNAMIC=y +# CONFIG_SCHED_CORE is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +# CONFIG_BSD_PROCESS_ACCT_V3 is not set +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y +# CONFIG_PSI is not set +# end of CPU/Task time and stats accounting + +CONFIG_CPU_ISOLATION=y + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +CONFIG_PREEMPT_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_TREE_SRCU=y +CONFIG_TASKS_RCU_GENERIC=y +CONFIG_TASKS_RCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +# end of RCU Subsystem + +# CONFIG_IKCONFIG is not set +# CONFIG_IKHEADERS is not set +CONFIG_LOG_BUF_SHIFT=18 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +# CONFIG_PRINTK_INDEX is not set +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y + +# +# Scheduler features +# +# CONFIG_UCLAMP_TASK is not set +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_CC_HAS_INT128=y +CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_CC_NO_ARRAY_BOUNDS=y +CONFIG_ARCH_SUPPORTS_INT128=y +# CONFIG_NUMA_BALANCING is not set +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +# CONFIG_CGROUP_FAVOR_DYNMODS is not set +# CONFIG_MEMCG is not set +CONFIG_BLK_CGROUP=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +# CONFIG_CFS_BANDWIDTH is not set +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_SCHED_MM_CID=y +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_RDMA=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_HUGETLB=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_MISC=y +CONFIG_CGROUP_DEBUG=y +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_NAMESPACES=y +CONFIG_UTS_NS=y +CONFIG_TIME_NS=y +CONFIG_IPC_NS=y +# CONFIG_USER_NS is not set +CONFIG_PID_NS=y +CONFIG_NET_NS=y +# CONFIG_CHECKPOINT_RESTORE is not set +# CONFIG_SCHED_AUTOGROUP is not set +CONFIG_RELAY=y +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="" +CONFIG_RD_GZIP=y +CONFIG_RD_BZIP2=y +CONFIG_RD_LZMA=y +CONFIG_RD_XZ=y +CONFIG_RD_LZO=y +CONFIG_RD_LZ4=y +CONFIG_RD_ZSTD=y +# CONFIG_BOOT_CONFIG is not set +CONFIG_INITRAMFS_PRESERVE_MTIME=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_LD_ORPHAN_WARN=y +CONFIG_LD_ORPHAN_WARN_LEVEL="error" +CONFIG_SYSCTL=y +CONFIG_HAVE_UID16=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +# CONFIG_EXPERT is not set +CONFIG_UID16=y +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_SELFTEST is not set +CONFIG_KALLSYMS_ALL=y +CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y +CONFIG_RSEQ=y +CONFIG_CACHESTAT_SYSCALL=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +# end of Kernel Performance Events And Counters + +CONFIG_SYSTEM_DATA_VERIFICATION=y +CONFIG_PROFILING=y +CONFIG_TRACEPOINTS=y +# end of General setup + +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_AUDIT_ARCH=y +CONFIG_HAVE_INTEL_TXT=y +CONFIG_X86_64_SMP=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=5 +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y + +# +# Processor type and features +# +CONFIG_SMP=y +# CONFIG_X86_X2APIC is not set +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +# CONFIG_X86_CPU_RESCTRL is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_VSMP is not set +# CONFIG_X86_GOLDFISH is not set +# CONFIG_X86_INTEL_MID is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +# CONFIG_IOSF_MBI_DEBUG is not set +CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +CONFIG_HYPERVISOR_GUEST=y +CONFIG_PARAVIRT=y +# CONFIG_PARAVIRT_DEBUG is not set +# CONFIG_PARAVIRT_SPINLOCKS is not set +CONFIG_X86_HV_CALLBACK_VECTOR=y +# CONFIG_XEN is not set +CONFIG_KVM_GUEST=y +CONFIG_ARCH_CPUIDLE_HALTPOLL=y +# CONFIG_PVH is not set +# CONFIG_PARAVIRT_TIME_ACCOUNTING is not set +CONFIG_PARAVIRT_CLOCK=y +# CONFIG_JAILHOUSE_GUEST is not set +# CONFIG_ACRN_GUEST is not set +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_IA32_FEAT_CTL=y +CONFIG_X86_VMX_FEATURE_NAMES=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_HYGON=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_CPU_SUP_ZHAOXIN=y +CONFIG_HPET_TIMER=y +CONFIG_HPET_EMULATE_RTC=y +CONFIG_DMI=y +# CONFIG_GART_IOMMU is not set +# CONFIG_MAXSMP is not set +CONFIG_NR_CPUS_RANGE_BEGIN=2 +CONFIG_NR_CPUS_RANGE_END=512 +CONFIG_NR_CPUS_DEFAULT=64 +CONFIG_NR_CPUS=64 +CONFIG_SCHED_CLUSTER=y +CONFIG_SCHED_SMT=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_MC_PRIO=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +CONFIG_X86_MCE=y +# CONFIG_X86_MCELOG_LEGACY is not set +CONFIG_X86_MCE_INTEL=y +CONFIG_X86_MCE_AMD=y +CONFIG_X86_MCE_THRESHOLD=y +# CONFIG_X86_MCE_INJECT is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +CONFIG_PERF_EVENTS_AMD_UNCORE=y +# CONFIG_PERF_EVENTS_AMD_BRS is not set +# end of Performance monitoring + +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +CONFIG_X86_IOPL_IOPERM=y +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +CONFIG_MICROCODE_AMD=y +# CONFIG_MICROCODE_LATE_LOADING is not set +CONFIG_X86_MSR=y +CONFIG_X86_CPUID=y +CONFIG_X86_5LEVEL=y +CONFIG_X86_DIRECT_GBPAGES=y +# CONFIG_X86_CPA_STATISTICS is not set +# CONFIG_AMD_MEM_ENCRYPT is not set +CONFIG_NUMA=y +CONFIG_AMD_NUMA=y +CONFIG_X86_64_ACPI_NUMA=y +# CONFIG_NUMA_EMU is not set +CONFIG_NODES_SHIFT=6 +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +# CONFIG_X86_PMEM_LEGACY is not set +CONFIG_X86_CHECK_BIOS_CORRUPTION=y +CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y +CONFIG_MTRR=y +# CONFIG_MTRR_SANITIZER is not set +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_X86_UMIP=y +CONFIG_CC_HAS_IBT=y +CONFIG_X86_KERNEL_IBT=y +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +CONFIG_EFI=y +CONFIG_EFI_STUB=y +CONFIG_EFI_HANDOVER_PROTOCOL=y +CONFIG_EFI_MIXED=y +# CONFIG_EFI_FAKE_MEMMAP is not set +CONFIG_EFI_RUNTIME_MAP=y +# CONFIG_HZ_100 is not set +# CONFIG_HZ_250 is not set +# CONFIG_HZ_300 is not set +CONFIG_HZ_1000=y +CONFIG_HZ=1000 +CONFIG_SCHED_HRTICK=y +CONFIG_KEXEC=y +# CONFIG_KEXEC_FILE is not set +CONFIG_CRASH_DUMP=y +# CONFIG_KEXEC_JUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_X86_NEED_RELOCS=y +CONFIG_PHYSICAL_ALIGN=0x200000 +CONFIG_DYNAMIC_MEMORY_LAYOUT=y +CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0 +# CONFIG_ADDRESS_MASKING is not set +CONFIG_HOTPLUG_CPU=y +# CONFIG_COMPAT_VDSO is not set +CONFIG_LEGACY_VSYSCALL_XONLY=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +# CONFIG_STRICT_SIGALTSTACK_SIZE is not set +CONFIG_HAVE_LIVEPATCH=y +# end of Processor type and features + +CONFIG_CC_HAS_SLS=y +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_CC_HAS_ENTRY_PADDING=y +CONFIG_FUNCTION_PADDING_CFI=11 +CONFIG_FUNCTION_PADDING_BYTES=16 +CONFIG_CALL_PADDING=y +CONFIG_HAVE_CALL_THUNKS=y +CONFIG_CALL_THUNKS=y +CONFIG_PREFIX_SYMBOLS=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_UNRET_ENTRY=y +CONFIG_CALL_DEPTH_TRACKING=y +# CONFIG_CALL_THUNKS_DEBUG is not set +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y +CONFIG_CPU_SRSO=y +# CONFIG_SLS is not set +# CONFIG_GDS_FORCE_MITIGATION is not set +CONFIG_ARCH_HAS_ADD_PAGES=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y + +# +# Power management and ACPI options +# +CONFIG_ARCH_HIBERNATION_HEADER=y +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +CONFIG_HIBERNATE_CALLBACKS=y +CONFIG_HIBERNATION=y +CONFIG_HIBERNATION_SNAPSHOT_DEV=y +CONFIG_PM_STD_PARTITION="" +CONFIG_PM_SLEEP=y +CONFIG_PM_SLEEP_SMP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_USERSPACE_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +CONFIG_PM_DEBUG=y +# CONFIG_PM_ADVANCED_DEBUG is not set +# CONFIG_PM_TEST_SUSPEND is not set +CONFIG_PM_SLEEP_DEBUG=y +CONFIG_PM_TRACE=y +CONFIG_PM_TRACE_RTC=y +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +# CONFIG_ENERGY_MODEL is not set +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_SLEEP=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_VIDEO=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_TAD is not set +CONFIG_ACPI_DOCK=y +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_CPPC_LIB=y +CONFIG_ACPI_PROCESSOR=y +CONFIG_ACPI_HOTPLUG_CPU=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +CONFIG_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_ACPI_CONTAINER=y +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_CUSTOM_METHOD is not set +CONFIG_ACPI_BGRT=y +# CONFIG_ACPI_NFIT is not set +CONFIG_ACPI_NUMA=y +# CONFIG_ACPI_HMAT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +CONFIG_ACPI_PCC=y +# CONFIG_ACPI_FFH is not set +# CONFIG_PMIC_OPREGION is not set +CONFIG_ACPI_PRMT=y +CONFIG_X86_PM_TIMER=y + +# +# CPU Frequency scaling +# +CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_GOV_ATTR_SET=y +CONFIG_CPU_FREQ_GOV_COMMON=y +# CONFIG_CPU_FREQ_STAT is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set +CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE=y +# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set +CONFIG_CPU_FREQ_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set +CONFIG_CPU_FREQ_GOV_USERSPACE=y +CONFIG_CPU_FREQ_GOV_ONDEMAND=y +# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set +CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y + +# +# CPU frequency scaling drivers +# +CONFIG_X86_INTEL_PSTATE=y +# CONFIG_X86_PCC_CPUFREQ is not set +# CONFIG_X86_AMD_PSTATE is not set +# CONFIG_X86_AMD_PSTATE_UT is not set +CONFIG_X86_ACPI_CPUFREQ=y +CONFIG_X86_ACPI_CPUFREQ_CPB=y +# CONFIG_X86_POWERNOW_K8 is not set +# CONFIG_X86_AMD_FREQ_SENSITIVITY is not set +# CONFIG_X86_SPEEDSTEP_CENTRINO is not set +# CONFIG_X86_P4_CLOCKMOD is not set + +# +# shared options +# +# end of CPU Frequency scaling + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +# CONFIG_CPU_IDLE_GOV_LADDER is not set +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_CPU_IDLE_GOV_TEO is not set +CONFIG_CPU_IDLE_GOV_HALTPOLL=y +CONFIG_HALTPOLL_CPUIDLE=y +# end of CPU Idle + +# CONFIG_INTEL_IDLE is not set +# end of Power management and ACPI options + +# +# Bus options (PCI etc.) +# +CONFIG_PCI_DIRECT=y +CONFIG_PCI_MMCONFIG=y +CONFIG_MMCONF_FAM10H=y +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# end of Bus options (PCI etc.) + +# +# Binary Emulations +# +CONFIG_IA32_EMULATION=y +# CONFIG_X86_X32_ABI is not set +CONFIG_COMPAT_32=y +CONFIG_COMPAT=y +CONFIG_COMPAT_FOR_U64_ALIGNMENT=y +# end of Binary Emulations + +CONFIG_HAVE_KVM=y +# CONFIG_VIRTUALIZATION is not set +CONFIG_AS_AVX512=y +CONFIG_AS_SHA1_NI=y +CONFIG_AS_SHA256_NI=y +CONFIG_AS_TPAUSE=y +CONFIG_AS_GFNI=y + +# +# General architecture-dependent options +# +CONFIG_CRASH_CORE=y +CONFIG_KEXEC_CORE=y +CONFIG_HOTPLUG_SMT=y +CONFIG_HOTPLUG_CORE_SYNC=y +CONFIG_HOTPLUG_CORE_SYNC_DEAD=y +CONFIG_HOTPLUG_CORE_SYNC_FULL=y +CONFIG_HOTPLUG_SPLIT_STARTUP=y +CONFIG_HOTPLUG_PARALLEL=y +CONFIG_GENERIC_ENTRY=y +CONFIG_KPROBES=y +CONFIG_JUMP_LABEL=y +# CONFIG_STATIC_KEYS_SELFTEST is not set +# CONFIG_STATIC_CALL_SELFTEST is not set +CONFIG_OPTPROBES=y +CONFIG_UPROBES=y +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_KRETPROBES=y +CONFIG_KRETPROBE_ON_RETHOOK=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_RUST=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y +CONFIG_MMU_GATHER_TABLE_FREE=y +CONFIG_MMU_GATHER_RCU_TABLE_FREE=y +CONFIG_MMU_GATHER_MERGE_VMAS=y +CONFIG_MMU_LAZY_TLB_REFCOUNT=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_ARCH_HAS_NMI_SAFE_THIS_CPU_OPS=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y +CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP=y +CONFIG_SECCOMP_FILTER=y +# CONFIG_SECCOMP_CACHE_DEBUG is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING_USER=y +CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_HUGE_VMALLOC=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y +CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8 +CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y +CONFIG_PAGE_SIZE_LESS_THAN_64KB=y +CONFIG_PAGE_SIZE_LESS_THAN_256KB=y +CONFIG_HAVE_OBJTOOL=y +CONFIG_HAVE_JUMP_LABEL_HACK=y +CONFIG_HAVE_NOINSTR_HACK=y +CONFIG_HAVE_NOINSTR_VALIDATION=y +CONFIG_HAVE_UACCESS_VALIDATION=y +CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_RELIABLE_STACKTRACE=y +CONFIG_OLD_SIGSUSPEND3=y +CONFIG_COMPAT_OLD_SIGACTION=y +CONFIG_COMPAT_32BIT_TIME=y +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET=y +# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y +# CONFIG_LOCK_EVENT_COUNTS is not set +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_HAVE_STATIC_CALL=y +CONFIG_HAVE_STATIC_CALL_INLINE=y +CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y +CONFIG_ARCH_HAS_ELFCORE_COMPAT=y +CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y +CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y + +# +# GCOV-based kernel profiling +# +# CONFIG_GCOV_KERNEL is not set +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_FUNCTION_ALIGNMENT_4B=y +CONFIG_FUNCTION_ALIGNMENT_16B=y +CONFIG_FUNCTION_ALIGNMENT=16 +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +CONFIG_MODULES=y +# CONFIG_MODULE_DEBUG is not set +# CONFIG_MODULE_FORCE_LOAD is not set +CONFIG_MODULE_UNLOAD=y +CONFIG_MODULE_FORCE_UNLOAD=y +# CONFIG_MODULE_UNLOAD_TAINT_TRACKING is not set +# CONFIG_MODVERSIONS is not set +# CONFIG_MODULE_SRCVERSION_ALL is not set +# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_COMPRESS_NONE=y +# CONFIG_MODULE_COMPRESS_GZIP is not set +# CONFIG_MODULE_COMPRESS_XZ is not set +# CONFIG_MODULE_COMPRESS_ZSTD is not set +# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set +CONFIG_MODPROBE_PATH="/sbin/modprobe" +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y +CONFIG_BLK_RQ_ALLOC_TIME=y +CONFIG_BLK_DEV_BSG_COMMON=y +# CONFIG_BLK_DEV_BSGLIB is not set +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_ZONED is not set +# CONFIG_BLK_DEV_THROTTLING is not set +# CONFIG_BLK_WBT is not set +CONFIG_BLK_CGROUP_IOLATENCY=y +CONFIG_BLK_CGROUP_IOCOST=y +CONFIG_BLK_CGROUP_IOPRIO=y +CONFIG_BLK_DEBUG_FS=y +# CONFIG_BLK_SED_OPAL is not set +# CONFIG_BLK_INLINE_ENCRYPTION is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +# end of Partition Types + +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y +CONFIG_BLK_PM=y +CONFIG_BLOCK_HOLDER_DEPRECATED=y +CONFIG_BLK_MQ_STACKING=y + +# +# IO Schedulers +# +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MQ_IOSCHED_KYBER=y +# CONFIG_IOSCHED_BFQ is not set +# end of IO Schedulers + +CONFIG_ASN1=y +CONFIG_UNINLINE_SPIN_UNLOCK=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y +CONFIG_FREEZER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_COMPAT_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y +CONFIG_BINFMT_MISC=y +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# +CONFIG_SWAP=y +# CONFIG_ZSWAP is not set + +# +# SLAB allocator options +# +# CONFIG_SLAB_DEPRECATED is not set +CONFIG_SLUB=y +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SLAB_FREELIST_HARDENED is not set +# CONFIG_SLUB_STATS is not set +CONFIG_SLUB_CPU_PARTIAL=y +# end of SLAB allocator options + +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +# CONFIG_COMPAT_BRK is not set +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_VMEMMAP=y +CONFIG_HAVE_FAST_GUP=y +CONFIG_EXCLUSIVE_SYSTEM_RAM=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +# CONFIG_MEMORY_HOTPLUG is not set +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_COMPACTION=y +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +# CONFIG_PAGE_REPORTING is not set +CONFIG_MIGRATION=y +CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_MMU_NOTIFIER=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +# CONFIG_MEMORY_FAILURE is not set +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ARCH_WANTS_THP_SWAP=y +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_USE_PERCPU_NUMA_NODE_ID=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +# CONFIG_CMA is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ZONE_DMA=y +CONFIG_ZONE_DMA32=y +CONFIG_VMAP_PFN=y +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +CONFIG_VM_EVENT_COUNTERS=y +# CONFIG_PERCPU_STATS is not set +# CONFIG_GUP_TEST is not set +# CONFIG_DMAPOOL_TEST is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_SECRETMEM=y +# CONFIG_ANON_VMA_NAME is not set +# CONFIG_USERFAULTFD is not set +# CONFIG_LRU_GEN is not set +CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y +CONFIG_PER_VMA_LOCK=y +CONFIG_LOCK_MM_AND_FIND_VMA=y + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +CONFIG_NET=y +CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y +CONFIG_SKB_EXTENSIONS=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +CONFIG_AF_UNIX_OOB=y +# CONFIG_UNIX_DIAG is not set +# CONFIG_TLS is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +# CONFIG_XFRM_USER_COMPAT is not set +# CONFIG_XFRM_INTERFACE is not set +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set +CONFIG_XFRM_AH=y +CONFIG_XFRM_ESP=y +# CONFIG_NET_KEY is not set +CONFIG_NET_HANDSHAKE=y +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_ROUTE_MULTIPATH=y +CONFIG_IP_ROUTE_VERBOSE=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IP_PNP_RARP=y +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +CONFIG_NET_IP_TUNNEL=y +CONFIG_IP_MROUTE_COMMON=y +CONFIG_IP_MROUTE=y +# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set +CONFIG_IP_PIMSM_V1=y +CONFIG_IP_PIMSM_V2=y +CONFIG_SYN_COOKIES=y +# CONFIG_NET_IPVTI is not set +# CONFIG_NET_FOU is not set +# CONFIG_NET_FOU_IP_TUNNELS is not set +# CONFIG_INET_AH is not set +# CONFIG_INET_ESP is not set +# CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 +CONFIG_INET_TUNNEL=y +# CONFIG_INET_DIAG is not set +CONFIG_TCP_CONG_ADVANCED=y +# CONFIG_TCP_CONG_BIC is not set +CONFIG_TCP_CONG_CUBIC=y +# CONFIG_TCP_CONG_WESTWOOD is not set +# CONFIG_TCP_CONG_HTCP is not set +# CONFIG_TCP_CONG_HSTCP is not set +# CONFIG_TCP_CONG_HYBLA is not set +# CONFIG_TCP_CONG_VEGAS is not set +# CONFIG_TCP_CONG_NV is not set +# CONFIG_TCP_CONG_SCALABLE is not set +# CONFIG_TCP_CONG_LP is not set +# CONFIG_TCP_CONG_VENO is not set +# CONFIG_TCP_CONG_YEAH is not set +# CONFIG_TCP_CONG_ILLINOIS is not set +# CONFIG_TCP_CONG_DCTCP is not set +# CONFIG_TCP_CONG_CDG is not set +# CONFIG_TCP_CONG_BBR is not set +CONFIG_DEFAULT_CUBIC=y +# CONFIG_DEFAULT_RENO is not set +CONFIG_DEFAULT_TCP_CONG="cubic" +CONFIG_TCP_MD5SIG=y +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +# CONFIG_IPV6_OPTIMISTIC_DAD is not set +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +# CONFIG_INET6_ESP_OFFLOAD is not set +# CONFIG_INET6_ESPINTCP is not set +# CONFIG_INET6_IPCOMP is not set +# CONFIG_IPV6_MIP6 is not set +# CONFIG_IPV6_ILA is not set +# CONFIG_IPV6_VTI is not set +CONFIG_IPV6_SIT=y +# CONFIG_IPV6_SIT_6RD is not set +CONFIG_IPV6_NDISC_NODETYPE=y +# CONFIG_IPV6_TUNNEL is not set +# CONFIG_IPV6_MULTIPLE_TABLES is not set +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_IPV6_RPL_LWTUNNEL is not set +# CONFIG_IPV6_IOAM6_LWTUNNEL is not set +CONFIG_NETLABEL=y +# CONFIG_MPTCP is not set +CONFIG_NETWORK_SECMARK=y +CONFIG_NET_PTP_CLASSIFY=y +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_ADVANCED is not set + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_EGRESS=y +CONFIG_NETFILTER_SKIP_EGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_SYSLOG=m +CONFIG_NF_CONNTRACK_SECMARK=y +# CONFIG_NF_CONNTRACK_PROCFS is not set +# CONFIG_NF_CONNTRACK_LABELS is not set +CONFIG_NF_CONNTRACK_FTP=y +CONFIG_NF_CONNTRACK_IRC=y +# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set +CONFIG_NF_CONNTRACK_SIP=y +CONFIG_NF_CT_NETLINK=y +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=y +CONFIG_NF_NAT_FTP=y +CONFIG_NF_NAT_IRC=y +CONFIG_NF_NAT_SIP=y +CONFIG_NF_NAT_MASQUERADE=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y +# CONFIG_NETFILTER_XTABLES_COMPAT is not set + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=m + +# +# Xtables targets +# +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y +CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_NAT=m +# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m +CONFIG_NETFILTER_XT_TARGET_SECMARK=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +# end of Core Netfilter Configuration + +# CONFIG_IP_SET is not set +# CONFIG_IP_VS is not set + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +# CONFIG_NF_SOCKET_IPV4 is not set +# CONFIG_NF_TPROXY_IPV4 is not set +# CONFIG_NF_DUP_IPV4 is not set +CONFIG_NF_LOG_ARP=m +CONFIG_NF_LOG_IPV4=m +CONFIG_NF_REJECT_IPV4=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_NF_NAT=m +CONFIG_IP_NF_TARGET_MASQUERADE=m +CONFIG_IP_NF_MANGLE=y +# CONFIG_IP_NF_RAW is not set +# end of IP: Netfilter Configuration + +# +# IPv6: Netfilter Configuration +# +# CONFIG_NF_SOCKET_IPV6 is not set +# CONFIG_NF_TPROXY_IPV6 is not set +# CONFIG_NF_DUP_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y +CONFIG_NF_LOG_IPV6=m +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_IP6_NF_MANGLE=y +# CONFIG_IP6_NF_RAW is not set +# end of IPv6: Netfilter Configuration + +CONFIG_NF_DEFRAG_IPV6=y +# CONFIG_NF_CONNTRACK_BRIDGE is not set +# CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +# CONFIG_BRIDGE is not set +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +CONFIG_NET_SCHED=y + +# +# Queueing/Scheduling +# +# CONFIG_NET_SCH_HTB is not set +# CONFIG_NET_SCH_HFSC is not set +# CONFIG_NET_SCH_PRIO is not set +# CONFIG_NET_SCH_MULTIQ is not set +# CONFIG_NET_SCH_RED is not set +# CONFIG_NET_SCH_SFB is not set +# CONFIG_NET_SCH_SFQ is not set +# CONFIG_NET_SCH_TEQL is not set +# CONFIG_NET_SCH_TBF is not set +# CONFIG_NET_SCH_CBS is not set +# CONFIG_NET_SCH_ETF is not set +# CONFIG_NET_SCH_TAPRIO is not set +# CONFIG_NET_SCH_GRED is not set +# CONFIG_NET_SCH_NETEM is not set +# CONFIG_NET_SCH_DRR is not set +# CONFIG_NET_SCH_MQPRIO is not set +# CONFIG_NET_SCH_SKBPRIO is not set +# CONFIG_NET_SCH_CHOKE is not set +# CONFIG_NET_SCH_QFQ is not set +# CONFIG_NET_SCH_CODEL is not set +# CONFIG_NET_SCH_FQ_CODEL is not set +# CONFIG_NET_SCH_CAKE is not set +# CONFIG_NET_SCH_FQ is not set +# CONFIG_NET_SCH_HHF is not set +# CONFIG_NET_SCH_PIE is not set +# CONFIG_NET_SCH_INGRESS is not set +# CONFIG_NET_SCH_PLUG is not set +# CONFIG_NET_SCH_ETS is not set +# CONFIG_NET_SCH_DEFAULT is not set + +# +# Classification +# +CONFIG_NET_CLS=y +# CONFIG_NET_CLS_BASIC is not set +# CONFIG_NET_CLS_ROUTE4 is not set +# CONFIG_NET_CLS_FW is not set +# CONFIG_NET_CLS_U32 is not set +# CONFIG_NET_CLS_FLOW is not set +CONFIG_NET_CLS_CGROUP=y +# CONFIG_NET_CLS_BPF is not set +# CONFIG_NET_CLS_FLOWER is not set +# CONFIG_NET_CLS_MATCHALL is not set +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_STACK=32 +# CONFIG_NET_EMATCH_CMP is not set +# CONFIG_NET_EMATCH_NBYTE is not set +# CONFIG_NET_EMATCH_U32 is not set +# CONFIG_NET_EMATCH_META is not set +# CONFIG_NET_EMATCH_TEXT is not set +# CONFIG_NET_EMATCH_IPT is not set +CONFIG_NET_CLS_ACT=y +# CONFIG_NET_ACT_POLICE is not set +# CONFIG_NET_ACT_GACT is not set +# CONFIG_NET_ACT_MIRRED is not set +# CONFIG_NET_ACT_SAMPLE is not set +# CONFIG_NET_ACT_IPT is not set +# CONFIG_NET_ACT_NAT is not set +# CONFIG_NET_ACT_PEDIT is not set +# CONFIG_NET_ACT_SIMP is not set +# CONFIG_NET_ACT_SKBEDIT is not set +# CONFIG_NET_ACT_CSUM is not set +# CONFIG_NET_ACT_MPLS is not set +# CONFIG_NET_ACT_VLAN is not set +# CONFIG_NET_ACT_BPF is not set +# CONFIG_NET_ACT_SKBMOD is not set +# CONFIG_NET_ACT_IFE is not set +# CONFIG_NET_ACT_TUNNEL_KEY is not set +# CONFIG_NET_ACT_GATE is not set +# CONFIG_NET_TC_SKB_EXT is not set +CONFIG_NET_SCH_FIFO=y +# CONFIG_DCB is not set +CONFIG_DNS_RESOLVER=y +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_QRTR is not set +# CONFIG_NET_NCSI is not set +CONFIG_PCPU_DEV_REFCNT=y +CONFIG_MAX_SKB_FRAGS=17 +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_SOCK_RX_QUEUE_MAPPING=y +CONFIG_XPS=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_NET_DROP_MONITOR is not set +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_MCTP is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +CONFIG_CFG80211=y +# CONFIG_NL80211_TESTMODE is not set +# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set +CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y +CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS=y +CONFIG_CFG80211_DEFAULT_PS=y +# CONFIG_CFG80211_DEBUGFS is not set +CONFIG_CFG80211_CRDA_SUPPORT=y +# CONFIG_CFG80211_WEXT is not set +CONFIG_MAC80211=y +CONFIG_MAC80211_HAS_RC=y +CONFIG_MAC80211_RC_MINSTREL=y +CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y +CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" +# CONFIG_MAC80211_MESH is not set +CONFIG_MAC80211_LEDS=y +# CONFIG_MAC80211_DEBUGFS is not set +# CONFIG_MAC80211_MESSAGE_TRACING is not set +# CONFIG_MAC80211_DEBUG_MENU is not set +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +CONFIG_RFKILL=y +CONFIG_RFKILL_LEDS=y +CONFIG_RFKILL_INPUT=y +CONFIG_NET_9P=y +CONFIG_NET_9P_FD=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +CONFIG_NET_SELFTESTS=y +CONFIG_FAILOVER=y +CONFIG_ETHTOOL_NETLINK=y + +# +# Device Drivers +# +CONFIG_HAVE_EISA=y +# CONFIG_EISA is not set +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +CONFIG_PCIEPORTBUS=y +# CONFIG_HOTPLUG_PCI_PCIE is not set +# CONFIG_PCIEAER is not set +CONFIG_PCIEASPM=y +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y +# CONFIG_PCIE_PTM is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_STUB is not set +CONFIG_PCI_ATS=y +CONFIG_PCI_LOCKLESS_CONFIG=y +# CONFIG_PCI_IOV is not set +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y +CONFIG_PCI_LABEL=y +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +CONFIG_HOTPLUG_PCI=y +# CONFIG_HOTPLUG_PCI_ACPI is not set +# CONFIG_HOTPLUG_PCI_CPCI is not set +# CONFIG_HOTPLUG_PCI_SHPC is not set + +# +# PCI controller drivers +# +# CONFIG_VMD is not set + +# +# Cadence-based PCIe controllers +# +# end of Cadence-based PCIe controllers + +# +# DesignWare-based PCIe controllers +# +# CONFIG_PCI_MESON is not set +# CONFIG_PCIE_DW_PLAT_HOST is not set +# end of DesignWare-based PCIe controllers + +# +# Mobiveil-based PCIe controllers +# +# end of Mobiveil-based PCIe controllers +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_CXL_BUS is not set +CONFIG_PCCARD=y +CONFIG_PCMCIA=y +CONFIG_PCMCIA_LOAD_CIS=y +CONFIG_CARDBUS=y + +# +# PC-card bridges +# +CONFIG_YENTA=y +CONFIG_YENTA_O2=y +CONFIG_YENTA_RICOH=y +CONFIG_YENTA_TI=y +CONFIG_YENTA_ENE_TUNE=y +CONFIG_YENTA_TOSHIBA=y +# CONFIG_PD6729 is not set +# CONFIG_I82092 is not set +CONFIG_PCCARD_NONSTATIC=y +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +CONFIG_AUXILIARY_BUS=y +# CONFIG_UEVENT_HELPER is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_DEVTMPFS_SAFE is not set +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER is not set +# CONFIG_FW_LOADER_COMPRESS is not set +CONFIG_FW_CACHE=y +# CONFIG_FW_UPLOAD is not set +# end of Firmware loader + +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +CONFIG_DEBUG_DEVRES=y +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +CONFIG_REGMAP=y +CONFIG_DMA_SHARED_BUFFER=y +# CONFIG_DMA_FENCE_TRACE is not set +# CONFIG_FW_DEVLINK_SYNC_STATE_TIMEOUT is not set +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MHI_BUS is not set +# CONFIG_MHI_BUS_EP is not set +# end of Bus devices + +CONFIG_CONNECTOR=y +CONFIG_PROC_EVENTS=y + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# end of ARM System Control and Management Interface Protocol + +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# EFI (Extensible Firmware Interface) Support +# +CONFIG_EFI_ESRT=y +CONFIG_EFI_DXE_MEM_ATTRIBUTES=y +CONFIG_EFI_RUNTIME_WRAPPERS=y +# CONFIG_EFI_BOOTLOADER_CONTROL is not set +# CONFIG_EFI_CAPSULE_LOADER is not set +# CONFIG_EFI_TEST is not set +# CONFIG_APPLE_PROPERTIES is not set +# CONFIG_RESET_ATTACK_MITIGATION is not set +# CONFIG_EFI_RCI2_TABLE is not set +# CONFIG_EFI_DISABLE_PCI_DMA is not set +CONFIG_EFI_EARLYCON=y +CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y +# CONFIG_EFI_DISABLE_RUNTIME is not set +# CONFIG_EFI_COCO_SECRET is not set +# end of EFI (Extensible Firmware Interface) Support + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +CONFIG_CDROM=y +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_DRBD is not set +# CONFIG_BLK_DEV_NBD is not set +# CONFIG_BLK_DEV_RAM is not set +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_UBLK is not set + +# +# NVME Support +# +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set +# end of NVME Support + +# +# Misc devices +# +# CONFIG_AD525X_DPOT is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ICS932S401 is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_APDS9802ALS is not set +# CONFIG_ISL29003 is not set +# CONFIG_ISL29020 is not set +# CONFIG_SENSORS_TSL2550 is not set +# CONFIG_SENSORS_BH1770 is not set +# CONFIG_SENSORS_APDS990X is not set +# CONFIG_HMC6352 is not set +# CONFIG_DS1682 is not set +# CONFIG_SRAM is not set +# CONFIG_DW_XDATA_PCIE is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_AT24 is not set +# CONFIG_EEPROM_LEGACY is not set +# CONFIG_EEPROM_MAX6875 is not set +# CONFIG_EEPROM_93CX6 is not set +# CONFIG_EEPROM_IDT_89HPESX is not set +# CONFIG_EEPROM_EE1004 is not set +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# end of Texas Instruments shared transport line discipline + +# CONFIG_SENSORS_LIS3_I2C is not set +# CONFIG_ALTERA_STAPL is not set +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_INTEL_MEI_HDCP is not set +# CONFIG_INTEL_MEI_PXP is not set +# CONFIG_INTEL_MEI_GSC_PROXY is not set +# CONFIG_VMWARE_VMCI is not set +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_BCM_VK is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_MISC_RTSX_USB is not set +# CONFIG_UACCE is not set +# CONFIG_PVPANIC is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +CONFIG_SCSI_COMMON=y +CONFIG_SCSI=y +CONFIG_SCSI_DMA=y +CONFIG_SCSI_PROC_FS=y + +# +# SCSI support type (disk, tape, CD-ROM) +# +CONFIG_BLK_DEV_SD=y +# CONFIG_CHR_DEV_ST is not set +CONFIG_BLK_DEV_SR=y +CONFIG_CHR_DEV_SG=y +CONFIG_BLK_DEV_BSG=y +# CONFIG_CHR_DEV_SCH is not set +CONFIG_SCSI_CONSTANTS=y +# CONFIG_SCSI_LOGGING is not set +# CONFIG_SCSI_SCAN_ASYNC is not set + +# +# SCSI Transports +# +CONFIG_SCSI_SPI_ATTRS=y +# CONFIG_SCSI_FC_ATTRS is not set +# CONFIG_SCSI_ISCSI_ATTRS is not set +# CONFIG_SCSI_SAS_ATTRS is not set +# CONFIG_SCSI_SAS_LIBSAS is not set +# CONFIG_SCSI_SRP_ATTRS is not set +# end of SCSI Transports + +CONFIG_SCSI_LOWLEVEL=y +# CONFIG_ISCSI_TCP is not set +# CONFIG_ISCSI_BOOT_SYSFS is not set +# CONFIG_SCSI_CXGB3_ISCSI is not set +# CONFIG_SCSI_CXGB4_ISCSI is not set +# CONFIG_SCSI_BNX2_ISCSI is not set +# CONFIG_BE2ISCSI is not set +# CONFIG_BLK_DEV_3W_XXXX_RAID is not set +# CONFIG_SCSI_HPSA is not set +# CONFIG_SCSI_3W_9XXX is not set +# CONFIG_SCSI_3W_SAS is not set +# CONFIG_SCSI_ACARD is not set +# CONFIG_SCSI_AACRAID is not set +# CONFIG_SCSI_AIC7XXX is not set +# CONFIG_SCSI_AIC79XX is not set +# CONFIG_SCSI_AIC94XX is not set +# CONFIG_SCSI_MVSAS is not set +# CONFIG_SCSI_MVUMI is not set +# CONFIG_SCSI_ADVANSYS is not set +# CONFIG_SCSI_ARCMSR is not set +# CONFIG_SCSI_ESAS2R is not set +# CONFIG_MEGARAID_NEWGEN is not set +# CONFIG_MEGARAID_LEGACY is not set +# CONFIG_MEGARAID_SAS is not set +# CONFIG_SCSI_MPT3SAS is not set +# CONFIG_SCSI_MPT2SAS is not set +# CONFIG_SCSI_MPI3MR is not set +# CONFIG_SCSI_SMARTPQI is not set +# CONFIG_SCSI_HPTIOP is not set +# CONFIG_SCSI_BUSLOGIC is not set +# CONFIG_SCSI_MYRB is not set +# CONFIG_SCSI_MYRS is not set +# CONFIG_VMWARE_PVSCSI is not set +# CONFIG_SCSI_SNIC is not set +# CONFIG_SCSI_DMX3191D is not set +# CONFIG_SCSI_FDOMAIN_PCI is not set +# CONFIG_SCSI_ISCI is not set +# CONFIG_SCSI_IPS is not set +# CONFIG_SCSI_INITIO is not set +# CONFIG_SCSI_INIA100 is not set +# CONFIG_SCSI_STEX is not set +# CONFIG_SCSI_SYM53C8XX_2 is not set +# CONFIG_SCSI_IPR is not set +# CONFIG_SCSI_QLOGIC_1280 is not set +# CONFIG_SCSI_QLA_ISCSI is not set +# CONFIG_SCSI_DC395x is not set +# CONFIG_SCSI_AM53C974 is not set +# CONFIG_SCSI_WD719X is not set +# CONFIG_SCSI_DEBUG is not set +# CONFIG_SCSI_PMCRAID is not set +# CONFIG_SCSI_PM8001 is not set +CONFIG_SCSI_VIRTIO=y +# CONFIG_SCSI_LOWLEVEL_PCMCIA is not set +# CONFIG_SCSI_DH is not set +# end of SCSI device support + +CONFIG_ATA=y +CONFIG_SATA_HOST=y +CONFIG_PATA_TIMINGS=y +CONFIG_ATA_VERBOSE_ERROR=y +CONFIG_ATA_FORCE=y +CONFIG_ATA_ACPI=y +# CONFIG_SATA_ZPODD is not set +CONFIG_SATA_PMP=y + +# +# Controllers with non-SFF native interface +# +CONFIG_SATA_AHCI=y +CONFIG_SATA_MOBILE_LPM_POLICY=0 +# CONFIG_SATA_AHCI_PLATFORM is not set +# CONFIG_AHCI_DWC is not set +# CONFIG_SATA_INIC162X is not set +# CONFIG_SATA_ACARD_AHCI is not set +# CONFIG_SATA_SIL24 is not set +CONFIG_ATA_SFF=y + +# +# SFF controllers with custom DMA interface +# +# CONFIG_PDC_ADMA is not set +# CONFIG_SATA_QSTOR is not set +# CONFIG_SATA_SX4 is not set +CONFIG_ATA_BMDMA=y + +# +# SATA SFF controllers with BMDMA +# +CONFIG_ATA_PIIX=y +# CONFIG_SATA_DWC is not set +# CONFIG_SATA_MV is not set +# CONFIG_SATA_NV is not set +# CONFIG_SATA_PROMISE is not set +# CONFIG_SATA_SIL is not set +# CONFIG_SATA_SIS is not set +# CONFIG_SATA_SVW is not set +# CONFIG_SATA_ULI is not set +# CONFIG_SATA_VIA is not set +# CONFIG_SATA_VITESSE is not set + +# +# PATA SFF controllers with BMDMA +# +# CONFIG_PATA_ALI is not set +CONFIG_PATA_AMD=y +# CONFIG_PATA_ARTOP is not set +# CONFIG_PATA_ATIIXP is not set +# CONFIG_PATA_ATP867X is not set +# CONFIG_PATA_CMD64X is not set +# CONFIG_PATA_CYPRESS is not set +# CONFIG_PATA_EFAR is not set +# CONFIG_PATA_HPT366 is not set +# CONFIG_PATA_HPT37X is not set +# CONFIG_PATA_HPT3X2N is not set +# CONFIG_PATA_HPT3X3 is not set +# CONFIG_PATA_IT8213 is not set +# CONFIG_PATA_IT821X is not set +# CONFIG_PATA_JMICRON is not set +# CONFIG_PATA_MARVELL is not set +# CONFIG_PATA_NETCELL is not set +# CONFIG_PATA_NINJA32 is not set +# CONFIG_PATA_NS87415 is not set +CONFIG_PATA_OLDPIIX=y +# CONFIG_PATA_OPTIDMA is not set +# CONFIG_PATA_PDC2027X is not set +# CONFIG_PATA_PDC_OLD is not set +# CONFIG_PATA_RADISYS is not set +# CONFIG_PATA_RDC is not set +CONFIG_PATA_SCH=y +# CONFIG_PATA_SERVERWORKS is not set +# CONFIG_PATA_SIL680 is not set +# CONFIG_PATA_SIS is not set +# CONFIG_PATA_TOSHIBA is not set +# CONFIG_PATA_TRIFLEX is not set +# CONFIG_PATA_VIA is not set +# CONFIG_PATA_WINBOND is not set + +# +# PIO-only SFF controllers +# +# CONFIG_PATA_CMD640_PCI is not set +# CONFIG_PATA_MPIIX is not set +# CONFIG_PATA_NS87410 is not set +# CONFIG_PATA_OPTI is not set +# CONFIG_PATA_PCMCIA is not set +# CONFIG_PATA_RZ1000 is not set + +# +# Generic fallback / legacy drivers +# +# CONFIG_PATA_ACPI is not set +# CONFIG_ATA_GENERIC is not set +# CONFIG_PATA_LEGACY is not set +CONFIG_MD=y +CONFIG_BLK_DEV_MD=y +CONFIG_MD_AUTODETECT=y +# CONFIG_MD_LINEAR is not set +# CONFIG_MD_RAID0 is not set +# CONFIG_MD_RAID1 is not set +# CONFIG_MD_RAID10 is not set +# CONFIG_MD_RAID456 is not set +# CONFIG_MD_MULTIPATH is not set +# CONFIG_MD_FAULTY is not set +# CONFIG_BCACHE is not set +CONFIG_BLK_DEV_DM_BUILTIN=y +CONFIG_BLK_DEV_DM=y +# CONFIG_DM_DEBUG is not set +# CONFIG_DM_UNSTRIPED is not set +# CONFIG_DM_CRYPT is not set +# CONFIG_DM_SNAPSHOT is not set +# CONFIG_DM_THIN_PROVISIONING is not set +# CONFIG_DM_CACHE is not set +# CONFIG_DM_WRITECACHE is not set +# CONFIG_DM_EBS is not set +# CONFIG_DM_ERA is not set +# CONFIG_DM_CLONE is not set +CONFIG_DM_MIRROR=y +# CONFIG_DM_LOG_USERSPACE is not set +# CONFIG_DM_RAID is not set +CONFIG_DM_ZERO=y +# CONFIG_DM_MULTIPATH is not set +# CONFIG_DM_DELAY is not set +# CONFIG_DM_DUST is not set +# CONFIG_DM_INIT is not set +# CONFIG_DM_UEVENT is not set +# CONFIG_DM_FLAKEY is not set +# CONFIG_DM_VERITY is not set +# CONFIG_DM_SWITCH is not set +# CONFIG_DM_LOG_WRITES is not set +# CONFIG_DM_INTEGRITY is not set +# CONFIG_DM_AUDIT is not set +# CONFIG_TARGET_CORE is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +CONFIG_MACINTOSH_DRIVERS=y +CONFIG_MAC_EMUMOUSEBTN=y +CONFIG_NETDEVICES=y +CONFIG_MII=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +# CONFIG_DUMMY is not set +# CONFIG_WIREGUARD is not set +# CONFIG_EQUALIZER is not set +# CONFIG_NET_FC is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_BAREUDP is not set +# CONFIG_GTP is not set +# CONFIG_AMT is not set +# CONFIG_MACSEC is not set +CONFIG_NETCONSOLE=y +CONFIG_NETPOLL=y +CONFIG_NET_POLL_CONTROLLER=y +# CONFIG_TUN is not set +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set +CONFIG_ETHERNET=y +CONFIG_NET_VENDOR_3COM=y +# CONFIG_PCMCIA_3C574 is not set +# CONFIG_PCMCIA_3C589 is not set +# CONFIG_VORTEX is not set +# CONFIG_TYPHOON is not set +CONFIG_NET_VENDOR_ADAPTEC=y +# CONFIG_ADAPTEC_STARFIRE is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALACRITECH=y +# CONFIG_SLICOSS is not set +CONFIG_NET_VENDOR_ALTEON=y +# CONFIG_ACENIC is not set +# CONFIG_ALTERA_TSE is not set +CONFIG_NET_VENDOR_AMAZON=y +# CONFIG_ENA_ETHERNET is not set +CONFIG_NET_VENDOR_AMD=y +# CONFIG_AMD8111_ETH is not set +# CONFIG_PCNET32 is not set +# CONFIG_PCMCIA_NMCLAN is not set +# CONFIG_AMD_XGBE is not set +# CONFIG_PDS_CORE is not set +CONFIG_NET_VENDOR_AQUANTIA=y +# CONFIG_AQTION is not set +CONFIG_NET_VENDOR_ARC=y +CONFIG_NET_VENDOR_ASIX=y +CONFIG_NET_VENDOR_ATHEROS=y +# CONFIG_ATL2 is not set +# CONFIG_ATL1 is not set +# CONFIG_ATL1E is not set +# CONFIG_ATL1C is not set +# CONFIG_ALX is not set +# CONFIG_CX_ECAT is not set +CONFIG_NET_VENDOR_BROADCOM=y +# CONFIG_B44 is not set +# CONFIG_BCMGENET is not set +# CONFIG_BNX2 is not set +# CONFIG_CNIC is not set +CONFIG_TIGON3=y +CONFIG_TIGON3_HWMON=y +# CONFIG_BNX2X is not set +# CONFIG_SYSTEMPORT is not set +# CONFIG_BNXT is not set +CONFIG_NET_VENDOR_CADENCE=y +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +# CONFIG_CAVIUM_PTP is not set +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +CONFIG_NET_VENDOR_CHELSIO=y +# CONFIG_CHELSIO_T1 is not set +# CONFIG_CHELSIO_T3 is not set +# CONFIG_CHELSIO_T4 is not set +# CONFIG_CHELSIO_T4VF is not set +CONFIG_NET_VENDOR_CISCO=y +# CONFIG_ENIC is not set +CONFIG_NET_VENDOR_CORTINA=y +CONFIG_NET_VENDOR_DAVICOM=y +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +CONFIG_NET_TULIP=y +# CONFIG_DE2104X is not set +# CONFIG_TULIP is not set +# CONFIG_WINBOND_840 is not set +# CONFIG_DM9102 is not set +# CONFIG_ULI526X is not set +# CONFIG_PCMCIA_XIRCOM is not set +CONFIG_NET_VENDOR_DLINK=y +# CONFIG_DL2K is not set +# CONFIG_SUNDANCE is not set +CONFIG_NET_VENDOR_EMULEX=y +# CONFIG_BE2NET is not set +CONFIG_NET_VENDOR_ENGLEDER=y +# CONFIG_TSNEP is not set +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_FUJITSU=y +# CONFIG_PCMCIA_FMVJ18X is not set +CONFIG_NET_VENDOR_FUNGIBLE=y +# CONFIG_FUN_ETH is not set +CONFIG_NET_VENDOR_GOOGLE=y +# CONFIG_GVE is not set +CONFIG_NET_VENDOR_HUAWEI=y +# CONFIG_HINIC is not set +CONFIG_NET_VENDOR_I825XX=y +CONFIG_NET_VENDOR_INTEL=y +CONFIG_E100=y +CONFIG_E1000=y +CONFIG_E1000E=y +CONFIG_E1000E_HWTS=y +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_ICE is not set +# CONFIG_FM10K is not set +# CONFIG_IGC is not set +# CONFIG_JME is not set +CONFIG_NET_VENDOR_LITEX=y +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +# CONFIG_SKGE is not set +CONFIG_SKY2=y +# CONFIG_SKY2_DEBUG is not set +# CONFIG_OCTEON_EP is not set +CONFIG_NET_VENDOR_MELLANOX=y +# CONFIG_MLX4_EN is not set +# CONFIG_MLX5_CORE is not set +# CONFIG_MLXSW_CORE is not set +# CONFIG_MLXFW is not set +CONFIG_NET_VENDOR_MICREL=y +# CONFIG_KS8842 is not set +# CONFIG_KS8851_MLL is not set +# CONFIG_KSZ884X_PCI is not set +CONFIG_NET_VENDOR_MICROCHIP=y +# CONFIG_LAN743X is not set +# CONFIG_VCAP is not set +CONFIG_NET_VENDOR_MICROSEMI=y +CONFIG_NET_VENDOR_MICROSOFT=y +CONFIG_NET_VENDOR_MYRI=y +# CONFIG_MYRI10GE is not set +# CONFIG_FEALNX is not set +CONFIG_NET_VENDOR_NI=y +# CONFIG_NI_XGE_MANAGEMENT_ENET is not set +CONFIG_NET_VENDOR_NATSEMI=y +# CONFIG_NATSEMI is not set +# CONFIG_NS83820 is not set +CONFIG_NET_VENDOR_NETERION=y +# CONFIG_S2IO is not set +CONFIG_NET_VENDOR_NETRONOME=y +# CONFIG_NFP is not set +CONFIG_NET_VENDOR_8390=y +# CONFIG_PCMCIA_AXNET is not set +# CONFIG_NE2K_PCI is not set +# CONFIG_PCMCIA_PCNET is not set +CONFIG_NET_VENDOR_NVIDIA=y +CONFIG_FORCEDETH=y +CONFIG_NET_VENDOR_OKI=y +# CONFIG_ETHOC is not set +CONFIG_NET_VENDOR_PACKET_ENGINES=y +# CONFIG_HAMACHI is not set +# CONFIG_YELLOWFIN is not set +CONFIG_NET_VENDOR_PENSANDO=y +# CONFIG_IONIC is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +# CONFIG_NETXEN_NIC is not set +# CONFIG_QED is not set +CONFIG_NET_VENDOR_BROCADE=y +# CONFIG_BNA is not set +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCOM_EMAC is not set +# CONFIG_RMNET is not set +CONFIG_NET_VENDOR_RDC=y +# CONFIG_R6040 is not set +CONFIG_NET_VENDOR_REALTEK=y +# CONFIG_8139CP is not set +CONFIG_8139TOO=y +CONFIG_8139TOO_PIO=y +# CONFIG_8139TOO_TUNE_TWISTER is not set +# CONFIG_8139TOO_8129 is not set +# CONFIG_8139_OLD_RX_RESET is not set +CONFIG_R8169=y +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +CONFIG_NET_VENDOR_SEEQ=y +CONFIG_NET_VENDOR_SILAN=y +# CONFIG_SC92031 is not set +CONFIG_NET_VENDOR_SIS=y +# CONFIG_SIS900 is not set +# CONFIG_SIS190 is not set +CONFIG_NET_VENDOR_SOLARFLARE=y +# CONFIG_SFC is not set +# CONFIG_SFC_FALCON is not set +# CONFIG_SFC_SIENA is not set +CONFIG_NET_VENDOR_SMSC=y +# CONFIG_PCMCIA_SMC91C92 is not set +# CONFIG_EPIC100 is not set +# CONFIG_SMSC911X is not set +# CONFIG_SMSC9420 is not set +CONFIG_NET_VENDOR_SOCIONEXT=y +CONFIG_NET_VENDOR_STMICRO=y +# CONFIG_STMMAC_ETH is not set +CONFIG_NET_VENDOR_SUN=y +# CONFIG_HAPPYMEAL is not set +# CONFIG_SUNGEM is not set +# CONFIG_CASSINI is not set +# CONFIG_NIU is not set +CONFIG_NET_VENDOR_SYNOPSYS=y +# CONFIG_DWC_XLGMAC is not set +CONFIG_NET_VENDOR_TEHUTI=y +# CONFIG_TEHUTI is not set +CONFIG_NET_VENDOR_TI=y +# CONFIG_TI_CPSW_PHY_SEL is not set +# CONFIG_TLAN is not set +CONFIG_NET_VENDOR_VERTEXCOM=y +CONFIG_NET_VENDOR_VIA=y +# CONFIG_VIA_RHINE is not set +# CONFIG_VIA_VELOCITY is not set +CONFIG_NET_VENDOR_WANGXUN=y +# CONFIG_NGBE is not set +CONFIG_NET_VENDOR_WIZNET=y +# CONFIG_WIZNET_W5100 is not set +# CONFIG_WIZNET_W5300 is not set +CONFIG_NET_VENDOR_XILINX=y +# CONFIG_XILINX_EMACLITE is not set +# CONFIG_XILINX_AXI_EMAC is not set +# CONFIG_XILINX_LL_TEMAC is not set +CONFIG_NET_VENDOR_XIRCOM=y +# CONFIG_PCMCIA_XIRC2PS is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +CONFIG_PHYLIB=y +CONFIG_SWPHY=y +# CONFIG_LED_TRIGGER_PHY is not set +CONFIG_FIXED_PHY=y + +# +# MII PHY device drivers +# +# CONFIG_AMD_PHY is not set +# CONFIG_ADIN_PHY is not set +# CONFIG_ADIN1100_PHY is not set +# CONFIG_AQUANTIA_PHY is not set +# CONFIG_AX88796B_PHY is not set +# CONFIG_BROADCOM_PHY is not set +# CONFIG_BCM54140_PHY is not set +# CONFIG_BCM7XXX_PHY is not set +# CONFIG_BCM84881_PHY is not set +# CONFIG_BCM87XX_PHY is not set +# CONFIG_CICADA_PHY is not set +# CONFIG_CORTINA_PHY is not set +# CONFIG_DAVICOM_PHY is not set +# CONFIG_ICPLUS_PHY is not set +# CONFIG_LXT_PHY is not set +# CONFIG_INTEL_XWAY_PHY is not set +# CONFIG_LSI_ET1011C_PHY is not set +# CONFIG_MARVELL_PHY is not set +# CONFIG_MARVELL_10G_PHY is not set +# CONFIG_MARVELL_88X2222_PHY is not set +# CONFIG_MAXLINEAR_GPHY is not set +# CONFIG_MEDIATEK_GE_PHY is not set +# CONFIG_MICREL_PHY is not set +# CONFIG_MICROCHIP_T1S_PHY is not set +# CONFIG_MICROCHIP_PHY is not set +# CONFIG_MICROCHIP_T1_PHY is not set +# CONFIG_MICROSEMI_PHY is not set +# CONFIG_MOTORCOMM_PHY is not set +# CONFIG_NATIONAL_PHY is not set +# CONFIG_NXP_CBTX_PHY is not set +# CONFIG_NXP_C45_TJA11XX_PHY is not set +# CONFIG_NXP_TJA11XX_PHY is not set +# CONFIG_NCN26000_PHY is not set +# CONFIG_QSEMI_PHY is not set +CONFIG_REALTEK_PHY=y +# CONFIG_RENESAS_PHY is not set +# CONFIG_ROCKCHIP_PHY is not set +# CONFIG_SMSC_PHY is not set +# CONFIG_STE10XP is not set +# CONFIG_TERANETICS_PHY is not set +# CONFIG_DP83822_PHY is not set +# CONFIG_DP83TC811_PHY is not set +# CONFIG_DP83848_PHY is not set +# CONFIG_DP83867_PHY is not set +# CONFIG_DP83869_PHY is not set +# CONFIG_DP83TD510_PHY is not set +# CONFIG_VITESSE_PHY is not set +# CONFIG_XILINX_GMII2RGMII is not set +# CONFIG_PSE_CONTROLLER is not set +CONFIG_MDIO_DEVICE=y +CONFIG_MDIO_BUS=y +CONFIG_FWNODE_MDIO=y +CONFIG_ACPI_MDIO=y +CONFIG_MDIO_DEVRES=y +# CONFIG_MDIO_BITBANG is not set +# CONFIG_MDIO_BCM_UNIMAC is not set +# CONFIG_MDIO_MVUSB is not set +# CONFIG_MDIO_THUNDER is not set + +# +# MDIO Multiplexers +# + +# +# PCS device drivers +# +# end of PCS device drivers + +# CONFIG_PPP is not set +# CONFIG_SLIP is not set +CONFIG_USB_NET_DRIVERS=y +# CONFIG_USB_CATC is not set +# CONFIG_USB_KAWETH is not set +# CONFIG_USB_PEGASUS is not set +# CONFIG_USB_RTL8150 is not set +# CONFIG_USB_RTL8152 is not set +# CONFIG_USB_LAN78XX is not set +# CONFIG_USB_USBNET is not set +# CONFIG_USB_HSO is not set +# CONFIG_USB_IPHETH is not set +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +# CONFIG_ADM8211 is not set +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K is not set +# CONFIG_ATH5K_PCI is not set +# CONFIG_ATH9K is not set +# CONFIG_ATH9K_HTC is not set +# CONFIG_CARL9170 is not set +# CONFIG_ATH6KL is not set +# CONFIG_AR5523 is not set +# CONFIG_WIL6210 is not set +# CONFIG_ATH10K is not set +# CONFIG_WCN36XX is not set +CONFIG_WLAN_VENDOR_ATMEL=y +# CONFIG_ATMEL is not set +# CONFIG_AT76C50X_USB is not set +CONFIG_WLAN_VENDOR_BROADCOM=y +# CONFIG_B43 is not set +# CONFIG_B43LEGACY is not set +# CONFIG_BRCMSMAC is not set +# CONFIG_BRCMFMAC is not set +CONFIG_WLAN_VENDOR_CISCO=y +# CONFIG_AIRO is not set +# CONFIG_AIRO_CS is not set +CONFIG_WLAN_VENDOR_INTEL=y +# CONFIG_IPW2100 is not set +# CONFIG_IPW2200 is not set +# CONFIG_IWL4965 is not set +# CONFIG_IWL3945 is not set +# CONFIG_IWLWIFI is not set +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_HERMES is not set +# CONFIG_P54_COMMON is not set +CONFIG_WLAN_VENDOR_MARVELL=y +# CONFIG_LIBERTAS is not set +# CONFIG_LIBERTAS_THINFIRM is not set +# CONFIG_MWIFIEX is not set +# CONFIG_MWL8K is not set +CONFIG_WLAN_VENDOR_MEDIATEK=y +# CONFIG_MT7601U is not set +# CONFIG_MT76x0U is not set +# CONFIG_MT76x0E is not set +# CONFIG_MT76x2E is not set +# CONFIG_MT76x2U is not set +# CONFIG_MT7603E is not set +# CONFIG_MT7615E is not set +# CONFIG_MT7663U is not set +# CONFIG_MT7915E is not set +# CONFIG_MT7921E is not set +# CONFIG_MT7921U is not set +# CONFIG_MT7996E is not set +CONFIG_WLAN_VENDOR_MICROCHIP=y +CONFIG_WLAN_VENDOR_PURELIFI=y +# CONFIG_PLFXLC is not set +CONFIG_WLAN_VENDOR_RALINK=y +# CONFIG_RT2X00 is not set +CONFIG_WLAN_VENDOR_REALTEK=y +# CONFIG_RTL8180 is not set +# CONFIG_RTL8187 is not set +CONFIG_RTL_CARDS=y +# CONFIG_RTL8192CE is not set +# CONFIG_RTL8192SE is not set +# CONFIG_RTL8192DE is not set +# CONFIG_RTL8723AE is not set +# CONFIG_RTL8723BE is not set +# CONFIG_RTL8188EE is not set +# CONFIG_RTL8192EE is not set +# CONFIG_RTL8821AE is not set +# CONFIG_RTL8192CU is not set +# CONFIG_RTL8XXXU is not set +# CONFIG_RTW88 is not set +# CONFIG_RTW89 is not set +CONFIG_WLAN_VENDOR_RSI=y +# CONFIG_RSI_91X is not set +CONFIG_WLAN_VENDOR_SILABS=y +CONFIG_WLAN_VENDOR_ST=y +# CONFIG_CW1200 is not set +CONFIG_WLAN_VENDOR_TI=y +# CONFIG_WL1251 is not set +# CONFIG_WL12XX is not set +# CONFIG_WL18XX is not set +# CONFIG_WLCORE is not set +CONFIG_WLAN_VENDOR_ZYDAS=y +# CONFIG_USB_ZD1201 is not set +# CONFIG_ZD1211RW is not set +CONFIG_WLAN_VENDOR_QUANTENNA=y +# CONFIG_QTNFMAC_PCIE is not set +# CONFIG_PCMCIA_RAYCS is not set +# CONFIG_PCMCIA_WL3501 is not set +# CONFIG_USB_NET_RNDIS_WLAN is not set +# CONFIG_MAC80211_HWSIM is not set +# CONFIG_VIRT_WIFI is not set +# CONFIG_WAN is not set + +# +# Wireless WAN +# +# CONFIG_WWAN is not set +# end of Wireless WAN + +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_NETDEVSIM is not set +CONFIG_NET_FAILOVER=y +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +CONFIG_INPUT_LEDS=y +CONFIG_INPUT_FF_MEMLESS=y +CONFIG_INPUT_SPARSEKMAP=y +# CONFIG_INPUT_MATRIXKMAP is not set +CONFIG_INPUT_VIVALDIFMAP=y + +# +# Userland interfaces +# +# CONFIG_INPUT_MOUSEDEV is not set +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=y +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +# CONFIG_KEYBOARD_ADP5588 is not set +# CONFIG_KEYBOARD_ADP5589 is not set +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_QT1050 is not set +# CONFIG_KEYBOARD_QT1070 is not set +# CONFIG_KEYBOARD_QT2160 is not set +# CONFIG_KEYBOARD_DLINK_DIR685 is not set +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_LM8323 is not set +# CONFIG_KEYBOARD_LM8333 is not set +# CONFIG_KEYBOARD_MAX7359 is not set +# CONFIG_KEYBOARD_MCS is not set +# CONFIG_KEYBOARD_MPR121 is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_TM2_TOUCHKEY is not set +# CONFIG_KEYBOARD_XTKBD is not set +# CONFIG_KEYBOARD_CYPRESS_SF is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=y +CONFIG_MOUSE_PS2_ALPS=y +CONFIG_MOUSE_PS2_BYD=y +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS=y +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_PS2_VMMOUSE is not set +CONFIG_MOUSE_PS2_SMBUS=y +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_CYAPA is not set +# CONFIG_MOUSE_ELAN_I2C is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_SYNAPTICS_I2C is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +CONFIG_INPUT_JOYSTICK=y +# CONFIG_JOYSTICK_ANALOG is not set +# CONFIG_JOYSTICK_A3D is not set +# CONFIG_JOYSTICK_ADI is not set +# CONFIG_JOYSTICK_COBRA is not set +# CONFIG_JOYSTICK_GF2K is not set +# CONFIG_JOYSTICK_GRIP is not set +# CONFIG_JOYSTICK_GRIP_MP is not set +# CONFIG_JOYSTICK_GUILLEMOT is not set +# CONFIG_JOYSTICK_INTERACT is not set +# CONFIG_JOYSTICK_SIDEWINDER is not set +# CONFIG_JOYSTICK_TMDC is not set +# CONFIG_JOYSTICK_IFORCE is not set +# CONFIG_JOYSTICK_WARRIOR is not set +# CONFIG_JOYSTICK_MAGELLAN is not set +# CONFIG_JOYSTICK_SPACEORB is not set +# CONFIG_JOYSTICK_SPACEBALL is not set +# CONFIG_JOYSTICK_STINGER is not set +# CONFIG_JOYSTICK_TWIDJOY is not set +# CONFIG_JOYSTICK_ZHENHUA is not set +# CONFIG_JOYSTICK_AS5011 is not set +# CONFIG_JOYSTICK_JOYDUMP is not set +# CONFIG_JOYSTICK_XPAD is not set +# CONFIG_JOYSTICK_PXRC is not set +# CONFIG_JOYSTICK_QWIIC is not set +# CONFIG_JOYSTICK_FSIA6B is not set +# CONFIG_JOYSTICK_SENSEHAT is not set +CONFIG_INPUT_TABLET=y +# CONFIG_TABLET_USB_ACECAD is not set +# CONFIG_TABLET_USB_AIPTEK is not set +# CONFIG_TABLET_USB_HANWANG is not set +# CONFIG_TABLET_USB_KBTAB is not set +# CONFIG_TABLET_USB_PEGASUS is not set +# CONFIG_TABLET_SERIAL_WACOM4 is not set +CONFIG_INPUT_TOUCHSCREEN=y +# CONFIG_TOUCHSCREEN_AD7879 is not set +# CONFIG_TOUCHSCREEN_ATMEL_MXT is not set +# CONFIG_TOUCHSCREEN_BU21013 is not set +# CONFIG_TOUCHSCREEN_BU21029 is not set +# CONFIG_TOUCHSCREEN_CHIPONE_ICN8505 is not set +# CONFIG_TOUCHSCREEN_CY8CTMA140 is not set +# CONFIG_TOUCHSCREEN_CYTTSP_CORE is not set +# CONFIG_TOUCHSCREEN_CYTTSP4_CORE is not set +# CONFIG_TOUCHSCREEN_CYTTSP5 is not set +# CONFIG_TOUCHSCREEN_DYNAPRO is not set +# CONFIG_TOUCHSCREEN_HAMPSHIRE is not set +# CONFIG_TOUCHSCREEN_EETI is not set +# CONFIG_TOUCHSCREEN_EGALAX_SERIAL is not set +# CONFIG_TOUCHSCREEN_EXC3000 is not set +# CONFIG_TOUCHSCREEN_FUJITSU is not set +# CONFIG_TOUCHSCREEN_HIDEEP is not set +# CONFIG_TOUCHSCREEN_HYCON_HY46XX is not set +# CONFIG_TOUCHSCREEN_HYNITRON_CSTXXX is not set +# CONFIG_TOUCHSCREEN_ILI210X is not set +# CONFIG_TOUCHSCREEN_ILITEK is not set +# CONFIG_TOUCHSCREEN_S6SY761 is not set +# CONFIG_TOUCHSCREEN_GUNZE is not set +# CONFIG_TOUCHSCREEN_EKTF2127 is not set +# CONFIG_TOUCHSCREEN_ELAN is not set +# CONFIG_TOUCHSCREEN_ELO is not set +# CONFIG_TOUCHSCREEN_WACOM_W8001 is not set +# CONFIG_TOUCHSCREEN_WACOM_I2C is not set +# CONFIG_TOUCHSCREEN_MAX11801 is not set +# CONFIG_TOUCHSCREEN_MCS5000 is not set +# CONFIG_TOUCHSCREEN_MMS114 is not set +# CONFIG_TOUCHSCREEN_MELFAS_MIP4 is not set +# CONFIG_TOUCHSCREEN_MTOUCH is not set +# CONFIG_TOUCHSCREEN_NOVATEK_NVT_TS is not set +# CONFIG_TOUCHSCREEN_IMAGIS is not set +# CONFIG_TOUCHSCREEN_INEXIO is not set +# CONFIG_TOUCHSCREEN_PENMOUNT is not set +# CONFIG_TOUCHSCREEN_EDT_FT5X06 is not set +# CONFIG_TOUCHSCREEN_TOUCHRIGHT is not set +# CONFIG_TOUCHSCREEN_TOUCHWIN is not set +# CONFIG_TOUCHSCREEN_PIXCIR is not set +# CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set +# CONFIG_TOUCHSCREEN_USB_COMPOSITE is not set +# CONFIG_TOUCHSCREEN_TOUCHIT213 is not set +# CONFIG_TOUCHSCREEN_TSC_SERIO is not set +# CONFIG_TOUCHSCREEN_TSC2004 is not set +# CONFIG_TOUCHSCREEN_TSC2007 is not set +# CONFIG_TOUCHSCREEN_SILEAD is not set +# CONFIG_TOUCHSCREEN_ST1232 is not set +# CONFIG_TOUCHSCREEN_STMFTS is not set +# CONFIG_TOUCHSCREEN_SX8654 is not set +# CONFIG_TOUCHSCREEN_TPS6507X is not set +# CONFIG_TOUCHSCREEN_ZET6223 is not set +# CONFIG_TOUCHSCREEN_ROHM_BU21023 is not set +# CONFIG_TOUCHSCREEN_IQS5XX is not set +# CONFIG_TOUCHSCREEN_ZINITIX is not set +# CONFIG_TOUCHSCREEN_HIMAX_HX83112B is not set +CONFIG_INPUT_MISC=y +# CONFIG_INPUT_AD714X is not set +# CONFIG_INPUT_BMA150 is not set +# CONFIG_INPUT_E3X0_BUTTON is not set +# CONFIG_INPUT_PCSPKR is not set +# CONFIG_INPUT_MMA8450 is not set +# CONFIG_INPUT_APANEL is not set +# CONFIG_INPUT_ATLAS_BTNS is not set +# CONFIG_INPUT_ATI_REMOTE2 is not set +# CONFIG_INPUT_KEYSPAN_REMOTE is not set +# CONFIG_INPUT_KXTJ9 is not set +# CONFIG_INPUT_POWERMATE is not set +# CONFIG_INPUT_YEALINK is not set +# CONFIG_INPUT_CM109 is not set +# CONFIG_INPUT_UINPUT is not set +# CONFIG_INPUT_PCF8574 is not set +# CONFIG_INPUT_DA7280_HAPTICS is not set +# CONFIG_INPUT_ADXL34X is not set +# CONFIG_INPUT_IMS_PCU is not set +# CONFIG_INPUT_IQS269A is not set +# CONFIG_INPUT_IQS626A is not set +# CONFIG_INPUT_IQS7222 is not set +# CONFIG_INPUT_CMA3000 is not set +# CONFIG_INPUT_IDEAPAD_SLIDEBAR is not set +# CONFIG_INPUT_DRV2665_HAPTICS is not set +# CONFIG_INPUT_DRV2667_HAPTICS is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +CONFIG_SERIO_SERPORT=y +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +# CONFIG_LEGACY_PTYS is not set +CONFIG_LEGACY_TIOCSTI=y +CONFIG_LDISC_AUTOLOAD=y + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y +CONFIG_SERIAL_8250_PNP=y +# CONFIG_SERIAL_8250_16550A_VARIANTS is not set +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_DMA=y +CONFIG_SERIAL_8250_PCILIB=y +CONFIG_SERIAL_8250_PCI=y +CONFIG_SERIAL_8250_EXAR=y +# CONFIG_SERIAL_8250_CS is not set +CONFIG_SERIAL_8250_NR_UARTS=32 +CONFIG_SERIAL_8250_RUNTIME_UARTS=4 +CONFIG_SERIAL_8250_EXTENDED=y +CONFIG_SERIAL_8250_MANY_PORTS=y +# CONFIG_SERIAL_8250_PCI1XXXX is not set +CONFIG_SERIAL_8250_SHARE_IRQ=y +CONFIG_SERIAL_8250_DETECT_IRQ=y +CONFIG_SERIAL_8250_RSA=y +CONFIG_SERIAL_8250_DWLIB=y +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +CONFIG_SERIAL_8250_LPSS=y +CONFIG_SERIAL_8250_MID=y +CONFIG_SERIAL_8250_PERICOM=y + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_LANTIQ is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_SC16IS7XX is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# end of Serial drivers + +CONFIG_SERIAL_NONSTANDARD=y +# CONFIG_MOXA_INTELLIO is not set +# CONFIG_MOXA_SMARTIO is not set +# CONFIG_SYNCLINK_GT is not set +# CONFIG_N_HDLC is not set +# CONFIG_IPWIRELESS is not set +# CONFIG_N_GSM is not set +# CONFIG_NOZOMI is not set +# CONFIG_NULL_TTY is not set +CONFIG_HVC_DRIVER=y +# CONFIG_SERIAL_DEV_BUS is not set +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +CONFIG_HW_RANDOM=y +# CONFIG_HW_RANDOM_TIMERIOMEM is not set +# CONFIG_HW_RANDOM_INTEL is not set +# CONFIG_HW_RANDOM_AMD is not set +# CONFIG_HW_RANDOM_BA431 is not set +CONFIG_HW_RANDOM_VIA=y +# CONFIG_HW_RANDOM_VIRTIO is not set +# CONFIG_HW_RANDOM_XIPHERA is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +CONFIG_DEVMEM=y +CONFIG_NVRAM=y +CONFIG_DEVPORT=y +CONFIG_HPET=y +# CONFIG_HPET_MMAP is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +# CONFIG_XILLYBUS is not set +# CONFIG_XILLYUSB is not set +# end of Character devices + +# +# I2C support +# +CONFIG_I2C=y +CONFIG_ACPI_I2C_OPREGION=y +CONFIG_I2C_BOARDINFO=y +CONFIG_I2C_COMPAT=y +# CONFIG_I2C_CHARDEV is not set +# CONFIG_I2C_MUX is not set +CONFIG_I2C_HELPER_AUTO=y +CONFIG_I2C_SMBUS=y +CONFIG_I2C_ALGOBIT=y + +# +# I2C Hardware Bus support +# + +# +# PC SMBus host controller drivers +# +# CONFIG_I2C_ALI1535 is not set +# CONFIG_I2C_ALI1563 is not set +# CONFIG_I2C_ALI15X3 is not set +# CONFIG_I2C_AMD756 is not set +# CONFIG_I2C_AMD8111 is not set +# CONFIG_I2C_AMD_MP2 is not set +CONFIG_I2C_I801=y +# CONFIG_I2C_ISCH is not set +# CONFIG_I2C_ISMT is not set +# CONFIG_I2C_PIIX4 is not set +# CONFIG_I2C_NFORCE2 is not set +# CONFIG_I2C_NVIDIA_GPU is not set +# CONFIG_I2C_SIS5595 is not set +# CONFIG_I2C_SIS630 is not set +# CONFIG_I2C_SIS96X is not set +# CONFIG_I2C_VIA is not set +# CONFIG_I2C_VIAPRO is not set + +# +# ACPI drivers +# +# CONFIG_I2C_SCMI is not set + +# +# I2C system bus drivers (mostly embedded / system-on-chip) +# +# CONFIG_I2C_DESIGNWARE_PCI is not set +# CONFIG_I2C_OCORES is not set +# CONFIG_I2C_PCA_PLATFORM is not set +# CONFIG_I2C_SIMTEC is not set +# CONFIG_I2C_XILINX is not set + +# +# External I2C/SMBus adapter drivers +# +# CONFIG_I2C_DIOLAN_U2C is not set +# CONFIG_I2C_CP2615 is not set +# CONFIG_I2C_PCI1XXXX is not set +# CONFIG_I2C_ROBOTFUZZ_OSIF is not set +# CONFIG_I2C_TAOS_EVM is not set +# CONFIG_I2C_TINY_USB is not set + +# +# Other I2C/SMBus bus drivers +# +# CONFIG_I2C_MLXCPLD is not set +# CONFIG_I2C_VIRTIO is not set +# end of I2C Hardware Bus support + +# CONFIG_I2C_STUB is not set +# CONFIG_I2C_SLAVE is not set +# CONFIG_I2C_DEBUG_CORE is not set +# CONFIG_I2C_DEBUG_ALGO is not set +# CONFIG_I2C_DEBUG_BUS is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +CONFIG_PPS=y +# CONFIG_PPS_DEBUG is not set + +# +# PPS clients support +# +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_GPIO is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK=y +CONFIG_PTP_1588_CLOCK_OPTIONAL=y + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_PTP_1588_CLOCK_KVM=y +# CONFIG_PTP_1588_CLOCK_IDT82P33 is not set +# CONFIG_PTP_1588_CLOCK_IDTCM is not set +# CONFIG_PTP_1588_CLOCK_VMW is not set +# end of PTP clock support + +# CONFIG_PINCTRL is not set +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +CONFIG_POWER_SUPPLY_HWMON=y +# CONFIG_IP5XXX_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_CHARGER_ADP5061 is not set +# CONFIG_BATTERY_CW2015 is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_DS2782 is not set +# CONFIG_BATTERY_SAMSUNG_SDI is not set +# CONFIG_BATTERY_SBS is not set +# CONFIG_CHARGER_SBS is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_BATTERY_MAX17040 is not set +# CONFIG_BATTERY_MAX17042 is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set +# CONFIG_CHARGER_LTC4162L is not set +# CONFIG_CHARGER_MAX77976 is not set +# CONFIG_CHARGER_BQ2415X is not set +# CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_GOLDFISH is not set +# CONFIG_BATTERY_RT5033 is not set +# CONFIG_CHARGER_BD99954 is not set +# CONFIG_BATTERY_UG3105 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_AD7414 is not set +# CONFIG_SENSORS_AD7418 is not set +# CONFIG_SENSORS_ADM1021 is not set +# CONFIG_SENSORS_ADM1025 is not set +# CONFIG_SENSORS_ADM1026 is not set +# CONFIG_SENSORS_ADM1029 is not set +# CONFIG_SENSORS_ADM1031 is not set +# CONFIG_SENSORS_ADM1177 is not set +# CONFIG_SENSORS_ADM9240 is not set +# CONFIG_SENSORS_ADT7410 is not set +# CONFIG_SENSORS_ADT7411 is not set +# CONFIG_SENSORS_ADT7462 is not set +# CONFIG_SENSORS_ADT7470 is not set +# CONFIG_SENSORS_ADT7475 is not set +# CONFIG_SENSORS_AHT10 is not set +# CONFIG_SENSORS_AQUACOMPUTER_D5NEXT is not set +# CONFIG_SENSORS_AS370 is not set +# CONFIG_SENSORS_ASC7621 is not set +# CONFIG_SENSORS_AXI_FAN_CONTROL is not set +# CONFIG_SENSORS_K8TEMP is not set +# CONFIG_SENSORS_K10TEMP is not set +# CONFIG_SENSORS_FAM15H_POWER is not set +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_ASB100 is not set +# CONFIG_SENSORS_ATXP1 is not set +# CONFIG_SENSORS_CORSAIR_CPRO is not set +# CONFIG_SENSORS_CORSAIR_PSU is not set +# CONFIG_SENSORS_DRIVETEMP is not set +# CONFIG_SENSORS_DS620 is not set +# CONFIG_SENSORS_DS1621 is not set +# CONFIG_SENSORS_DELL_SMM is not set +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_F75375S is not set +# CONFIG_SENSORS_FSCHMD is not set +# CONFIG_SENSORS_FTSTEUTATES is not set +# CONFIG_SENSORS_GL518SM is not set +# CONFIG_SENSORS_GL520SM is not set +# CONFIG_SENSORS_G760A is not set +# CONFIG_SENSORS_G762 is not set +# CONFIG_SENSORS_HIH6130 is not set +# CONFIG_SENSORS_I5500 is not set +# CONFIG_SENSORS_CORETEMP is not set +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_JC42 is not set +# CONFIG_SENSORS_POWR1220 is not set +# CONFIG_SENSORS_LINEAGE is not set +# CONFIG_SENSORS_LTC2945 is not set +# CONFIG_SENSORS_LTC2947_I2C is not set +# CONFIG_SENSORS_LTC2990 is not set +# CONFIG_SENSORS_LTC4151 is not set +# CONFIG_SENSORS_LTC4215 is not set +# CONFIG_SENSORS_LTC4222 is not set +# CONFIG_SENSORS_LTC4245 is not set +# CONFIG_SENSORS_LTC4260 is not set +# CONFIG_SENSORS_LTC4261 is not set +# CONFIG_SENSORS_MAX127 is not set +# CONFIG_SENSORS_MAX16065 is not set +# CONFIG_SENSORS_MAX1619 is not set +# CONFIG_SENSORS_MAX1668 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_MAX31730 is not set +# CONFIG_SENSORS_MAX31760 is not set +# CONFIG_MAX31827 is not set +# CONFIG_SENSORS_MAX6620 is not set +# CONFIG_SENSORS_MAX6621 is not set +# CONFIG_SENSORS_MAX6639 is not set +# CONFIG_SENSORS_MAX6642 is not set +# CONFIG_SENSORS_MAX6650 is not set +# CONFIG_SENSORS_MAX6697 is not set +# CONFIG_SENSORS_MAX31790 is not set +# CONFIG_SENSORS_MC34VR500 is not set +# CONFIG_SENSORS_MCP3021 is not set +# CONFIG_SENSORS_TC654 is not set +# CONFIG_SENSORS_TPS23861 is not set +# CONFIG_SENSORS_MR75203 is not set +# CONFIG_SENSORS_LM63 is not set +# CONFIG_SENSORS_LM73 is not set +# CONFIG_SENSORS_LM75 is not set +# CONFIG_SENSORS_LM77 is not set +# CONFIG_SENSORS_LM78 is not set +# CONFIG_SENSORS_LM80 is not set +# CONFIG_SENSORS_LM83 is not set +# CONFIG_SENSORS_LM85 is not set +# CONFIG_SENSORS_LM87 is not set +# CONFIG_SENSORS_LM90 is not set +# CONFIG_SENSORS_LM92 is not set +# CONFIG_SENSORS_LM93 is not set +# CONFIG_SENSORS_LM95234 is not set +# CONFIG_SENSORS_LM95241 is not set +# CONFIG_SENSORS_LM95245 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_NCT6775_I2C is not set +# CONFIG_SENSORS_NCT7802 is not set +# CONFIG_SENSORS_NCT7904 is not set +# CONFIG_SENSORS_NPCM7XX is not set +# CONFIG_SENSORS_NZXT_KRAKEN2 is not set +# CONFIG_SENSORS_NZXT_SMART2 is not set +# CONFIG_SENSORS_OCC_P8_I2C is not set +# CONFIG_SENSORS_OXP is not set +# CONFIG_SENSORS_PCF8591 is not set +# CONFIG_PMBUS is not set +# CONFIG_SENSORS_SBTSI is not set +# CONFIG_SENSORS_SBRMI is not set +# CONFIG_SENSORS_SHT21 is not set +# CONFIG_SENSORS_SHT3x is not set +# CONFIG_SENSORS_SHT4x is not set +# CONFIG_SENSORS_SHTC1 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_DME1737 is not set +# CONFIG_SENSORS_EMC1403 is not set +# CONFIG_SENSORS_EMC2103 is not set +# CONFIG_SENSORS_EMC2305 is not set +# CONFIG_SENSORS_EMC6W201 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47M192 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH5627 is not set +# CONFIG_SENSORS_SCH5636 is not set +# CONFIG_SENSORS_STTS751 is not set +# CONFIG_SENSORS_SMM665 is not set +# CONFIG_SENSORS_ADC128D818 is not set +# CONFIG_SENSORS_ADS7828 is not set +# CONFIG_SENSORS_AMC6821 is not set +# CONFIG_SENSORS_INA209 is not set +# CONFIG_SENSORS_INA2XX is not set +# CONFIG_SENSORS_INA238 is not set +# CONFIG_SENSORS_INA3221 is not set +# CONFIG_SENSORS_TC74 is not set +# CONFIG_SENSORS_THMC50 is not set +# CONFIG_SENSORS_TMP102 is not set +# CONFIG_SENSORS_TMP103 is not set +# CONFIG_SENSORS_TMP108 is not set +# CONFIG_SENSORS_TMP401 is not set +# CONFIG_SENSORS_TMP421 is not set +# CONFIG_SENSORS_TMP464 is not set +# CONFIG_SENSORS_TMP513 is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83773G is not set +# CONFIG_SENSORS_W83781D is not set +# CONFIG_SENSORS_W83791D is not set +# CONFIG_SENSORS_W83792D is not set +# CONFIG_SENSORS_W83793 is not set +# CONFIG_SENSORS_W83795 is not set +# CONFIG_SENSORS_W83L785TS is not set +# CONFIG_SENSORS_W83L786NG is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set +# CONFIG_SENSORS_XGENE is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +# CONFIG_SENSORS_ASUS_WMI is not set +# CONFIG_SENSORS_ASUS_EC is not set +# CONFIG_SENSORS_HP_WMI is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_HWMON=y +CONFIG_THERMAL_WRITABLE_TRIPS=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +CONFIG_THERMAL_GOV_USER_SPACE=y +# CONFIG_THERMAL_EMULATION is not set + +# +# Intel thermal drivers +# +# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_X86_THERMAL_VECTOR=y +CONFIG_INTEL_TCC=y +CONFIG_X86_PKG_TEMP_THERMAL=m +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# end of ACPI INT340X thermal drivers + +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_HFI_THERMAL is not set +# end of Intel thermal drivers + +CONFIG_WATCHDOG=y +# CONFIG_WATCHDOG_CORE is not set +# CONFIG_WATCHDOG_NOWAYOUT is not set +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_OPEN_TIMEOUT=0 +# CONFIG_WATCHDOG_SYSFS is not set +# CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT is not set + +# +# Watchdog Pretimeout Governors +# + +# +# Watchdog Device Drivers +# +# CONFIG_SOFT_WATCHDOG is not set +# CONFIG_WDAT_WDT is not set +# CONFIG_XILINX_WATCHDOG is not set +# CONFIG_ZIIRAVE_WATCHDOG is not set +# CONFIG_CADENCE_WATCHDOG is not set +# CONFIG_DW_WATCHDOG is not set +# CONFIG_MAX63XX_WATCHDOG is not set +# CONFIG_ACQUIRE_WDT is not set +# CONFIG_ADVANTECH_WDT is not set +# CONFIG_ADVANTECH_EC_WDT is not set +# CONFIG_ALIM1535_WDT is not set +# CONFIG_ALIM7101_WDT is not set +# CONFIG_EBC_C384_WDT is not set +# CONFIG_EXAR_WDT is not set +# CONFIG_F71808E_WDT is not set +# CONFIG_SP5100_TCO is not set +# CONFIG_SBC_FITPC2_WATCHDOG is not set +# CONFIG_EUROTECH_WDT is not set +# CONFIG_IB700_WDT is not set +# CONFIG_IBMASR is not set +# CONFIG_WAFER_WDT is not set +# CONFIG_I6300ESB_WDT is not set +# CONFIG_IE6XX_WDT is not set +# CONFIG_ITCO_WDT is not set +# CONFIG_IT8712F_WDT is not set +# CONFIG_IT87_WDT is not set +# CONFIG_HP_WATCHDOG is not set +# CONFIG_SC1200_WDT is not set +# CONFIG_PC87413_WDT is not set +# CONFIG_NV_TCO is not set +# CONFIG_60XX_WDT is not set +# CONFIG_CPU5_WDT is not set +# CONFIG_SMSC_SCH311X_WDT is not set +# CONFIG_SMSC37B787_WDT is not set +# CONFIG_TQMX86_WDT is not set +# CONFIG_VIA_WDT is not set +# CONFIG_W83627HF_WDT is not set +# CONFIG_W83877F_WDT is not set +# CONFIG_W83977F_WDT is not set +# CONFIG_MACHZ_WDT is not set +# CONFIG_SBC_EPX_C3_WATCHDOG is not set +# CONFIG_NI903X_WDT is not set +# CONFIG_NIC7018_WDT is not set + +# +# PCI-based Watchdog Cards +# +# CONFIG_PCIPCWATCHDOG is not set +# CONFIG_WDTPCI is not set + +# +# USB-based Watchdog Cards +# +# CONFIG_USBPCWATCHDOG is not set +CONFIG_SSB_POSSIBLE=y +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_AS3711 is not set +# CONFIG_MFD_SMPRO is not set +# CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_BCM590XX is not set +# CONFIG_MFD_BD9571MWV is not set +# CONFIG_MFD_AXP20X_I2C is not set +# CONFIG_MFD_MADERA is not set +# CONFIG_PMIC_DA903X is not set +# CONFIG_MFD_DA9052_I2C is not set +# CONFIG_MFD_DA9055 is not set +# CONFIG_MFD_DA9062 is not set +# CONFIG_MFD_DA9063 is not set +# CONFIG_MFD_DA9150 is not set +# CONFIG_MFD_DLN2 is not set +# CONFIG_MFD_MC13XXX_I2C is not set +# CONFIG_MFD_MP2629 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_INTEL_PMC_BXT is not set +# CONFIG_MFD_IQS62X is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_88PM800 is not set +# CONFIG_MFD_88PM805 is not set +# CONFIG_MFD_88PM860X is not set +# CONFIG_MFD_MAX14577 is not set +# CONFIG_MFD_MAX77541 is not set +# CONFIG_MFD_MAX77693 is not set +# CONFIG_MFD_MAX77843 is not set +# CONFIG_MFD_MAX8907 is not set +# CONFIG_MFD_MAX8925 is not set +# CONFIG_MFD_MAX8997 is not set +# CONFIG_MFD_MAX8998 is not set +# CONFIG_MFD_MT6360 is not set +# CONFIG_MFD_MT6370 is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_MENF21BMC is not set +# CONFIG_MFD_VIPERBOARD is not set +# CONFIG_MFD_RETU is not set +# CONFIG_MFD_PCF50633 is not set +# CONFIG_MFD_SY7636A is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RT4831 is not set +# CONFIG_MFD_RT5033 is not set +# CONFIG_MFD_RT5120 is not set +# CONFIG_MFD_RC5T583 is not set +# CONFIG_MFD_SI476X_CORE is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SKY81452 is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_LP3943 is not set +# CONFIG_MFD_LP8788 is not set +# CONFIG_MFD_TI_LMU is not set +# CONFIG_MFD_PALMAS is not set +# CONFIG_TPS6105X is not set +# CONFIG_TPS6507X is not set +# CONFIG_MFD_TPS65086 is not set +# CONFIG_MFD_TPS65090 is not set +# CONFIG_MFD_TI_LP873X is not set +# CONFIG_MFD_TPS6586X is not set +# CONFIG_MFD_TPS65912_I2C is not set +# CONFIG_MFD_TPS6594_I2C is not set +# CONFIG_TWL4030_CORE is not set +# CONFIG_TWL6040_CORE is not set +# CONFIG_MFD_WL1273_CORE is not set +# CONFIG_MFD_LM3533 is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_MFD_ARIZONA_I2C is not set +# CONFIG_MFD_WM8400 is not set +# CONFIG_MFD_WM831X_I2C is not set +# CONFIG_MFD_WM8350_I2C is not set +# CONFIG_MFD_WM8994 is not set +# CONFIG_MFD_ATC260X_I2C is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set + +# +# CEC support +# +# CONFIG_MEDIA_CEC_SUPPORT is not set +# end of CEC support + +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +CONFIG_APERTURE_HELPERS=y +CONFIG_VIDEO_CMDLINE=y +CONFIG_VIDEO_NOMODESET=y +CONFIG_AGP=y +CONFIG_AGP_AMD64=y +CONFIG_AGP_INTEL=y +# CONFIG_AGP_SIS is not set +# CONFIG_AGP_VIA is not set +CONFIG_INTEL_GTT=y +# CONFIG_VGA_SWITCHEROO is not set +CONFIG_DRM=y +CONFIG_DRM_MIPI_DSI=y +# CONFIG_DRM_DEBUG_MM is not set +CONFIG_DRM_KMS_HELPER=y +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set +CONFIG_DRM_DISPLAY_HELPER=y +CONFIG_DRM_DISPLAY_DP_HELPER=y +CONFIG_DRM_DISPLAY_HDCP_HELPER=y +CONFIG_DRM_DISPLAY_HDMI_HELPER=y +# CONFIG_DRM_DP_AUX_CHARDEV is not set +# CONFIG_DRM_DP_CEC is not set +CONFIG_DRM_TTM=y +CONFIG_DRM_BUDDY=y +CONFIG_DRM_GEM_SHMEM_HELPER=y + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_DRM_I2C_NXP_TDA998X is not set +# CONFIG_DRM_I2C_NXP_TDA9950 is not set +# end of I2C encoder or helper chips + +# +# ARM devices +# +# end of ARM devices + +# CONFIG_DRM_RADEON is not set +# CONFIG_DRM_AMDGPU is not set +# CONFIG_DRM_NOUVEAU is not set +CONFIG_DRM_I915=y +CONFIG_DRM_I915_FORCE_PROBE="" +CONFIG_DRM_I915_CAPTURE_ERROR=y +CONFIG_DRM_I915_COMPRESS_ERROR=y +CONFIG_DRM_I915_USERPTR=y +CONFIG_DRM_I915_REQUEST_TIMEOUT=20000 +CONFIG_DRM_I915_FENCE_TIMEOUT=10000 +CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND=250 +CONFIG_DRM_I915_HEARTBEAT_INTERVAL=2500 +CONFIG_DRM_I915_PREEMPT_TIMEOUT=640 +CONFIG_DRM_I915_PREEMPT_TIMEOUT_COMPUTE=7500 +CONFIG_DRM_I915_MAX_REQUEST_BUSYWAIT=8000 +CONFIG_DRM_I915_STOP_TIMEOUT=100 +CONFIG_DRM_I915_TIMESLICE_DURATION=1 +# CONFIG_DRM_VGEM is not set +# CONFIG_DRM_VKMS is not set +# CONFIG_DRM_VMWGFX is not set +# CONFIG_DRM_GMA500 is not set +# CONFIG_DRM_UDL is not set +# CONFIG_DRM_AST is not set +# CONFIG_DRM_MGAG200 is not set +# CONFIG_DRM_QXL is not set +CONFIG_DRM_VIRTIO_GPU=y +CONFIG_DRM_VIRTIO_GPU_KMS=y +CONFIG_DRM_PANEL=y + +# +# Display Panels +# +# CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN is not set +# end of Display Panels + +CONFIG_DRM_BRIDGE=y +CONFIG_DRM_PANEL_BRIDGE=y + +# +# Display Interface Bridges +# +# CONFIG_DRM_ANALOGIX_ANX78XX is not set +# end of Display Interface Bridges + +# CONFIG_DRM_ETNAVIV is not set +# CONFIG_DRM_BOCHS is not set +# CONFIG_DRM_CIRRUS_QEMU is not set +# CONFIG_DRM_GM12U320 is not set +# CONFIG_DRM_SIMPLEDRM is not set +# CONFIG_DRM_VBOXVIDEO is not set +# CONFIG_DRM_GUD is not set +# CONFIG_DRM_SSD130X is not set +# CONFIG_DRM_LEGACY is not set +CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +# CONFIG_LCD_CLASS_DEVICE is not set +CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_BACKLIGHT_KTZ8866 is not set +# CONFIG_BACKLIGHT_APPLE is not set +# CONFIG_BACKLIGHT_QCOM_WLED is not set +# CONFIG_BACKLIGHT_SAHARA is not set +# CONFIG_BACKLIGHT_ADP8860 is not set +# CONFIG_BACKLIGHT_ADP8870 is not set +# CONFIG_BACKLIGHT_LM3639 is not set +# CONFIG_BACKLIGHT_LV5207LP is not set +# CONFIG_BACKLIGHT_BD6107 is not set +# CONFIG_BACKLIGHT_ARCXCNN is not set +# end of Backlight & LCD device support + +CONFIG_HDMI=y + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +# end of Console display driver support +# end of Graphics support + +# CONFIG_DRM_ACCEL is not set +CONFIG_SOUND=y +CONFIG_SND=y +CONFIG_SND_TIMER=y +CONFIG_SND_PCM=y +CONFIG_SND_HWDEP=y +CONFIG_SND_SEQ_DEVICE=y +CONFIG_SND_JACK=y +CONFIG_SND_JACK_INPUT_DEV=y +# CONFIG_SND_OSSEMUL is not set +CONFIG_SND_PCM_TIMER=y +CONFIG_SND_HRTIMER=y +# CONFIG_SND_DYNAMIC_MINORS is not set +CONFIG_SND_SUPPORT_OLD_API=y +CONFIG_SND_PROC_FS=y +CONFIG_SND_VERBOSE_PROCFS=y +# CONFIG_SND_VERBOSE_PRINTK is not set +CONFIG_SND_CTL_FAST_LOOKUP=y +# CONFIG_SND_DEBUG is not set +# CONFIG_SND_CTL_INPUT_VALIDATION is not set +CONFIG_SND_VMASTER=y +CONFIG_SND_DMA_SGBUF=y +CONFIG_SND_SEQUENCER=y +CONFIG_SND_SEQ_DUMMY=y +CONFIG_SND_SEQ_HRTIMER_DEFAULT=y +# CONFIG_SND_SEQ_UMP is not set +CONFIG_SND_DRIVERS=y +# CONFIG_SND_PCSP is not set +# CONFIG_SND_DUMMY is not set +# CONFIG_SND_ALOOP is not set +# CONFIG_SND_PCMTEST is not set +# CONFIG_SND_VIRMIDI is not set +# CONFIG_SND_MTPAV is not set +# CONFIG_SND_SERIAL_U16550 is not set +# CONFIG_SND_MPU401 is not set +CONFIG_SND_PCI=y +# CONFIG_SND_AD1889 is not set +# CONFIG_SND_ALS300 is not set +# CONFIG_SND_ALS4000 is not set +# CONFIG_SND_ALI5451 is not set +# CONFIG_SND_ASIHPI is not set +# CONFIG_SND_ATIIXP is not set +# CONFIG_SND_ATIIXP_MODEM is not set +# CONFIG_SND_AU8810 is not set +# CONFIG_SND_AU8820 is not set +# CONFIG_SND_AU8830 is not set +# CONFIG_SND_AW2 is not set +# CONFIG_SND_AZT3328 is not set +# CONFIG_SND_BT87X is not set +# CONFIG_SND_CA0106 is not set +# CONFIG_SND_CMIPCI is not set +# CONFIG_SND_OXYGEN is not set +# CONFIG_SND_CS4281 is not set +# CONFIG_SND_CS46XX is not set +# CONFIG_SND_CTXFI is not set +# CONFIG_SND_DARLA20 is not set +# CONFIG_SND_GINA20 is not set +# CONFIG_SND_LAYLA20 is not set +# CONFIG_SND_DARLA24 is not set +# CONFIG_SND_GINA24 is not set +# CONFIG_SND_LAYLA24 is not set +# CONFIG_SND_MONA is not set +# CONFIG_SND_MIA is not set +# CONFIG_SND_ECHO3G is not set +# CONFIG_SND_INDIGO is not set +# CONFIG_SND_INDIGOIO is not set +# CONFIG_SND_INDIGODJ is not set +# CONFIG_SND_INDIGOIOX is not set +# CONFIG_SND_INDIGODJX is not set +# CONFIG_SND_EMU10K1 is not set +# CONFIG_SND_EMU10K1X is not set +# CONFIG_SND_ENS1370 is not set +# CONFIG_SND_ENS1371 is not set +# CONFIG_SND_ES1938 is not set +# CONFIG_SND_ES1968 is not set +# CONFIG_SND_FM801 is not set +# CONFIG_SND_HDSP is not set +# CONFIG_SND_HDSPM is not set +# CONFIG_SND_ICE1712 is not set +# CONFIG_SND_ICE1724 is not set +# CONFIG_SND_INTEL8X0 is not set +# CONFIG_SND_INTEL8X0M is not set +# CONFIG_SND_KORG1212 is not set +# CONFIG_SND_LOLA is not set +# CONFIG_SND_LX6464ES is not set +# CONFIG_SND_MAESTRO3 is not set +# CONFIG_SND_MIXART is not set +# CONFIG_SND_NM256 is not set +# CONFIG_SND_PCXHR is not set +# CONFIG_SND_RIPTIDE is not set +# CONFIG_SND_RME32 is not set +# CONFIG_SND_RME96 is not set +# CONFIG_SND_RME9652 is not set +# CONFIG_SND_SE6X is not set +# CONFIG_SND_SONICVIBES is not set +# CONFIG_SND_TRIDENT is not set +# CONFIG_SND_VIA82XX is not set +# CONFIG_SND_VIA82XX_MODEM is not set +# CONFIG_SND_VIRTUOSO is not set +# CONFIG_SND_VX222 is not set +# CONFIG_SND_YMFPCI is not set + +# +# HD-Audio +# +CONFIG_SND_HDA=y +CONFIG_SND_HDA_INTEL=y +CONFIG_SND_HDA_HWDEP=y +# CONFIG_SND_HDA_RECONFIG is not set +# CONFIG_SND_HDA_INPUT_BEEP is not set +# CONFIG_SND_HDA_PATCH_LOADER is not set +# CONFIG_SND_HDA_CODEC_REALTEK is not set +# CONFIG_SND_HDA_CODEC_ANALOG is not set +# CONFIG_SND_HDA_CODEC_SIGMATEL is not set +# CONFIG_SND_HDA_CODEC_VIA is not set +# CONFIG_SND_HDA_CODEC_HDMI is not set +# CONFIG_SND_HDA_CODEC_CIRRUS is not set +# CONFIG_SND_HDA_CODEC_CS8409 is not set +# CONFIG_SND_HDA_CODEC_CONEXANT is not set +# CONFIG_SND_HDA_CODEC_CA0110 is not set +# CONFIG_SND_HDA_CODEC_CA0132 is not set +# CONFIG_SND_HDA_CODEC_CMEDIA is not set +# CONFIG_SND_HDA_CODEC_SI3054 is not set +# CONFIG_SND_HDA_GENERIC is not set +CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 +# CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set +# CONFIG_SND_HDA_CTL_DEV_ID is not set +# end of HD-Audio + +CONFIG_SND_HDA_CORE=y +CONFIG_SND_HDA_COMPONENT=y +CONFIG_SND_HDA_I915=y +CONFIG_SND_HDA_PREALLOC_SIZE=0 +CONFIG_SND_INTEL_NHLT=y +CONFIG_SND_INTEL_DSP_CONFIG=y +CONFIG_SND_INTEL_SOUNDWIRE_ACPI=y +CONFIG_SND_USB=y +# CONFIG_SND_USB_AUDIO is not set +# CONFIG_SND_USB_UA101 is not set +# CONFIG_SND_USB_USX2Y is not set +# CONFIG_SND_USB_CAIAQ is not set +# CONFIG_SND_USB_US122L is not set +# CONFIG_SND_USB_6FIRE is not set +# CONFIG_SND_USB_HIFACE is not set +# CONFIG_SND_BCD2000 is not set +# CONFIG_SND_USB_POD is not set +# CONFIG_SND_USB_PODHD is not set +# CONFIG_SND_USB_TONEPORT is not set +# CONFIG_SND_USB_VARIAX is not set +CONFIG_SND_PCMCIA=y +# CONFIG_SND_VXPOCKET is not set +# CONFIG_SND_PDAUDIOCF is not set +# CONFIG_SND_SOC is not set +CONFIG_SND_X86=y +# CONFIG_HDMI_LPE_AUDIO is not set +# CONFIG_SND_VIRTIO is not set +CONFIG_HID_SUPPORT=y +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +CONFIG_HIDRAW=y +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=y +# CONFIG_HID_ACCUTOUCH is not set +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=y +# CONFIG_HID_APPLEIR is not set +# CONFIG_HID_ASUS is not set +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=y +# CONFIG_HID_BETOP_FF is not set +# CONFIG_HID_BIGBEN_FF is not set +CONFIG_HID_CHERRY=y +CONFIG_HID_CHICONY=y +# CONFIG_HID_CORSAIR is not set +# CONFIG_HID_COUGAR is not set +# CONFIG_HID_MACALLY is not set +# CONFIG_HID_PRODIKEYS is not set +# CONFIG_HID_CMEDIA is not set +# CONFIG_HID_CREATIVE_SB0540 is not set +CONFIG_HID_CYPRESS=y +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELAN is not set +# CONFIG_HID_ELECOM is not set +# CONFIG_HID_ELO is not set +# CONFIG_HID_EVISION is not set +CONFIG_HID_EZKEY=y +# CONFIG_HID_FT260 is not set +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_GLORIOUS is not set +# CONFIG_HID_HOLTEK is not set +# CONFIG_HID_VIVALDI is not set +# CONFIG_HID_GT683R is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_UCLOGIC is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_VIEWSONIC is not set +# CONFIG_HID_VRC2 is not set +# CONFIG_HID_XIAOMI is not set +CONFIG_HID_GYRATION=y +# CONFIG_HID_ICADE is not set +CONFIG_HID_ITE=y +# CONFIG_HID_JABRA is not set +# CONFIG_HID_TWINHAN is not set +CONFIG_HID_KENSINGTON=y +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LED is not set +# CONFIG_HID_LENOVO is not set +# CONFIG_HID_LETSKETCH is not set +CONFIG_HID_LOGITECH=y +# CONFIG_HID_LOGITECH_DJ is not set +# CONFIG_HID_LOGITECH_HIDPP is not set +CONFIG_LOGITECH_FF=y +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +CONFIG_LOGIWHEELS_FF=y +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MALTRON is not set +# CONFIG_HID_MAYFLASH is not set +# CONFIG_HID_MEGAWORLD_FF is not set +CONFIG_HID_REDRAGON=y +CONFIG_HID_MICROSOFT=y +CONFIG_HID_MONTEREY=y +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NINTENDO is not set +# CONFIG_HID_NTI is not set +CONFIG_HID_NTRIG=y +# CONFIG_HID_ORTEK is not set +CONFIG_HID_PANTHERLORD=y +CONFIG_PANTHERLORD_FF=y +# CONFIG_HID_PENMOUNT is not set +CONFIG_HID_PETALYNX=y +# CONFIG_HID_PICOLCD is not set +# CONFIG_HID_PLANTRONICS is not set +# CONFIG_HID_PXRC is not set +# CONFIG_HID_RAZER is not set +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_RETRODE is not set +# CONFIG_HID_ROCCAT is not set +# CONFIG_HID_SAITEK is not set +CONFIG_HID_SAMSUNG=y +# CONFIG_HID_SEMITEK is not set +# CONFIG_HID_SIGMAMICRO is not set +CONFIG_HID_SONY=y +# CONFIG_SONY_FF is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set +# CONFIG_HID_STEELSERIES is not set +CONFIG_HID_SUNPLUS=y +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +CONFIG_HID_TOPSEED=y +# CONFIG_HID_TOPRE is not set +# CONFIG_HID_THINGM is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_U2FZERO is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_WIIMOTE is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set +# CONFIG_HID_MCP2221 is not set +# end of Special HID drivers + +# +# HID-BPF support +# +# end of HID-BPF support + +# +# USB HID support +# +CONFIG_USB_HID=y +CONFIG_HID_PID=y +CONFIG_USB_HIDDEV=y +# end of USB HID support + +CONFIG_I2C_HID=y +# CONFIG_I2C_HID_ACPI is not set +# CONFIG_I2C_HID_OF is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +# end of Intel ISH HID support + +# +# AMD SFH HID Support +# +# CONFIG_AMD_SFH_HID is not set +# end of AMD SFH HID Support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_COMMON=y +# CONFIG_USB_LED_TRIG is not set +# CONFIG_USB_ULPI_BUS is not set +CONFIG_USB_ARCH_HAS_HCD=y +CONFIG_USB=y +CONFIG_USB_PCI=y +CONFIG_USB_ANNOUNCE_NEW_DEVICES=y + +# +# Miscellaneous USB options +# +CONFIG_USB_DEFAULT_PERSIST=y +# CONFIG_USB_FEW_INIT_RETRIES is not set +# CONFIG_USB_DYNAMIC_MINORS is not set +# CONFIG_USB_OTG is not set +# CONFIG_USB_OTG_PRODUCTLIST is not set +# CONFIG_USB_LEDS_TRIGGER_USBPORT is not set +CONFIG_USB_AUTOSUSPEND_DELAY=2 +CONFIG_USB_MON=y + +# +# USB Host Controller Drivers +# +# CONFIG_USB_C67X00_HCD is not set +CONFIG_USB_XHCI_HCD=y +# CONFIG_USB_XHCI_DBGCAP is not set +CONFIG_USB_XHCI_PCI=y +# CONFIG_USB_XHCI_PCI_RENESAS is not set +# CONFIG_USB_XHCI_PLATFORM is not set +CONFIG_USB_EHCI_HCD=y +# CONFIG_USB_EHCI_ROOT_HUB_TT is not set +CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_EHCI_PCI=y +# CONFIG_USB_EHCI_FSL is not set +# CONFIG_USB_EHCI_HCD_PLATFORM is not set +# CONFIG_USB_OXU210HP_HCD is not set +# CONFIG_USB_ISP116X_HCD is not set +CONFIG_USB_OHCI_HCD=y +CONFIG_USB_OHCI_HCD_PCI=y +# CONFIG_USB_OHCI_HCD_PLATFORM is not set +CONFIG_USB_UHCI_HCD=y +# CONFIG_USB_SL811_HCD is not set +# CONFIG_USB_R8A66597_HCD is not set +# CONFIG_USB_HCD_TEST_MODE is not set + +# +# USB Device Class drivers +# +# CONFIG_USB_ACM is not set +CONFIG_USB_PRINTER=y +# CONFIG_USB_WDM is not set +# CONFIG_USB_TMC is not set + +# +# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may +# + +# +# also be needed; see USB_STORAGE Help for more info +# +CONFIG_USB_STORAGE=y +# CONFIG_USB_STORAGE_DEBUG is not set +# CONFIG_USB_STORAGE_REALTEK is not set +# CONFIG_USB_STORAGE_DATAFAB is not set +# CONFIG_USB_STORAGE_FREECOM is not set +# CONFIG_USB_STORAGE_ISD200 is not set +# CONFIG_USB_STORAGE_USBAT is not set +# CONFIG_USB_STORAGE_SDDR09 is not set +# CONFIG_USB_STORAGE_SDDR55 is not set +# CONFIG_USB_STORAGE_JUMPSHOT is not set +# CONFIG_USB_STORAGE_ALAUDA is not set +# CONFIG_USB_STORAGE_ONETOUCH is not set +# CONFIG_USB_STORAGE_KARMA is not set +# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set +# CONFIG_USB_STORAGE_ENE_UB6250 is not set +# CONFIG_USB_UAS is not set + +# +# USB Imaging devices +# +# CONFIG_USB_MDC800 is not set +# CONFIG_USB_MICROTEK is not set +# CONFIG_USBIP_CORE is not set + +# +# USB dual-mode controller drivers +# +# CONFIG_USB_CDNS_SUPPORT is not set +# CONFIG_USB_MUSB_HDRC is not set +# CONFIG_USB_DWC3 is not set +# CONFIG_USB_DWC2 is not set +# CONFIG_USB_CHIPIDEA is not set +# CONFIG_USB_ISP1760 is not set + +# +# USB port drivers +# +# CONFIG_USB_SERIAL is not set + +# +# USB Miscellaneous drivers +# +# CONFIG_USB_EMI62 is not set +# CONFIG_USB_EMI26 is not set +# CONFIG_USB_ADUTUX is not set +# CONFIG_USB_SEVSEG is not set +# CONFIG_USB_LEGOTOWER is not set +# CONFIG_USB_LCD is not set +# CONFIG_USB_CYPRESS_CY7C63 is not set +# CONFIG_USB_CYTHERM is not set +# CONFIG_USB_IDMOUSE is not set +# CONFIG_USB_APPLEDISPLAY is not set +# CONFIG_APPLE_MFI_FASTCHARGE is not set +# CONFIG_USB_SISUSBVGA is not set +# CONFIG_USB_LD is not set +# CONFIG_USB_TRANCEVIBRATOR is not set +# CONFIG_USB_IOWARRIOR is not set +# CONFIG_USB_TEST is not set +# CONFIG_USB_EHSET_TEST_FIXTURE is not set +# CONFIG_USB_ISIGHTFW is not set +# CONFIG_USB_YUREX is not set +# CONFIG_USB_EZUSB_FX2 is not set +# CONFIG_USB_HUB_USB251XB is not set +# CONFIG_USB_HSIC_USB3503 is not set +# CONFIG_USB_HSIC_USB4604 is not set +# CONFIG_USB_LINK_LAYER_TEST is not set +# CONFIG_USB_CHAOSKEY is not set + +# +# USB Physical Layer drivers +# +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_ISP1301 is not set +# end of USB Physical Layer drivers + +# CONFIG_USB_GADGET is not set +# CONFIG_TYPEC is not set +# CONFIG_USB_ROLE_SWITCH is not set +# CONFIG_MMC is not set +# CONFIG_SCSI_UFSHCD is not set +# CONFIG_MEMSTICK is not set +CONFIG_NEW_LEDS=y +CONFIG_LEDS_CLASS=y +# CONFIG_LEDS_CLASS_FLASH is not set +# CONFIG_LEDS_CLASS_MULTICOLOR is not set +# CONFIG_LEDS_BRIGHTNESS_HW_CHANGED is not set + +# +# LED drivers +# +# CONFIG_LEDS_APU is not set +# CONFIG_LEDS_AW200XX is not set +# CONFIG_LEDS_LM3530 is not set +# CONFIG_LEDS_LM3532 is not set +# CONFIG_LEDS_LM3642 is not set +# CONFIG_LEDS_PCA9532 is not set +# CONFIG_LEDS_LP3944 is not set +# CONFIG_LEDS_PCA955X is not set +# CONFIG_LEDS_PCA963X is not set +# CONFIG_LEDS_BD2606MVV is not set +# CONFIG_LEDS_BD2802 is not set +# CONFIG_LEDS_INTEL_SS4200 is not set +# CONFIG_LEDS_TCA6507 is not set +# CONFIG_LEDS_TLC591XX is not set +# CONFIG_LEDS_LM355x is not set +# CONFIG_LEDS_IS31FL319X is not set + +# +# LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM) +# +# CONFIG_LEDS_BLINKM is not set +# CONFIG_LEDS_MLXCPLD is not set +# CONFIG_LEDS_MLXREG is not set +# CONFIG_LEDS_USER is not set +# CONFIG_LEDS_NIC78BX is not set + +# +# Flash and Torch LED drivers +# + +# +# RGB LED drivers +# + +# +# LED Triggers +# +CONFIG_LEDS_TRIGGERS=y +# CONFIG_LEDS_TRIGGER_TIMER is not set +# CONFIG_LEDS_TRIGGER_ONESHOT is not set +# CONFIG_LEDS_TRIGGER_DISK is not set +# CONFIG_LEDS_TRIGGER_HEARTBEAT is not set +# CONFIG_LEDS_TRIGGER_BACKLIGHT is not set +# CONFIG_LEDS_TRIGGER_CPU is not set +# CONFIG_LEDS_TRIGGER_ACTIVITY is not set +# CONFIG_LEDS_TRIGGER_DEFAULT_ON is not set + +# +# iptables trigger is under Netfilter config (LED target) +# +# CONFIG_LEDS_TRIGGER_TRANSIENT is not set +# CONFIG_LEDS_TRIGGER_CAMERA is not set +# CONFIG_LEDS_TRIGGER_PANIC is not set +# CONFIG_LEDS_TRIGGER_NETDEV is not set +# CONFIG_LEDS_TRIGGER_PATTERN is not set +# CONFIG_LEDS_TRIGGER_AUDIO is not set +# CONFIG_LEDS_TRIGGER_TTY is not set + +# +# Simple LED drivers +# +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +CONFIG_RTC_CLASS=y +# CONFIG_RTC_HCTOSYS is not set +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set +CONFIG_RTC_NVMEM=y + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set + +# +# I2C RTC drivers +# +# CONFIG_RTC_DRV_ABB5ZES3 is not set +# CONFIG_RTC_DRV_ABEOZ9 is not set +# CONFIG_RTC_DRV_ABX80X is not set +# CONFIG_RTC_DRV_DS1307 is not set +# CONFIG_RTC_DRV_DS1374 is not set +# CONFIG_RTC_DRV_DS1672 is not set +# CONFIG_RTC_DRV_MAX6900 is not set +# CONFIG_RTC_DRV_RS5C372 is not set +# CONFIG_RTC_DRV_ISL1208 is not set +# CONFIG_RTC_DRV_ISL12022 is not set +# CONFIG_RTC_DRV_X1205 is not set +# CONFIG_RTC_DRV_PCF8523 is not set +# CONFIG_RTC_DRV_PCF85063 is not set +# CONFIG_RTC_DRV_PCF85363 is not set +# CONFIG_RTC_DRV_PCF8563 is not set +# CONFIG_RTC_DRV_PCF8583 is not set +# CONFIG_RTC_DRV_M41T80 is not set +# CONFIG_RTC_DRV_BQ32K is not set +# CONFIG_RTC_DRV_S35390A is not set +# CONFIG_RTC_DRV_FM3130 is not set +# CONFIG_RTC_DRV_RX8010 is not set +# CONFIG_RTC_DRV_RX8581 is not set +# CONFIG_RTC_DRV_RX8025 is not set +# CONFIG_RTC_DRV_EM3027 is not set +# CONFIG_RTC_DRV_RV3028 is not set +# CONFIG_RTC_DRV_RV3032 is not set +# CONFIG_RTC_DRV_RV8803 is not set +# CONFIG_RTC_DRV_SD3078 is not set + +# +# SPI RTC drivers +# +CONFIG_RTC_I2C_AND_SPI=y + +# +# SPI and I2C RTC drivers +# +# CONFIG_RTC_DRV_DS3232 is not set +# CONFIG_RTC_DRV_PCF2127 is not set +# CONFIG_RTC_DRV_RV3029C2 is not set +# CONFIG_RTC_DRV_RX6110 is not set + +# +# Platform RTC drivers +# +CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1685_FAMILY is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_DS2404 is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_MSM6242 is not set +# CONFIG_RTC_DRV_BQ4802 is not set +# CONFIG_RTC_DRV_RP5C01 is not set + +# +# on-CPU RTC drivers +# +# CONFIG_RTC_DRV_FTRTC010 is not set + +# +# HID Sensor RTC drivers +# +# CONFIG_RTC_DRV_GOLDFISH is not set +CONFIG_DMADEVICES=y +# CONFIG_DMADEVICES_DEBUG is not set + +# +# DMA Devices +# +CONFIG_DMA_ENGINE=y +CONFIG_DMA_VIRTUAL_CHANNELS=y +CONFIG_DMA_ACPI=y +# CONFIG_ALTERA_MSGDMA is not set +# CONFIG_INTEL_IDMA64 is not set +# CONFIG_INTEL_IDXD is not set +# CONFIG_INTEL_IDXD_COMPAT is not set +# CONFIG_INTEL_IOATDMA is not set +# CONFIG_PLX_DMA is not set +# CONFIG_XILINX_XDMA is not set +# CONFIG_AMD_PTDMA is not set +# CONFIG_QCOM_HIDMA_MGMT is not set +# CONFIG_QCOM_HIDMA is not set +CONFIG_DW_DMAC_CORE=y +# CONFIG_DW_DMAC is not set +# CONFIG_DW_DMAC_PCI is not set +# CONFIG_DW_EDMA is not set +CONFIG_HSU_DMA=y +# CONFIG_SF_PDMA is not set +# CONFIG_INTEL_LDMA is not set + +# +# DMA Clients +# +# CONFIG_ASYNC_TX_DMA is not set +# CONFIG_DMATEST is not set + +# +# DMABUF options +# +CONFIG_SYNC_FILE=y +# CONFIG_SW_SYNC is not set +# CONFIG_UDMABUF is not set +# CONFIG_DMABUF_MOVE_NOTIFY is not set +# CONFIG_DMABUF_DEBUG is not set +# CONFIG_DMABUF_SELFTESTS is not set +# CONFIG_DMABUF_HEAPS is not set +# CONFIG_DMABUF_SYSFS_STATS is not set +# end of DMABUF options + +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VFIO is not set +# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRTIO_ANCHOR=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_PCI_LIB_LEGACY=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +# CONFIG_VIRTIO_BALLOON is not set +CONFIG_VIRTIO_INPUT=y +# CONFIG_VIRTIO_MMIO is not set +CONFIG_VIRTIO_DMA_SHARED_BUFFER=y +# CONFIG_VDPA is not set +CONFIG_VHOST_MENU=y +# CONFIG_VHOST_NET is not set +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_HYPERV is not set +# end of Microsoft Hyper-V guest support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +CONFIG_SURFACE_PLATFORMS=y +# CONFIG_SURFACE_3_POWER_OPREGION is not set +# CONFIG_SURFACE_GPE is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +CONFIG_X86_PLATFORM_DEVICES=y +CONFIG_ACPI_WMI=y +CONFIG_WMI_BMOF=y +# CONFIG_HUAWEI_WMI is not set +# CONFIG_MXM_WMI is not set +# CONFIG_NVIDIA_WMI_EC_BACKLIGHT is not set +# CONFIG_XIAOMI_WMI is not set +# CONFIG_GIGABYTE_WMI is not set +# CONFIG_YOGABOOK is not set +# CONFIG_ACERHDF is not set +# CONFIG_ACER_WIRELESS is not set +# CONFIG_ACER_WMI is not set +# CONFIG_AMD_PMF is not set +# CONFIG_AMD_PMC is not set +# CONFIG_AMD_HSMP is not set +# CONFIG_ADV_SWBUTTON is not set +# CONFIG_APPLE_GMUX is not set +# CONFIG_ASUS_LAPTOP is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ASUS_WMI is not set +CONFIG_EEEPC_LAPTOP=y +# CONFIG_X86_PLATFORM_DRIVERS_DELL is not set +# CONFIG_AMILO_RFKILL is not set +# CONFIG_FUJITSU_LAPTOP is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_GPD_POCKET_FAN is not set +# CONFIG_X86_PLATFORM_DRIVERS_HP is not set +# CONFIG_WIRELESS_HOTKEY is not set +# CONFIG_IBM_RTL is not set +# CONFIG_IDEAPAD_LAPTOP is not set +# CONFIG_LENOVO_YMC is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_THINKPAD_ACPI is not set +# CONFIG_THINKPAD_LMI is not set +# CONFIG_INTEL_ATOMISP2_PM is not set +# CONFIG_INTEL_IFS is not set +# CONFIG_INTEL_SAR_INT1092 is not set +# CONFIG_INTEL_PMC_CORE is not set + +# +# Intel Speed Select Technology interface support +# +# CONFIG_INTEL_SPEED_SELECT_INTERFACE is not set +# end of Intel Speed Select Technology interface support + +# CONFIG_INTEL_WMI_SBL_FW_UPDATE is not set +# CONFIG_INTEL_WMI_THUNDERBOLT is not set + +# +# Intel Uncore Frequency Control +# +# CONFIG_INTEL_UNCORE_FREQ_CONTROL is not set +# end of Intel Uncore Frequency Control + +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_OAKTRAIL is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_INTEL_TURBO_MAX_3 is not set +# CONFIG_INTEL_VSEC is not set +# CONFIG_MSI_EC is not set +# CONFIG_MSI_LAPTOP is not set +# CONFIG_MSI_WMI is not set +# CONFIG_SAMSUNG_LAPTOP is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_TOSHIBA_WMI is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_COMPAL_LAPTOP is not set +# CONFIG_LG_LAPTOP is not set +# CONFIG_PANASONIC_LAPTOP is not set +# CONFIG_SONY_LAPTOP is not set +# CONFIG_SYSTEM76_ACPI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_MLX_PLATFORM is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_SCU_PCI is not set +# CONFIG_INTEL_SCU_PLATFORM is not set +# CONFIG_SIEMENS_SIMATIC_IPC is not set +# CONFIG_WINMATE_FM07_KEYS is not set +CONFIG_P2SB=y +# CONFIG_COMMON_CLK is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# end of Clock Source drivers + +CONFIG_MAILBOX=y +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set +CONFIG_IOMMU_IOVA=y +CONFIG_IOMMU_API=y +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +CONFIG_IOMMU_IO_PGTABLE=y +# end of Generic IOMMU Pagetable Support + +# CONFIG_IOMMU_DEBUGFS is not set +# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set +CONFIG_IOMMU_DEFAULT_DMA_LAZY=y +# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set +CONFIG_IOMMU_DMA=y +CONFIG_AMD_IOMMU=y +# CONFIG_AMD_IOMMU_V2 is not set +CONFIG_DMAR_TABLE=y +CONFIG_INTEL_IOMMU=y +# CONFIG_INTEL_IOMMU_SVM is not set +# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set +CONFIG_INTEL_IOMMU_FLOPPY_WA=y +CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y +CONFIG_INTEL_IOMMU_PERF_EVENTS=y +# CONFIG_IOMMUFD is not set +# CONFIG_IRQ_REMAP is not set +# CONFIG_VIRTIO_IOMMU is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# fujitsu SoC drivers +# +# end of fujitsu SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# end of Enable LiteX SoC Builder specific drivers + +# CONFIG_WPCM450_SOC is not set + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_USB_LGM_PHY is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set + +# +# PHY drivers for Broadcom platforms +# +# CONFIG_BCM_KONA_USB2_PHY is not set +# end of PHY drivers for Broadcom platforms + +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_PHY_INTEL_LGM_EMMC is not set +# end of PHY Subsystem + +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# end of Performance monitor support + +# CONFIG_RAS is not set +# CONFIG_USB4 is not set + +# +# Android +# +# CONFIG_ANDROID_BINDER_IPC is not set +# end of Android + +# CONFIG_LIBNVDIMM is not set +# CONFIG_DAX is not set +CONFIG_NVMEM=y +CONFIG_NVMEM_SYSFS=y + +# +# Layout Types +# +# CONFIG_NVMEM_LAYOUT_SL28_VPD is not set +# CONFIG_NVMEM_LAYOUT_ONIE_TLV is not set +# end of Layout Types + +# CONFIG_NVMEM_RMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_TEE is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# CONFIG_PECI is not set +# CONFIG_HTE is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y +CONFIG_LEGACY_DIRECT_IO=y +# CONFIG_EXT2_FS is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_USE_FOR_EXT2=y +CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_EXT4_FS_SECURITY=y +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +# CONFIG_FS_VERITY is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +# CONFIG_FANOTIFY is not set +CONFIG_QUOTA=y +CONFIG_QUOTA_NETLINK_INTERFACE=y +# CONFIG_QUOTA_DEBUG is not set +CONFIG_QUOTA_TREE=y +# CONFIG_QFMT_V1 is not set +CONFIG_QFMT_V2=y +CONFIG_QUOTACTL=y +CONFIG_AUTOFS_FS=y +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +CONFIG_NETFS_SUPPORT=y +# CONFIG_NETFS_STATS is not set +# CONFIG_FSCACHE is not set +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +CONFIG_ZISOFS=y +# CONFIG_UDF_FS is not set +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/EXFAT/NT Filesystems +# +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" +# CONFIG_FAT_DEFAULT_UTF8 is not set +# CONFIG_EXFAT_FS is not set +# CONFIG_NTFS_FS is not set +# CONFIG_NTFS3_FS is not set +# end of DOS/FAT/EXFAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_VMCORE=y +# CONFIG_PROC_VMCORE_DEVICE_DUMP is not set +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_PROC_PID_ARCH_STATUS=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_XATTR=y +# CONFIG_TMPFS_INODE64 is not set +CONFIG_HUGETLBFS=y +CONFIG_HUGETLB_PAGE=y +CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set +CONFIG_MEMFD_CREATE=y +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +# CONFIG_CONFIGFS_FS is not set +CONFIG_EFIVAR_FS=m +# end of Pseudo filesystems + +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_ECRYPT_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +# CONFIG_CRAMFS is not set +# CONFIG_SQUASHFS is not set +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +# CONFIG_PSTORE is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +# CONFIG_EROFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +CONFIG_NFS_FS=y +CONFIG_NFS_V2=y +CONFIG_NFS_V3=y +CONFIG_NFS_V3_ACL=y +CONFIG_NFS_V4=y +# CONFIG_NFS_SWAP is not set +# CONFIG_NFS_V4_1 is not set +CONFIG_ROOT_NFS=y +# CONFIG_NFS_USE_LEGACY_DNS is not set +CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DISABLE_UDP_SUPPORT=y +# CONFIG_NFSD is not set +CONFIG_GRACE_PERIOD=y +CONFIG_LOCKD=y +CONFIG_LOCKD_V4=y +CONFIG_NFS_ACL_SUPPORT=y +CONFIG_NFS_COMMON=y +CONFIG_SUNRPC=y +CONFIG_SUNRPC_GSS=y +CONFIG_RPCSEC_GSS_KRB5=y +# CONFIG_SUNRPC_DEBUG is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_SMB_SERVER is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +# CONFIG_9P_FS_POSIX_ACL is not set +# CONFIG_9P_FS_SECURITY is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +CONFIG_NLS_ASCII=y +CONFIG_NLS_ISO8859_1=y +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +CONFIG_NLS_UTF8=y +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_KEYS_REQUEST_CACHE is not set +# CONFIG_PERSISTENT_KEYRINGS is not set +# CONFIG_TRUSTED_KEYS is not set +# CONFIG_ENCRYPTED_KEYS is not set +# CONFIG_KEY_DH_OPERATIONS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_SECURITY=y +# CONFIG_SECURITYFS is not set +CONFIG_SECURITY_NETWORK=y +# CONFIG_SECURITY_NETWORK_XFRM is not set +# CONFIG_SECURITY_PATH is not set +# CONFIG_INTEL_TXT is not set +CONFIG_LSM_MMAP_MIN_ADDR=65536 +# CONFIG_HARDENED_USERCOPY is not set +# CONFIG_FORTIFY_SOURCE is not set +# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 +CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 +# CONFIG_SECURITY_SMACK is not set +# CONFIG_SECURITY_TOMOYO is not set +# CONFIG_SECURITY_APPARMOR is not set +# CONFIG_SECURITY_LOADPIN is not set +# CONFIG_SECURITY_YAMA is not set +# CONFIG_SECURITY_SAFESETID is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set +# CONFIG_SECURITY_LANDLOCK is not set +CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY_SIGNATURE is not set +CONFIG_INTEGRITY_AUDIT=y +# CONFIG_IMA is not set +# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +# CONFIG_EVM is not set +CONFIG_DEFAULT_SECURITY_SELINUX=y +# CONFIG_DEFAULT_SECURITY_DAC is not set +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_INIT_STACK_NONE=y +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y +# CONFIG_ZERO_CALL_USED_REGS is not set +# end of Memory initialization + +CONFIG_RANDSTRUCT_NONE=y +# end of Kernel hardening options +# end of Security options + +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SIG2=y +CONFIG_CRYPTO_SKCIPHER=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +# CONFIG_CRYPTO_USER is not set +# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set +CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_PCRYPT is not set +# CONFIG_CRYPTO_CRYPTD is not set +CONFIG_CRYPTO_AUTHENC=y +CONFIG_CRYPTO_TEST=m +# end of Crypto core or helper + +# +# Public-key cryptography +# +CONFIG_CRYPTO_RSA=y +CONFIG_CRYPTO_RSA_HACL=y +# CONFIG_CRYPTO_DH is not set +CONFIG_CRYPTO_ECC=y +# CONFIG_CRYPTO_ECDH is not set +CONFIG_CRYPTO_ECDSA=y +# CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_SM2 is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# end of Public-key cryptography + +# +# Block ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_ARIA is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +# CONFIG_CRYPTO_DES is not set +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4_GENERIC is not set +# CONFIG_CRYPTO_TWOFISH is not set +# end of Block ciphers + +# +# Length-preserving ciphers and modes +# +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_CHACHA20 is not set +CONFIG_CRYPTO_CBC=y +# CONFIG_CRYPTO_CFB is not set +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +# CONFIG_CRYPTO_ECB is not set +# CONFIG_CRYPTO_HCTR2 is not set +# CONFIG_CRYPTO_KEYWRAP is not set +# CONFIG_CRYPTO_LRW is not set +# CONFIG_CRYPTO_OFB is not set +# CONFIG_CRYPTO_PCBC is not set +# CONFIG_CRYPTO_XTS is not set +# end of Length-preserving ciphers and modes + +# +# AEAD (authenticated encryption with associated data) ciphers +# +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_CCM=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_GENIV=y +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=y +# CONFIG_CRYPTO_ESSIV is not set +# end of AEAD (authenticated encryption with associated data) ciphers + +# +# Hashes, digests, and MACs +# +CONFIG_CRYPTO_BLAKE2B=y +CONFIG_CRYPTO_CMAC=y +CONFIG_CRYPTO_GHASH=y +CONFIG_CRYPTO_HMAC=y +# CONFIG_CRYPTO_MD4 is not set +CONFIG_CRYPTO_MD5=y +# CONFIG_CRYPTO_MICHAEL_MIC is not set +# CONFIG_CRYPTO_POLY1305 is not set +# CONFIG_CRYPTO_RMD160 is not set +# CONFIG_CRYPTO_SHA1 is not set +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA2_HACL=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=y +CONFIG_CRYPTO_SHA3_HACL=y +# CONFIG_CRYPTO_SM3_GENERIC is not set +# CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_VMAC is not set +# CONFIG_CRYPTO_WP512 is not set +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_XXHASH is not set +# end of Hashes, digests, and MACs + +# +# CRCs (cyclic redundancy checks) +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRCT10DIF is not set +# end of CRCs (cyclic redundancy checks) + +# +# Compression +# +# CONFIG_CRYPTO_DEFLATE is not set +# CONFIG_CRYPTO_LZO is not set +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set +# end of Compression + +# +# Random number generation +# +# CONFIG_CRYPTO_ANSI_CPRNG is not set +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +# CONFIG_CRYPTO_DRBG_HASH is not set +# CONFIG_CRYPTO_DRBG_CTR is not set +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +# CONFIG_CRYPTO_JITTERENTROPY_TESTINTERFACE is not set +# end of Random number generation + +# +# Userspace interface +# +# CONFIG_CRYPTO_USER_API_HASH is not set +# CONFIG_CRYPTO_USER_API_SKCIPHER is not set +# CONFIG_CRYPTO_USER_API_RNG is not set +# CONFIG_CRYPTO_USER_API_AEAD is not set +# end of Userspace interface + +CONFIG_CRYPTO_HASH_INFO=y + +# +# Accelerated Cryptographic Algorithms for CPU (x86) +# +# CONFIG_CRYPTO_CURVE25519_X86 is not set +# CONFIG_CRYPTO_AES_NI_INTEL is not set +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set +# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_ARIA_GFNI_AVX512_X86_64 is not set +# CONFIG_CRYPTO_CHACHA20_X86_64 is not set +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +# CONFIG_CRYPTO_BLAKE2S_X86 is not set +# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set +# CONFIG_CRYPTO_POLY1305_X86_64 is not set +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# end of Accelerated Cryptographic Algorithms for CPU (x86) + +CONFIG_CRYPTO_HW=y +# CONFIG_CRYPTO_DEV_PADLOCK is not set +# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set +# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set +# CONFIG_CRYPTO_DEV_CCP is not set +# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set +# CONFIG_CRYPTO_DEV_QAT_C62X is not set +# CONFIG_CRYPTO_DEV_QAT_4XXX is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set +# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set +# CONFIG_CRYPTO_DEV_VIRTIO is not set +# CONFIG_CRYPTO_DEV_SAFEXCEL is not set +# CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set +CONFIG_ASYMMETRIC_KEY_TYPE=y +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y +CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_PKCS8_PRIVATE_KEY_PARSER=y +CONFIG_PKCS7_MESSAGE_PARSER=y +# CONFIG_PKCS7_TEST_KEY is not set +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set +# CONFIG_FIPS_SIGNATURE_SELFTEST is not set + +# +# Certificates for signature checking +# +CONFIG_SYSTEM_TRUSTED_KEYRING=y +CONFIG_SYSTEM_TRUSTED_KEYS="" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set +# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set +# end of Certificates for signature checking + +CONFIG_BINARY_PRINTF=y + +# +# Library routines +# +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +# CONFIG_CORDIC is not set +# CONFIG_PRIME_NUMBERS is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_UTILS=y +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_ARC4=y +CONFIG_CRYPTO_LIB_GF128MUL=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA1=y +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +# CONFIG_CRC_T10DIF is not set +# CONFIG_CRC64_ROCKSOFT is not set +# CONFIG_CRC_ITU_T is not set +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC64 is not set +# CONFIG_CRC4 is not set +# CONFIG_CRC7 is not set +# CONFIG_LIBCRC32C is not set +# CONFIG_CRC8 is not set +CONFIG_XXHASH=y +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +CONFIG_ZSTD_COMMON=y +CONFIG_ZSTD_DECOMPRESS=y +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +CONFIG_XZ_DEC_POWERPC=y +CONFIG_XZ_DEC_IA64=y +CONFIG_XZ_DEC_ARM=y +CONFIG_XZ_DEC_ARMTHUMB=y +CONFIG_XZ_DEC_SPARC=y +# CONFIG_XZ_DEC_MICROLZMA is not set +CONFIG_XZ_DEC_BCJ=y +# CONFIG_XZ_DEC_TEST is not set +CONFIG_DECOMPRESS_GZIP=y +CONFIG_DECOMPRESS_BZIP2=y +CONFIG_DECOMPRESS_LZMA=y +CONFIG_DECOMPRESS_XZ=y +CONFIG_DECOMPRESS_LZO=y +CONFIG_DECOMPRESS_LZ4=y +CONFIG_DECOMPRESS_ZSTD=y +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_INTERVAL_TREE=y +CONFIG_XARRAY_MULTI=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DMA_OPS=y +CONFIG_NEED_SG_DMA_FLAGS=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_SWIOTLB=y +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_DMA_MAP_BENCHMARK is not set +CONFIG_SGL_ALLOC=y +CONFIG_CHECK_SIGNATURE=y +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_GLOB=y +# CONFIG_GLOB_SELFTEST is not set +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +# CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y +CONFIG_OID_REGISTRY=y +CONFIG_UCS2_STRING=y +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_FONT_SUPPORT=y +CONFIG_FONT_8x16=y +CONFIG_FONT_AUTOSELECT=y +CONFIG_SG_POOL=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y +CONFIG_ARCH_STACKWALK=y +CONFIG_STACKDEPOT=y +CONFIG_SBITMAP=y +# end of Library routines + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set +# CONFIG_DYNAMIC_DEBUG is not set +# CONFIG_DYNAMIC_DEBUG_CORE is not set +CONFIG_SYMBOLIC_ERRNAME=y +CONFIG_DEBUG_BUGVERBOSE=y +# end of printk and dmesg options + +CONFIG_DEBUG_KERNEL=y +CONFIG_DEBUG_MISC=y + +# +# Compile-time checks and compiler options +# +CONFIG_AS_HAS_NON_CONST_LEB128=y +CONFIG_DEBUG_INFO_NONE=y +# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_DWARF5 is not set +CONFIG_FRAME_WARN=3417 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_HEADERS_INSTALL is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_OBJTOOL=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 +CONFIG_MAGIC_SYSRQ_SERIAL=y +CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_FS_ALLOW_ALL=y +# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set +# CONFIG_DEBUG_FS_ALLOW_NONE is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set +# end of Generic Kernel Debugging Instruments + +# +# Networking Debugging +# +# CONFIG_NET_DEV_REFCNT_TRACKER is not set +# CONFIG_NET_NS_REFCNT_TRACKER is not set +# CONFIG_DEBUG_NET is not set +# end of Networking Debugging + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_PAGE_TABLE_CHECK is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_PAGE_REF is not set +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +CONFIG_DEBUG_WX=y +CONFIG_GENERIC_PTDUMP=y +CONFIG_PTDUMP_CORE=y +# CONFIG_PTDUMP_DEBUGFS is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_PER_VMA_LOCK_STATS is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SHRINKER_DEBUG is not set +CONFIG_DEBUG_STACK_USAGE=y +# CONFIG_SCHED_STACK_END_CHECK is not set +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y +# CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP is not set +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +CONFIG_HAVE_ARCH_KMSAN=y +# end of Memory Debugging + +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Oops, Lockups and Hangs +# +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SOFTLOCKUP_DETECTOR is not set +CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y +# CONFIG_HARDLOCKUP_DETECTOR is not set +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_DETECT_HUNG_TASK is not set +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_WQ_CPU_INTENSIVE_REPORT is not set +# CONFIG_TEST_LOCKUP is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +# CONFIG_SCHED_DEBUG is not set +CONFIG_SCHED_INFO=y +CONFIG_SCHEDSTATS=y +# end of Scheduler Debugging + +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_DEBUG_PREEMPT is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_SCF_TORTURE_TEST is not set +# CONFIG_CSD_LOCK_WAIT_DEBUG is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_NMI_CHECK_CPU is not set +# CONFIG_DEBUG_IRQFLAGS is not set +CONFIG_STACKTRACE=y +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set + +# +# Debug kernel data structures +# +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PLIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# CONFIG_DEBUG_MAPLE_TREE is not set +# end of Debug kernel data structures + +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_RCU_SCALE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_REF_SCALE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=21 +CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +# CONFIG_RCU_CPU_STALL_CPUTIME is not set +CONFIG_RCU_TRACE=y +# CONFIG_RCU_EQS_DEBUG is not set +# end of RCU Debugging + +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +# CONFIG_LATENCYTOP is not set +# CONFIG_DEBUG_CGROUP_REF is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_NOP_TRACER=y +CONFIG_HAVE_RETHOOK=y +CONFIG_RETHOOK=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_OBJTOOL_NOP_MCOUNT=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y +CONFIG_TRACE_CLOCK=y +CONFIG_RING_BUFFER=y +CONFIG_EVENT_TRACING=y +CONFIG_CONTEXT_SWITCH_TRACER=y +CONFIG_TRACING=y +CONFIG_GENERIC_TRACER=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_BOOTTIME_TRACING is not set +# CONFIG_FUNCTION_TRACER is not set +# CONFIG_STACK_TRACER is not set +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_PREEMPT_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_HWLAT_TRACER is not set +# CONFIG_OSNOISE_TRACER is not set +# CONFIG_TIMERLAT_TRACER is not set +# CONFIG_MMIOTRACE is not set +# CONFIG_FTRACE_SYSCALLS is not set +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +# CONFIG_PROFILE_ALL_BRANCHES is not set +CONFIG_BLK_DEV_IO_TRACE=y +CONFIG_KPROBE_EVENTS=y +CONFIG_UPROBE_EVENTS=y +CONFIG_DYNAMIC_EVENTS=y +CONFIG_PROBE_EVENTS=y +# CONFIG_SYNTH_EVENTS is not set +# CONFIG_USER_EVENTS is not set +# CONFIG_HIST_TRIGGERS is not set +# CONFIG_TRACE_EVENT_INJECT is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set +# CONFIG_RING_BUFFER_BENCHMARK is not set +# CONFIG_TRACE_EVAL_MAP_FILE is not set +# CONFIG_FTRACE_STARTUP_TEST is not set +# CONFIG_RING_BUFFER_STARTUP_TEST is not set +# CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set +# CONFIG_PREEMPTIRQ_DELAY_TEST is not set +# CONFIG_KPROBE_EVENT_GEN_TEST is not set +# CONFIG_RV is not set +CONFIG_PROVIDE_OHCI1394_DMA_INIT=y +# CONFIG_SAMPLES is not set +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +CONFIG_STRICT_DEVMEM=y +# CONFIG_IO_STRICT_DEVMEM is not set + +# +# x86 Debugging +# +CONFIG_EARLY_PRINTK_USB=y +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +CONFIG_EARLY_PRINTK_DBGP=y +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_EFI_PGT_DUMP is not set +# CONFIG_DEBUG_TLBFLUSH is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +# CONFIG_X86_DECODER_SELFTEST is not set +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEBUG_BOOT_PARAMS=y +# CONFIG_CPA_DEBUG is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set +CONFIG_UNWINDER_ORC=y +# CONFIG_UNWINDER_FRAME_POINTER is not set +# end of x86 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FUNCTION_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_KCOV is not set +CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_TEST_DHRY is not set +# CONFIG_LKDTM is not set +# CONFIG_TEST_MIN_HEAP is not set +# CONFIG_TEST_DIV64 is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_TEST_REF_TRACKER is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_REED_SOLOMON_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_PERCPU_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_STRING_SELFTEST is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_SCANF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_TEST_MAPLE_TREE is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_IDA is not set +# CONFIG_TEST_LKM is not set +# CONFIG_TEST_BITOPS is not set +# CONFIG_TEST_VMALLOC is not set +# CONFIG_TEST_USER_COPY is not set +# CONFIG_TEST_BPF is not set +# CONFIG_TEST_BLACKHOLE_DEV is not set +# CONFIG_FIND_BIT_BENCHMARK is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_STATIC_KEYS is not set +# CONFIG_TEST_KMOD is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_TEST_FREE_PAGES is not set +# CONFIG_TEST_FPU is not set +# CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set +CONFIG_ARCH_USE_MEMTEST=y +# CONFIG_MEMTEST is not set +# end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking +# end of Kernel hacking From 94e9608270fd1f16764363ccab4a8335aef24069 Mon Sep 17 00:00:00 2001 From: Karthik Bhargavan Date: Fri, 1 Dec 2023 07:46:35 +0100 Subject: [PATCH 20/53] ecdsa fix --- .config | 5188 ----------------------------------------------- crypto/Makefile | 3 +- 2 files changed, 2 insertions(+), 5189 deletions(-) delete mode 100644 .config diff --git a/.config b/.config deleted file mode 100644 index 18d57badcc76e..0000000000000 --- a/.config +++ /dev/null @@ -1,5188 +0,0 @@ -# -# Automatically generated file; DO NOT EDIT. -# Linux/x86 6.5.4 Kernel Configuration -# -CONFIG_CC_VERSION_TEXT="gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0" -CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=110400 -CONFIG_CLANG_VERSION=0 -CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=23800 -CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=23800 -CONFIG_LLD_VERSION=0 -CONFIG_CC_CAN_LINK=y -CONFIG_CC_CAN_LINK_STATIC=y -CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y -CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y -CONFIG_TOOLS_SUPPORT_RELR=y -CONFIG_CC_HAS_ASM_INLINE=y -CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y -CONFIG_PAHOLE_VERSION=0 -CONFIG_IRQ_WORK=y -CONFIG_BUILDTIME_TABLE_SORT=y -CONFIG_THREAD_INFO_IN_TASK=y - -# -# General setup -# -CONFIG_INIT_ENV_ARG_LIMIT=32 -# CONFIG_COMPILE_TEST is not set -CONFIG_WERROR=y -CONFIG_LOCALVERSION="" -CONFIG_LOCALVERSION_AUTO=y -CONFIG_BUILD_SALT="" -CONFIG_HAVE_KERNEL_GZIP=y -CONFIG_HAVE_KERNEL_BZIP2=y -CONFIG_HAVE_KERNEL_LZMA=y -CONFIG_HAVE_KERNEL_XZ=y -CONFIG_HAVE_KERNEL_LZO=y -CONFIG_HAVE_KERNEL_LZ4=y -CONFIG_HAVE_KERNEL_ZSTD=y -CONFIG_KERNEL_GZIP=y -# CONFIG_KERNEL_BZIP2 is not set -# CONFIG_KERNEL_LZMA is not set -# CONFIG_KERNEL_XZ is not set -# CONFIG_KERNEL_LZO is not set -# CONFIG_KERNEL_LZ4 is not set -# CONFIG_KERNEL_ZSTD is not set -CONFIG_DEFAULT_INIT="" -CONFIG_DEFAULT_HOSTNAME="(none)" -CONFIG_SYSVIPC=y -CONFIG_SYSVIPC_SYSCTL=y -CONFIG_SYSVIPC_COMPAT=y -CONFIG_POSIX_MQUEUE=y -CONFIG_POSIX_MQUEUE_SYSCTL=y -# CONFIG_WATCH_QUEUE is not set -CONFIG_CROSS_MEMORY_ATTACH=y -# CONFIG_USELIB is not set -CONFIG_AUDIT=y -CONFIG_HAVE_ARCH_AUDITSYSCALL=y -CONFIG_AUDITSYSCALL=y - -# -# IRQ subsystem -# -CONFIG_GENERIC_IRQ_PROBE=y -CONFIG_GENERIC_IRQ_SHOW=y -CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y -CONFIG_GENERIC_PENDING_IRQ=y -CONFIG_GENERIC_IRQ_MIGRATION=y -CONFIG_HARDIRQS_SW_RESEND=y -CONFIG_IRQ_DOMAIN=y -CONFIG_IRQ_DOMAIN_HIERARCHY=y -CONFIG_GENERIC_MSI_IRQ=y -CONFIG_IRQ_MSI_IOMMU=y -CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y -CONFIG_GENERIC_IRQ_RESERVATION_MODE=y -CONFIG_IRQ_FORCED_THREADING=y -CONFIG_SPARSE_IRQ=y -# CONFIG_GENERIC_IRQ_DEBUGFS is not set -# end of IRQ subsystem - -CONFIG_CLOCKSOURCE_WATCHDOG=y -CONFIG_ARCH_CLOCKSOURCE_INIT=y -CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y -CONFIG_GENERIC_TIME_VSYSCALL=y -CONFIG_GENERIC_CLOCKEVENTS=y -CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y -CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y -CONFIG_GENERIC_CMOS_UPDATE=y -CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y -CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y -CONFIG_CONTEXT_TRACKING=y -CONFIG_CONTEXT_TRACKING_IDLE=y - -# -# Timers subsystem -# -CONFIG_TICK_ONESHOT=y -CONFIG_NO_HZ_COMMON=y -# CONFIG_HZ_PERIODIC is not set -CONFIG_NO_HZ_IDLE=y -# CONFIG_NO_HZ_FULL is not set -CONFIG_NO_HZ=y -CONFIG_HIGH_RES_TIMERS=y -CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=125 -# end of Timers subsystem - -CONFIG_BPF=y -CONFIG_HAVE_EBPF_JIT=y -CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y - -# -# BPF subsystem -# -# CONFIG_BPF_SYSCALL is not set -# CONFIG_BPF_JIT is not set -# end of BPF subsystem - -CONFIG_PREEMPT_BUILD=y -# CONFIG_PREEMPT_NONE is not set -CONFIG_PREEMPT_VOLUNTARY=y -# CONFIG_PREEMPT is not set -CONFIG_PREEMPT_COUNT=y -CONFIG_PREEMPTION=y -CONFIG_PREEMPT_DYNAMIC=y -# CONFIG_SCHED_CORE is not set - -# -# CPU/Task time and stats accounting -# -CONFIG_TICK_CPU_ACCOUNTING=y -# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set -# CONFIG_IRQ_TIME_ACCOUNTING is not set -CONFIG_BSD_PROCESS_ACCT=y -# CONFIG_BSD_PROCESS_ACCT_V3 is not set -CONFIG_TASKSTATS=y -CONFIG_TASK_DELAY_ACCT=y -CONFIG_TASK_XACCT=y -CONFIG_TASK_IO_ACCOUNTING=y -# CONFIG_PSI is not set -# end of CPU/Task time and stats accounting - -CONFIG_CPU_ISOLATION=y - -# -# RCU Subsystem -# -CONFIG_TREE_RCU=y -CONFIG_PREEMPT_RCU=y -# CONFIG_RCU_EXPERT is not set -CONFIG_TREE_SRCU=y -CONFIG_TASKS_RCU_GENERIC=y -CONFIG_TASKS_RCU=y -CONFIG_RCU_STALL_COMMON=y -CONFIG_RCU_NEED_SEGCBLIST=y -# end of RCU Subsystem - -# CONFIG_IKCONFIG is not set -# CONFIG_IKHEADERS is not set -CONFIG_LOG_BUF_SHIFT=18 -CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 -# CONFIG_PRINTK_INDEX is not set -CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y - -# -# Scheduler features -# -# CONFIG_UCLAMP_TASK is not set -# end of Scheduler features - -CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y -CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y -CONFIG_CC_HAS_INT128=y -CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" -CONFIG_GCC11_NO_ARRAY_BOUNDS=y -CONFIG_CC_NO_ARRAY_BOUNDS=y -CONFIG_ARCH_SUPPORTS_INT128=y -# CONFIG_NUMA_BALANCING is not set -CONFIG_CGROUPS=y -CONFIG_PAGE_COUNTER=y -# CONFIG_CGROUP_FAVOR_DYNMODS is not set -# CONFIG_MEMCG is not set -CONFIG_BLK_CGROUP=y -CONFIG_CGROUP_SCHED=y -CONFIG_FAIR_GROUP_SCHED=y -# CONFIG_CFS_BANDWIDTH is not set -# CONFIG_RT_GROUP_SCHED is not set -CONFIG_SCHED_MM_CID=y -CONFIG_CGROUP_PIDS=y -CONFIG_CGROUP_RDMA=y -CONFIG_CGROUP_FREEZER=y -CONFIG_CGROUP_HUGETLB=y -CONFIG_CPUSETS=y -CONFIG_PROC_PID_CPUSET=y -CONFIG_CGROUP_DEVICE=y -CONFIG_CGROUP_CPUACCT=y -CONFIG_CGROUP_PERF=y -CONFIG_CGROUP_MISC=y -CONFIG_CGROUP_DEBUG=y -CONFIG_SOCK_CGROUP_DATA=y -CONFIG_NAMESPACES=y -CONFIG_UTS_NS=y -CONFIG_TIME_NS=y -CONFIG_IPC_NS=y -# CONFIG_USER_NS is not set -CONFIG_PID_NS=y -CONFIG_NET_NS=y -# CONFIG_CHECKPOINT_RESTORE is not set -# CONFIG_SCHED_AUTOGROUP is not set -CONFIG_RELAY=y -CONFIG_BLK_DEV_INITRD=y -CONFIG_INITRAMFS_SOURCE="" -CONFIG_RD_GZIP=y -CONFIG_RD_BZIP2=y -CONFIG_RD_LZMA=y -CONFIG_RD_XZ=y -CONFIG_RD_LZO=y -CONFIG_RD_LZ4=y -CONFIG_RD_ZSTD=y -# CONFIG_BOOT_CONFIG is not set -CONFIG_INITRAMFS_PRESERVE_MTIME=y -CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y -# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set -CONFIG_LD_ORPHAN_WARN=y -CONFIG_LD_ORPHAN_WARN_LEVEL="error" -CONFIG_SYSCTL=y -CONFIG_HAVE_UID16=y -CONFIG_SYSCTL_EXCEPTION_TRACE=y -CONFIG_HAVE_PCSPKR_PLATFORM=y -# CONFIG_EXPERT is not set -CONFIG_UID16=y -CONFIG_MULTIUSER=y -CONFIG_SGETMASK_SYSCALL=y -CONFIG_SYSFS_SYSCALL=y -CONFIG_FHANDLE=y -CONFIG_POSIX_TIMERS=y -CONFIG_PRINTK=y -CONFIG_BUG=y -CONFIG_ELF_CORE=y -CONFIG_PCSPKR_PLATFORM=y -CONFIG_BASE_FULL=y -CONFIG_FUTEX=y -CONFIG_FUTEX_PI=y -CONFIG_EPOLL=y -CONFIG_SIGNALFD=y -CONFIG_TIMERFD=y -CONFIG_EVENTFD=y -CONFIG_SHMEM=y -CONFIG_AIO=y -CONFIG_IO_URING=y -CONFIG_ADVISE_SYSCALLS=y -CONFIG_MEMBARRIER=y -CONFIG_KALLSYMS=y -# CONFIG_KALLSYMS_SELFTEST is not set -CONFIG_KALLSYMS_ALL=y -CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y -CONFIG_KALLSYMS_BASE_RELATIVE=y -CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y -CONFIG_KCMP=y -CONFIG_RSEQ=y -CONFIG_CACHESTAT_SYSCALL=y -# CONFIG_EMBEDDED is not set -CONFIG_HAVE_PERF_EVENTS=y - -# -# Kernel Performance Events And Counters -# -CONFIG_PERF_EVENTS=y -# CONFIG_DEBUG_PERF_USE_VMALLOC is not set -# end of Kernel Performance Events And Counters - -CONFIG_SYSTEM_DATA_VERIFICATION=y -CONFIG_PROFILING=y -CONFIG_TRACEPOINTS=y -# end of General setup - -CONFIG_64BIT=y -CONFIG_X86_64=y -CONFIG_X86=y -CONFIG_INSTRUCTION_DECODER=y -CONFIG_OUTPUT_FORMAT="elf64-x86-64" -CONFIG_LOCKDEP_SUPPORT=y -CONFIG_STACKTRACE_SUPPORT=y -CONFIG_MMU=y -CONFIG_ARCH_MMAP_RND_BITS_MIN=28 -CONFIG_ARCH_MMAP_RND_BITS_MAX=32 -CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 -CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 -CONFIG_GENERIC_ISA_DMA=y -CONFIG_GENERIC_BUG=y -CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y -CONFIG_ARCH_MAY_HAVE_PC_FDC=y -CONFIG_GENERIC_CALIBRATE_DELAY=y -CONFIG_ARCH_HAS_CPU_RELAX=y -CONFIG_ARCH_HIBERNATION_POSSIBLE=y -CONFIG_ARCH_SUSPEND_POSSIBLE=y -CONFIG_AUDIT_ARCH=y -CONFIG_HAVE_INTEL_TXT=y -CONFIG_X86_64_SMP=y -CONFIG_ARCH_SUPPORTS_UPROBES=y -CONFIG_FIX_EARLYCON_MEM=y -CONFIG_PGTABLE_LEVELS=5 -CONFIG_CC_HAS_SANE_STACKPROTECTOR=y - -# -# Processor type and features -# -CONFIG_SMP=y -# CONFIG_X86_X2APIC is not set -CONFIG_X86_MPPARSE=y -# CONFIG_GOLDFISH is not set -# CONFIG_X86_CPU_RESCTRL is not set -CONFIG_X86_EXTENDED_PLATFORM=y -# CONFIG_X86_VSMP is not set -# CONFIG_X86_GOLDFISH is not set -# CONFIG_X86_INTEL_MID is not set -# CONFIG_X86_INTEL_LPSS is not set -# CONFIG_X86_AMD_PLATFORM_DEVICE is not set -CONFIG_IOSF_MBI=y -# CONFIG_IOSF_MBI_DEBUG is not set -CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y -CONFIG_SCHED_OMIT_FRAME_POINTER=y -CONFIG_HYPERVISOR_GUEST=y -CONFIG_PARAVIRT=y -# CONFIG_PARAVIRT_DEBUG is not set -# CONFIG_PARAVIRT_SPINLOCKS is not set -CONFIG_X86_HV_CALLBACK_VECTOR=y -# CONFIG_XEN is not set -CONFIG_KVM_GUEST=y -CONFIG_ARCH_CPUIDLE_HALTPOLL=y -# CONFIG_PVH is not set -# CONFIG_PARAVIRT_TIME_ACCOUNTING is not set -CONFIG_PARAVIRT_CLOCK=y -# CONFIG_JAILHOUSE_GUEST is not set -# CONFIG_ACRN_GUEST is not set -# CONFIG_MK8 is not set -# CONFIG_MPSC is not set -# CONFIG_MCORE2 is not set -# CONFIG_MATOM is not set -CONFIG_GENERIC_CPU=y -CONFIG_X86_INTERNODE_CACHE_SHIFT=6 -CONFIG_X86_L1_CACHE_SHIFT=6 -CONFIG_X86_TSC=y -CONFIG_X86_CMPXCHG64=y -CONFIG_X86_CMOV=y -CONFIG_X86_MINIMUM_CPU_FAMILY=64 -CONFIG_X86_DEBUGCTLMSR=y -CONFIG_IA32_FEAT_CTL=y -CONFIG_X86_VMX_FEATURE_NAMES=y -CONFIG_CPU_SUP_INTEL=y -CONFIG_CPU_SUP_AMD=y -CONFIG_CPU_SUP_HYGON=y -CONFIG_CPU_SUP_CENTAUR=y -CONFIG_CPU_SUP_ZHAOXIN=y -CONFIG_HPET_TIMER=y -CONFIG_HPET_EMULATE_RTC=y -CONFIG_DMI=y -# CONFIG_GART_IOMMU is not set -# CONFIG_MAXSMP is not set -CONFIG_NR_CPUS_RANGE_BEGIN=2 -CONFIG_NR_CPUS_RANGE_END=512 -CONFIG_NR_CPUS_DEFAULT=64 -CONFIG_NR_CPUS=64 -CONFIG_SCHED_CLUSTER=y -CONFIG_SCHED_SMT=y -CONFIG_SCHED_MC=y -CONFIG_SCHED_MC_PRIO=y -CONFIG_X86_LOCAL_APIC=y -CONFIG_X86_IO_APIC=y -CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y -CONFIG_X86_MCE=y -# CONFIG_X86_MCELOG_LEGACY is not set -CONFIG_X86_MCE_INTEL=y -CONFIG_X86_MCE_AMD=y -CONFIG_X86_MCE_THRESHOLD=y -# CONFIG_X86_MCE_INJECT is not set - -# -# Performance monitoring -# -CONFIG_PERF_EVENTS_INTEL_UNCORE=y -CONFIG_PERF_EVENTS_INTEL_RAPL=y -CONFIG_PERF_EVENTS_INTEL_CSTATE=y -# CONFIG_PERF_EVENTS_AMD_POWER is not set -CONFIG_PERF_EVENTS_AMD_UNCORE=y -# CONFIG_PERF_EVENTS_AMD_BRS is not set -# end of Performance monitoring - -CONFIG_X86_16BIT=y -CONFIG_X86_ESPFIX64=y -CONFIG_X86_VSYSCALL_EMULATION=y -CONFIG_X86_IOPL_IOPERM=y -CONFIG_MICROCODE=y -CONFIG_MICROCODE_INTEL=y -CONFIG_MICROCODE_AMD=y -# CONFIG_MICROCODE_LATE_LOADING is not set -CONFIG_X86_MSR=y -CONFIG_X86_CPUID=y -CONFIG_X86_5LEVEL=y -CONFIG_X86_DIRECT_GBPAGES=y -# CONFIG_X86_CPA_STATISTICS is not set -# CONFIG_AMD_MEM_ENCRYPT is not set -CONFIG_NUMA=y -CONFIG_AMD_NUMA=y -CONFIG_X86_64_ACPI_NUMA=y -# CONFIG_NUMA_EMU is not set -CONFIG_NODES_SHIFT=6 -CONFIG_ARCH_SPARSEMEM_ENABLE=y -CONFIG_ARCH_SPARSEMEM_DEFAULT=y -CONFIG_ARCH_PROC_KCORE_TEXT=y -CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 -# CONFIG_X86_PMEM_LEGACY is not set -CONFIG_X86_CHECK_BIOS_CORRUPTION=y -CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y -CONFIG_MTRR=y -# CONFIG_MTRR_SANITIZER is not set -CONFIG_X86_PAT=y -CONFIG_ARCH_USES_PG_UNCACHED=y -CONFIG_X86_UMIP=y -CONFIG_CC_HAS_IBT=y -CONFIG_X86_KERNEL_IBT=y -CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y -CONFIG_X86_INTEL_TSX_MODE_OFF=y -# CONFIG_X86_INTEL_TSX_MODE_ON is not set -# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set -CONFIG_EFI=y -CONFIG_EFI_STUB=y -CONFIG_EFI_HANDOVER_PROTOCOL=y -CONFIG_EFI_MIXED=y -# CONFIG_EFI_FAKE_MEMMAP is not set -CONFIG_EFI_RUNTIME_MAP=y -# CONFIG_HZ_100 is not set -# CONFIG_HZ_250 is not set -# CONFIG_HZ_300 is not set -CONFIG_HZ_1000=y -CONFIG_HZ=1000 -CONFIG_SCHED_HRTICK=y -CONFIG_KEXEC=y -# CONFIG_KEXEC_FILE is not set -CONFIG_CRASH_DUMP=y -# CONFIG_KEXEC_JUMP is not set -CONFIG_PHYSICAL_START=0x1000000 -CONFIG_RELOCATABLE=y -CONFIG_RANDOMIZE_BASE=y -CONFIG_X86_NEED_RELOCS=y -CONFIG_PHYSICAL_ALIGN=0x200000 -CONFIG_DYNAMIC_MEMORY_LAYOUT=y -CONFIG_RANDOMIZE_MEMORY=y -CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0 -# CONFIG_ADDRESS_MASKING is not set -CONFIG_HOTPLUG_CPU=y -# CONFIG_COMPAT_VDSO is not set -CONFIG_LEGACY_VSYSCALL_XONLY=y -# CONFIG_LEGACY_VSYSCALL_NONE is not set -# CONFIG_CMDLINE_BOOL is not set -CONFIG_MODIFY_LDT_SYSCALL=y -# CONFIG_STRICT_SIGALTSTACK_SIZE is not set -CONFIG_HAVE_LIVEPATCH=y -# end of Processor type and features - -CONFIG_CC_HAS_SLS=y -CONFIG_CC_HAS_RETURN_THUNK=y -CONFIG_CC_HAS_ENTRY_PADDING=y -CONFIG_FUNCTION_PADDING_CFI=11 -CONFIG_FUNCTION_PADDING_BYTES=16 -CONFIG_CALL_PADDING=y -CONFIG_HAVE_CALL_THUNKS=y -CONFIG_CALL_THUNKS=y -CONFIG_PREFIX_SYMBOLS=y -CONFIG_SPECULATION_MITIGATIONS=y -CONFIG_PAGE_TABLE_ISOLATION=y -CONFIG_RETPOLINE=y -CONFIG_RETHUNK=y -CONFIG_CPU_UNRET_ENTRY=y -CONFIG_CALL_DEPTH_TRACKING=y -# CONFIG_CALL_THUNKS_DEBUG is not set -CONFIG_CPU_IBPB_ENTRY=y -CONFIG_CPU_IBRS_ENTRY=y -CONFIG_CPU_SRSO=y -# CONFIG_SLS is not set -# CONFIG_GDS_FORCE_MITIGATION is not set -CONFIG_ARCH_HAS_ADD_PAGES=y -CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y - -# -# Power management and ACPI options -# -CONFIG_ARCH_HIBERNATION_HEADER=y -CONFIG_SUSPEND=y -CONFIG_SUSPEND_FREEZER=y -CONFIG_HIBERNATE_CALLBACKS=y -CONFIG_HIBERNATION=y -CONFIG_HIBERNATION_SNAPSHOT_DEV=y -CONFIG_PM_STD_PARTITION="" -CONFIG_PM_SLEEP=y -CONFIG_PM_SLEEP_SMP=y -# CONFIG_PM_AUTOSLEEP is not set -# CONFIG_PM_USERSPACE_AUTOSLEEP is not set -# CONFIG_PM_WAKELOCKS is not set -CONFIG_PM=y -CONFIG_PM_DEBUG=y -# CONFIG_PM_ADVANCED_DEBUG is not set -# CONFIG_PM_TEST_SUSPEND is not set -CONFIG_PM_SLEEP_DEBUG=y -CONFIG_PM_TRACE=y -CONFIG_PM_TRACE_RTC=y -# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set -# CONFIG_ENERGY_MODEL is not set -CONFIG_ARCH_SUPPORTS_ACPI=y -CONFIG_ACPI=y -CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y -CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y -CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y -# CONFIG_ACPI_DEBUGGER is not set -CONFIG_ACPI_SPCR_TABLE=y -# CONFIG_ACPI_FPDT is not set -CONFIG_ACPI_LPIT=y -CONFIG_ACPI_SLEEP=y -CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y -# CONFIG_ACPI_EC_DEBUGFS is not set -CONFIG_ACPI_AC=y -CONFIG_ACPI_BATTERY=y -CONFIG_ACPI_BUTTON=y -CONFIG_ACPI_VIDEO=y -CONFIG_ACPI_FAN=y -# CONFIG_ACPI_TAD is not set -CONFIG_ACPI_DOCK=y -CONFIG_ACPI_CPU_FREQ_PSS=y -CONFIG_ACPI_PROCESSOR_CSTATE=y -CONFIG_ACPI_PROCESSOR_IDLE=y -CONFIG_ACPI_CPPC_LIB=y -CONFIG_ACPI_PROCESSOR=y -CONFIG_ACPI_HOTPLUG_CPU=y -# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set -CONFIG_ACPI_THERMAL=y -CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y -CONFIG_ACPI_TABLE_UPGRADE=y -# CONFIG_ACPI_DEBUG is not set -# CONFIG_ACPI_PCI_SLOT is not set -CONFIG_ACPI_CONTAINER=y -CONFIG_ACPI_HOTPLUG_IOAPIC=y -# CONFIG_ACPI_SBS is not set -# CONFIG_ACPI_HED is not set -# CONFIG_ACPI_CUSTOM_METHOD is not set -CONFIG_ACPI_BGRT=y -# CONFIG_ACPI_NFIT is not set -CONFIG_ACPI_NUMA=y -# CONFIG_ACPI_HMAT is not set -CONFIG_HAVE_ACPI_APEI=y -CONFIG_HAVE_ACPI_APEI_NMI=y -# CONFIG_ACPI_APEI is not set -# CONFIG_ACPI_DPTF is not set -# CONFIG_ACPI_CONFIGFS is not set -# CONFIG_ACPI_PFRUT is not set -CONFIG_ACPI_PCC=y -# CONFIG_ACPI_FFH is not set -# CONFIG_PMIC_OPREGION is not set -CONFIG_ACPI_PRMT=y -CONFIG_X86_PM_TIMER=y - -# -# CPU Frequency scaling -# -CONFIG_CPU_FREQ=y -CONFIG_CPU_FREQ_GOV_ATTR_SET=y -CONFIG_CPU_FREQ_GOV_COMMON=y -# CONFIG_CPU_FREQ_STAT is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set -CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE=y -# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set -CONFIG_CPU_FREQ_GOV_PERFORMANCE=y -# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set -CONFIG_CPU_FREQ_GOV_USERSPACE=y -CONFIG_CPU_FREQ_GOV_ONDEMAND=y -# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set -CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y - -# -# CPU frequency scaling drivers -# -CONFIG_X86_INTEL_PSTATE=y -# CONFIG_X86_PCC_CPUFREQ is not set -# CONFIG_X86_AMD_PSTATE is not set -# CONFIG_X86_AMD_PSTATE_UT is not set -CONFIG_X86_ACPI_CPUFREQ=y -CONFIG_X86_ACPI_CPUFREQ_CPB=y -# CONFIG_X86_POWERNOW_K8 is not set -# CONFIG_X86_AMD_FREQ_SENSITIVITY is not set -# CONFIG_X86_SPEEDSTEP_CENTRINO is not set -# CONFIG_X86_P4_CLOCKMOD is not set - -# -# shared options -# -# end of CPU Frequency scaling - -# -# CPU Idle -# -CONFIG_CPU_IDLE=y -# CONFIG_CPU_IDLE_GOV_LADDER is not set -CONFIG_CPU_IDLE_GOV_MENU=y -# CONFIG_CPU_IDLE_GOV_TEO is not set -CONFIG_CPU_IDLE_GOV_HALTPOLL=y -CONFIG_HALTPOLL_CPUIDLE=y -# end of CPU Idle - -# CONFIG_INTEL_IDLE is not set -# end of Power management and ACPI options - -# -# Bus options (PCI etc.) -# -CONFIG_PCI_DIRECT=y -CONFIG_PCI_MMCONFIG=y -CONFIG_MMCONF_FAM10H=y -CONFIG_ISA_DMA_API=y -CONFIG_AMD_NB=y -# end of Bus options (PCI etc.) - -# -# Binary Emulations -# -CONFIG_IA32_EMULATION=y -# CONFIG_X86_X32_ABI is not set -CONFIG_COMPAT_32=y -CONFIG_COMPAT=y -CONFIG_COMPAT_FOR_U64_ALIGNMENT=y -# end of Binary Emulations - -CONFIG_HAVE_KVM=y -# CONFIG_VIRTUALIZATION is not set -CONFIG_AS_AVX512=y -CONFIG_AS_SHA1_NI=y -CONFIG_AS_SHA256_NI=y -CONFIG_AS_TPAUSE=y -CONFIG_AS_GFNI=y - -# -# General architecture-dependent options -# -CONFIG_CRASH_CORE=y -CONFIG_KEXEC_CORE=y -CONFIG_HOTPLUG_SMT=y -CONFIG_HOTPLUG_CORE_SYNC=y -CONFIG_HOTPLUG_CORE_SYNC_DEAD=y -CONFIG_HOTPLUG_CORE_SYNC_FULL=y -CONFIG_HOTPLUG_SPLIT_STARTUP=y -CONFIG_HOTPLUG_PARALLEL=y -CONFIG_GENERIC_ENTRY=y -CONFIG_KPROBES=y -CONFIG_JUMP_LABEL=y -# CONFIG_STATIC_KEYS_SELFTEST is not set -# CONFIG_STATIC_CALL_SELFTEST is not set -CONFIG_OPTPROBES=y -CONFIG_UPROBES=y -CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y -CONFIG_ARCH_USE_BUILTIN_BSWAP=y -CONFIG_KRETPROBES=y -CONFIG_KRETPROBE_ON_RETHOOK=y -CONFIG_HAVE_IOREMAP_PROT=y -CONFIG_HAVE_KPROBES=y -CONFIG_HAVE_KRETPROBES=y -CONFIG_HAVE_OPTPROBES=y -CONFIG_HAVE_KPROBES_ON_FTRACE=y -CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y -CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y -CONFIG_HAVE_NMI=y -CONFIG_TRACE_IRQFLAGS_SUPPORT=y -CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y -CONFIG_HAVE_ARCH_TRACEHOOK=y -CONFIG_HAVE_DMA_CONTIGUOUS=y -CONFIG_GENERIC_SMP_IDLE_THREAD=y -CONFIG_ARCH_HAS_FORTIFY_SOURCE=y -CONFIG_ARCH_HAS_SET_MEMORY=y -CONFIG_ARCH_HAS_SET_DIRECT_MAP=y -CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y -CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y -CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y -CONFIG_ARCH_WANTS_NO_INSTR=y -CONFIG_HAVE_ASM_MODVERSIONS=y -CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y -CONFIG_HAVE_RSEQ=y -CONFIG_HAVE_RUST=y -CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y -CONFIG_HAVE_HW_BREAKPOINT=y -CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y -CONFIG_HAVE_USER_RETURN_NOTIFIER=y -CONFIG_HAVE_PERF_EVENTS_NMI=y -CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y -CONFIG_HAVE_PERF_REGS=y -CONFIG_HAVE_PERF_USER_STACK_DUMP=y -CONFIG_HAVE_ARCH_JUMP_LABEL=y -CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y -CONFIG_MMU_GATHER_TABLE_FREE=y -CONFIG_MMU_GATHER_RCU_TABLE_FREE=y -CONFIG_MMU_GATHER_MERGE_VMAS=y -CONFIG_MMU_LAZY_TLB_REFCOUNT=y -CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y -CONFIG_ARCH_HAS_NMI_SAFE_THIS_CPU_OPS=y -CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y -CONFIG_HAVE_CMPXCHG_LOCAL=y -CONFIG_HAVE_CMPXCHG_DOUBLE=y -CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y -CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y -CONFIG_HAVE_ARCH_SECCOMP=y -CONFIG_HAVE_ARCH_SECCOMP_FILTER=y -CONFIG_SECCOMP=y -CONFIG_SECCOMP_FILTER=y -# CONFIG_SECCOMP_CACHE_DEBUG is not set -CONFIG_HAVE_ARCH_STACKLEAK=y -CONFIG_HAVE_STACKPROTECTOR=y -CONFIG_STACKPROTECTOR=y -CONFIG_STACKPROTECTOR_STRONG=y -CONFIG_ARCH_SUPPORTS_LTO_CLANG=y -CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y -CONFIG_LTO_NONE=y -CONFIG_ARCH_SUPPORTS_CFI_CLANG=y -CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y -CONFIG_HAVE_CONTEXT_TRACKING_USER=y -CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y -CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y -CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y -CONFIG_HAVE_MOVE_PUD=y -CONFIG_HAVE_MOVE_PMD=y -CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y -CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y -CONFIG_HAVE_ARCH_HUGE_VMAP=y -CONFIG_HAVE_ARCH_HUGE_VMALLOC=y -CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y -CONFIG_HAVE_ARCH_SOFT_DIRTY=y -CONFIG_HAVE_MOD_ARCH_SPECIFIC=y -CONFIG_MODULES_USE_ELF_RELA=y -CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y -CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y -CONFIG_SOFTIRQ_ON_OWN_STACK=y -CONFIG_ARCH_HAS_ELF_RANDOMIZE=y -CONFIG_HAVE_ARCH_MMAP_RND_BITS=y -CONFIG_HAVE_EXIT_THREAD=y -CONFIG_ARCH_MMAP_RND_BITS=28 -CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y -CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8 -CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y -CONFIG_PAGE_SIZE_LESS_THAN_64KB=y -CONFIG_PAGE_SIZE_LESS_THAN_256KB=y -CONFIG_HAVE_OBJTOOL=y -CONFIG_HAVE_JUMP_LABEL_HACK=y -CONFIG_HAVE_NOINSTR_HACK=y -CONFIG_HAVE_NOINSTR_VALIDATION=y -CONFIG_HAVE_UACCESS_VALIDATION=y -CONFIG_HAVE_STACK_VALIDATION=y -CONFIG_HAVE_RELIABLE_STACKTRACE=y -CONFIG_OLD_SIGSUSPEND3=y -CONFIG_COMPAT_OLD_SIGACTION=y -CONFIG_COMPAT_32BIT_TIME=y -CONFIG_HAVE_ARCH_VMAP_STACK=y -CONFIG_VMAP_STACK=y -CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y -CONFIG_RANDOMIZE_KSTACK_OFFSET=y -# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set -CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y -CONFIG_STRICT_KERNEL_RWX=y -CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y -CONFIG_STRICT_MODULE_RWX=y -CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y -CONFIG_ARCH_USE_MEMREMAP_PROT=y -# CONFIG_LOCK_EVENT_COUNTS is not set -CONFIG_ARCH_HAS_MEM_ENCRYPT=y -CONFIG_HAVE_STATIC_CALL=y -CONFIG_HAVE_STATIC_CALL_INLINE=y -CONFIG_HAVE_PREEMPT_DYNAMIC=y -CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y -CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y -CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y -CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y -CONFIG_ARCH_HAS_ELFCORE_COMPAT=y -CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y -CONFIG_DYNAMIC_SIGFRAME=y -CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y - -# -# GCOV-based kernel profiling -# -# CONFIG_GCOV_KERNEL is not set -CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y -# end of GCOV-based kernel profiling - -CONFIG_HAVE_GCC_PLUGINS=y -CONFIG_FUNCTION_ALIGNMENT_4B=y -CONFIG_FUNCTION_ALIGNMENT_16B=y -CONFIG_FUNCTION_ALIGNMENT=16 -# end of General architecture-dependent options - -CONFIG_RT_MUTEXES=y -CONFIG_BASE_SMALL=0 -CONFIG_MODULES=y -# CONFIG_MODULE_DEBUG is not set -# CONFIG_MODULE_FORCE_LOAD is not set -CONFIG_MODULE_UNLOAD=y -CONFIG_MODULE_FORCE_UNLOAD=y -# CONFIG_MODULE_UNLOAD_TAINT_TRACKING is not set -# CONFIG_MODVERSIONS is not set -# CONFIG_MODULE_SRCVERSION_ALL is not set -# CONFIG_MODULE_SIG is not set -CONFIG_MODULE_COMPRESS_NONE=y -# CONFIG_MODULE_COMPRESS_GZIP is not set -# CONFIG_MODULE_COMPRESS_XZ is not set -# CONFIG_MODULE_COMPRESS_ZSTD is not set -# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set -CONFIG_MODPROBE_PATH="/sbin/modprobe" -CONFIG_MODULES_TREE_LOOKUP=y -CONFIG_BLOCK=y -CONFIG_BLOCK_LEGACY_AUTOLOAD=y -CONFIG_BLK_RQ_ALLOC_TIME=y -CONFIG_BLK_DEV_BSG_COMMON=y -# CONFIG_BLK_DEV_BSGLIB is not set -# CONFIG_BLK_DEV_INTEGRITY is not set -# CONFIG_BLK_DEV_ZONED is not set -# CONFIG_BLK_DEV_THROTTLING is not set -# CONFIG_BLK_WBT is not set -CONFIG_BLK_CGROUP_IOLATENCY=y -CONFIG_BLK_CGROUP_IOCOST=y -CONFIG_BLK_CGROUP_IOPRIO=y -CONFIG_BLK_DEBUG_FS=y -# CONFIG_BLK_SED_OPAL is not set -# CONFIG_BLK_INLINE_ENCRYPTION is not set - -# -# Partition Types -# -# CONFIG_PARTITION_ADVANCED is not set -CONFIG_MSDOS_PARTITION=y -CONFIG_EFI_PARTITION=y -# end of Partition Types - -CONFIG_BLK_MQ_PCI=y -CONFIG_BLK_MQ_VIRTIO=y -CONFIG_BLK_PM=y -CONFIG_BLOCK_HOLDER_DEPRECATED=y -CONFIG_BLK_MQ_STACKING=y - -# -# IO Schedulers -# -CONFIG_MQ_IOSCHED_DEADLINE=y -CONFIG_MQ_IOSCHED_KYBER=y -# CONFIG_IOSCHED_BFQ is not set -# end of IO Schedulers - -CONFIG_ASN1=y -CONFIG_UNINLINE_SPIN_UNLOCK=y -CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y -CONFIG_MUTEX_SPIN_ON_OWNER=y -CONFIG_RWSEM_SPIN_ON_OWNER=y -CONFIG_LOCK_SPIN_ON_OWNER=y -CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y -CONFIG_QUEUED_SPINLOCKS=y -CONFIG_ARCH_USE_QUEUED_RWLOCKS=y -CONFIG_QUEUED_RWLOCKS=y -CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y -CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y -CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y -CONFIG_FREEZER=y - -# -# Executable file formats -# -CONFIG_BINFMT_ELF=y -CONFIG_COMPAT_BINFMT_ELF=y -CONFIG_ELFCORE=y -CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y -CONFIG_BINFMT_SCRIPT=y -CONFIG_BINFMT_MISC=y -CONFIG_COREDUMP=y -# end of Executable file formats - -# -# Memory Management options -# -CONFIG_SWAP=y -# CONFIG_ZSWAP is not set - -# -# SLAB allocator options -# -# CONFIG_SLAB_DEPRECATED is not set -CONFIG_SLUB=y -CONFIG_SLAB_MERGE_DEFAULT=y -# CONFIG_SLAB_FREELIST_RANDOM is not set -# CONFIG_SLAB_FREELIST_HARDENED is not set -# CONFIG_SLUB_STATS is not set -CONFIG_SLUB_CPU_PARTIAL=y -# end of SLAB allocator options - -# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set -# CONFIG_COMPAT_BRK is not set -CONFIG_SPARSEMEM=y -CONFIG_SPARSEMEM_EXTREME=y -CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y -CONFIG_SPARSEMEM_VMEMMAP=y -CONFIG_ARCH_WANT_OPTIMIZE_VMEMMAP=y -CONFIG_HAVE_FAST_GUP=y -CONFIG_EXCLUSIVE_SYSTEM_RAM=y -CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y -# CONFIG_MEMORY_HOTPLUG is not set -CONFIG_SPLIT_PTLOCK_CPUS=4 -CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y -CONFIG_COMPACTION=y -CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 -# CONFIG_PAGE_REPORTING is not set -CONFIG_MIGRATION=y -CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y -CONFIG_PHYS_ADDR_T_64BIT=y -CONFIG_MMU_NOTIFIER=y -# CONFIG_KSM is not set -CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 -CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y -# CONFIG_MEMORY_FAILURE is not set -CONFIG_ARCH_WANT_GENERAL_HUGETLB=y -CONFIG_ARCH_WANTS_THP_SWAP=y -# CONFIG_TRANSPARENT_HUGEPAGE is not set -CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y -CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y -CONFIG_USE_PERCPU_NUMA_NODE_ID=y -CONFIG_HAVE_SETUP_PER_CPU_AREA=y -# CONFIG_CMA is not set -CONFIG_GENERIC_EARLY_IOREMAP=y -# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set -# CONFIG_IDLE_PAGE_TRACKING is not set -CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y -CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y -CONFIG_ARCH_HAS_PTE_DEVMAP=y -CONFIG_ZONE_DMA=y -CONFIG_ZONE_DMA32=y -CONFIG_VMAP_PFN=y -CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y -CONFIG_ARCH_HAS_PKEYS=y -CONFIG_VM_EVENT_COUNTERS=y -# CONFIG_PERCPU_STATS is not set -# CONFIG_GUP_TEST is not set -# CONFIG_DMAPOOL_TEST is not set -CONFIG_ARCH_HAS_PTE_SPECIAL=y -CONFIG_SECRETMEM=y -# CONFIG_ANON_VMA_NAME is not set -# CONFIG_USERFAULTFD is not set -# CONFIG_LRU_GEN is not set -CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y -CONFIG_PER_VMA_LOCK=y -CONFIG_LOCK_MM_AND_FIND_VMA=y - -# -# Data Access Monitoring -# -# CONFIG_DAMON is not set -# end of Data Access Monitoring -# end of Memory Management options - -CONFIG_NET=y -CONFIG_NET_INGRESS=y -CONFIG_NET_EGRESS=y -CONFIG_SKB_EXTENSIONS=y - -# -# Networking options -# -CONFIG_PACKET=y -# CONFIG_PACKET_DIAG is not set -CONFIG_UNIX=y -CONFIG_UNIX_SCM=y -CONFIG_AF_UNIX_OOB=y -# CONFIG_UNIX_DIAG is not set -# CONFIG_TLS is not set -CONFIG_XFRM=y -CONFIG_XFRM_ALGO=y -CONFIG_XFRM_USER=y -# CONFIG_XFRM_USER_COMPAT is not set -# CONFIG_XFRM_INTERFACE is not set -# CONFIG_XFRM_SUB_POLICY is not set -# CONFIG_XFRM_MIGRATE is not set -# CONFIG_XFRM_STATISTICS is not set -CONFIG_XFRM_AH=y -CONFIG_XFRM_ESP=y -# CONFIG_NET_KEY is not set -CONFIG_NET_HANDSHAKE=y -CONFIG_INET=y -CONFIG_IP_MULTICAST=y -CONFIG_IP_ADVANCED_ROUTER=y -# CONFIG_IP_FIB_TRIE_STATS is not set -CONFIG_IP_MULTIPLE_TABLES=y -CONFIG_IP_ROUTE_MULTIPATH=y -CONFIG_IP_ROUTE_VERBOSE=y -CONFIG_IP_PNP=y -CONFIG_IP_PNP_DHCP=y -CONFIG_IP_PNP_BOOTP=y -CONFIG_IP_PNP_RARP=y -# CONFIG_NET_IPIP is not set -# CONFIG_NET_IPGRE_DEMUX is not set -CONFIG_NET_IP_TUNNEL=y -CONFIG_IP_MROUTE_COMMON=y -CONFIG_IP_MROUTE=y -# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set -CONFIG_IP_PIMSM_V1=y -CONFIG_IP_PIMSM_V2=y -CONFIG_SYN_COOKIES=y -# CONFIG_NET_IPVTI is not set -# CONFIG_NET_FOU is not set -# CONFIG_NET_FOU_IP_TUNNELS is not set -# CONFIG_INET_AH is not set -# CONFIG_INET_ESP is not set -# CONFIG_INET_IPCOMP is not set -CONFIG_INET_TABLE_PERTURB_ORDER=16 -CONFIG_INET_TUNNEL=y -# CONFIG_INET_DIAG is not set -CONFIG_TCP_CONG_ADVANCED=y -# CONFIG_TCP_CONG_BIC is not set -CONFIG_TCP_CONG_CUBIC=y -# CONFIG_TCP_CONG_WESTWOOD is not set -# CONFIG_TCP_CONG_HTCP is not set -# CONFIG_TCP_CONG_HSTCP is not set -# CONFIG_TCP_CONG_HYBLA is not set -# CONFIG_TCP_CONG_VEGAS is not set -# CONFIG_TCP_CONG_NV is not set -# CONFIG_TCP_CONG_SCALABLE is not set -# CONFIG_TCP_CONG_LP is not set -# CONFIG_TCP_CONG_VENO is not set -# CONFIG_TCP_CONG_YEAH is not set -# CONFIG_TCP_CONG_ILLINOIS is not set -# CONFIG_TCP_CONG_DCTCP is not set -# CONFIG_TCP_CONG_CDG is not set -# CONFIG_TCP_CONG_BBR is not set -CONFIG_DEFAULT_CUBIC=y -# CONFIG_DEFAULT_RENO is not set -CONFIG_DEFAULT_TCP_CONG="cubic" -CONFIG_TCP_MD5SIG=y -CONFIG_IPV6=y -# CONFIG_IPV6_ROUTER_PREF is not set -# CONFIG_IPV6_OPTIMISTIC_DAD is not set -CONFIG_INET6_AH=y -CONFIG_INET6_ESP=y -# CONFIG_INET6_ESP_OFFLOAD is not set -# CONFIG_INET6_ESPINTCP is not set -# CONFIG_INET6_IPCOMP is not set -# CONFIG_IPV6_MIP6 is not set -# CONFIG_IPV6_ILA is not set -# CONFIG_IPV6_VTI is not set -CONFIG_IPV6_SIT=y -# CONFIG_IPV6_SIT_6RD is not set -CONFIG_IPV6_NDISC_NODETYPE=y -# CONFIG_IPV6_TUNNEL is not set -# CONFIG_IPV6_MULTIPLE_TABLES is not set -# CONFIG_IPV6_MROUTE is not set -# CONFIG_IPV6_SEG6_LWTUNNEL is not set -# CONFIG_IPV6_SEG6_HMAC is not set -# CONFIG_IPV6_RPL_LWTUNNEL is not set -# CONFIG_IPV6_IOAM6_LWTUNNEL is not set -CONFIG_NETLABEL=y -# CONFIG_MPTCP is not set -CONFIG_NETWORK_SECMARK=y -CONFIG_NET_PTP_CLASSIFY=y -# CONFIG_NETWORK_PHY_TIMESTAMPING is not set -CONFIG_NETFILTER=y -# CONFIG_NETFILTER_ADVANCED is not set - -# -# Core Netfilter Configuration -# -CONFIG_NETFILTER_INGRESS=y -CONFIG_NETFILTER_EGRESS=y -CONFIG_NETFILTER_SKIP_EGRESS=y -CONFIG_NETFILTER_NETLINK=y -CONFIG_NETFILTER_NETLINK_LOG=y -CONFIG_NF_CONNTRACK=y -CONFIG_NF_LOG_SYSLOG=m -CONFIG_NF_CONNTRACK_SECMARK=y -# CONFIG_NF_CONNTRACK_PROCFS is not set -# CONFIG_NF_CONNTRACK_LABELS is not set -CONFIG_NF_CONNTRACK_FTP=y -CONFIG_NF_CONNTRACK_IRC=y -# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set -CONFIG_NF_CONNTRACK_SIP=y -CONFIG_NF_CT_NETLINK=y -# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set -CONFIG_NF_NAT=y -CONFIG_NF_NAT_FTP=y -CONFIG_NF_NAT_IRC=y -CONFIG_NF_NAT_SIP=y -CONFIG_NF_NAT_MASQUERADE=y -# CONFIG_NF_TABLES is not set -CONFIG_NETFILTER_XTABLES=y -# CONFIG_NETFILTER_XTABLES_COMPAT is not set - -# -# Xtables combined modules -# -CONFIG_NETFILTER_XT_MARK=m - -# -# Xtables targets -# -CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y -CONFIG_NETFILTER_XT_TARGET_LOG=m -CONFIG_NETFILTER_XT_NAT=m -# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set -CONFIG_NETFILTER_XT_TARGET_NFLOG=y -# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set -CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m -CONFIG_NETFILTER_XT_TARGET_SECMARK=y -CONFIG_NETFILTER_XT_TARGET_TCPMSS=y - -# -# Xtables matches -# -CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m -CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y -CONFIG_NETFILTER_XT_MATCH_POLICY=y -CONFIG_NETFILTER_XT_MATCH_STATE=y -# end of Core Netfilter Configuration - -# CONFIG_IP_SET is not set -# CONFIG_IP_VS is not set - -# -# IP: Netfilter Configuration -# -CONFIG_NF_DEFRAG_IPV4=y -# CONFIG_NF_SOCKET_IPV4 is not set -# CONFIG_NF_TPROXY_IPV4 is not set -# CONFIG_NF_DUP_IPV4 is not set -CONFIG_NF_LOG_ARP=m -CONFIG_NF_LOG_IPV4=m -CONFIG_NF_REJECT_IPV4=y -CONFIG_IP_NF_IPTABLES=y -CONFIG_IP_NF_FILTER=y -CONFIG_IP_NF_TARGET_REJECT=y -CONFIG_IP_NF_NAT=m -CONFIG_IP_NF_TARGET_MASQUERADE=m -CONFIG_IP_NF_MANGLE=y -# CONFIG_IP_NF_RAW is not set -# end of IP: Netfilter Configuration - -# -# IPv6: Netfilter Configuration -# -# CONFIG_NF_SOCKET_IPV6 is not set -# CONFIG_NF_TPROXY_IPV6 is not set -# CONFIG_NF_DUP_IPV6 is not set -CONFIG_NF_REJECT_IPV6=y -CONFIG_NF_LOG_IPV6=m -CONFIG_IP6_NF_IPTABLES=y -CONFIG_IP6_NF_MATCH_IPV6HEADER=y -CONFIG_IP6_NF_FILTER=y -CONFIG_IP6_NF_TARGET_REJECT=y -CONFIG_IP6_NF_MANGLE=y -# CONFIG_IP6_NF_RAW is not set -# end of IPv6: Netfilter Configuration - -CONFIG_NF_DEFRAG_IPV6=y -# CONFIG_NF_CONNTRACK_BRIDGE is not set -# CONFIG_BPFILTER is not set -# CONFIG_IP_DCCP is not set -# CONFIG_IP_SCTP is not set -# CONFIG_RDS is not set -# CONFIG_TIPC is not set -# CONFIG_ATM is not set -# CONFIG_L2TP is not set -# CONFIG_BRIDGE is not set -# CONFIG_NET_DSA is not set -# CONFIG_VLAN_8021Q is not set -# CONFIG_LLC2 is not set -# CONFIG_ATALK is not set -# CONFIG_X25 is not set -# CONFIG_LAPB is not set -# CONFIG_PHONET is not set -# CONFIG_6LOWPAN is not set -# CONFIG_IEEE802154 is not set -CONFIG_NET_SCHED=y - -# -# Queueing/Scheduling -# -# CONFIG_NET_SCH_HTB is not set -# CONFIG_NET_SCH_HFSC is not set -# CONFIG_NET_SCH_PRIO is not set -# CONFIG_NET_SCH_MULTIQ is not set -# CONFIG_NET_SCH_RED is not set -# CONFIG_NET_SCH_SFB is not set -# CONFIG_NET_SCH_SFQ is not set -# CONFIG_NET_SCH_TEQL is not set -# CONFIG_NET_SCH_TBF is not set -# CONFIG_NET_SCH_CBS is not set -# CONFIG_NET_SCH_ETF is not set -# CONFIG_NET_SCH_TAPRIO is not set -# CONFIG_NET_SCH_GRED is not set -# CONFIG_NET_SCH_NETEM is not set -# CONFIG_NET_SCH_DRR is not set -# CONFIG_NET_SCH_MQPRIO is not set -# CONFIG_NET_SCH_SKBPRIO is not set -# CONFIG_NET_SCH_CHOKE is not set -# CONFIG_NET_SCH_QFQ is not set -# CONFIG_NET_SCH_CODEL is not set -# CONFIG_NET_SCH_FQ_CODEL is not set -# CONFIG_NET_SCH_CAKE is not set -# CONFIG_NET_SCH_FQ is not set -# CONFIG_NET_SCH_HHF is not set -# CONFIG_NET_SCH_PIE is not set -# CONFIG_NET_SCH_INGRESS is not set -# CONFIG_NET_SCH_PLUG is not set -# CONFIG_NET_SCH_ETS is not set -# CONFIG_NET_SCH_DEFAULT is not set - -# -# Classification -# -CONFIG_NET_CLS=y -# CONFIG_NET_CLS_BASIC is not set -# CONFIG_NET_CLS_ROUTE4 is not set -# CONFIG_NET_CLS_FW is not set -# CONFIG_NET_CLS_U32 is not set -# CONFIG_NET_CLS_FLOW is not set -CONFIG_NET_CLS_CGROUP=y -# CONFIG_NET_CLS_BPF is not set -# CONFIG_NET_CLS_FLOWER is not set -# CONFIG_NET_CLS_MATCHALL is not set -CONFIG_NET_EMATCH=y -CONFIG_NET_EMATCH_STACK=32 -# CONFIG_NET_EMATCH_CMP is not set -# CONFIG_NET_EMATCH_NBYTE is not set -# CONFIG_NET_EMATCH_U32 is not set -# CONFIG_NET_EMATCH_META is not set -# CONFIG_NET_EMATCH_TEXT is not set -# CONFIG_NET_EMATCH_IPT is not set -CONFIG_NET_CLS_ACT=y -# CONFIG_NET_ACT_POLICE is not set -# CONFIG_NET_ACT_GACT is not set -# CONFIG_NET_ACT_MIRRED is not set -# CONFIG_NET_ACT_SAMPLE is not set -# CONFIG_NET_ACT_IPT is not set -# CONFIG_NET_ACT_NAT is not set -# CONFIG_NET_ACT_PEDIT is not set -# CONFIG_NET_ACT_SIMP is not set -# CONFIG_NET_ACT_SKBEDIT is not set -# CONFIG_NET_ACT_CSUM is not set -# CONFIG_NET_ACT_MPLS is not set -# CONFIG_NET_ACT_VLAN is not set -# CONFIG_NET_ACT_BPF is not set -# CONFIG_NET_ACT_SKBMOD is not set -# CONFIG_NET_ACT_IFE is not set -# CONFIG_NET_ACT_TUNNEL_KEY is not set -# CONFIG_NET_ACT_GATE is not set -# CONFIG_NET_TC_SKB_EXT is not set -CONFIG_NET_SCH_FIFO=y -# CONFIG_DCB is not set -CONFIG_DNS_RESOLVER=y -# CONFIG_BATMAN_ADV is not set -# CONFIG_OPENVSWITCH is not set -# CONFIG_VSOCKETS is not set -# CONFIG_NETLINK_DIAG is not set -# CONFIG_MPLS is not set -# CONFIG_NET_NSH is not set -# CONFIG_HSR is not set -# CONFIG_NET_SWITCHDEV is not set -# CONFIG_NET_L3_MASTER_DEV is not set -# CONFIG_QRTR is not set -# CONFIG_NET_NCSI is not set -CONFIG_PCPU_DEV_REFCNT=y -CONFIG_MAX_SKB_FRAGS=17 -CONFIG_RPS=y -CONFIG_RFS_ACCEL=y -CONFIG_SOCK_RX_QUEUE_MAPPING=y -CONFIG_XPS=y -CONFIG_CGROUP_NET_PRIO=y -CONFIG_CGROUP_NET_CLASSID=y -CONFIG_NET_RX_BUSY_POLL=y -CONFIG_BQL=y -CONFIG_NET_FLOW_LIMIT=y - -# -# Network testing -# -# CONFIG_NET_PKTGEN is not set -# CONFIG_NET_DROP_MONITOR is not set -# end of Network testing -# end of Networking options - -# CONFIG_HAMRADIO is not set -# CONFIG_CAN is not set -# CONFIG_BT is not set -# CONFIG_AF_RXRPC is not set -# CONFIG_AF_KCM is not set -# CONFIG_MCTP is not set -CONFIG_FIB_RULES=y -CONFIG_WIRELESS=y -CONFIG_CFG80211=y -# CONFIG_NL80211_TESTMODE is not set -# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set -CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y -CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS=y -CONFIG_CFG80211_DEFAULT_PS=y -# CONFIG_CFG80211_DEBUGFS is not set -CONFIG_CFG80211_CRDA_SUPPORT=y -# CONFIG_CFG80211_WEXT is not set -CONFIG_MAC80211=y -CONFIG_MAC80211_HAS_RC=y -CONFIG_MAC80211_RC_MINSTREL=y -CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y -CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" -# CONFIG_MAC80211_MESH is not set -CONFIG_MAC80211_LEDS=y -# CONFIG_MAC80211_DEBUGFS is not set -# CONFIG_MAC80211_MESSAGE_TRACING is not set -# CONFIG_MAC80211_DEBUG_MENU is not set -CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 -CONFIG_RFKILL=y -CONFIG_RFKILL_LEDS=y -CONFIG_RFKILL_INPUT=y -CONFIG_NET_9P=y -CONFIG_NET_9P_FD=y -CONFIG_NET_9P_VIRTIO=y -# CONFIG_NET_9P_DEBUG is not set -# CONFIG_CAIF is not set -# CONFIG_CEPH_LIB is not set -# CONFIG_NFC is not set -# CONFIG_PSAMPLE is not set -# CONFIG_NET_IFE is not set -# CONFIG_LWTUNNEL is not set -CONFIG_DST_CACHE=y -CONFIG_GRO_CELLS=y -CONFIG_NET_SELFTESTS=y -CONFIG_FAILOVER=y -CONFIG_ETHTOOL_NETLINK=y - -# -# Device Drivers -# -CONFIG_HAVE_EISA=y -# CONFIG_EISA is not set -CONFIG_HAVE_PCI=y -CONFIG_PCI=y -CONFIG_PCI_DOMAINS=y -CONFIG_PCIEPORTBUS=y -# CONFIG_HOTPLUG_PCI_PCIE is not set -# CONFIG_PCIEAER is not set -CONFIG_PCIEASPM=y -CONFIG_PCIEASPM_DEFAULT=y -# CONFIG_PCIEASPM_POWERSAVE is not set -# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set -# CONFIG_PCIEASPM_PERFORMANCE is not set -CONFIG_PCIE_PME=y -# CONFIG_PCIE_PTM is not set -CONFIG_PCI_MSI=y -CONFIG_PCI_QUIRKS=y -# CONFIG_PCI_DEBUG is not set -# CONFIG_PCI_STUB is not set -CONFIG_PCI_ATS=y -CONFIG_PCI_LOCKLESS_CONFIG=y -# CONFIG_PCI_IOV is not set -CONFIG_PCI_PRI=y -CONFIG_PCI_PASID=y -CONFIG_PCI_LABEL=y -CONFIG_VGA_ARB=y -CONFIG_VGA_ARB_MAX_GPUS=16 -CONFIG_HOTPLUG_PCI=y -# CONFIG_HOTPLUG_PCI_ACPI is not set -# CONFIG_HOTPLUG_PCI_CPCI is not set -# CONFIG_HOTPLUG_PCI_SHPC is not set - -# -# PCI controller drivers -# -# CONFIG_VMD is not set - -# -# Cadence-based PCIe controllers -# -# end of Cadence-based PCIe controllers - -# -# DesignWare-based PCIe controllers -# -# CONFIG_PCI_MESON is not set -# CONFIG_PCIE_DW_PLAT_HOST is not set -# end of DesignWare-based PCIe controllers - -# -# Mobiveil-based PCIe controllers -# -# end of Mobiveil-based PCIe controllers -# end of PCI controller drivers - -# -# PCI Endpoint -# -# CONFIG_PCI_ENDPOINT is not set -# end of PCI Endpoint - -# -# PCI switch controller drivers -# -# CONFIG_PCI_SW_SWITCHTEC is not set -# end of PCI switch controller drivers - -# CONFIG_CXL_BUS is not set -CONFIG_PCCARD=y -CONFIG_PCMCIA=y -CONFIG_PCMCIA_LOAD_CIS=y -CONFIG_CARDBUS=y - -# -# PC-card bridges -# -CONFIG_YENTA=y -CONFIG_YENTA_O2=y -CONFIG_YENTA_RICOH=y -CONFIG_YENTA_TI=y -CONFIG_YENTA_ENE_TUNE=y -CONFIG_YENTA_TOSHIBA=y -# CONFIG_PD6729 is not set -# CONFIG_I82092 is not set -CONFIG_PCCARD_NONSTATIC=y -# CONFIG_RAPIDIO is not set - -# -# Generic Driver Options -# -CONFIG_AUXILIARY_BUS=y -# CONFIG_UEVENT_HELPER is not set -CONFIG_DEVTMPFS=y -CONFIG_DEVTMPFS_MOUNT=y -# CONFIG_DEVTMPFS_SAFE is not set -CONFIG_STANDALONE=y -CONFIG_PREVENT_FIRMWARE_BUILD=y - -# -# Firmware loader -# -CONFIG_FW_LOADER=y -CONFIG_EXTRA_FIRMWARE="" -# CONFIG_FW_LOADER_USER_HELPER is not set -# CONFIG_FW_LOADER_COMPRESS is not set -CONFIG_FW_CACHE=y -# CONFIG_FW_UPLOAD is not set -# end of Firmware loader - -CONFIG_ALLOW_DEV_COREDUMP=y -# CONFIG_DEBUG_DRIVER is not set -CONFIG_DEBUG_DEVRES=y -# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set -# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set -CONFIG_GENERIC_CPU_AUTOPROBE=y -CONFIG_GENERIC_CPU_VULNERABILITIES=y -CONFIG_REGMAP=y -CONFIG_DMA_SHARED_BUFFER=y -# CONFIG_DMA_FENCE_TRACE is not set -# CONFIG_FW_DEVLINK_SYNC_STATE_TIMEOUT is not set -# end of Generic Driver Options - -# -# Bus devices -# -# CONFIG_MHI_BUS is not set -# CONFIG_MHI_BUS_EP is not set -# end of Bus devices - -CONFIG_CONNECTOR=y -CONFIG_PROC_EVENTS=y - -# -# Firmware Drivers -# - -# -# ARM System Control and Management Interface Protocol -# -# end of ARM System Control and Management Interface Protocol - -# CONFIG_EDD is not set -CONFIG_FIRMWARE_MEMMAP=y -CONFIG_DMIID=y -# CONFIG_DMI_SYSFS is not set -CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y -# CONFIG_ISCSI_IBFT is not set -# CONFIG_FW_CFG_SYSFS is not set -# CONFIG_SYSFB_SIMPLEFB is not set -# CONFIG_GOOGLE_FIRMWARE is not set - -# -# EFI (Extensible Firmware Interface) Support -# -CONFIG_EFI_ESRT=y -CONFIG_EFI_DXE_MEM_ATTRIBUTES=y -CONFIG_EFI_RUNTIME_WRAPPERS=y -# CONFIG_EFI_BOOTLOADER_CONTROL is not set -# CONFIG_EFI_CAPSULE_LOADER is not set -# CONFIG_EFI_TEST is not set -# CONFIG_APPLE_PROPERTIES is not set -# CONFIG_RESET_ATTACK_MITIGATION is not set -# CONFIG_EFI_RCI2_TABLE is not set -# CONFIG_EFI_DISABLE_PCI_DMA is not set -CONFIG_EFI_EARLYCON=y -CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y -# CONFIG_EFI_DISABLE_RUNTIME is not set -# CONFIG_EFI_COCO_SECRET is not set -# end of EFI (Extensible Firmware Interface) Support - -# -# Tegra firmware driver -# -# end of Tegra firmware driver -# end of Firmware Drivers - -# CONFIG_GNSS is not set -# CONFIG_MTD is not set -# CONFIG_OF is not set -CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y -# CONFIG_PARPORT is not set -CONFIG_PNP=y -CONFIG_PNP_DEBUG_MESSAGES=y - -# -# Protocols -# -CONFIG_PNPACPI=y -CONFIG_BLK_DEV=y -# CONFIG_BLK_DEV_NULL_BLK is not set -# CONFIG_BLK_DEV_FD is not set -CONFIG_CDROM=y -# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set -CONFIG_BLK_DEV_LOOP=y -CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 -# CONFIG_BLK_DEV_DRBD is not set -# CONFIG_BLK_DEV_NBD is not set -# CONFIG_BLK_DEV_RAM is not set -# CONFIG_CDROM_PKTCDVD is not set -# CONFIG_ATA_OVER_ETH is not set -CONFIG_VIRTIO_BLK=y -# CONFIG_BLK_DEV_RBD is not set -# CONFIG_BLK_DEV_UBLK is not set - -# -# NVME Support -# -# CONFIG_BLK_DEV_NVME is not set -# CONFIG_NVME_FC is not set -# CONFIG_NVME_TCP is not set -# end of NVME Support - -# -# Misc devices -# -# CONFIG_AD525X_DPOT is not set -# CONFIG_DUMMY_IRQ is not set -# CONFIG_IBM_ASM is not set -# CONFIG_PHANTOM is not set -# CONFIG_TIFM_CORE is not set -# CONFIG_ICS932S401 is not set -# CONFIG_ENCLOSURE_SERVICES is not set -# CONFIG_HP_ILO is not set -# CONFIG_APDS9802ALS is not set -# CONFIG_ISL29003 is not set -# CONFIG_ISL29020 is not set -# CONFIG_SENSORS_TSL2550 is not set -# CONFIG_SENSORS_BH1770 is not set -# CONFIG_SENSORS_APDS990X is not set -# CONFIG_HMC6352 is not set -# CONFIG_DS1682 is not set -# CONFIG_SRAM is not set -# CONFIG_DW_XDATA_PCIE is not set -# CONFIG_PCI_ENDPOINT_TEST is not set -# CONFIG_XILINX_SDFEC is not set -# CONFIG_C2PORT is not set - -# -# EEPROM support -# -# CONFIG_EEPROM_AT24 is not set -# CONFIG_EEPROM_LEGACY is not set -# CONFIG_EEPROM_MAX6875 is not set -# CONFIG_EEPROM_93CX6 is not set -# CONFIG_EEPROM_IDT_89HPESX is not set -# CONFIG_EEPROM_EE1004 is not set -# end of EEPROM support - -# CONFIG_CB710_CORE is not set - -# -# Texas Instruments shared transport line discipline -# -# end of Texas Instruments shared transport line discipline - -# CONFIG_SENSORS_LIS3_I2C is not set -# CONFIG_ALTERA_STAPL is not set -# CONFIG_INTEL_MEI is not set -# CONFIG_INTEL_MEI_ME is not set -# CONFIG_INTEL_MEI_TXE is not set -# CONFIG_INTEL_MEI_HDCP is not set -# CONFIG_INTEL_MEI_PXP is not set -# CONFIG_INTEL_MEI_GSC_PROXY is not set -# CONFIG_VMWARE_VMCI is not set -# CONFIG_GENWQE is not set -# CONFIG_ECHO is not set -# CONFIG_BCM_VK is not set -# CONFIG_MISC_ALCOR_PCI is not set -# CONFIG_MISC_RTSX_PCI is not set -# CONFIG_MISC_RTSX_USB is not set -# CONFIG_UACCE is not set -# CONFIG_PVPANIC is not set -# end of Misc devices - -# -# SCSI device support -# -CONFIG_SCSI_MOD=y -# CONFIG_RAID_ATTRS is not set -CONFIG_SCSI_COMMON=y -CONFIG_SCSI=y -CONFIG_SCSI_DMA=y -CONFIG_SCSI_PROC_FS=y - -# -# SCSI support type (disk, tape, CD-ROM) -# -CONFIG_BLK_DEV_SD=y -# CONFIG_CHR_DEV_ST is not set -CONFIG_BLK_DEV_SR=y -CONFIG_CHR_DEV_SG=y -CONFIG_BLK_DEV_BSG=y -# CONFIG_CHR_DEV_SCH is not set -CONFIG_SCSI_CONSTANTS=y -# CONFIG_SCSI_LOGGING is not set -# CONFIG_SCSI_SCAN_ASYNC is not set - -# -# SCSI Transports -# -CONFIG_SCSI_SPI_ATTRS=y -# CONFIG_SCSI_FC_ATTRS is not set -# CONFIG_SCSI_ISCSI_ATTRS is not set -# CONFIG_SCSI_SAS_ATTRS is not set -# CONFIG_SCSI_SAS_LIBSAS is not set -# CONFIG_SCSI_SRP_ATTRS is not set -# end of SCSI Transports - -CONFIG_SCSI_LOWLEVEL=y -# CONFIG_ISCSI_TCP is not set -# CONFIG_ISCSI_BOOT_SYSFS is not set -# CONFIG_SCSI_CXGB3_ISCSI is not set -# CONFIG_SCSI_CXGB4_ISCSI is not set -# CONFIG_SCSI_BNX2_ISCSI is not set -# CONFIG_BE2ISCSI is not set -# CONFIG_BLK_DEV_3W_XXXX_RAID is not set -# CONFIG_SCSI_HPSA is not set -# CONFIG_SCSI_3W_9XXX is not set -# CONFIG_SCSI_3W_SAS is not set -# CONFIG_SCSI_ACARD is not set -# CONFIG_SCSI_AACRAID is not set -# CONFIG_SCSI_AIC7XXX is not set -# CONFIG_SCSI_AIC79XX is not set -# CONFIG_SCSI_AIC94XX is not set -# CONFIG_SCSI_MVSAS is not set -# CONFIG_SCSI_MVUMI is not set -# CONFIG_SCSI_ADVANSYS is not set -# CONFIG_SCSI_ARCMSR is not set -# CONFIG_SCSI_ESAS2R is not set -# CONFIG_MEGARAID_NEWGEN is not set -# CONFIG_MEGARAID_LEGACY is not set -# CONFIG_MEGARAID_SAS is not set -# CONFIG_SCSI_MPT3SAS is not set -# CONFIG_SCSI_MPT2SAS is not set -# CONFIG_SCSI_MPI3MR is not set -# CONFIG_SCSI_SMARTPQI is not set -# CONFIG_SCSI_HPTIOP is not set -# CONFIG_SCSI_BUSLOGIC is not set -# CONFIG_SCSI_MYRB is not set -# CONFIG_SCSI_MYRS is not set -# CONFIG_VMWARE_PVSCSI is not set -# CONFIG_SCSI_SNIC is not set -# CONFIG_SCSI_DMX3191D is not set -# CONFIG_SCSI_FDOMAIN_PCI is not set -# CONFIG_SCSI_ISCI is not set -# CONFIG_SCSI_IPS is not set -# CONFIG_SCSI_INITIO is not set -# CONFIG_SCSI_INIA100 is not set -# CONFIG_SCSI_STEX is not set -# CONFIG_SCSI_SYM53C8XX_2 is not set -# CONFIG_SCSI_IPR is not set -# CONFIG_SCSI_QLOGIC_1280 is not set -# CONFIG_SCSI_QLA_ISCSI is not set -# CONFIG_SCSI_DC395x is not set -# CONFIG_SCSI_AM53C974 is not set -# CONFIG_SCSI_WD719X is not set -# CONFIG_SCSI_DEBUG is not set -# CONFIG_SCSI_PMCRAID is not set -# CONFIG_SCSI_PM8001 is not set -CONFIG_SCSI_VIRTIO=y -# CONFIG_SCSI_LOWLEVEL_PCMCIA is not set -# CONFIG_SCSI_DH is not set -# end of SCSI device support - -CONFIG_ATA=y -CONFIG_SATA_HOST=y -CONFIG_PATA_TIMINGS=y -CONFIG_ATA_VERBOSE_ERROR=y -CONFIG_ATA_FORCE=y -CONFIG_ATA_ACPI=y -# CONFIG_SATA_ZPODD is not set -CONFIG_SATA_PMP=y - -# -# Controllers with non-SFF native interface -# -CONFIG_SATA_AHCI=y -CONFIG_SATA_MOBILE_LPM_POLICY=0 -# CONFIG_SATA_AHCI_PLATFORM is not set -# CONFIG_AHCI_DWC is not set -# CONFIG_SATA_INIC162X is not set -# CONFIG_SATA_ACARD_AHCI is not set -# CONFIG_SATA_SIL24 is not set -CONFIG_ATA_SFF=y - -# -# SFF controllers with custom DMA interface -# -# CONFIG_PDC_ADMA is not set -# CONFIG_SATA_QSTOR is not set -# CONFIG_SATA_SX4 is not set -CONFIG_ATA_BMDMA=y - -# -# SATA SFF controllers with BMDMA -# -CONFIG_ATA_PIIX=y -# CONFIG_SATA_DWC is not set -# CONFIG_SATA_MV is not set -# CONFIG_SATA_NV is not set -# CONFIG_SATA_PROMISE is not set -# CONFIG_SATA_SIL is not set -# CONFIG_SATA_SIS is not set -# CONFIG_SATA_SVW is not set -# CONFIG_SATA_ULI is not set -# CONFIG_SATA_VIA is not set -# CONFIG_SATA_VITESSE is not set - -# -# PATA SFF controllers with BMDMA -# -# CONFIG_PATA_ALI is not set -CONFIG_PATA_AMD=y -# CONFIG_PATA_ARTOP is not set -# CONFIG_PATA_ATIIXP is not set -# CONFIG_PATA_ATP867X is not set -# CONFIG_PATA_CMD64X is not set -# CONFIG_PATA_CYPRESS is not set -# CONFIG_PATA_EFAR is not set -# CONFIG_PATA_HPT366 is not set -# CONFIG_PATA_HPT37X is not set -# CONFIG_PATA_HPT3X2N is not set -# CONFIG_PATA_HPT3X3 is not set -# CONFIG_PATA_IT8213 is not set -# CONFIG_PATA_IT821X is not set -# CONFIG_PATA_JMICRON is not set -# CONFIG_PATA_MARVELL is not set -# CONFIG_PATA_NETCELL is not set -# CONFIG_PATA_NINJA32 is not set -# CONFIG_PATA_NS87415 is not set -CONFIG_PATA_OLDPIIX=y -# CONFIG_PATA_OPTIDMA is not set -# CONFIG_PATA_PDC2027X is not set -# CONFIG_PATA_PDC_OLD is not set -# CONFIG_PATA_RADISYS is not set -# CONFIG_PATA_RDC is not set -CONFIG_PATA_SCH=y -# CONFIG_PATA_SERVERWORKS is not set -# CONFIG_PATA_SIL680 is not set -# CONFIG_PATA_SIS is not set -# CONFIG_PATA_TOSHIBA is not set -# CONFIG_PATA_TRIFLEX is not set -# CONFIG_PATA_VIA is not set -# CONFIG_PATA_WINBOND is not set - -# -# PIO-only SFF controllers -# -# CONFIG_PATA_CMD640_PCI is not set -# CONFIG_PATA_MPIIX is not set -# CONFIG_PATA_NS87410 is not set -# CONFIG_PATA_OPTI is not set -# CONFIG_PATA_PCMCIA is not set -# CONFIG_PATA_RZ1000 is not set - -# -# Generic fallback / legacy drivers -# -# CONFIG_PATA_ACPI is not set -# CONFIG_ATA_GENERIC is not set -# CONFIG_PATA_LEGACY is not set -CONFIG_MD=y -CONFIG_BLK_DEV_MD=y -CONFIG_MD_AUTODETECT=y -# CONFIG_MD_LINEAR is not set -# CONFIG_MD_RAID0 is not set -# CONFIG_MD_RAID1 is not set -# CONFIG_MD_RAID10 is not set -# CONFIG_MD_RAID456 is not set -# CONFIG_MD_MULTIPATH is not set -# CONFIG_MD_FAULTY is not set -# CONFIG_BCACHE is not set -CONFIG_BLK_DEV_DM_BUILTIN=y -CONFIG_BLK_DEV_DM=y -# CONFIG_DM_DEBUG is not set -# CONFIG_DM_UNSTRIPED is not set -# CONFIG_DM_CRYPT is not set -# CONFIG_DM_SNAPSHOT is not set -# CONFIG_DM_THIN_PROVISIONING is not set -# CONFIG_DM_CACHE is not set -# CONFIG_DM_WRITECACHE is not set -# CONFIG_DM_EBS is not set -# CONFIG_DM_ERA is not set -# CONFIG_DM_CLONE is not set -CONFIG_DM_MIRROR=y -# CONFIG_DM_LOG_USERSPACE is not set -# CONFIG_DM_RAID is not set -CONFIG_DM_ZERO=y -# CONFIG_DM_MULTIPATH is not set -# CONFIG_DM_DELAY is not set -# CONFIG_DM_DUST is not set -# CONFIG_DM_INIT is not set -# CONFIG_DM_UEVENT is not set -# CONFIG_DM_FLAKEY is not set -# CONFIG_DM_VERITY is not set -# CONFIG_DM_SWITCH is not set -# CONFIG_DM_LOG_WRITES is not set -# CONFIG_DM_INTEGRITY is not set -# CONFIG_DM_AUDIT is not set -# CONFIG_TARGET_CORE is not set -# CONFIG_FUSION is not set - -# -# IEEE 1394 (FireWire) support -# -# CONFIG_FIREWIRE is not set -# CONFIG_FIREWIRE_NOSY is not set -# end of IEEE 1394 (FireWire) support - -CONFIG_MACINTOSH_DRIVERS=y -CONFIG_MAC_EMUMOUSEBTN=y -CONFIG_NETDEVICES=y -CONFIG_MII=y -CONFIG_NET_CORE=y -# CONFIG_BONDING is not set -# CONFIG_DUMMY is not set -# CONFIG_WIREGUARD is not set -# CONFIG_EQUALIZER is not set -# CONFIG_NET_FC is not set -# CONFIG_NET_TEAM is not set -# CONFIG_MACVLAN is not set -# CONFIG_IPVLAN is not set -# CONFIG_VXLAN is not set -# CONFIG_GENEVE is not set -# CONFIG_BAREUDP is not set -# CONFIG_GTP is not set -# CONFIG_AMT is not set -# CONFIG_MACSEC is not set -CONFIG_NETCONSOLE=y -CONFIG_NETPOLL=y -CONFIG_NET_POLL_CONTROLLER=y -# CONFIG_TUN is not set -# CONFIG_TUN_VNET_CROSS_LE is not set -# CONFIG_VETH is not set -CONFIG_VIRTIO_NET=y -# CONFIG_NLMON is not set -# CONFIG_ARCNET is not set -CONFIG_ETHERNET=y -CONFIG_NET_VENDOR_3COM=y -# CONFIG_PCMCIA_3C574 is not set -# CONFIG_PCMCIA_3C589 is not set -# CONFIG_VORTEX is not set -# CONFIG_TYPHOON is not set -CONFIG_NET_VENDOR_ADAPTEC=y -# CONFIG_ADAPTEC_STARFIRE is not set -CONFIG_NET_VENDOR_AGERE=y -# CONFIG_ET131X is not set -CONFIG_NET_VENDOR_ALACRITECH=y -# CONFIG_SLICOSS is not set -CONFIG_NET_VENDOR_ALTEON=y -# CONFIG_ACENIC is not set -# CONFIG_ALTERA_TSE is not set -CONFIG_NET_VENDOR_AMAZON=y -# CONFIG_ENA_ETHERNET is not set -CONFIG_NET_VENDOR_AMD=y -# CONFIG_AMD8111_ETH is not set -# CONFIG_PCNET32 is not set -# CONFIG_PCMCIA_NMCLAN is not set -# CONFIG_AMD_XGBE is not set -# CONFIG_PDS_CORE is not set -CONFIG_NET_VENDOR_AQUANTIA=y -# CONFIG_AQTION is not set -CONFIG_NET_VENDOR_ARC=y -CONFIG_NET_VENDOR_ASIX=y -CONFIG_NET_VENDOR_ATHEROS=y -# CONFIG_ATL2 is not set -# CONFIG_ATL1 is not set -# CONFIG_ATL1E is not set -# CONFIG_ATL1C is not set -# CONFIG_ALX is not set -# CONFIG_CX_ECAT is not set -CONFIG_NET_VENDOR_BROADCOM=y -# CONFIG_B44 is not set -# CONFIG_BCMGENET is not set -# CONFIG_BNX2 is not set -# CONFIG_CNIC is not set -CONFIG_TIGON3=y -CONFIG_TIGON3_HWMON=y -# CONFIG_BNX2X is not set -# CONFIG_SYSTEMPORT is not set -# CONFIG_BNXT is not set -CONFIG_NET_VENDOR_CADENCE=y -CONFIG_NET_VENDOR_CAVIUM=y -# CONFIG_THUNDER_NIC_PF is not set -# CONFIG_THUNDER_NIC_VF is not set -# CONFIG_THUNDER_NIC_BGX is not set -# CONFIG_THUNDER_NIC_RGX is not set -# CONFIG_CAVIUM_PTP is not set -# CONFIG_LIQUIDIO is not set -# CONFIG_LIQUIDIO_VF is not set -CONFIG_NET_VENDOR_CHELSIO=y -# CONFIG_CHELSIO_T1 is not set -# CONFIG_CHELSIO_T3 is not set -# CONFIG_CHELSIO_T4 is not set -# CONFIG_CHELSIO_T4VF is not set -CONFIG_NET_VENDOR_CISCO=y -# CONFIG_ENIC is not set -CONFIG_NET_VENDOR_CORTINA=y -CONFIG_NET_VENDOR_DAVICOM=y -# CONFIG_DNET is not set -CONFIG_NET_VENDOR_DEC=y -CONFIG_NET_TULIP=y -# CONFIG_DE2104X is not set -# CONFIG_TULIP is not set -# CONFIG_WINBOND_840 is not set -# CONFIG_DM9102 is not set -# CONFIG_ULI526X is not set -# CONFIG_PCMCIA_XIRCOM is not set -CONFIG_NET_VENDOR_DLINK=y -# CONFIG_DL2K is not set -# CONFIG_SUNDANCE is not set -CONFIG_NET_VENDOR_EMULEX=y -# CONFIG_BE2NET is not set -CONFIG_NET_VENDOR_ENGLEDER=y -# CONFIG_TSNEP is not set -CONFIG_NET_VENDOR_EZCHIP=y -CONFIG_NET_VENDOR_FUJITSU=y -# CONFIG_PCMCIA_FMVJ18X is not set -CONFIG_NET_VENDOR_FUNGIBLE=y -# CONFIG_FUN_ETH is not set -CONFIG_NET_VENDOR_GOOGLE=y -# CONFIG_GVE is not set -CONFIG_NET_VENDOR_HUAWEI=y -# CONFIG_HINIC is not set -CONFIG_NET_VENDOR_I825XX=y -CONFIG_NET_VENDOR_INTEL=y -CONFIG_E100=y -CONFIG_E1000=y -CONFIG_E1000E=y -CONFIG_E1000E_HWTS=y -# CONFIG_IGB is not set -# CONFIG_IGBVF is not set -# CONFIG_IXGBE is not set -# CONFIG_IXGBEVF is not set -# CONFIG_I40E is not set -# CONFIG_I40EVF is not set -# CONFIG_ICE is not set -# CONFIG_FM10K is not set -# CONFIG_IGC is not set -# CONFIG_JME is not set -CONFIG_NET_VENDOR_LITEX=y -CONFIG_NET_VENDOR_MARVELL=y -# CONFIG_MVMDIO is not set -# CONFIG_SKGE is not set -CONFIG_SKY2=y -# CONFIG_SKY2_DEBUG is not set -# CONFIG_OCTEON_EP is not set -CONFIG_NET_VENDOR_MELLANOX=y -# CONFIG_MLX4_EN is not set -# CONFIG_MLX5_CORE is not set -# CONFIG_MLXSW_CORE is not set -# CONFIG_MLXFW is not set -CONFIG_NET_VENDOR_MICREL=y -# CONFIG_KS8842 is not set -# CONFIG_KS8851_MLL is not set -# CONFIG_KSZ884X_PCI is not set -CONFIG_NET_VENDOR_MICROCHIP=y -# CONFIG_LAN743X is not set -# CONFIG_VCAP is not set -CONFIG_NET_VENDOR_MICROSEMI=y -CONFIG_NET_VENDOR_MICROSOFT=y -CONFIG_NET_VENDOR_MYRI=y -# CONFIG_MYRI10GE is not set -# CONFIG_FEALNX is not set -CONFIG_NET_VENDOR_NI=y -# CONFIG_NI_XGE_MANAGEMENT_ENET is not set -CONFIG_NET_VENDOR_NATSEMI=y -# CONFIG_NATSEMI is not set -# CONFIG_NS83820 is not set -CONFIG_NET_VENDOR_NETERION=y -# CONFIG_S2IO is not set -CONFIG_NET_VENDOR_NETRONOME=y -# CONFIG_NFP is not set -CONFIG_NET_VENDOR_8390=y -# CONFIG_PCMCIA_AXNET is not set -# CONFIG_NE2K_PCI is not set -# CONFIG_PCMCIA_PCNET is not set -CONFIG_NET_VENDOR_NVIDIA=y -CONFIG_FORCEDETH=y -CONFIG_NET_VENDOR_OKI=y -# CONFIG_ETHOC is not set -CONFIG_NET_VENDOR_PACKET_ENGINES=y -# CONFIG_HAMACHI is not set -# CONFIG_YELLOWFIN is not set -CONFIG_NET_VENDOR_PENSANDO=y -# CONFIG_IONIC is not set -CONFIG_NET_VENDOR_QLOGIC=y -# CONFIG_QLA3XXX is not set -# CONFIG_QLCNIC is not set -# CONFIG_NETXEN_NIC is not set -# CONFIG_QED is not set -CONFIG_NET_VENDOR_BROCADE=y -# CONFIG_BNA is not set -CONFIG_NET_VENDOR_QUALCOMM=y -# CONFIG_QCOM_EMAC is not set -# CONFIG_RMNET is not set -CONFIG_NET_VENDOR_RDC=y -# CONFIG_R6040 is not set -CONFIG_NET_VENDOR_REALTEK=y -# CONFIG_8139CP is not set -CONFIG_8139TOO=y -CONFIG_8139TOO_PIO=y -# CONFIG_8139TOO_TUNE_TWISTER is not set -# CONFIG_8139TOO_8129 is not set -# CONFIG_8139_OLD_RX_RESET is not set -CONFIG_R8169=y -CONFIG_NET_VENDOR_RENESAS=y -CONFIG_NET_VENDOR_ROCKER=y -CONFIG_NET_VENDOR_SAMSUNG=y -# CONFIG_SXGBE_ETH is not set -CONFIG_NET_VENDOR_SEEQ=y -CONFIG_NET_VENDOR_SILAN=y -# CONFIG_SC92031 is not set -CONFIG_NET_VENDOR_SIS=y -# CONFIG_SIS900 is not set -# CONFIG_SIS190 is not set -CONFIG_NET_VENDOR_SOLARFLARE=y -# CONFIG_SFC is not set -# CONFIG_SFC_FALCON is not set -# CONFIG_SFC_SIENA is not set -CONFIG_NET_VENDOR_SMSC=y -# CONFIG_PCMCIA_SMC91C92 is not set -# CONFIG_EPIC100 is not set -# CONFIG_SMSC911X is not set -# CONFIG_SMSC9420 is not set -CONFIG_NET_VENDOR_SOCIONEXT=y -CONFIG_NET_VENDOR_STMICRO=y -# CONFIG_STMMAC_ETH is not set -CONFIG_NET_VENDOR_SUN=y -# CONFIG_HAPPYMEAL is not set -# CONFIG_SUNGEM is not set -# CONFIG_CASSINI is not set -# CONFIG_NIU is not set -CONFIG_NET_VENDOR_SYNOPSYS=y -# CONFIG_DWC_XLGMAC is not set -CONFIG_NET_VENDOR_TEHUTI=y -# CONFIG_TEHUTI is not set -CONFIG_NET_VENDOR_TI=y -# CONFIG_TI_CPSW_PHY_SEL is not set -# CONFIG_TLAN is not set -CONFIG_NET_VENDOR_VERTEXCOM=y -CONFIG_NET_VENDOR_VIA=y -# CONFIG_VIA_RHINE is not set -# CONFIG_VIA_VELOCITY is not set -CONFIG_NET_VENDOR_WANGXUN=y -# CONFIG_NGBE is not set -CONFIG_NET_VENDOR_WIZNET=y -# CONFIG_WIZNET_W5100 is not set -# CONFIG_WIZNET_W5300 is not set -CONFIG_NET_VENDOR_XILINX=y -# CONFIG_XILINX_EMACLITE is not set -# CONFIG_XILINX_AXI_EMAC is not set -# CONFIG_XILINX_LL_TEMAC is not set -CONFIG_NET_VENDOR_XIRCOM=y -# CONFIG_PCMCIA_XIRC2PS is not set -# CONFIG_FDDI is not set -# CONFIG_HIPPI is not set -# CONFIG_NET_SB1000 is not set -CONFIG_PHYLIB=y -CONFIG_SWPHY=y -# CONFIG_LED_TRIGGER_PHY is not set -CONFIG_FIXED_PHY=y - -# -# MII PHY device drivers -# -# CONFIG_AMD_PHY is not set -# CONFIG_ADIN_PHY is not set -# CONFIG_ADIN1100_PHY is not set -# CONFIG_AQUANTIA_PHY is not set -# CONFIG_AX88796B_PHY is not set -# CONFIG_BROADCOM_PHY is not set -# CONFIG_BCM54140_PHY is not set -# CONFIG_BCM7XXX_PHY is not set -# CONFIG_BCM84881_PHY is not set -# CONFIG_BCM87XX_PHY is not set -# CONFIG_CICADA_PHY is not set -# CONFIG_CORTINA_PHY is not set -# CONFIG_DAVICOM_PHY is not set -# CONFIG_ICPLUS_PHY is not set -# CONFIG_LXT_PHY is not set -# CONFIG_INTEL_XWAY_PHY is not set -# CONFIG_LSI_ET1011C_PHY is not set -# CONFIG_MARVELL_PHY is not set -# CONFIG_MARVELL_10G_PHY is not set -# CONFIG_MARVELL_88X2222_PHY is not set -# CONFIG_MAXLINEAR_GPHY is not set -# CONFIG_MEDIATEK_GE_PHY is not set -# CONFIG_MICREL_PHY is not set -# CONFIG_MICROCHIP_T1S_PHY is not set -# CONFIG_MICROCHIP_PHY is not set -# CONFIG_MICROCHIP_T1_PHY is not set -# CONFIG_MICROSEMI_PHY is not set -# CONFIG_MOTORCOMM_PHY is not set -# CONFIG_NATIONAL_PHY is not set -# CONFIG_NXP_CBTX_PHY is not set -# CONFIG_NXP_C45_TJA11XX_PHY is not set -# CONFIG_NXP_TJA11XX_PHY is not set -# CONFIG_NCN26000_PHY is not set -# CONFIG_QSEMI_PHY is not set -CONFIG_REALTEK_PHY=y -# CONFIG_RENESAS_PHY is not set -# CONFIG_ROCKCHIP_PHY is not set -# CONFIG_SMSC_PHY is not set -# CONFIG_STE10XP is not set -# CONFIG_TERANETICS_PHY is not set -# CONFIG_DP83822_PHY is not set -# CONFIG_DP83TC811_PHY is not set -# CONFIG_DP83848_PHY is not set -# CONFIG_DP83867_PHY is not set -# CONFIG_DP83869_PHY is not set -# CONFIG_DP83TD510_PHY is not set -# CONFIG_VITESSE_PHY is not set -# CONFIG_XILINX_GMII2RGMII is not set -# CONFIG_PSE_CONTROLLER is not set -CONFIG_MDIO_DEVICE=y -CONFIG_MDIO_BUS=y -CONFIG_FWNODE_MDIO=y -CONFIG_ACPI_MDIO=y -CONFIG_MDIO_DEVRES=y -# CONFIG_MDIO_BITBANG is not set -# CONFIG_MDIO_BCM_UNIMAC is not set -# CONFIG_MDIO_MVUSB is not set -# CONFIG_MDIO_THUNDER is not set - -# -# MDIO Multiplexers -# - -# -# PCS device drivers -# -# end of PCS device drivers - -# CONFIG_PPP is not set -# CONFIG_SLIP is not set -CONFIG_USB_NET_DRIVERS=y -# CONFIG_USB_CATC is not set -# CONFIG_USB_KAWETH is not set -# CONFIG_USB_PEGASUS is not set -# CONFIG_USB_RTL8150 is not set -# CONFIG_USB_RTL8152 is not set -# CONFIG_USB_LAN78XX is not set -# CONFIG_USB_USBNET is not set -# CONFIG_USB_HSO is not set -# CONFIG_USB_IPHETH is not set -CONFIG_WLAN=y -CONFIG_WLAN_VENDOR_ADMTEK=y -# CONFIG_ADM8211 is not set -CONFIG_WLAN_VENDOR_ATH=y -# CONFIG_ATH_DEBUG is not set -# CONFIG_ATH5K is not set -# CONFIG_ATH5K_PCI is not set -# CONFIG_ATH9K is not set -# CONFIG_ATH9K_HTC is not set -# CONFIG_CARL9170 is not set -# CONFIG_ATH6KL is not set -# CONFIG_AR5523 is not set -# CONFIG_WIL6210 is not set -# CONFIG_ATH10K is not set -# CONFIG_WCN36XX is not set -CONFIG_WLAN_VENDOR_ATMEL=y -# CONFIG_ATMEL is not set -# CONFIG_AT76C50X_USB is not set -CONFIG_WLAN_VENDOR_BROADCOM=y -# CONFIG_B43 is not set -# CONFIG_B43LEGACY is not set -# CONFIG_BRCMSMAC is not set -# CONFIG_BRCMFMAC is not set -CONFIG_WLAN_VENDOR_CISCO=y -# CONFIG_AIRO is not set -# CONFIG_AIRO_CS is not set -CONFIG_WLAN_VENDOR_INTEL=y -# CONFIG_IPW2100 is not set -# CONFIG_IPW2200 is not set -# CONFIG_IWL4965 is not set -# CONFIG_IWL3945 is not set -# CONFIG_IWLWIFI is not set -CONFIG_WLAN_VENDOR_INTERSIL=y -# CONFIG_HOSTAP is not set -# CONFIG_HERMES is not set -# CONFIG_P54_COMMON is not set -CONFIG_WLAN_VENDOR_MARVELL=y -# CONFIG_LIBERTAS is not set -# CONFIG_LIBERTAS_THINFIRM is not set -# CONFIG_MWIFIEX is not set -# CONFIG_MWL8K is not set -CONFIG_WLAN_VENDOR_MEDIATEK=y -# CONFIG_MT7601U is not set -# CONFIG_MT76x0U is not set -# CONFIG_MT76x0E is not set -# CONFIG_MT76x2E is not set -# CONFIG_MT76x2U is not set -# CONFIG_MT7603E is not set -# CONFIG_MT7615E is not set -# CONFIG_MT7663U is not set -# CONFIG_MT7915E is not set -# CONFIG_MT7921E is not set -# CONFIG_MT7921U is not set -# CONFIG_MT7996E is not set -CONFIG_WLAN_VENDOR_MICROCHIP=y -CONFIG_WLAN_VENDOR_PURELIFI=y -# CONFIG_PLFXLC is not set -CONFIG_WLAN_VENDOR_RALINK=y -# CONFIG_RT2X00 is not set -CONFIG_WLAN_VENDOR_REALTEK=y -# CONFIG_RTL8180 is not set -# CONFIG_RTL8187 is not set -CONFIG_RTL_CARDS=y -# CONFIG_RTL8192CE is not set -# CONFIG_RTL8192SE is not set -# CONFIG_RTL8192DE is not set -# CONFIG_RTL8723AE is not set -# CONFIG_RTL8723BE is not set -# CONFIG_RTL8188EE is not set -# CONFIG_RTL8192EE is not set -# CONFIG_RTL8821AE is not set -# CONFIG_RTL8192CU is not set -# CONFIG_RTL8XXXU is not set -# CONFIG_RTW88 is not set -# CONFIG_RTW89 is not set -CONFIG_WLAN_VENDOR_RSI=y -# CONFIG_RSI_91X is not set -CONFIG_WLAN_VENDOR_SILABS=y -CONFIG_WLAN_VENDOR_ST=y -# CONFIG_CW1200 is not set -CONFIG_WLAN_VENDOR_TI=y -# CONFIG_WL1251 is not set -# CONFIG_WL12XX is not set -# CONFIG_WL18XX is not set -# CONFIG_WLCORE is not set -CONFIG_WLAN_VENDOR_ZYDAS=y -# CONFIG_USB_ZD1201 is not set -# CONFIG_ZD1211RW is not set -CONFIG_WLAN_VENDOR_QUANTENNA=y -# CONFIG_QTNFMAC_PCIE is not set -# CONFIG_PCMCIA_RAYCS is not set -# CONFIG_PCMCIA_WL3501 is not set -# CONFIG_USB_NET_RNDIS_WLAN is not set -# CONFIG_MAC80211_HWSIM is not set -# CONFIG_VIRT_WIFI is not set -# CONFIG_WAN is not set - -# -# Wireless WAN -# -# CONFIG_WWAN is not set -# end of Wireless WAN - -# CONFIG_VMXNET3 is not set -# CONFIG_FUJITSU_ES is not set -# CONFIG_NETDEVSIM is not set -CONFIG_NET_FAILOVER=y -# CONFIG_ISDN is not set - -# -# Input device support -# -CONFIG_INPUT=y -CONFIG_INPUT_LEDS=y -CONFIG_INPUT_FF_MEMLESS=y -CONFIG_INPUT_SPARSEKMAP=y -# CONFIG_INPUT_MATRIXKMAP is not set -CONFIG_INPUT_VIVALDIFMAP=y - -# -# Userland interfaces -# -# CONFIG_INPUT_MOUSEDEV is not set -# CONFIG_INPUT_JOYDEV is not set -CONFIG_INPUT_EVDEV=y -# CONFIG_INPUT_EVBUG is not set - -# -# Input Device Drivers -# -CONFIG_INPUT_KEYBOARD=y -# CONFIG_KEYBOARD_ADP5588 is not set -# CONFIG_KEYBOARD_ADP5589 is not set -CONFIG_KEYBOARD_ATKBD=y -# CONFIG_KEYBOARD_QT1050 is not set -# CONFIG_KEYBOARD_QT1070 is not set -# CONFIG_KEYBOARD_QT2160 is not set -# CONFIG_KEYBOARD_DLINK_DIR685 is not set -# CONFIG_KEYBOARD_LKKBD is not set -# CONFIG_KEYBOARD_TCA6416 is not set -# CONFIG_KEYBOARD_TCA8418 is not set -# CONFIG_KEYBOARD_LM8323 is not set -# CONFIG_KEYBOARD_LM8333 is not set -# CONFIG_KEYBOARD_MAX7359 is not set -# CONFIG_KEYBOARD_MCS is not set -# CONFIG_KEYBOARD_MPR121 is not set -# CONFIG_KEYBOARD_NEWTON is not set -# CONFIG_KEYBOARD_OPENCORES is not set -# CONFIG_KEYBOARD_STOWAWAY is not set -# CONFIG_KEYBOARD_SUNKBD is not set -# CONFIG_KEYBOARD_TM2_TOUCHKEY is not set -# CONFIG_KEYBOARD_XTKBD is not set -# CONFIG_KEYBOARD_CYPRESS_SF is not set -CONFIG_INPUT_MOUSE=y -CONFIG_MOUSE_PS2=y -CONFIG_MOUSE_PS2_ALPS=y -CONFIG_MOUSE_PS2_BYD=y -CONFIG_MOUSE_PS2_LOGIPS2PP=y -CONFIG_MOUSE_PS2_SYNAPTICS=y -CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS=y -CONFIG_MOUSE_PS2_CYPRESS=y -CONFIG_MOUSE_PS2_LIFEBOOK=y -CONFIG_MOUSE_PS2_TRACKPOINT=y -# CONFIG_MOUSE_PS2_ELANTECH is not set -# CONFIG_MOUSE_PS2_SENTELIC is not set -# CONFIG_MOUSE_PS2_TOUCHKIT is not set -CONFIG_MOUSE_PS2_FOCALTECH=y -# CONFIG_MOUSE_PS2_VMMOUSE is not set -CONFIG_MOUSE_PS2_SMBUS=y -# CONFIG_MOUSE_SERIAL is not set -# CONFIG_MOUSE_APPLETOUCH is not set -# CONFIG_MOUSE_BCM5974 is not set -# CONFIG_MOUSE_CYAPA is not set -# CONFIG_MOUSE_ELAN_I2C is not set -# CONFIG_MOUSE_VSXXXAA is not set -# CONFIG_MOUSE_SYNAPTICS_I2C is not set -# CONFIG_MOUSE_SYNAPTICS_USB is not set -CONFIG_INPUT_JOYSTICK=y -# CONFIG_JOYSTICK_ANALOG is not set -# CONFIG_JOYSTICK_A3D is not set -# CONFIG_JOYSTICK_ADI is not set -# CONFIG_JOYSTICK_COBRA is not set -# CONFIG_JOYSTICK_GF2K is not set -# CONFIG_JOYSTICK_GRIP is not set -# CONFIG_JOYSTICK_GRIP_MP is not set -# CONFIG_JOYSTICK_GUILLEMOT is not set -# CONFIG_JOYSTICK_INTERACT is not set -# CONFIG_JOYSTICK_SIDEWINDER is not set -# CONFIG_JOYSTICK_TMDC is not set -# CONFIG_JOYSTICK_IFORCE is not set -# CONFIG_JOYSTICK_WARRIOR is not set -# CONFIG_JOYSTICK_MAGELLAN is not set -# CONFIG_JOYSTICK_SPACEORB is not set -# CONFIG_JOYSTICK_SPACEBALL is not set -# CONFIG_JOYSTICK_STINGER is not set -# CONFIG_JOYSTICK_TWIDJOY is not set -# CONFIG_JOYSTICK_ZHENHUA is not set -# CONFIG_JOYSTICK_AS5011 is not set -# CONFIG_JOYSTICK_JOYDUMP is not set -# CONFIG_JOYSTICK_XPAD is not set -# CONFIG_JOYSTICK_PXRC is not set -# CONFIG_JOYSTICK_QWIIC is not set -# CONFIG_JOYSTICK_FSIA6B is not set -# CONFIG_JOYSTICK_SENSEHAT is not set -CONFIG_INPUT_TABLET=y -# CONFIG_TABLET_USB_ACECAD is not set -# CONFIG_TABLET_USB_AIPTEK is not set -# CONFIG_TABLET_USB_HANWANG is not set -# CONFIG_TABLET_USB_KBTAB is not set -# CONFIG_TABLET_USB_PEGASUS is not set -# CONFIG_TABLET_SERIAL_WACOM4 is not set -CONFIG_INPUT_TOUCHSCREEN=y -# CONFIG_TOUCHSCREEN_AD7879 is not set -# CONFIG_TOUCHSCREEN_ATMEL_MXT is not set -# CONFIG_TOUCHSCREEN_BU21013 is not set -# CONFIG_TOUCHSCREEN_BU21029 is not set -# CONFIG_TOUCHSCREEN_CHIPONE_ICN8505 is not set -# CONFIG_TOUCHSCREEN_CY8CTMA140 is not set -# CONFIG_TOUCHSCREEN_CYTTSP_CORE is not set -# CONFIG_TOUCHSCREEN_CYTTSP4_CORE is not set -# CONFIG_TOUCHSCREEN_CYTTSP5 is not set -# CONFIG_TOUCHSCREEN_DYNAPRO is not set -# CONFIG_TOUCHSCREEN_HAMPSHIRE is not set -# CONFIG_TOUCHSCREEN_EETI is not set -# CONFIG_TOUCHSCREEN_EGALAX_SERIAL is not set -# CONFIG_TOUCHSCREEN_EXC3000 is not set -# CONFIG_TOUCHSCREEN_FUJITSU is not set -# CONFIG_TOUCHSCREEN_HIDEEP is not set -# CONFIG_TOUCHSCREEN_HYCON_HY46XX is not set -# CONFIG_TOUCHSCREEN_HYNITRON_CSTXXX is not set -# CONFIG_TOUCHSCREEN_ILI210X is not set -# CONFIG_TOUCHSCREEN_ILITEK is not set -# CONFIG_TOUCHSCREEN_S6SY761 is not set -# CONFIG_TOUCHSCREEN_GUNZE is not set -# CONFIG_TOUCHSCREEN_EKTF2127 is not set -# CONFIG_TOUCHSCREEN_ELAN is not set -# CONFIG_TOUCHSCREEN_ELO is not set -# CONFIG_TOUCHSCREEN_WACOM_W8001 is not set -# CONFIG_TOUCHSCREEN_WACOM_I2C is not set -# CONFIG_TOUCHSCREEN_MAX11801 is not set -# CONFIG_TOUCHSCREEN_MCS5000 is not set -# CONFIG_TOUCHSCREEN_MMS114 is not set -# CONFIG_TOUCHSCREEN_MELFAS_MIP4 is not set -# CONFIG_TOUCHSCREEN_MTOUCH is not set -# CONFIG_TOUCHSCREEN_NOVATEK_NVT_TS is not set -# CONFIG_TOUCHSCREEN_IMAGIS is not set -# CONFIG_TOUCHSCREEN_INEXIO is not set -# CONFIG_TOUCHSCREEN_PENMOUNT is not set -# CONFIG_TOUCHSCREEN_EDT_FT5X06 is not set -# CONFIG_TOUCHSCREEN_TOUCHRIGHT is not set -# CONFIG_TOUCHSCREEN_TOUCHWIN is not set -# CONFIG_TOUCHSCREEN_PIXCIR is not set -# CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set -# CONFIG_TOUCHSCREEN_USB_COMPOSITE is not set -# CONFIG_TOUCHSCREEN_TOUCHIT213 is not set -# CONFIG_TOUCHSCREEN_TSC_SERIO is not set -# CONFIG_TOUCHSCREEN_TSC2004 is not set -# CONFIG_TOUCHSCREEN_TSC2007 is not set -# CONFIG_TOUCHSCREEN_SILEAD is not set -# CONFIG_TOUCHSCREEN_ST1232 is not set -# CONFIG_TOUCHSCREEN_STMFTS is not set -# CONFIG_TOUCHSCREEN_SX8654 is not set -# CONFIG_TOUCHSCREEN_TPS6507X is not set -# CONFIG_TOUCHSCREEN_ZET6223 is not set -# CONFIG_TOUCHSCREEN_ROHM_BU21023 is not set -# CONFIG_TOUCHSCREEN_IQS5XX is not set -# CONFIG_TOUCHSCREEN_ZINITIX is not set -# CONFIG_TOUCHSCREEN_HIMAX_HX83112B is not set -CONFIG_INPUT_MISC=y -# CONFIG_INPUT_AD714X is not set -# CONFIG_INPUT_BMA150 is not set -# CONFIG_INPUT_E3X0_BUTTON is not set -# CONFIG_INPUT_PCSPKR is not set -# CONFIG_INPUT_MMA8450 is not set -# CONFIG_INPUT_APANEL is not set -# CONFIG_INPUT_ATLAS_BTNS is not set -# CONFIG_INPUT_ATI_REMOTE2 is not set -# CONFIG_INPUT_KEYSPAN_REMOTE is not set -# CONFIG_INPUT_KXTJ9 is not set -# CONFIG_INPUT_POWERMATE is not set -# CONFIG_INPUT_YEALINK is not set -# CONFIG_INPUT_CM109 is not set -# CONFIG_INPUT_UINPUT is not set -# CONFIG_INPUT_PCF8574 is not set -# CONFIG_INPUT_DA7280_HAPTICS is not set -# CONFIG_INPUT_ADXL34X is not set -# CONFIG_INPUT_IMS_PCU is not set -# CONFIG_INPUT_IQS269A is not set -# CONFIG_INPUT_IQS626A is not set -# CONFIG_INPUT_IQS7222 is not set -# CONFIG_INPUT_CMA3000 is not set -# CONFIG_INPUT_IDEAPAD_SLIDEBAR is not set -# CONFIG_INPUT_DRV2665_HAPTICS is not set -# CONFIG_INPUT_DRV2667_HAPTICS is not set -# CONFIG_RMI4_CORE is not set - -# -# Hardware I/O ports -# -CONFIG_SERIO=y -CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y -CONFIG_SERIO_I8042=y -CONFIG_SERIO_SERPORT=y -# CONFIG_SERIO_CT82C710 is not set -# CONFIG_SERIO_PCIPS2 is not set -CONFIG_SERIO_LIBPS2=y -# CONFIG_SERIO_RAW is not set -# CONFIG_SERIO_ALTERA_PS2 is not set -# CONFIG_SERIO_PS2MULT is not set -# CONFIG_SERIO_ARC_PS2 is not set -# CONFIG_USERIO is not set -# CONFIG_GAMEPORT is not set -# end of Hardware I/O ports -# end of Input device support - -# -# Character devices -# -CONFIG_TTY=y -CONFIG_VT=y -CONFIG_CONSOLE_TRANSLATIONS=y -CONFIG_VT_CONSOLE=y -CONFIG_VT_CONSOLE_SLEEP=y -CONFIG_HW_CONSOLE=y -# CONFIG_VT_HW_CONSOLE_BINDING is not set -CONFIG_UNIX98_PTYS=y -# CONFIG_LEGACY_PTYS is not set -CONFIG_LEGACY_TIOCSTI=y -CONFIG_LDISC_AUTOLOAD=y - -# -# Serial drivers -# -CONFIG_SERIAL_EARLYCON=y -CONFIG_SERIAL_8250=y -CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y -CONFIG_SERIAL_8250_PNP=y -# CONFIG_SERIAL_8250_16550A_VARIANTS is not set -# CONFIG_SERIAL_8250_FINTEK is not set -CONFIG_SERIAL_8250_CONSOLE=y -CONFIG_SERIAL_8250_DMA=y -CONFIG_SERIAL_8250_PCILIB=y -CONFIG_SERIAL_8250_PCI=y -CONFIG_SERIAL_8250_EXAR=y -# CONFIG_SERIAL_8250_CS is not set -CONFIG_SERIAL_8250_NR_UARTS=32 -CONFIG_SERIAL_8250_RUNTIME_UARTS=4 -CONFIG_SERIAL_8250_EXTENDED=y -CONFIG_SERIAL_8250_MANY_PORTS=y -# CONFIG_SERIAL_8250_PCI1XXXX is not set -CONFIG_SERIAL_8250_SHARE_IRQ=y -CONFIG_SERIAL_8250_DETECT_IRQ=y -CONFIG_SERIAL_8250_RSA=y -CONFIG_SERIAL_8250_DWLIB=y -# CONFIG_SERIAL_8250_DW is not set -# CONFIG_SERIAL_8250_RT288X is not set -CONFIG_SERIAL_8250_LPSS=y -CONFIG_SERIAL_8250_MID=y -CONFIG_SERIAL_8250_PERICOM=y - -# -# Non-8250 serial port support -# -# CONFIG_SERIAL_UARTLITE is not set -CONFIG_SERIAL_CORE=y -CONFIG_SERIAL_CORE_CONSOLE=y -# CONFIG_SERIAL_JSM is not set -# CONFIG_SERIAL_LANTIQ is not set -# CONFIG_SERIAL_SCCNXP is not set -# CONFIG_SERIAL_SC16IS7XX is not set -# CONFIG_SERIAL_ALTERA_JTAGUART is not set -# CONFIG_SERIAL_ALTERA_UART is not set -# CONFIG_SERIAL_ARC is not set -# CONFIG_SERIAL_RP2 is not set -# CONFIG_SERIAL_FSL_LPUART is not set -# CONFIG_SERIAL_FSL_LINFLEXUART is not set -# end of Serial drivers - -CONFIG_SERIAL_NONSTANDARD=y -# CONFIG_MOXA_INTELLIO is not set -# CONFIG_MOXA_SMARTIO is not set -# CONFIG_SYNCLINK_GT is not set -# CONFIG_N_HDLC is not set -# CONFIG_IPWIRELESS is not set -# CONFIG_N_GSM is not set -# CONFIG_NOZOMI is not set -# CONFIG_NULL_TTY is not set -CONFIG_HVC_DRIVER=y -# CONFIG_SERIAL_DEV_BUS is not set -CONFIG_VIRTIO_CONSOLE=y -# CONFIG_IPMI_HANDLER is not set -CONFIG_HW_RANDOM=y -# CONFIG_HW_RANDOM_TIMERIOMEM is not set -# CONFIG_HW_RANDOM_INTEL is not set -# CONFIG_HW_RANDOM_AMD is not set -# CONFIG_HW_RANDOM_BA431 is not set -CONFIG_HW_RANDOM_VIA=y -# CONFIG_HW_RANDOM_VIRTIO is not set -# CONFIG_HW_RANDOM_XIPHERA is not set -# CONFIG_APPLICOM is not set -# CONFIG_MWAVE is not set -CONFIG_DEVMEM=y -CONFIG_NVRAM=y -CONFIG_DEVPORT=y -CONFIG_HPET=y -# CONFIG_HPET_MMAP is not set -# CONFIG_HANGCHECK_TIMER is not set -# CONFIG_TCG_TPM is not set -# CONFIG_TELCLOCK is not set -# CONFIG_XILLYBUS is not set -# CONFIG_XILLYUSB is not set -# end of Character devices - -# -# I2C support -# -CONFIG_I2C=y -CONFIG_ACPI_I2C_OPREGION=y -CONFIG_I2C_BOARDINFO=y -CONFIG_I2C_COMPAT=y -# CONFIG_I2C_CHARDEV is not set -# CONFIG_I2C_MUX is not set -CONFIG_I2C_HELPER_AUTO=y -CONFIG_I2C_SMBUS=y -CONFIG_I2C_ALGOBIT=y - -# -# I2C Hardware Bus support -# - -# -# PC SMBus host controller drivers -# -# CONFIG_I2C_ALI1535 is not set -# CONFIG_I2C_ALI1563 is not set -# CONFIG_I2C_ALI15X3 is not set -# CONFIG_I2C_AMD756 is not set -# CONFIG_I2C_AMD8111 is not set -# CONFIG_I2C_AMD_MP2 is not set -CONFIG_I2C_I801=y -# CONFIG_I2C_ISCH is not set -# CONFIG_I2C_ISMT is not set -# CONFIG_I2C_PIIX4 is not set -# CONFIG_I2C_NFORCE2 is not set -# CONFIG_I2C_NVIDIA_GPU is not set -# CONFIG_I2C_SIS5595 is not set -# CONFIG_I2C_SIS630 is not set -# CONFIG_I2C_SIS96X is not set -# CONFIG_I2C_VIA is not set -# CONFIG_I2C_VIAPRO is not set - -# -# ACPI drivers -# -# CONFIG_I2C_SCMI is not set - -# -# I2C system bus drivers (mostly embedded / system-on-chip) -# -# CONFIG_I2C_DESIGNWARE_PCI is not set -# CONFIG_I2C_OCORES is not set -# CONFIG_I2C_PCA_PLATFORM is not set -# CONFIG_I2C_SIMTEC is not set -# CONFIG_I2C_XILINX is not set - -# -# External I2C/SMBus adapter drivers -# -# CONFIG_I2C_DIOLAN_U2C is not set -# CONFIG_I2C_CP2615 is not set -# CONFIG_I2C_PCI1XXXX is not set -# CONFIG_I2C_ROBOTFUZZ_OSIF is not set -# CONFIG_I2C_TAOS_EVM is not set -# CONFIG_I2C_TINY_USB is not set - -# -# Other I2C/SMBus bus drivers -# -# CONFIG_I2C_MLXCPLD is not set -# CONFIG_I2C_VIRTIO is not set -# end of I2C Hardware Bus support - -# CONFIG_I2C_STUB is not set -# CONFIG_I2C_SLAVE is not set -# CONFIG_I2C_DEBUG_CORE is not set -# CONFIG_I2C_DEBUG_ALGO is not set -# CONFIG_I2C_DEBUG_BUS is not set -# end of I2C support - -# CONFIG_I3C is not set -# CONFIG_SPI is not set -# CONFIG_SPMI is not set -# CONFIG_HSI is not set -CONFIG_PPS=y -# CONFIG_PPS_DEBUG is not set - -# -# PPS clients support -# -# CONFIG_PPS_CLIENT_KTIMER is not set -# CONFIG_PPS_CLIENT_LDISC is not set -# CONFIG_PPS_CLIENT_GPIO is not set - -# -# PPS generators support -# - -# -# PTP clock support -# -CONFIG_PTP_1588_CLOCK=y -CONFIG_PTP_1588_CLOCK_OPTIONAL=y - -# -# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. -# -CONFIG_PTP_1588_CLOCK_KVM=y -# CONFIG_PTP_1588_CLOCK_IDT82P33 is not set -# CONFIG_PTP_1588_CLOCK_IDTCM is not set -# CONFIG_PTP_1588_CLOCK_VMW is not set -# end of PTP clock support - -# CONFIG_PINCTRL is not set -# CONFIG_GPIOLIB is not set -# CONFIG_W1 is not set -# CONFIG_POWER_RESET is not set -CONFIG_POWER_SUPPLY=y -# CONFIG_POWER_SUPPLY_DEBUG is not set -CONFIG_POWER_SUPPLY_HWMON=y -# CONFIG_IP5XXX_POWER is not set -# CONFIG_TEST_POWER is not set -# CONFIG_CHARGER_ADP5061 is not set -# CONFIG_BATTERY_CW2015 is not set -# CONFIG_BATTERY_DS2780 is not set -# CONFIG_BATTERY_DS2781 is not set -# CONFIG_BATTERY_DS2782 is not set -# CONFIG_BATTERY_SAMSUNG_SDI is not set -# CONFIG_BATTERY_SBS is not set -# CONFIG_CHARGER_SBS is not set -# CONFIG_BATTERY_BQ27XXX is not set -# CONFIG_BATTERY_MAX17040 is not set -# CONFIG_BATTERY_MAX17042 is not set -# CONFIG_CHARGER_MAX8903 is not set -# CONFIG_CHARGER_LP8727 is not set -# CONFIG_CHARGER_LTC4162L is not set -# CONFIG_CHARGER_MAX77976 is not set -# CONFIG_CHARGER_BQ2415X is not set -# CONFIG_BATTERY_GAUGE_LTC2941 is not set -# CONFIG_BATTERY_GOLDFISH is not set -# CONFIG_BATTERY_RT5033 is not set -# CONFIG_CHARGER_BD99954 is not set -# CONFIG_BATTERY_UG3105 is not set -CONFIG_HWMON=y -# CONFIG_HWMON_DEBUG_CHIP is not set - -# -# Native drivers -# -# CONFIG_SENSORS_ABITUGURU is not set -# CONFIG_SENSORS_ABITUGURU3 is not set -# CONFIG_SENSORS_AD7414 is not set -# CONFIG_SENSORS_AD7418 is not set -# CONFIG_SENSORS_ADM1021 is not set -# CONFIG_SENSORS_ADM1025 is not set -# CONFIG_SENSORS_ADM1026 is not set -# CONFIG_SENSORS_ADM1029 is not set -# CONFIG_SENSORS_ADM1031 is not set -# CONFIG_SENSORS_ADM1177 is not set -# CONFIG_SENSORS_ADM9240 is not set -# CONFIG_SENSORS_ADT7410 is not set -# CONFIG_SENSORS_ADT7411 is not set -# CONFIG_SENSORS_ADT7462 is not set -# CONFIG_SENSORS_ADT7470 is not set -# CONFIG_SENSORS_ADT7475 is not set -# CONFIG_SENSORS_AHT10 is not set -# CONFIG_SENSORS_AQUACOMPUTER_D5NEXT is not set -# CONFIG_SENSORS_AS370 is not set -# CONFIG_SENSORS_ASC7621 is not set -# CONFIG_SENSORS_AXI_FAN_CONTROL is not set -# CONFIG_SENSORS_K8TEMP is not set -# CONFIG_SENSORS_K10TEMP is not set -# CONFIG_SENSORS_FAM15H_POWER is not set -# CONFIG_SENSORS_APPLESMC is not set -# CONFIG_SENSORS_ASB100 is not set -# CONFIG_SENSORS_ATXP1 is not set -# CONFIG_SENSORS_CORSAIR_CPRO is not set -# CONFIG_SENSORS_CORSAIR_PSU is not set -# CONFIG_SENSORS_DRIVETEMP is not set -# CONFIG_SENSORS_DS620 is not set -# CONFIG_SENSORS_DS1621 is not set -# CONFIG_SENSORS_DELL_SMM is not set -# CONFIG_SENSORS_I5K_AMB is not set -# CONFIG_SENSORS_F71805F is not set -# CONFIG_SENSORS_F71882FG is not set -# CONFIG_SENSORS_F75375S is not set -# CONFIG_SENSORS_FSCHMD is not set -# CONFIG_SENSORS_FTSTEUTATES is not set -# CONFIG_SENSORS_GL518SM is not set -# CONFIG_SENSORS_GL520SM is not set -# CONFIG_SENSORS_G760A is not set -# CONFIG_SENSORS_G762 is not set -# CONFIG_SENSORS_HIH6130 is not set -# CONFIG_SENSORS_I5500 is not set -# CONFIG_SENSORS_CORETEMP is not set -# CONFIG_SENSORS_IT87 is not set -# CONFIG_SENSORS_JC42 is not set -# CONFIG_SENSORS_POWR1220 is not set -# CONFIG_SENSORS_LINEAGE is not set -# CONFIG_SENSORS_LTC2945 is not set -# CONFIG_SENSORS_LTC2947_I2C is not set -# CONFIG_SENSORS_LTC2990 is not set -# CONFIG_SENSORS_LTC4151 is not set -# CONFIG_SENSORS_LTC4215 is not set -# CONFIG_SENSORS_LTC4222 is not set -# CONFIG_SENSORS_LTC4245 is not set -# CONFIG_SENSORS_LTC4260 is not set -# CONFIG_SENSORS_LTC4261 is not set -# CONFIG_SENSORS_MAX127 is not set -# CONFIG_SENSORS_MAX16065 is not set -# CONFIG_SENSORS_MAX1619 is not set -# CONFIG_SENSORS_MAX1668 is not set -# CONFIG_SENSORS_MAX197 is not set -# CONFIG_SENSORS_MAX31730 is not set -# CONFIG_SENSORS_MAX31760 is not set -# CONFIG_MAX31827 is not set -# CONFIG_SENSORS_MAX6620 is not set -# CONFIG_SENSORS_MAX6621 is not set -# CONFIG_SENSORS_MAX6639 is not set -# CONFIG_SENSORS_MAX6642 is not set -# CONFIG_SENSORS_MAX6650 is not set -# CONFIG_SENSORS_MAX6697 is not set -# CONFIG_SENSORS_MAX31790 is not set -# CONFIG_SENSORS_MC34VR500 is not set -# CONFIG_SENSORS_MCP3021 is not set -# CONFIG_SENSORS_TC654 is not set -# CONFIG_SENSORS_TPS23861 is not set -# CONFIG_SENSORS_MR75203 is not set -# CONFIG_SENSORS_LM63 is not set -# CONFIG_SENSORS_LM73 is not set -# CONFIG_SENSORS_LM75 is not set -# CONFIG_SENSORS_LM77 is not set -# CONFIG_SENSORS_LM78 is not set -# CONFIG_SENSORS_LM80 is not set -# CONFIG_SENSORS_LM83 is not set -# CONFIG_SENSORS_LM85 is not set -# CONFIG_SENSORS_LM87 is not set -# CONFIG_SENSORS_LM90 is not set -# CONFIG_SENSORS_LM92 is not set -# CONFIG_SENSORS_LM93 is not set -# CONFIG_SENSORS_LM95234 is not set -# CONFIG_SENSORS_LM95241 is not set -# CONFIG_SENSORS_LM95245 is not set -# CONFIG_SENSORS_PC87360 is not set -# CONFIG_SENSORS_PC87427 is not set -# CONFIG_SENSORS_NCT6683 is not set -# CONFIG_SENSORS_NCT6775 is not set -# CONFIG_SENSORS_NCT6775_I2C is not set -# CONFIG_SENSORS_NCT7802 is not set -# CONFIG_SENSORS_NCT7904 is not set -# CONFIG_SENSORS_NPCM7XX is not set -# CONFIG_SENSORS_NZXT_KRAKEN2 is not set -# CONFIG_SENSORS_NZXT_SMART2 is not set -# CONFIG_SENSORS_OCC_P8_I2C is not set -# CONFIG_SENSORS_OXP is not set -# CONFIG_SENSORS_PCF8591 is not set -# CONFIG_PMBUS is not set -# CONFIG_SENSORS_SBTSI is not set -# CONFIG_SENSORS_SBRMI is not set -# CONFIG_SENSORS_SHT21 is not set -# CONFIG_SENSORS_SHT3x is not set -# CONFIG_SENSORS_SHT4x is not set -# CONFIG_SENSORS_SHTC1 is not set -# CONFIG_SENSORS_SIS5595 is not set -# CONFIG_SENSORS_DME1737 is not set -# CONFIG_SENSORS_EMC1403 is not set -# CONFIG_SENSORS_EMC2103 is not set -# CONFIG_SENSORS_EMC2305 is not set -# CONFIG_SENSORS_EMC6W201 is not set -# CONFIG_SENSORS_SMSC47M1 is not set -# CONFIG_SENSORS_SMSC47M192 is not set -# CONFIG_SENSORS_SMSC47B397 is not set -# CONFIG_SENSORS_SCH5627 is not set -# CONFIG_SENSORS_SCH5636 is not set -# CONFIG_SENSORS_STTS751 is not set -# CONFIG_SENSORS_SMM665 is not set -# CONFIG_SENSORS_ADC128D818 is not set -# CONFIG_SENSORS_ADS7828 is not set -# CONFIG_SENSORS_AMC6821 is not set -# CONFIG_SENSORS_INA209 is not set -# CONFIG_SENSORS_INA2XX is not set -# CONFIG_SENSORS_INA238 is not set -# CONFIG_SENSORS_INA3221 is not set -# CONFIG_SENSORS_TC74 is not set -# CONFIG_SENSORS_THMC50 is not set -# CONFIG_SENSORS_TMP102 is not set -# CONFIG_SENSORS_TMP103 is not set -# CONFIG_SENSORS_TMP108 is not set -# CONFIG_SENSORS_TMP401 is not set -# CONFIG_SENSORS_TMP421 is not set -# CONFIG_SENSORS_TMP464 is not set -# CONFIG_SENSORS_TMP513 is not set -# CONFIG_SENSORS_VIA_CPUTEMP is not set -# CONFIG_SENSORS_VIA686A is not set -# CONFIG_SENSORS_VT1211 is not set -# CONFIG_SENSORS_VT8231 is not set -# CONFIG_SENSORS_W83773G is not set -# CONFIG_SENSORS_W83781D is not set -# CONFIG_SENSORS_W83791D is not set -# CONFIG_SENSORS_W83792D is not set -# CONFIG_SENSORS_W83793 is not set -# CONFIG_SENSORS_W83795 is not set -# CONFIG_SENSORS_W83L785TS is not set -# CONFIG_SENSORS_W83L786NG is not set -# CONFIG_SENSORS_W83627HF is not set -# CONFIG_SENSORS_W83627EHF is not set -# CONFIG_SENSORS_XGENE is not set - -# -# ACPI drivers -# -# CONFIG_SENSORS_ACPI_POWER is not set -# CONFIG_SENSORS_ATK0110 is not set -# CONFIG_SENSORS_ASUS_WMI is not set -# CONFIG_SENSORS_ASUS_EC is not set -# CONFIG_SENSORS_HP_WMI is not set -CONFIG_THERMAL=y -# CONFIG_THERMAL_NETLINK is not set -# CONFIG_THERMAL_STATISTICS is not set -CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 -CONFIG_THERMAL_HWMON=y -CONFIG_THERMAL_WRITABLE_TRIPS=y -CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y -# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set -# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set -# CONFIG_THERMAL_GOV_FAIR_SHARE is not set -CONFIG_THERMAL_GOV_STEP_WISE=y -# CONFIG_THERMAL_GOV_BANG_BANG is not set -CONFIG_THERMAL_GOV_USER_SPACE=y -# CONFIG_THERMAL_EMULATION is not set - -# -# Intel thermal drivers -# -# CONFIG_INTEL_POWERCLAMP is not set -CONFIG_X86_THERMAL_VECTOR=y -CONFIG_INTEL_TCC=y -CONFIG_X86_PKG_TEMP_THERMAL=m -# CONFIG_INTEL_SOC_DTS_THERMAL is not set - -# -# ACPI INT340X thermal drivers -# -# CONFIG_INT340X_THERMAL is not set -# end of ACPI INT340X thermal drivers - -# CONFIG_INTEL_PCH_THERMAL is not set -# CONFIG_INTEL_TCC_COOLING is not set -# CONFIG_INTEL_HFI_THERMAL is not set -# end of Intel thermal drivers - -CONFIG_WATCHDOG=y -# CONFIG_WATCHDOG_CORE is not set -# CONFIG_WATCHDOG_NOWAYOUT is not set -CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y -CONFIG_WATCHDOG_OPEN_TIMEOUT=0 -# CONFIG_WATCHDOG_SYSFS is not set -# CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT is not set - -# -# Watchdog Pretimeout Governors -# - -# -# Watchdog Device Drivers -# -# CONFIG_SOFT_WATCHDOG is not set -# CONFIG_WDAT_WDT is not set -# CONFIG_XILINX_WATCHDOG is not set -# CONFIG_ZIIRAVE_WATCHDOG is not set -# CONFIG_CADENCE_WATCHDOG is not set -# CONFIG_DW_WATCHDOG is not set -# CONFIG_MAX63XX_WATCHDOG is not set -# CONFIG_ACQUIRE_WDT is not set -# CONFIG_ADVANTECH_WDT is not set -# CONFIG_ADVANTECH_EC_WDT is not set -# CONFIG_ALIM1535_WDT is not set -# CONFIG_ALIM7101_WDT is not set -# CONFIG_EBC_C384_WDT is not set -# CONFIG_EXAR_WDT is not set -# CONFIG_F71808E_WDT is not set -# CONFIG_SP5100_TCO is not set -# CONFIG_SBC_FITPC2_WATCHDOG is not set -# CONFIG_EUROTECH_WDT is not set -# CONFIG_IB700_WDT is not set -# CONFIG_IBMASR is not set -# CONFIG_WAFER_WDT is not set -# CONFIG_I6300ESB_WDT is not set -# CONFIG_IE6XX_WDT is not set -# CONFIG_ITCO_WDT is not set -# CONFIG_IT8712F_WDT is not set -# CONFIG_IT87_WDT is not set -# CONFIG_HP_WATCHDOG is not set -# CONFIG_SC1200_WDT is not set -# CONFIG_PC87413_WDT is not set -# CONFIG_NV_TCO is not set -# CONFIG_60XX_WDT is not set -# CONFIG_CPU5_WDT is not set -# CONFIG_SMSC_SCH311X_WDT is not set -# CONFIG_SMSC37B787_WDT is not set -# CONFIG_TQMX86_WDT is not set -# CONFIG_VIA_WDT is not set -# CONFIG_W83627HF_WDT is not set -# CONFIG_W83877F_WDT is not set -# CONFIG_W83977F_WDT is not set -# CONFIG_MACHZ_WDT is not set -# CONFIG_SBC_EPX_C3_WATCHDOG is not set -# CONFIG_NI903X_WDT is not set -# CONFIG_NIC7018_WDT is not set - -# -# PCI-based Watchdog Cards -# -# CONFIG_PCIPCWATCHDOG is not set -# CONFIG_WDTPCI is not set - -# -# USB-based Watchdog Cards -# -# CONFIG_USBPCWATCHDOG is not set -CONFIG_SSB_POSSIBLE=y -# CONFIG_SSB is not set -CONFIG_BCMA_POSSIBLE=y -# CONFIG_BCMA is not set - -# -# Multifunction device drivers -# -# CONFIG_MFD_AS3711 is not set -# CONFIG_MFD_SMPRO is not set -# CONFIG_PMIC_ADP5520 is not set -# CONFIG_MFD_BCM590XX is not set -# CONFIG_MFD_BD9571MWV is not set -# CONFIG_MFD_AXP20X_I2C is not set -# CONFIG_MFD_MADERA is not set -# CONFIG_PMIC_DA903X is not set -# CONFIG_MFD_DA9052_I2C is not set -# CONFIG_MFD_DA9055 is not set -# CONFIG_MFD_DA9062 is not set -# CONFIG_MFD_DA9063 is not set -# CONFIG_MFD_DA9150 is not set -# CONFIG_MFD_DLN2 is not set -# CONFIG_MFD_MC13XXX_I2C is not set -# CONFIG_MFD_MP2629 is not set -# CONFIG_LPC_ICH is not set -# CONFIG_LPC_SCH is not set -# CONFIG_MFD_INTEL_LPSS_ACPI is not set -# CONFIG_MFD_INTEL_LPSS_PCI is not set -# CONFIG_MFD_INTEL_PMC_BXT is not set -# CONFIG_MFD_IQS62X is not set -# CONFIG_MFD_JANZ_CMODIO is not set -# CONFIG_MFD_KEMPLD is not set -# CONFIG_MFD_88PM800 is not set -# CONFIG_MFD_88PM805 is not set -# CONFIG_MFD_88PM860X is not set -# CONFIG_MFD_MAX14577 is not set -# CONFIG_MFD_MAX77541 is not set -# CONFIG_MFD_MAX77693 is not set -# CONFIG_MFD_MAX77843 is not set -# CONFIG_MFD_MAX8907 is not set -# CONFIG_MFD_MAX8925 is not set -# CONFIG_MFD_MAX8997 is not set -# CONFIG_MFD_MAX8998 is not set -# CONFIG_MFD_MT6360 is not set -# CONFIG_MFD_MT6370 is not set -# CONFIG_MFD_MT6397 is not set -# CONFIG_MFD_MENF21BMC is not set -# CONFIG_MFD_VIPERBOARD is not set -# CONFIG_MFD_RETU is not set -# CONFIG_MFD_PCF50633 is not set -# CONFIG_MFD_SY7636A is not set -# CONFIG_MFD_RDC321X is not set -# CONFIG_MFD_RT4831 is not set -# CONFIG_MFD_RT5033 is not set -# CONFIG_MFD_RT5120 is not set -# CONFIG_MFD_RC5T583 is not set -# CONFIG_MFD_SI476X_CORE is not set -# CONFIG_MFD_SM501 is not set -# CONFIG_MFD_SKY81452 is not set -# CONFIG_MFD_SYSCON is not set -# CONFIG_MFD_TI_AM335X_TSCADC is not set -# CONFIG_MFD_LP3943 is not set -# CONFIG_MFD_LP8788 is not set -# CONFIG_MFD_TI_LMU is not set -# CONFIG_MFD_PALMAS is not set -# CONFIG_TPS6105X is not set -# CONFIG_TPS6507X is not set -# CONFIG_MFD_TPS65086 is not set -# CONFIG_MFD_TPS65090 is not set -# CONFIG_MFD_TI_LP873X is not set -# CONFIG_MFD_TPS6586X is not set -# CONFIG_MFD_TPS65912_I2C is not set -# CONFIG_MFD_TPS6594_I2C is not set -# CONFIG_TWL4030_CORE is not set -# CONFIG_TWL6040_CORE is not set -# CONFIG_MFD_WL1273_CORE is not set -# CONFIG_MFD_LM3533 is not set -# CONFIG_MFD_TQMX86 is not set -# CONFIG_MFD_VX855 is not set -# CONFIG_MFD_ARIZONA_I2C is not set -# CONFIG_MFD_WM8400 is not set -# CONFIG_MFD_WM831X_I2C is not set -# CONFIG_MFD_WM8350_I2C is not set -# CONFIG_MFD_WM8994 is not set -# CONFIG_MFD_ATC260X_I2C is not set -# end of Multifunction device drivers - -# CONFIG_REGULATOR is not set -# CONFIG_RC_CORE is not set - -# -# CEC support -# -# CONFIG_MEDIA_CEC_SUPPORT is not set -# end of CEC support - -# CONFIG_MEDIA_SUPPORT is not set - -# -# Graphics support -# -CONFIG_APERTURE_HELPERS=y -CONFIG_VIDEO_CMDLINE=y -CONFIG_VIDEO_NOMODESET=y -CONFIG_AGP=y -CONFIG_AGP_AMD64=y -CONFIG_AGP_INTEL=y -# CONFIG_AGP_SIS is not set -# CONFIG_AGP_VIA is not set -CONFIG_INTEL_GTT=y -# CONFIG_VGA_SWITCHEROO is not set -CONFIG_DRM=y -CONFIG_DRM_MIPI_DSI=y -# CONFIG_DRM_DEBUG_MM is not set -CONFIG_DRM_KMS_HELPER=y -# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set -CONFIG_DRM_DISPLAY_HELPER=y -CONFIG_DRM_DISPLAY_DP_HELPER=y -CONFIG_DRM_DISPLAY_HDCP_HELPER=y -CONFIG_DRM_DISPLAY_HDMI_HELPER=y -# CONFIG_DRM_DP_AUX_CHARDEV is not set -# CONFIG_DRM_DP_CEC is not set -CONFIG_DRM_TTM=y -CONFIG_DRM_BUDDY=y -CONFIG_DRM_GEM_SHMEM_HELPER=y - -# -# I2C encoder or helper chips -# -# CONFIG_DRM_I2C_CH7006 is not set -# CONFIG_DRM_I2C_SIL164 is not set -# CONFIG_DRM_I2C_NXP_TDA998X is not set -# CONFIG_DRM_I2C_NXP_TDA9950 is not set -# end of I2C encoder or helper chips - -# -# ARM devices -# -# end of ARM devices - -# CONFIG_DRM_RADEON is not set -# CONFIG_DRM_AMDGPU is not set -# CONFIG_DRM_NOUVEAU is not set -CONFIG_DRM_I915=y -CONFIG_DRM_I915_FORCE_PROBE="" -CONFIG_DRM_I915_CAPTURE_ERROR=y -CONFIG_DRM_I915_COMPRESS_ERROR=y -CONFIG_DRM_I915_USERPTR=y -CONFIG_DRM_I915_REQUEST_TIMEOUT=20000 -CONFIG_DRM_I915_FENCE_TIMEOUT=10000 -CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND=250 -CONFIG_DRM_I915_HEARTBEAT_INTERVAL=2500 -CONFIG_DRM_I915_PREEMPT_TIMEOUT=640 -CONFIG_DRM_I915_PREEMPT_TIMEOUT_COMPUTE=7500 -CONFIG_DRM_I915_MAX_REQUEST_BUSYWAIT=8000 -CONFIG_DRM_I915_STOP_TIMEOUT=100 -CONFIG_DRM_I915_TIMESLICE_DURATION=1 -# CONFIG_DRM_VGEM is not set -# CONFIG_DRM_VKMS is not set -# CONFIG_DRM_VMWGFX is not set -# CONFIG_DRM_GMA500 is not set -# CONFIG_DRM_UDL is not set -# CONFIG_DRM_AST is not set -# CONFIG_DRM_MGAG200 is not set -# CONFIG_DRM_QXL is not set -CONFIG_DRM_VIRTIO_GPU=y -CONFIG_DRM_VIRTIO_GPU_KMS=y -CONFIG_DRM_PANEL=y - -# -# Display Panels -# -# CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN is not set -# end of Display Panels - -CONFIG_DRM_BRIDGE=y -CONFIG_DRM_PANEL_BRIDGE=y - -# -# Display Interface Bridges -# -# CONFIG_DRM_ANALOGIX_ANX78XX is not set -# end of Display Interface Bridges - -# CONFIG_DRM_ETNAVIV is not set -# CONFIG_DRM_BOCHS is not set -# CONFIG_DRM_CIRRUS_QEMU is not set -# CONFIG_DRM_GM12U320 is not set -# CONFIG_DRM_SIMPLEDRM is not set -# CONFIG_DRM_VBOXVIDEO is not set -# CONFIG_DRM_GUD is not set -# CONFIG_DRM_SSD130X is not set -# CONFIG_DRM_LEGACY is not set -CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y - -# -# Frame buffer Devices -# -# CONFIG_FB is not set -# end of Frame buffer Devices - -# -# Backlight & LCD device support -# -# CONFIG_LCD_CLASS_DEVICE is not set -CONFIG_BACKLIGHT_CLASS_DEVICE=y -# CONFIG_BACKLIGHT_KTZ8866 is not set -# CONFIG_BACKLIGHT_APPLE is not set -# CONFIG_BACKLIGHT_QCOM_WLED is not set -# CONFIG_BACKLIGHT_SAHARA is not set -# CONFIG_BACKLIGHT_ADP8860 is not set -# CONFIG_BACKLIGHT_ADP8870 is not set -# CONFIG_BACKLIGHT_LM3639 is not set -# CONFIG_BACKLIGHT_LV5207LP is not set -# CONFIG_BACKLIGHT_BD6107 is not set -# CONFIG_BACKLIGHT_ARCXCNN is not set -# end of Backlight & LCD device support - -CONFIG_HDMI=y - -# -# Console display driver support -# -CONFIG_VGA_CONSOLE=y -CONFIG_DUMMY_CONSOLE=y -CONFIG_DUMMY_CONSOLE_COLUMNS=80 -CONFIG_DUMMY_CONSOLE_ROWS=25 -# end of Console display driver support -# end of Graphics support - -# CONFIG_DRM_ACCEL is not set -CONFIG_SOUND=y -CONFIG_SND=y -CONFIG_SND_TIMER=y -CONFIG_SND_PCM=y -CONFIG_SND_HWDEP=y -CONFIG_SND_SEQ_DEVICE=y -CONFIG_SND_JACK=y -CONFIG_SND_JACK_INPUT_DEV=y -# CONFIG_SND_OSSEMUL is not set -CONFIG_SND_PCM_TIMER=y -CONFIG_SND_HRTIMER=y -# CONFIG_SND_DYNAMIC_MINORS is not set -CONFIG_SND_SUPPORT_OLD_API=y -CONFIG_SND_PROC_FS=y -CONFIG_SND_VERBOSE_PROCFS=y -# CONFIG_SND_VERBOSE_PRINTK is not set -CONFIG_SND_CTL_FAST_LOOKUP=y -# CONFIG_SND_DEBUG is not set -# CONFIG_SND_CTL_INPUT_VALIDATION is not set -CONFIG_SND_VMASTER=y -CONFIG_SND_DMA_SGBUF=y -CONFIG_SND_SEQUENCER=y -CONFIG_SND_SEQ_DUMMY=y -CONFIG_SND_SEQ_HRTIMER_DEFAULT=y -# CONFIG_SND_SEQ_UMP is not set -CONFIG_SND_DRIVERS=y -# CONFIG_SND_PCSP is not set -# CONFIG_SND_DUMMY is not set -# CONFIG_SND_ALOOP is not set -# CONFIG_SND_PCMTEST is not set -# CONFIG_SND_VIRMIDI is not set -# CONFIG_SND_MTPAV is not set -# CONFIG_SND_SERIAL_U16550 is not set -# CONFIG_SND_MPU401 is not set -CONFIG_SND_PCI=y -# CONFIG_SND_AD1889 is not set -# CONFIG_SND_ALS300 is not set -# CONFIG_SND_ALS4000 is not set -# CONFIG_SND_ALI5451 is not set -# CONFIG_SND_ASIHPI is not set -# CONFIG_SND_ATIIXP is not set -# CONFIG_SND_ATIIXP_MODEM is not set -# CONFIG_SND_AU8810 is not set -# CONFIG_SND_AU8820 is not set -# CONFIG_SND_AU8830 is not set -# CONFIG_SND_AW2 is not set -# CONFIG_SND_AZT3328 is not set -# CONFIG_SND_BT87X is not set -# CONFIG_SND_CA0106 is not set -# CONFIG_SND_CMIPCI is not set -# CONFIG_SND_OXYGEN is not set -# CONFIG_SND_CS4281 is not set -# CONFIG_SND_CS46XX is not set -# CONFIG_SND_CTXFI is not set -# CONFIG_SND_DARLA20 is not set -# CONFIG_SND_GINA20 is not set -# CONFIG_SND_LAYLA20 is not set -# CONFIG_SND_DARLA24 is not set -# CONFIG_SND_GINA24 is not set -# CONFIG_SND_LAYLA24 is not set -# CONFIG_SND_MONA is not set -# CONFIG_SND_MIA is not set -# CONFIG_SND_ECHO3G is not set -# CONFIG_SND_INDIGO is not set -# CONFIG_SND_INDIGOIO is not set -# CONFIG_SND_INDIGODJ is not set -# CONFIG_SND_INDIGOIOX is not set -# CONFIG_SND_INDIGODJX is not set -# CONFIG_SND_EMU10K1 is not set -# CONFIG_SND_EMU10K1X is not set -# CONFIG_SND_ENS1370 is not set -# CONFIG_SND_ENS1371 is not set -# CONFIG_SND_ES1938 is not set -# CONFIG_SND_ES1968 is not set -# CONFIG_SND_FM801 is not set -# CONFIG_SND_HDSP is not set -# CONFIG_SND_HDSPM is not set -# CONFIG_SND_ICE1712 is not set -# CONFIG_SND_ICE1724 is not set -# CONFIG_SND_INTEL8X0 is not set -# CONFIG_SND_INTEL8X0M is not set -# CONFIG_SND_KORG1212 is not set -# CONFIG_SND_LOLA is not set -# CONFIG_SND_LX6464ES is not set -# CONFIG_SND_MAESTRO3 is not set -# CONFIG_SND_MIXART is not set -# CONFIG_SND_NM256 is not set -# CONFIG_SND_PCXHR is not set -# CONFIG_SND_RIPTIDE is not set -# CONFIG_SND_RME32 is not set -# CONFIG_SND_RME96 is not set -# CONFIG_SND_RME9652 is not set -# CONFIG_SND_SE6X is not set -# CONFIG_SND_SONICVIBES is not set -# CONFIG_SND_TRIDENT is not set -# CONFIG_SND_VIA82XX is not set -# CONFIG_SND_VIA82XX_MODEM is not set -# CONFIG_SND_VIRTUOSO is not set -# CONFIG_SND_VX222 is not set -# CONFIG_SND_YMFPCI is not set - -# -# HD-Audio -# -CONFIG_SND_HDA=y -CONFIG_SND_HDA_INTEL=y -CONFIG_SND_HDA_HWDEP=y -# CONFIG_SND_HDA_RECONFIG is not set -# CONFIG_SND_HDA_INPUT_BEEP is not set -# CONFIG_SND_HDA_PATCH_LOADER is not set -# CONFIG_SND_HDA_CODEC_REALTEK is not set -# CONFIG_SND_HDA_CODEC_ANALOG is not set -# CONFIG_SND_HDA_CODEC_SIGMATEL is not set -# CONFIG_SND_HDA_CODEC_VIA is not set -# CONFIG_SND_HDA_CODEC_HDMI is not set -# CONFIG_SND_HDA_CODEC_CIRRUS is not set -# CONFIG_SND_HDA_CODEC_CS8409 is not set -# CONFIG_SND_HDA_CODEC_CONEXANT is not set -# CONFIG_SND_HDA_CODEC_CA0110 is not set -# CONFIG_SND_HDA_CODEC_CA0132 is not set -# CONFIG_SND_HDA_CODEC_CMEDIA is not set -# CONFIG_SND_HDA_CODEC_SI3054 is not set -# CONFIG_SND_HDA_GENERIC is not set -CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 -# CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set -# CONFIG_SND_HDA_CTL_DEV_ID is not set -# end of HD-Audio - -CONFIG_SND_HDA_CORE=y -CONFIG_SND_HDA_COMPONENT=y -CONFIG_SND_HDA_I915=y -CONFIG_SND_HDA_PREALLOC_SIZE=0 -CONFIG_SND_INTEL_NHLT=y -CONFIG_SND_INTEL_DSP_CONFIG=y -CONFIG_SND_INTEL_SOUNDWIRE_ACPI=y -CONFIG_SND_USB=y -# CONFIG_SND_USB_AUDIO is not set -# CONFIG_SND_USB_UA101 is not set -# CONFIG_SND_USB_USX2Y is not set -# CONFIG_SND_USB_CAIAQ is not set -# CONFIG_SND_USB_US122L is not set -# CONFIG_SND_USB_6FIRE is not set -# CONFIG_SND_USB_HIFACE is not set -# CONFIG_SND_BCD2000 is not set -# CONFIG_SND_USB_POD is not set -# CONFIG_SND_USB_PODHD is not set -# CONFIG_SND_USB_TONEPORT is not set -# CONFIG_SND_USB_VARIAX is not set -CONFIG_SND_PCMCIA=y -# CONFIG_SND_VXPOCKET is not set -# CONFIG_SND_PDAUDIOCF is not set -# CONFIG_SND_SOC is not set -CONFIG_SND_X86=y -# CONFIG_HDMI_LPE_AUDIO is not set -# CONFIG_SND_VIRTIO is not set -CONFIG_HID_SUPPORT=y -CONFIG_HID=y -# CONFIG_HID_BATTERY_STRENGTH is not set -CONFIG_HIDRAW=y -# CONFIG_UHID is not set -CONFIG_HID_GENERIC=y - -# -# Special HID drivers -# -CONFIG_HID_A4TECH=y -# CONFIG_HID_ACCUTOUCH is not set -# CONFIG_HID_ACRUX is not set -CONFIG_HID_APPLE=y -# CONFIG_HID_APPLEIR is not set -# CONFIG_HID_ASUS is not set -# CONFIG_HID_AUREAL is not set -CONFIG_HID_BELKIN=y -# CONFIG_HID_BETOP_FF is not set -# CONFIG_HID_BIGBEN_FF is not set -CONFIG_HID_CHERRY=y -CONFIG_HID_CHICONY=y -# CONFIG_HID_CORSAIR is not set -# CONFIG_HID_COUGAR is not set -# CONFIG_HID_MACALLY is not set -# CONFIG_HID_PRODIKEYS is not set -# CONFIG_HID_CMEDIA is not set -# CONFIG_HID_CREATIVE_SB0540 is not set -CONFIG_HID_CYPRESS=y -# CONFIG_HID_DRAGONRISE is not set -# CONFIG_HID_EMS_FF is not set -# CONFIG_HID_ELAN is not set -# CONFIG_HID_ELECOM is not set -# CONFIG_HID_ELO is not set -# CONFIG_HID_EVISION is not set -CONFIG_HID_EZKEY=y -# CONFIG_HID_FT260 is not set -# CONFIG_HID_GEMBIRD is not set -# CONFIG_HID_GFRM is not set -# CONFIG_HID_GLORIOUS is not set -# CONFIG_HID_HOLTEK is not set -# CONFIG_HID_VIVALDI is not set -# CONFIG_HID_GT683R is not set -# CONFIG_HID_KEYTOUCH is not set -# CONFIG_HID_KYE is not set -# CONFIG_HID_UCLOGIC is not set -# CONFIG_HID_WALTOP is not set -# CONFIG_HID_VIEWSONIC is not set -# CONFIG_HID_VRC2 is not set -# CONFIG_HID_XIAOMI is not set -CONFIG_HID_GYRATION=y -# CONFIG_HID_ICADE is not set -CONFIG_HID_ITE=y -# CONFIG_HID_JABRA is not set -# CONFIG_HID_TWINHAN is not set -CONFIG_HID_KENSINGTON=y -# CONFIG_HID_LCPOWER is not set -# CONFIG_HID_LED is not set -# CONFIG_HID_LENOVO is not set -# CONFIG_HID_LETSKETCH is not set -CONFIG_HID_LOGITECH=y -# CONFIG_HID_LOGITECH_DJ is not set -# CONFIG_HID_LOGITECH_HIDPP is not set -CONFIG_LOGITECH_FF=y -# CONFIG_LOGIRUMBLEPAD2_FF is not set -# CONFIG_LOGIG940_FF is not set -CONFIG_LOGIWHEELS_FF=y -# CONFIG_HID_MAGICMOUSE is not set -# CONFIG_HID_MALTRON is not set -# CONFIG_HID_MAYFLASH is not set -# CONFIG_HID_MEGAWORLD_FF is not set -CONFIG_HID_REDRAGON=y -CONFIG_HID_MICROSOFT=y -CONFIG_HID_MONTEREY=y -# CONFIG_HID_MULTITOUCH is not set -# CONFIG_HID_NINTENDO is not set -# CONFIG_HID_NTI is not set -CONFIG_HID_NTRIG=y -# CONFIG_HID_ORTEK is not set -CONFIG_HID_PANTHERLORD=y -CONFIG_PANTHERLORD_FF=y -# CONFIG_HID_PENMOUNT is not set -CONFIG_HID_PETALYNX=y -# CONFIG_HID_PICOLCD is not set -# CONFIG_HID_PLANTRONICS is not set -# CONFIG_HID_PXRC is not set -# CONFIG_HID_RAZER is not set -# CONFIG_HID_PRIMAX is not set -# CONFIG_HID_RETRODE is not set -# CONFIG_HID_ROCCAT is not set -# CONFIG_HID_SAITEK is not set -CONFIG_HID_SAMSUNG=y -# CONFIG_HID_SEMITEK is not set -# CONFIG_HID_SIGMAMICRO is not set -CONFIG_HID_SONY=y -# CONFIG_SONY_FF is not set -# CONFIG_HID_SPEEDLINK is not set -# CONFIG_HID_STEAM is not set -# CONFIG_HID_STEELSERIES is not set -CONFIG_HID_SUNPLUS=y -# CONFIG_HID_RMI is not set -# CONFIG_HID_GREENASIA is not set -# CONFIG_HID_SMARTJOYPLUS is not set -# CONFIG_HID_TIVO is not set -CONFIG_HID_TOPSEED=y -# CONFIG_HID_TOPRE is not set -# CONFIG_HID_THINGM is not set -# CONFIG_HID_THRUSTMASTER is not set -# CONFIG_HID_UDRAW_PS3 is not set -# CONFIG_HID_U2FZERO is not set -# CONFIG_HID_WACOM is not set -# CONFIG_HID_WIIMOTE is not set -# CONFIG_HID_XINMO is not set -# CONFIG_HID_ZEROPLUS is not set -# CONFIG_HID_ZYDACRON is not set -# CONFIG_HID_SENSOR_HUB is not set -# CONFIG_HID_ALPS is not set -# CONFIG_HID_MCP2221 is not set -# end of Special HID drivers - -# -# HID-BPF support -# -# end of HID-BPF support - -# -# USB HID support -# -CONFIG_USB_HID=y -CONFIG_HID_PID=y -CONFIG_USB_HIDDEV=y -# end of USB HID support - -CONFIG_I2C_HID=y -# CONFIG_I2C_HID_ACPI is not set -# CONFIG_I2C_HID_OF is not set - -# -# Intel ISH HID support -# -# CONFIG_INTEL_ISH_HID is not set -# end of Intel ISH HID support - -# -# AMD SFH HID Support -# -# CONFIG_AMD_SFH_HID is not set -# end of AMD SFH HID Support - -CONFIG_USB_OHCI_LITTLE_ENDIAN=y -CONFIG_USB_SUPPORT=y -CONFIG_USB_COMMON=y -# CONFIG_USB_LED_TRIG is not set -# CONFIG_USB_ULPI_BUS is not set -CONFIG_USB_ARCH_HAS_HCD=y -CONFIG_USB=y -CONFIG_USB_PCI=y -CONFIG_USB_ANNOUNCE_NEW_DEVICES=y - -# -# Miscellaneous USB options -# -CONFIG_USB_DEFAULT_PERSIST=y -# CONFIG_USB_FEW_INIT_RETRIES is not set -# CONFIG_USB_DYNAMIC_MINORS is not set -# CONFIG_USB_OTG is not set -# CONFIG_USB_OTG_PRODUCTLIST is not set -# CONFIG_USB_LEDS_TRIGGER_USBPORT is not set -CONFIG_USB_AUTOSUSPEND_DELAY=2 -CONFIG_USB_MON=y - -# -# USB Host Controller Drivers -# -# CONFIG_USB_C67X00_HCD is not set -CONFIG_USB_XHCI_HCD=y -# CONFIG_USB_XHCI_DBGCAP is not set -CONFIG_USB_XHCI_PCI=y -# CONFIG_USB_XHCI_PCI_RENESAS is not set -# CONFIG_USB_XHCI_PLATFORM is not set -CONFIG_USB_EHCI_HCD=y -# CONFIG_USB_EHCI_ROOT_HUB_TT is not set -CONFIG_USB_EHCI_TT_NEWSCHED=y -CONFIG_USB_EHCI_PCI=y -# CONFIG_USB_EHCI_FSL is not set -# CONFIG_USB_EHCI_HCD_PLATFORM is not set -# CONFIG_USB_OXU210HP_HCD is not set -# CONFIG_USB_ISP116X_HCD is not set -CONFIG_USB_OHCI_HCD=y -CONFIG_USB_OHCI_HCD_PCI=y -# CONFIG_USB_OHCI_HCD_PLATFORM is not set -CONFIG_USB_UHCI_HCD=y -# CONFIG_USB_SL811_HCD is not set -# CONFIG_USB_R8A66597_HCD is not set -# CONFIG_USB_HCD_TEST_MODE is not set - -# -# USB Device Class drivers -# -# CONFIG_USB_ACM is not set -CONFIG_USB_PRINTER=y -# CONFIG_USB_WDM is not set -# CONFIG_USB_TMC is not set - -# -# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may -# - -# -# also be needed; see USB_STORAGE Help for more info -# -CONFIG_USB_STORAGE=y -# CONFIG_USB_STORAGE_DEBUG is not set -# CONFIG_USB_STORAGE_REALTEK is not set -# CONFIG_USB_STORAGE_DATAFAB is not set -# CONFIG_USB_STORAGE_FREECOM is not set -# CONFIG_USB_STORAGE_ISD200 is not set -# CONFIG_USB_STORAGE_USBAT is not set -# CONFIG_USB_STORAGE_SDDR09 is not set -# CONFIG_USB_STORAGE_SDDR55 is not set -# CONFIG_USB_STORAGE_JUMPSHOT is not set -# CONFIG_USB_STORAGE_ALAUDA is not set -# CONFIG_USB_STORAGE_ONETOUCH is not set -# CONFIG_USB_STORAGE_KARMA is not set -# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set -# CONFIG_USB_STORAGE_ENE_UB6250 is not set -# CONFIG_USB_UAS is not set - -# -# USB Imaging devices -# -# CONFIG_USB_MDC800 is not set -# CONFIG_USB_MICROTEK is not set -# CONFIG_USBIP_CORE is not set - -# -# USB dual-mode controller drivers -# -# CONFIG_USB_CDNS_SUPPORT is not set -# CONFIG_USB_MUSB_HDRC is not set -# CONFIG_USB_DWC3 is not set -# CONFIG_USB_DWC2 is not set -# CONFIG_USB_CHIPIDEA is not set -# CONFIG_USB_ISP1760 is not set - -# -# USB port drivers -# -# CONFIG_USB_SERIAL is not set - -# -# USB Miscellaneous drivers -# -# CONFIG_USB_EMI62 is not set -# CONFIG_USB_EMI26 is not set -# CONFIG_USB_ADUTUX is not set -# CONFIG_USB_SEVSEG is not set -# CONFIG_USB_LEGOTOWER is not set -# CONFIG_USB_LCD is not set -# CONFIG_USB_CYPRESS_CY7C63 is not set -# CONFIG_USB_CYTHERM is not set -# CONFIG_USB_IDMOUSE is not set -# CONFIG_USB_APPLEDISPLAY is not set -# CONFIG_APPLE_MFI_FASTCHARGE is not set -# CONFIG_USB_SISUSBVGA is not set -# CONFIG_USB_LD is not set -# CONFIG_USB_TRANCEVIBRATOR is not set -# CONFIG_USB_IOWARRIOR is not set -# CONFIG_USB_TEST is not set -# CONFIG_USB_EHSET_TEST_FIXTURE is not set -# CONFIG_USB_ISIGHTFW is not set -# CONFIG_USB_YUREX is not set -# CONFIG_USB_EZUSB_FX2 is not set -# CONFIG_USB_HUB_USB251XB is not set -# CONFIG_USB_HSIC_USB3503 is not set -# CONFIG_USB_HSIC_USB4604 is not set -# CONFIG_USB_LINK_LAYER_TEST is not set -# CONFIG_USB_CHAOSKEY is not set - -# -# USB Physical Layer drivers -# -# CONFIG_NOP_USB_XCEIV is not set -# CONFIG_USB_ISP1301 is not set -# end of USB Physical Layer drivers - -# CONFIG_USB_GADGET is not set -# CONFIG_TYPEC is not set -# CONFIG_USB_ROLE_SWITCH is not set -# CONFIG_MMC is not set -# CONFIG_SCSI_UFSHCD is not set -# CONFIG_MEMSTICK is not set -CONFIG_NEW_LEDS=y -CONFIG_LEDS_CLASS=y -# CONFIG_LEDS_CLASS_FLASH is not set -# CONFIG_LEDS_CLASS_MULTICOLOR is not set -# CONFIG_LEDS_BRIGHTNESS_HW_CHANGED is not set - -# -# LED drivers -# -# CONFIG_LEDS_APU is not set -# CONFIG_LEDS_AW200XX is not set -# CONFIG_LEDS_LM3530 is not set -# CONFIG_LEDS_LM3532 is not set -# CONFIG_LEDS_LM3642 is not set -# CONFIG_LEDS_PCA9532 is not set -# CONFIG_LEDS_LP3944 is not set -# CONFIG_LEDS_PCA955X is not set -# CONFIG_LEDS_PCA963X is not set -# CONFIG_LEDS_BD2606MVV is not set -# CONFIG_LEDS_BD2802 is not set -# CONFIG_LEDS_INTEL_SS4200 is not set -# CONFIG_LEDS_TCA6507 is not set -# CONFIG_LEDS_TLC591XX is not set -# CONFIG_LEDS_LM355x is not set -# CONFIG_LEDS_IS31FL319X is not set - -# -# LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM) -# -# CONFIG_LEDS_BLINKM is not set -# CONFIG_LEDS_MLXCPLD is not set -# CONFIG_LEDS_MLXREG is not set -# CONFIG_LEDS_USER is not set -# CONFIG_LEDS_NIC78BX is not set - -# -# Flash and Torch LED drivers -# - -# -# RGB LED drivers -# - -# -# LED Triggers -# -CONFIG_LEDS_TRIGGERS=y -# CONFIG_LEDS_TRIGGER_TIMER is not set -# CONFIG_LEDS_TRIGGER_ONESHOT is not set -# CONFIG_LEDS_TRIGGER_DISK is not set -# CONFIG_LEDS_TRIGGER_HEARTBEAT is not set -# CONFIG_LEDS_TRIGGER_BACKLIGHT is not set -# CONFIG_LEDS_TRIGGER_CPU is not set -# CONFIG_LEDS_TRIGGER_ACTIVITY is not set -# CONFIG_LEDS_TRIGGER_DEFAULT_ON is not set - -# -# iptables trigger is under Netfilter config (LED target) -# -# CONFIG_LEDS_TRIGGER_TRANSIENT is not set -# CONFIG_LEDS_TRIGGER_CAMERA is not set -# CONFIG_LEDS_TRIGGER_PANIC is not set -# CONFIG_LEDS_TRIGGER_NETDEV is not set -# CONFIG_LEDS_TRIGGER_PATTERN is not set -# CONFIG_LEDS_TRIGGER_AUDIO is not set -# CONFIG_LEDS_TRIGGER_TTY is not set - -# -# Simple LED drivers -# -# CONFIG_ACCESSIBILITY is not set -# CONFIG_INFINIBAND is not set -CONFIG_EDAC_ATOMIC_SCRUB=y -CONFIG_EDAC_SUPPORT=y -CONFIG_RTC_LIB=y -CONFIG_RTC_MC146818_LIB=y -CONFIG_RTC_CLASS=y -# CONFIG_RTC_HCTOSYS is not set -CONFIG_RTC_SYSTOHC=y -CONFIG_RTC_SYSTOHC_DEVICE="rtc0" -# CONFIG_RTC_DEBUG is not set -CONFIG_RTC_NVMEM=y - -# -# RTC interfaces -# -CONFIG_RTC_INTF_SYSFS=y -CONFIG_RTC_INTF_PROC=y -CONFIG_RTC_INTF_DEV=y -# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set -# CONFIG_RTC_DRV_TEST is not set - -# -# I2C RTC drivers -# -# CONFIG_RTC_DRV_ABB5ZES3 is not set -# CONFIG_RTC_DRV_ABEOZ9 is not set -# CONFIG_RTC_DRV_ABX80X is not set -# CONFIG_RTC_DRV_DS1307 is not set -# CONFIG_RTC_DRV_DS1374 is not set -# CONFIG_RTC_DRV_DS1672 is not set -# CONFIG_RTC_DRV_MAX6900 is not set -# CONFIG_RTC_DRV_RS5C372 is not set -# CONFIG_RTC_DRV_ISL1208 is not set -# CONFIG_RTC_DRV_ISL12022 is not set -# CONFIG_RTC_DRV_X1205 is not set -# CONFIG_RTC_DRV_PCF8523 is not set -# CONFIG_RTC_DRV_PCF85063 is not set -# CONFIG_RTC_DRV_PCF85363 is not set -# CONFIG_RTC_DRV_PCF8563 is not set -# CONFIG_RTC_DRV_PCF8583 is not set -# CONFIG_RTC_DRV_M41T80 is not set -# CONFIG_RTC_DRV_BQ32K is not set -# CONFIG_RTC_DRV_S35390A is not set -# CONFIG_RTC_DRV_FM3130 is not set -# CONFIG_RTC_DRV_RX8010 is not set -# CONFIG_RTC_DRV_RX8581 is not set -# CONFIG_RTC_DRV_RX8025 is not set -# CONFIG_RTC_DRV_EM3027 is not set -# CONFIG_RTC_DRV_RV3028 is not set -# CONFIG_RTC_DRV_RV3032 is not set -# CONFIG_RTC_DRV_RV8803 is not set -# CONFIG_RTC_DRV_SD3078 is not set - -# -# SPI RTC drivers -# -CONFIG_RTC_I2C_AND_SPI=y - -# -# SPI and I2C RTC drivers -# -# CONFIG_RTC_DRV_DS3232 is not set -# CONFIG_RTC_DRV_PCF2127 is not set -# CONFIG_RTC_DRV_RV3029C2 is not set -# CONFIG_RTC_DRV_RX6110 is not set - -# -# Platform RTC drivers -# -CONFIG_RTC_DRV_CMOS=y -# CONFIG_RTC_DRV_DS1286 is not set -# CONFIG_RTC_DRV_DS1511 is not set -# CONFIG_RTC_DRV_DS1553 is not set -# CONFIG_RTC_DRV_DS1685_FAMILY is not set -# CONFIG_RTC_DRV_DS1742 is not set -# CONFIG_RTC_DRV_DS2404 is not set -# CONFIG_RTC_DRV_STK17TA8 is not set -# CONFIG_RTC_DRV_M48T86 is not set -# CONFIG_RTC_DRV_M48T35 is not set -# CONFIG_RTC_DRV_M48T59 is not set -# CONFIG_RTC_DRV_MSM6242 is not set -# CONFIG_RTC_DRV_BQ4802 is not set -# CONFIG_RTC_DRV_RP5C01 is not set - -# -# on-CPU RTC drivers -# -# CONFIG_RTC_DRV_FTRTC010 is not set - -# -# HID Sensor RTC drivers -# -# CONFIG_RTC_DRV_GOLDFISH is not set -CONFIG_DMADEVICES=y -# CONFIG_DMADEVICES_DEBUG is not set - -# -# DMA Devices -# -CONFIG_DMA_ENGINE=y -CONFIG_DMA_VIRTUAL_CHANNELS=y -CONFIG_DMA_ACPI=y -# CONFIG_ALTERA_MSGDMA is not set -# CONFIG_INTEL_IDMA64 is not set -# CONFIG_INTEL_IDXD is not set -# CONFIG_INTEL_IDXD_COMPAT is not set -# CONFIG_INTEL_IOATDMA is not set -# CONFIG_PLX_DMA is not set -# CONFIG_XILINX_XDMA is not set -# CONFIG_AMD_PTDMA is not set -# CONFIG_QCOM_HIDMA_MGMT is not set -# CONFIG_QCOM_HIDMA is not set -CONFIG_DW_DMAC_CORE=y -# CONFIG_DW_DMAC is not set -# CONFIG_DW_DMAC_PCI is not set -# CONFIG_DW_EDMA is not set -CONFIG_HSU_DMA=y -# CONFIG_SF_PDMA is not set -# CONFIG_INTEL_LDMA is not set - -# -# DMA Clients -# -# CONFIG_ASYNC_TX_DMA is not set -# CONFIG_DMATEST is not set - -# -# DMABUF options -# -CONFIG_SYNC_FILE=y -# CONFIG_SW_SYNC is not set -# CONFIG_UDMABUF is not set -# CONFIG_DMABUF_MOVE_NOTIFY is not set -# CONFIG_DMABUF_DEBUG is not set -# CONFIG_DMABUF_SELFTESTS is not set -# CONFIG_DMABUF_HEAPS is not set -# CONFIG_DMABUF_SYSFS_STATS is not set -# end of DMABUF options - -# CONFIG_AUXDISPLAY is not set -# CONFIG_UIO is not set -# CONFIG_VFIO is not set -# CONFIG_VIRT_DRIVERS is not set -CONFIG_VIRTIO_ANCHOR=y -CONFIG_VIRTIO=y -CONFIG_VIRTIO_PCI_LIB=y -CONFIG_VIRTIO_PCI_LIB_LEGACY=y -CONFIG_VIRTIO_MENU=y -CONFIG_VIRTIO_PCI=y -CONFIG_VIRTIO_PCI_LEGACY=y -# CONFIG_VIRTIO_BALLOON is not set -CONFIG_VIRTIO_INPUT=y -# CONFIG_VIRTIO_MMIO is not set -CONFIG_VIRTIO_DMA_SHARED_BUFFER=y -# CONFIG_VDPA is not set -CONFIG_VHOST_MENU=y -# CONFIG_VHOST_NET is not set -# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set - -# -# Microsoft Hyper-V guest support -# -# CONFIG_HYPERV is not set -# end of Microsoft Hyper-V guest support - -# CONFIG_GREYBUS is not set -# CONFIG_COMEDI is not set -# CONFIG_STAGING is not set -# CONFIG_CHROME_PLATFORMS is not set -# CONFIG_MELLANOX_PLATFORM is not set -CONFIG_SURFACE_PLATFORMS=y -# CONFIG_SURFACE_3_POWER_OPREGION is not set -# CONFIG_SURFACE_GPE is not set -# CONFIG_SURFACE_PRO3_BUTTON is not set -CONFIG_X86_PLATFORM_DEVICES=y -CONFIG_ACPI_WMI=y -CONFIG_WMI_BMOF=y -# CONFIG_HUAWEI_WMI is not set -# CONFIG_MXM_WMI is not set -# CONFIG_NVIDIA_WMI_EC_BACKLIGHT is not set -# CONFIG_XIAOMI_WMI is not set -# CONFIG_GIGABYTE_WMI is not set -# CONFIG_YOGABOOK is not set -# CONFIG_ACERHDF is not set -# CONFIG_ACER_WIRELESS is not set -# CONFIG_ACER_WMI is not set -# CONFIG_AMD_PMF is not set -# CONFIG_AMD_PMC is not set -# CONFIG_AMD_HSMP is not set -# CONFIG_ADV_SWBUTTON is not set -# CONFIG_APPLE_GMUX is not set -# CONFIG_ASUS_LAPTOP is not set -# CONFIG_ASUS_WIRELESS is not set -# CONFIG_ASUS_WMI is not set -CONFIG_EEEPC_LAPTOP=y -# CONFIG_X86_PLATFORM_DRIVERS_DELL is not set -# CONFIG_AMILO_RFKILL is not set -# CONFIG_FUJITSU_LAPTOP is not set -# CONFIG_FUJITSU_TABLET is not set -# CONFIG_GPD_POCKET_FAN is not set -# CONFIG_X86_PLATFORM_DRIVERS_HP is not set -# CONFIG_WIRELESS_HOTKEY is not set -# CONFIG_IBM_RTL is not set -# CONFIG_IDEAPAD_LAPTOP is not set -# CONFIG_LENOVO_YMC is not set -# CONFIG_SENSORS_HDAPS is not set -# CONFIG_THINKPAD_ACPI is not set -# CONFIG_THINKPAD_LMI is not set -# CONFIG_INTEL_ATOMISP2_PM is not set -# CONFIG_INTEL_IFS is not set -# CONFIG_INTEL_SAR_INT1092 is not set -# CONFIG_INTEL_PMC_CORE is not set - -# -# Intel Speed Select Technology interface support -# -# CONFIG_INTEL_SPEED_SELECT_INTERFACE is not set -# end of Intel Speed Select Technology interface support - -# CONFIG_INTEL_WMI_SBL_FW_UPDATE is not set -# CONFIG_INTEL_WMI_THUNDERBOLT is not set - -# -# Intel Uncore Frequency Control -# -# CONFIG_INTEL_UNCORE_FREQ_CONTROL is not set -# end of Intel Uncore Frequency Control - -# CONFIG_INTEL_HID_EVENT is not set -# CONFIG_INTEL_VBTN is not set -# CONFIG_INTEL_OAKTRAIL is not set -# CONFIG_INTEL_PUNIT_IPC is not set -# CONFIG_INTEL_RST is not set -# CONFIG_INTEL_SMARTCONNECT is not set -# CONFIG_INTEL_TURBO_MAX_3 is not set -# CONFIG_INTEL_VSEC is not set -# CONFIG_MSI_EC is not set -# CONFIG_MSI_LAPTOP is not set -# CONFIG_MSI_WMI is not set -# CONFIG_SAMSUNG_LAPTOP is not set -# CONFIG_SAMSUNG_Q10 is not set -# CONFIG_TOSHIBA_BT_RFKILL is not set -# CONFIG_TOSHIBA_HAPS is not set -# CONFIG_TOSHIBA_WMI is not set -# CONFIG_ACPI_CMPC is not set -# CONFIG_COMPAL_LAPTOP is not set -# CONFIG_LG_LAPTOP is not set -# CONFIG_PANASONIC_LAPTOP is not set -# CONFIG_SONY_LAPTOP is not set -# CONFIG_SYSTEM76_ACPI is not set -# CONFIG_TOPSTAR_LAPTOP is not set -# CONFIG_MLX_PLATFORM is not set -# CONFIG_INTEL_IPS is not set -# CONFIG_INTEL_SCU_PCI is not set -# CONFIG_INTEL_SCU_PLATFORM is not set -# CONFIG_SIEMENS_SIMATIC_IPC is not set -# CONFIG_WINMATE_FM07_KEYS is not set -CONFIG_P2SB=y -# CONFIG_COMMON_CLK is not set -# CONFIG_HWSPINLOCK is not set - -# -# Clock Source drivers -# -CONFIG_CLKEVT_I8253=y -CONFIG_I8253_LOCK=y -CONFIG_CLKBLD_I8253=y -# end of Clock Source drivers - -CONFIG_MAILBOX=y -CONFIG_PCC=y -# CONFIG_ALTERA_MBOX is not set -CONFIG_IOMMU_IOVA=y -CONFIG_IOMMU_API=y -CONFIG_IOMMU_SUPPORT=y - -# -# Generic IOMMU Pagetable Support -# -CONFIG_IOMMU_IO_PGTABLE=y -# end of Generic IOMMU Pagetable Support - -# CONFIG_IOMMU_DEBUGFS is not set -# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set -CONFIG_IOMMU_DEFAULT_DMA_LAZY=y -# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set -CONFIG_IOMMU_DMA=y -CONFIG_AMD_IOMMU=y -# CONFIG_AMD_IOMMU_V2 is not set -CONFIG_DMAR_TABLE=y -CONFIG_INTEL_IOMMU=y -# CONFIG_INTEL_IOMMU_SVM is not set -# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set -CONFIG_INTEL_IOMMU_FLOPPY_WA=y -CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y -CONFIG_INTEL_IOMMU_PERF_EVENTS=y -# CONFIG_IOMMUFD is not set -# CONFIG_IRQ_REMAP is not set -# CONFIG_VIRTIO_IOMMU is not set - -# -# Remoteproc drivers -# -# CONFIG_REMOTEPROC is not set -# end of Remoteproc drivers - -# -# Rpmsg drivers -# -# CONFIG_RPMSG_QCOM_GLINK_RPM is not set -# CONFIG_RPMSG_VIRTIO is not set -# end of Rpmsg drivers - -# CONFIG_SOUNDWIRE is not set - -# -# SOC (System On Chip) specific Drivers -# - -# -# Amlogic SoC drivers -# -# end of Amlogic SoC drivers - -# -# Broadcom SoC drivers -# -# end of Broadcom SoC drivers - -# -# NXP/Freescale QorIQ SoC drivers -# -# end of NXP/Freescale QorIQ SoC drivers - -# -# fujitsu SoC drivers -# -# end of fujitsu SoC drivers - -# -# i.MX SoC drivers -# -# end of i.MX SoC drivers - -# -# Enable LiteX SoC Builder specific drivers -# -# end of Enable LiteX SoC Builder specific drivers - -# CONFIG_WPCM450_SOC is not set - -# -# Qualcomm SoC drivers -# -# end of Qualcomm SoC drivers - -# CONFIG_SOC_TI is not set - -# -# Xilinx SoC drivers -# -# end of Xilinx SoC drivers -# end of SOC (System On Chip) specific Drivers - -# CONFIG_PM_DEVFREQ is not set -# CONFIG_EXTCON is not set -# CONFIG_MEMORY is not set -# CONFIG_IIO is not set -# CONFIG_NTB is not set -# CONFIG_PWM is not set - -# -# IRQ chip support -# -# end of IRQ chip support - -# CONFIG_IPACK_BUS is not set -# CONFIG_RESET_CONTROLLER is not set - -# -# PHY Subsystem -# -# CONFIG_GENERIC_PHY is not set -# CONFIG_USB_LGM_PHY is not set -# CONFIG_PHY_CAN_TRANSCEIVER is not set - -# -# PHY drivers for Broadcom platforms -# -# CONFIG_BCM_KONA_USB2_PHY is not set -# end of PHY drivers for Broadcom platforms - -# CONFIG_PHY_PXA_28NM_HSIC is not set -# CONFIG_PHY_PXA_28NM_USB2 is not set -# CONFIG_PHY_INTEL_LGM_EMMC is not set -# end of PHY Subsystem - -# CONFIG_POWERCAP is not set -# CONFIG_MCB is not set - -# -# Performance monitor support -# -# end of Performance monitor support - -# CONFIG_RAS is not set -# CONFIG_USB4 is not set - -# -# Android -# -# CONFIG_ANDROID_BINDER_IPC is not set -# end of Android - -# CONFIG_LIBNVDIMM is not set -# CONFIG_DAX is not set -CONFIG_NVMEM=y -CONFIG_NVMEM_SYSFS=y - -# -# Layout Types -# -# CONFIG_NVMEM_LAYOUT_SL28_VPD is not set -# CONFIG_NVMEM_LAYOUT_ONIE_TLV is not set -# end of Layout Types - -# CONFIG_NVMEM_RMEM is not set - -# -# HW tracing support -# -# CONFIG_STM is not set -# CONFIG_INTEL_TH is not set -# end of HW tracing support - -# CONFIG_FPGA is not set -# CONFIG_TEE is not set -# CONFIG_SIOX is not set -# CONFIG_SLIMBUS is not set -# CONFIG_INTERCONNECT is not set -# CONFIG_COUNTER is not set -# CONFIG_PECI is not set -# CONFIG_HTE is not set -# end of Device Drivers - -# -# File systems -# -CONFIG_DCACHE_WORD_ACCESS=y -# CONFIG_VALIDATE_FS_PARSER is not set -CONFIG_FS_IOMAP=y -CONFIG_LEGACY_DIRECT_IO=y -# CONFIG_EXT2_FS is not set -# CONFIG_EXT3_FS is not set -CONFIG_EXT4_FS=y -CONFIG_EXT4_USE_FOR_EXT2=y -CONFIG_EXT4_FS_POSIX_ACL=y -CONFIG_EXT4_FS_SECURITY=y -# CONFIG_EXT4_DEBUG is not set -CONFIG_JBD2=y -# CONFIG_JBD2_DEBUG is not set -CONFIG_FS_MBCACHE=y -# CONFIG_REISERFS_FS is not set -# CONFIG_JFS_FS is not set -# CONFIG_XFS_FS is not set -# CONFIG_GFS2_FS is not set -# CONFIG_BTRFS_FS is not set -# CONFIG_NILFS2_FS is not set -# CONFIG_F2FS_FS is not set -CONFIG_FS_POSIX_ACL=y -CONFIG_EXPORTFS=y -# CONFIG_EXPORTFS_BLOCK_OPS is not set -CONFIG_FILE_LOCKING=y -# CONFIG_FS_ENCRYPTION is not set -# CONFIG_FS_VERITY is not set -CONFIG_FSNOTIFY=y -CONFIG_DNOTIFY=y -CONFIG_INOTIFY_USER=y -# CONFIG_FANOTIFY is not set -CONFIG_QUOTA=y -CONFIG_QUOTA_NETLINK_INTERFACE=y -# CONFIG_QUOTA_DEBUG is not set -CONFIG_QUOTA_TREE=y -# CONFIG_QFMT_V1 is not set -CONFIG_QFMT_V2=y -CONFIG_QUOTACTL=y -CONFIG_AUTOFS_FS=y -# CONFIG_FUSE_FS is not set -# CONFIG_OVERLAY_FS is not set - -# -# Caches -# -CONFIG_NETFS_SUPPORT=y -# CONFIG_NETFS_STATS is not set -# CONFIG_FSCACHE is not set -# end of Caches - -# -# CD-ROM/DVD Filesystems -# -CONFIG_ISO9660_FS=y -CONFIG_JOLIET=y -CONFIG_ZISOFS=y -# CONFIG_UDF_FS is not set -# end of CD-ROM/DVD Filesystems - -# -# DOS/FAT/EXFAT/NT Filesystems -# -CONFIG_FAT_FS=y -CONFIG_MSDOS_FS=y -CONFIG_VFAT_FS=y -CONFIG_FAT_DEFAULT_CODEPAGE=437 -CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" -# CONFIG_FAT_DEFAULT_UTF8 is not set -# CONFIG_EXFAT_FS is not set -# CONFIG_NTFS_FS is not set -# CONFIG_NTFS3_FS is not set -# end of DOS/FAT/EXFAT/NT Filesystems - -# -# Pseudo filesystems -# -CONFIG_PROC_FS=y -CONFIG_PROC_KCORE=y -CONFIG_PROC_VMCORE=y -# CONFIG_PROC_VMCORE_DEVICE_DUMP is not set -CONFIG_PROC_SYSCTL=y -CONFIG_PROC_PAGE_MONITOR=y -# CONFIG_PROC_CHILDREN is not set -CONFIG_PROC_PID_ARCH_STATUS=y -CONFIG_KERNFS=y -CONFIG_SYSFS=y -CONFIG_TMPFS=y -CONFIG_TMPFS_POSIX_ACL=y -CONFIG_TMPFS_XATTR=y -# CONFIG_TMPFS_INODE64 is not set -CONFIG_HUGETLBFS=y -CONFIG_HUGETLB_PAGE=y -CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y -# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set -CONFIG_MEMFD_CREATE=y -CONFIG_ARCH_HAS_GIGANTIC_PAGE=y -# CONFIG_CONFIGFS_FS is not set -CONFIG_EFIVAR_FS=m -# end of Pseudo filesystems - -CONFIG_MISC_FILESYSTEMS=y -# CONFIG_ORANGEFS_FS is not set -# CONFIG_ADFS_FS is not set -# CONFIG_AFFS_FS is not set -# CONFIG_ECRYPT_FS is not set -# CONFIG_HFS_FS is not set -# CONFIG_HFSPLUS_FS is not set -# CONFIG_BEFS_FS is not set -# CONFIG_BFS_FS is not set -# CONFIG_EFS_FS is not set -# CONFIG_CRAMFS is not set -# CONFIG_SQUASHFS is not set -# CONFIG_VXFS_FS is not set -# CONFIG_MINIX_FS is not set -# CONFIG_OMFS_FS is not set -# CONFIG_HPFS_FS is not set -# CONFIG_QNX4FS_FS is not set -# CONFIG_QNX6FS_FS is not set -# CONFIG_ROMFS_FS is not set -# CONFIG_PSTORE is not set -# CONFIG_SYSV_FS is not set -# CONFIG_UFS_FS is not set -# CONFIG_EROFS_FS is not set -CONFIG_NETWORK_FILESYSTEMS=y -CONFIG_NFS_FS=y -CONFIG_NFS_V2=y -CONFIG_NFS_V3=y -CONFIG_NFS_V3_ACL=y -CONFIG_NFS_V4=y -# CONFIG_NFS_SWAP is not set -# CONFIG_NFS_V4_1 is not set -CONFIG_ROOT_NFS=y -# CONFIG_NFS_USE_LEGACY_DNS is not set -CONFIG_NFS_USE_KERNEL_DNS=y -CONFIG_NFS_DISABLE_UDP_SUPPORT=y -# CONFIG_NFSD is not set -CONFIG_GRACE_PERIOD=y -CONFIG_LOCKD=y -CONFIG_LOCKD_V4=y -CONFIG_NFS_ACL_SUPPORT=y -CONFIG_NFS_COMMON=y -CONFIG_SUNRPC=y -CONFIG_SUNRPC_GSS=y -CONFIG_RPCSEC_GSS_KRB5=y -# CONFIG_SUNRPC_DEBUG is not set -# CONFIG_CEPH_FS is not set -# CONFIG_CIFS is not set -# CONFIG_SMB_SERVER is not set -# CONFIG_CODA_FS is not set -# CONFIG_AFS_FS is not set -CONFIG_9P_FS=y -# CONFIG_9P_FS_POSIX_ACL is not set -# CONFIG_9P_FS_SECURITY is not set -CONFIG_NLS=y -CONFIG_NLS_DEFAULT="utf8" -CONFIG_NLS_CODEPAGE_437=y -# CONFIG_NLS_CODEPAGE_737 is not set -# CONFIG_NLS_CODEPAGE_775 is not set -# CONFIG_NLS_CODEPAGE_850 is not set -# CONFIG_NLS_CODEPAGE_852 is not set -# CONFIG_NLS_CODEPAGE_855 is not set -# CONFIG_NLS_CODEPAGE_857 is not set -# CONFIG_NLS_CODEPAGE_860 is not set -# CONFIG_NLS_CODEPAGE_861 is not set -# CONFIG_NLS_CODEPAGE_862 is not set -# CONFIG_NLS_CODEPAGE_863 is not set -# CONFIG_NLS_CODEPAGE_864 is not set -# CONFIG_NLS_CODEPAGE_865 is not set -# CONFIG_NLS_CODEPAGE_866 is not set -# CONFIG_NLS_CODEPAGE_869 is not set -# CONFIG_NLS_CODEPAGE_936 is not set -# CONFIG_NLS_CODEPAGE_950 is not set -# CONFIG_NLS_CODEPAGE_932 is not set -# CONFIG_NLS_CODEPAGE_949 is not set -# CONFIG_NLS_CODEPAGE_874 is not set -# CONFIG_NLS_ISO8859_8 is not set -# CONFIG_NLS_CODEPAGE_1250 is not set -# CONFIG_NLS_CODEPAGE_1251 is not set -CONFIG_NLS_ASCII=y -CONFIG_NLS_ISO8859_1=y -# CONFIG_NLS_ISO8859_2 is not set -# CONFIG_NLS_ISO8859_3 is not set -# CONFIG_NLS_ISO8859_4 is not set -# CONFIG_NLS_ISO8859_5 is not set -# CONFIG_NLS_ISO8859_6 is not set -# CONFIG_NLS_ISO8859_7 is not set -# CONFIG_NLS_ISO8859_9 is not set -# CONFIG_NLS_ISO8859_13 is not set -# CONFIG_NLS_ISO8859_14 is not set -# CONFIG_NLS_ISO8859_15 is not set -# CONFIG_NLS_KOI8_R is not set -# CONFIG_NLS_KOI8_U is not set -# CONFIG_NLS_MAC_ROMAN is not set -# CONFIG_NLS_MAC_CELTIC is not set -# CONFIG_NLS_MAC_CENTEURO is not set -# CONFIG_NLS_MAC_CROATIAN is not set -# CONFIG_NLS_MAC_CYRILLIC is not set -# CONFIG_NLS_MAC_GAELIC is not set -# CONFIG_NLS_MAC_GREEK is not set -# CONFIG_NLS_MAC_ICELAND is not set -# CONFIG_NLS_MAC_INUIT is not set -# CONFIG_NLS_MAC_ROMANIAN is not set -# CONFIG_NLS_MAC_TURKISH is not set -CONFIG_NLS_UTF8=y -# CONFIG_UNICODE is not set -CONFIG_IO_WQ=y -# end of File systems - -# -# Security options -# -CONFIG_KEYS=y -# CONFIG_KEYS_REQUEST_CACHE is not set -# CONFIG_PERSISTENT_KEYRINGS is not set -# CONFIG_TRUSTED_KEYS is not set -# CONFIG_ENCRYPTED_KEYS is not set -# CONFIG_KEY_DH_OPERATIONS is not set -# CONFIG_SECURITY_DMESG_RESTRICT is not set -CONFIG_SECURITY=y -# CONFIG_SECURITYFS is not set -CONFIG_SECURITY_NETWORK=y -# CONFIG_SECURITY_NETWORK_XFRM is not set -# CONFIG_SECURITY_PATH is not set -# CONFIG_INTEL_TXT is not set -CONFIG_LSM_MMAP_MIN_ADDR=65536 -# CONFIG_HARDENED_USERCOPY is not set -# CONFIG_FORTIFY_SOURCE is not set -# CONFIG_STATIC_USERMODEHELPER is not set -CONFIG_SECURITY_SELINUX=y -CONFIG_SECURITY_SELINUX_BOOTPARAM=y -CONFIG_SECURITY_SELINUX_DEVELOP=y -CONFIG_SECURITY_SELINUX_AVC_STATS=y -CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 -CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 -# CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set -# CONFIG_SECURITY_APPARMOR is not set -# CONFIG_SECURITY_LOADPIN is not set -# CONFIG_SECURITY_YAMA is not set -# CONFIG_SECURITY_SAFESETID is not set -# CONFIG_SECURITY_LOCKDOWN_LSM is not set -# CONFIG_SECURITY_LANDLOCK is not set -CONFIG_INTEGRITY=y -# CONFIG_INTEGRITY_SIGNATURE is not set -CONFIG_INTEGRITY_AUDIT=y -# CONFIG_IMA is not set -# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set -# CONFIG_EVM is not set -CONFIG_DEFAULT_SECURITY_SELINUX=y -# CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf" - -# -# Kernel hardening options -# - -# -# Memory initialization -# -CONFIG_INIT_STACK_NONE=y -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set -# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set -CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y -# CONFIG_ZERO_CALL_USED_REGS is not set -# end of Memory initialization - -CONFIG_RANDSTRUCT_NONE=y -# end of Kernel hardening options -# end of Security options - -CONFIG_CRYPTO=y - -# -# Crypto core or helper -# -CONFIG_CRYPTO_ALGAPI=y -CONFIG_CRYPTO_ALGAPI2=y -CONFIG_CRYPTO_AEAD=y -CONFIG_CRYPTO_AEAD2=y -CONFIG_CRYPTO_SIG2=y -CONFIG_CRYPTO_SKCIPHER=y -CONFIG_CRYPTO_SKCIPHER2=y -CONFIG_CRYPTO_HASH=y -CONFIG_CRYPTO_HASH2=y -CONFIG_CRYPTO_RNG=y -CONFIG_CRYPTO_RNG2=y -CONFIG_CRYPTO_RNG_DEFAULT=y -CONFIG_CRYPTO_AKCIPHER2=y -CONFIG_CRYPTO_AKCIPHER=y -CONFIG_CRYPTO_KPP2=y -CONFIG_CRYPTO_ACOMP2=y -CONFIG_CRYPTO_MANAGER=y -CONFIG_CRYPTO_MANAGER2=y -# CONFIG_CRYPTO_USER is not set -# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set -CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y -CONFIG_CRYPTO_NULL=y -CONFIG_CRYPTO_NULL2=y -# CONFIG_CRYPTO_PCRYPT is not set -# CONFIG_CRYPTO_CRYPTD is not set -CONFIG_CRYPTO_AUTHENC=y -CONFIG_CRYPTO_TEST=m -# end of Crypto core or helper - -# -# Public-key cryptography -# -CONFIG_CRYPTO_RSA=y -CONFIG_CRYPTO_RSA_HACL=y -# CONFIG_CRYPTO_DH is not set -CONFIG_CRYPTO_ECC=y -# CONFIG_CRYPTO_ECDH is not set -CONFIG_CRYPTO_ECDSA=y -# CONFIG_CRYPTO_ECRDSA is not set -# CONFIG_CRYPTO_SM2 is not set -# CONFIG_CRYPTO_CURVE25519 is not set -# end of Public-key cryptography - -# -# Block ciphers -# -CONFIG_CRYPTO_AES=y -# CONFIG_CRYPTO_AES_TI is not set -# CONFIG_CRYPTO_ARIA is not set -# CONFIG_CRYPTO_BLOWFISH is not set -# CONFIG_CRYPTO_CAMELLIA is not set -# CONFIG_CRYPTO_CAST5 is not set -# CONFIG_CRYPTO_CAST6 is not set -# CONFIG_CRYPTO_DES is not set -# CONFIG_CRYPTO_FCRYPT is not set -# CONFIG_CRYPTO_SERPENT is not set -# CONFIG_CRYPTO_SM4_GENERIC is not set -# CONFIG_CRYPTO_TWOFISH is not set -# end of Block ciphers - -# -# Length-preserving ciphers and modes -# -# CONFIG_CRYPTO_ADIANTUM is not set -# CONFIG_CRYPTO_CHACHA20 is not set -CONFIG_CRYPTO_CBC=y -# CONFIG_CRYPTO_CFB is not set -CONFIG_CRYPTO_CTR=y -# CONFIG_CRYPTO_CTS is not set -# CONFIG_CRYPTO_ECB is not set -# CONFIG_CRYPTO_HCTR2 is not set -# CONFIG_CRYPTO_KEYWRAP is not set -# CONFIG_CRYPTO_LRW is not set -# CONFIG_CRYPTO_OFB is not set -# CONFIG_CRYPTO_PCBC is not set -# CONFIG_CRYPTO_XTS is not set -# end of Length-preserving ciphers and modes - -# -# AEAD (authenticated encryption with associated data) ciphers -# -# CONFIG_CRYPTO_AEGIS128 is not set -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_CCM=y -CONFIG_CRYPTO_GCM=y -CONFIG_CRYPTO_GENIV=y -CONFIG_CRYPTO_SEQIV=y -CONFIG_CRYPTO_ECHAINIV=y -# CONFIG_CRYPTO_ESSIV is not set -# end of AEAD (authenticated encryption with associated data) ciphers - -# -# Hashes, digests, and MACs -# -CONFIG_CRYPTO_BLAKE2B=y -CONFIG_CRYPTO_CMAC=y -CONFIG_CRYPTO_GHASH=y -CONFIG_CRYPTO_HMAC=y -# CONFIG_CRYPTO_MD4 is not set -CONFIG_CRYPTO_MD5=y -# CONFIG_CRYPTO_MICHAEL_MIC is not set -# CONFIG_CRYPTO_POLY1305 is not set -# CONFIG_CRYPTO_RMD160 is not set -# CONFIG_CRYPTO_SHA1 is not set -CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA2_HACL=y -CONFIG_CRYPTO_SHA512=y -CONFIG_CRYPTO_SHA3=y -CONFIG_CRYPTO_SHA3_HACL=y -# CONFIG_CRYPTO_SM3_GENERIC is not set -# CONFIG_CRYPTO_STREEBOG is not set -# CONFIG_CRYPTO_VMAC is not set -# CONFIG_CRYPTO_WP512 is not set -# CONFIG_CRYPTO_XCBC is not set -# CONFIG_CRYPTO_XXHASH is not set -# end of Hashes, digests, and MACs - -# -# CRCs (cyclic redundancy checks) -# -CONFIG_CRYPTO_CRC32C=y -# CONFIG_CRYPTO_CRC32 is not set -# CONFIG_CRYPTO_CRCT10DIF is not set -# end of CRCs (cyclic redundancy checks) - -# -# Compression -# -# CONFIG_CRYPTO_DEFLATE is not set -# CONFIG_CRYPTO_LZO is not set -# CONFIG_CRYPTO_842 is not set -# CONFIG_CRYPTO_LZ4 is not set -# CONFIG_CRYPTO_LZ4HC is not set -# CONFIG_CRYPTO_ZSTD is not set -# end of Compression - -# -# Random number generation -# -# CONFIG_CRYPTO_ANSI_CPRNG is not set -CONFIG_CRYPTO_DRBG_MENU=y -CONFIG_CRYPTO_DRBG_HMAC=y -# CONFIG_CRYPTO_DRBG_HASH is not set -# CONFIG_CRYPTO_DRBG_CTR is not set -CONFIG_CRYPTO_DRBG=y -CONFIG_CRYPTO_JITTERENTROPY=y -# CONFIG_CRYPTO_JITTERENTROPY_TESTINTERFACE is not set -# end of Random number generation - -# -# Userspace interface -# -# CONFIG_CRYPTO_USER_API_HASH is not set -# CONFIG_CRYPTO_USER_API_SKCIPHER is not set -# CONFIG_CRYPTO_USER_API_RNG is not set -# CONFIG_CRYPTO_USER_API_AEAD is not set -# end of Userspace interface - -CONFIG_CRYPTO_HASH_INFO=y - -# -# Accelerated Cryptographic Algorithms for CPU (x86) -# -# CONFIG_CRYPTO_CURVE25519_X86 is not set -# CONFIG_CRYPTO_AES_NI_INTEL is not set -# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set -# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set -# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set -# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set -# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set -# CONFIG_CRYPTO_TWOFISH_X86_64 is not set -# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set -# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set -# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set -# CONFIG_CRYPTO_ARIA_AESNI_AVX2_X86_64 is not set -# CONFIG_CRYPTO_ARIA_GFNI_AVX512_X86_64 is not set -# CONFIG_CRYPTO_CHACHA20_X86_64 is not set -# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set -# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set -# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set -# CONFIG_CRYPTO_BLAKE2S_X86 is not set -# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set -# CONFIG_CRYPTO_POLY1305_X86_64 is not set -# CONFIG_CRYPTO_SHA1_SSSE3 is not set -# CONFIG_CRYPTO_SHA256_SSSE3 is not set -# CONFIG_CRYPTO_SHA512_SSSE3 is not set -# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set -# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set -# CONFIG_CRYPTO_CRC32C_INTEL is not set -# CONFIG_CRYPTO_CRC32_PCLMUL is not set -# end of Accelerated Cryptographic Algorithms for CPU (x86) - -CONFIG_CRYPTO_HW=y -# CONFIG_CRYPTO_DEV_PADLOCK is not set -# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set -# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set -# CONFIG_CRYPTO_DEV_CCP is not set -# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set -# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set -# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set -# CONFIG_CRYPTO_DEV_QAT_C62X is not set -# CONFIG_CRYPTO_DEV_QAT_4XXX is not set -# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set -# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set -# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set -# CONFIG_CRYPTO_DEV_VIRTIO is not set -# CONFIG_CRYPTO_DEV_SAFEXCEL is not set -# CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set -CONFIG_ASYMMETRIC_KEY_TYPE=y -CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y -CONFIG_X509_CERTIFICATE_PARSER=y -CONFIG_PKCS8_PRIVATE_KEY_PARSER=y -CONFIG_PKCS7_MESSAGE_PARSER=y -# CONFIG_PKCS7_TEST_KEY is not set -# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set -# CONFIG_FIPS_SIGNATURE_SELFTEST is not set - -# -# Certificates for signature checking -# -CONFIG_SYSTEM_TRUSTED_KEYRING=y -CONFIG_SYSTEM_TRUSTED_KEYS="" -# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set -# CONFIG_SECONDARY_TRUSTED_KEYRING is not set -# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set -# end of Certificates for signature checking - -CONFIG_BINARY_PRINTF=y - -# -# Library routines -# -# CONFIG_PACKING is not set -CONFIG_BITREVERSE=y -CONFIG_GENERIC_STRNCPY_FROM_USER=y -CONFIG_GENERIC_STRNLEN_USER=y -CONFIG_GENERIC_NET_UTILS=y -# CONFIG_CORDIC is not set -# CONFIG_PRIME_NUMBERS is not set -CONFIG_RATIONAL=y -CONFIG_GENERIC_PCI_IOMAP=y -CONFIG_GENERIC_IOMAP=y -CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y -CONFIG_ARCH_HAS_FAST_MULTIPLIER=y -CONFIG_ARCH_USE_SYM_ANNOTATIONS=y - -# -# Crypto library routines -# -CONFIG_CRYPTO_LIB_UTILS=y -CONFIG_CRYPTO_LIB_AES=y -CONFIG_CRYPTO_LIB_ARC4=y -CONFIG_CRYPTO_LIB_GF128MUL=y -CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y -# CONFIG_CRYPTO_LIB_CHACHA is not set -# CONFIG_CRYPTO_LIB_CURVE25519 is not set -CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -# CONFIG_CRYPTO_LIB_POLY1305 is not set -# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_LIB_SHA1=y -CONFIG_CRYPTO_LIB_SHA256=y -# end of Crypto library routines - -CONFIG_CRC_CCITT=y -CONFIG_CRC16=y -# CONFIG_CRC_T10DIF is not set -# CONFIG_CRC64_ROCKSOFT is not set -# CONFIG_CRC_ITU_T is not set -CONFIG_CRC32=y -# CONFIG_CRC32_SELFTEST is not set -CONFIG_CRC32_SLICEBY8=y -# CONFIG_CRC32_SLICEBY4 is not set -# CONFIG_CRC32_SARWATE is not set -# CONFIG_CRC32_BIT is not set -# CONFIG_CRC64 is not set -# CONFIG_CRC4 is not set -# CONFIG_CRC7 is not set -# CONFIG_LIBCRC32C is not set -# CONFIG_CRC8 is not set -CONFIG_XXHASH=y -# CONFIG_RANDOM32_SELFTEST is not set -CONFIG_ZLIB_INFLATE=y -CONFIG_ZLIB_DEFLATE=y -CONFIG_LZO_COMPRESS=y -CONFIG_LZO_DECOMPRESS=y -CONFIG_LZ4_DECOMPRESS=y -CONFIG_ZSTD_COMMON=y -CONFIG_ZSTD_DECOMPRESS=y -CONFIG_XZ_DEC=y -CONFIG_XZ_DEC_X86=y -CONFIG_XZ_DEC_POWERPC=y -CONFIG_XZ_DEC_IA64=y -CONFIG_XZ_DEC_ARM=y -CONFIG_XZ_DEC_ARMTHUMB=y -CONFIG_XZ_DEC_SPARC=y -# CONFIG_XZ_DEC_MICROLZMA is not set -CONFIG_XZ_DEC_BCJ=y -# CONFIG_XZ_DEC_TEST is not set -CONFIG_DECOMPRESS_GZIP=y -CONFIG_DECOMPRESS_BZIP2=y -CONFIG_DECOMPRESS_LZMA=y -CONFIG_DECOMPRESS_XZ=y -CONFIG_DECOMPRESS_LZO=y -CONFIG_DECOMPRESS_LZ4=y -CONFIG_DECOMPRESS_ZSTD=y -CONFIG_GENERIC_ALLOCATOR=y -CONFIG_INTERVAL_TREE=y -CONFIG_XARRAY_MULTI=y -CONFIG_ASSOCIATIVE_ARRAY=y -CONFIG_HAS_IOMEM=y -CONFIG_HAS_IOPORT=y -CONFIG_HAS_IOPORT_MAP=y -CONFIG_HAS_DMA=y -CONFIG_DMA_OPS=y -CONFIG_NEED_SG_DMA_FLAGS=y -CONFIG_NEED_SG_DMA_LENGTH=y -CONFIG_NEED_DMA_MAP_STATE=y -CONFIG_ARCH_DMA_ADDR_T_64BIT=y -CONFIG_SWIOTLB=y -# CONFIG_DMA_API_DEBUG is not set -# CONFIG_DMA_MAP_BENCHMARK is not set -CONFIG_SGL_ALLOC=y -CONFIG_CHECK_SIGNATURE=y -CONFIG_CPU_RMAP=y -CONFIG_DQL=y -CONFIG_GLOB=y -# CONFIG_GLOB_SELFTEST is not set -CONFIG_NLATTR=y -CONFIG_CLZ_TAB=y -# CONFIG_IRQ_POLL is not set -CONFIG_MPILIB=y -CONFIG_OID_REGISTRY=y -CONFIG_UCS2_STRING=y -CONFIG_HAVE_GENERIC_VDSO=y -CONFIG_GENERIC_GETTIMEOFDAY=y -CONFIG_GENERIC_VDSO_TIME_NS=y -CONFIG_FONT_SUPPORT=y -CONFIG_FONT_8x16=y -CONFIG_FONT_AUTOSELECT=y -CONFIG_SG_POOL=y -CONFIG_ARCH_HAS_PMEM_API=y -CONFIG_ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION=y -CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y -CONFIG_ARCH_HAS_COPY_MC=y -CONFIG_ARCH_STACKWALK=y -CONFIG_STACKDEPOT=y -CONFIG_SBITMAP=y -# end of Library routines - -# -# Kernel hacking -# - -# -# printk and dmesg options -# -CONFIG_PRINTK_TIME=y -# CONFIG_PRINTK_CALLER is not set -# CONFIG_STACKTRACE_BUILD_ID is not set -CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 -CONFIG_CONSOLE_LOGLEVEL_QUIET=4 -CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 -# CONFIG_BOOT_PRINTK_DELAY is not set -# CONFIG_DYNAMIC_DEBUG is not set -# CONFIG_DYNAMIC_DEBUG_CORE is not set -CONFIG_SYMBOLIC_ERRNAME=y -CONFIG_DEBUG_BUGVERBOSE=y -# end of printk and dmesg options - -CONFIG_DEBUG_KERNEL=y -CONFIG_DEBUG_MISC=y - -# -# Compile-time checks and compiler options -# -CONFIG_AS_HAS_NON_CONST_LEB128=y -CONFIG_DEBUG_INFO_NONE=y -# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set -# CONFIG_DEBUG_INFO_DWARF4 is not set -# CONFIG_DEBUG_INFO_DWARF5 is not set -CONFIG_FRAME_WARN=3417 -# CONFIG_STRIP_ASM_SYMS is not set -# CONFIG_READABLE_ASM is not set -# CONFIG_HEADERS_INSTALL is not set -# CONFIG_DEBUG_SECTION_MISMATCH is not set -CONFIG_SECTION_MISMATCH_WARN_ONLY=y -CONFIG_OBJTOOL=y -# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set -# end of Compile-time checks and compiler options - -# -# Generic Kernel Debugging Instruments -# -CONFIG_MAGIC_SYSRQ=y -CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 -CONFIG_MAGIC_SYSRQ_SERIAL=y -CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" -CONFIG_DEBUG_FS=y -CONFIG_DEBUG_FS_ALLOW_ALL=y -# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set -# CONFIG_DEBUG_FS_ALLOW_NONE is not set -CONFIG_HAVE_ARCH_KGDB=y -# CONFIG_KGDB is not set -CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y -# CONFIG_UBSAN is not set -CONFIG_HAVE_ARCH_KCSAN=y -CONFIG_HAVE_KCSAN_COMPILER=y -# CONFIG_KCSAN is not set -# end of Generic Kernel Debugging Instruments - -# -# Networking Debugging -# -# CONFIG_NET_DEV_REFCNT_TRACKER is not set -# CONFIG_NET_NS_REFCNT_TRACKER is not set -# CONFIG_DEBUG_NET is not set -# end of Networking Debugging - -# -# Memory Debugging -# -# CONFIG_PAGE_EXTENSION is not set -# CONFIG_DEBUG_PAGEALLOC is not set -CONFIG_SLUB_DEBUG=y -# CONFIG_SLUB_DEBUG_ON is not set -# CONFIG_PAGE_OWNER is not set -# CONFIG_PAGE_TABLE_CHECK is not set -# CONFIG_PAGE_POISONING is not set -# CONFIG_DEBUG_PAGE_REF is not set -# CONFIG_DEBUG_RODATA_TEST is not set -CONFIG_ARCH_HAS_DEBUG_WX=y -CONFIG_DEBUG_WX=y -CONFIG_GENERIC_PTDUMP=y -CONFIG_PTDUMP_CORE=y -# CONFIG_PTDUMP_DEBUGFS is not set -CONFIG_HAVE_DEBUG_KMEMLEAK=y -# CONFIG_DEBUG_KMEMLEAK is not set -# CONFIG_PER_VMA_LOCK_STATS is not set -# CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SHRINKER_DEBUG is not set -CONFIG_DEBUG_STACK_USAGE=y -# CONFIG_SCHED_STACK_END_CHECK is not set -CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y -# CONFIG_DEBUG_VM is not set -# CONFIG_DEBUG_VM_PGTABLE is not set -CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y -# CONFIG_DEBUG_VIRTUAL is not set -CONFIG_DEBUG_MEMORY_INIT=y -# CONFIG_DEBUG_PER_CPU_MAPS is not set -CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y -# CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP is not set -CONFIG_HAVE_ARCH_KASAN=y -CONFIG_HAVE_ARCH_KASAN_VMALLOC=y -CONFIG_CC_HAS_KASAN_GENERIC=y -CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y -# CONFIG_KASAN is not set -CONFIG_HAVE_ARCH_KFENCE=y -# CONFIG_KFENCE is not set -CONFIG_HAVE_ARCH_KMSAN=y -# end of Memory Debugging - -# CONFIG_DEBUG_SHIRQ is not set - -# -# Debug Oops, Lockups and Hangs -# -# CONFIG_PANIC_ON_OOPS is not set -CONFIG_PANIC_ON_OOPS_VALUE=0 -CONFIG_PANIC_TIMEOUT=0 -# CONFIG_SOFTLOCKUP_DETECTOR is not set -CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y -# CONFIG_HARDLOCKUP_DETECTOR is not set -CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y -# CONFIG_DETECT_HUNG_TASK is not set -# CONFIG_WQ_WATCHDOG is not set -# CONFIG_WQ_CPU_INTENSIVE_REPORT is not set -# CONFIG_TEST_LOCKUP is not set -# end of Debug Oops, Lockups and Hangs - -# -# Scheduler Debugging -# -# CONFIG_SCHED_DEBUG is not set -CONFIG_SCHED_INFO=y -CONFIG_SCHEDSTATS=y -# end of Scheduler Debugging - -# CONFIG_DEBUG_TIMEKEEPING is not set -# CONFIG_DEBUG_PREEMPT is not set - -# -# Lock Debugging (spinlocks, mutexes, etc...) -# -CONFIG_LOCK_DEBUGGING_SUPPORT=y -# CONFIG_PROVE_LOCKING is not set -# CONFIG_LOCK_STAT is not set -# CONFIG_DEBUG_RT_MUTEXES is not set -# CONFIG_DEBUG_SPINLOCK is not set -# CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set -# CONFIG_DEBUG_RWSEMS is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_DEBUG_ATOMIC_SLEEP is not set -# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set -# CONFIG_LOCK_TORTURE_TEST is not set -# CONFIG_WW_MUTEX_SELFTEST is not set -# CONFIG_SCF_TORTURE_TEST is not set -# CONFIG_CSD_LOCK_WAIT_DEBUG is not set -# end of Lock Debugging (spinlocks, mutexes, etc...) - -# CONFIG_NMI_CHECK_CPU is not set -# CONFIG_DEBUG_IRQFLAGS is not set -CONFIG_STACKTRACE=y -# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set -# CONFIG_DEBUG_KOBJECT is not set - -# -# Debug kernel data structures -# -# CONFIG_DEBUG_LIST is not set -# CONFIG_DEBUG_PLIST is not set -# CONFIG_DEBUG_SG is not set -# CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_BUG_ON_DATA_CORRUPTION is not set -# CONFIG_DEBUG_MAPLE_TREE is not set -# end of Debug kernel data structures - -# CONFIG_DEBUG_CREDENTIALS is not set - -# -# RCU Debugging -# -# CONFIG_RCU_SCALE_TEST is not set -# CONFIG_RCU_TORTURE_TEST is not set -# CONFIG_RCU_REF_SCALE_TEST is not set -CONFIG_RCU_CPU_STALL_TIMEOUT=21 -CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 -# CONFIG_RCU_CPU_STALL_CPUTIME is not set -CONFIG_RCU_TRACE=y -# CONFIG_RCU_EQS_DEBUG is not set -# end of RCU Debugging - -# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set -# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set -# CONFIG_LATENCYTOP is not set -# CONFIG_DEBUG_CGROUP_REF is not set -CONFIG_USER_STACKTRACE_SUPPORT=y -CONFIG_NOP_TRACER=y -CONFIG_HAVE_RETHOOK=y -CONFIG_RETHOOK=y -CONFIG_HAVE_FUNCTION_TRACER=y -CONFIG_HAVE_DYNAMIC_FTRACE=y -CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y -CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y -CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y -CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y -CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y -CONFIG_HAVE_SYSCALL_TRACEPOINTS=y -CONFIG_HAVE_FENTRY=y -CONFIG_HAVE_OBJTOOL_MCOUNT=y -CONFIG_HAVE_OBJTOOL_NOP_MCOUNT=y -CONFIG_HAVE_C_RECORDMCOUNT=y -CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y -CONFIG_TRACE_CLOCK=y -CONFIG_RING_BUFFER=y -CONFIG_EVENT_TRACING=y -CONFIG_CONTEXT_SWITCH_TRACER=y -CONFIG_TRACING=y -CONFIG_GENERIC_TRACER=y -CONFIG_TRACING_SUPPORT=y -CONFIG_FTRACE=y -# CONFIG_BOOTTIME_TRACING is not set -# CONFIG_FUNCTION_TRACER is not set -# CONFIG_STACK_TRACER is not set -# CONFIG_IRQSOFF_TRACER is not set -# CONFIG_PREEMPT_TRACER is not set -# CONFIG_SCHED_TRACER is not set -# CONFIG_HWLAT_TRACER is not set -# CONFIG_OSNOISE_TRACER is not set -# CONFIG_TIMERLAT_TRACER is not set -# CONFIG_MMIOTRACE is not set -# CONFIG_FTRACE_SYSCALLS is not set -# CONFIG_TRACER_SNAPSHOT is not set -CONFIG_BRANCH_PROFILE_NONE=y -# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set -# CONFIG_PROFILE_ALL_BRANCHES is not set -CONFIG_BLK_DEV_IO_TRACE=y -CONFIG_KPROBE_EVENTS=y -CONFIG_UPROBE_EVENTS=y -CONFIG_DYNAMIC_EVENTS=y -CONFIG_PROBE_EVENTS=y -# CONFIG_SYNTH_EVENTS is not set -# CONFIG_USER_EVENTS is not set -# CONFIG_HIST_TRIGGERS is not set -# CONFIG_TRACE_EVENT_INJECT is not set -# CONFIG_TRACEPOINT_BENCHMARK is not set -# CONFIG_RING_BUFFER_BENCHMARK is not set -# CONFIG_TRACE_EVAL_MAP_FILE is not set -# CONFIG_FTRACE_STARTUP_TEST is not set -# CONFIG_RING_BUFFER_STARTUP_TEST is not set -# CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set -# CONFIG_PREEMPTIRQ_DELAY_TEST is not set -# CONFIG_KPROBE_EVENT_GEN_TEST is not set -# CONFIG_RV is not set -CONFIG_PROVIDE_OHCI1394_DMA_INIT=y -# CONFIG_SAMPLES is not set -CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y -CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y -CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y -CONFIG_STRICT_DEVMEM=y -# CONFIG_IO_STRICT_DEVMEM is not set - -# -# x86 Debugging -# -CONFIG_EARLY_PRINTK_USB=y -CONFIG_X86_VERBOSE_BOOTUP=y -CONFIG_EARLY_PRINTK=y -CONFIG_EARLY_PRINTK_DBGP=y -# CONFIG_EARLY_PRINTK_USB_XDBC is not set -# CONFIG_EFI_PGT_DUMP is not set -# CONFIG_DEBUG_TLBFLUSH is not set -CONFIG_HAVE_MMIOTRACE_SUPPORT=y -# CONFIG_X86_DECODER_SELFTEST is not set -CONFIG_IO_DELAY_0X80=y -# CONFIG_IO_DELAY_0XED is not set -# CONFIG_IO_DELAY_UDELAY is not set -# CONFIG_IO_DELAY_NONE is not set -CONFIG_DEBUG_BOOT_PARAMS=y -# CONFIG_CPA_DEBUG is not set -# CONFIG_DEBUG_ENTRY is not set -# CONFIG_DEBUG_NMI_SELFTEST is not set -CONFIG_X86_DEBUG_FPU=y -# CONFIG_PUNIT_ATOM_DEBUG is not set -CONFIG_UNWINDER_ORC=y -# CONFIG_UNWINDER_FRAME_POINTER is not set -# end of x86 Debugging - -# -# Kernel Testing and Coverage -# -# CONFIG_KUNIT is not set -# CONFIG_NOTIFIER_ERROR_INJECTION is not set -# CONFIG_FUNCTION_ERROR_INJECTION is not set -# CONFIG_FAULT_INJECTION is not set -CONFIG_ARCH_HAS_KCOV=y -CONFIG_CC_HAS_SANCOV_TRACE_PC=y -# CONFIG_KCOV is not set -CONFIG_RUNTIME_TESTING_MENU=y -# CONFIG_TEST_DHRY is not set -# CONFIG_LKDTM is not set -# CONFIG_TEST_MIN_HEAP is not set -# CONFIG_TEST_DIV64 is not set -# CONFIG_BACKTRACE_SELF_TEST is not set -# CONFIG_TEST_REF_TRACKER is not set -# CONFIG_RBTREE_TEST is not set -# CONFIG_REED_SOLOMON_TEST is not set -# CONFIG_INTERVAL_TREE_TEST is not set -# CONFIG_PERCPU_TEST is not set -# CONFIG_ATOMIC64_SELFTEST is not set -# CONFIG_TEST_HEXDUMP is not set -# CONFIG_STRING_SELFTEST is not set -# CONFIG_TEST_STRING_HELPERS is not set -# CONFIG_TEST_KSTRTOX is not set -# CONFIG_TEST_PRINTF is not set -# CONFIG_TEST_SCANF is not set -# CONFIG_TEST_BITMAP is not set -# CONFIG_TEST_UUID is not set -# CONFIG_TEST_XARRAY is not set -# CONFIG_TEST_MAPLE_TREE is not set -# CONFIG_TEST_RHASHTABLE is not set -# CONFIG_TEST_IDA is not set -# CONFIG_TEST_LKM is not set -# CONFIG_TEST_BITOPS is not set -# CONFIG_TEST_VMALLOC is not set -# CONFIG_TEST_USER_COPY is not set -# CONFIG_TEST_BPF is not set -# CONFIG_TEST_BLACKHOLE_DEV is not set -# CONFIG_FIND_BIT_BENCHMARK is not set -# CONFIG_TEST_FIRMWARE is not set -# CONFIG_TEST_SYSCTL is not set -# CONFIG_TEST_UDELAY is not set -# CONFIG_TEST_STATIC_KEYS is not set -# CONFIG_TEST_KMOD is not set -# CONFIG_TEST_MEMCAT_P is not set -# CONFIG_TEST_MEMINIT is not set -# CONFIG_TEST_FREE_PAGES is not set -# CONFIG_TEST_FPU is not set -# CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set -CONFIG_ARCH_USE_MEMTEST=y -# CONFIG_MEMTEST is not set -# end of Kernel Testing and Coverage - -# -# Rust hacking -# -# end of Rust hacking -# end of Kernel hacking diff --git a/crypto/Makefile b/crypto/Makefile index e3b896b6d8316..3b2414b4bc995 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -62,10 +62,11 @@ obj-$(CONFIG_CRYPTO_SM2) += sm2_generic.o $(obj)/ecprivkey.asn1.o: $(obj)/ecprivkey.asn1.c $(obj)/ecprivkey.asn1.h $(obj)/ecdsasignature.asn1.o: $(obj)/ecdsasignature.asn1.c $(obj)/ecdsasignature.asn1.h $(obj)/ecdsa.o: $(obj)/ecdsasignature.asn1.h $(obj)/ecprivkey.asn1.h +ecdsa_generic-y += p256-hacl-generated.o ecdsa_generic-y += ecdsa.o ecdsa_generic-y += ecprivkey.asn1.o ecdsa_generic-y += ecdsasignature.asn1.o -obj-$(CONFIG_CRYPTO_ECDSA) += ecdsa_generic.o p256-hacl-generated.o +obj-$(CONFIG_CRYPTO_ECDSA) += ecdsa_generic.o crypto_acompress-y := acompress.o crypto_acompress-y += scompress.o From d21ad90c87ec8f646949adec673434e907edbcad Mon Sep 17 00:00:00 2001 From: Armando Faz Date: Sun, 18 Feb 2024 05:59:37 -0800 Subject: [PATCH 21/53] Adding Go tool for measuring RSA from user land. (#8) --- zeta/rsa_bench/Makefile | 14 +++++ zeta/rsa_bench/readme.md | 29 ++++++++++ zeta/rsa_bench/rsa.go | 116 +++++++++++++++++++++++++++++++++++++ zeta/rsa_bench/rsa_test.go | 57 ++++++++++++++++++ 4 files changed, 216 insertions(+) create mode 100644 zeta/rsa_bench/Makefile create mode 100644 zeta/rsa_bench/readme.md create mode 100644 zeta/rsa_bench/rsa.go create mode 100644 zeta/rsa_bench/rsa_test.go diff --git a/zeta/rsa_bench/Makefile b/zeta/rsa_bench/Makefile new file mode 100644 index 0000000000000..d221307a1e289 --- /dev/null +++ b/zeta/rsa_bench/Makefile @@ -0,0 +1,14 @@ +all: compile + +compile: rsa.go rsa_test.go + go build -o example.exe + go test -c -o bench.exe + +example: example.exe + ./example.exe + +benchmark: bench.exe + ./bench.exe -test.v -test.bench=. + +clean: + rm -f ./bench.exe ./example.exe \ No newline at end of file diff --git a/zeta/rsa_bench/readme.md b/zeta/rsa_bench/readme.md new file mode 100644 index 0000000000000..25e6f7ef916c9 --- /dev/null +++ b/zeta/rsa_bench/readme.md @@ -0,0 +1,29 @@ +## Benchmark of In-Kernel RSA Signing from User Space + +This program uses the Linux API to access to in-kernel cryptographic +operations. This Go program makes direct syscalls to the kernel similarly +to the `keyctl` utility command. + +To run an example: + $ make example + +To run a benchmark: + $ make benchmark + +After that, the output looks like: + +``` +BenchmarkRSAKernel +BenchmarkRSAKernel-16 283 4283867 ns/op +BenchmarkRSAGo +BenchmarkRSAGo-16 1412 908581 ns/op +``` + +The difference in time is expected as the program should wait for the +operating system to respond the syscall, and move memory between the kernel +space and the user space. + +Known Issues: +- "failed to load the private key into the keyring: bad message" + This means the parser is not loaded. To solve this issue run: + $ sudo modprobe pkcs8_key_parser diff --git a/zeta/rsa_bench/rsa.go b/zeta/rsa_bench/rsa.go new file mode 100644 index 0000000000000..386c5ba7299b4 --- /dev/null +++ b/zeta/rsa_bench/rsa.go @@ -0,0 +1,116 @@ +package main + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "log" + "syscall" + "unsafe" +) + +type KeySerial int32 +type Keyring int32 + +const ( + KEY_SPEC_PROCESS_KEYRING Keyring = -2 + KEYCTL_PKEY_SIGN = 27 +) + +var ( + keyTypeAsym = []byte("asymmetric\x00") + sha256pkcs1 = []byte("enc=pkcs1 hash=sha256\x00") +) + +func (keyring Keyring) LoadAsym(desc string, payload []byte) (KeySerial, error) { + cdesc := []byte(desc + "\x00") + serial, _, errno := syscall.Syscall6( + syscall.SYS_ADD_KEY, + uintptr(unsafe.Pointer(&keyTypeAsym[0])), + uintptr(unsafe.Pointer(&cdesc[0])), + uintptr(unsafe.Pointer(&payload[0])), + uintptr(len(payload)), + uintptr(keyring), + uintptr(0), + ) + if errno == 0 { + return KeySerial(serial), nil + } + + return KeySerial(serial), errno +} + +type pkeyParams struct { + key_id KeySerial + in_len uint32 + out_or_in2_len uint32 + __spare [7]uint32 +} + +func (key KeySerial) Sign(info, digest, signature []byte) error { + var params pkeyParams + params.key_id = key + params.in_len = uint32(len(digest)) + params.out_or_in2_len = uint32(len(signature)) + + _, _, errno := syscall.Syscall6( + syscall.SYS_KEYCTL, KEYCTL_PKEY_SIGN, + uintptr(unsafe.Pointer(¶ms)), + uintptr(unsafe.Pointer(&info[0])), + uintptr(unsafe.Pointer(&digest[0])), + uintptr(unsafe.Pointer(&signature[0])), + uintptr(0), + ) + if errno == 0 { + return nil + } + + return errno +} + +func loadKeyToKernel(key crypto.PrivateKey) KeySerial { + pkcs8, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + log.Fatalf("failed to serialize the private key to PKCS8 blob: %v", err) + } + + serial, err := KEY_SPEC_PROCESS_KEYRING.LoadAsym("test rsa key", pkcs8) + if err != nil { + log.Fatalf("failed to load the private key into the keyring: %v", err) + } + + log.Printf("Loaded key to the kernel with ID: %v", serial) + + return serial +} + +func main() { + const N = 2048 + + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + signature [N / 8]byte + ) + + priv, err := rsa.GenerateKey(rand.Reader, N) + if err != nil { + log.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel := loadKeyToKernel(priv) + + err = keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) + if err != nil { + log.Fatalf("failed to sign the digest: %v", err) + } + log.Printf("Signature from Kernel: %x...", signature[:10]) + + err = rsa.VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, digest[:], signature[:]) + log.Printf("Valid signature: %v", err == nil) + if err != nil { + log.Fatalf("failed to verify the signature: %v", err) + } +} diff --git a/zeta/rsa_bench/rsa_test.go b/zeta/rsa_bench/rsa_test.go new file mode 100644 index 0000000000000..77396febe4117 --- /dev/null +++ b/zeta/rsa_bench/rsa_test.go @@ -0,0 +1,57 @@ +package main + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "log" + "testing" +) + +func BenchmarkRSAKernel(b *testing.B) { + const N = 2048 + + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + signature [N / 8]byte + ) + + priv, err := rsa.GenerateKey(rand.Reader, N) + if err != nil { + log.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel := loadKeyToKernel(priv) + + b.ResetTimer() + for i := 0; i < b.N; i++ { + err := keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) + if err != nil { + log.Fatalf("failed to sign the digest: %v", err) + } + } +} + +func BenchmarkRSAGo(b *testing.B) { + const N = 2048 + + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + ) + + priv, err := rsa.GenerateKey(rand.Reader, N) + if err != nil { + log.Fatalf("failed to generate private key: %v", err) + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + _, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) + if err != nil { + log.Fatalf("failed to sign the digest: %v", err) + } + } +} From bef27bbbe0e6f8058b81985437510406e7eacee2 Mon Sep 17 00:00:00 2001 From: Karthik Bhargavan Date: Mon, 18 Mar 2024 18:34:08 +0100 Subject: [PATCH 22/53] rsa edits --- crypto/Makefile | 13 ++-- crypto/rsa-hacl.c | 141 ++++++++++++++++++++++++++++++---------- zeta/rsa_bench/Makefile | 10 +-- 3 files changed, 118 insertions(+), 46 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index 3b2414b4bc995..badb63b4538ae 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -36,12 +36,12 @@ $(obj)/rsapubkey.asn1.o: $(obj)/rsapubkey.asn1.c $(obj)/rsapubkey.asn1.h $(obj)/rsaprivkey.asn1.o: $(obj)/rsaprivkey.asn1.c $(obj)/rsaprivkey.asn1.h $(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h $(obj)/rsaprivkey.asn1.h -rsa_generic-y := rsapubkey.asn1.o -rsa_generic-y += rsaprivkey.asn1.o -rsa_generic-y += rsa_helper.o -rsa_generic-y += rsa.o -rsa_generic-y += rsa-pkcs1pad.o -obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o +# rsa_generic-y := rsapubkey.asn1.o +# rsa_generic-y += rsaprivkey.asn1.o +# rsa_generic-y += rsa_helper.o +# rsa_generic-y += rsa.o +# rsa_generic-y += rsa-pkcs1pad.o +# obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o rsa_hacl-y := rsapubkey.asn1.o rsa_hacl-y += rsaprivkey.asn1.o @@ -49,6 +49,7 @@ rsa_hacl-y += hacl_bignum.o rsa_hacl-y += rsa-hacl-generated.o rsa_hacl-y += rsa_helper.o rsa_hacl-y += rsa-hacl.o +rsa_hacl-y += rsa-pkcs1pad.o obj-$(CONFIG_CRYPTO_RSA_HACL) += rsa_hacl.o $(obj)/sm2signature.asn1.o: $(obj)/sm2signature.asn1.c $(obj)/sm2signature.asn1.h diff --git a/crypto/rsa-hacl.c b/crypto/rsa-hacl.c index 77047d148e8cd..afc4df64dc6b1 100644 --- a/crypto/rsa-hacl.c +++ b/crypto/rsa-hacl.c @@ -35,9 +35,12 @@ static inline struct hacl_rsa_key *rsa_get_key(struct crypto_akcipher *tfm) static int rsa_enc(struct akcipher_request *req) { + // printk("<<< in rsa enc"); struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); const struct hacl_rsa_key *pkey = rsa_get_key(tfm); int ret = 0; + // printk("<<< in hacl rsa_enc"); + // printk("<<<<<<<<<<<<<<<<<<<<<<<<<<< pkey->modbits:%d, pkey->ebits:%d, pkey->dbits:%d", pkey->modBits,pkey->eBits,pkey->dBits); if (unlikely(!pkey->nb || !pkey->eb)) { ret = -EINVAL; @@ -46,41 +49,53 @@ static int rsa_enc(struct akcipher_request *req) unsigned int plain_len = (pkey->modBits - 1)/8 + 1; unsigned int cipher_len = (pkey->modBits - 2)/8 + 1; - if (req->src_len != plain_len || req->dst_len != cipher_len) { + // printk("req->src_len:%d, plain_len:%d, req->dst_len:%d, cipher_len:%d", req->src_len,plain_len,req->dst_len,cipher_len); + if (req->src_len > plain_len || req->dst_len != cipher_len) { ret = -EINVAL; goto done; } - - unsigned char* buffer = kmalloc(req->src_len + req->dst_len, GFP_KERNEL); - if (!buffer) + unsigned char* pbuffer = kzalloc(plain_len, GFP_KERNEL); + unsigned char* cbuffer = kzalloc(cipher_len, GFP_KERNEL); + if (!pbuffer || !cbuffer) return -ENOMEM; sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len), - buffer, req->src_len); + pbuffer+plain_len-req->src_len, req->src_len); uint64_t *pk = Hacl_RSA_new_rsa_load_pkey(pkey->modBits,pkey->eBits,pkey->nb,pkey->eb); if (!pk) { + printk("<<< load pkey failed"); ret = -EINVAL; goto done; } + // printk("<<< loaded pkey with modbits = %d, nb[0] = %x, nb[63] = %x, ebits = %d, eb[0] = %x", pkey->modBits, pkey->nb[0], pkey->nb[63], pkey->eBits, pkey->eb[0]); + // printk("<<< calling HACL_RSA_rsa_enc with msg[plain_len-1] = %x, msg[..] = %x",pbuffer[plain_len-1],pbuffer[plain_len - req->src_len]); - ret = Hacl_RSA_rsa_enc(pkey->modBits,pkey->eBits,pk, buffer, buffer+req->src_len); + ret = Hacl_RSA_rsa_enc(pkey->modBits,pkey->eBits, pk, pbuffer, cbuffer); + if (!ret) ret = -EBADMSG; - sg_copy_from_buffer(req->dst, + // printk("<<< exiting hacl rsa_enc 5 with cipher_len=%d, dst_len=%d, nents=%d, cipher[0]=%x, cipher[15]=%x", + // cipher_len,req->dst_len,sg_nents_for_len(req->dst, req->dst_len),cbuffer[0],cbuffer[15]); + int copied = sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst, req->dst_len), - buffer+req->src_len, req->dst_len); + cbuffer, cipher_len); + (void)copied; + //printk("<<< exiting hacl rsa_enc 6 with copied = %d, cipher_len=%d, cipher[0]=%x, cipher[15]=%x", + // copied, cipher_len,cbuffer[0],cbuffer[15]); kfree(pk); - done: kfree(buffer); - return ret; + done: kfree(pbuffer); + kfree(cbuffer); + return !ret; } static int rsa_dec(struct akcipher_request *req) { + // printk("<<< in rsa dec"); struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); const struct hacl_rsa_key *skey = rsa_get_key(tfm); int ret = 0; @@ -91,46 +106,57 @@ static int rsa_dec(struct akcipher_request *req) } unsigned int plain_len = (skey->modBits - 1)/8 + 1; unsigned int cipher_len = (skey->modBits - 2)/8 + 1; + // printk("<<<<< pkey->modbits:%d, pkey->ebits:%d, pkey->dbits:%d", skey->modBits,skey->eBits,skey->dBits); + // printk("<<<<< req->src_len:%d, plain_len:%d, req->dst_len:%d, cipher_len:%d", req->src_len,plain_len,req->dst_len,cipher_len); - if (req->src_len != cipher_len || req->dst_len != plain_len) { + if (req->src_len > cipher_len || req->dst_len != plain_len) { + printk("not the right lengths"); ret = -EINVAL; goto done; } - unsigned char* buffer = kmalloc(req->src_len + req->dst_len, GFP_KERNEL); + unsigned char* buffer = kzalloc(plain_len + cipher_len, GFP_KERNEL); if (!buffer) return -ENOMEM; sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len), - buffer, req->src_len); + buffer+cipher_len-req->src_len, req->src_len); uint64_t *sk = Hacl_RSA_new_rsa_load_skey(skey->modBits,skey->eBits,skey->dBits,skey->nb,skey->eb,skey->db); if (!sk) { + printk("<<< load skey failed"); ret = -EINVAL; goto done; } - ret = Hacl_RSA_rsa_dec(skey->modBits,skey->eBits,skey->dBits,sk,buffer,buffer+req->src_len); + ret = Hacl_RSA_rsa_dec(skey->modBits,skey->eBits,skey->dBits,sk,buffer,buffer+cipher_len); - if (!ret) + if (!ret) { + printk("<<< rsa_dec failed"); ret = -EBADMSG; - + } + + // printk("<<< exiting hacl rsa_dec 5 with plain_len=%d, dst_len=%d, nents=%d, plain[0]=%x, plain[15]=%x", + // plain_len,req->dst_len,sg_nents_for_len(req->dst, req->dst_len),buffer[cipher_len],buffer[cipher_len+15]); sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst, req->dst_len), - buffer+req->src_len, req->dst_len); + buffer+cipher_len, req->dst_len); kfree(sk); done: kfree(buffer); - return ret; + return !ret; } static void rsa_free_key(struct hacl_rsa_key *key) { - kfree(key->db); - kfree(key->eb); - kfree(key->nb); + if (key->db != NULL) kfree(key->db); + if (key->eb != NULL) kfree(key->eb); + if (key->nb != NULL) kfree(key->nb); + key->modBits = 0; + key->eBits = 0; + key->dBits = 0; key->db = NULL; key->eb = NULL; key->nb = NULL; @@ -139,6 +165,8 @@ static void rsa_free_key(struct hacl_rsa_key *key) static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { + // printk("<<< calling hacl rsa_set_pub_key"); + struct hacl_rsa_key *pkey = rsa_get_key(tfm); struct rsa_key raw_key = {0}; @@ -151,13 +179,28 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, if (ret) return ret; - pkey->modBits = raw_key.n_sz * 8; - pkey->eBits = raw_key.e_sz * 8; - pkey->nb = (uint8_t*) raw_key.n; - pkey->eb = (uint8_t*) raw_key.e; - if (!pkey->nb || !pkey->eb) + int n_sz = raw_key.n_sz; + if (raw_key.n[0] == 0) { + n_sz -= 1; + } + + /* THIS IS JUST TO AVOID STACK OVERFLOW FOR NOW */ + if (n_sz > 256) + goto err; + + pkey->modBits = n_sz * 8; + + pkey->nb = kzalloc(n_sz,GFP_KERNEL); + if (!pkey->nb) + goto err; + memcpy(pkey->nb,raw_key.n+raw_key.n_sz-n_sz,n_sz); + + pkey->eBits = raw_key.e_sz * 8; + pkey->eb = kzalloc(raw_key.e_sz,GFP_KERNEL); + if (!pkey->eb) goto err; + memcpy(pkey->eb,raw_key.e,raw_key.e_sz); return ret; @@ -169,6 +212,8 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { + // printk("<<< calling hacl rsa_set_priv_key"); + struct hacl_rsa_key *skey = rsa_get_key(tfm); struct rsa_key raw_key = {0}; @@ -181,16 +226,36 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, if (ret) return ret; - skey->modBits = raw_key.n_sz * 8; + + int n_sz = raw_key.n_sz; + if (raw_key.n[0] == 0) { + n_sz -= 1; + } + + /* THIS IS JUST TO AVOID STACK OVERFLOW FOR NOW */ + if (n_sz > 256) + goto err; + + skey->modBits = n_sz * 8; + + skey->nb = kzalloc(n_sz,GFP_KERNEL); + if (!skey->nb) + goto err; + memcpy(skey->nb,raw_key.n+raw_key.n_sz-n_sz,n_sz); + skey->eBits = raw_key.e_sz * 8; - skey->dBits = raw_key.d_sz * 8; - skey->nb = (uint8_t*) raw_key.n; - skey->eb = (uint8_t*) raw_key.e; - skey->db = (uint8_t*) raw_key.d; + skey->eb = kzalloc(raw_key.e_sz,GFP_KERNEL); + if (!skey->eb) + goto err; + memcpy(skey->eb,raw_key.e,raw_key.e_sz); - if (!skey->nb || !skey->eb || !skey->db) + skey->dBits = raw_key.d_sz * 8; + skey->db = kzalloc(raw_key.d_sz,GFP_KERNEL); + if (!skey->db) goto err; + memcpy(skey->db,raw_key.d,raw_key.d_sz); + // printk("<<< leaving hacl rsa_set_priv_key"); return ret; err: @@ -201,8 +266,7 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, static unsigned int rsa_max_size(struct crypto_akcipher *tfm) { struct hacl_rsa_key *pkey = akcipher_tfm_ctx(tfm); - - return pkey->modBits; + return ((pkey->modBits-1)/8)+1; } static void rsa_exit_tfm(struct crypto_akcipher *tfm) @@ -236,11 +300,18 @@ static int __init hacl_rsa_init(void) if (err) return err; + err = crypto_register_template(&rsa_pkcs1pad_tmpl); + if (err) { + crypto_unregister_akcipher(&hacl_rsa); + return err; + } + return 0; } static void __exit hacl_rsa_exit(void) { + crypto_unregister_template(&rsa_pkcs1pad_tmpl); crypto_unregister_akcipher(&hacl_rsa); } @@ -248,5 +319,5 @@ subsys_initcall(hacl_rsa_init); module_exit(hacl_rsa_exit); MODULE_ALIAS_CRYPTO("rsa"); MODULE_ALIAS_CRYPTO("rsa-hacl"); -MODULE_LICENSE("GPLv2 or MIT"); +MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("Formally Verified RSA algorithm from HACL*"); diff --git a/zeta/rsa_bench/Makefile b/zeta/rsa_bench/Makefile index d221307a1e289..9f90af5953b1b 100644 --- a/zeta/rsa_bench/Makefile +++ b/zeta/rsa_bench/Makefile @@ -1,14 +1,14 @@ all: compile compile: rsa.go rsa_test.go - go build -o example.exe - go test -c -o bench.exe + go build -o rsa.exe rsa.go + go test -c -o bench.exe rsa.go rsa_test.go -example: example.exe - ./example.exe +rsa: rsa.exe + ./rsa.exe benchmark: bench.exe ./bench.exe -test.v -test.bench=. clean: - rm -f ./bench.exe ./example.exe \ No newline at end of file + rm -f ./bench.exe ./rsa.exe From 75145cd1ee18605181abfa40001fa3c483317b75 Mon Sep 17 00:00:00 2001 From: armfazh Date: Mon, 18 Mar 2024 12:27:23 -0700 Subject: [PATCH 23/53] Benchmark in-kernel verification. --- zeta/rsa_bench/Makefile | 9 ++++-- zeta/rsa_bench/go.mod | 3 ++ zeta/rsa_bench/rsa.go | 33 +++++++++++++++++++-- zeta/rsa_bench/rsa_test.go | 59 +++++++++++++++++++++++++++++++------- 4 files changed, 89 insertions(+), 15 deletions(-) create mode 100644 zeta/rsa_bench/go.mod diff --git a/zeta/rsa_bench/Makefile b/zeta/rsa_bench/Makefile index d221307a1e289..bad565b983d0f 100644 --- a/zeta/rsa_bench/Makefile +++ b/zeta/rsa_bench/Makefile @@ -4,10 +4,15 @@ compile: rsa.go rsa_test.go go build -o example.exe go test -c -o bench.exe -example: example.exe +load_parser: + modprobe pkcs8_key_parser + +example: rsa.go + go build -o example.exe ./example.exe -benchmark: bench.exe +benchmark: rsa.go rsa_test.go + go test -c -o bench.exe ./bench.exe -test.v -test.bench=. clean: diff --git a/zeta/rsa_bench/go.mod b/zeta/rsa_bench/go.mod new file mode 100644 index 0000000000000..1811bc1db71ea --- /dev/null +++ b/zeta/rsa_bench/go.mod @@ -0,0 +1,3 @@ +module cloudflare.com/linux/rsa_bench + +go 1.22.0 diff --git a/zeta/rsa_bench/rsa.go b/zeta/rsa_bench/rsa.go index 386c5ba7299b4..2c51139778e2e 100644 --- a/zeta/rsa_bench/rsa.go +++ b/zeta/rsa_bench/rsa.go @@ -13,10 +13,12 @@ import ( type KeySerial int32 type Keyring int32 +type KeyOps = uintptr const ( KEY_SPEC_PROCESS_KEYRING Keyring = -2 - KEYCTL_PKEY_SIGN = 27 + KEYCTL_PKEY_SIGN KeyOps = 27 + KEYCTL_PKEY_VERIFY KeyOps = 28 ) var ( @@ -70,6 +72,27 @@ func (key KeySerial) Sign(info, digest, signature []byte) error { return errno } +func (key KeySerial) Verify(info, digest, signature []byte) error { + var params pkeyParams + params.key_id = key + params.in_len = uint32(len(digest)) + params.out_or_in2_len = uint32(len(signature)) + + _, _, errno := syscall.Syscall6( + syscall.SYS_KEYCTL, KEYCTL_PKEY_VERIFY, + uintptr(unsafe.Pointer(¶ms)), + uintptr(unsafe.Pointer(&info[0])), + uintptr(unsafe.Pointer(&digest[0])), + uintptr(unsafe.Pointer(&signature[0])), + uintptr(0), + ) + if errno == 0 { + return nil + } + + return errno +} + func loadKeyToKernel(key crypto.PrivateKey) KeySerial { pkcs8, err := x509.MarshalPKCS8PrivateKey(key) if err != nil { @@ -108,8 +131,14 @@ func main() { } log.Printf("Signature from Kernel: %x...", signature[:10]) + err = keyInKernel.Verify(sha256pkcs1, digest[:], signature[:]) + if err != nil { + log.Fatalf("failed to verify the digest: %v", err) + } + log.Printf("Valid signature from Kernel: %v", err == nil) + err = rsa.VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, digest[:], signature[:]) - log.Printf("Valid signature: %v", err == nil) + log.Printf("Valid signature from Go: %v", err == nil) if err != nil { log.Fatalf("failed to verify the signature: %v", err) } diff --git a/zeta/rsa_bench/rsa_test.go b/zeta/rsa_bench/rsa_test.go index 77396febe4117..853ca6644e73e 100644 --- a/zeta/rsa_bench/rsa_test.go +++ b/zeta/rsa_bench/rsa_test.go @@ -5,11 +5,10 @@ import ( "crypto/rand" "crypto/rsa" "crypto/sha256" - "log" "testing" ) -func BenchmarkRSAKernel(b *testing.B) { +func kernelSetup(b *testing.B) (KeySerial, []byte, []byte) { const N = 2048 var ( @@ -20,16 +19,39 @@ func BenchmarkRSAKernel(b *testing.B) { priv, err := rsa.GenerateKey(rand.Reader, N) if err != nil { - log.Fatalf("failed to generate private key: %v", err) + b.Fatalf("failed to generate private key: %v", err) } keyInKernel := loadKeyToKernel(priv) + return keyInKernel, digest[:], signature[:] +} + +func BenchmarkRSAKernelSign(b *testing.B) { + keyInKernel, digest, signature := kernelSetup(b) + b.ResetTimer() for i := 0; i < b.N; i++ { err := keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) if err != nil { - log.Fatalf("failed to sign the digest: %v", err) + b.Fatalf("failed to sign the digest: %v", err) + } + } +} + +func BenchmarkRSAKernelVerify(b *testing.B) { + keyInKernel, digest, signature := kernelSetup(b) + + err := keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + err := keyInKernel.Verify(sha256pkcs1, digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) } } } @@ -44,14 +66,29 @@ func BenchmarkRSAGo(b *testing.B) { priv, err := rsa.GenerateKey(rand.Reader, N) if err != nil { - log.Fatalf("failed to generate private key: %v", err) + b.Fatalf("failed to generate private key: %v", err) } - b.ResetTimer() - for i := 0; i < b.N; i++ { - _, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) - if err != nil { - log.Fatalf("failed to sign the digest: %v", err) - } + signature, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) } + + b.Run("Sign", func(b *testing.B) { + for i := 0; i < b.N; i++ { + _, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } + }) + + b.Run("Verify", func(b *testing.B) { + for i := 0; i < b.N; i++ { + err := rsa.VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } + }) } From 8fc2d4e14871ae88aadaca05ae2700d34de66d99 Mon Sep 17 00:00:00 2001 From: Karthik Bhargavan Date: Tue, 19 Mar 2024 10:42:15 +0100 Subject: [PATCH 24/53] added separate options for hacl and generic implementation --- crypto/Kconfig | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 78ece1ce483b6..3c4177b7a4d85 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -252,9 +252,9 @@ config CRYPTO_RSA select MPILIB select ASN1 help - RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) from HACL* + RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) -config CRYPTO_RSA_HACL +config CRYPTO_RSA_GENERIC tristate "RSA (Rivest-Shamir-Adleman)" select CRYPTO_AKCIPHER select CRYPTO_MANAGER @@ -263,6 +263,16 @@ config CRYPTO_RSA_HACL help RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) +config CRYPTO_RSA_HACL + tristate "RSA (Rivest-Shamir-Adleman)" + select CRYPTO_AKCIPHER + select CRYPTO_MANAGER + select MPILIB + select ASN1 + help + RSA (Rivest-Shamir-Adleman) public key algorithm (RFC8017) from HACL* + + config CRYPTO_DH tristate "DH (Diffie-Hellman)" select CRYPTO_KPP From ffa185e65d4945a92704625bf419c994f7fb9849 Mon Sep 17 00:00:00 2001 From: Karthik Bhargavan Date: Mon, 3 Jun 2024 18:16:56 +0200 Subject: [PATCH 25/53] performance improvements --- Makefile | 6 +-- crypto/hacl_bignum.c | 26 +---------- crypto/hacl_bignum.h | 101 ++++++++++++++++++++++++++++++------------- crypto/hacl_lib.h | 35 ++++++++++----- 4 files changed, 100 insertions(+), 68 deletions(-) diff --git a/Makefile b/Makefile index beddccac32831..b0b41f51283d2 100644 --- a/Makefile +++ b/Makefile @@ -857,9 +857,9 @@ ifdef CONFIG_READABLE_ASM KBUILD_CFLAGS += -fno-reorder-blocks -fno-ipa-cp-clone -fno-partial-inlining endif -ifneq ($(CONFIG_FRAME_WARN),0) -KBUILD_CFLAGS += -Wframe-larger-than=$(CONFIG_FRAME_WARN) -endif +#ifneq ($(CONFIG_FRAME_WARN),0) +#KBUILD_CFLAGS += -Wframe-larger-than=$(CONFIG_FRAME_WARN) +#endif stackp-flags-y := -fno-stack-protector stackp-flags-$(CONFIG_STACKPROTECTOR) := -fstack-protector diff --git a/crypto/hacl_bignum.c b/crypto/hacl_bignum.c index c5f59d9731a6b..7d3b0d8ed6b88 100644 --- a/crypto/hacl_bignum.c +++ b/crypto/hacl_bignum.c @@ -1037,18 +1037,7 @@ bn_mont_reduction_u64(uint32_t len, uint64_t *n, uint64_t nInv, uint64_t *c, uin uint64_t c1 = 0ULL; for (uint32_t i = 0U; i < len / 4U; i++) { - uint64_t a_i = n[4U * i]; - uint64_t *res_i0 = res_j0 + 4U * i; - c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0); - uint64_t a_i0 = n[4U * i + 1U]; - uint64_t *res_i1 = res_j0 + 4U * i + 1U; - c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1); - uint64_t a_i1 = n[4U * i + 2U]; - uint64_t *res_i2 = res_j0 + 4U * i + 2U; - c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2); - uint64_t a_i2 = n[4U * i + 3U]; - uint64_t *res_i = res_j0 + 4U * i + 3U; - c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i); + c1 = bn_mul_add4_u64(n+4*i,qj,res_j0+4*i,c1); } for (uint32_t i = len / 4U * 4U; i < len; i++) { @@ -1293,18 +1282,7 @@ Hacl_Bignum_AlmostMontgomery_bn_almost_mont_reduction_u64( uint64_t c1 = 0ULL; for (uint32_t i = 0U; i < len / 4U; i++) { - uint64_t a_i = n[4U * i]; - uint64_t *res_i0 = res_j0 + 4U * i; - c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c1, res_i0); - uint64_t a_i0 = n[4U * i + 1U]; - uint64_t *res_i1 = res_j0 + 4U * i + 1U; - c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c1, res_i1); - uint64_t a_i1 = n[4U * i + 2U]; - uint64_t *res_i2 = res_j0 + 4U * i + 2U; - c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c1, res_i2); - uint64_t a_i2 = n[4U * i + 3U]; - uint64_t *res_i = res_j0 + 4U * i + 3U; - c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c1, res_i); + c1 = bn_mul_add4_u64(n+4*i,qj,res_j0+4*i,c1); } for (uint32_t i = len / 4U * 4U; i < len; i++) { diff --git a/crypto/hacl_bignum.h b/crypto/hacl_bignum.h index c739898260752..a2e8c6b3957a5 100644 --- a/crypto/hacl_bignum.h +++ b/crypto/hacl_bignum.h @@ -13,8 +13,9 @@ static inline uint32_t Hacl_Bignum_Base_mul_wide_add2_u32(uint32_t a, uint32_t b, uint32_t c_in, uint32_t *out) { uint32_t out0 = out[0U]; - uint64_t res = (uint64_t)a * (uint64_t)b + (uint64_t)c_in + (uint64_t)out0; - out[0U] = (uint32_t)res; + uint64_t res = (uint64_t)a * (uint64_t)b + (uint64_t)out0; + res = (uint32_t)res + (uint64_t)c_in; + out[0] = res; return (uint32_t)(res >> 32U); } @@ -23,10 +24,9 @@ Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64 { uint64_t out0 = out[0U]; FStar_UInt128_uint128 - res = - FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(a, b), - FStar_UInt128_uint64_to_uint128(c_in)), - FStar_UInt128_uint64_to_uint128(out0)); + res = FStar_UInt128_mul_wide(a, b); + res = FStar_UInt128_add(res,FStar_UInt128_uint64_to_uint128(out0)); + res = FStar_UInt128_add(res,FStar_UInt128_uint64_to_uint128(c_in)); out[0U] = FStar_UInt128_uint128_to_uint64(res); return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, 64U)); } @@ -295,6 +295,69 @@ Hacl_Bignum_Multiplication_bn_mul_u32( } } +static inline uint64_t bn_mul_add4_u64(uint64_t* n, uint64_t qj, uint64_t* res_j0, uint64_t c1) { + FStar_UInt128_uint128 ab0 = FStar_UInt128_mul_wide(n[0], qj); + FStar_UInt128_uint128 ab1 = FStar_UInt128_mul_wide(n[1], qj); + ab0 = FStar_UInt128_add(ab0, FStar_UInt128_uint64_to_uint128(res_j0[0])); + ab1 = FStar_UInt128_add(ab1, FStar_UInt128_uint64_to_uint128(res_j0[1])); + FStar_UInt128_uint128 ab2 = FStar_UInt128_mul_wide(n[2], qj); + FStar_UInt128_uint128 ab3 = FStar_UInt128_mul_wide(n[3], qj); + ab2 = FStar_UInt128_add(ab2, FStar_UInt128_uint64_to_uint128(res_j0[2])); + ab3 = FStar_UInt128_add(ab3, FStar_UInt128_uint64_to_uint128(res_j0[3])); + + uint64_t carry = c1; + ab0 = FStar_UInt128_add(ab0, carry); + carry = FStar_UInt128_shift_right(ab0, 64U); + ab1 = FStar_UInt128_add(ab1, carry); + carry = FStar_UInt128_shift_right(ab1, 64U); + ab2 = FStar_UInt128_add(ab2, carry); + carry = FStar_UInt128_shift_right(ab2, 64U); + ab3 = FStar_UInt128_add(ab3, carry); + carry = FStar_UInt128_shift_right(ab3, 64U); + c1 = carry; + + res_j0[0] = ab0; + res_j0[1] = ab1; + res_j0[2] = ab2; + res_j0[3] = ab3; + return c1; +} + +static inline uint64_t bn_mul_add4_u64_intrin(uint64_t* n, uint64_t qj, uint64_t* res_j0, uint64_t c1) { + FStar_UInt128_uint128 ab0 = FStar_UInt128_mul_wide(n[0], qj); + FStar_UInt128_uint128 ab1 = FStar_UInt128_mul_wide(n[1], qj); + FStar_UInt128_uint128 ab2 = FStar_UInt128_mul_wide(n[2], qj); + FStar_UInt128_uint128 ab3 = FStar_UInt128_mul_wide(n[3], qj); + + uint64_t ab0l = ab0; + uint64_t ab1l = ab1; + uint64_t ab2l = ab2; + uint64_t ab3l = ab3; + + uint64_t c = 0; + + uint64_t abo0l, abo1l, abo2l, abo3l; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, ab0l, res_j0[0], &abo0l); + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, ab1l, res_j0[1], &abo1l); + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, ab2l, res_j0[2], &abo2l); + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, ab3l, res_j0[3], &abo3l); + + uint64_t ab0h = ab0 >> 64; + uint64_t ab1h = ab1 >> 64; + uint64_t ab2h = ab2 >> 64; + uint64_t ab3h = ab3 >> 64; + + uint64_t x = 0; + x = Lib_IntTypes_Intrinsics_add_carry_u64(x, abo0l, c1, res_j0); + x = Lib_IntTypes_Intrinsics_add_carry_u64(x, abo1l, ab0h, res_j0 + 1); + x = Lib_IntTypes_Intrinsics_add_carry_u64(x, abo2l, ab1h, res_j0 + 2); + x = Lib_IntTypes_Intrinsics_add_carry_u64(x, abo3l, ab2h, res_j0 + 3); + + x = Lib_IntTypes_Intrinsics_add_carry_u64(x, ab3h, c, &c1); + return c1; +} + + static inline void Hacl_Bignum_Multiplication_bn_mul_u64( uint32_t aLen, @@ -312,18 +375,7 @@ Hacl_Bignum_Multiplication_bn_mul_u64( uint64_t c = 0ULL; for (uint32_t i = 0U; i < aLen / 4U; i++) { - uint64_t a_i = a[4U * i]; - uint64_t *res_i0 = res_j + 4U * i; - c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c, res_i0); - uint64_t a_i0 = a[4U * i + 1U]; - uint64_t *res_i1 = res_j + 4U * i + 1U; - c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c, res_i1); - uint64_t a_i1 = a[4U * i + 2U]; - uint64_t *res_i2 = res_j + 4U * i + 2U; - c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c, res_i2); - uint64_t a_i2 = a[4U * i + 3U]; - uint64_t *res_i = res_j + 4U * i + 3U; - c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c, res_i); + c = bn_mul_add4_u64(a+4*i,bj,res_j+4*i,c); } for (uint32_t i = aLen / 4U * 4U; i < aLen; i++) { @@ -399,18 +451,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res) uint64_t c = 0ULL; for (uint32_t i = 0U; i < i0 / 4U; i++) { - uint64_t a_i = ab[4U * i]; - uint64_t *res_i0 = res_j + 4U * i; - c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, res_i0); - uint64_t a_i0 = ab[4U * i + 1U]; - uint64_t *res_i1 = res_j + 4U * i + 1U; - c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, res_i1); - uint64_t a_i1 = ab[4U * i + 2U]; - uint64_t *res_i2 = res_j + 4U * i + 2U; - c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, res_i2); - uint64_t a_i2 = ab[4U * i + 3U]; - uint64_t *res_i = res_j + 4U * i + 3U; - c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, res_i); + c = bn_mul_add4_u64(ab+4*i,a_j,res_j+4*i,c); } for (uint32_t i = i0 / 4U * 4U; i < i0; i++) { diff --git a/crypto/hacl_lib.h b/crypto/hacl_lib.h index 3d2ffbb311d1f..35e312a0f21ec 100644 --- a/crypto/hacl_lib.h +++ b/crypto/hacl_lib.h @@ -115,28 +115,41 @@ Hacl_IntTypes_Intrinsics_sub_borrow_u32(uint32_t cin, uint32_t x, uint32_t y, ui static inline uint64_t -Hacl_IntTypes_Intrinsics_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) +Hacl_IntTypes_Intrinsics_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) { - uint64_t res = x - y - cin; - uint64_t - c = - ((FStar_UInt64_gte_mask(res, x) & ~FStar_UInt64_eq_mask(res, x)) - | (FStar_UInt64_eq_mask(res, x) & cin)) - & (uint64_t)1U; + u128 res = (u128) x + (u128) y + (cin & 1); + u64 c = (res >> 64) & 1; r[0U] = res; return c; } static inline uint64_t -Hacl_IntTypes_Intrinsics_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) +Hacl_IntTypes_Intrinsics_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) { - uint64_t res = x + cin + y; - uint64_t - c = (~FStar_UInt64_gte_mask(res, x) | (FStar_UInt64_eq_mask(res, x) & cin)) & (uint64_t)1U; + u128 res = (u128) x - (u128) y - (cin & 1); + u64 c = (res >> 64) & 1; r[0U] = res; return c; } +/* +static inline uint64_t +Hacl_IntTypes_Intrinsics_add_carry_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) +{ + uint64_t cout = 0; + *r = __builtin_addcll(x,y,cin,&cout); + return cout; +} + +static inline uint64_t +Hacl_IntTypes_Intrinsics_sub_borrow_u64(uint64_t cin, uint64_t x, uint64_t y, uint64_t *r) +{ + uint64_t cout = 0; + *r = __builtin_subcll(x,y,cin,&cout); + return cout; +} +*/ + #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \ (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)) From 3ea58d256ef4679f15dbbbbf96e34d8458a7c8a1 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 24 Jul 2024 09:32:23 +0200 Subject: [PATCH 26/53] add ecdsa benchmark stub --- zeta/ecdsa_bench/Makefile | 18 ++++ zeta/ecdsa_bench/ecdsa.go | 147 +++++++++++++++++++++++++++++++++ zeta/ecdsa_bench/ecdsa_test.go | 91 ++++++++++++++++++++ zeta/ecdsa_bench/readme.md | 35 ++++++++ 4 files changed, 291 insertions(+) create mode 100644 zeta/ecdsa_bench/Makefile create mode 100644 zeta/ecdsa_bench/ecdsa.go create mode 100644 zeta/ecdsa_bench/ecdsa_test.go create mode 100644 zeta/ecdsa_bench/readme.md diff --git a/zeta/ecdsa_bench/Makefile b/zeta/ecdsa_bench/Makefile new file mode 100644 index 0000000000000..b52112d1383b9 --- /dev/null +++ b/zeta/ecdsa_bench/Makefile @@ -0,0 +1,18 @@ +all: compile + +compile: rsa.go rsa_test.go + go build -o rsa.exe rsa.go + go test -c -o bench.exe rsa.go rsa_test.go + + +rsa: rsa.exe + ./rsa.exe + +load_parser: + modprobe pkcs8_key_parser + +benchmark: rsa.go rsa_test.go + ./bench.exe -test.v -test.bench=. + +clean: + rm -f ./bench.exe ./rsa.exe diff --git a/zeta/ecdsa_bench/ecdsa.go b/zeta/ecdsa_bench/ecdsa.go new file mode 100644 index 0000000000000..32b378379f753 --- /dev/null +++ b/zeta/ecdsa_bench/ecdsa.go @@ -0,0 +1,147 @@ +package main + +import ( + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "crypto/x509" + "log" + "syscall" + "unsafe" +) + +type ( + KeySerial int32 + Keyring int32 + KeyOps = uintptr +) + +const ( + KEY_SPEC_PROCESS_KEYRING Keyring = -2 + KEYCTL_PKEY_SIGN KeyOps = 27 + KEYCTL_PKEY_VERIFY KeyOps = 28 +) + +var ( + keyTypeAsym = []byte("asymmetric\x00") + sha256pkcs1 = []byte("enc=pkcs1 hash=sha256\x00") + signInfo = []byte("enc=raw hash=sha256\x00") +) + +func (keyring Keyring) LoadAsym(desc string, payload []byte) (KeySerial, error) { + cdesc := []byte(desc + "\x00") + serial, _, errno := syscall.Syscall6( + syscall.SYS_ADD_KEY, + uintptr(unsafe.Pointer(&keyTypeAsym[0])), + uintptr(unsafe.Pointer(&cdesc[0])), + uintptr(unsafe.Pointer(&payload[0])), + uintptr(len(payload)), + uintptr(keyring), + uintptr(0), + ) + if errno == 0 { + return KeySerial(serial), nil + } + + return KeySerial(serial), errno +} + +type pkeyParams struct { + key_id KeySerial + in_len uint32 + out_or_in2_len uint32 + __spare [7]uint32 +} + +func (key KeySerial) Sign(info, digest, signature []byte) error { + var params pkeyParams + params.key_id = key + params.in_len = uint32(len(digest)) + params.out_or_in2_len = uint32(len(signature)) + + _, _, errno := syscall.Syscall6( + syscall.SYS_KEYCTL, KEYCTL_PKEY_SIGN, + uintptr(unsafe.Pointer(¶ms)), + uintptr(unsafe.Pointer(&info[0])), + uintptr(unsafe.Pointer(&digest[0])), + uintptr(unsafe.Pointer(&signature[0])), + uintptr(0), + ) + if errno == 0 { + return nil + } + + return errno +} + +func (key KeySerial) Verify(info, digest, signature []byte) error { + var params pkeyParams + params.key_id = key + params.in_len = uint32(len(digest)) + params.out_or_in2_len = uint32(len(signature)) + + _, _, errno := syscall.Syscall6( + syscall.SYS_KEYCTL, KEYCTL_PKEY_VERIFY, + uintptr(unsafe.Pointer(¶ms)), + uintptr(unsafe.Pointer(&info[0])), + uintptr(unsafe.Pointer(&digest[0])), + uintptr(unsafe.Pointer(&signature[0])), + uintptr(0), + ) + if errno == 0 { + return nil + } + + return errno +} + +func loadKeyToKernel(key crypto.PrivateKey) KeySerial { + pkcs8, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + log.Fatalf("failed to serialize the private key to PKCS8 blob: %v", err) + } + + serial, err := KEY_SPEC_PROCESS_KEYRING.LoadAsym("test ecdsa key", pkcs8) + if err != nil { + log.Fatalf("failed to load the private key into the keyring: %v", err) + } + + log.Printf("Loaded key to the kernel with ID: %v", serial) + + return serial +} + +func main() { + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + signature [64]byte + ) + + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + log.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel := loadKeyToKernel(priv) + + err = keyInKernel.Sign(signInfo, digest[:], signature[:]) + if err != nil { + log.Fatalf("failed to sign the digest: %v", err) + } + log.Printf("Signature from Kernel: %x...", signature[:10]) + + err = keyInKernel.Verify(signInfo, digest[:], signature[:]) + if err != nil { + log.Fatalf("failed to verify the digest: %v", err) + } + log.Printf("Valid signature from Kernel: %v", err == nil) + + ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:]) + log.Printf("Valid signature from Go: %v", ok) + if !ok { + log.Fatalf("failed to verify the signature: %v", err) + } +} diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go new file mode 100644 index 0000000000000..b0a9a95031b02 --- /dev/null +++ b/zeta/ecdsa_bench/ecdsa_test.go @@ -0,0 +1,91 @@ +package main + +import ( + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "testing" +) + +func kernelSetup(b *testing.B) (KeySerial, []byte, []byte) { + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + signature [64]byte + ) + + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + b.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel := loadKeyToKernel(priv) + + return keyInKernel, digest[:], signature[:] +} + +func BenchmarkECDSAKernelSign(b *testing.B) { + keyInKernel, digest, signature := kernelSetup(b) + + b.ResetTimer() + for i := 0; i < b.N; i++ { + err := keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } +} + +func BenchmarkECDSAKernelVerify(b *testing.B) { + keyInKernel, digest, signature := kernelSetup(b) + + err := keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + err := keyInKernel.Verify(sha256pkcs1, digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } +} + +func BenchmarkECDSAGo(b *testing.B) { + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + ) + + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + b.Fatalf("failed to generate private key: %v", err) + } + + signature, err := ecdsa.SignASN1(rand.Reader, priv, digest[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.Run("Sign", func(b *testing.B) { + for i := 0; i < b.N; i++ { + _, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } + }) + + b.Run("Verify", func(b *testing.B) { + for i := 0; i < b.N; i++ { + ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:]) + if !ok { + b.Fatalf("failed to sign the digest: %v", err) + } + } + }) +} diff --git a/zeta/ecdsa_bench/readme.md b/zeta/ecdsa_bench/readme.md new file mode 100644 index 0000000000000..4577b1586cf5d --- /dev/null +++ b/zeta/ecdsa_bench/readme.md @@ -0,0 +1,35 @@ +## Benchmark of In-Kernel ECDSA Signing from User Space + +This program uses the Linux API to access to in-kernel cryptographic +operations. This Go program makes direct syscalls to the kernel similarly +to the `keyctl` utility command. + +To run an example: + $ make example + +To run a benchmark: + $ make benchmark + +After that, the output looks like: + +``` +BenchmarkECDSAKernel +BenchmarkECDSAKernel-16 283 4283867 ns/op +BenchmarkECDSAGo +BenchmarkECDSAGo-16 1412 908581 ns/op +``` + +The difference in time is expected as the program should wait for the +operating system to respond the syscall, and move memory between the kernel +space and the user space. + +Known Issues: + +- "failed to load the private key into the keyring: bad message" + This means the parser is not loaded. To solve this issue run: + + ```sh + sudo modprobe pkcs8_key_parser + ``` + + or compile the parser directly into the kernel (instead of as a module) From 34c5280f081f728ebf21e44aa37e379ffaf5bdfe Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 24 Jul 2024 17:33:08 +0200 Subject: [PATCH 27/53] add debug session --- WORK/launch.sh | 14 ++++++++++++++ WORK/run.sh | 5 +++++ security/keys/compat.c | 1 + security/keys/keyctl.c | 6 ++++++ security/keys/keyctl_pkey.c | 22 ++++++++++++++++++++++ security/keys/process_keys.c | 6 ++++++ zeta/ecdsa_bench/ecdsa.go | 4 +++- 7 files changed, 57 insertions(+), 1 deletion(-) create mode 100755 WORK/launch.sh create mode 100755 WORK/run.sh diff --git a/WORK/launch.sh b/WORK/launch.sh new file mode 100755 index 0000000000000..78b1e38bd0bce --- /dev/null +++ b/WORK/launch.sh @@ -0,0 +1,14 @@ +set -e + +name="$1" + +if [ "$name" = "" ]; then + echo "please provide a name as the first arg" + exit +fi + +mkdir -p "WORK/$name" + +make -j 12 +/bin/cp -f arch/x86_64/boot/bzImage "WORK/$name" +virtme-run --kimg "WORK/$name/bzImage" -a ignore_loglevel --pwd diff --git a/WORK/run.sh b/WORK/run.sh new file mode 100755 index 0000000000000..d04f142677b05 --- /dev/null +++ b/WORK/run.sh @@ -0,0 +1,5 @@ +dmesg -w & + +for i in $(seq 10); do + ./zeta/ecdsa_bench/ecdsa +done diff --git a/security/keys/compat.c b/security/keys/compat.c index 1545efdca5622..3aee2b0381336 100644 --- a/security/keys/compat.c +++ b/security/keys/compat.c @@ -17,6 +17,7 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option, u32, arg2, u32, arg3, u32, arg4, u32, arg5) { + printk(KERN_EMERG "at the keyctl syscall 32 entrypoint"); switch (option) { case KEYCTL_GET_KEYRING_ID: return keyctl_get_keyring_ID(arg2, arg3); diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 19be69fa4d052..3ec92232e3189 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -77,6 +77,9 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, size_t, plen, key_serial_t, ringid) { + printk(KERN_EMERG "at the add_key syscall entrypoint"); + + key_ref_t keyring_ref, key_ref; char type[32], *description; void *payload; @@ -1874,6 +1877,7 @@ long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen) SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, unsigned long, arg4, unsigned long, arg5) { + printk(KERN_EMERG "at the keyctl syscall 64 entrypoint"); switch (option) { case KEYCTL_GET_KEYRING_ID: return keyctl_get_keyring_ID((key_serial_t) arg2, @@ -1994,6 +1998,8 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, case KEYCTL_PKEY_ENCRYPT: case KEYCTL_PKEY_DECRYPT: case KEYCTL_PKEY_SIGN: + printk(KERN_EMERG "calling keyctl_pkey_e_d_s..."); + return keyctl_pkey_e_d_s( option, (const struct keyctl_pkey_params __user *)arg2, diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 97bc27bbf0797..1a5546384ef33 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -79,6 +79,7 @@ static int keyctl_pkey_params_get(key_serial_t id, const char __user *_info, struct kernel_pkey_params *params) { + printk("in keyctl_pkey_params_get\n"); key_ref_t key_ref; void *p; int ret; @@ -86,15 +87,18 @@ static int keyctl_pkey_params_get(key_serial_t id, memset(params, 0, sizeof(*params)); params->encoding = "raw"; + printk("calling strndup_user\n"); p = strndup_user(_info, PAGE_SIZE); if (IS_ERR(p)) return PTR_ERR(p); params->info = p; + printk("calling keyctl_pkey_params_parse\n"); ret = keyctl_pkey_params_parse(params); if (ret < 0) return ret; + printk("calling lookup_user_key\n"); key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); if (IS_ERR(key_ref)) return PTR_ERR(key_ref); @@ -115,6 +119,8 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par int op, struct kernel_pkey_params *params) { + printk("in keyctl_pkey_params_get_2\n"); + struct keyctl_pkey_params uparams; struct kernel_pkey_query info; int ret; @@ -122,17 +128,30 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par memset(params, 0, sizeof(*params)); params->encoding = "raw"; + printk("calling copy_from_user... \n"); if (copy_from_user(&uparams, _params, sizeof(uparams)) != 0) return -EFAULT; + printk("calling keyctl_pkey_params_get... \n"); ret = keyctl_pkey_params_get(uparams.key_id, _info, params); if (ret < 0) return ret; + printk(" got params:"); + printk(" encoding: %s", params->encoding); + printk(" hash_algo: %s", params->hash_algo); + printk(" info: %s", params->info); + printk(" in_len: %i", params->in_len); + + printk("calling asym_query... \n"); ret = params->key->type->asym_query(params, &info); if (ret < 0) return ret; + printk("op is %i \n", op); + printk("in len check: %i > %i \n", uparams.in_len, info.max_data_size); + printk("out len check: %i > %i \n", uparams.out_len, info.max_sig_size); + switch (op) { case KEYCTL_PKEY_ENCRYPT: if (uparams.in_len > info.max_dec_size || @@ -215,6 +234,7 @@ long keyctl_pkey_e_d_s(int op, const void __user *_in, void __user *_out) { + printk(KERN_EMERG "at the keyctl_pkey_e_d_s entrypoint"); struct kernel_pkey_params params; void *in, *out; long ret; @@ -252,6 +272,8 @@ long keyctl_pkey_e_d_s(int op, if (!out) goto error_in; + printk(KERN_WARNING "trying to sign"); + ret = params.key->type->asym_eds_op(¶ms, in, out); if (ret < 0) goto error_out; diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index b5d5333ab3300..ce8602ae14894 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -611,6 +611,8 @@ bool lookup_user_key_possessed(const struct key *key, key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, enum key_need_perm need_perm) { + printk("at the keyctl lookup_user_key entrypoint"); + struct keyring_search_context ctx = { .match_data.cmp = lookup_user_key_possessed, .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, @@ -623,6 +625,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, int ret; try_again: + printk("at the try_again label in lookup_user_key with id=%d\n", id); ctx.cred = get_current_cred(); key_ref = ERR_PTR(-ENOKEY); @@ -742,10 +745,12 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; default: + printk("id is not in range -8...=-1, etting key_ref to EINVAL\n"); key_ref = ERR_PTR(-EINVAL); if (id < 1) goto error; + printk("calling key_lookup\n"); key = key_lookup(id); if (IS_ERR(key)) { key_ref = ERR_CAST(key); @@ -807,6 +812,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, key->last_used_at = ktime_get_real_seconds(); error: + printk("at error label, returning\n"); put_cred(ctx.cred); return key_ref; diff --git a/zeta/ecdsa_bench/ecdsa.go b/zeta/ecdsa_bench/ecdsa.go index 32b378379f753..0d31bf9f081ce 100644 --- a/zeta/ecdsa_bench/ecdsa.go +++ b/zeta/ecdsa_bench/ecdsa.go @@ -9,6 +9,7 @@ import ( "crypto/x509" "log" "syscall" + "time" "unsafe" ) @@ -27,7 +28,7 @@ const ( var ( keyTypeAsym = []byte("asymmetric\x00") sha256pkcs1 = []byte("enc=pkcs1 hash=sha256\x00") - signInfo = []byte("enc=raw hash=sha256\x00") + signInfo = []byte("enc=x962\x00") ) func (keyring Keyring) LoadAsym(desc string, payload []byte) (KeySerial, error) { @@ -73,6 +74,7 @@ func (key KeySerial) Sign(info, digest, signature []byte) error { return nil } + time.Sleep(time.Second / 3) return errno } From 8e2bdcfe35f29b518c76b70c73a85c1560f64833 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 29 Jul 2024 10:28:01 +0200 Subject: [PATCH 28/53] add debug output and make running easier --- WORK/launch.sh | 11 +++++--- WORK/run.sh | 5 ---- WORK/virtme-home/.bashrc | 3 +++ WORK/virtme-home/bin/ecdsa | 1 + WORK/virtme-home/bin/ecdsa.test | 1 + WORK/virtme-home/bin/rsa | 1 + crypto/asymmetric_keys/signature.c | 5 ++++ security/keys/key.c | 7 +++++ security/keys/keyctl.c | 42 ++++++++++++++++++++++++++++++ security/keys/keyctl_pkey.c | 1 + security/keys/permission.c | 10 +++++++ security/keys/process_keys.c | 28 +++++++++++++++++--- zeta/ecdsa_bench/ecdsa.go | 2 +- zeta/rsa_bench/rsa.go | 10 ++++--- 14 files changed, 110 insertions(+), 17 deletions(-) delete mode 100755 WORK/run.sh create mode 100644 WORK/virtme-home/.bashrc create mode 120000 WORK/virtme-home/bin/ecdsa create mode 120000 WORK/virtme-home/bin/ecdsa.test create mode 120000 WORK/virtme-home/bin/rsa diff --git a/WORK/launch.sh b/WORK/launch.sh index 78b1e38bd0bce..4372ea3869179 100755 --- a/WORK/launch.sh +++ b/WORK/launch.sh @@ -9,6 +9,11 @@ fi mkdir -p "WORK/$name" -make -j 12 -/bin/cp -f arch/x86_64/boot/bzImage "WORK/$name" -virtme-run --kimg "WORK/$name/bzImage" -a ignore_loglevel --pwd +# using clang because that's what the clangd intros said i must do +make CC=clang -j 12 +/bin/cp arch/x86_64/boot/bzImage "WORK/$name" +virtme-run \ + --kimg "WORK/$name/bzImage" \ + -a ignore_loglevel \ + --rodir=/tmp/roothome=$(pwd)/WORK/virtme-home \ + --pwd diff --git a/WORK/run.sh b/WORK/run.sh deleted file mode 100755 index d04f142677b05..0000000000000 --- a/WORK/run.sh +++ /dev/null @@ -1,5 +0,0 @@ -dmesg -w & - -for i in $(seq 10); do - ./zeta/ecdsa_bench/ecdsa -done diff --git a/WORK/virtme-home/.bashrc b/WORK/virtme-home/.bashrc new file mode 100644 index 0000000000000..e6e5da643d954 --- /dev/null +++ b/WORK/virtme-home/.bashrc @@ -0,0 +1,3 @@ +dmesg -w --since now & + +export PATH=$PATH:$HOME/bin diff --git a/WORK/virtme-home/bin/ecdsa b/WORK/virtme-home/bin/ecdsa new file mode 120000 index 0000000000000..911cfb824ff6a --- /dev/null +++ b/WORK/virtme-home/bin/ecdsa @@ -0,0 +1 @@ +../../../zeta/ecdsa_bench/ecdsa \ No newline at end of file diff --git a/WORK/virtme-home/bin/ecdsa.test b/WORK/virtme-home/bin/ecdsa.test new file mode 120000 index 0000000000000..6d37784266025 --- /dev/null +++ b/WORK/virtme-home/bin/ecdsa.test @@ -0,0 +1 @@ +../../../zeta/ecdsa_bench/ecdsa.test \ No newline at end of file diff --git a/WORK/virtme-home/bin/rsa b/WORK/virtme-home/bin/rsa new file mode 120000 index 0000000000000..dd9094c795d09 --- /dev/null +++ b/WORK/virtme-home/bin/rsa @@ -0,0 +1 @@ +../../../zeta/rsa_bench/rsa \ No newline at end of file diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c index 2deff81f8af50..2a636bb495f42 100644 --- a/crypto/asymmetric_keys/signature.c +++ b/crypto/asymmetric_keys/signature.c @@ -42,18 +42,23 @@ EXPORT_SYMBOL_GPL(public_key_signature_free); int query_asymmetric_key(const struct kernel_pkey_params *params, struct kernel_pkey_query *info) { + printk("in query_asymmetric_key\n"); const struct asymmetric_key_subtype *subtype; struct key *key = params->key; int ret; pr_devel("==>%s()\n", __func__); + printk(" is asymmetric key type? %d\n", key->type == &key_type_asymmetric); if (key->type != &key_type_asymmetric) return -EINVAL; subtype = asymmetric_key_subtype(key); + printk(" subtype ptr: %p\n", subtype); + printk(" payload.data[0]: %p\n", key->payload.data[0]); if (!subtype || !key->payload.data[0]) return -EINVAL; + printk(" subtype name: %s\n", subtype->name); if (!subtype->query) return -ENOTSUPP; diff --git a/security/keys/key.c b/security/keys/key.c index 5c0c7df833f8a..b4a834be5758f 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -918,6 +918,13 @@ static key_ref_t __key_create_or_update(key_ref_t keyring_ref, perm |= KEY_POS_WRITE; } + + + /* + * XXX(keks): This is where we start building the key! + * + * */ + /* allocate a new key */ key = key_alloc(index_key.type, index_key.description, cred->fsuid, cred->fsgid, cred, perm, flags, NULL); diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 3ec92232e3189..297ac0850835b 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include "internal.h" @@ -132,6 +133,8 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, goto error3; } + printk("got the user keyring\n"); + /* create or update the requested key and add it to the target * keyring */ key_ref = key_create_or_update(keyring_ref, type, description, @@ -145,6 +148,45 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, ret = PTR_ERR(key_ref); } + /* */ + struct public_key_signature; + struct asymmetric_key_subtype { + struct module *owner; + const char *name; + unsigned short name_len; /* length of name */ + + /* Describe a key of this subtype for /proc/keys */ + void (*describe)(const struct key *key, struct seq_file *m); + + /* Destroy a key of this subtype */ + void (*destroy)(void *payload_crypto, void *payload_auth); + + int (*query)(const struct kernel_pkey_params *params, + struct kernel_pkey_query *info); + + /* Encrypt/decrypt/sign data */ + int (*eds_op)(struct kernel_pkey_params *params, + const void *in, void *out); + + /* Verify the signature on a key of this subtype (optional) */ + int (*verify_signature)(const struct key *key, + const struct public_key_signature *sig); + }; + + struct key *key; + struct public_key *public_key; + struct asymmetric_key_subtype *asym_subtype; + key = key_ref_to_ptr(key_ref); + printk(" key.type.name: %s\n", key->type->name); + public_key = key->payload.data[0]; + asym_subtype = key->payload.data[1]; + printk(" (key as asym).name: %s\n", asym_subtype->name); /*1 is asym_subtype*/ + printk(" (key as asym as public_key) is private? %d\n", public_key->key_is_private); + printk(" (key as asym as public_key).algo_oid %d\n", public_key->algo); + printk(" (key as asym as public_key).keylen %u\n", public_key->keylen); + + /* */ + key_ref_put(keyring_ref); error3: kvfree_sensitive(payload, plen); diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 1a5546384ef33..b5363d1e244bb 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -142,6 +142,7 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par printk(" hash_algo: %s", params->hash_algo); printk(" info: %s", params->info); printk(" in_len: %i", params->in_len); + printk(" key.type.name: %s", params->key->type->name); printk("calling asym_query... \n"); ret = params->key->type->asym_query(params, &info); diff --git a/security/keys/permission.c b/security/keys/permission.c index 4a61f804e80f6..9352bc718201e 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -32,12 +32,14 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, switch (need_perm) { default: + printk("returning access denied at the very start\n"); WARN_ON(1); return -EACCES; case KEY_NEED_UNLINK: case KEY_SYSADMIN_OVERRIDE: case KEY_AUTHTOKEN_OVERRIDE: case KEY_DEFER_PERM_CHECK: + printk("goto lsm\n"); goto lsm; case KEY_NEED_VIEW: mask = KEY_OTH_VIEW; break; @@ -48,10 +50,13 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, case KEY_NEED_SETATTR: mask = KEY_OTH_SETATTR; break; } + printk("left switch\n"); + key = key_ref_to_ptr(key_ref); /* use the second 8-bits of permissions for keys the caller owns */ if (uid_eq(key->uid, cred->fsuid)) { + printk("goto use these perms 1\n"); kperm = key->perm >> 16; goto use_these_perms; } @@ -60,12 +65,14 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, * membership in common with */ if (gid_valid(key->gid) && key->perm & KEY_GRP_ALL) { if (gid_eq(key->gid, cred->fsgid)) { + printk("goto use these perms 2\n"); kperm = key->perm >> 8; goto use_these_perms; } ret = groups_search(cred->group_info, key->gid); if (ret) { + printk("goto use these perms 3\n"); kperm = key->perm >> 8; goto use_these_perms; } @@ -82,6 +89,9 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, if (is_key_possessed(key_ref)) kperm |= key->perm >> 24; + printk("kperm %x\n", kperm); + printk(" mask %x\n", mask); + printk(" and %x\n", kperm & mask); if ((kperm & mask) != mask) return -EACCES; diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index ce8602ae14894..bd5ca5791866b 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -611,7 +611,7 @@ bool lookup_user_key_possessed(const struct key *key, key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, enum key_need_perm need_perm) { - printk("at the keyctl lookup_user_key entrypoint"); + printk("at the keyctl lookup_user_key entrypoint\n"); struct keyring_search_context ctx = { .match_data.cmp = lookup_user_key_possessed, @@ -631,6 +631,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, switch (id) { case KEY_SPEC_THREAD_KEYRING: + printk("in switch branch KEY_SPEC_THREAD_KEYRING\n"); if (!ctx.cred->thread_keyring) { if (!(lflags & KEY_LOOKUP_CREATE)) goto error; @@ -649,6 +650,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_PROCESS_KEYRING: + printk("in switch branch KEY_SPEC_PROCESS_KEYRING\n"); if (!ctx.cred->process_keyring) { if (!(lflags & KEY_LOOKUP_CREATE)) goto error; @@ -667,6 +669,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_SESSION_KEYRING: + printk("in switch branch KEY_SPEC_SESSION_KEYRING\n"); if (!ctx.cred->session_keyring) { /* always install a session keyring upon access if one * doesn't exist yet */ @@ -697,6 +700,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_USER_KEYRING: + printk("in switch branch KEY_SPEC_USER_KEYRING\n"); ret = look_up_user_keyrings(&key, NULL); if (ret < 0) goto error; @@ -704,6 +708,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_USER_SESSION_KEYRING: + printk("in switch branch KEY_SPEC_USER_SESSION_KEYRING\n"); ret = look_up_user_keyrings(NULL, &key); if (ret < 0) goto error; @@ -711,11 +716,13 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_GROUP_KEYRING: + printk("in switch branch KEY_SPEC_GROUP_KEYRING\n"); /* group keyrings are not yet supported */ key_ref = ERR_PTR(-EINVAL); goto error; case KEY_SPEC_REQKEY_AUTH_KEY: + printk("in switch branch KEY_SPEC_REQKEY_AUTH_KEYRING\n"); key = ctx.cred->request_key_auth; if (!key) goto error; @@ -725,6 +732,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_REQUESTOR_KEYRING: + printk("in switch branch KEY_SPEC_REQUESTOR_KEYRING\n"); if (!ctx.cred->request_key_auth) goto error; @@ -745,7 +753,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; default: - printk("id is not in range -8...=-1, etting key_ref to EINVAL\n"); + printk("in default switch branch, setting key_ref to EINVAL\n"); key_ref = ERR_PTR(-EINVAL); if (id < 1) goto error; @@ -753,6 +761,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, printk("calling key_lookup\n"); key = key_lookup(id); if (IS_ERR(key)) { + printk("key_lookup failed with code %li\n", PTR_ERR(key)); key_ref = ERR_CAST(key); goto error; } @@ -776,10 +785,14 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; } + kdebug("left switch happy"); + /* unlink does not use the nominated key in any way, so can skip all * the permission checks as it is only concerned with the keyring */ if (need_perm != KEY_NEED_UNLINK) { + printk("need_perm != KEY_NEED_UNLINK\n"); if (!(lflags & KEY_LOOKUP_PARTIAL)) { + printk("!(lflags & KEY_LOOKUP_PARTIAL)\n"); ret = wait_for_key_construction(key, true); switch (ret) { case -ERESTARTSYS: @@ -793,6 +806,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; } } else if (need_perm != KEY_DEFER_PERM_CHECK) { + printk("lflags & KEY_LOOKUP_PARTIAL\n"); ret = key_validate(key); if (ret < 0) goto invalid_key; @@ -800,23 +814,28 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, ret = -EIO; if (!(lflags & KEY_LOOKUP_PARTIAL) && - key_read_state(key) == KEY_IS_UNINSTANTIATED) + key_read_state(key) == KEY_IS_UNINSTANTIATED) { + printk("not partial lookup and key uninstantiated. goto invalid_key\n"); goto invalid_key; + } } + printk("after need unlink branch\n"); /* check the permissions */ ret = key_task_permission(key_ref, ctx.cred, need_perm); + printk("key taks permissions: %i -- shoult be >= 0\n", ret); if (ret < 0) goto invalid_key; key->last_used_at = ktime_get_real_seconds(); error: - printk("at error label, returning\n"); + printk("at label `error`, returning\n"); put_cred(ctx.cred); return key_ref; invalid_key: + printk("at label `invalid_key`, going to error\n"); key_ref_put(key_ref); key_ref = ERR_PTR(ret); goto error; @@ -824,6 +843,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, /* if we attempted to install a keyring, then it may have caused new * creds to be installed */ reget_creds: + printk("at label `reget_creds`, going to try_again\n"); put_cred(ctx.cred); goto try_again; } diff --git a/zeta/ecdsa_bench/ecdsa.go b/zeta/ecdsa_bench/ecdsa.go index 0d31bf9f081ce..cabe011748536 100644 --- a/zeta/ecdsa_bench/ecdsa.go +++ b/zeta/ecdsa_bench/ecdsa.go @@ -110,7 +110,7 @@ func loadKeyToKernel(key crypto.PrivateKey) KeySerial { log.Fatalf("failed to load the private key into the keyring: %v", err) } - log.Printf("Loaded key to the kernel with ID: %v", serial) + log.Printf("Loaded key of length %v to the kernel with ID: %v", len(pkcs8), serial) return serial } diff --git a/zeta/rsa_bench/rsa.go b/zeta/rsa_bench/rsa.go index 2c51139778e2e..7d058958ab461 100644 --- a/zeta/rsa_bench/rsa.go +++ b/zeta/rsa_bench/rsa.go @@ -11,9 +11,11 @@ import ( "unsafe" ) -type KeySerial int32 -type Keyring int32 -type KeyOps = uintptr +type ( + KeySerial int32 + Keyring int32 + KeyOps = uintptr +) const ( KEY_SPEC_PROCESS_KEYRING Keyring = -2 @@ -104,7 +106,7 @@ func loadKeyToKernel(key crypto.PrivateKey) KeySerial { log.Fatalf("failed to load the private key into the keyring: %v", err) } - log.Printf("Loaded key to the kernel with ID: %v", serial) + log.Printf("Loaded key of length %v to the kernel with ID: %v", len(pkcs8), serial) return serial } From 128e82bb298681fa04ca340a650a7a3c21f5ffbd Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 29 Jul 2024 10:46:37 +0200 Subject: [PATCH 29/53] build bin symlinks dynamically --- WORK/launch.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/WORK/launch.sh b/WORK/launch.sh index 4372ea3869179..dee1d8ee9c8b7 100755 --- a/WORK/launch.sh +++ b/WORK/launch.sh @@ -7,6 +7,16 @@ if [ "$name" = "" ]; then exit fi +# prepare home bin dir +workdir="$(dirname -- "$0")" +workdir="$(cd -- "$workdir"; pwd)" +kerneldir="$(dirname -- "$workdir")" + +rm -- "$workdir/virtme-home/bin/"* +ln -s "$kerneldir/zeta/rsa_bench/rsa" "$workdir/virtme-home/bin/rsa" +ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa" "$workdir/virtme-home/bin/ecdsa" +ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa.test" "$workdir/virtme-home/bin/ecdsa.test" + mkdir -p "WORK/$name" # using clang because that's what the clangd intros said i must do From f2bf36491e087867cc7a18f5250ff25739421ddd Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Tue, 30 Jul 2024 12:42:16 +0200 Subject: [PATCH 30/53] fix signature generation, add test in go --- crypto/ecdsa.c | 14 +++++++-- zeta/ecdsa_bench/ecdsa.go | 23 ++++++++------ zeta/ecdsa_bench/ecdsa_test.go | 57 ++++++++++++++++++++++++++++------ 3 files changed, 72 insertions(+), 22 deletions(-) diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index f22c95a09d2e0..4497614d8b770 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -355,6 +355,8 @@ static int asn1_encode_signature_sg(struct akcipher_request *req, needed++; if (req->dst_len < needed) { + printk("dst_len is less than needed: %i < %lu", req->dst_len, + needed); req->dst_len = needed; return -EOVERFLOW; } @@ -413,6 +415,7 @@ static int asn1_encode_signature_sg(struct akcipher_request *req, static int ecdsa_sign(struct akcipher_request *req) { + printk("in ecdsa_sign\n"); struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); size_t keylen = ctx->curve->g.ndigits << ECC_DIGITS_TO_BYTES_SHIFT; @@ -442,11 +445,12 @@ static int ecdsa_sign(struct akcipher_request *req) if (IS_ERR(rng)) return PTR_ERR(rng); + printk(" curve name: %s\n", ctx->curve->name); if (strncmp(ctx->curve->name, "nist_256", 8) == 0) { u8 private_key[32]; u8 signature[64]; u8 nonce[32]; - ecc_swap_digits(ctx->d, (u64*)private_key, 2); + ecc_swap_digits(ctx->d, (u64 *)private_key, 4); ret = rfc6979_gen_k_hacl(ctx, rng, nonce); if (ret) { goto alloc_rng; @@ -456,6 +460,7 @@ static int ecdsa_sign(struct akcipher_request *req) do { if (Hacl_P256_ecdsa_sign_p256_without_hash(signature, req->dst_len, rawhash_k, private_key, nonce)) { + printk(" calling Hacl_P256_ecdsa_sign_p256_without_hash\n"); ret = 0; } else { ret = -EAGAIN; @@ -463,8 +468,8 @@ static int ecdsa_sign(struct akcipher_request *req) } while (ret == -EAGAIN); /* Encode the signature. Note that this could be more efficient when done directly and not first converting it to u64s. */ - ecc_swap_digits(signature, sig_ctx.r, 2); - ecc_swap_digits(signature + 32, sig_ctx.s, 2); + ecc_swap_digits(signature, sig_ctx.r, 4); + ecc_swap_digits(signature + 32, sig_ctx.s, 4); ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); } else { ecc_swap_digits((u64 *)rawhash_k, hash, ctx->curve->g.ndigits); @@ -523,6 +528,7 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx) */ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { + printk("ecdsa_set_pub_key: enter fun"); struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); const unsigned char *d = key; const u64 *digits = (const u64 *)&d[1]; @@ -598,6 +604,8 @@ int ecc_get_priv_params(void *context, size_t hdrlen, unsigned char tag, { struct ecc_ctx *ctx = context; + printk("getting priv params %zu\n", vlen); + switch (look_up_OID(value, vlen)) { case OID_id_prime192v1: return (ctx->curve_id == ECC_CURVE_NIST_P192) ? 0 : -EINVAL; diff --git a/zeta/ecdsa_bench/ecdsa.go b/zeta/ecdsa_bench/ecdsa.go index cabe011748536..7f76f7a1e4ed0 100644 --- a/zeta/ecdsa_bench/ecdsa.go +++ b/zeta/ecdsa_bench/ecdsa.go @@ -27,8 +27,7 @@ const ( var ( keyTypeAsym = []byte("asymmetric\x00") - sha256pkcs1 = []byte("enc=pkcs1 hash=sha256\x00") - signInfo = []byte("enc=x962\x00") + signInfo = []byte("enc=x962 hash=sha256\x00") ) func (keyring Keyring) LoadAsym(desc string, payload []byte) (KeySerial, error) { @@ -56,7 +55,7 @@ type pkeyParams struct { __spare [7]uint32 } -func (key KeySerial) Sign(info, digest, signature []byte) error { +func (key KeySerial) Sign(info, digest, signature []byte) (uint64, error) { var params pkeyParams params.key_id = key params.in_len = uint32(len(digest)) @@ -70,12 +69,15 @@ func (key KeySerial) Sign(info, digest, signature []byte) error { uintptr(unsafe.Pointer(&signature[0])), uintptr(0), ) - if errno == 0 { - return nil - } time.Sleep(time.Second / 3) - return errno + + if errno != 0 { + return 0, errno + } + + length := uint64(signature[1]) + 2 + return length, nil } func (key KeySerial) Verify(info, digest, signature []byte) error { @@ -92,6 +94,7 @@ func (key KeySerial) Verify(info, digest, signature []byte) error { uintptr(unsafe.Pointer(&signature[0])), uintptr(0), ) + time.Sleep(time.Second / 3) if errno == 0 { return nil } @@ -119,7 +122,7 @@ func main() { var ( msg = []byte("hello world") digest = sha256.Sum256(msg) - signature [64]byte + signature [72]byte ) priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) @@ -129,13 +132,13 @@ func main() { keyInKernel := loadKeyToKernel(priv) - err = keyInKernel.Sign(signInfo, digest[:], signature[:]) + n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) if err != nil { log.Fatalf("failed to sign the digest: %v", err) } log.Printf("Signature from Kernel: %x...", signature[:10]) - err = keyInKernel.Verify(signInfo, digest[:], signature[:]) + err = keyInKernel.Verify(signInfo, digest[:], signature[:n]) if err != nil { log.Fatalf("failed to verify the digest: %v", err) } diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go index b0a9a95031b02..19032acfb588a 100644 --- a/zeta/ecdsa_bench/ecdsa_test.go +++ b/zeta/ecdsa_bench/ecdsa_test.go @@ -6,32 +6,66 @@ import ( "crypto/elliptic" "crypto/rand" "crypto/sha256" + "fmt" "testing" ) -func kernelSetup(b *testing.B) (KeySerial, []byte, []byte) { +func kernelSetup(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { var ( msg = []byte("hello world") digest = sha256.Sum256(msg) - signature [64]byte + signature [72]byte + ) + + keyInKernel := loadKeyToKernel(priv) + + return keyInKernel, digest[:], signature[:] +} + +func TestSignInKernelVerifyInGo(t *testing.T) { + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + signature [72]byte ) priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { - b.Fatalf("failed to generate private key: %v", err) + t.Fatalf("failed to generate private key: %v", err) } keyInKernel := loadKeyToKernel(priv) - return keyInKernel, digest[:], signature[:] + n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) + if err != nil { + t.Fatalf("failed to sign the digest: %v", err) + } + + fmt.Printf("got signature %x (len: %v, n: %v)\n", signature, len(signature), n) + fmt.Printf("got signature %x\n", signature[:n]) + + ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:n]) + if !ok { + t.Log("failed to verify the signature using pre-hashed, trying with sha256...") + digestDigest := sha256.Sum256(digest[:]) + ok := ecdsa.VerifyASN1(&priv.PublicKey, digestDigest[:], signature[:]) + if !ok { + t.Fatalf("failed to verify the signature with sha256 as well") + } + } } func BenchmarkECDSAKernelSign(b *testing.B) { - keyInKernel, digest, signature := kernelSetup(b) + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + b.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel, digest, signature := kernelSetup(priv) b.ResetTimer() for i := 0; i < b.N; i++ { - err := keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) + _, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) if err != nil { b.Fatalf("failed to sign the digest: %v", err) } @@ -39,16 +73,21 @@ func BenchmarkECDSAKernelSign(b *testing.B) { } func BenchmarkECDSAKernelVerify(b *testing.B) { - keyInKernel, digest, signature := kernelSetup(b) + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + b.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel, digest, signature := kernelSetup(priv) - err := keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) + n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) if err != nil { b.Fatalf("failed to sign the digest: %v", err) } b.ResetTimer() for i := 0; i < b.N; i++ { - err := keyInKernel.Verify(sha256pkcs1, digest[:], signature[:]) + err := keyInKernel.Verify(signInfo, digest[:], signature[:n]) if err != nil { b.Fatalf("failed to sign the digest: %v", err) } From c965c841fe4cfb1b2992976ab03408d0890e8aa5 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Tue, 30 Jul 2024 12:49:50 +0200 Subject: [PATCH 31/53] add sign-and-verify-in-kernel test --- WORK/launch.sh | 34 ++++++++++++++++++++++++++-------- zeta/ecdsa_bench/ecdsa_test.go | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 8 deletions(-) diff --git a/WORK/launch.sh b/WORK/launch.sh index dee1d8ee9c8b7..99ffa17ba302e 100755 --- a/WORK/launch.sh +++ b/WORK/launch.sh @@ -7,21 +7,39 @@ if [ "$name" = "" ]; then exit fi -# prepare home bin dir +# prepare path variables workdir="$(dirname -- "$0")" -workdir="$(cd -- "$workdir"; pwd)" +workdir="$( + cd -- "$workdir" + pwd +)" kerneldir="$(dirname -- "$workdir")" -rm -- "$workdir/virtme-home/bin/"* -ln -s "$kerneldir/zeta/rsa_bench/rsa" "$workdir/virtme-home/bin/rsa" -ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa" "$workdir/virtme-home/bin/ecdsa" -ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa.test" "$workdir/virtme-home/bin/ecdsa.test" +# build go code +pushd "$kerneldir/zeta/rsa_bench/" +go build -o rsa rsa.go +popd + +pushd "$kerneldir/zeta/ecdsa_bench/" +go build -o ecdsa ecdsa.go +go test -o ecdsa.test -c ecdsa*.go +popd + +# prepare home bin dir +pushd "$workdir/virtme-home/bin/" +rm -- * +ln -s "$kerneldir/zeta/rsa_bench/rsa" +ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa" +ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa.test" +popd mkdir -p "WORK/$name" -# using clang because that's what the clangd intros said i must do -make CC=clang -j 12 +# build and "deploy" kernel +make -j 16 /bin/cp arch/x86_64/boot/bzImage "WORK/$name" + +# run vm virtme-run \ --kimg "WORK/$name/bzImage" \ -a ignore_loglevel \ diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go index 19032acfb588a..498c59c61f663 100644 --- a/zeta/ecdsa_bench/ecdsa_test.go +++ b/zeta/ecdsa_bench/ecdsa_test.go @@ -55,6 +55,39 @@ func TestSignInKernelVerifyInGo(t *testing.T) { } } +func TestSignAndVerifyInKernel(t *testing.T) { + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + signature [72]byte + ) + + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + t.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel := loadKeyToKernel(priv) + + n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) + if err != nil { + t.Fatalf("failed to sign the digest: %v", err) + } + + fmt.Printf("got signature %x (len: %v, n: %v)\n", signature, len(signature), n) + fmt.Printf("got signature %x\n", signature[:n]) + + err = keyInKernel.Verify(signInfo, digest[:], signature[:n]) + if err != nil { + t.Logf("failed to verify the signature using pre-hashed: %v, trying with sha256...", err) + digestDigest := sha256.Sum256(digest[:]) + err = keyInKernel.Verify(signInfo, digestDigest[:], signature[:n]) + if err != nil { + t.Fatalf("failed to verify the signature with sha256 as well: %v", err) + } + } +} + func BenchmarkECDSAKernelSign(b *testing.B) { priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { From 379d480aa6e6fa76cb8e9465a1bbf1dc84758452 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 31 Jul 2024 11:13:26 +0200 Subject: [PATCH 32/53] clean up benchmark --- zeta/ecdsa_bench/ecdsa.go | 12 +++++------- zeta/ecdsa_bench/ecdsa_test.go | 25 ++++--------------------- 2 files changed, 9 insertions(+), 28 deletions(-) diff --git a/zeta/ecdsa_bench/ecdsa.go b/zeta/ecdsa_bench/ecdsa.go index 7f76f7a1e4ed0..ce88534ead021 100644 --- a/zeta/ecdsa_bench/ecdsa.go +++ b/zeta/ecdsa_bench/ecdsa.go @@ -8,8 +8,8 @@ import ( "crypto/sha256" "crypto/x509" "log" + "runtime" "syscall" - "time" "unsafe" ) @@ -70,8 +70,6 @@ func (key KeySerial) Sign(info, digest, signature []byte) (uint64, error) { uintptr(0), ) - time.Sleep(time.Second / 3) - if errno != 0 { return 0, errno } @@ -94,7 +92,6 @@ func (key KeySerial) Verify(info, digest, signature []byte) error { uintptr(unsafe.Pointer(&signature[0])), uintptr(0), ) - time.Sleep(time.Second / 3) if errno == 0 { return nil } @@ -113,12 +110,12 @@ func loadKeyToKernel(key crypto.PrivateKey) KeySerial { log.Fatalf("failed to load the private key into the keyring: %v", err) } - log.Printf("Loaded key of length %v to the kernel with ID: %v", len(pkcs8), serial) - return serial } func main() { + runtime.GOMAXPROCS(1) + var ( msg = []byte("hello world") digest = sha256.Sum256(msg) @@ -131,6 +128,7 @@ func main() { } keyInKernel := loadKeyToKernel(priv) + log.Printf("Loaded key to the kernel with ID: %v", keyInKernel) n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) if err != nil { @@ -144,7 +142,7 @@ func main() { } log.Printf("Valid signature from Kernel: %v", err == nil) - ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:]) + ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:n]) log.Printf("Valid signature from Go: %v", ok) if !ok { log.Fatalf("failed to verify the signature: %v", err) diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go index 498c59c61f663..62179ad8feaef 100644 --- a/zeta/ecdsa_bench/ecdsa_test.go +++ b/zeta/ecdsa_bench/ecdsa_test.go @@ -6,7 +6,6 @@ import ( "crypto/elliptic" "crypto/rand" "crypto/sha256" - "fmt" "testing" ) @@ -41,17 +40,9 @@ func TestSignInKernelVerifyInGo(t *testing.T) { t.Fatalf("failed to sign the digest: %v", err) } - fmt.Printf("got signature %x (len: %v, n: %v)\n", signature, len(signature), n) - fmt.Printf("got signature %x\n", signature[:n]) - ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:n]) if !ok { - t.Log("failed to verify the signature using pre-hashed, trying with sha256...") - digestDigest := sha256.Sum256(digest[:]) - ok := ecdsa.VerifyASN1(&priv.PublicKey, digestDigest[:], signature[:]) - if !ok { - t.Fatalf("failed to verify the signature with sha256 as well") - } + t.Fatalf("failed to verify the signature") } } @@ -74,17 +65,9 @@ func TestSignAndVerifyInKernel(t *testing.T) { t.Fatalf("failed to sign the digest: %v", err) } - fmt.Printf("got signature %x (len: %v, n: %v)\n", signature, len(signature), n) - fmt.Printf("got signature %x\n", signature[:n]) - err = keyInKernel.Verify(signInfo, digest[:], signature[:n]) if err != nil { - t.Logf("failed to verify the signature using pre-hashed: %v, trying with sha256...", err) - digestDigest := sha256.Sum256(digest[:]) - err = keyInKernel.Verify(signInfo, digestDigest[:], signature[:n]) - if err != nil { - t.Fatalf("failed to verify the signature with sha256 as well: %v", err) - } + t.Fatalf("failed to verify the signature: %v", err) } } @@ -122,7 +105,7 @@ func BenchmarkECDSAKernelVerify(b *testing.B) { for i := 0; i < b.N; i++ { err := keyInKernel.Verify(signInfo, digest[:], signature[:n]) if err != nil { - b.Fatalf("failed to sign the digest: %v", err) + b.Fatalf("failed to verify the signature: %v", err) } } } @@ -156,7 +139,7 @@ func BenchmarkECDSAGo(b *testing.B) { for i := 0; i < b.N; i++ { ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:]) if !ok { - b.Fatalf("failed to sign the digest: %v", err) + b.Fatalf("failed to verify the signature: %v", err) } } }) From df32c9f796621546cd4dc5947e7d063aaa560e14 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 31 Jul 2024 11:30:48 +0200 Subject: [PATCH 33/53] locking goroutines to os thread fixes permission denied errors --- zeta/ecdsa_bench/ecdsa.go | 2 +- zeta/ecdsa_bench/ecdsa_test.go | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/zeta/ecdsa_bench/ecdsa.go b/zeta/ecdsa_bench/ecdsa.go index ce88534ead021..40afadd64c19b 100644 --- a/zeta/ecdsa_bench/ecdsa.go +++ b/zeta/ecdsa_bench/ecdsa.go @@ -114,7 +114,7 @@ func loadKeyToKernel(key crypto.PrivateKey) KeySerial { } func main() { - runtime.GOMAXPROCS(1) + runtime.LockOSThread() var ( msg = []byte("hello world") diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go index 62179ad8feaef..f708477d38307 100644 --- a/zeta/ecdsa_bench/ecdsa_test.go +++ b/zeta/ecdsa_bench/ecdsa_test.go @@ -6,6 +6,7 @@ import ( "crypto/elliptic" "crypto/rand" "crypto/sha256" + "runtime" "testing" ) @@ -22,6 +23,8 @@ func kernelSetup(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { } func TestSignInKernelVerifyInGo(t *testing.T) { + runtime.LockOSThread() + var ( msg = []byte("hello world") digest = sha256.Sum256(msg) @@ -47,6 +50,8 @@ func TestSignInKernelVerifyInGo(t *testing.T) { } func TestSignAndVerifyInKernel(t *testing.T) { + runtime.LockOSThread() + var ( msg = []byte("hello world") digest = sha256.Sum256(msg) @@ -72,6 +77,8 @@ func TestSignAndVerifyInKernel(t *testing.T) { } func BenchmarkECDSAKernelSign(b *testing.B) { + runtime.LockOSThread() + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { b.Fatalf("failed to generate private key: %v", err) @@ -89,6 +96,8 @@ func BenchmarkECDSAKernelSign(b *testing.B) { } func BenchmarkECDSAKernelVerify(b *testing.B) { + runtime.LockOSThread() + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { b.Fatalf("failed to generate private key: %v", err) From 436cadeadac817f58cb5cc80c2e3a13c930a983f Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 31 Jul 2024 11:31:19 +0200 Subject: [PATCH 34/53] don't always start dmesg --- WORK/virtme-home/.bashrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/WORK/virtme-home/.bashrc b/WORK/virtme-home/.bashrc index e6e5da643d954..ba53d4d216474 100644 --- a/WORK/virtme-home/.bashrc +++ b/WORK/virtme-home/.bashrc @@ -1,3 +1,3 @@ -dmesg -w --since now & - export PATH=$PATH:$HOME/bin + +alias logcat='dmesg -w --since now' From 2c48fb064d97b7791663cbd6b15e1ffd65187f2d Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 31 Jul 2024 11:31:59 +0200 Subject: [PATCH 35/53] virtme launch script: don't ignore log levels --- WORK/launch.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/WORK/launch.sh b/WORK/launch.sh index 99ffa17ba302e..20fbe827aa6f6 100755 --- a/WORK/launch.sh +++ b/WORK/launch.sh @@ -42,6 +42,5 @@ make -j 16 # run vm virtme-run \ --kimg "WORK/$name/bzImage" \ - -a ignore_loglevel \ --rodir=/tmp/roothome=$(pwd)/WORK/virtme-home \ --pwd From 2588aabb0a8e04a428c8f2dca14caa2eb75a1498 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 31 Jul 2024 11:47:51 +0200 Subject: [PATCH 36/53] clean up debug prints --- WORK/virtme-home/bin/ecdsa | 1 - WORK/virtme-home/bin/ecdsa.test | 1 - WORK/virtme-home/bin/rsa | 1 - crypto/asymmetric_keys/signature.c | 5 ---- crypto/ecdsa.c | 8 ----- security/keys/compat.c | 1 - security/keys/key.c | 7 ----- security/keys/keyctl.c | 48 ------------------------------ security/keys/keyctl_pkey.c | 23 -------------- security/keys/permission.c | 10 ------- security/keys/process_keys.c | 28 +---------------- 11 files changed, 1 insertion(+), 132 deletions(-) delete mode 120000 WORK/virtme-home/bin/ecdsa delete mode 120000 WORK/virtme-home/bin/ecdsa.test delete mode 120000 WORK/virtme-home/bin/rsa diff --git a/WORK/virtme-home/bin/ecdsa b/WORK/virtme-home/bin/ecdsa deleted file mode 120000 index 911cfb824ff6a..0000000000000 --- a/WORK/virtme-home/bin/ecdsa +++ /dev/null @@ -1 +0,0 @@ -../../../zeta/ecdsa_bench/ecdsa \ No newline at end of file diff --git a/WORK/virtme-home/bin/ecdsa.test b/WORK/virtme-home/bin/ecdsa.test deleted file mode 120000 index 6d37784266025..0000000000000 --- a/WORK/virtme-home/bin/ecdsa.test +++ /dev/null @@ -1 +0,0 @@ -../../../zeta/ecdsa_bench/ecdsa.test \ No newline at end of file diff --git a/WORK/virtme-home/bin/rsa b/WORK/virtme-home/bin/rsa deleted file mode 120000 index dd9094c795d09..0000000000000 --- a/WORK/virtme-home/bin/rsa +++ /dev/null @@ -1 +0,0 @@ -../../../zeta/rsa_bench/rsa \ No newline at end of file diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c index 2a636bb495f42..2deff81f8af50 100644 --- a/crypto/asymmetric_keys/signature.c +++ b/crypto/asymmetric_keys/signature.c @@ -42,23 +42,18 @@ EXPORT_SYMBOL_GPL(public_key_signature_free); int query_asymmetric_key(const struct kernel_pkey_params *params, struct kernel_pkey_query *info) { - printk("in query_asymmetric_key\n"); const struct asymmetric_key_subtype *subtype; struct key *key = params->key; int ret; pr_devel("==>%s()\n", __func__); - printk(" is asymmetric key type? %d\n", key->type == &key_type_asymmetric); if (key->type != &key_type_asymmetric) return -EINVAL; subtype = asymmetric_key_subtype(key); - printk(" subtype ptr: %p\n", subtype); - printk(" payload.data[0]: %p\n", key->payload.data[0]); if (!subtype || !key->payload.data[0]) return -EINVAL; - printk(" subtype name: %s\n", subtype->name); if (!subtype->query) return -ENOTSUPP; diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index 4497614d8b770..7c13f9f48412f 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -355,8 +355,6 @@ static int asn1_encode_signature_sg(struct akcipher_request *req, needed++; if (req->dst_len < needed) { - printk("dst_len is less than needed: %i < %lu", req->dst_len, - needed); req->dst_len = needed; return -EOVERFLOW; } @@ -415,7 +413,6 @@ static int asn1_encode_signature_sg(struct akcipher_request *req, static int ecdsa_sign(struct akcipher_request *req) { - printk("in ecdsa_sign\n"); struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); size_t keylen = ctx->curve->g.ndigits << ECC_DIGITS_TO_BYTES_SHIFT; @@ -445,7 +442,6 @@ static int ecdsa_sign(struct akcipher_request *req) if (IS_ERR(rng)) return PTR_ERR(rng); - printk(" curve name: %s\n", ctx->curve->name); if (strncmp(ctx->curve->name, "nist_256", 8) == 0) { u8 private_key[32]; u8 signature[64]; @@ -460,7 +456,6 @@ static int ecdsa_sign(struct akcipher_request *req) do { if (Hacl_P256_ecdsa_sign_p256_without_hash(signature, req->dst_len, rawhash_k, private_key, nonce)) { - printk(" calling Hacl_P256_ecdsa_sign_p256_without_hash\n"); ret = 0; } else { ret = -EAGAIN; @@ -528,7 +523,6 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx) */ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { - printk("ecdsa_set_pub_key: enter fun"); struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); const unsigned char *d = key; const u64 *digits = (const u64 *)&d[1]; @@ -604,8 +598,6 @@ int ecc_get_priv_params(void *context, size_t hdrlen, unsigned char tag, { struct ecc_ctx *ctx = context; - printk("getting priv params %zu\n", vlen); - switch (look_up_OID(value, vlen)) { case OID_id_prime192v1: return (ctx->curve_id == ECC_CURVE_NIST_P192) ? 0 : -EINVAL; diff --git a/security/keys/compat.c b/security/keys/compat.c index 3aee2b0381336..1545efdca5622 100644 --- a/security/keys/compat.c +++ b/security/keys/compat.c @@ -17,7 +17,6 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option, u32, arg2, u32, arg3, u32, arg4, u32, arg5) { - printk(KERN_EMERG "at the keyctl syscall 32 entrypoint"); switch (option) { case KEYCTL_GET_KEYRING_ID: return keyctl_get_keyring_ID(arg2, arg3); diff --git a/security/keys/key.c b/security/keys/key.c index b4a834be5758f..5c0c7df833f8a 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -918,13 +918,6 @@ static key_ref_t __key_create_or_update(key_ref_t keyring_ref, perm |= KEY_POS_WRITE; } - - - /* - * XXX(keks): This is where we start building the key! - * - * */ - /* allocate a new key */ key = key_alloc(index_key.type, index_key.description, cred->fsuid, cred->fsgid, cred, perm, flags, NULL); diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 297ac0850835b..19be69fa4d052 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -21,7 +21,6 @@ #include #include #include -#include #include #include "internal.h" @@ -78,9 +77,6 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, size_t, plen, key_serial_t, ringid) { - printk(KERN_EMERG "at the add_key syscall entrypoint"); - - key_ref_t keyring_ref, key_ref; char type[32], *description; void *payload; @@ -133,8 +129,6 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, goto error3; } - printk("got the user keyring\n"); - /* create or update the requested key and add it to the target * keyring */ key_ref = key_create_or_update(keyring_ref, type, description, @@ -148,45 +142,6 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, ret = PTR_ERR(key_ref); } - /* */ - struct public_key_signature; - struct asymmetric_key_subtype { - struct module *owner; - const char *name; - unsigned short name_len; /* length of name */ - - /* Describe a key of this subtype for /proc/keys */ - void (*describe)(const struct key *key, struct seq_file *m); - - /* Destroy a key of this subtype */ - void (*destroy)(void *payload_crypto, void *payload_auth); - - int (*query)(const struct kernel_pkey_params *params, - struct kernel_pkey_query *info); - - /* Encrypt/decrypt/sign data */ - int (*eds_op)(struct kernel_pkey_params *params, - const void *in, void *out); - - /* Verify the signature on a key of this subtype (optional) */ - int (*verify_signature)(const struct key *key, - const struct public_key_signature *sig); - }; - - struct key *key; - struct public_key *public_key; - struct asymmetric_key_subtype *asym_subtype; - key = key_ref_to_ptr(key_ref); - printk(" key.type.name: %s\n", key->type->name); - public_key = key->payload.data[0]; - asym_subtype = key->payload.data[1]; - printk(" (key as asym).name: %s\n", asym_subtype->name); /*1 is asym_subtype*/ - printk(" (key as asym as public_key) is private? %d\n", public_key->key_is_private); - printk(" (key as asym as public_key).algo_oid %d\n", public_key->algo); - printk(" (key as asym as public_key).keylen %u\n", public_key->keylen); - - /* */ - key_ref_put(keyring_ref); error3: kvfree_sensitive(payload, plen); @@ -1919,7 +1874,6 @@ long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen) SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, unsigned long, arg4, unsigned long, arg5) { - printk(KERN_EMERG "at the keyctl syscall 64 entrypoint"); switch (option) { case KEYCTL_GET_KEYRING_ID: return keyctl_get_keyring_ID((key_serial_t) arg2, @@ -2040,8 +1994,6 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, case KEYCTL_PKEY_ENCRYPT: case KEYCTL_PKEY_DECRYPT: case KEYCTL_PKEY_SIGN: - printk(KERN_EMERG "calling keyctl_pkey_e_d_s..."); - return keyctl_pkey_e_d_s( option, (const struct keyctl_pkey_params __user *)arg2, diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index b5363d1e244bb..97bc27bbf0797 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -79,7 +79,6 @@ static int keyctl_pkey_params_get(key_serial_t id, const char __user *_info, struct kernel_pkey_params *params) { - printk("in keyctl_pkey_params_get\n"); key_ref_t key_ref; void *p; int ret; @@ -87,18 +86,15 @@ static int keyctl_pkey_params_get(key_serial_t id, memset(params, 0, sizeof(*params)); params->encoding = "raw"; - printk("calling strndup_user\n"); p = strndup_user(_info, PAGE_SIZE); if (IS_ERR(p)) return PTR_ERR(p); params->info = p; - printk("calling keyctl_pkey_params_parse\n"); ret = keyctl_pkey_params_parse(params); if (ret < 0) return ret; - printk("calling lookup_user_key\n"); key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); if (IS_ERR(key_ref)) return PTR_ERR(key_ref); @@ -119,8 +115,6 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par int op, struct kernel_pkey_params *params) { - printk("in keyctl_pkey_params_get_2\n"); - struct keyctl_pkey_params uparams; struct kernel_pkey_query info; int ret; @@ -128,31 +122,17 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par memset(params, 0, sizeof(*params)); params->encoding = "raw"; - printk("calling copy_from_user... \n"); if (copy_from_user(&uparams, _params, sizeof(uparams)) != 0) return -EFAULT; - printk("calling keyctl_pkey_params_get... \n"); ret = keyctl_pkey_params_get(uparams.key_id, _info, params); if (ret < 0) return ret; - printk(" got params:"); - printk(" encoding: %s", params->encoding); - printk(" hash_algo: %s", params->hash_algo); - printk(" info: %s", params->info); - printk(" in_len: %i", params->in_len); - printk(" key.type.name: %s", params->key->type->name); - - printk("calling asym_query... \n"); ret = params->key->type->asym_query(params, &info); if (ret < 0) return ret; - printk("op is %i \n", op); - printk("in len check: %i > %i \n", uparams.in_len, info.max_data_size); - printk("out len check: %i > %i \n", uparams.out_len, info.max_sig_size); - switch (op) { case KEYCTL_PKEY_ENCRYPT: if (uparams.in_len > info.max_dec_size || @@ -235,7 +215,6 @@ long keyctl_pkey_e_d_s(int op, const void __user *_in, void __user *_out) { - printk(KERN_EMERG "at the keyctl_pkey_e_d_s entrypoint"); struct kernel_pkey_params params; void *in, *out; long ret; @@ -273,8 +252,6 @@ long keyctl_pkey_e_d_s(int op, if (!out) goto error_in; - printk(KERN_WARNING "trying to sign"); - ret = params.key->type->asym_eds_op(¶ms, in, out); if (ret < 0) goto error_out; diff --git a/security/keys/permission.c b/security/keys/permission.c index 9352bc718201e..4a61f804e80f6 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -32,14 +32,12 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, switch (need_perm) { default: - printk("returning access denied at the very start\n"); WARN_ON(1); return -EACCES; case KEY_NEED_UNLINK: case KEY_SYSADMIN_OVERRIDE: case KEY_AUTHTOKEN_OVERRIDE: case KEY_DEFER_PERM_CHECK: - printk("goto lsm\n"); goto lsm; case KEY_NEED_VIEW: mask = KEY_OTH_VIEW; break; @@ -50,13 +48,10 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, case KEY_NEED_SETATTR: mask = KEY_OTH_SETATTR; break; } - printk("left switch\n"); - key = key_ref_to_ptr(key_ref); /* use the second 8-bits of permissions for keys the caller owns */ if (uid_eq(key->uid, cred->fsuid)) { - printk("goto use these perms 1\n"); kperm = key->perm >> 16; goto use_these_perms; } @@ -65,14 +60,12 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, * membership in common with */ if (gid_valid(key->gid) && key->perm & KEY_GRP_ALL) { if (gid_eq(key->gid, cred->fsgid)) { - printk("goto use these perms 2\n"); kperm = key->perm >> 8; goto use_these_perms; } ret = groups_search(cred->group_info, key->gid); if (ret) { - printk("goto use these perms 3\n"); kperm = key->perm >> 8; goto use_these_perms; } @@ -89,9 +82,6 @@ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, if (is_key_possessed(key_ref)) kperm |= key->perm >> 24; - printk("kperm %x\n", kperm); - printk(" mask %x\n", mask); - printk(" and %x\n", kperm & mask); if ((kperm & mask) != mask) return -EACCES; diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index bd5ca5791866b..b5d5333ab3300 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -611,8 +611,6 @@ bool lookup_user_key_possessed(const struct key *key, key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, enum key_need_perm need_perm) { - printk("at the keyctl lookup_user_key entrypoint\n"); - struct keyring_search_context ctx = { .match_data.cmp = lookup_user_key_possessed, .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, @@ -625,13 +623,11 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, int ret; try_again: - printk("at the try_again label in lookup_user_key with id=%d\n", id); ctx.cred = get_current_cred(); key_ref = ERR_PTR(-ENOKEY); switch (id) { case KEY_SPEC_THREAD_KEYRING: - printk("in switch branch KEY_SPEC_THREAD_KEYRING\n"); if (!ctx.cred->thread_keyring) { if (!(lflags & KEY_LOOKUP_CREATE)) goto error; @@ -650,7 +646,6 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_PROCESS_KEYRING: - printk("in switch branch KEY_SPEC_PROCESS_KEYRING\n"); if (!ctx.cred->process_keyring) { if (!(lflags & KEY_LOOKUP_CREATE)) goto error; @@ -669,7 +664,6 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_SESSION_KEYRING: - printk("in switch branch KEY_SPEC_SESSION_KEYRING\n"); if (!ctx.cred->session_keyring) { /* always install a session keyring upon access if one * doesn't exist yet */ @@ -700,7 +694,6 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_USER_KEYRING: - printk("in switch branch KEY_SPEC_USER_KEYRING\n"); ret = look_up_user_keyrings(&key, NULL); if (ret < 0) goto error; @@ -708,7 +701,6 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_USER_SESSION_KEYRING: - printk("in switch branch KEY_SPEC_USER_SESSION_KEYRING\n"); ret = look_up_user_keyrings(NULL, &key); if (ret < 0) goto error; @@ -716,13 +708,11 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_GROUP_KEYRING: - printk("in switch branch KEY_SPEC_GROUP_KEYRING\n"); /* group keyrings are not yet supported */ key_ref = ERR_PTR(-EINVAL); goto error; case KEY_SPEC_REQKEY_AUTH_KEY: - printk("in switch branch KEY_SPEC_REQKEY_AUTH_KEYRING\n"); key = ctx.cred->request_key_auth; if (!key) goto error; @@ -732,7 +722,6 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; case KEY_SPEC_REQUESTOR_KEYRING: - printk("in switch branch KEY_SPEC_REQUESTOR_KEYRING\n"); if (!ctx.cred->request_key_auth) goto error; @@ -753,15 +742,12 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; default: - printk("in default switch branch, setting key_ref to EINVAL\n"); key_ref = ERR_PTR(-EINVAL); if (id < 1) goto error; - printk("calling key_lookup\n"); key = key_lookup(id); if (IS_ERR(key)) { - printk("key_lookup failed with code %li\n", PTR_ERR(key)); key_ref = ERR_CAST(key); goto error; } @@ -785,14 +771,10 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; } - kdebug("left switch happy"); - /* unlink does not use the nominated key in any way, so can skip all * the permission checks as it is only concerned with the keyring */ if (need_perm != KEY_NEED_UNLINK) { - printk("need_perm != KEY_NEED_UNLINK\n"); if (!(lflags & KEY_LOOKUP_PARTIAL)) { - printk("!(lflags & KEY_LOOKUP_PARTIAL)\n"); ret = wait_for_key_construction(key, true); switch (ret) { case -ERESTARTSYS: @@ -806,7 +788,6 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, break; } } else if (need_perm != KEY_DEFER_PERM_CHECK) { - printk("lflags & KEY_LOOKUP_PARTIAL\n"); ret = key_validate(key); if (ret < 0) goto invalid_key; @@ -814,28 +795,22 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, ret = -EIO; if (!(lflags & KEY_LOOKUP_PARTIAL) && - key_read_state(key) == KEY_IS_UNINSTANTIATED) { - printk("not partial lookup and key uninstantiated. goto invalid_key\n"); + key_read_state(key) == KEY_IS_UNINSTANTIATED) goto invalid_key; - } } - printk("after need unlink branch\n"); /* check the permissions */ ret = key_task_permission(key_ref, ctx.cred, need_perm); - printk("key taks permissions: %i -- shoult be >= 0\n", ret); if (ret < 0) goto invalid_key; key->last_used_at = ktime_get_real_seconds(); error: - printk("at label `error`, returning\n"); put_cred(ctx.cred); return key_ref; invalid_key: - printk("at label `invalid_key`, going to error\n"); key_ref_put(key_ref); key_ref = ERR_PTR(ret); goto error; @@ -843,7 +818,6 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, /* if we attempted to install a keyring, then it may have caused new * creds to be installed */ reget_creds: - printk("at label `reget_creds`, going to try_again\n"); put_cred(ctx.cred); goto try_again; } From 3cd7d1171a52c1d098c5cb02f6c1a1f61dc55c12 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 31 Jul 2024 13:50:13 +0200 Subject: [PATCH 37/53] add code for testing (non-hacl) kernel ecdsa-p384 --- zeta/ecdsa_bench/ecdsa_test.go | 66 +++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 5 deletions(-) diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go index f708477d38307..8949dc00f840c 100644 --- a/zeta/ecdsa_bench/ecdsa_test.go +++ b/zeta/ecdsa_bench/ecdsa_test.go @@ -9,8 +9,9 @@ import ( "runtime" "testing" ) +var signInfo384 = []byte("enc=x962 hash=sha384\x00") -func kernelSetup(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { +func kernelSetup256(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { var ( msg = []byte("hello world") digest = sha256.Sum256(msg) @@ -22,6 +23,18 @@ func kernelSetup(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { return keyInKernel, digest[:], signature[:] } +func kernelSetup384(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + signature [256]byte + ) + + keyInKernel := loadKeyToKernel(priv) + + return keyInKernel, digest[:], signature[:] +} + func TestSignInKernelVerifyInGo(t *testing.T) { runtime.LockOSThread() @@ -76,7 +89,50 @@ func TestSignAndVerifyInKernel(t *testing.T) { } } -func BenchmarkECDSAKernelSign(b *testing.B) { +func BenchmarkECDSAP384KernelSign(b *testing.B) { + runtime.LockOSThread() + + priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + if err != nil { + b.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel, digest, signature := kernelSetup384(priv) + + b.ResetTimer() + for i := 0; i < b.N; i++ { + _, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } +} + +func BenchmarkECDSAP384KernelVerify(b *testing.B) { + runtime.LockOSThread() + + priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + if err != nil { + b.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel, digest, signature := kernelSetup384(priv) + + n, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + err := keyInKernel.Verify(signInfo, digest[:], signature[:n]) + if err != nil { + b.Fatalf("failed to verify the signature: %v", err) + } + } +} + +func BenchmarkECDSAP256KernelSign(b *testing.B) { runtime.LockOSThread() priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) @@ -84,7 +140,7 @@ func BenchmarkECDSAKernelSign(b *testing.B) { b.Fatalf("failed to generate private key: %v", err) } - keyInKernel, digest, signature := kernelSetup(priv) + keyInKernel, digest, signature := kernelSetup256(priv) b.ResetTimer() for i := 0; i < b.N; i++ { @@ -95,7 +151,7 @@ func BenchmarkECDSAKernelSign(b *testing.B) { } } -func BenchmarkECDSAKernelVerify(b *testing.B) { +func BenchmarkECDSAP256KernelVerify(b *testing.B) { runtime.LockOSThread() priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) @@ -103,7 +159,7 @@ func BenchmarkECDSAKernelVerify(b *testing.B) { b.Fatalf("failed to generate private key: %v", err) } - keyInKernel, digest, signature := kernelSetup(priv) + keyInKernel, digest, signature := kernelSetup256(priv) n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) if err != nil { From b9dc949f88f7d96da9e71dc41686f74a3e3bb7e2 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 31 Jul 2024 16:57:50 +0200 Subject: [PATCH 38/53] add broken ecdsa p-384 benchmark --- zeta/ecdsa_bench/ecdsa_test.go | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go index 8949dc00f840c..85d32cc443f34 100644 --- a/zeta/ecdsa_bench/ecdsa_test.go +++ b/zeta/ecdsa_bench/ecdsa_test.go @@ -6,10 +6,12 @@ import ( "crypto/elliptic" "crypto/rand" "crypto/sha256" + "crypto/sha512" "runtime" "testing" ) -var signInfo384 = []byte("enc=x962 hash=sha384\x00") + +var signInfo384 = []byte("enc=x962 hash=sha384\x00") func kernelSetup256(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { var ( @@ -35,6 +37,33 @@ func kernelSetup384(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { return keyInKernel, digest[:], signature[:] } +func TestSign384InKernelVerifyInGo(t *testing.T) { + runtime.LockOSThread() + + var ( + msg = []byte("hello world") + digest = sha512.Sum384(msg) + signature [256]byte + ) + + priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + if err != nil { + t.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel := loadKeyToKernel(priv) + + n, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) + if err != nil { + t.Fatalf("failed to sign the digest: %v", err) + } + + ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:n]) + if !ok { + t.Fatalf("failed to verify the signature") + } +} + func TestSignInKernelVerifyInGo(t *testing.T) { runtime.LockOSThread() @@ -125,7 +154,7 @@ func BenchmarkECDSAP384KernelVerify(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - err := keyInKernel.Verify(signInfo, digest[:], signature[:n]) + err := keyInKernel.Verify(signInfo384, digest[:], signature[:n]) if err != nil { b.Fatalf("failed to verify the signature: %v", err) } From af9c01798a5edb9fcf5a04bc37e2053d978e03e4 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 31 Jul 2024 17:22:55 +0200 Subject: [PATCH 39/53] add test for signing with ecdsa p384 --- zeta/ecdsa_bench/ecdsa.go | 2 +- zeta/ecdsa_bench/ecdsa_test.go | 28 +++++++++++++++++----------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/zeta/ecdsa_bench/ecdsa.go b/zeta/ecdsa_bench/ecdsa.go index 40afadd64c19b..42d1ef0770f40 100644 --- a/zeta/ecdsa_bench/ecdsa.go +++ b/zeta/ecdsa_bench/ecdsa.go @@ -128,7 +128,7 @@ func main() { } keyInKernel := loadKeyToKernel(priv) - log.Printf("Loaded key to the kernel with ID: %v", keyInKernel) + log.Printf("Loaded key to the kernel with ID: %v", keyInKernel) n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) if err != nil { diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go index 85d32cc443f34..cca03f1ce8cb0 100644 --- a/zeta/ecdsa_bench/ecdsa_test.go +++ b/zeta/ecdsa_bench/ecdsa_test.go @@ -7,6 +7,8 @@ import ( "crypto/rand" "crypto/sha256" "crypto/sha512" + "crypto/x509" + "encoding/base64" "runtime" "testing" ) @@ -25,33 +27,37 @@ func kernelSetup256(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { return keyInKernel, digest[:], signature[:] } -func kernelSetup384(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { +func kernelSetup384(tb testing.TB, priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { var ( msg = []byte("hello world") - digest = sha256.Sum256(msg) + digest = sha512.Sum384(msg) signature [256]byte ) keyInKernel := loadKeyToKernel(priv) + // begin debug info + pkcs8, err := x509.MarshalPKCS8PrivateKey(priv) + if err != nil { + tb.Fatalf("failed to serialize the private key to PKCS8 blob: %v", err) + } + tb.Log("added key:") + tb.Logf(" base64: %s\n", base64.StdEncoding.EncodeToString(pkcs8)) + tb.Logf(" hex: %x\n", pkcs8) + // end debug info + return keyInKernel, digest[:], signature[:] } func TestSign384InKernelVerifyInGo(t *testing.T) { runtime.LockOSThread() - var ( - msg = []byte("hello world") - digest = sha512.Sum384(msg) - signature [256]byte - ) - priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) if err != nil { t.Fatalf("failed to generate private key: %v", err) } - keyInKernel := loadKeyToKernel(priv) + keyInKernel, digest, signature := kernelSetup384(t, priv) n, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) if err != nil { @@ -126,7 +132,7 @@ func BenchmarkECDSAP384KernelSign(b *testing.B) { b.Fatalf("failed to generate private key: %v", err) } - keyInKernel, digest, signature := kernelSetup384(priv) + keyInKernel, digest, signature := kernelSetup384(b, priv) b.ResetTimer() for i := 0; i < b.N; i++ { @@ -145,7 +151,7 @@ func BenchmarkECDSAP384KernelVerify(b *testing.B) { b.Fatalf("failed to generate private key: %v", err) } - keyInKernel, digest, signature := kernelSetup384(priv) + keyInKernel, digest, signature := kernelSetup384(b, priv) n, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) if err != nil { From cdb76b1a7964bdec8f42c5a36142db009a52ec92 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Tue, 10 Sep 2024 14:53:41 +0200 Subject: [PATCH 40/53] add first draft of hacl ecdsa P384 --- crypto/Hacl_P384.c | 1497 ++++++++++++++++++++++++++++++++++++++++++++ crypto/Hacl_P384.h | 186 ++++++ crypto/ecdsa.c | 26 + 3 files changed, 1709 insertions(+) create mode 100644 crypto/Hacl_P384.c create mode 100644 crypto/Hacl_P384.h diff --git a/crypto/Hacl_P384.c b/crypto/Hacl_P384.c new file mode 100644 index 0000000000000..2181366e9e272 --- /dev/null +++ b/crypto/Hacl_P384.c @@ -0,0 +1,1497 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "Hacl_P384.h" + +static inline uint64_t bn_is_eq_mask(uint64_t *x, uint64_t *y) +{ + uint64_t mask = (uint64_t)0xFFFFFFFFFFFFFFFFU; + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, + uint64_t uu____0 = FStar_UInt64_eq_mask(x[i], y[i]); + mask = uu____0 & mask;); + uint64_t mask1 = mask; + return mask1; +} + +static inline void bn_cmovznz(uint64_t *a, uint64_t b, uint64_t *c, uint64_t *d) +{ + uint64_t mask = ~FStar_UInt64_eq_mask(b, (uint64_t)0U); + KRML_MAYBE_FOR6( + i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, uint64_t *os = a; + uint64_t uu____0 = c[i]; + uint64_t x = uu____0 ^ (mask & (d[i] ^ uu____0)); os[i] = x;); +} + +static inline void bn_add_mod(uint64_t *a, uint64_t *b, uint64_t *c, + uint64_t *d) +{ + uint64_t c10 = (uint64_t)0U; + { + uint64_t t1 = c[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = d[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = a + (uint32_t)4U * (uint32_t)0U; + c10 = Lib_IntTypes_Intrinsics_add_carry_u64(c10, t1, t20, + res_i0); + uint64_t t10 = c[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = d[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = + a + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c10 = Lib_IntTypes_Intrinsics_add_carry_u64(c10, t10, t21, + res_i1); + uint64_t t11 = c[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = d[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = + a + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c10 = Lib_IntTypes_Intrinsics_add_carry_u64(c10, t11, t22, + res_i2); + uint64_t t12 = c[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = d[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = + a + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c10 = Lib_IntTypes_Intrinsics_add_carry_u64(c10, t12, t2, + res_i); + } + KRML_MAYBE_FOR2(i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, + uint64_t t1 = c[i]; + uint64_t t2 = d[i]; uint64_t *res_i = a + i; + c10 = Lib_IntTypes_Intrinsics_add_carry_u64(c10, t1, t2, + res_i);); + uint64_t c0 = c10; + uint64_t tmp[6U] = { 0U }; + uint64_t c1 = (uint64_t)0U; + { + uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t20, + res_i0); + uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t10, t21, + res_i1); + uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t11, t22, + res_i2); + uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t12, t2, res_i); + } + KRML_MAYBE_FOR2(i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, + uint64_t t1 = a[i]; + uint64_t t2 = b[i]; uint64_t *res_i = tmp + i; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t2, + res_i);); + uint64_t c11 = c1; + uint64_t c2 = c0 - c11; + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, + uint64_t *os = a; + uint64_t x = (c2 & a[i]) | (~c2 & tmp[i]); os[i] = x;); +} + +static inline uint64_t bn_sub(uint64_t *a, uint64_t *b, uint64_t *c) +{ + uint64_t c1 = (uint64_t)0U; + { + uint64_t t1 = b[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = c[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = a + (uint32_t)4U * (uint32_t)0U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t20, + res_i0); + uint64_t t10 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = c[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = + a + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t10, t21, + res_i1); + uint64_t t11 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = c[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = + a + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t11, t22, + res_i2); + uint64_t t12 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = c[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = + a + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t12, t2, res_i); + } + KRML_MAYBE_FOR2(i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, + uint64_t t1 = b[i]; + uint64_t t2 = c[i]; uint64_t *res_i = a + i; + c1 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c1, t1, t2, + res_i);); + uint64_t c10 = c1; + return c10; +} + +static inline void bn_sub_mod(uint64_t *a, uint64_t *b, uint64_t *c, + uint64_t *d) +{ + uint64_t c10 = (uint64_t)0U; + { + uint64_t t1 = c[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = d[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = a + (uint32_t)4U * (uint32_t)0U; + c10 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c10, t1, t20, + res_i0); + uint64_t t10 = c[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = d[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = + a + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c10 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c10, t10, t21, + res_i1); + uint64_t t11 = c[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = d[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = + a + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c10 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c10, t11, t22, + res_i2); + uint64_t t12 = c[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = d[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = + a + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c10 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c10, t12, t2, + res_i); + } + KRML_MAYBE_FOR2( + i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, uint64_t t1 = c[i]; + uint64_t t2 = d[i]; uint64_t *res_i = a + i; + c10 = Lib_IntTypes_Intrinsics_sub_borrow_u64(c10, t1, t2, + res_i);); + uint64_t c0 = c10; + uint64_t tmp[6U] = { 0U }; + uint64_t c1 = (uint64_t)0U; + { + uint64_t t1 = a[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = b[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U; + c1 = Lib_IntTypes_Intrinsics_add_carry_u64(c1, t1, t20, res_i0); + uint64_t t10 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c1 = Lib_IntTypes_Intrinsics_add_carry_u64(c1, t10, t21, + res_i1); + uint64_t t11 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c1 = Lib_IntTypes_Intrinsics_add_carry_u64(c1, t11, t22, + res_i2); + uint64_t t12 = a[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c1 = Lib_IntTypes_Intrinsics_add_carry_u64(c1, t12, t2, res_i); + } + KRML_MAYBE_FOR2( + i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, uint64_t t1 = a[i]; + uint64_t t2 = b[i]; uint64_t *res_i = tmp + i; + c1 = Lib_IntTypes_Intrinsics_add_carry_u64(c1, t1, t2, res_i);); + uint64_t c11 = c1; + KRML_HOST_IGNORE(c11); + uint64_t c2 = (uint64_t)0U - c0; + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, + uint64_t *os = a; + uint64_t x = (c2 & tmp[i]) | (~c2 & a[i]); os[i] = x;); +} + +static inline void bn_mul(uint64_t *a, uint64_t *b, uint64_t *c) +{ + memset(a, 0U, (uint32_t)12U * sizeof(uint64_t)); + KRML_MAYBE_FOR6( + i0, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, + uint64_t bj = c[i0]; + uint64_t *res_j = a + i0; uint64_t c1 = (uint64_t)0U; { + uint64_t a_i = b[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = res_j + (uint32_t)4U * (uint32_t)0U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, bj, c1, + res_i0); + uint64_t a_i0 = + b[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = res_j + (uint32_t)4U * (uint32_t)0U + + (uint32_t)1U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, bj, c1, + res_i1); + uint64_t a_i1 = + b[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = res_j + (uint32_t)4U * (uint32_t)0U + + (uint32_t)2U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, bj, c1, + res_i2); + uint64_t a_i2 = + b[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = res_j + (uint32_t)4U * (uint32_t)0U + + (uint32_t)3U; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, bj, c1, + res_i); + } KRML_MAYBE_FOR2(i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, + uint64_t a_i = b[i]; + uint64_t *res_i = res_j + i; + c1 = Hacl_Bignum_Base_mul_wide_add2_u64( + a_i, bj, c1, res_i);); + uint64_t r = c1; a[(uint32_t)6U + i0] = r;); +} + +static inline void bn_sqr(uint64_t *a, uint64_t *b) +{ + memset(a, 0U, (uint32_t)12U * sizeof(uint64_t)); + KRML_MAYBE_FOR6( + i0, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, uint64_t *ab = b; + uint64_t a_j = b[i0]; uint64_t *res_j = a + i0; + uint64_t c = (uint64_t)0U; + for (uint32_t i = (uint32_t)0U; i < i0 / (uint32_t)4U; i++) { + uint64_t a_i = ab[(uint32_t)4U * i]; + uint64_t *res_i0 = res_j + (uint32_t)4U * i; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, + res_i0); + uint64_t a_i0 = ab[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t *res_i1 = + res_j + (uint32_t)4U * i + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, a_j, c, + res_i1); + uint64_t a_i1 = ab[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t *res_i2 = + res_j + (uint32_t)4U * i + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, a_j, c, + res_i2); + uint64_t a_i2 = ab[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t *res_i = + res_j + (uint32_t)4U * i + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, a_j, c, + res_i); + } for (uint32_t i = i0 / (uint32_t)4U * (uint32_t)4U; i < i0; + i++) { + uint64_t a_i = ab[i]; + uint64_t *res_i = res_j + i; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, a_j, c, + res_i); + } uint64_t r = c; + a[i0 + i0] = r;); + uint64_t c0 = + Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)12U, a, a, a); + KRML_HOST_IGNORE(c0); + uint64_t tmp[12U] = { 0U }; + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, + FStar_UInt128_uint128 res = + FStar_UInt128_mul_wide(b[i], b[i]); + uint64_t hi = FStar_UInt128_uint128_to_uint64( + FStar_UInt128_shift_right(res, (uint32_t)64U)); + uint64_t lo = FStar_UInt128_uint128_to_uint64(res); + tmp[(uint32_t)2U * i] = lo; + tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;); + uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)12U, a, + tmp, a); + KRML_HOST_IGNORE(c1); +} + +static inline void bn_to_bytes_be(uint8_t *a, uint64_t *b) +{ + uint8_t tmp[48U] = { 0U }; + KRML_HOST_IGNORE(tmp); + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, + store64_be(a + i * (uint32_t)8U, + b[(uint32_t)6U - i - (uint32_t)1U]);); +} + +static inline void bn_from_bytes_be(uint64_t *a, uint8_t *b) +{ + KRML_MAYBE_FOR6( + i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, uint64_t *os = a; + uint64_t u = load64_be(b + ((uint32_t)6U - i - (uint32_t)1U) * + (uint32_t)8U); + uint64_t x = u; os[i] = x;); +} + +static inline void p384_make_prime(uint64_t *n) +{ + n[0U] = (uint64_t)0x00000000ffffffffU; + n[1U] = (uint64_t)0xffffffff00000000U; + n[2U] = (uint64_t)0xfffffffffffffffeU; + n[3U] = (uint64_t)0xffffffffffffffffU; + n[4U] = (uint64_t)0xffffffffffffffffU; + n[5U] = (uint64_t)0xffffffffffffffffU; +} + +static inline void p384_make_order(uint64_t *n) +{ + n[0U] = (uint64_t)0xecec196accc52973U; + n[1U] = (uint64_t)0x581a0db248b0a77aU; + n[2U] = (uint64_t)0xc7634d81f4372ddfU; + n[3U] = (uint64_t)0xffffffffffffffffU; + n[4U] = (uint64_t)0xffffffffffffffffU; + n[5U] = (uint64_t)0xffffffffffffffffU; +} + +static inline void p384_make_a_coeff(uint64_t *a) +{ + a[0U] = (uint64_t)0x00000003fffffffcU; + a[1U] = (uint64_t)0xfffffffc00000000U; + a[2U] = (uint64_t)0xfffffffffffffffbU; + a[3U] = (uint64_t)0xffffffffffffffffU; + a[4U] = (uint64_t)0xffffffffffffffffU; + a[5U] = (uint64_t)0xffffffffffffffffU; +} + +static inline void p384_make_b_coeff(uint64_t *b) +{ + b[0U] = (uint64_t)0x081188719d412dccU; + b[1U] = (uint64_t)0xf729add87a4c32ecU; + b[2U] = (uint64_t)0x77f2209b1920022eU; + b[3U] = (uint64_t)0xe3374bee94938ae2U; + b[4U] = (uint64_t)0xb62b21f41f022094U; + b[5U] = (uint64_t)0xcd08114b604fbff9U; +} + +static inline void p384_make_g_x(uint64_t *n) +{ + n[0U] = (uint64_t)0x3dd0756649c0b528U; + n[1U] = (uint64_t)0x20e378e2a0d6ce38U; + n[2U] = (uint64_t)0x879c3afc541b4d6eU; + n[3U] = (uint64_t)0x6454868459a30effU; + n[4U] = (uint64_t)0x812ff723614ede2bU; + n[5U] = (uint64_t)0x4d3aadc2299e1513U; +} + +static inline void p384_make_g_y(uint64_t *n) +{ + n[0U] = (uint64_t)0x23043dad4b03a4feU; + n[1U] = (uint64_t)0xa1bfa8bf7bb4a9acU; + n[2U] = (uint64_t)0x8bade7562e83b050U; + n[3U] = (uint64_t)0xc6c3521968f4ffd9U; + n[4U] = (uint64_t)0xdd8002263969a840U; + n[5U] = (uint64_t)0x2b78abc25a15c5e9U; +} + +static inline void p384_make_fmont_R2(uint64_t *n) +{ + n[0U] = (uint64_t)0xfffffffe00000001U; + n[1U] = (uint64_t)0x0000000200000000U; + n[2U] = (uint64_t)0xfffffffe00000000U; + n[3U] = (uint64_t)0x0000000200000000U; + n[4U] = (uint64_t)0x0000000000000001U; + n[5U] = (uint64_t)0x0U; +} + +static inline void p384_make_fzero(uint64_t *n) +{ + memset(n, 0U, (uint32_t)6U * sizeof(uint64_t)); + n[0U] = (uint64_t)0U; +} + +static inline void p384_make_fone(uint64_t *n) +{ + n[0U] = (uint64_t)0xffffffff00000001U; + n[1U] = (uint64_t)0x00000000ffffffffU; + n[2U] = (uint64_t)0x1U; + n[3U] = (uint64_t)0x0U; + n[4U] = (uint64_t)0x0U; + n[5U] = (uint64_t)0x0U; +} + +static inline void p384_make_qone(uint64_t *f) +{ + f[0U] = (uint64_t)0x1313e695333ad68dU; + f[1U] = (uint64_t)0xa7e5f24db74f5885U; + f[2U] = (uint64_t)0x389cb27e0bc8d220U; + f[3U] = (uint64_t)0x0U; + f[4U] = (uint64_t)0x0U; + f[5U] = (uint64_t)0x0U; +} + +static inline void fmont_reduction(uint64_t *res, uint64_t *x) +{ + uint64_t n[6U] = { 0U }; + p384_make_prime(n); + uint64_t c0 = (uint64_t)0U; + KRML_MAYBE_FOR6( + i0, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, + uint64_t qj = (uint64_t)4294967297U * x[i0]; + uint64_t *res_j0 = x + i0; uint64_t c = (uint64_t)0U; { + uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, + res_i0); + uint64_t a_i0 = + n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = res_j0 + + (uint32_t)4U * (uint32_t)0U + + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, + res_i1); + uint64_t a_i1 = + n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = res_j0 + + (uint32_t)4U * (uint32_t)0U + + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, + res_i2); + uint64_t a_i2 = + n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, + res_i); + } KRML_MAYBE_FOR2(i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, + uint64_t a_i = n[i]; + uint64_t *res_i = res_j0 + i; + c = Hacl_Bignum_Base_mul_wide_add2_u64( + a_i, qj, c, res_i);); + uint64_t r = c; uint64_t c1 = r; + uint64_t *resb = x + (uint32_t)6U + i0; + uint64_t res_j = x[(uint32_t)6U + i0]; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, + resb);); + memcpy(res, x + (uint32_t)6U, (uint32_t)6U * sizeof(uint64_t)); + uint64_t c00 = c0; + uint64_t tmp[6U] = { 0U }; + uint64_t c = (uint64_t)0U; + { + uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); + uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); + uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); + uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); + } + KRML_MAYBE_FOR2(i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, + uint64_t t1 = res[i]; + uint64_t t2 = n[i]; uint64_t *res_i = tmp + i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t2, + res_i);); + uint64_t c1 = c; + uint64_t c2 = c00 - c1; + KRML_MAYBE_FOR6( + i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, uint64_t *os = res; + uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]); os[i] = x1;); +} + +static inline void qmont_reduction(uint64_t *res, uint64_t *x) +{ + uint64_t n[6U] = { 0U }; + p384_make_order(n); + uint64_t c0 = (uint64_t)0U; + KRML_MAYBE_FOR6( + i0, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, + uint64_t qj = (uint64_t)7986114184663260229U * x[i0]; + uint64_t *res_j0 = x + i0; uint64_t c = (uint64_t)0U; { + uint64_t a_i = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = res_j0 + (uint32_t)4U * (uint32_t)0U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i, qj, c, + res_i0); + uint64_t a_i0 = + n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = res_j0 + + (uint32_t)4U * (uint32_t)0U + + (uint32_t)1U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i0, qj, c, + res_i1); + uint64_t a_i1 = + n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = res_j0 + + (uint32_t)4U * (uint32_t)0U + + (uint32_t)2U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i1, qj, c, + res_i2); + uint64_t a_i2 = + n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = res_j0 + (uint32_t)4U * (uint32_t)0U + + (uint32_t)3U; + c = Hacl_Bignum_Base_mul_wide_add2_u64(a_i2, qj, c, + res_i); + } KRML_MAYBE_FOR2(i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, + uint64_t a_i = n[i]; + uint64_t *res_i = res_j0 + i; + c = Hacl_Bignum_Base_mul_wide_add2_u64( + a_i, qj, c, res_i);); + uint64_t r = c; uint64_t c1 = r; + uint64_t *resb = x + (uint32_t)6U + i0; + uint64_t res_j = x[(uint32_t)6U + i0]; + c0 = Lib_IntTypes_Intrinsics_add_carry_u64(c0, c1, res_j, + resb);); + memcpy(res, x + (uint32_t)6U, (uint32_t)6U * sizeof(uint64_t)); + uint64_t c00 = c0; + uint64_t tmp[6U] = { 0U }; + uint64_t c = (uint64_t)0U; + { + uint64_t t1 = res[(uint32_t)4U * (uint32_t)0U]; + uint64_t t20 = n[(uint32_t)4U * (uint32_t)0U]; + uint64_t *res_i0 = tmp + (uint32_t)4U * (uint32_t)0U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t20, res_i0); + uint64_t t10 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t t21 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)1U]; + uint64_t *res_i1 = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t10, t21, res_i1); + uint64_t t11 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t t22 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)2U]; + uint64_t *res_i2 = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t11, t22, res_i2); + uint64_t t12 = res[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t t2 = n[(uint32_t)4U * (uint32_t)0U + (uint32_t)3U]; + uint64_t *res_i = + tmp + (uint32_t)4U * (uint32_t)0U + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t12, t2, res_i); + } + KRML_MAYBE_FOR2(i, (uint32_t)4U, (uint32_t)6U, (uint32_t)1U, + uint64_t t1 = res[i]; + uint64_t t2 = n[i]; uint64_t *res_i = tmp + i; + c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, t2, + res_i);); + uint64_t c1 = c; + uint64_t c2 = c00 - c1; + KRML_MAYBE_FOR6( + i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, uint64_t *os = res; + uint64_t x1 = (c2 & res[i]) | (~c2 & tmp[i]); os[i] = x1;); +} + +static inline uint64_t bn_is_lt_prime_mask(uint64_t *f) +{ + uint64_t tmp[6U] = { 0U }; + p384_make_prime(tmp); + uint64_t c = bn_sub(tmp, f, tmp); + return (uint64_t)0U - c; +} + +static inline void fadd(uint64_t *a, uint64_t *b, uint64_t *c) +{ + uint64_t n[6U] = { 0U }; + p384_make_prime(n); + bn_add_mod(a, n, b, c); +} + +static inline void fsub(uint64_t *a, uint64_t *b, uint64_t *c) +{ + uint64_t n[6U] = { 0U }; + p384_make_prime(n); + bn_sub_mod(a, n, b, c); +} + +static inline void fmul(uint64_t *a, uint64_t *b, uint64_t *c) +{ + uint64_t tmp[12U] = { 0U }; + bn_mul(tmp, b, c); + fmont_reduction(a, tmp); +} + +static inline void fsqr(uint64_t *a, uint64_t *b) +{ + uint64_t tmp[12U] = { 0U }; + bn_sqr(tmp, b); + fmont_reduction(a, tmp); +} + +static inline void from_mont(uint64_t *a, uint64_t *b) +{ + uint64_t tmp[12U] = { 0U }; + memcpy(tmp, b, (uint32_t)6U * sizeof(uint64_t)); + fmont_reduction(a, tmp); +} + +static inline void to_mont(uint64_t *a, uint64_t *b) +{ + uint64_t r2modn[6U] = { 0U }; + p384_make_fmont_R2(r2modn); + uint64_t tmp[12U] = { 0U }; + bn_mul(tmp, b, r2modn); + fmont_reduction(a, tmp); +} + +static inline void fexp_vartime(uint64_t *out, uint64_t *a, uint64_t *b) +{ + uint64_t table[192U] = { 0U }; + uint64_t tmp[6U] = { 0U }; + uint64_t *t0 = table; + uint64_t *t1 = table + (uint32_t)6U; + p384_make_fone(t0); + memcpy(t1, a, (uint32_t)6U * sizeof(uint64_t)); + KRML_MAYBE_FOR15( + i, (uint32_t)0U, (uint32_t)15U, (uint32_t)1U, + uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)6U; + fsqr(tmp, t11); + memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)6U, + tmp, (uint32_t)6U * sizeof(uint64_t)); + uint64_t *t2 = table + + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)6U; + fmul(tmp, a, t2); + memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)6U, + tmp, (uint32_t)6U * sizeof(uint64_t));); + uint32_t i0 = (uint32_t)380U; + uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)6U, b, i0, + (uint32_t)5U); + uint32_t bits_l32 = (uint32_t)bits_c; + const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)6U; + memcpy(out, (uint64_t *)a_bits_l, (uint32_t)6U * sizeof(uint64_t)); + uint64_t tmp0[6U] = { 0U }; + for (uint32_t i = (uint32_t)0U; i < (uint32_t)76U; i++) { + KRML_MAYBE_FOR5(i1, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, + fsqr(out, out);); + uint32_t k = (uint32_t)380U - (uint32_t)5U * i - (uint32_t)5U; + uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64( + (uint32_t)6U, b, k, (uint32_t)5U); + uint32_t bits_l320 = (uint32_t)bits_l; + const uint64_t *a_bits_l0 = table + bits_l320 * (uint32_t)6U; + memcpy(tmp0, (uint64_t *)a_bits_l0, + (uint32_t)6U * sizeof(uint64_t)); + fmul(out, out, tmp0); + } +} + +static inline void p384_finv(uint64_t *res, uint64_t *a) +{ + uint64_t b[6U] = { 0U }; + b[0U] = (uint64_t)0x00000000fffffffdU; + b[1U] = (uint64_t)0xffffffff00000000U; + b[2U] = (uint64_t)0xfffffffffffffffeU; + b[3U] = (uint64_t)0xffffffffffffffffU; + b[4U] = (uint64_t)0xffffffffffffffffU; + b[5U] = (uint64_t)0xffffffffffffffffU; + fexp_vartime(res, a, b); +} + +static inline void p384_fsqrt(uint64_t *res, uint64_t *a) +{ + uint64_t b[6U] = { 0U }; + b[0U] = (uint64_t)0x0000000040000000U; + b[1U] = (uint64_t)0xbfffffffc0000000U; + b[2U] = (uint64_t)0xffffffffffffffffU; + b[3U] = (uint64_t)0xffffffffffffffffU; + b[4U] = (uint64_t)0xffffffffffffffffU; + b[5U] = (uint64_t)0x3fffffffffffffffU; + fexp_vartime(res, a, b); +} + +static inline uint64_t load_qelem_conditional(uint64_t *a, uint8_t *b) +{ + bn_from_bytes_be(a, b); + uint64_t tmp[6U] = { 0U }; + p384_make_order(tmp); + uint64_t c = bn_sub(tmp, a, tmp); + uint64_t is_lt_order = (uint64_t)0U - c; + uint64_t bn_zero[6U] = { 0U }; + uint64_t res = bn_is_eq_mask(a, bn_zero); + uint64_t is_eq_zero = res; + uint64_t is_b_valid = is_lt_order & ~is_eq_zero; + uint64_t oneq[6U] = { 0U }; + memset(oneq, 0U, (uint32_t)6U * sizeof(uint64_t)); + oneq[0U] = (uint64_t)1U; + KRML_MAYBE_FOR6(i, (uint32_t)0U, (uint32_t)6U, (uint32_t)1U, + uint64_t *os = a; + uint64_t uu____0 = oneq[i]; + uint64_t x = uu____0 ^ (is_b_valid & (a[i] ^ uu____0)); + os[i] = x;); + return is_b_valid; +} + +static inline void qmod_short(uint64_t *a, uint64_t *b) +{ + uint64_t tmp[6U] = { 0U }; + p384_make_order(tmp); + uint64_t c = bn_sub(tmp, b, tmp); + bn_cmovznz(a, c, tmp, b); +} + +static inline void qadd(uint64_t *a, uint64_t *b, uint64_t *c) +{ + uint64_t n[6U] = { 0U }; + p384_make_order(n); + bn_add_mod(a, n, b, c); +} + +static inline void qmul(uint64_t *a, uint64_t *b, uint64_t *c) +{ + uint64_t tmp[12U] = { 0U }; + bn_mul(tmp, b, c); + qmont_reduction(a, tmp); +} + +static inline void qsqr(uint64_t *a, uint64_t *b) +{ + uint64_t tmp[12U] = { 0U }; + bn_sqr(tmp, b); + qmont_reduction(a, tmp); +} + +static inline void from_qmont(uint64_t *a, uint64_t *b) +{ + uint64_t tmp[12U] = { 0U }; + memcpy(tmp, b, (uint32_t)6U * sizeof(uint64_t)); + qmont_reduction(a, tmp); +} + +static inline void qexp_vartime(uint64_t *out, uint64_t *a, uint64_t *b) +{ + uint64_t table[192U] = { 0U }; + uint64_t tmp[6U] = { 0U }; + uint64_t *t0 = table; + uint64_t *t1 = table + (uint32_t)6U; + p384_make_qone(t0); + memcpy(t1, a, (uint32_t)6U * sizeof(uint64_t)); + KRML_MAYBE_FOR15( + i, (uint32_t)0U, (uint32_t)15U, (uint32_t)1U, + uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)6U; + qsqr(tmp, t11); + memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)6U, + tmp, (uint32_t)6U * sizeof(uint64_t)); + uint64_t *t2 = table + + ((uint32_t)2U * i + (uint32_t)2U) * (uint32_t)6U; + qmul(tmp, a, t2); + memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * (uint32_t)6U, + tmp, (uint32_t)6U * sizeof(uint64_t));); + uint32_t i0 = (uint32_t)380U; + uint64_t bits_c = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)6U, b, i0, + (uint32_t)5U); + uint32_t bits_l32 = (uint32_t)bits_c; + const uint64_t *a_bits_l = table + bits_l32 * (uint32_t)6U; + memcpy(out, (uint64_t *)a_bits_l, (uint32_t)6U * sizeof(uint64_t)); + uint64_t tmp0[6U] = { 0U }; + for (uint32_t i = (uint32_t)0U; i < (uint32_t)76U; i++) { + KRML_MAYBE_FOR5(i1, (uint32_t)0U, (uint32_t)5U, (uint32_t)1U, + qsqr(out, out);); + uint32_t k = (uint32_t)380U - (uint32_t)5U * i - (uint32_t)5U; + uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64( + (uint32_t)6U, b, k, (uint32_t)5U); + uint32_t bits_l320 = (uint32_t)bits_l; + const uint64_t *a_bits_l0 = table + bits_l320 * (uint32_t)6U; + memcpy(tmp0, (uint64_t *)a_bits_l0, + (uint32_t)6U * sizeof(uint64_t)); + qmul(out, out, tmp0); + } +} + +static inline void p384_qinv(uint64_t *res, uint64_t *a) +{ + uint64_t b[6U] = { 0U }; + b[0U] = (uint64_t)0xecec196accc52971U; + b[1U] = (uint64_t)0x581a0db248b0a77aU; + b[2U] = (uint64_t)0xc7634d81f4372ddfU; + b[3U] = (uint64_t)0xffffffffffffffffU; + b[4U] = (uint64_t)0xffffffffffffffffU; + b[5U] = (uint64_t)0xffffffffffffffffU; + qexp_vartime(res, a, b); +} + +static inline void point_add(uint64_t *x, uint64_t *y, uint64_t *xy) +{ + uint64_t tmp[54U] = { 0U }; + uint64_t *t0 = tmp; + uint64_t *t1 = tmp + (uint32_t)36U; + uint64_t *x3 = t1; + uint64_t *y3 = t1 + (uint32_t)6U; + uint64_t *z3 = t1 + (uint32_t)12U; + uint64_t *t01 = t0; + uint64_t *t11 = t0 + (uint32_t)6U; + uint64_t *t2 = t0 + (uint32_t)12U; + uint64_t *t3 = t0 + (uint32_t)18U; + uint64_t *t4 = t0 + (uint32_t)24U; + uint64_t *t5 = t0 + (uint32_t)30U; + uint64_t *x1 = x; + uint64_t *y1 = x + (uint32_t)6U; + uint64_t *z10 = x + (uint32_t)12U; + uint64_t *x20 = y; + uint64_t *y20 = y + (uint32_t)6U; + uint64_t *z20 = y + (uint32_t)12U; + fmul(t01, x1, x20); + fmul(t11, y1, y20); + fmul(t2, z10, z20); + fadd(t3, x1, y1); + fadd(t4, x20, y20); + fmul(t3, t3, t4); + fadd(t4, t01, t11); + uint64_t *y10 = x + (uint32_t)6U; + uint64_t *z11 = x + (uint32_t)12U; + uint64_t *y2 = y + (uint32_t)6U; + uint64_t *z21 = y + (uint32_t)12U; + fsub(t3, t3, t4); + fadd(t4, y10, z11); + fadd(t5, y2, z21); + fmul(t4, t4, t5); + fadd(t5, t11, t2); + fsub(t4, t4, t5); + uint64_t *x10 = x; + uint64_t *z1 = x + (uint32_t)12U; + uint64_t *x2 = y; + uint64_t *z2 = y + (uint32_t)12U; + fadd(x3, x10, z1); + fadd(y3, x2, z2); + fmul(x3, x3, y3); + fadd(y3, t01, t2); + fsub(y3, x3, y3); + uint64_t b_coeff[6U] = { 0U }; + p384_make_b_coeff(b_coeff); + fmul(z3, b_coeff, t2); + fsub(x3, y3, z3); + fadd(z3, x3, x3); + fadd(x3, x3, z3); + fsub(z3, t11, x3); + fadd(x3, t11, x3); + uint64_t b_coeff0[6U] = { 0U }; + p384_make_b_coeff(b_coeff0); + fmul(y3, b_coeff0, y3); + fadd(t11, t2, t2); + fadd(t2, t11, t2); + fsub(y3, y3, t2); + fsub(y3, y3, t01); + fadd(t11, y3, y3); + fadd(y3, t11, y3); + fadd(t11, t01, t01); + fadd(t01, t11, t01); + fsub(t01, t01, t2); + fmul(t11, t4, y3); + fmul(t2, t01, y3); + fmul(y3, x3, z3); + fadd(y3, y3, t2); + fmul(x3, t3, x3); + fsub(x3, x3, t11); + fmul(z3, t4, z3); + fmul(t11, t3, t01); + fadd(z3, z3, t11); + memcpy(xy, t1, (uint32_t)18U * sizeof(uint64_t)); +} + +static inline void point_double(uint64_t *x, uint64_t *xx) +{ + uint64_t tmp[30U] = { 0U }; + uint64_t *x1 = x; + uint64_t *z = x + (uint32_t)12U; + uint64_t *x3 = xx; + uint64_t *y3 = xx + (uint32_t)6U; + uint64_t *z3 = xx + (uint32_t)12U; + uint64_t *t0 = tmp; + uint64_t *t1 = tmp + (uint32_t)6U; + uint64_t *t2 = tmp + (uint32_t)12U; + uint64_t *t3 = tmp + (uint32_t)18U; + uint64_t *t4 = tmp + (uint32_t)24U; + uint64_t *x2 = x; + uint64_t *y = x + (uint32_t)6U; + uint64_t *z1 = x + (uint32_t)12U; + fsqr(t0, x2); + fsqr(t1, y); + fsqr(t2, z1); + fmul(t3, x2, y); + fadd(t3, t3, t3); + fmul(t4, y, z1); + fmul(z3, x1, z); + fadd(z3, z3, z3); + uint64_t b_coeff[6U] = { 0U }; + p384_make_b_coeff(b_coeff); + fmul(y3, b_coeff, t2); + fsub(y3, y3, z3); + fadd(x3, y3, y3); + fadd(y3, x3, y3); + fsub(x3, t1, y3); + fadd(y3, t1, y3); + fmul(y3, x3, y3); + fmul(x3, x3, t3); + fadd(t3, t2, t2); + fadd(t2, t2, t3); + uint64_t b_coeff0[6U] = { 0U }; + p384_make_b_coeff(b_coeff0); + fmul(z3, b_coeff0, z3); + fsub(z3, z3, t2); + fsub(z3, z3, t0); + fadd(t3, z3, z3); + fadd(z3, z3, t3); + fadd(t3, t0, t0); + fadd(t0, t3, t0); + fsub(t0, t0, t2); + fmul(t0, t0, z3); + fadd(y3, y3, t0); + fadd(t0, t4, t4); + fmul(z3, t0, z3); + fsub(x3, x3, z3); + fmul(z3, t0, t1); + fadd(z3, z3, z3); + fadd(z3, z3, z3); +} + +static inline void point_zero(uint64_t *one) +{ + uint64_t *x = one; + uint64_t *y = one + (uint32_t)6U; + uint64_t *z = one + (uint32_t)12U; + p384_make_fzero(x); + p384_make_fone(y); + p384_make_fzero(z); +} + +static inline void point_mul(uint64_t *res, uint64_t *scalar, uint64_t *p) +{ + uint64_t table[288U] = { 0U }; + uint64_t tmp[18U] = { 0U }; + uint64_t *t0 = table; + uint64_t *t1 = table + (uint32_t)18U; + point_zero(t0); + memcpy(t1, p, (uint32_t)18U * sizeof(uint64_t)); + KRML_MAYBE_FOR7( + i, (uint32_t)0U, (uint32_t)7U, (uint32_t)1U, + uint64_t *t11 = table + (i + (uint32_t)1U) * (uint32_t)18U; + point_double(t11, tmp); + memcpy(table + ((uint32_t)2U * i + (uint32_t)2U) * + (uint32_t)18U, + tmp, (uint32_t)18U * sizeof(uint64_t)); + uint64_t *t2 = table + ((uint32_t)2U * i + (uint32_t)2U) * + (uint32_t)18U; + point_add(p, t2, tmp); + memcpy(table + ((uint32_t)2U * i + (uint32_t)3U) * + (uint32_t)18U, + tmp, (uint32_t)18U * sizeof(uint64_t));); + point_zero(res); + uint64_t tmp0[18U] = { 0U }; + for (uint32_t i0 = (uint32_t)0U; i0 < (uint32_t)96U; i0++) { + KRML_MAYBE_FOR4(i, (uint32_t)0U, (uint32_t)4U, (uint32_t)1U, + point_double(res, res);); + uint32_t k = (uint32_t)384U - (uint32_t)4U * i0 - (uint32_t)4U; + uint64_t bits_l = Hacl_Bignum_Lib_bn_get_bits_u64( + (uint32_t)6U, scalar, k, (uint32_t)4U); + memcpy(tmp0, (uint64_t *)table, + (uint32_t)18U * sizeof(uint64_t)); + KRML_MAYBE_FOR15( + i1, (uint32_t)0U, (uint32_t)15U, (uint32_t)1U, + uint64_t c = FStar_UInt64_eq_mask( + bits_l, (uint64_t)(i1 + (uint32_t)1U)); + const uint64_t *res_j = + table + (i1 + (uint32_t)1U) * (uint32_t)18U; + for (uint32_t i = (uint32_t)0U; i < (uint32_t)18U; + i++) { + uint64_t *os = tmp0; + uint64_t x = (c & res_j[i]) | (~c & tmp0[i]); + os[i] = x; + }); + point_add(res, tmp0, res); + } +} + +static inline void point_mul_g(uint64_t *res, uint64_t *scalar) +{ + uint64_t g[18U] = { 0U }; + uint64_t *x = g; + uint64_t *y = g + (uint32_t)6U; + uint64_t *z = g + (uint32_t)12U; + p384_make_g_x(x); + p384_make_g_y(y); + p384_make_fone(z); + point_mul(res, scalar, g); +} + +static inline void point_mul_double_g(uint64_t *res, uint64_t *scalar1, + uint64_t *scalar2, uint64_t *p) +{ + uint64_t tmp[18U] = { 0U }; + point_mul_g(tmp, scalar1); + point_mul(res, scalar2, p); + point_add(res, tmp, res); +} + +static inline bool ecdsa_sign_msg_as_qelem(uint8_t *signature, uint64_t *m_q, + uint8_t *private_key, uint8_t *nonce) +{ + uint64_t rsdk_q[24U] = { 0U }; + uint64_t *r_q = rsdk_q; + uint64_t *s_q = rsdk_q + (uint32_t)6U; + uint64_t *d_a = rsdk_q + (uint32_t)12U; + uint64_t *k_q = rsdk_q + (uint32_t)18U; + uint64_t is_sk_valid = load_qelem_conditional(d_a, private_key); + uint64_t is_nonce_valid = load_qelem_conditional(k_q, nonce); + uint64_t are_sk_nonce_valid = is_sk_valid & is_nonce_valid; + uint64_t p[18U] = { 0U }; + point_mul_g(p, k_q); + uint64_t zinv[6U] = { 0U }; + uint64_t *px = p; + uint64_t *pz = p + (uint32_t)12U; + p384_finv(zinv, pz); + fmul(r_q, px, zinv); + from_mont(r_q, r_q); + qmod_short(r_q, r_q); + uint64_t kinv[6U] = { 0U }; + p384_qinv(kinv, k_q); + qmul(s_q, r_q, d_a); + from_qmont(m_q, m_q); + qadd(s_q, m_q, s_q); + qmul(s_q, kinv, s_q); + bn_to_bytes_be(signature, r_q); + bn_to_bytes_be(signature + (uint32_t)48U, s_q); + uint64_t bn_zero0[6U] = { 0U }; + uint64_t res = bn_is_eq_mask(r_q, bn_zero0); + uint64_t is_r_zero = res; + uint64_t bn_zero[6U] = { 0U }; + uint64_t res0 = bn_is_eq_mask(s_q, bn_zero); + uint64_t is_s_zero = res0; + uint64_t m = are_sk_nonce_valid & (~is_r_zero & ~is_s_zero); + bool res1 = m == (uint64_t)0xFFFFFFFFFFFFFFFFU; + return res1; +} + +static inline bool ecdsa_verify_msg_as_qelem(uint64_t *m_q, uint8_t *public_key, + uint8_t *signature_r, + uint8_t *signature_s) +{ + uint64_t tmp[42U] = { 0U }; + uint64_t *pk = tmp; + uint64_t *r_q = tmp + (uint32_t)18U; + uint64_t *s_q = tmp + (uint32_t)24U; + uint64_t *u1 = tmp + (uint32_t)30U; + uint64_t *u2 = tmp + (uint32_t)36U; + uint64_t p_aff[12U] = { 0U }; + uint8_t *p_x = public_key; + uint8_t *p_y = public_key + (uint32_t)48U; + uint64_t *bn_p_x = p_aff; + uint64_t *bn_p_y = p_aff + (uint32_t)6U; + bn_from_bytes_be(bn_p_x, p_x); + bn_from_bytes_be(bn_p_y, p_y); + uint64_t *px0 = p_aff; + uint64_t *py0 = p_aff + (uint32_t)6U; + uint64_t lessX = bn_is_lt_prime_mask(px0); + uint64_t lessY = bn_is_lt_prime_mask(py0); + uint64_t res0 = lessX & lessY; + bool is_xy_valid = res0 == (uint64_t)0xFFFFFFFFFFFFFFFFU; + bool res; + if (!is_xy_valid) { + res = false; + } else { + uint64_t rp[6U] = { 0U }; + uint64_t tx[6U] = { 0U }; + uint64_t ty[6U] = { 0U }; + uint64_t *px = p_aff; + uint64_t *py = p_aff + (uint32_t)6U; + to_mont(tx, px); + to_mont(ty, py); + uint64_t tmp1[6U] = { 0U }; + fsqr(rp, tx); + fmul(rp, rp, tx); + p384_make_a_coeff(tmp1); + fmul(tmp1, tmp1, tx); + fadd(rp, tmp1, rp); + p384_make_b_coeff(tmp1); + fadd(rp, tmp1, rp); + fsqr(ty, ty); + uint64_t r = bn_is_eq_mask(ty, rp); + uint64_t r0 = r; + bool r1 = r0 == (uint64_t)0xFFFFFFFFFFFFFFFFU; + res = r1; + } + if (res) { + uint64_t *px = p_aff; + uint64_t *py = p_aff + (uint32_t)6U; + uint64_t *rx = pk; + uint64_t *ry = pk + (uint32_t)6U; + uint64_t *rz = pk + (uint32_t)12U; + to_mont(rx, px); + to_mont(ry, py); + p384_make_fone(rz); + } + bool is_pk_valid = res; + bn_from_bytes_be(r_q, signature_r); + bn_from_bytes_be(s_q, signature_s); + uint64_t tmp10[6U] = { 0U }; + p384_make_order(tmp10); + uint64_t c = bn_sub(tmp10, r_q, tmp10); + uint64_t is_lt_order = (uint64_t)0U - c; + uint64_t bn_zero0[6U] = { 0U }; + uint64_t res1 = bn_is_eq_mask(r_q, bn_zero0); + uint64_t is_eq_zero = res1; + uint64_t is_r_valid = is_lt_order & ~is_eq_zero; + uint64_t tmp11[6U] = { 0U }; + p384_make_order(tmp11); + uint64_t c0 = bn_sub(tmp11, s_q, tmp11); + uint64_t is_lt_order0 = (uint64_t)0U - c0; + uint64_t bn_zero1[6U] = { 0U }; + uint64_t res2 = bn_is_eq_mask(s_q, bn_zero1); + uint64_t is_eq_zero0 = res2; + uint64_t is_s_valid = is_lt_order0 & ~is_eq_zero0; + bool is_rs_valid = is_r_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU && + is_s_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU; + if (!(is_pk_valid && is_rs_valid)) { + return false; + } + uint64_t sinv[6U] = { 0U }; + p384_qinv(sinv, s_q); + uint64_t tmp1[6U] = { 0U }; + from_qmont(tmp1, m_q); + qmul(u1, sinv, tmp1); + uint64_t tmp12[6U] = { 0U }; + from_qmont(tmp12, r_q); + qmul(u2, sinv, tmp12); + uint64_t res3[18U] = { 0U }; + point_mul_double_g(res3, u1, u2, pk); + uint64_t *pz0 = res3 + (uint32_t)12U; + uint64_t bn_zero[6U] = { 0U }; + uint64_t res10 = bn_is_eq_mask(pz0, bn_zero); + uint64_t m = res10; + if (m == (uint64_t)0xFFFFFFFFFFFFFFFFU) { + return false; + } + uint64_t x[6U] = { 0U }; + uint64_t zinv[6U] = { 0U }; + uint64_t *px = res3; + uint64_t *pz = res3 + (uint32_t)12U; + p384_finv(zinv, pz); + fmul(x, px, zinv); + from_mont(x, x); + qmod_short(x, x); + uint64_t m0 = bn_is_eq_mask(x, r_q); + bool res11 = m0 == (uint64_t)0xFFFFFFFFFFFFFFFFU; + return res11; +} + +/******************************************************************************* + + Verified C library for ECDSA and ECDH functions over the P-384 NIST curve. + + This module implements signing and verification, key validation, conversions + between various point representations, and ECDH key agreement. + +*******************************************************************************/ + +/*****************/ +/* ECDSA signing */ +/*****************/ + +/** +Create an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-sign combined functions above. + + The argument `msg` MUST be at least 48 bytes (i.e. `msg_len >= 48`). + + NOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs + smaller than 48 bytes. These libraries left-pad the input with enough zeroes to + reach the minimum 48 byte size. Clients who need behavior identical to OpenSSL + need to perform the left-padding themselves. + + The function returns `true` for successful creation of an ECDSA signature and `false` otherwise. + + The outparam `signature` (R || S) points to 96 bytes of valid memory, i.e., uint8_t[96]. + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The arguments `private_key` and `nonce` point to 48 bytes of valid memory, i.e., uint8_t[48]. + + The function also checks whether `private_key` and `nonce` are valid values: + • 0 < `private_key` < the order of the curve + • 0 < `nonce` < the order of the curve +*/ +bool Hacl_P384_ecdsa_sign_p384_without_hash(uint8_t *signature, + uint32_t msg_len, uint8_t *msg, + uint8_t *private_key, + uint8_t *nonce) +{ + uint64_t m_q[6U] = { 0U }; + uint8_t mHash[48U] = { 0U }; + memcpy(mHash, msg, (uint32_t)48U * sizeof(uint8_t)); + KRML_HOST_IGNORE(msg_len); + uint8_t *mHash48 = mHash; + bn_from_bytes_be(m_q, mHash48); + qmod_short(m_q, m_q); + bool res = ecdsa_sign_msg_as_qelem(signature, m_q, private_key, nonce); + return res; +} + +/**********************/ +/* ECDSA verification */ +/**********************/ + +/** +Verify an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-verify combined functions above. + + The argument `msg` MUST be at least 48 bytes (i.e. `msg_len >= 48`). + + The function returns `true` if the signature is valid and `false` otherwise. + + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The argument `public_key` (x || y) points to 96 bytes of valid memory, i.e., uint8_t[96]. + The arguments `signature_r` and `signature_s` point to 48 bytes of valid memory, i.e., uint8_t[48]. + + The function also checks whether `public_key` is valid +*/ +bool Hacl_P384_ecdsa_verif_without_hash(uint32_t msg_len, uint8_t *msg, + uint8_t *public_key, + uint8_t *signature_r, + uint8_t *signature_s) +{ + uint64_t m_q[6U] = { 0U }; + uint8_t mHash[48U] = { 0U }; + memcpy(mHash, msg, (uint32_t)48U * sizeof(uint8_t)); + KRML_HOST_IGNORE(msg_len); + uint8_t *mHash48 = mHash; + bn_from_bytes_be(m_q, mHash48); + qmod_short(m_q, m_q); + bool res = ecdsa_verify_msg_as_qelem(m_q, public_key, signature_r, + signature_s); + return res; +} + +/******************/ +/* Key validation */ +/******************/ + +/** +Public key validation. + + The function returns `true` if a public key is valid and `false` otherwise. + + The argument `public_key` points to 96 bytes of valid memory, i.e., uint8_t[96]. + + The public key (x || y) is valid (with respect to SP 800-56A): + • the public key is not the “point at infinity”, represented as O. + • the affine x and y coordinates of the point represented by the public key are + in the range [0, p – 1] where p is the prime defining the finite field. + • y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation. + The last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/ +*/ +bool Hacl_P384_validate_public_key(uint8_t *public_key) +{ + uint64_t point_jac[18U] = { 0U }; + uint64_t p_aff[12U] = { 0U }; + uint8_t *p_x = public_key; + uint8_t *p_y = public_key + (uint32_t)48U; + uint64_t *bn_p_x = p_aff; + uint64_t *bn_p_y = p_aff + (uint32_t)6U; + bn_from_bytes_be(bn_p_x, p_x); + bn_from_bytes_be(bn_p_y, p_y); + uint64_t *px0 = p_aff; + uint64_t *py0 = p_aff + (uint32_t)6U; + uint64_t lessX = bn_is_lt_prime_mask(px0); + uint64_t lessY = bn_is_lt_prime_mask(py0); + uint64_t res0 = lessX & lessY; + bool is_xy_valid = res0 == (uint64_t)0xFFFFFFFFFFFFFFFFU; + bool res; + if (!is_xy_valid) { + res = false; + } else { + uint64_t rp[6U] = { 0U }; + uint64_t tx[6U] = { 0U }; + uint64_t ty[6U] = { 0U }; + uint64_t *px = p_aff; + uint64_t *py = p_aff + (uint32_t)6U; + to_mont(tx, px); + to_mont(ty, py); + uint64_t tmp[6U] = { 0U }; + fsqr(rp, tx); + fmul(rp, rp, tx); + p384_make_a_coeff(tmp); + fmul(tmp, tmp, tx); + fadd(rp, tmp, rp); + p384_make_b_coeff(tmp); + fadd(rp, tmp, rp); + fsqr(ty, ty); + uint64_t r = bn_is_eq_mask(ty, rp); + uint64_t r0 = r; + bool r1 = r0 == (uint64_t)0xFFFFFFFFFFFFFFFFU; + res = r1; + } + if (res) { + uint64_t *px = p_aff; + uint64_t *py = p_aff + (uint32_t)6U; + uint64_t *rx = point_jac; + uint64_t *ry = point_jac + (uint32_t)6U; + uint64_t *rz = point_jac + (uint32_t)12U; + to_mont(rx, px); + to_mont(ry, py); + p384_make_fone(rz); + } + bool res1 = res; + return res1; +} + +/** +Private key validation. + + The function returns `true` if a private key is valid and `false` otherwise. + + The argument `private_key` points to 48 bytes of valid memory, i.e., uint8_t[48]. + + The private key is valid: + • 0 < `private_key` < the order of the curve +*/ +bool Hacl_P384_validate_private_key(uint8_t *private_key) +{ + uint64_t bn_sk[6U] = { 0U }; + bn_from_bytes_be(bn_sk, private_key); + uint64_t tmp[6U] = { 0U }; + p384_make_order(tmp); + uint64_t c = bn_sub(tmp, bn_sk, tmp); + uint64_t is_lt_order = (uint64_t)0U - c; + uint64_t bn_zero[6U] = { 0U }; + uint64_t res = bn_is_eq_mask(bn_sk, bn_zero); + uint64_t is_eq_zero = res; + uint64_t res0 = is_lt_order & ~is_eq_zero; + return res0 == (uint64_t)0xFFFFFFFFFFFFFFFFU; +} + +/******************************************************************************* + Parsing and Serializing public keys. + + A public key is a point (x, y) on the P-384 NIST curve. + + The point can be represented in the following three ways. + • raw = [ x || y ], 96 bytes + • uncompressed = [ 0x04 || x || y ], 97 bytes + • compressed = [ (0x02 for even `y` and 0x03 for odd `y`) || x ], 33 bytes + +*******************************************************************************/ + +/** +Convert a public key from uncompressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 96 bytes of valid memory, i.e., uint8_t[96]. + The argument `pk` points to 97 bytes of valid memory, i.e., uint8_t[97]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +bool Hacl_P384_uncompressed_to_raw(uint8_t *pk, uint8_t *pk_raw) +{ + uint8_t pk0 = pk[0U]; + if (pk0 != (uint8_t)0x04U) { + return false; + } + memcpy(pk_raw, pk + (uint32_t)1U, (uint32_t)96U * sizeof(uint8_t)); + return true; +} + +/** +Convert a public key from compressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 96 bytes of valid memory, i.e., uint8_t[96]. + The argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + + The function also checks whether (x, y) is a valid point. +*/ +bool Hacl_P384_compressed_to_raw(uint8_t *pk, uint8_t *pk_raw) +{ + uint64_t xa[6U] = { 0U }; + uint64_t ya[6U] = { 0U }; + uint8_t *pk_xb = pk + (uint32_t)1U; + uint8_t s0 = pk[0U]; + uint8_t s01 = s0; + bool b; + if (!(s01 == (uint8_t)0x02U || s01 == (uint8_t)0x03U)) { + b = false; + } else { + uint8_t *xb = pk + (uint32_t)1U; + bn_from_bytes_be(xa, xb); + uint64_t is_x_valid = bn_is_lt_prime_mask(xa); + bool is_x_valid1 = is_x_valid == (uint64_t)0xFFFFFFFFFFFFFFFFU; + bool is_y_odd = s01 == (uint8_t)0x03U; + if (!is_x_valid1) { + b = false; + } else { + uint64_t y2M[6U] = { 0U }; + uint64_t xM[6U] = { 0U }; + uint64_t yM[6U] = { 0U }; + to_mont(xM, xa); + uint64_t tmp[6U] = { 0U }; + fsqr(y2M, xM); + fmul(y2M, y2M, xM); + p384_make_a_coeff(tmp); + fmul(tmp, tmp, xM); + fadd(y2M, tmp, y2M); + p384_make_b_coeff(tmp); + fadd(y2M, tmp, y2M); + p384_fsqrt(yM, y2M); + from_mont(ya, yM); + fsqr(yM, yM); + uint64_t r = bn_is_eq_mask(yM, y2M); + uint64_t r0 = r; + bool is_y_valid = r0 == (uint64_t)0xFFFFFFFFFFFFFFFFU; + bool is_y_valid0 = is_y_valid; + if (!is_y_valid0) { + b = false; + } else { + uint64_t is_y_odd1 = ya[0U] & (uint64_t)1U; + bool is_y_odd2 = is_y_odd1 == (uint64_t)1U; + uint64_t zero[6U] = { 0U }; + if (is_y_odd2 != is_y_odd) { + fsub(ya, zero, ya); + } + b = true; + } + } + } + if (b) { + memcpy(pk_raw, pk_xb, (uint32_t)48U * sizeof(uint8_t)); + bn_to_bytes_be(pk_raw + (uint32_t)48U, ya); + } + return b; +} + +/** +Convert a public key from raw to its uncompressed form. + + The outparam `pk` points to 97 bytes of valid memory, i.e., uint8_t[97]. + The argument `pk_raw` points to 96 bytes of valid memory, i.e., uint8_t[96]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +void Hacl_P384_raw_to_uncompressed(uint8_t *pk_raw, uint8_t *pk) +{ + pk[0U] = (uint8_t)0x04U; + memcpy(pk + (uint32_t)1U, pk_raw, (uint32_t)96U * sizeof(uint8_t)); +} + +/** +Convert a public key from raw to its compressed form. + + The outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + The argument `pk_raw` points to 96 bytes of valid memory, i.e., uint8_t[96]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +void Hacl_P384_raw_to_compressed(uint8_t *pk_raw, uint8_t *pk) +{ + uint8_t *pk_x = pk_raw; + uint8_t *pk_y = pk_raw + (uint32_t)48U; + uint64_t bn_f[6U] = { 0U }; + bn_from_bytes_be(bn_f, pk_y); + uint64_t is_odd_f = bn_f[0U] & (uint64_t)1U; + pk[0U] = (uint8_t)is_odd_f + (uint8_t)0x02U; + memcpy(pk + (uint32_t)1U, pk_x, (uint32_t)48U * sizeof(uint8_t)); +} diff --git a/crypto/Hacl_P384.h b/crypto/Hacl_P384.h new file mode 100644 index 0000000000000..ae83af233b44a --- /dev/null +++ b/crypto/Hacl_P384.h @@ -0,0 +1,186 @@ +/* MIT License + * + * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation + * Copyright (c) 2022-2023 HACL* Contributors + * Copyright (c) 2024 Cryspen + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#ifndef __Hacl_P384_H +#define __Hacl_P384_H + +#include "hacl_lib.h" + +/******************************************************************************* + + Verified C library for ECDSA and ECDH functions over the P-384 NIST curve. + + This module implements signing and verification, key validation, conversions + between various point representations, and ECDH key agreement. + +*******************************************************************************/ + +/*****************/ +/* ECDSA signing */ +/*****************/ + +/** +Create an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-sign combined functions above. + + The argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`). + + NOTE: The equivalent functions in OpenSSL and Fiat-Crypto both accept inputs + smaller than 32 bytes. These libraries left-pad the input with enough zeroes to + reach the minimum 32 byte size. Clients who need behavior identical to OpenSSL + need to perform the left-padding themselves. + + The function returns `true` for successful creation of an ECDSA signature and `false` otherwise. + + The outparam `signature` (R || S) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The arguments `private_key` and `nonce` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `private_key` and `nonce` are valid values: + • 0 < `private_key` < the order of the curve + • 0 < `nonce` < the order of the curve +*/ +bool Hacl_P384_ecdsa_sign_p384_without_hash(uint8_t *signature, + uint32_t msg_len, uint8_t *msg, + uint8_t *private_key, + uint8_t *nonce); + +/**********************/ +/* ECDSA verification */ +/**********************/ + +/** +Verify an ECDSA signature WITHOUT hashing first. + + This function is intended to receive a hash of the input. + For convenience, we recommend using one of the hash-and-verify combined functions above. + + The argument `msg` MUST be at least 32 bytes (i.e. `msg_len >= 32`). + + The function returns `true` if the signature is valid and `false` otherwise. + + The argument `msg` points to `msg_len` bytes of valid memory, i.e., uint8_t[msg_len]. + The argument `public_key` (x || y) points to 64 bytes of valid memory, i.e., uint8_t[64]. + The arguments `signature_r` and `signature_s` point to 32 bytes of valid memory, i.e., uint8_t[32]. + + The function also checks whether `public_key` is valid +*/ +bool Hacl_P384_ecdsa_verif_without_hash(uint32_t msg_len, uint8_t *msg, + uint8_t *public_key, + uint8_t *signature_r, + uint8_t *signature_s); + +/******************/ +/* Key validation */ +/******************/ + +/** +Public key validation. + + The function returns `true` if a public key is valid and `false` otherwise. + + The argument `public_key` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The public key (x || y) is valid (with respect to SP 800-56A): + • the public key is not the “point at infinity”, represented as O. + • the affine x and y coordinates of the point represented by the public key are + in the range [0, p – 1] where p is the prime defining the finite field. + • y^2 = x^3 + ax + b where a and b are the coefficients of the curve equation. + The last extract is taken from: https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/ +*/ +bool Hacl_P384_validate_public_key(uint8_t *public_key); + +/** +Private key validation. + + The function returns `true` if a private key is valid and `false` otherwise. + + The argument `private_key` points to 32 bytes of valid memory, i.e., uint8_t[32]. + + The private key is valid: + • 0 < `private_key` < the order of the curve +*/ +bool Hacl_P384_validate_private_key(uint8_t *private_key); + +/******************************************************************************* + Parsing and Serializing public keys. + + A public key is a point (x, y) on the P-384 NIST curve. + + The point can be represented in the following three ways. + • raw = [ x || y ], 64 bytes + • uncompressed = [ 0x04 || x || y ], 65 bytes + • compressed = [ (0x02 for even `y` and 0x03 for odd `y`) || x ], 33 bytes + +*******************************************************************************/ + +/** +Convert a public key from uncompressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `pk` points to 65 bytes of valid memory, i.e., uint8_t[65]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +bool Hacl_P384_uncompressed_to_raw(uint8_t *pk, uint8_t *pk_raw); + +/** +Convert a public key from compressed to its raw form. + + The function returns `true` for successful conversion of a public key and `false` otherwise. + + The outparam `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + The argument `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + + The function also checks whether (x, y) is a valid point. +*/ +bool Hacl_P384_compressed_to_raw(uint8_t *pk, uint8_t *pk_raw); + +/** +Convert a public key from raw to its uncompressed form. + + The outparam `pk` points to 65 bytes of valid memory, i.e., uint8_t[65]. + The argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +void Hacl_P384_raw_to_uncompressed(uint8_t *pk_raw, uint8_t *pk); + +/** +Convert a public key from raw to its compressed form. + + The outparam `pk` points to 33 bytes of valid memory, i.e., uint8_t[33]. + The argument `pk_raw` points to 64 bytes of valid memory, i.e., uint8_t[64]. + + The function DOESN'T check whether (x, y) is a valid point. +*/ +void Hacl_P384_raw_to_compressed(uint8_t *pk_raw, uint8_t *pk); + +#define __Hacl_P384_H_DEFINED +#endif diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index 7c13f9f48412f..8b881148c7e19 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -20,6 +20,7 @@ #include "ecdsasignature.asn1.h" #include "hacl_p256.h" +#include "Hacl_P384.h" struct ecc_ctx { unsigned int curve_id; @@ -466,6 +467,31 @@ static int ecdsa_sign(struct akcipher_request *req) ecc_swap_digits(signature, sig_ctx.r, 4); ecc_swap_digits(signature + 32, sig_ctx.s, 4); ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); + } else if strncmp (ctx->curve->name, "nist_384", 8) { + u8 private_key[48]; + u8 signature[96]; + u8 nonce[32]; + ecc_swap_digits(ctx->d, (u64 *)private_key, 6); + ret = rfc6979_gen_k_hacl(ctx, rng, nonce); + if (ret) { + goto alloc_rng; + } + /* The signing function also checks that the scalars are valid. */ + /* XXX: Is the value blinded already or should this be done here? */ + do { + if (Hacl_P384_ecdsa_sign_p384_without_hash( + signature, req->dst_len, rawhash_k, + private_key, nonce)) { + ret = 0; + } else { + ret = -EAGAIN; + } + } while (ret == -EAGAIN); + /* Encode the signature. Note that this could be more efficient when + done directly and not first converting it to u64s. */ + ecc_swap_digits(signature, sig_ctx.r, 6); + ecc_swap_digits(signature + 48, sig_ctx.s, 6); + ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); } else { ecc_swap_digits((u64 *)rawhash_k, hash, ctx->curve->g.ndigits); do { From 997b3333e57f40c6d00f0adb196cb3ad0113da00 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Tue, 10 Sep 2024 17:52:46 +0200 Subject: [PATCH 41/53] fixes --- crypto/Makefile | 1 + crypto/ecdsa.c | 101 +++++++++++------- crypto/hacl_nist_curve.h | 93 ++++++++++++++++ crypto/{Hacl_P384.h => hacl_p384.h} | 1 + crypto/{Hacl_P384.c => p384-hacl-generated.c} | 2 +- 5 files changed, 156 insertions(+), 42 deletions(-) create mode 100644 crypto/hacl_nist_curve.h rename crypto/{Hacl_P384.h => hacl_p384.h} (99%) rename crypto/{Hacl_P384.c => p384-hacl-generated.c} (99%) diff --git a/crypto/Makefile b/crypto/Makefile index eebf81dceb1bc..5b678eb8ee5f5 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -64,6 +64,7 @@ $(obj)/ecprivkey.asn1.o: $(obj)/ecprivkey.asn1.c $(obj)/ecprivkey.asn1.h $(obj)/ecdsasignature.asn1.o: $(obj)/ecdsasignature.asn1.c $(obj)/ecdsasignature.asn1.h $(obj)/ecdsa.o: $(obj)/ecdsasignature.asn1.h $(obj)/ecprivkey.asn1.h ecdsa_generic-y += p256-hacl-generated.o +ecdsa_generic-y += p384-hacl-generated.o ecdsa_generic-y += ecdsa.o ecdsa_generic-y += ecprivkey.asn1.o ecdsa_generic-y += ecdsasignature.asn1.o diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index 8b881148c7e19..7738f76374a8a 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -20,7 +20,7 @@ #include "ecdsasignature.asn1.h" #include "hacl_p256.h" -#include "Hacl_P384.h" +#include "hacl_p384.h" struct ecc_ctx { unsigned int curve_id; @@ -45,7 +45,8 @@ struct ecdsa_signature_ctx { * Get the r and s components of a signature from the X509 certificate. */ static int ecdsa_get_signature_rs(u64 *dest, size_t hdrlen, unsigned char tag, - const void *value, size_t vlen, unsigned int ndigits) + const void *value, size_t vlen, + unsigned int ndigits) { size_t keylen = ndigits * sizeof(u64); ssize_t diff = vlen - keylen; @@ -103,7 +104,8 @@ int ecdsa_get_signature_s(void *context, size_t hdrlen, unsigned char tag, sig->curve->g.ndigits); } -static int _ecdsa_verify(struct ecc_ctx *ctx, const u64 *hash, const u64 *r, const u64 *s) +static int _ecdsa_verify(struct ecc_ctx *ctx, const u64 *hash, const u64 *r, + const u64 *s) { const struct ecc_curve *curve = ctx->curve; unsigned int ndigits = curve->g.ndigits; @@ -120,8 +122,8 @@ static int _ecdsa_verify(struct ecc_ctx *ctx, const u64 *hash, const u64 *r, con return -EBADMSG; /* hash is given */ - pr_devel("hash : %016llx %016llx ... %016llx\n", - hash[ndigits - 1], hash[ndigits - 2], hash[0]); + pr_devel("hash : %016llx %016llx ... %016llx\n", hash[ndigits - 1], + hash[ndigits - 2], hash[0]); /* s1 = (s^-1) mod n */ vli_mod_inv(s1, s, curve->n, ndigits); @@ -168,11 +170,12 @@ static int ecdsa_verify(struct akcipher_request *req) return -ENOMEM; sg_pcopy_to_buffer(req->src, - sg_nents_for_len(req->src, req->src_len + req->dst_len), - buffer, req->src_len + req->dst_len, 0); + sg_nents_for_len(req->src, + req->src_len + req->dst_len), + buffer, req->src_len + req->dst_len, 0); - ret = asn1_ber_decoder(&ecdsasignature_decoder, &sig_ctx, - buffer, req->src_len); + ret = asn1_ber_decoder(&ecdsasignature_decoder, &sig_ctx, buffer, + req->src_len); if (ret < 0) goto error; @@ -191,11 +194,12 @@ static int ecdsa_verify(struct akcipher_request *req) u8 pk[64]; u8 r[32]; u8 s[32]; - ecc_swap_digits(ctx->x, (u64*)pk, 4); - ecc_swap_digits(ctx->y, (u64*)(pk + 32), 4); - ecc_swap_digits(sig_ctx.r, (u64*)r, ctx->curve->g.ndigits); - ecc_swap_digits(sig_ctx.s, (u64*)s, ctx->curve->g.ndigits); - if (Hacl_P256_ecdsa_verif_without_hash(req->dst_len, rawhash, pk, r, s)) { + ecc_swap_digits(ctx->x, (u64 *)pk, 4); + ecc_swap_digits(ctx->y, (u64 *)(pk + 32), 4); + ecc_swap_digits(sig_ctx.r, (u64 *)r, ctx->curve->g.ndigits); + ecc_swap_digits(sig_ctx.s, (u64 *)s, ctx->curve->g.ndigits); + if (Hacl_P256_ecdsa_verif_without_hash(req->dst_len, rawhash, + pk, r, s)) { ret = 0; } else { ret = -EKEYREJECTED; @@ -256,7 +260,7 @@ static struct crypto_rng *rfc6979_alloc_rng(struct ecc_ctx *ctx, { u64 seed[2 * ECC_MAX_DIGITS]; unsigned int ndigits = ctx->curve->g.ndigits; - struct drbg_string entropy, pers = {0}; + struct drbg_string entropy, pers = { 0 }; struct drbg_test_data seed_data; const char *alg; struct crypto_rng *rng; @@ -282,7 +286,8 @@ static struct crypto_rng *rfc6979_alloc_rng(struct ecc_ctx *ctx, ecc_swap_digits(ctx->d, seed, ndigits); memcpy(seed + ndigits, rawhash, ndigits << ECC_DIGITS_TO_BYTES_SHIFT); - drbg_string_fill(&entropy, (u8 *)seed, (ndigits * 2) << ECC_DIGITS_TO_BYTES_SHIFT); + drbg_string_fill(&entropy, (u8 *)seed, + (ndigits * 2) << ECC_DIGITS_TO_BYTES_SHIFT); seed_data.testentropy = &entropy; err = crypto_drbg_reset_test(rng, &pers, &seed_data); if (err) { @@ -300,7 +305,8 @@ static int rfc6979_gen_k(struct ecc_ctx *ctx, struct crypto_rng *rng, u64 *k) int ret; do { - ret = crypto_rng_get_bytes(rng, K, ndigits << ECC_DIGITS_TO_BYTES_SHIFT); + ret = crypto_rng_get_bytes( + rng, K, ndigits << ECC_DIGITS_TO_BYTES_SHIFT); if (ret) return ret; @@ -311,13 +317,15 @@ static int rfc6979_gen_k(struct ecc_ctx *ctx, struct crypto_rng *rng, u64 *k) return 0; } -static int rfc6979_gen_k_hacl(struct ecc_ctx *ctx, struct crypto_rng *rng, u8 *k) +static int rfc6979_gen_k_hacl(struct ecc_ctx *ctx, struct crypto_rng *rng, + u8 *k) { unsigned int ndigits = ctx->curve->g.ndigits; int ret; do { - ret = crypto_rng_get_bytes(rng, k, ndigits << ECC_DIGITS_TO_BYTES_SHIFT); + ret = crypto_rng_get_bytes( + rng, k, ndigits << ECC_DIGITS_TO_BYTES_SHIFT); if (ret) return ret; @@ -362,7 +370,8 @@ static int asn1_encode_signature_sg(struct akcipher_request *req, nents = sg_nents_for_len(req->dst, needed); if (nents == 1) { - sg_miter_start(&miter, req->dst, nents, SG_MITER_ATOMIC | SG_MITER_TO_SG); + sg_miter_start(&miter, req->dst, nents, + SG_MITER_ATOMIC | SG_MITER_TO_SG); sg_miter_next(&miter); buf = miter.addr; } else { @@ -374,8 +383,9 @@ static int asn1_encode_signature_sg(struct akcipher_request *req, /* we will begin from the end */ ecc_swap_digits(sig_ctx->s, (u64 *)scratch, ndigits); p = buf + needed - BITS_TO_BYTES(s_bits); - memcpy(p, scratch + - (ndigits << ECC_DIGITS_TO_BYTES_SHIFT) - BITS_TO_BYTES(s_bits), + memcpy(p, + scratch + (ndigits << ECC_DIGITS_TO_BYTES_SHIFT) - + BITS_TO_BYTES(s_bits), BITS_TO_BYTES(s_bits)); if (s_bits % 8 == 0) { p--; @@ -383,12 +393,14 @@ static int asn1_encode_signature_sg(struct akcipher_request *req, } p -= 2; p[0] = ASN1_INT; - p[1] = (s_bits % 8 == 0) ? BITS_TO_BYTES(s_bits) + 1 : BITS_TO_BYTES(s_bits); + p[1] = (s_bits % 8 == 0) ? BITS_TO_BYTES(s_bits) + 1 : + BITS_TO_BYTES(s_bits); ecc_swap_digits(sig_ctx->r, (u64 *)scratch, ndigits); p -= BITS_TO_BYTES(r_bits); - memcpy(p, scratch + - (ndigits << ECC_DIGITS_TO_BYTES_SHIFT) - BITS_TO_BYTES(r_bits), + memcpy(p, + scratch + (ndigits << ECC_DIGITS_TO_BYTES_SHIFT) - + BITS_TO_BYTES(r_bits), BITS_TO_BYTES(r_bits)); if (r_bits % 8 == 0) { p--; @@ -396,7 +408,8 @@ static int asn1_encode_signature_sg(struct akcipher_request *req, } p -= 2; p[0] = ASN1_INT; - p[1] = (r_bits % 8 == 0) ? BITS_TO_BYTES(r_bits) + 1 : BITS_TO_BYTES(r_bits); + p[1] = (r_bits % 8 == 0) ? BITS_TO_BYTES(r_bits) + 1 : + BITS_TO_BYTES(r_bits); buf[0] = ASN1_CONS_BIT | ASN1_SEQ; buf[1] = (needed - 2) & 0xff; @@ -431,11 +444,13 @@ static int ecdsa_sign(struct akcipher_request *req) if (diff >= 0) { if (diff) memset(rawhash_k, 0, diff); - sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len), + sg_copy_to_buffer(req->src, + sg_nents_for_len(req->src, req->src_len), &rawhash_k[diff], req->src_len); } else if (diff < 0) { /* given hash is longer, we take the left-most bytes */ - sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len), + sg_copy_to_buffer(req->src, + sg_nents_for_len(req->src, req->src_len), rawhash_k, req->src_len); } @@ -455,8 +470,9 @@ static int ecdsa_sign(struct akcipher_request *req) /* The signing function also checks that the scalars are valid. */ /* XXX: Is the value blinded already or should this be done here? */ do { - if (Hacl_P256_ecdsa_sign_p256_without_hash(signature, req->dst_len, - rawhash_k, private_key, nonce)) { + if (Hacl_P256_ecdsa_sign_p256_without_hash( + signature, req->dst_len, rawhash_k, + private_key, nonce)) { ret = 0; } else { ret = -EAGAIN; @@ -467,7 +483,7 @@ static int ecdsa_sign(struct akcipher_request *req) ecc_swap_digits(signature, sig_ctx.r, 4); ecc_swap_digits(signature + 32, sig_ctx.s, 4); ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); - } else if strncmp (ctx->curve->name, "nist_384", 8) { + } else if (strncmp(ctx->curve->name, "nist_384", 8)) { u8 private_key[48]; u8 signature[96]; u8 nonce[32]; @@ -499,7 +515,8 @@ static int ecdsa_sign(struct akcipher_request *req) if (ret) goto alloc_rng; - ret = _ecdsa_sign(ctx, hash, (u64 *)rawhash_k, &sig_ctx); + ret = _ecdsa_sign(ctx, hash, (u64 *)rawhash_k, + &sig_ctx); } while (ret == -EAGAIN); memzero_explicit(rawhash_k, sizeof(rawhash_k)); @@ -521,7 +538,6 @@ static int ecdsa_ecc_ctx_init(struct ecc_ctx *ctx, unsigned int curve_id) return 0; } - static void ecdsa_ecc_ctx_deinit(struct ecc_ctx *ctx) { ctx->key_set = false; @@ -537,8 +553,8 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx) ecdsa_ecc_ctx_deinit(ctx); ret = ecdsa_ecc_ctx_init(ctx, curve_id); if (ret == 0) - ctx->pub_key = ECC_POINT_INIT(ctx->x, ctx->y, - ctx->curve->g.ndigits); + ctx->pub_key = + ECC_POINT_INIT(ctx->x, ctx->y, ctx->curve->g.ndigits); return ret; } @@ -547,7 +563,8 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx) * certificate. The key data contain the concatenated X and Y coordinates of * the public key. */ -static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) +static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, + unsigned int keylen) { struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); const unsigned char *d = key; @@ -616,7 +633,8 @@ int ecc_get_priv_key(void *context, size_t hdrlen, unsigned char tag, ecc_swap_digits((u64 *)priv, ctx->d, ctx->curve->g.ndigits); memzero_explicit(priv, sizeof(priv)); - return ecc_is_key_valid(ctx->curve_id, ctx->curve->g.ndigits, ctx->d, dlen); + return ecc_is_key_valid(ctx->curve_id, ctx->curve->g.ndigits, ctx->d, + dlen); } int ecc_get_priv_params(void *context, size_t hdrlen, unsigned char tag, @@ -671,9 +689,9 @@ static int ecdsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, ctx->key_set = ret == 0; ctx->is_private = true; - - return ret; - } + + return ret; +} static void ecdsa_exit_tfm(struct crypto_akcipher *tfm) { @@ -698,7 +716,8 @@ static unsigned int ecdsa_max_size(struct crypto_akcipher *tfm) * integer length (max 49 for 384 bit curve) + 1 zero byte (if r * or s has leftmost bit set) + sizeof(r or s) */ - return 2 + 2 * (3 + (ctx->curve->g.ndigits << ECC_DIGITS_TO_BYTES_SHIFT)); + return 2 + 2 * (3 + (ctx->curve->g.ndigits + << ECC_DIGITS_TO_BYTES_SHIFT)); } return ctx->curve->g.ndigits << ECC_DIGITS_TO_BYTES_SHIFT; diff --git a/crypto/hacl_nist_curve.h b/crypto/hacl_nist_curve.h new file mode 100644 index 0000000000000..968f479fbe64c --- /dev/null +++ b/crypto/hacl_nist_curve.h @@ -0,0 +1,93 @@ +/* MIT License + * + * Copyright (c) 2024 Cryspen + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "hacl_lib.h" + +#ifndef __Hacl_NIST_CURVE_H +#define __Hacl_NIST_CURVE_H + +static inline uint64_t Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, + uint64_t *a, + uint64_t *b, + uint64_t *res) +{ + uint64_t c = (uint64_t)0U; + for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) { + uint64_t t1 = a[(uint32_t)4U * i]; + uint64_t t20 = b[(uint32_t)4U * i]; + uint64_t *res_i0 = res + (uint32_t)4U * i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0); + uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; + uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1); + uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; + uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2); + uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; + uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i); + } + for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) { + uint64_t t1 = a[i]; + uint64_t t2 = b[i]; + uint64_t *res_i = res + i; + c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i); + } + return c; +} + +static inline uint64_t Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, + uint64_t *b, uint32_t i, + uint32_t l) +{ + uint32_t i1 = i / (uint32_t)64U; + uint32_t j = i % (uint32_t)64U; + uint64_t p1 = b[i1] >> j; + uint64_t ite; + if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) { + ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)64U - j); + } else { + ite = p1; + } + return ite & (((uint64_t)1U << l) - (uint64_t)1U); +} + +static inline uint64_t Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, + uint64_t b, + uint64_t c_in, + uint64_t *out) +{ + uint64_t out0 = out[0U]; + FStar_UInt128_uint128 res = FStar_UInt128_add( + FStar_UInt128_add(FStar_UInt128_mul_wide(a, b), + FStar_UInt128_uint64_to_uint128(c_in)), + FStar_UInt128_uint64_to_uint128(out0)); + out[0U] = FStar_UInt128_uint128_to_uint64(res); + return FStar_UInt128_uint128_to_uint64( + FStar_UInt128_shift_right(res, (uint32_t)64U)); +} + +#endif diff --git a/crypto/Hacl_P384.h b/crypto/hacl_p384.h similarity index 99% rename from crypto/Hacl_P384.h rename to crypto/hacl_p384.h index ae83af233b44a..46bea5b481644 100644 --- a/crypto/Hacl_P384.h +++ b/crypto/hacl_p384.h @@ -27,6 +27,7 @@ #define __Hacl_P384_H #include "hacl_lib.h" +#include "hacl_nist_curve.h" /******************************************************************************* diff --git a/crypto/Hacl_P384.c b/crypto/p384-hacl-generated.c similarity index 99% rename from crypto/Hacl_P384.c rename to crypto/p384-hacl-generated.c index 2181366e9e272..4fbce9a84bc01 100644 --- a/crypto/Hacl_P384.c +++ b/crypto/p384-hacl-generated.c @@ -22,7 +22,7 @@ * SOFTWARE. */ -#include "Hacl_P384.h" +#include "hacl_p384.h" static inline uint64_t bn_is_eq_mask(uint64_t *x, uint64_t *y) { From 33d4e1dbca720b7a6a92fa95aed4aa7b05034734 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 11 Sep 2024 16:07:56 +0200 Subject: [PATCH 42/53] it's noisy (debug output wise) but it works --- crypto/asymmetric_keys/public_key.c | 26 +++++++++--- crypto/asymmetric_keys/signature.c | 3 ++ crypto/ecdsa.c | 3 ++ crypto/hacl_p256.h | 65 +---------------------------- security/keys/key.c | 4 +- security/keys/keyctl_pkey.c | 13 ++++++ zeta/ecdsa_bench/ecdsa.go | 8 +++- zeta/ecdsa_bench/ecdsa_test.go | 25 ++++++++++- 8 files changed, 72 insertions(+), 75 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 773e159dbbcb8..0c95fa1f9d3ea 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -274,6 +274,7 @@ static int software_key_query(const struct kernel_pkey_params *params, static int software_key_eds_op(struct kernel_pkey_params *params, const void *in, void *out) { + printk("entering software_key_eds_op\n"); const struct public_key *pkey = params->key->payload.data[asym_crypto]; char alg_name[CRYPTO_MAX_ALG_NAME]; struct crypto_akcipher *tfm; @@ -288,6 +289,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params, ret = software_key_determine_akcipher(pkey, params->encoding, params->hash_algo, alg_name, &issig, params->op); + printk(" software_key_determine_akcipher returned %i\n", ret); if (ret < 0) return ret; @@ -302,6 +304,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params, ptr = pkey_pack_u32(ptr, pkey->paramlen); memcpy(ptr, pkey->params, pkey->paramlen); + printk(" issig: %i\n", issig); if (issig) { sig = crypto_alloc_sig(alg_name, 0, 0); if (IS_ERR(sig)) { @@ -309,14 +312,18 @@ static int software_key_eds_op(struct kernel_pkey_params *params, goto error_free_key; } - if (pkey->key_is_private) + if (pkey->key_is_private) { ret = crypto_sig_set_privkey(sig, key, pkey->keylen); - else + printk(" crypto_sig_set_privkey returned %i\n", ret); + } else { ret = crypto_sig_set_pubkey(sig, key, pkey->keylen); + printk(" crypto_sig_set_pubkey returned %i\n", ret); + } if (ret) goto error_free_tfm; ksz = crypto_sig_maxsize(sig); + printk(" crypto_sig_maxsize returned %i\n", ksz); } else { tfm = crypto_alloc_akcipher(alg_name, 0, 0); if (IS_ERR(tfm)) { @@ -324,14 +331,20 @@ static int software_key_eds_op(struct kernel_pkey_params *params, goto error_free_key; } - if (pkey->key_is_private) - ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen); - else - ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen); + if (pkey->key_is_private) { + ret = crypto_akcipher_set_priv_key(tfm, key, + pkey->keylen); + printk(" crypto_sig_set_privkey returned %i\n", ret); + } else { + ret = crypto_akcipher_set_pub_key(tfm, key, + pkey->keylen); + printk(" crypto_sig_set_pubkey returned %i\n", ret); + } if (ret) goto error_free_tfm; ksz = crypto_akcipher_maxsize(tfm); + printk(" crypto_sig_maxsize returned %i\n", ksz); } ret = -EINVAL; @@ -355,6 +368,7 @@ static int software_key_eds_op(struct kernel_pkey_params *params, break; ret = crypto_sig_sign(sig, in, params->in_len, out, params->out_len); + printk(" crypto_sig_sign returned %i\n", ret); break; default: BUG(); diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c index 2deff81f8af50..f3f8a863e19f5 100644 --- a/crypto/asymmetric_keys/signature.c +++ b/crypto/asymmetric_keys/signature.c @@ -42,12 +42,14 @@ EXPORT_SYMBOL_GPL(public_key_signature_free); int query_asymmetric_key(const struct kernel_pkey_params *params, struct kernel_pkey_query *info) { + printk("entering query_asymmetric_key\n"); const struct asymmetric_key_subtype *subtype; struct key *key = params->key; int ret; pr_devel("==>%s()\n", __func__); + printk(" checking if key type is asymmetric\n"); if (key->type != &key_type_asymmetric) return -EINVAL; subtype = asymmetric_key_subtype(key); @@ -58,6 +60,7 @@ int query_asymmetric_key(const struct kernel_pkey_params *params, return -ENOTSUPP; ret = subtype->query(params, info); + printk(" subtype->query returned %i\n", ret); pr_devel("<==%s() = %d\n", __func__, ret); return ret; diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index 7738f76374a8a..d6b2d33b06d43 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -458,6 +458,9 @@ static int ecdsa_sign(struct akcipher_request *req) if (IS_ERR(rng)) return PTR_ERR(rng); + printk("in the signing function, before the branch. curve name: %s\n", + ctx->curve->name); + if (strncmp(ctx->curve->name, "nist_256", 8) == 0) { u8 private_key[32]; u8 signature[64]; diff --git a/crypto/hacl_p256.h b/crypto/hacl_p256.h index 33a21ac06c8fa..566faabf42d5d 100644 --- a/crypto/hacl_p256.h +++ b/crypto/hacl_p256.h @@ -8,6 +8,7 @@ #define CRYPTO_HACL_P256_H_ #include "hacl_lib.h" +#include "hacl_nist_curve.h" /******************************************************************************* @@ -651,68 +652,4 @@ Hacl_P256_PrecompTable_precomp_basepoint_table_w5[384U] = (uint64_t)13580036169519833644U }; -static inline uint64_t -Hacl_Bignum_Addition_bn_add_eq_len_u64(uint32_t aLen, uint64_t *a, uint64_t *b, uint64_t *res) -{ - uint64_t c = (uint64_t)0U; - for (uint32_t i = (uint32_t)0U; i < aLen / (uint32_t)4U; i++) - { - uint64_t t1 = a[(uint32_t)4U * i]; - uint64_t t20 = b[(uint32_t)4U * i]; - uint64_t *res_i0 = res + (uint32_t)4U * i; - c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t20, res_i0); - uint64_t t10 = a[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t t21 = b[(uint32_t)4U * i + (uint32_t)1U]; - uint64_t *res_i1 = res + (uint32_t)4U * i + (uint32_t)1U; - c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t10, t21, res_i1); - uint64_t t11 = a[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t t22 = b[(uint32_t)4U * i + (uint32_t)2U]; - uint64_t *res_i2 = res + (uint32_t)4U * i + (uint32_t)2U; - c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t11, t22, res_i2); - uint64_t t12 = a[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t t2 = b[(uint32_t)4U * i + (uint32_t)3U]; - uint64_t *res_i = res + (uint32_t)4U * i + (uint32_t)3U; - c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i); - } - for (uint32_t i = aLen / (uint32_t)4U * (uint32_t)4U; i < aLen; i++) - { - uint64_t t1 = a[i]; - uint64_t t2 = b[i]; - uint64_t *res_i = res + i; - c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i); - } - return c; -} - -static inline uint64_t -Hacl_Bignum_Lib_bn_get_bits_u64(uint32_t len, uint64_t *b, uint32_t i, uint32_t l) -{ - uint32_t i1 = i / (uint32_t)64U; - uint32_t j = i % (uint32_t)64U; - uint64_t p1 = b[i1] >> j; - uint64_t ite; - if (i1 + (uint32_t)1U < len && (uint32_t)0U < j) - { - ite = p1 | b[i1 + (uint32_t)1U] << ((uint32_t)64U - j); - } - else - { - ite = p1; - } - return ite & (((uint64_t)1U << l) - (uint64_t)1U); -} - -static inline uint64_t -Hacl_Bignum_Base_mul_wide_add2_u64(uint64_t a, uint64_t b, uint64_t c_in, uint64_t *out) -{ - uint64_t out0 = out[0U]; - FStar_UInt128_uint128 - res = - FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(a, b), - FStar_UInt128_uint64_to_uint128(c_in)), - FStar_UInt128_uint64_to_uint128(out0)); - out[0U] = FStar_UInt128_uint128_to_uint64(res); - return FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(res, (uint32_t)64U)); -} - #endif // CRYPTO_HACL_P256_H_ diff --git a/security/keys/key.c b/security/keys/key.c index 5c0c7df833f8a..ce9290b711c33 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -38,8 +38,8 @@ DEFINE_MUTEX(key_construction_mutex); #ifdef KEY_DEBUGGING void __key_check(const struct key *key) { - printk("__key_check: key %p {%08x} should be {%08x}\n", - key, key->magic, KEY_DEBUG_MAGIC); + printk("__key_check: key %p {%08x} should be {%08x}\n", key, key->magic, + KEY_DEBUG_MAGIC); BUG(); } #endif diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 97bc27bbf0797..2528e7f13da79 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -115,6 +115,7 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par int op, struct kernel_pkey_params *params) { + printk("entering keyctl_pkey_params_get_2\n"); struct keyctl_pkey_params uparams; struct kernel_pkey_query info; int ret; @@ -126,13 +127,20 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par return -EFAULT; ret = keyctl_pkey_params_get(uparams.key_id, _info, params); + printk(" params_get() returned %i\n", ret); if (ret < 0) return ret; ret = params->key->type->asym_query(params, &info); + printk(" asym_query() returned %i\n", ret); if (ret < 0) return ret; + printk(" uparams.in_len=%i\n", uparams.in_len); + printk(" uparams.out_len=%i\n", uparams.out_len); + printk(" info.max_data_size=%i\n", info.max_data_size); + printk(" info.max_sig_size=%i\n", info.max_sig_size); + switch (op) { case KEYCTL_PKEY_ENCRYPT: if (uparams.in_len > info.max_dec_size || @@ -159,6 +167,7 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par } params->in_len = uparams.in_len; + printk(" success\n"); params->out_len = uparams.out_len; /* Note: same as in2_len */ return 0; } @@ -219,10 +228,14 @@ long keyctl_pkey_e_d_s(int op, void *in, *out; long ret; + printk("entering keyctl_pkey_e_d_s\n"); ret = keyctl_pkey_params_get_2(_params, _info, op, ¶ms); if (ret < 0) goto error_params; + printk(" parsed params: info=%s params->out_len=%d \n", params.info, + params.out_len); + ret = -EOPNOTSUPP; if (!params.key->type->asym_eds_op) goto error_params; diff --git a/zeta/ecdsa_bench/ecdsa.go b/zeta/ecdsa_bench/ecdsa.go index 42d1ef0770f40..e1c383faf292e 100644 --- a/zeta/ecdsa_bench/ecdsa.go +++ b/zeta/ecdsa_bench/ecdsa.go @@ -7,6 +7,7 @@ import ( "crypto/rand" "crypto/sha256" "crypto/x509" + "fmt" "log" "runtime" "syscall" @@ -99,13 +100,18 @@ func (key KeySerial) Verify(info, digest, signature []byte) error { return errno } +var counter = 0 + func loadKeyToKernel(key crypto.PrivateKey) KeySerial { pkcs8, err := x509.MarshalPKCS8PrivateKey(key) if err != nil { log.Fatalf("failed to serialize the private key to PKCS8 blob: %v", err) } - serial, err := KEY_SPEC_PROCESS_KEYRING.LoadAsym("test ecdsa key", pkcs8) + name := fmt.Sprintf("test ecdsa key %v", counter) + counter += 1 + + serial, err := KEY_SPEC_PROCESS_KEYRING.LoadAsym(name, pkcs8) if err != nil { log.Fatalf("failed to load the private key into the keyring: %v", err) } diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go index cca03f1ce8cb0..4fc305aca3bc1 100644 --- a/zeta/ecdsa_bench/ecdsa_test.go +++ b/zeta/ecdsa_bench/ecdsa_test.go @@ -13,7 +13,7 @@ import ( "testing" ) -var signInfo384 = []byte("enc=x962 hash=sha384\x00") +var signInfo384 = []byte("enc=x962 hash=sha256\x00") func kernelSetup256(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { var ( @@ -31,7 +31,7 @@ func kernelSetup384(tb testing.TB, priv *ecdsa.PrivateKey) (KeySerial, []byte, [ var ( msg = []byte("hello world") digest = sha512.Sum384(msg) - signature [256]byte + signature [104]byte ) keyInKernel := loadKeyToKernel(priv) @@ -70,6 +70,27 @@ func TestSign384InKernelVerifyInGo(t *testing.T) { } } +func TestSignAndVerify384InKernel(t *testing.T) { + runtime.LockOSThread() + + priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + if err != nil { + t.Fatalf("failed to generate private key: %v", err) + } + + keyInKernel, digest, signature := kernelSetup384(t, priv) + + n, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) + if err != nil { + t.Fatalf("failed to sign the digest: %v", err) + } + + err = keyInKernel.Verify(signInfo, digest[:], signature[:n]) + if err != nil { + t.Fatalf("failed to verify the signature: %v", err) + } +} + func TestSignInKernelVerifyInGo(t *testing.T) { runtime.LockOSThread() From 40584b985b3028bf9376bb6e6237ecfa4e523ce0 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 12 Sep 2024 16:48:41 +0200 Subject: [PATCH 43/53] add signing tool go library, tests and benchmarks --- zeta/signing_tool/ecdsa.go | 81 ++++++++++++ zeta/signing_tool/ecdsa_test.go | 210 ++++++++++++++++++++++++++++++ zeta/signing_tool/errors.go | 20 +++ zeta/signing_tool/go.sum | 9 ++ zeta/signing_tool/rsa.go | 42 ++++++ zeta/signing_tool/rsa_test.go | 118 +++++++++++++++++ zeta/signing_tool/signing_tool.go | 79 +++++++++++ zeta/signing_tool/syscalls.go | 88 +++++++++++++ 8 files changed, 647 insertions(+) create mode 100644 zeta/signing_tool/ecdsa.go create mode 100644 zeta/signing_tool/ecdsa_test.go create mode 100644 zeta/signing_tool/errors.go create mode 100644 zeta/signing_tool/go.sum create mode 100644 zeta/signing_tool/rsa.go create mode 100644 zeta/signing_tool/rsa_test.go create mode 100644 zeta/signing_tool/signing_tool.go create mode 100644 zeta/signing_tool/syscalls.go diff --git a/zeta/signing_tool/ecdsa.go b/zeta/signing_tool/ecdsa.go new file mode 100644 index 0000000000000..a5288c9ab4983 --- /dev/null +++ b/zeta/signing_tool/ecdsa.go @@ -0,0 +1,81 @@ +package signing_tool + +import "fmt" + +const ( + ecdsaP256SigLen = 72 + ecdsaP384SigLen = 104 + ecdsaMaxSigLen = ecdsaP384SigLen + + ecdsaP256DigestLen = 32 + ecdsaP384DigestLen = 48 + + ecdsaInfo = "enc=x962 hash=sha256\x00" +) + +type EcdsaKey struct { + serial KeySerial + keySize int +} + +func (key EcdsaKey) MakeSignatureBuffer() []byte { + if key.keySize == 256 { + return make([]byte, ecdsaP256SigLen) + } else if key.keySize == 384 { + return make([]byte, ecdsaP384SigLen) + } else { + panic(fmt.Sprintf("unexpected ecdsa key size %v", key.keySize)) + } +} + +func (key EcdsaKey) SignPrehashed(digest, signature []byte) ([]byte, error) { + var ( + expectedDigestLen int + expectedSignatureLen int + ) + + if key.keySize == 384 { + expectedDigestLen = ecdsaP384DigestLen + expectedSignatureLen = ecdsaP384SigLen + } else if key.keySize == 256 { + expectedSignatureLen = ecdsaP256SigLen + expectedDigestLen = ecdsaP256DigestLen + } + + if err := checkSize(expectedSignatureLen, len(signature)); err != nil { + return nil, fmt.Errorf("invalid signature buffer length: %w", err) + } + + if err := checkSize(expectedDigestLen, len(digest)); err != nil { + return nil, fmt.Errorf("invalid digest length: %w", err) + } + + err := syscall_keyctl_pkey_sign(key.serial, []byte(ecdsaInfo), digest, signature) + if err != nil { + return nil, fmt.Errorf("error in keyctl pkey_sign syscall: %w", err) + } + + n := uint64(signature[1]) + 2 + return signature[:n], nil +} + +func (key EcdsaKey) VerifyPrehashed(digest, signature []byte) error { + var expectedDigestLen int + + if key.keySize == 384 { + expectedDigestLen = ecdsaP384DigestLen + } else if key.keySize == 256 { + expectedDigestLen = ecdsaP256DigestLen + } + + if err := checkSize(expectedDigestLen, len(digest)); err != nil { + return fmt.Errorf("invalid digest length: %w", err) + } + + err := syscall_keyctl_pkey_verify(key.serial, []byte(ecdsaInfo), digest, signature) + if err != nil { + return fmt.Errorf("error in keyctl pkey_verify syscall: %w", err) + } + + return nil +} diff --git a/zeta/signing_tool/ecdsa_test.go b/zeta/signing_tool/ecdsa_test.go new file mode 100644 index 0000000000000..dae58e0a742f6 --- /dev/null +++ b/zeta/signing_tool/ecdsa_test.go @@ -0,0 +1,210 @@ +package signing_tool + +import ( + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "crypto/sha512" + "runtime" + "testing" + + "github.com/stretchr/testify/require" +) + +const testMessage = "This is the message to be signed" + +func testMessageHash256() []byte { + sum := sha256.Sum256([]byte(testMessage)) + return sum[:] +} + +func testMessageHash384() []byte { + sum := sha512.Sum384([]byte(testMessage)) + return sum[:] +} + +func generateEcdsaP256Key() (*ecdsa.PrivateKey, error) { + return ecdsa.GenerateKey(elliptic.P256(), rand.Reader) +} + +func generateEcdsaP384Key() (*ecdsa.PrivateKey, error) { + return ecdsa.GenerateKey(elliptic.P384(), rand.Reader) +} + +func generateAndLoadEcdsaP256PrivateKey(name string) (EcdsaKey, *ecdsa.PrivateKey, error) { + key, err := generateEcdsaP256Key() + if err != nil { + return EcdsaKey{}, nil, err + } + + kernelKey, err := ProcessKeyring().LoadEcdsaPrivateKey(name, key) + + return kernelKey, key, err +} + +func generateAndLoadEcdsaP384PrivateKey(name string) (EcdsaKey, *ecdsa.PrivateKey, error) { + key, err := generateEcdsaP384Key() + if err != nil { + return EcdsaKey{}, nil, err + } + + kernelKey, err := ProcessKeyring().LoadEcdsaPrivateKey(name, key) + return kernelKey, key, err +} + +func kernelSetupEcdsa256(tb testing.TB, name string) (EcdsaKey, *ecdsa.PrivateKey, []byte, []byte) { + k, kk, err := generateAndLoadEcdsaP256PrivateKey(name) + require.NoError(tb, err) + return k, kk, testMessageHash256(), k.MakeSignatureBuffer() +} + +func kernelSetupEcdsa384(tb testing.TB, name string) (EcdsaKey, *ecdsa.PrivateKey, []byte, []byte) { + k, kk, err := generateAndLoadEcdsaP384PrivateKey(name) + require.NoError(tb, err) + return k, kk, testMessageHash384(), k.MakeSignatureBuffer() +} + +func TestEcdsa256(t *testing.T) { + k, kk, err := generateAndLoadEcdsaP256PrivateKey("ecdsa-p256-testkey") + require.NoError(t, err) + + msgDigest := testMessageHash256() + + kernelSig := k.MakeSignatureBuffer() + kernelSig, err = k.SignPrehashed(msgDigest, kernelSig) + require.NoError(t, err) + goSig, err := kk.Sign(rand.Reader, msgDigest, crypto.SHA256) + require.NoError(t, err) + + err = k.VerifyPrehashed(msgDigest, kernelSig) + require.NoError(t, err) + err = k.VerifyPrehashed(msgDigest, goSig) + require.NoError(t, err) + + require.True(t, ecdsa.VerifyASN1(&kk.PublicKey, msgDigest, kernelSig)) + require.True(t, ecdsa.VerifyASN1(&kk.PublicKey, msgDigest, goSig)) +} + +func TestEcdsa384(t *testing.T) { + k, kk, err := generateAndLoadEcdsaP384PrivateKey("ecdsa-p384-testkey") + require.NoError(t, err) + + msgDigest := testMessageHash384() + + kernelSig := k.MakeSignatureBuffer() + kernelSig, err = k.SignPrehashed(msgDigest, kernelSig) + require.NoError(t, err) + goSig, err := kk.Sign(rand.Reader, msgDigest, crypto.SHA384) + require.NoError(t, err) + + err = k.VerifyPrehashed(msgDigest, kernelSig) + require.NoError(t, err) + err = k.VerifyPrehashed(msgDigest, goSig) + require.NoError(t, err) + + require.True(t, ecdsa.VerifyASN1(&kk.PublicKey, msgDigest, kernelSig)) + require.True(t, ecdsa.VerifyASN1(&kk.PublicKey, msgDigest, goSig)) +} + +func BenchmarkECDSAP384KernelSign(b *testing.B) { + runtime.LockOSThread() + + keyInKernel, _, digest, signature := kernelSetupEcdsa384(b, "benchkey") + + b.ResetTimer() + for i := 0; i < b.N; i++ { + _, err := keyInKernel.SignPrehashed(digest, signature) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } +} + +func BenchmarkECDSAP384KernelVerify(b *testing.B) { + runtime.LockOSThread() + + keyInKernel, _, digest, signature := kernelSetupEcdsa384(b, "benchkey") + + signature, err := keyInKernel.SignPrehashed(digest, signature) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + err := keyInKernel.VerifyPrehashed(digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to verify the signature: %v", err) + } + } +} + +func BenchmarkECDSAP256KernelSign(b *testing.B) { + runtime.LockOSThread() + + keyInKernel, _, digest, signature := kernelSetupEcdsa256(b, "benchkey") + + b.ResetTimer() + for i := 0; i < b.N; i++ { + _, err := keyInKernel.SignPrehashed(digest, signature) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } +} + +func BenchmarkECDSAP256KernelVerify(b *testing.B) { + runtime.LockOSThread() + + keyInKernel, _, digest, signature := kernelSetupEcdsa256(b, "benchkey") + + signature, err := keyInKernel.SignPrehashed(digest, signature) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + err := keyInKernel.VerifyPrehashed(digest, signature) + if err != nil { + b.Fatalf("failed to verify the signature: %v", err) + } + } +} + +func BenchmarkECDSAGo(b *testing.B) { + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + ) + + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + b.Fatalf("failed to generate private key: %v", err) + } + + signature, err := ecdsa.SignASN1(rand.Reader, priv, digest[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.Run("Sign", func(b *testing.B) { + for i := 0; i < b.N; i++ { + _, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } + }) + + b.Run("Verify", func(b *testing.B) { + for i := 0; i < b.N; i++ { + ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:]) + if !ok { + b.Fatalf("failed to verify the signature: %v", err) + } + } + }) +} diff --git a/zeta/signing_tool/errors.go b/zeta/signing_tool/errors.go new file mode 100644 index 0000000000000..c0d61f07187a2 --- /dev/null +++ b/zeta/signing_tool/errors.go @@ -0,0 +1,20 @@ +package signing_tool + +import "fmt" + +type InvalidSizeError struct { + Got int + Expected int +} + +func (err InvalidSizeError) Error() string { + return fmt.Sprintf("unexpected size, got %v, expected %v", err.Got, err.Expected) +} + +func checkSize(expected int, got int) error { + if got == expected { + return nil + } else { + return InvalidSizeError{Got: got, Expected: expected} + } +} diff --git a/zeta/signing_tool/go.sum b/zeta/signing_tool/go.sum new file mode 100644 index 0000000000000..e20fa14b0bb7b --- /dev/null +++ b/zeta/signing_tool/go.sum @@ -0,0 +1,9 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/zeta/signing_tool/rsa.go b/zeta/signing_tool/rsa.go new file mode 100644 index 0000000000000..df4e3c1e7fa0e --- /dev/null +++ b/zeta/signing_tool/rsa.go @@ -0,0 +1,42 @@ +package signing_tool + +import "fmt" + +const ( + rsaKeySizeBits = 2048 + rsaSigLen = rsaKeySizeBits / 8 + rsaDigestLen = 32 +) + +type RsaKey struct { + serial KeySerial +} + +func (key RsaKey) MakeSignatureBuffer() []byte { + return make([]byte, rsaSigLen) +} + +func (key RsaKey) SignRsaPrehashed(digest, signature []byte) ([]byte, error) { + if err := checkSize(rsaDigestLen, len(digest)); err != nil { + return nil, fmt.Errorf("invalid digest length: %w", err) + } + + if err := checkSize(rsaSigLen, len(signature)); err != nil { + return nil, fmt.Errorf("invalid signature buffer length: %w", err) + } + + err := key.serial.SignPrehashed([]byte(signInfoRsa), digest, signature) + if err != nil { + return nil, fmt.Errorf("error signing: %w", err) + } + + return signature, nil +} + +func (key RsaKey) VerifyRsaPrehashed(digest, signature []byte) error { + if err := checkSize(rsaDigestLen, len(digest)); err != nil { + return fmt.Errorf("invalid digest length: %w", err) + } + + return key.serial.VerifyPrehashed([]byte(signInfoRsa), digest, signature) +} diff --git a/zeta/signing_tool/rsa_test.go b/zeta/signing_tool/rsa_test.go new file mode 100644 index 0000000000000..6db92e370befa --- /dev/null +++ b/zeta/signing_tool/rsa_test.go @@ -0,0 +1,118 @@ +package signing_tool + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "testing" + + "github.com/stretchr/testify/require" +) + +func generateRsa2048Key() (*rsa.PrivateKey, error) { + return rsa.GenerateKey(rand.Reader, rsaKeySizeBits) +} + +func generateAndLoadRsaPrivateKey(name string) (RsaKey, *rsa.PrivateKey, error) { + key, err := generateRsa2048Key() + if err != nil { + return RsaKey{}, nil, err + } + + k, err := ProcessKeyring().LoadRsaPrivateKey(name, key) + + return k, key, err +} + +func kernelSetupRsa2048(tb testing.TB, name string) (RsaKey, *rsa.PrivateKey, []byte, []byte) { + k, kk, err := generateAndLoadRsaPrivateKey(name) + require.NoError(tb, err) + return k, kk, testMessageHash256(), k.MakeSignatureBuffer() +} + +func TestRsa(t *testing.T) { + k, kk, err := generateAndLoadRsaPrivateKey("rsa-2048-testkey") + require.NoError(t, err) + + msgDigest := testMessageHash256() + kernelSig := k.MakeSignatureBuffer() + + kernelSig, err = k.SignRsaPrehashed(msgDigest, kernelSig) + require.NoError(t, err) + + t.Logf("%x", kernelSig) + goSig, err := kk.Sign(rand.Reader, msgDigest, crypto.SHA256) + require.NoError(t, err) + + require.NoError(t, k.VerifyRsaPrehashed(msgDigest, kernelSig)) + require.NoError(t, k.VerifyRsaPrehashed(msgDigest, goSig)) + require.NoError(t, rsa.VerifyPKCS1v15(&kk.PublicKey, crypto.SHA256, msgDigest, kernelSig)) + require.NoError(t, rsa.VerifyPKCS1v15(&kk.PublicKey, crypto.SHA256, msgDigest, goSig)) +} + +func BenchmarkRSAKernelSign(b *testing.B) { + keyInKernel, _, digest, signature := kernelSetupRsa2048(b, "benchkey") + + b.ResetTimer() + for i := 0; i < b.N; i++ { + _, err := keyInKernel.SignRsaPrehashed(digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } +} + +func BenchmarkRSAKernelVerify(b *testing.B) { + keyInKernel, _, digest, signature := kernelSetupRsa2048(b, "benchkey") + + signature, err := keyInKernel.SignRsaPrehashed(digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + err := keyInKernel.VerifyRsaPrehashed(digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } +} + +func BenchmarkRSAGo(b *testing.B) { + const N = 2048 + + var ( + msg = []byte("hello world") + digest = sha256.Sum256(msg) + ) + + priv, err := rsa.GenerateKey(rand.Reader, N) + if err != nil { + b.Fatalf("failed to generate private key: %v", err) + } + + signature, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.Run("Sign", func(b *testing.B) { + for i := 0; i < b.N; i++ { + _, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } + }) + + b.Run("Verify", func(b *testing.B) { + for i := 0; i < b.N; i++ { + err := rsa.VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, digest[:], signature[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } + }) +} diff --git a/zeta/signing_tool/signing_tool.go b/zeta/signing_tool/signing_tool.go new file mode 100644 index 0000000000000..62522f8fedfa5 --- /dev/null +++ b/zeta/signing_tool/signing_tool.go @@ -0,0 +1,79 @@ +package signing_tool // import "github.com/cryspen/signing_tool" + +import ( + "crypto" + "crypto/ecdsa" + "crypto/rsa" + "crypto/x509" + "fmt" +) + +type ( + KeySerial int32 + Keyring int32 + KeyOps = uintptr +) + +// Turns a string that already are 0-terminated into a pointer to the first byte +// of the string, effectively making it a C String. +func toCString(str string) *byte { + return &[]byte(str)[0] +} + +// Return the key ring of the current process. +func ProcessKeyring() Keyring { + return -2 +} + +func (keyring Keyring) LoadRsaPrivateKey(name string, key *rsa.PrivateKey) (RsaKey, error) { + serial, err := keyring.LoadPrivateKey(name, key) + if err != nil { + return RsaKey{}, fmt.Errorf("error loading private key: %w", err) + } + + return RsaKey{serial}, nil +} + +func (keyring Keyring) LoadEcdsaPrivateKey(name string, key *ecdsa.PrivateKey) (EcdsaKey, error) { + keySize := key.Params().BitSize + serial, err := keyring.LoadPrivateKey(name, key) + if err != nil { + return EcdsaKey{}, fmt.Errorf("error loading private key: %w", err) + } + + ecdsaKey := EcdsaKey{serial, keySize} + + return ecdsaKey, nil +} + +func (keyring Keyring) LoadPrivateKey(name string, key crypto.PrivateKey) (KeySerial, error) { + pkcs8, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + return 0, fmt.Errorf("error PCKS8-encoding private key: %w", err) + } + + serial, err := syscall_add_key_asym(keyring, name, pkcs8) + if err != nil { + return 0, fmt.Errorf("error in add_key syscall: %w", err) + } + + return serial, nil +} + +func (key KeySerial) SignPrehashed(info, digest, signature []byte) error { + err := syscall_keyctl_pkey_sign(key, info, digest, signature) + if err != nil { + return fmt.Errorf("error in keyctl pkey_sign syscall: %w", err) + } + + return nil +} + +func (key KeySerial) VerifyPrehashed(info, digest, signature []byte) error { + err := syscall_keyctl_pkey_verify(key, info, digest, signature) + if err != nil { + return fmt.Errorf("error in keyctl pkey_verify syscall: %w", err) + } + + return nil +} diff --git a/zeta/signing_tool/syscalls.go b/zeta/signing_tool/syscalls.go new file mode 100644 index 0000000000000..57bbf04bf86cc --- /dev/null +++ b/zeta/signing_tool/syscalls.go @@ -0,0 +1,88 @@ +package signing_tool + +import ( + "syscall" + "unsafe" +) + +type keyOps = uintptr + +const ( + KEYCTL_PKEY_SIGN KeyOps = 27 + KEYCTL_PKEY_VERIFY KeyOps = 28 + + keyTypeAsym = "asymmetric\x00" + signInfoRsa = "enc=pkcs1 hash=sha256\x00" + signInfoEcdsa = "enc=x962 hash=sha256\x00" +) + +type pkeyParams struct { + key_id KeySerial + in_len uint32 + out_or_in2_len uint32 + __spare [7]uint32 +} + +func syscall_add_key_asym(keyring Keyring, desc string, payload []byte) (KeySerial, error) { + keyTypeAsym := []byte(keyTypeAsym) + cdesc := []byte(desc + "\x00") + + serial, _, errno := syscall.Syscall6( + syscall.SYS_ADD_KEY, + uintptr(unsafe.Pointer(&keyTypeAsym[0])), + uintptr(unsafe.Pointer(&cdesc[0])), + uintptr(unsafe.Pointer(&payload[0])), + uintptr(len(payload)), + uintptr(keyring), + uintptr(0)) + + if errno == 0 { + return KeySerial(serial), nil + } + + return KeySerial(serial), errno +} + +func syscall_keyctl_pkey_sign(key KeySerial, info, digest, signature []byte) error { + params := pkeyParams{ + key_id: key, + in_len: uint32(len(digest)), + out_or_in2_len: uint32(len(signature)), + } + + _, _, errno := syscall.Syscall6( + syscall.SYS_KEYCTL, KEYCTL_PKEY_SIGN, + uintptr(unsafe.Pointer(¶ms)), + uintptr(unsafe.Pointer(&info[0])), + uintptr(unsafe.Pointer(&digest[0])), + uintptr(unsafe.Pointer(&signature[0])), + uintptr(0), + ) + + if errno != 0 { + return errno + } + + return nil +} + +func syscall_keyctl_pkey_verify(key KeySerial, info, digest, signature []byte) error { + var params pkeyParams + params.key_id = key + params.in_len = uint32(len(digest)) + params.out_or_in2_len = uint32(len(signature)) + + _, _, errno := syscall.Syscall6( + syscall.SYS_KEYCTL, KEYCTL_PKEY_VERIFY, + uintptr(unsafe.Pointer(¶ms)), + uintptr(unsafe.Pointer(&info[0])), + uintptr(unsafe.Pointer(&digest[0])), + uintptr(unsafe.Pointer(&signature[0])), + uintptr(0), + ) + if errno == 0 { + return nil + } + + return errno +} From 7509a5b13259605e05a283178098e75235049075 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 12 Sep 2024 16:49:57 +0200 Subject: [PATCH 44/53] also build go signing tool and install into vm --- WORK/launch.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/WORK/launch.sh b/WORK/launch.sh index 20fbe827aa6f6..482cb6ec2a839 100755 --- a/WORK/launch.sh +++ b/WORK/launch.sh @@ -1,4 +1,7 @@ +#!/usr/bin/bash + set -e +set -x name="$1" @@ -25,12 +28,21 @@ go build -o ecdsa ecdsa.go go test -o ecdsa.test -c ecdsa*.go popd +pushd "$kerneldir/zeta/signing_tool/" +go build -o signing_tool +go test -o signing_tool.test -c +popd + +mkdir -p "$workdir/virtme-home/bin" + # prepare home bin dir pushd "$workdir/virtme-home/bin/" -rm -- * +rm -- * || true # it's okay if there isn't anything ln -s "$kerneldir/zeta/rsa_bench/rsa" ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa" ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa.test" +ln -s "$kerneldir/zeta/signing_tool/signing_tool" +ln -s "$kerneldir/zeta/signing_tool/signing_tool.test" popd mkdir -p "WORK/$name" From 61625ebde61b30d901c6d6dd7c3e2fb3b81ed607 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 12 Sep 2024 17:01:19 +0200 Subject: [PATCH 45/53] remove some prints --- crypto/asymmetric_keys/public_key.c | 10 ---------- crypto/asymmetric_keys/signature.c | 3 --- security/keys/keyctl_pkey.c | 13 ------------- 3 files changed, 26 deletions(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 0c95fa1f9d3ea..69851a51296e0 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -274,7 +274,6 @@ static int software_key_query(const struct kernel_pkey_params *params, static int software_key_eds_op(struct kernel_pkey_params *params, const void *in, void *out) { - printk("entering software_key_eds_op\n"); const struct public_key *pkey = params->key->payload.data[asym_crypto]; char alg_name[CRYPTO_MAX_ALG_NAME]; struct crypto_akcipher *tfm; @@ -289,7 +288,6 @@ static int software_key_eds_op(struct kernel_pkey_params *params, ret = software_key_determine_akcipher(pkey, params->encoding, params->hash_algo, alg_name, &issig, params->op); - printk(" software_key_determine_akcipher returned %i\n", ret); if (ret < 0) return ret; @@ -304,7 +302,6 @@ static int software_key_eds_op(struct kernel_pkey_params *params, ptr = pkey_pack_u32(ptr, pkey->paramlen); memcpy(ptr, pkey->params, pkey->paramlen); - printk(" issig: %i\n", issig); if (issig) { sig = crypto_alloc_sig(alg_name, 0, 0); if (IS_ERR(sig)) { @@ -314,16 +311,13 @@ static int software_key_eds_op(struct kernel_pkey_params *params, if (pkey->key_is_private) { ret = crypto_sig_set_privkey(sig, key, pkey->keylen); - printk(" crypto_sig_set_privkey returned %i\n", ret); } else { ret = crypto_sig_set_pubkey(sig, key, pkey->keylen); - printk(" crypto_sig_set_pubkey returned %i\n", ret); } if (ret) goto error_free_tfm; ksz = crypto_sig_maxsize(sig); - printk(" crypto_sig_maxsize returned %i\n", ksz); } else { tfm = crypto_alloc_akcipher(alg_name, 0, 0); if (IS_ERR(tfm)) { @@ -334,17 +328,14 @@ static int software_key_eds_op(struct kernel_pkey_params *params, if (pkey->key_is_private) { ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen); - printk(" crypto_sig_set_privkey returned %i\n", ret); } else { ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen); - printk(" crypto_sig_set_pubkey returned %i\n", ret); } if (ret) goto error_free_tfm; ksz = crypto_akcipher_maxsize(tfm); - printk(" crypto_sig_maxsize returned %i\n", ksz); } ret = -EINVAL; @@ -368,7 +359,6 @@ static int software_key_eds_op(struct kernel_pkey_params *params, break; ret = crypto_sig_sign(sig, in, params->in_len, out, params->out_len); - printk(" crypto_sig_sign returned %i\n", ret); break; default: BUG(); diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c index f3f8a863e19f5..2deff81f8af50 100644 --- a/crypto/asymmetric_keys/signature.c +++ b/crypto/asymmetric_keys/signature.c @@ -42,14 +42,12 @@ EXPORT_SYMBOL_GPL(public_key_signature_free); int query_asymmetric_key(const struct kernel_pkey_params *params, struct kernel_pkey_query *info) { - printk("entering query_asymmetric_key\n"); const struct asymmetric_key_subtype *subtype; struct key *key = params->key; int ret; pr_devel("==>%s()\n", __func__); - printk(" checking if key type is asymmetric\n"); if (key->type != &key_type_asymmetric) return -EINVAL; subtype = asymmetric_key_subtype(key); @@ -60,7 +58,6 @@ int query_asymmetric_key(const struct kernel_pkey_params *params, return -ENOTSUPP; ret = subtype->query(params, info); - printk(" subtype->query returned %i\n", ret); pr_devel("<==%s() = %d\n", __func__, ret); return ret; diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 2528e7f13da79..97bc27bbf0797 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -115,7 +115,6 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par int op, struct kernel_pkey_params *params) { - printk("entering keyctl_pkey_params_get_2\n"); struct keyctl_pkey_params uparams; struct kernel_pkey_query info; int ret; @@ -127,20 +126,13 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par return -EFAULT; ret = keyctl_pkey_params_get(uparams.key_id, _info, params); - printk(" params_get() returned %i\n", ret); if (ret < 0) return ret; ret = params->key->type->asym_query(params, &info); - printk(" asym_query() returned %i\n", ret); if (ret < 0) return ret; - printk(" uparams.in_len=%i\n", uparams.in_len); - printk(" uparams.out_len=%i\n", uparams.out_len); - printk(" info.max_data_size=%i\n", info.max_data_size); - printk(" info.max_sig_size=%i\n", info.max_sig_size); - switch (op) { case KEYCTL_PKEY_ENCRYPT: if (uparams.in_len > info.max_dec_size || @@ -167,7 +159,6 @@ static int keyctl_pkey_params_get_2(const struct keyctl_pkey_params __user *_par } params->in_len = uparams.in_len; - printk(" success\n"); params->out_len = uparams.out_len; /* Note: same as in2_len */ return 0; } @@ -228,14 +219,10 @@ long keyctl_pkey_e_d_s(int op, void *in, *out; long ret; - printk("entering keyctl_pkey_e_d_s\n"); ret = keyctl_pkey_params_get_2(_params, _info, op, ¶ms); if (ret < 0) goto error_params; - printk(" parsed params: info=%s params->out_len=%d \n", params.info, - params.out_len); - ret = -EOPNOTSUPP; if (!params.key->type->asym_eds_op) goto error_params; From 5752a5668ff552d0230bcb9270ef85372b437b43 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 16 Sep 2024 10:52:51 +0200 Subject: [PATCH 46/53] zeta/signing_tool: lock os thread in benchmarks --- zeta/signing_tool/rsa_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/zeta/signing_tool/rsa_test.go b/zeta/signing_tool/rsa_test.go index 6db92e370befa..104a3dbe1eed4 100644 --- a/zeta/signing_tool/rsa_test.go +++ b/zeta/signing_tool/rsa_test.go @@ -5,6 +5,7 @@ import ( "crypto/rand" "crypto/rsa" "crypto/sha256" + "runtime" "testing" "github.com/stretchr/testify/require" @@ -52,6 +53,7 @@ func TestRsa(t *testing.T) { } func BenchmarkRSAKernelSign(b *testing.B) { + runtime.LockOSThread() keyInKernel, _, digest, signature := kernelSetupRsa2048(b, "benchkey") b.ResetTimer() @@ -64,6 +66,7 @@ func BenchmarkRSAKernelSign(b *testing.B) { } func BenchmarkRSAKernelVerify(b *testing.B) { + runtime.LockOSThread() keyInKernel, _, digest, signature := kernelSetupRsa2048(b, "benchkey") signature, err := keyInKernel.SignRsaPrehashed(digest[:], signature[:]) @@ -81,6 +84,7 @@ func BenchmarkRSAKernelVerify(b *testing.B) { } func BenchmarkRSAGo(b *testing.B) { + runtime.LockOSThread() const N = 2048 var ( From 552eabe6479504042f97a4b04ebbfa49b9e8eb19 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 16 Sep 2024 17:15:47 +0200 Subject: [PATCH 47/53] add kernel config for enabling and disabling hacl* for ecdsa --- crypto/Kconfig | 11 +++- crypto/Makefile | 6 +- crypto/ecdsa.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 177 insertions(+), 8 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 3c4177b7a4d85..c1aec7ba5287c 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -315,7 +315,16 @@ config CRYPTO_ECDSA ECDSA (Elliptic Curve Digital Signature Algorithm) (FIPS 186, ISO/IEC 14888-3) using curves P-192, P-256, and P-384 - P-256 uses formally a verified implementation from HACL* + +config CRYPTO_ECDSA_HACL + tristate "Use HACL* for ECDSA" + depends on CRYPTO_ECDSA + select CRYPTO_ECC + select CRYPTO_AKCIPHER + select CRYPTO_DRBG_HMAC + select ASN1 + help + Use verified implementations from HACL* for ECDSA with P-256 and P-384 config CRYPTO_ECRDSA tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)" diff --git a/crypto/Makefile b/crypto/Makefile index 5b678eb8ee5f5..20ec66d5299f9 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -63,13 +63,15 @@ obj-$(CONFIG_CRYPTO_SM2) += sm2_generic.o $(obj)/ecprivkey.asn1.o: $(obj)/ecprivkey.asn1.c $(obj)/ecprivkey.asn1.h $(obj)/ecdsasignature.asn1.o: $(obj)/ecdsasignature.asn1.c $(obj)/ecdsasignature.asn1.h $(obj)/ecdsa.o: $(obj)/ecdsasignature.asn1.h $(obj)/ecprivkey.asn1.h -ecdsa_generic-y += p256-hacl-generated.o -ecdsa_generic-y += p384-hacl-generated.o ecdsa_generic-y += ecdsa.o ecdsa_generic-y += ecprivkey.asn1.o ecdsa_generic-y += ecdsasignature.asn1.o obj-$(CONFIG_CRYPTO_ECDSA) += ecdsa_generic.o +ecdsa_hacl-y += p256-hacl-generated.o +ecdsa_hacl-y += p384-hacl-generated.o +obj-$(CONFIG_CRYPTO_ECDSA_HACL) += ecdsa_hacl.o + crypto_acompress-y := acompress.o crypto_acompress-y += scompress.o obj-$(CONFIG_CRYPTO_ACOMP2) += crypto_acompress.o diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index d6b2d33b06d43..46a83d855fadc 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -145,10 +145,11 @@ static int _ecdsa_verify(struct ecc_ctx *ctx, const u64 *hash, const u64 *r, return -EKEYREJECTED; } +#ifdef CONFIG_CRYPTO_ECDSA_HACL /* * Verify an ECDSA signature. */ -static int ecdsa_verify(struct akcipher_request *req) +static int ecdsa_verify_hacl(struct akcipher_request *req) { struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); @@ -204,11 +205,79 @@ static int ecdsa_verify(struct akcipher_request *req) } else { ret = -EKEYREJECTED; } + } else if (strncmp(ctx->curve->name, "nist_384", 8) == 0) { + u8 pk[96]; + u8 r[48]; + u8 s[48]; + ecc_swap_digits(ctx->x, (u64 *)pk, 6); + ecc_swap_digits(ctx->y, (u64 *)(pk + 48), 6); + ecc_swap_digits(sig_ctx.r, (u64 *)r, ctx->curve->g.ndigits); + ecc_swap_digits(sig_ctx.s, (u64 *)s, ctx->curve->g.ndigits); + if (Hacl_P384_ecdsa_verif_without_hash(req->dst_len, rawhash, + pk, r, s)) { + ret = 0; + } else { + ret = -EKEYREJECTED; + } } else { ecc_swap_digits((u64 *)rawhash, hash, ctx->curve->g.ndigits); ret = _ecdsa_verify(ctx, hash, sig_ctx.r, sig_ctx.s); } +error: + kfree(buffer); + + return ret; +} +#endif /* ifdef CONFIG_CRYPTO_ECDSA_HACL */ +/* + * Verify an ECDSA signature. + */ +static int ecdsa_verify(struct akcipher_request *req) +{ + struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); + struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); + size_t keylen = ctx->curve->g.ndigits * sizeof(u64); + struct ecdsa_signature_ctx sig_ctx = { + .curve = ctx->curve, + }; + u8 rawhash[ECC_MAX_BYTES]; + u64 hash[ECC_MAX_DIGITS]; + unsigned char *buffer; + ssize_t diff; + int ret; + + if (unlikely(!ctx->key_set)) + return -EINVAL; + + buffer = kmalloc(req->src_len + req->dst_len, GFP_KERNEL); + if (!buffer) + return -ENOMEM; + + sg_pcopy_to_buffer(req->src, + sg_nents_for_len(req->src, + req->src_len + req->dst_len), + buffer, req->src_len + req->dst_len, 0); + + ret = asn1_ber_decoder(&ecdsasignature_decoder, &sig_ctx, buffer, + req->src_len); + if (ret < 0) + goto error; + + /* if the hash is shorter then we will add leading zeros to fit to ndigits */ + diff = keylen - req->dst_len; + if (diff >= 0) { + if (diff) + memset(rawhash, 0, diff); + memcpy(&rawhash[diff], buffer + req->src_len, req->dst_len); + } else if (diff < 0) { + /* given hash is longer, we take the left-most bytes */ + memcpy(&rawhash, buffer + req->src_len, keylen); + } + + ecc_swap_digits((u64 *)rawhash, hash, ctx->curve->g.ndigits); + ret = _ecdsa_verify(ctx, hash, sig_ctx.r, sig_ctx.s); + error: kfree(buffer); @@ -317,6 +386,7 @@ static int rfc6979_gen_k(struct ecc_ctx *ctx, struct crypto_rng *rng, u64 *k) return 0; } +#ifdef CONFIG_CRYPTO_ECDSA_HACL static int rfc6979_gen_k_hacl(struct ecc_ctx *ctx, struct crypto_rng *rng, u8 *k) { @@ -333,6 +403,7 @@ static int rfc6979_gen_k_hacl(struct ecc_ctx *ctx, struct crypto_rng *rng, return 0; } +#endif /* scratch buffer should be at least ECC_MAX_BYTES */ static int asn1_encode_signature_sg(struct akcipher_request *req, @@ -425,7 +496,8 @@ static int asn1_encode_signature_sg(struct akcipher_request *req, return 0; } -static int ecdsa_sign(struct akcipher_request *req) +#ifdef CONFIG_CRYPTO_ECDSA_HACL +static int ecdsa_sign_hacl(struct akcipher_request *req) { struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); @@ -458,9 +530,6 @@ static int ecdsa_sign(struct akcipher_request *req) if (IS_ERR(rng)) return PTR_ERR(rng); - printk("in the signing function, before the branch. curve name: %s\n", - ctx->curve->name); - if (strncmp(ctx->curve->name, "nist_256", 8) == 0) { u8 private_key[32]; u8 signature[64]; @@ -526,6 +595,57 @@ static int ecdsa_sign(struct akcipher_request *req) ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); } +alloc_rng: + crypto_free_rng(rng); + return ret; +} +#endif /*ifdef CONFIG_CRYPTO_ECDSA_HACL*/ + +static int ecdsa_sign(struct akcipher_request *req) +{ + struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); + struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); + size_t keylen = ctx->curve->g.ndigits << ECC_DIGITS_TO_BYTES_SHIFT; + u8 rawhash_k[ECC_MAX_BYTES]; + u64 hash[ECC_MAX_DIGITS]; + struct ecdsa_signature_ctx sig_ctx = { + .curve = ctx->curve, + }; + struct crypto_rng *rng; + ssize_t diff; + int ret; + + /* if the hash is shorter then we will add leading zeros to fit to ndigits */ + diff = keylen - req->src_len; + if (diff >= 0) { + if (diff) + memset(rawhash_k, 0, diff); + sg_copy_to_buffer(req->src, + sg_nents_for_len(req->src, req->src_len), + &rawhash_k[diff], req->src_len); + } else if (diff < 0) { + /* given hash is longer, we take the left-most bytes */ + sg_copy_to_buffer(req->src, + sg_nents_for_len(req->src, req->src_len), + rawhash_k, req->src_len); + } + + rng = rfc6979_alloc_rng(ctx, req->src_len, rawhash_k); + if (IS_ERR(rng)) + return PTR_ERR(rng); + + ecc_swap_digits((u64 *)rawhash_k, hash, ctx->curve->g.ndigits); + do { + ret = rfc6979_gen_k(ctx, rng, (u64 *)rawhash_k); + if (ret) + goto alloc_rng; + + ret = _ecdsa_sign(ctx, hash, (u64 *)rawhash_k, &sig_ctx); + } while (ret == -EAGAIN); + memzero_explicit(rawhash_k, sizeof(rawhash_k)); + + ret = asn1_encode_signature_sg(req, &sig_ctx, rawhash_k); + alloc_rng: crypto_free_rng(rng); return ret; @@ -733,6 +853,24 @@ static int ecdsa_nist_p384_init_tfm(struct crypto_akcipher *tfm) return ecdsa_ecc_ctx_init(ctx, ECC_CURVE_NIST_P384); } +#ifdef CONFIG_CRYPTO_ECDSA_HACL +static struct akcipher_alg ecdsa_nist_p384 = { + .sign = ecdsa_sign_hacl, + .verify = ecdsa_verify_hacl, + .set_priv_key = ecdsa_set_priv_key, + .set_pub_key = ecdsa_set_pub_key, + .max_size = ecdsa_max_size, + .init = ecdsa_nist_p384_init_tfm, + .exit = ecdsa_exit_tfm, + .base = { + .cra_name = "ecdsa-nist-p384", + .cra_driver_name = "ecdsa-nist-p384-hacl", + .cra_priority = 100, + .cra_module = THIS_MODULE, + .cra_ctxsize = sizeof(struct ecc_ctx), + }, +}; +#else /*ifdef CONFIG_CRYPTO_ECDSA_HACL*/ static struct akcipher_alg ecdsa_nist_p384 = { .sign = ecdsa_sign, .verify = ecdsa_verify, @@ -749,6 +887,7 @@ static struct akcipher_alg ecdsa_nist_p384 = { .cra_ctxsize = sizeof(struct ecc_ctx), }, }; +#endif /*ifdef CONFIG_CRYPTO_ECDSA_HACL*/ static int ecdsa_nist_p256_init_tfm(struct crypto_akcipher *tfm) { @@ -757,6 +896,24 @@ static int ecdsa_nist_p256_init_tfm(struct crypto_akcipher *tfm) return ecdsa_ecc_ctx_init(ctx, ECC_CURVE_NIST_P256); } +#ifdef CONFIG_CRYPTO_ECDSA_HACL +static struct akcipher_alg ecdsa_nist_p256 = { + .sign = ecdsa_sign_hacl, + .verify = ecdsa_verify_hacl, + .set_priv_key = ecdsa_set_priv_key, + .set_pub_key = ecdsa_set_pub_key, + .max_size = ecdsa_max_size, + .init = ecdsa_nist_p256_init_tfm, + .exit = ecdsa_exit_tfm, + .base = { + .cra_name = "ecdsa-nist-p256", + .cra_driver_name = "ecdsa-nist-p256-hacl", + .cra_priority = 100, + .cra_module = THIS_MODULE, + .cra_ctxsize = sizeof(struct ecc_ctx), + }, +}; +#else /*ifdef CONFIG_CRYPTO_ECDSA_HACL*/ static struct akcipher_alg ecdsa_nist_p256 = { .sign = ecdsa_sign, .verify = ecdsa_verify, @@ -773,6 +930,7 @@ static struct akcipher_alg ecdsa_nist_p256 = { .cra_ctxsize = sizeof(struct ecc_ctx), }, }; +#endif /*ifdef CONFIG_CRYPTO_ECDSA_HACL*/ static int ecdsa_nist_p192_init_tfm(struct crypto_akcipher *tfm) { From 5d8cb366282d288a12fa30630d8495e3975f3bc1 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 16 Sep 2024 17:16:31 +0200 Subject: [PATCH 48/53] add test for userland signature benchmark --- zeta/signing_tool/ecdsa_test.go | 37 ++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/zeta/signing_tool/ecdsa_test.go b/zeta/signing_tool/ecdsa_test.go index dae58e0a742f6..50f2ecc914581 100644 --- a/zeta/signing_tool/ecdsa_test.go +++ b/zeta/signing_tool/ecdsa_test.go @@ -174,7 +174,7 @@ func BenchmarkECDSAP256KernelVerify(b *testing.B) { } } -func BenchmarkECDSAGo(b *testing.B) { +func BenchmarkECDSAP256Go(b *testing.B) { var ( msg = []byte("hello world") digest = sha256.Sum256(msg) @@ -208,3 +208,38 @@ func BenchmarkECDSAGo(b *testing.B) { } }) } + +func BenchmarkECDSAP384Go(b *testing.B) { + var ( + msg = []byte("hello world") + digest = sha512.Sum384(msg) + ) + + priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + if err != nil { + b.Fatalf("failed to generate private key: %v", err) + } + + signature, err := ecdsa.SignASN1(rand.Reader, priv, digest[:]) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + + b.Run("Sign", func(b *testing.B) { + for i := 0; i < b.N; i++ { + _, err := priv.Sign(rand.Reader, digest[:], crypto.SHA384) + if err != nil { + b.Fatalf("failed to sign the digest: %v", err) + } + } + }) + + b.Run("Verify", func(b *testing.B) { + for i := 0; i < b.N; i++ { + ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:]) + if !ok { + b.Fatalf("failed to verify the signature: %v", err) + } + } + }) +} From fea57de0934db70308747793920a4b1fde63e2b1 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 23 Sep 2024 15:50:09 +0200 Subject: [PATCH 49/53] clean up --- crypto/rsa-hacl.c | 20 -------------------- security/keys/key.c | 4 ++-- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/crypto/rsa-hacl.c b/crypto/rsa-hacl.c index ec89488350b20..ed53bf635f56d 100644 --- a/crypto/rsa-hacl.c +++ b/crypto/rsa-hacl.c @@ -38,8 +38,6 @@ static int rsa_enc(struct akcipher_request *req) struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); const struct hacl_rsa_key *pkey = rsa_get_key(tfm); int ret = 0; - //printk("<<< in hacl rsa_enc"); - //printk("<<< pkey->modbits:%d, pkey->ebits:%d, pkey->dbits:%d", pkey->modBits,pkey->eBits,pkey->dBits); if (unlikely(!pkey->nbytes || !pkey->ebytes)) { ret = -EINVAL; @@ -49,7 +47,6 @@ static int rsa_enc(struct akcipher_request *req) uint64_t* pk = Hacl_RSA_new_rsa_load_pkey(pkey->modBits,pkey->eBits,pkey->nbytes,pkey->ebytes); if (!pk) { - printk("<<< load pkey failed"); ret = -EINVAL; goto done; } @@ -58,7 +55,6 @@ static int rsa_enc(struct akcipher_request *req) unsigned int plain_len = (pkey->modBits - 1)/8 + 1; unsigned int cipher_len = (pkey->modBits - 2)/8 + 1; - // printk("req->src_len:%d, plain_len:%d, req->dst_len:%d, cipher_len:%d", req->src_len,plain_len,req->dst_len,cipher_len); if (req->src_len > plain_len || req->dst_len != cipher_len) { ret = -EINVAL; goto pkdone; @@ -79,13 +75,9 @@ static int rsa_enc(struct akcipher_request *req) goto bufdone; } - // printk("<<< exiting hacl rsa_enc 5 with cipher_len=%d, dst_len=%d, nents=%d, cipher[0]=%x, cipher[15]=%x", - // cipher_len,req->dst_len,sg_nents_for_len(req->dst, req->dst_len),cbuffer[0],cbuffer[15]); sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst, req->dst_len), buffer+plain_len, cipher_len); - //printk("<<< exiting hacl rsa_enc 6 with copied = %d, cipher_len=%d, cipher[0]=%x, cipher[15]=%x", - // copied, cipher_len,cbuffer[0],cbuffer[15]); bufdone: kfree(buffer); @@ -95,7 +87,6 @@ static int rsa_enc(struct akcipher_request *req) static int rsa_dec(struct akcipher_request *req) { - // printk("<<< in rsa dec"); struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); const struct hacl_rsa_key *skey = rsa_get_key(tfm); int ret = 0; @@ -108,7 +99,6 @@ static int rsa_dec(struct akcipher_request *req) uint64_t *sk = Hacl_RSA_new_rsa_load_skey(skey->modBits,skey->eBits,skey->dBits,skey->nbytes,skey->ebytes,skey->dbytes); if (!sk) { - printk("<<< load skey failed"); ret = -EINVAL; goto done; } @@ -116,11 +106,8 @@ static int rsa_dec(struct akcipher_request *req) unsigned int plain_len = (skey->modBits - 1)/8 + 1; unsigned int cipher_len = (skey->modBits - 2)/8 + 1; - // printk("<<< pkey->modbits:%d, pkey->ebits:%d, pkey->dbits:%d", skey->modBits,skey->eBits,skey->dBits); - // printk("<<< req->src_len:%d, plain_len:%d, req->dst_len:%d, cipher_len:%d", req->src_len,plain_len,req->dst_len,cipher_len); if (req->src_len > cipher_len || req->dst_len != plain_len) { - printk("not the right lengths"); ret = -EINVAL; goto skdone; } @@ -138,13 +125,10 @@ static int rsa_dec(struct akcipher_request *req) ret = Hacl_RSA_rsa_dec(skey->modBits,skey->eBits,skey->dBits,sk,buffer,buffer+cipher_len); if (!ret) { - printk("<<< rsa_dec failed"); ret = -EBADMSG; goto bufdone; } - // printk("<<< exiting hacl rsa_dec 5 with plain_len=%d, dst_len=%d, nents=%d, plain[0]=%x, plain[15]=%x", - // plain_len,req->dst_len,sg_nents_for_len(req->dst, req->dst_len),buffer[cipher_len],buffer[cipher_len+15]); sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst, req->dst_len), buffer+cipher_len, req->dst_len); @@ -170,8 +154,6 @@ static void rsa_free_key(struct hacl_rsa_key *key) static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { - // printk("<<< calling hacl rsa_set_pub_key"); - struct hacl_rsa_key *pkey = rsa_get_key(tfm); struct rsa_key raw_key = {0}; @@ -214,8 +196,6 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { - // printk("<<< calling hacl rsa_set_priv_key"); - struct hacl_rsa_key *skey = rsa_get_key(tfm); struct rsa_key raw_key = {0}; diff --git a/security/keys/key.c b/security/keys/key.c index ce9290b711c33..14f2139227ee8 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -38,8 +38,8 @@ DEFINE_MUTEX(key_construction_mutex); #ifdef KEY_DEBUGGING void __key_check(const struct key *key) { - printk("__key_check: key %p {%08x} should be {%08x}\n", key, key->magic, - KEY_DEBUG_MAGIC); + printk("__key_check: key %p {%08x} should be {%08x}\n", + key, key->magic, KEY_DEBUG_MAGIC); BUG(); } #endif From e91673d510a1a0990a0bd42e0d7c65ae84f87eaf Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 23 Sep 2024 15:58:00 +0200 Subject: [PATCH 50/53] remove helpers in WORK --- WORK/launch.sh | 58 ---------------------------------------- WORK/virtme-home/.bashrc | 3 --- 2 files changed, 61 deletions(-) delete mode 100755 WORK/launch.sh delete mode 100644 WORK/virtme-home/.bashrc diff --git a/WORK/launch.sh b/WORK/launch.sh deleted file mode 100755 index 482cb6ec2a839..0000000000000 --- a/WORK/launch.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/bash - -set -e -set -x - -name="$1" - -if [ "$name" = "" ]; then - echo "please provide a name as the first arg" - exit -fi - -# prepare path variables -workdir="$(dirname -- "$0")" -workdir="$( - cd -- "$workdir" - pwd -)" -kerneldir="$(dirname -- "$workdir")" - -# build go code -pushd "$kerneldir/zeta/rsa_bench/" -go build -o rsa rsa.go -popd - -pushd "$kerneldir/zeta/ecdsa_bench/" -go build -o ecdsa ecdsa.go -go test -o ecdsa.test -c ecdsa*.go -popd - -pushd "$kerneldir/zeta/signing_tool/" -go build -o signing_tool -go test -o signing_tool.test -c -popd - -mkdir -p "$workdir/virtme-home/bin" - -# prepare home bin dir -pushd "$workdir/virtme-home/bin/" -rm -- * || true # it's okay if there isn't anything -ln -s "$kerneldir/zeta/rsa_bench/rsa" -ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa" -ln -s "$kerneldir/zeta/ecdsa_bench/ecdsa.test" -ln -s "$kerneldir/zeta/signing_tool/signing_tool" -ln -s "$kerneldir/zeta/signing_tool/signing_tool.test" -popd - -mkdir -p "WORK/$name" - -# build and "deploy" kernel -make -j 16 -/bin/cp arch/x86_64/boot/bzImage "WORK/$name" - -# run vm -virtme-run \ - --kimg "WORK/$name/bzImage" \ - --rodir=/tmp/roothome=$(pwd)/WORK/virtme-home \ - --pwd diff --git a/WORK/virtme-home/.bashrc b/WORK/virtme-home/.bashrc deleted file mode 100644 index ba53d4d216474..0000000000000 --- a/WORK/virtme-home/.bashrc +++ /dev/null @@ -1,3 +0,0 @@ -export PATH=$PATH:$HOME/bin - -alias logcat='dmesg -w --since now' From 92771919208746dfd43adef411a790f32e9a2c93 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 23 Sep 2024 16:20:57 +0200 Subject: [PATCH 51/53] undo fmt --- crypto/ecdsa.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index 46a83d855fadc..24d08a3b66bb8 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -45,8 +45,7 @@ struct ecdsa_signature_ctx { * Get the r and s components of a signature from the X509 certificate. */ static int ecdsa_get_signature_rs(u64 *dest, size_t hdrlen, unsigned char tag, - const void *value, size_t vlen, - unsigned int ndigits) + const void *value, size_t vlen, unsigned int ndigits) { size_t keylen = ndigits * sizeof(u64); ssize_t diff = vlen - keylen; @@ -104,8 +103,7 @@ int ecdsa_get_signature_s(void *context, size_t hdrlen, unsigned char tag, sig->curve->g.ndigits); } -static int _ecdsa_verify(struct ecc_ctx *ctx, const u64 *hash, const u64 *r, - const u64 *s) +static int _ecdsa_verify(struct ecc_ctx *ctx, const u64 *hash, const u64 *r, const u64 *s) { const struct ecc_curve *curve = ctx->curve; unsigned int ndigits = curve->g.ndigits; @@ -122,8 +120,8 @@ static int _ecdsa_verify(struct ecc_ctx *ctx, const u64 *hash, const u64 *r, return -EBADMSG; /* hash is given */ - pr_devel("hash : %016llx %016llx ... %016llx\n", hash[ndigits - 1], - hash[ndigits - 2], hash[0]); + pr_devel("hash : %016llx %016llx ... %016llx\n", + hash[ndigits - 1], hash[ndigits - 2], hash[0]); /* s1 = (s^-1) mod n */ vli_mod_inv(s1, s, curve->n, ndigits); From d7ee443589b300b3b336e6a87af2ab7a05fb33c6 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 23 Sep 2024 16:31:09 +0200 Subject: [PATCH 52/53] more fmt undo; rm algorithm-specific benchmarking tools --- crypto/ecdsa.c | 12 +- security/keys/key.c | 2 +- zeta/ecdsa_bench/Makefile | 18 --- zeta/ecdsa_bench/ecdsa.go | 156 ------------------- zeta/ecdsa_bench/ecdsa_test.go | 267 --------------------------------- zeta/ecdsa_bench/readme.md | 35 ----- zeta/rsa_bench/Makefile | 18 --- zeta/rsa_bench/readme.md | 29 ---- zeta/rsa_bench/rsa.go | 147 ------------------ zeta/rsa_bench/rsa_test.go | 94 ------------ 10 files changed, 6 insertions(+), 772 deletions(-) delete mode 100644 zeta/ecdsa_bench/Makefile delete mode 100644 zeta/ecdsa_bench/ecdsa.go delete mode 100644 zeta/ecdsa_bench/ecdsa_test.go delete mode 100644 zeta/ecdsa_bench/readme.md delete mode 100644 zeta/rsa_bench/Makefile delete mode 100644 zeta/rsa_bench/readme.md delete mode 100644 zeta/rsa_bench/rsa.go delete mode 100644 zeta/rsa_bench/rsa_test.go diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c index 24d08a3b66bb8..dd20d02483471 100644 --- a/crypto/ecdsa.c +++ b/crypto/ecdsa.c @@ -253,12 +253,11 @@ static int ecdsa_verify(struct akcipher_request *req) return -ENOMEM; sg_pcopy_to_buffer(req->src, - sg_nents_for_len(req->src, - req->src_len + req->dst_len), - buffer, req->src_len + req->dst_len, 0); + sg_nents_for_len(req->src, req->src_len + req->dst_len), + buffer, req->src_len + req->dst_len, 0); - ret = asn1_ber_decoder(&ecdsasignature_decoder, &sig_ctx, buffer, - req->src_len); + ret = asn1_ber_decoder(&ecdsasignature_decoder, &sig_ctx, + buffer, req->src_len); if (ret < 0) goto error; @@ -684,8 +683,7 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx) * certificate. The key data contain the concatenated X and Y coordinates of * the public key. */ -static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, - unsigned int keylen) +static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) { struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); const unsigned char *d = key; diff --git a/security/keys/key.c b/security/keys/key.c index 14f2139227ee8..5c0c7df833f8a 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -39,7 +39,7 @@ DEFINE_MUTEX(key_construction_mutex); void __key_check(const struct key *key) { printk("__key_check: key %p {%08x} should be {%08x}\n", - key, key->magic, KEY_DEBUG_MAGIC); + key, key->magic, KEY_DEBUG_MAGIC); BUG(); } #endif diff --git a/zeta/ecdsa_bench/Makefile b/zeta/ecdsa_bench/Makefile deleted file mode 100644 index b52112d1383b9..0000000000000 --- a/zeta/ecdsa_bench/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -all: compile - -compile: rsa.go rsa_test.go - go build -o rsa.exe rsa.go - go test -c -o bench.exe rsa.go rsa_test.go - - -rsa: rsa.exe - ./rsa.exe - -load_parser: - modprobe pkcs8_key_parser - -benchmark: rsa.go rsa_test.go - ./bench.exe -test.v -test.bench=. - -clean: - rm -f ./bench.exe ./rsa.exe diff --git a/zeta/ecdsa_bench/ecdsa.go b/zeta/ecdsa_bench/ecdsa.go deleted file mode 100644 index e1c383faf292e..0000000000000 --- a/zeta/ecdsa_bench/ecdsa.go +++ /dev/null @@ -1,156 +0,0 @@ -package main - -import ( - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/sha256" - "crypto/x509" - "fmt" - "log" - "runtime" - "syscall" - "unsafe" -) - -type ( - KeySerial int32 - Keyring int32 - KeyOps = uintptr -) - -const ( - KEY_SPEC_PROCESS_KEYRING Keyring = -2 - KEYCTL_PKEY_SIGN KeyOps = 27 - KEYCTL_PKEY_VERIFY KeyOps = 28 -) - -var ( - keyTypeAsym = []byte("asymmetric\x00") - signInfo = []byte("enc=x962 hash=sha256\x00") -) - -func (keyring Keyring) LoadAsym(desc string, payload []byte) (KeySerial, error) { - cdesc := []byte(desc + "\x00") - serial, _, errno := syscall.Syscall6( - syscall.SYS_ADD_KEY, - uintptr(unsafe.Pointer(&keyTypeAsym[0])), - uintptr(unsafe.Pointer(&cdesc[0])), - uintptr(unsafe.Pointer(&payload[0])), - uintptr(len(payload)), - uintptr(keyring), - uintptr(0), - ) - if errno == 0 { - return KeySerial(serial), nil - } - - return KeySerial(serial), errno -} - -type pkeyParams struct { - key_id KeySerial - in_len uint32 - out_or_in2_len uint32 - __spare [7]uint32 -} - -func (key KeySerial) Sign(info, digest, signature []byte) (uint64, error) { - var params pkeyParams - params.key_id = key - params.in_len = uint32(len(digest)) - params.out_or_in2_len = uint32(len(signature)) - - _, _, errno := syscall.Syscall6( - syscall.SYS_KEYCTL, KEYCTL_PKEY_SIGN, - uintptr(unsafe.Pointer(¶ms)), - uintptr(unsafe.Pointer(&info[0])), - uintptr(unsafe.Pointer(&digest[0])), - uintptr(unsafe.Pointer(&signature[0])), - uintptr(0), - ) - - if errno != 0 { - return 0, errno - } - - length := uint64(signature[1]) + 2 - return length, nil -} - -func (key KeySerial) Verify(info, digest, signature []byte) error { - var params pkeyParams - params.key_id = key - params.in_len = uint32(len(digest)) - params.out_or_in2_len = uint32(len(signature)) - - _, _, errno := syscall.Syscall6( - syscall.SYS_KEYCTL, KEYCTL_PKEY_VERIFY, - uintptr(unsafe.Pointer(¶ms)), - uintptr(unsafe.Pointer(&info[0])), - uintptr(unsafe.Pointer(&digest[0])), - uintptr(unsafe.Pointer(&signature[0])), - uintptr(0), - ) - if errno == 0 { - return nil - } - - return errno -} - -var counter = 0 - -func loadKeyToKernel(key crypto.PrivateKey) KeySerial { - pkcs8, err := x509.MarshalPKCS8PrivateKey(key) - if err != nil { - log.Fatalf("failed to serialize the private key to PKCS8 blob: %v", err) - } - - name := fmt.Sprintf("test ecdsa key %v", counter) - counter += 1 - - serial, err := KEY_SPEC_PROCESS_KEYRING.LoadAsym(name, pkcs8) - if err != nil { - log.Fatalf("failed to load the private key into the keyring: %v", err) - } - - return serial -} - -func main() { - runtime.LockOSThread() - - var ( - msg = []byte("hello world") - digest = sha256.Sum256(msg) - signature [72]byte - ) - - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - log.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel := loadKeyToKernel(priv) - log.Printf("Loaded key to the kernel with ID: %v", keyInKernel) - - n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) - if err != nil { - log.Fatalf("failed to sign the digest: %v", err) - } - log.Printf("Signature from Kernel: %x...", signature[:10]) - - err = keyInKernel.Verify(signInfo, digest[:], signature[:n]) - if err != nil { - log.Fatalf("failed to verify the digest: %v", err) - } - log.Printf("Valid signature from Kernel: %v", err == nil) - - ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:n]) - log.Printf("Valid signature from Go: %v", ok) - if !ok { - log.Fatalf("failed to verify the signature: %v", err) - } -} diff --git a/zeta/ecdsa_bench/ecdsa_test.go b/zeta/ecdsa_bench/ecdsa_test.go deleted file mode 100644 index 4fc305aca3bc1..0000000000000 --- a/zeta/ecdsa_bench/ecdsa_test.go +++ /dev/null @@ -1,267 +0,0 @@ -package main - -import ( - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/sha256" - "crypto/sha512" - "crypto/x509" - "encoding/base64" - "runtime" - "testing" -) - -var signInfo384 = []byte("enc=x962 hash=sha256\x00") - -func kernelSetup256(priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { - var ( - msg = []byte("hello world") - digest = sha256.Sum256(msg) - signature [72]byte - ) - - keyInKernel := loadKeyToKernel(priv) - - return keyInKernel, digest[:], signature[:] -} - -func kernelSetup384(tb testing.TB, priv *ecdsa.PrivateKey) (KeySerial, []byte, []byte) { - var ( - msg = []byte("hello world") - digest = sha512.Sum384(msg) - signature [104]byte - ) - - keyInKernel := loadKeyToKernel(priv) - - // begin debug info - pkcs8, err := x509.MarshalPKCS8PrivateKey(priv) - if err != nil { - tb.Fatalf("failed to serialize the private key to PKCS8 blob: %v", err) - } - tb.Log("added key:") - tb.Logf(" base64: %s\n", base64.StdEncoding.EncodeToString(pkcs8)) - tb.Logf(" hex: %x\n", pkcs8) - // end debug info - - return keyInKernel, digest[:], signature[:] -} - -func TestSign384InKernelVerifyInGo(t *testing.T) { - runtime.LockOSThread() - - priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) - if err != nil { - t.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel, digest, signature := kernelSetup384(t, priv) - - n, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) - if err != nil { - t.Fatalf("failed to sign the digest: %v", err) - } - - ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:n]) - if !ok { - t.Fatalf("failed to verify the signature") - } -} - -func TestSignAndVerify384InKernel(t *testing.T) { - runtime.LockOSThread() - - priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) - if err != nil { - t.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel, digest, signature := kernelSetup384(t, priv) - - n, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) - if err != nil { - t.Fatalf("failed to sign the digest: %v", err) - } - - err = keyInKernel.Verify(signInfo, digest[:], signature[:n]) - if err != nil { - t.Fatalf("failed to verify the signature: %v", err) - } -} - -func TestSignInKernelVerifyInGo(t *testing.T) { - runtime.LockOSThread() - - var ( - msg = []byte("hello world") - digest = sha256.Sum256(msg) - signature [72]byte - ) - - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - t.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel := loadKeyToKernel(priv) - - n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) - if err != nil { - t.Fatalf("failed to sign the digest: %v", err) - } - - ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:n]) - if !ok { - t.Fatalf("failed to verify the signature") - } -} - -func TestSignAndVerifyInKernel(t *testing.T) { - runtime.LockOSThread() - - var ( - msg = []byte("hello world") - digest = sha256.Sum256(msg) - signature [72]byte - ) - - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - t.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel := loadKeyToKernel(priv) - - n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) - if err != nil { - t.Fatalf("failed to sign the digest: %v", err) - } - - err = keyInKernel.Verify(signInfo, digest[:], signature[:n]) - if err != nil { - t.Fatalf("failed to verify the signature: %v", err) - } -} - -func BenchmarkECDSAP384KernelSign(b *testing.B) { - runtime.LockOSThread() - - priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) - if err != nil { - b.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel, digest, signature := kernelSetup384(b, priv) - - b.ResetTimer() - for i := 0; i < b.N; i++ { - _, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - } -} - -func BenchmarkECDSAP384KernelVerify(b *testing.B) { - runtime.LockOSThread() - - priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) - if err != nil { - b.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel, digest, signature := kernelSetup384(b, priv) - - n, err := keyInKernel.Sign(signInfo384, digest[:], signature[:]) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - - b.ResetTimer() - for i := 0; i < b.N; i++ { - err := keyInKernel.Verify(signInfo384, digest[:], signature[:n]) - if err != nil { - b.Fatalf("failed to verify the signature: %v", err) - } - } -} - -func BenchmarkECDSAP256KernelSign(b *testing.B) { - runtime.LockOSThread() - - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - b.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel, digest, signature := kernelSetup256(priv) - - b.ResetTimer() - for i := 0; i < b.N; i++ { - _, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - } -} - -func BenchmarkECDSAP256KernelVerify(b *testing.B) { - runtime.LockOSThread() - - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - b.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel, digest, signature := kernelSetup256(priv) - - n, err := keyInKernel.Sign(signInfo, digest[:], signature[:]) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - - b.ResetTimer() - for i := 0; i < b.N; i++ { - err := keyInKernel.Verify(signInfo, digest[:], signature[:n]) - if err != nil { - b.Fatalf("failed to verify the signature: %v", err) - } - } -} - -func BenchmarkECDSAGo(b *testing.B) { - var ( - msg = []byte("hello world") - digest = sha256.Sum256(msg) - ) - - priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) - if err != nil { - b.Fatalf("failed to generate private key: %v", err) - } - - signature, err := ecdsa.SignASN1(rand.Reader, priv, digest[:]) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - - b.Run("Sign", func(b *testing.B) { - for i := 0; i < b.N; i++ { - _, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - } - }) - - b.Run("Verify", func(b *testing.B) { - for i := 0; i < b.N; i++ { - ok := ecdsa.VerifyASN1(&priv.PublicKey, digest[:], signature[:]) - if !ok { - b.Fatalf("failed to verify the signature: %v", err) - } - } - }) -} diff --git a/zeta/ecdsa_bench/readme.md b/zeta/ecdsa_bench/readme.md deleted file mode 100644 index 4577b1586cf5d..0000000000000 --- a/zeta/ecdsa_bench/readme.md +++ /dev/null @@ -1,35 +0,0 @@ -## Benchmark of In-Kernel ECDSA Signing from User Space - -This program uses the Linux API to access to in-kernel cryptographic -operations. This Go program makes direct syscalls to the kernel similarly -to the `keyctl` utility command. - -To run an example: - $ make example - -To run a benchmark: - $ make benchmark - -After that, the output looks like: - -``` -BenchmarkECDSAKernel -BenchmarkECDSAKernel-16 283 4283867 ns/op -BenchmarkECDSAGo -BenchmarkECDSAGo-16 1412 908581 ns/op -``` - -The difference in time is expected as the program should wait for the -operating system to respond the syscall, and move memory between the kernel -space and the user space. - -Known Issues: - -- "failed to load the private key into the keyring: bad message" - This means the parser is not loaded. To solve this issue run: - - ```sh - sudo modprobe pkcs8_key_parser - ``` - - or compile the parser directly into the kernel (instead of as a module) diff --git a/zeta/rsa_bench/Makefile b/zeta/rsa_bench/Makefile deleted file mode 100644 index b52112d1383b9..0000000000000 --- a/zeta/rsa_bench/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -all: compile - -compile: rsa.go rsa_test.go - go build -o rsa.exe rsa.go - go test -c -o bench.exe rsa.go rsa_test.go - - -rsa: rsa.exe - ./rsa.exe - -load_parser: - modprobe pkcs8_key_parser - -benchmark: rsa.go rsa_test.go - ./bench.exe -test.v -test.bench=. - -clean: - rm -f ./bench.exe ./rsa.exe diff --git a/zeta/rsa_bench/readme.md b/zeta/rsa_bench/readme.md deleted file mode 100644 index 25e6f7ef916c9..0000000000000 --- a/zeta/rsa_bench/readme.md +++ /dev/null @@ -1,29 +0,0 @@ -## Benchmark of In-Kernel RSA Signing from User Space - -This program uses the Linux API to access to in-kernel cryptographic -operations. This Go program makes direct syscalls to the kernel similarly -to the `keyctl` utility command. - -To run an example: - $ make example - -To run a benchmark: - $ make benchmark - -After that, the output looks like: - -``` -BenchmarkRSAKernel -BenchmarkRSAKernel-16 283 4283867 ns/op -BenchmarkRSAGo -BenchmarkRSAGo-16 1412 908581 ns/op -``` - -The difference in time is expected as the program should wait for the -operating system to respond the syscall, and move memory between the kernel -space and the user space. - -Known Issues: -- "failed to load the private key into the keyring: bad message" - This means the parser is not loaded. To solve this issue run: - $ sudo modprobe pkcs8_key_parser diff --git a/zeta/rsa_bench/rsa.go b/zeta/rsa_bench/rsa.go deleted file mode 100644 index 7d058958ab461..0000000000000 --- a/zeta/rsa_bench/rsa.go +++ /dev/null @@ -1,147 +0,0 @@ -package main - -import ( - "crypto" - "crypto/rand" - "crypto/rsa" - "crypto/sha256" - "crypto/x509" - "log" - "syscall" - "unsafe" -) - -type ( - KeySerial int32 - Keyring int32 - KeyOps = uintptr -) - -const ( - KEY_SPEC_PROCESS_KEYRING Keyring = -2 - KEYCTL_PKEY_SIGN KeyOps = 27 - KEYCTL_PKEY_VERIFY KeyOps = 28 -) - -var ( - keyTypeAsym = []byte("asymmetric\x00") - sha256pkcs1 = []byte("enc=pkcs1 hash=sha256\x00") -) - -func (keyring Keyring) LoadAsym(desc string, payload []byte) (KeySerial, error) { - cdesc := []byte(desc + "\x00") - serial, _, errno := syscall.Syscall6( - syscall.SYS_ADD_KEY, - uintptr(unsafe.Pointer(&keyTypeAsym[0])), - uintptr(unsafe.Pointer(&cdesc[0])), - uintptr(unsafe.Pointer(&payload[0])), - uintptr(len(payload)), - uintptr(keyring), - uintptr(0), - ) - if errno == 0 { - return KeySerial(serial), nil - } - - return KeySerial(serial), errno -} - -type pkeyParams struct { - key_id KeySerial - in_len uint32 - out_or_in2_len uint32 - __spare [7]uint32 -} - -func (key KeySerial) Sign(info, digest, signature []byte) error { - var params pkeyParams - params.key_id = key - params.in_len = uint32(len(digest)) - params.out_or_in2_len = uint32(len(signature)) - - _, _, errno := syscall.Syscall6( - syscall.SYS_KEYCTL, KEYCTL_PKEY_SIGN, - uintptr(unsafe.Pointer(¶ms)), - uintptr(unsafe.Pointer(&info[0])), - uintptr(unsafe.Pointer(&digest[0])), - uintptr(unsafe.Pointer(&signature[0])), - uintptr(0), - ) - if errno == 0 { - return nil - } - - return errno -} - -func (key KeySerial) Verify(info, digest, signature []byte) error { - var params pkeyParams - params.key_id = key - params.in_len = uint32(len(digest)) - params.out_or_in2_len = uint32(len(signature)) - - _, _, errno := syscall.Syscall6( - syscall.SYS_KEYCTL, KEYCTL_PKEY_VERIFY, - uintptr(unsafe.Pointer(¶ms)), - uintptr(unsafe.Pointer(&info[0])), - uintptr(unsafe.Pointer(&digest[0])), - uintptr(unsafe.Pointer(&signature[0])), - uintptr(0), - ) - if errno == 0 { - return nil - } - - return errno -} - -func loadKeyToKernel(key crypto.PrivateKey) KeySerial { - pkcs8, err := x509.MarshalPKCS8PrivateKey(key) - if err != nil { - log.Fatalf("failed to serialize the private key to PKCS8 blob: %v", err) - } - - serial, err := KEY_SPEC_PROCESS_KEYRING.LoadAsym("test rsa key", pkcs8) - if err != nil { - log.Fatalf("failed to load the private key into the keyring: %v", err) - } - - log.Printf("Loaded key of length %v to the kernel with ID: %v", len(pkcs8), serial) - - return serial -} - -func main() { - const N = 2048 - - var ( - msg = []byte("hello world") - digest = sha256.Sum256(msg) - signature [N / 8]byte - ) - - priv, err := rsa.GenerateKey(rand.Reader, N) - if err != nil { - log.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel := loadKeyToKernel(priv) - - err = keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) - if err != nil { - log.Fatalf("failed to sign the digest: %v", err) - } - log.Printf("Signature from Kernel: %x...", signature[:10]) - - err = keyInKernel.Verify(sha256pkcs1, digest[:], signature[:]) - if err != nil { - log.Fatalf("failed to verify the digest: %v", err) - } - log.Printf("Valid signature from Kernel: %v", err == nil) - - err = rsa.VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, digest[:], signature[:]) - log.Printf("Valid signature from Go: %v", err == nil) - if err != nil { - log.Fatalf("failed to verify the signature: %v", err) - } -} diff --git a/zeta/rsa_bench/rsa_test.go b/zeta/rsa_bench/rsa_test.go deleted file mode 100644 index 853ca6644e73e..0000000000000 --- a/zeta/rsa_bench/rsa_test.go +++ /dev/null @@ -1,94 +0,0 @@ -package main - -import ( - "crypto" - "crypto/rand" - "crypto/rsa" - "crypto/sha256" - "testing" -) - -func kernelSetup(b *testing.B) (KeySerial, []byte, []byte) { - const N = 2048 - - var ( - msg = []byte("hello world") - digest = sha256.Sum256(msg) - signature [N / 8]byte - ) - - priv, err := rsa.GenerateKey(rand.Reader, N) - if err != nil { - b.Fatalf("failed to generate private key: %v", err) - } - - keyInKernel := loadKeyToKernel(priv) - - return keyInKernel, digest[:], signature[:] -} - -func BenchmarkRSAKernelSign(b *testing.B) { - keyInKernel, digest, signature := kernelSetup(b) - - b.ResetTimer() - for i := 0; i < b.N; i++ { - err := keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - } -} - -func BenchmarkRSAKernelVerify(b *testing.B) { - keyInKernel, digest, signature := kernelSetup(b) - - err := keyInKernel.Sign(sha256pkcs1, digest[:], signature[:]) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - - b.ResetTimer() - for i := 0; i < b.N; i++ { - err := keyInKernel.Verify(sha256pkcs1, digest[:], signature[:]) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - } -} - -func BenchmarkRSAGo(b *testing.B) { - const N = 2048 - - var ( - msg = []byte("hello world") - digest = sha256.Sum256(msg) - ) - - priv, err := rsa.GenerateKey(rand.Reader, N) - if err != nil { - b.Fatalf("failed to generate private key: %v", err) - } - - signature, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - - b.Run("Sign", func(b *testing.B) { - for i := 0; i < b.N; i++ { - _, err := priv.Sign(rand.Reader, digest[:], crypto.SHA256) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - } - }) - - b.Run("Verify", func(b *testing.B) { - for i := 0; i < b.N; i++ { - err := rsa.VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, digest[:], signature[:]) - if err != nil { - b.Fatalf("failed to sign the digest: %v", err) - } - } - }) -} From f38e33801bf4e083a6ec32f344d73d324dc408b8 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 23 Sep 2024 18:18:19 +0200 Subject: [PATCH 53/53] add cli to signing tool --- zeta/signing_tool/cmd/signing_tool/main.go | 259 +++++++++++++++++++++ zeta/signing_tool/ecdsa.go | 11 + zeta/signing_tool/go.sum | 8 + zeta/signing_tool/rsa.go | 8 + zeta/signing_tool/signing_tool.go | 15 ++ 5 files changed, 301 insertions(+) create mode 100644 zeta/signing_tool/cmd/signing_tool/main.go diff --git a/zeta/signing_tool/cmd/signing_tool/main.go b/zeta/signing_tool/cmd/signing_tool/main.go new file mode 100644 index 0000000000000..0ca4cee1b272b --- /dev/null +++ b/zeta/signing_tool/cmd/signing_tool/main.go @@ -0,0 +1,259 @@ +package main + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/rsa" + "encoding/hex" + "fmt" + "os" + "strconv" + + "github.com/urfave/cli/v2" + + "github.com/cryspen/signing_tool" +) + +var ( + algName string + keyringName string +) + +func main() { + app := cli.App{ + Name: "signing_tool", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "algorithm name", + Value: "ecdsa-p256", + Usage: "Algorithm to use. Acceptable Values: rsa2048, ecdsa-p256, ecdsa-p384", + Destination: &algName, + }, + &cli.StringFlag{ + Name: "keyring name", + Value: "user", + Usage: "Keyring to use. Acceptable Values: user-session, session, user, process", + Destination: &keyringName, + }, + }, + Commands: []*cli.Command{ + { + Name: "keygen", + Description: "takes key name as first argument", + Action: exitify(keygen), + }, + { + Name: "sign", + Description: "takes key serial as first argument and hash as the second argument", + Action: exitify(sign), + }, + { + Name: "verify", + Description: "takes key name as first argument", + Action: exitify(verify), + }, + }, + } + + app.Run(os.Args) +} + +func exitify(f func(*cli.Context) error) func(*cli.Context) error { + return func(cCtx *cli.Context) error { + err := f(cCtx) + if err != nil { + return cli.Exit(err, 1) + } + + return nil + } +} + +func keygen(cCtx *cli.Context) error { + var ( + name = cCtx.Args().Get(0) + keyring signing_tool.Keyring + ) + + if name == "" { + fmt.Println("please provide a name") + } + + if keyringName == "user" { + keyring = signing_tool.UserKeyring() + } else if keyringName == "session" { + keyring = signing_tool.SessionKeyring() + } else if keyringName == "process" { + keyring = signing_tool.ProcessKeyring() + } else if keyringName == "user-session" { + keyring = signing_tool.UserSessionKeyring() + } else { + return fmt.Errorf("invalid keyring name: %q", keyringName) + } + + if algName == "rsa2048" { + key, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + return err + } + + rsa_key, err := keyring.LoadRsaPrivateKey(name, key) + if err != nil { + return err + } + + fmt.Println("serial:", rsa_key.Serial()) + + } else if algName == "ecdsa-p256" { + key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return err + } + + serial, err := keyring.LoadPrivateKey(name, key) + if err != nil { + fmt.Println("wat1", err) + return err + } + + fmt.Println("serial:", serial) + + } else if algName == "ecdsa-p384" { + key, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + if err != nil { + return err + } + + serial, err := keyring.LoadPrivateKey(name, key) + if err != nil { + return err + } + + fmt.Println("serial:", serial) + } else { + return fmt.Errorf("invalid algorithm name: %q", algName) + } + + return nil +} + +func sign(cCtx *cli.Context) error { + var ( + serialString = cCtx.Args().Get(0) + hashString = cCtx.Args().Get(1) + signature []byte + ) + + serialI64, err := strconv.ParseInt(serialString, 10, 32) + if err != nil { + return fmt.Errorf("error parsing serial as number: %w", err) + } + + serial := signing_tool.KeySerial(serialI64) + + hash, err := hex.DecodeString(hashString) + if err != nil { + return fmt.Errorf("error parsing hash as hex: %w", err) + } + + if algName == "rsa2048" { + key := signing_tool.RsaKeyFromSerial(serial) + signatureBuffer := key.MakeSignatureBuffer() + signature, err = key.SignRsaPrehashed(hash, signatureBuffer) + if err != nil { + return err + } + + } else if algName == "ecdsa-p256" { + key := signing_tool.EcdsaKeyFromSerialAndSize(serial, 256) + if err != nil { + return err + } + + signatureBuffer := key.MakeSignatureBuffer() + signature, err = key.SignPrehashed(hash, signatureBuffer) + if err != nil { + return err + } + + } else if algName == "ecdsa-p384" { + key := signing_tool.EcdsaKeyFromSerialAndSize(serial, 384) + if err != nil { + return err + } + + signatureBuffer := key.MakeSignatureBuffer() + signature, err = key.SignPrehashed(hash, signatureBuffer) + if err != nil { + return err + } + + } else { + return fmt.Errorf("invalid algorithm name: %q", algName) + } + + fmt.Println("signature:", hex.EncodeToString(signature)) + + return nil +} + +func verify(cCtx *cli.Context) error { + var ( + serialString = cCtx.Args().Get(0) + hashString = cCtx.Args().Get(1) + signatureString = cCtx.Args().Get(2) + ) + + serialI64, err := strconv.ParseInt(serialString, 10, 32) + if err != nil { + return fmt.Errorf("error parsing serial as number: %w", err) + } + + serial := signing_tool.KeySerial(serialI64) + + hash, err := hex.DecodeString(hashString) + if err != nil { + return fmt.Errorf("error parsing hash as hex: %w", err) + } + + signature, err := hex.DecodeString(signatureString) + if err != nil { + return fmt.Errorf("error parsing signature as hex: %w", err) + } + + if algName == "rsa2048" { + key := signing_tool.RsaKeyFromSerial(serial) + if err := key.VerifyRsaPrehashed(hash, signature); err != nil { + fmt.Println("verification error:", err) + } else { + fmt.Println("ok") + } + } else if algName == "ecdsa-p256" { + key := signing_tool.EcdsaKeyFromSerialAndSize(serial, 256) + if err != nil { + return err + } + + if err := key.VerifyPrehashed(hash, signature); err != nil { + fmt.Println("verification error:", err) + } else { + fmt.Println("ok") + } + } else if algName == "ecdsa-p384" { + key := signing_tool.EcdsaKeyFromSerialAndSize(serial, 384) + if err != nil { + return err + } + + if err := key.VerifyPrehashed(hash, signature); err != nil { + fmt.Println("verification error:", err) + } else { + fmt.Println("ok") + } + } else { + return fmt.Errorf("invalid algorithm name: %q", algName) + } + + return nil +} diff --git a/zeta/signing_tool/ecdsa.go b/zeta/signing_tool/ecdsa.go index a5288c9ab4983..08d96d258e175 100644 --- a/zeta/signing_tool/ecdsa.go +++ b/zeta/signing_tool/ecdsa.go @@ -18,6 +18,17 @@ type EcdsaKey struct { keySize int } +func EcdsaKeyFromSerialAndSize(serial KeySerial, keySize int) EcdsaKey { + return EcdsaKey{ + serial, + keySize, + } +} + +func (key EcdsaKey) Serial() int32 { + return int32(key.serial) +} + func (key EcdsaKey) MakeSignatureBuffer() []byte { if key.keySize == 256 { return make([]byte, ecdsaP256SigLen) diff --git a/zeta/signing_tool/go.sum b/zeta/signing_tool/go.sum index e20fa14b0bb7b..f28ee36bf42e5 100644 --- a/zeta/signing_tool/go.sum +++ b/zeta/signing_tool/go.sum @@ -1,9 +1,17 @@ +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/urfave/cli/v2 v2.27.4 h1:o1owoI+02Eb+K107p27wEX9Bb8eqIoZCfLXloLUSWJ8= +github.com/urfave/cli/v2 v2.27.4/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ= +github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4= +github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/zeta/signing_tool/rsa.go b/zeta/signing_tool/rsa.go index df4e3c1e7fa0e..1fa093cf4f313 100644 --- a/zeta/signing_tool/rsa.go +++ b/zeta/signing_tool/rsa.go @@ -12,6 +12,14 @@ type RsaKey struct { serial KeySerial } +func RsaKeyFromSerial(serial KeySerial) RsaKey { + return RsaKey{serial} +} + +func (key RsaKey) Serial() int32 { + return int32(key.serial) +} + func (key RsaKey) MakeSignatureBuffer() []byte { return make([]byte, rsaSigLen) } diff --git a/zeta/signing_tool/signing_tool.go b/zeta/signing_tool/signing_tool.go index 62522f8fedfa5..cd8ddb0cfb1e6 100644 --- a/zeta/signing_tool/signing_tool.go +++ b/zeta/signing_tool/signing_tool.go @@ -25,6 +25,21 @@ func ProcessKeyring() Keyring { return -2 } +// Return the key ring of the current session. +func SessionKeyring() Keyring { + return -3 +} + +// Return the key ring of the current user. +func UserKeyring() Keyring { + return -4 +} + +// Return the key ring of the current user-session. +func UserSessionKeyring() Keyring { + return -5 +} + func (keyring Keyring) LoadRsaPrivateKey(name string, key *rsa.PrivateKey) (RsaKey, error) { serial, err := keyring.LoadPrivateKey(name, key) if err != nil {