updating the build with SGX

IDE/LINUX-SGX/build.sh

@@ -1,9 +1,17 @@
 #!/bin/sh
 
 
-CFLAGS_NEW="-DDEBUG_WOLFSSL"
+CFLAGS_NEW="-DDEBUG_WOLFSSL -I/usr/lib/gcc/x86_64-linux-gnu/$(gcc -dumpversion)/include"
 export CFLAGS="${CFLAGS} ${CFLAGS_NEW}"
 echo ${CFLAGS}
 
-make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1
+NEW_INCLUDE_PATH="$C_INCLUDE_PATH:/usr/lib/gcc/x86_64-linux-gnu/$(gcc -dumpversion)/include"
+export C_INCLUDE_PATH="$NEW_INCLUDE_PATH"
+
+
+# Build without assembly optimizations
+#make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1
+
+# Build with assembly optimizations
+make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1 HAVE_WOLFSSL_ASSEMBLY=1
 

IDE/LINUX-SGX/clean.sh

@@ -1,3 +1,4 @@
 #!/bin/sh
 
-make -f sgx_t_static.mk clean
+make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1 HAVE_WOLFSSL_ASSEMBLY=1 clean
+

IDE/LINUX-SGX/sgx_t_static.mk

@@ -44,14 +44,16 @@ endif
 
 Crypto_Library_Name := sgx_tcrypto
 
-Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX
+Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX\
+			 -DWOLFSSL_CUSTOM_CONFIG
 
 Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/arc4.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/asn.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/camellia.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/coding.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/chacha.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.c\
 					$(WOLFSSL_ROOT)/src/crl.c\
@@ -88,11 +90,40 @@ Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/signature.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.c\
 					$(WOLFSSL_ROOT)/src/ssl.c\
 					$(WOLFSSL_ROOT)/src/tls.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c\
-					$(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.c
+
+
+ifeq ($(HAVE_WOLFSSL_ASSEMBLY), 1)
+	Wolfssl_ASM_Files := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.asm\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64_asm.asm
+
+	Wolfssl_S_Files := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sha256_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/aes_xts_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sha3_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/chacha_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.S
+
+
+	Wolfssl_C_Extra_Flags += -DWOLFSSL_X86_64_BUILD\
+               -DWOLFSSL_AESNI\
+               -maes -mavx -mavx2 -msse4.2
+
+ifeq ($(HAVE_WOLFSSL_SP), 1)
+    Wolfssl_C_Extra_Flags += -DWOLFSSL_SP_X86_64_ASM\
+			   -DWOLFSSL_SP_X86_64\
+			   -DWOLFSSL_SP_ASM
+endif
+endif
 
 Wolfssl_Include_Paths := -I$(WOLFSSL_ROOT)/ \
 						 -I$(WOLFSSL_ROOT)/wolfcrypt/ \
@@ -111,7 +142,8 @@ endif
 ifeq ($(HAVE_WOLFSSL_SP), 1)
     Wolfssl_C_Extra_Flags += -DWOLFSSL_HAVE_SP_RSA \
                              -DWOLFSSL_HAVE_SP_DH  \
-                             -DWOLFSSL_HAVE_SP_ECC
+                             -DWOLFSSL_HAVE_SP_ECC \
+                             -DWOLFSSL_SP_MATH_ALL
 endif
 
 
@@ -128,6 +160,8 @@ Wolfssl_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefau
 	-Wl,--version-script=trusted/wolfcrypt.lds
 
 Wolfssl_C_Objects := $(Wolfssl_C_Files:.c=.o)
+Wolfssl_C_Objects += $(Wolfssl_S_Files:.S=.o)
+Wolfssl_C_Objects += $(Wolfssl_ASM_Files:.asm=.o)
 
 ifeq ($(SGX_MODE), HW)
 ifneq ($(SGX_DEBUG), 1)
@@ -137,17 +171,17 @@ endif
 endif
 endif
 
-override CFLAGS += $(Wolfssl_C_Flags)
+override CPPFLAGS += $(Wolfssl_C_Flags)
 
 .PHONY: all run
 
 all: libwolfssl.sgx.static.lib.a
 
 ######## WolfSSL Objects ########
-
 libwolfssl.sgx.static.lib.a: $(Wolfssl_C_Objects)
 	ar rcs libwolfssl.sgx.static.lib.a $(Wolfssl_C_Objects)
 	@echo "LINK =>  $@"
+	@echo "Built with AES-NI ? $(HAVE_WOLFSSL_ASSEMBLY)"
 
 clean:
 	@rm -f $(WOLFSSL_ROOT)/wolfcrypt/benchmark/*.o $(WOLFSSL_ROOT)/wolfcrypt/test/*.o static_trusted/wolfssl_t.* libwolfssl.sgx.static.lib.a  $(Wolfssl_C_Objects)

wolfcrypt/src/cpuid.c

@@ -29,7 +29,34 @@
     static word32 cpuid_flags = 0;
 #endif
 
-#ifdef HAVE_CPUID_INTEL
+#if defined(HAVE_CPUID_INTEL) && defined(WOLFSSL_SGX)
+    /* @TODO calling cpuid from a trusted enclave needs additional hardening.
+     * For initial benchmarking, the cpu support is getting hard set.
+     * Another thing of note is cpuid calls cause a SIGILL signal, see
+     * github issue #5 on intel/intel-sgx-ssl */
+
+    /* For tying in an actual external call to cpuid this header and function
+     * call would be used :
+     * #include <sgx_cpuid.h>
+     * #define cpuid(reg, leaf, sub) sgx_cpuidex((reg),(leaf),(sub))
+     */
+    void cpuid_set_flags(void)
+    {
+        if (!cpuid_check) {
+            cpuid_flags |= CPUID_AVX1;
+            cpuid_flags |= CPUID_AVX2;
+            cpuid_flags |= CPUID_BMI2;
+            cpuid_flags |= CPUID_RDSEED;
+            cpuid_flags |= CPUID_AESNI;
+            cpuid_flags |= CPUID_ADX;
+            cpuid_flags |= CPUID_MOVBE;
+            cpuid_flags |= CPUID_BMI1;
+
+            cpuid_check = 1;
+        }
+    }
+
+#elif defined(HAVE_CPUID_INTEL)
     /* Each platform needs to query info type 1 from cpuid to see if aesni is
      * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
      */

wolfcrypt/src/sp_x86_64.c

@@ -487,7 +487,7 @@ static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -1169,7 +1169,7 @@ static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -3494,7 +3494,7 @@ static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -4176,7 +4176,7 @@ static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -6307,7 +6307,7 @@ static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -24986,7 +24986,7 @@ static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -50020,7 +50020,7 @@ static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -91135,7 +91135,7 @@ static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -93378,7 +93378,7 @@ static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"