Enable 64-bit bignum limbs and add optimized multiplication for Aarch64

.github/issue_template.md

@@ -1,41 +1,44 @@
-Note: This is just a template, so feel free to use/remove the unnecessary things
+<!--
 
-### Description
-- Type: Bug | Enhancement\Feature Request | Question
-- Priority: Blocker | Major | Minor
-
----------------------------------------------------------------
-## Bug
-
-**OS**  
-Mbed OS|linux|windows|
-
-**mbed TLS build:**  
-Version: x.x.x or git commit id  
-OS version: x.x.x  
-Configuration: please attach config.h file where possible  
-Compiler and options (if you used a pre-built binary, please indicate how you obtained it):  
-Additional environment information:  
+   ************************************** WARNING **************************************
 
-**Peer device TLS stack and version**  
-OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other  
-Version:  
+   The ciarcom bot parses this header automatically. Any deviation from the 
+   template may cause the bot to automatically correct this header or may result in a 
+   warning message, requesting updates.
 
-**Expected behavior**   
+   Please ensure that nothing follows the Issue request type section, all 
+   issue details are within the Description section and no changes are made to the 
+   template format (as detailed below).
 
-**Actual behavior**  
+   *************************************************************************************
 
-**Steps to reproduce**  
+-->
 
-----------------------------------------------------------------
-## Enhancement\Feature Request
-
-**Justification - why does the library need this feature?**  
-
-**Suggested enhancement**  
-
------------------------------------------------------------------
+### Description
 
-## Question
+<!--
+    Required
+    Add detailed description of what you are reporting.
+    Good example: https://os.mbed.com/docs/latest/reference/workflow.html
+    Things to consider sharing:
+    - What target does this relate to?
+    - What toolchain (name + version) are you using?
+    - What tools (name + version - is it mbed-cli, online compiler or IDE) are you using?
+    - What is the SHA of Mbed OS (git log -n1 --oneline)?
+    - Steps to reproduce. (Did you publish code or a test case that exhibits the problem?)
+-->
+
+
+### Issue request type
+
+<!--
+    Required
+    Please add only one X to one of the following types. Do not fill multiple types (split the issue otherwise.)
+    Please note this is not a GitHub task list, indenting the boxes or changing the format to add a '.' or '*' in front
+    of them would change the meaning incorrectly. The only changes to be made are to add a description text under the
+    description heading and to add a 'x' to the correct box.
+-->
+    [ ] Question
+    [ ] Enhancement
+    [ ] Bug
 
-**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://forums.mbed.com/c/mbed-tls)**  

.travis.yml

@@ -22,13 +22,8 @@ script:
 - make
 - make test
 - programs/test/selftest
-- OSSL_NO_DTLS=1 tests/compat.sh
-- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
 - tests/scripts/test-ref-configs.pl
 - tests/scripts/curves.pl
-- tests/scripts/key-exchanges.pl
-after_failure:
-- tests/scripts/travis-log-failure.sh
 env:
   global:
     - SEED=1

3rdparty/.gitignore

@@ -0,0 +1 @@
+/Makefile

3rdparty/CMakeLists.txt

@@ -0,0 +1,11 @@
+list (APPEND thirdparty_src)
+list (APPEND thirdparty_lib)
+list (APPEND thirdparty_inc)
+list (APPEND thirdparty_def)
+
+add_subdirectory(everest)
+
+set(thirdparty_src ${thirdparty_src} PARENT_SCOPE)
+set(thirdparty_lib ${thirdparty_lib} PARENT_SCOPE)
+set(thirdparty_inc ${thirdparty_inc} PARENT_SCOPE)
+set(thirdparty_def ${thirdparty_def} PARENT_SCOPE)

3rdparty/Makefile.inc

@@ -0,0 +1,5 @@
+ifeq ($(INCLUDING_FROM_MBEDTLS), 1)
+include ../crypto/3rdparty/everest/Makefile.inc
+else
+include ../3rdparty/everest/Makefile.inc
+endif

3rdparty/everest/.gitignore

@@ -0,0 +1,2 @@
+*.o
+Makefile

3rdparty/everest/CMakeLists.txt

@@ -0,0 +1,31 @@
+list (APPEND everest_src)
+list (APPEND everest_inc)
+list (APPEND everest_def)
+
+set(everest_src
+  ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c
+  ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c
+  ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519_joined.c
+)
+
+list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib)
+
+execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
+
+if(${result} EQUAL 0)
+
+  if(INSTALL_MBEDTLS_HEADERS)
+
+    install(DIRECTORY include/everest
+      DESTINATION include
+      FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+      DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+      FILES_MATCHING PATTERN "*.h")
+
+  endif(INSTALL_MBEDTLS_HEADERS)
+
+endif()
+
+set(thirdparty_src ${thirdparty_src} ${everest_src} PARENT_SCOPE)
+set(thirdparty_inc ${thirdparty_inc} ${everest_inc} PARENT_SCOPE)
+set(thirdparty_def ${thirdparty_def} ${everest_def} PARENT_SCOPE)

3rdparty/everest/Makefile.inc

@@ -0,0 +1,6 @@
+THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib
+
+THIRDPARTY_CRYPTO_OBJECTS+= \
+	../3rdparty/everest/library/everest.o \
+	../3rdparty/everest/library/x25519.o \
+	../3rdparty/everest/library/Hacl_Curve25519_joined.o

3rdparty/everest/README.md

@@ -0,0 +1,5 @@
+The files in this directory stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
+
+This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS.
+
+The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).

3rdparty/everest/include/everest/Hacl_Curve25519.h

@@ -0,0 +1,21 @@
+/* Copyright (c) INRIA and Microsoft Corporation. All rights reserved.
+   Licensed under the Apache 2.0 License. */
+
+/* This file was generated by KreMLin <https://github.com/FStarLang/kremlin>
+ * KreMLin invocation: /mnt/e/everest/verify/kremlin/krml -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -fbuiltin-uint128 -fc89 -fparentheses -fno-shadow -header /mnt/e/everest/verify/hdrcLh -minimal -I /mnt/e/everest/verify/hacl-star/code/lib/kremlin -I /mnt/e/everest/verify/kremlin/kremlib/compat -I /mnt/e/everest/verify/hacl-star/specs -I /mnt/e/everest/verify/hacl-star/specs/old -I . -ccopt -march=native -verbose -ldopt -flto -tmpdir x25519-c -I ../bignum -bundle Hacl.Curve25519=* -minimal -add-include "kremlib.h" -skip-compilation x25519-c/out.krml -o x25519-c/Hacl_Curve25519.c
+ * F* version: 059db0c8
+ * KreMLin version: 916c37ac
+ */
+
+
+
+#ifndef __Hacl_Curve25519_H
+#define __Hacl_Curve25519_H
+
+
+#include "kremlib.h"
+
+void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint);
+
+#define __Hacl_Curve25519_H_DEFINED
+#endif