Phase 3: SHA512 integrity check and closing the final FIPS requirements gaps

[kaleb-himes]

Description

This PR is 6 major items as follows:

1. What got missed from the FIPS standards - fix
2. Add a new CAST benchmark app so one can see how long the power up tests take
3. Classic DH is leaving the FIPS module in it's entirety (No more FFDHE)
4. Get AESNI working in 32-bit linux kernel space
5. Get ARM 32 (Neon) working in 32-bit linux kernel space
6. Get ARM 64 (ARMv8) working in 64-bit linux kernel space (edited)

Testing

<head></head>
OE | Arch / Space | C1 | C2 | C3
-- | -- | -- | -- | --
U3 | x86_64 Intel · user | ✅ | ✅ | ✅
U5 | x86_64 AMD · user | ✅ | ✅ | ✅
U1 | i386 Intel · user | ✅ | ✅ | ✅ AES-NI
U7 | ARM64 · user | — | — | ✅ armasm
U6 | ARM32 · user | — | — | ✅ armasm
U4 | x86_64 Windows · MSVC | ✅ | ✅ | ✅ AES-NI
U2 | i386 Windows · MSVC | ✅ | ✅ | ⚪ NA
K1 | i386 · kernel | ✅ | ✅ | ✅ AES-NI
K2 | x86_64 Intel · kernel | ✅ | ✅ | ✅
K3 | x86_64 AMD · kernel | ✅ | ✅ | ✅
K4 | ARM32 · kernel | ✅ | ✅ | ✅ armasm
K5 | ARM64 · kernel | ✅ | ✅ | ✅ armasm

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[github-actions]

MemBrowse Memory Report

gcc-arm-cortex-m3

• FLASH: .text +32 B (+0.0%, 121,441 B / 262,144 B, total: 46% used)

gcc-arm-cortex-m4

• FLASH: .rodata.CSWTCH.1 +20 B, .rodata.str1.1 +214 B, .text +64 B (+0.1%, 199,350 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m4-baremetal

• FLASH: .text +64 B (+0.1%, 66,123 B / 262,144 B, total: 25% used)

gcc-arm-cortex-m4-crypto-only

• FLASH: .rodata.CSWTCH.1 +20 B, .rodata.str1.1 +214 B (+0.1%, 173,908 B / 262,144 B, total: 66% used)

gcc-arm-cortex-m4-dtls13

• FLASH: .text +64 B (+0.0%, 179,864 B / 1,048,576 B, total: 17% used)

gcc-arm-cortex-m4-openssl-compat

• FLASH: .rodata +232 B, .text +64 B (+0.0%, 768,428 B / 1,048,576 B, total: 73% used)

gcc-arm-cortex-m4-pkcs7

• FLASH: .rodata.CSWTCH.1 +20 B, .rodata.str1.1 +214 B, .text +64 B (+0.1%, 211,671 B / 262,144 B, total: 81% used)

gcc-arm-cortex-m4-pq

• FLASH: .rodata +236 B, .text +192 B (+0.2%, 278,364 B / 1,048,576 B, total: 27% used)

gcc-arm-cortex-m4-rsa-only

• FLASH: .rodata +232 B, .text +64 B (+0.1%, 323,768 B / 1,048,576 B, total: 31% used)

gcc-arm-cortex-m4-tls13

• FLASH: .rodata.CSWTCH.1 +20 B, .rodata.str1.1 +214 B (+0.1%, 234,984 B / 262,144 B, total: 90% used)

gcc-arm-cortex-m7

• FLASH: .rodata.CSWTCH.1 +20 B, .rodata.str1.1 +214 B (+0.1%, 199,286 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m7-pq

• FLASH: .rodata +236 B, .text +192 B (+0.2%, 278,940 B / 1,048,576 B, total: 27% used)

gcc-arm-cortex-m7-tls13

• FLASH: .rodata.CSWTCH.1 +20 B, .rodata.str1.1 +214 B, .text +64 B (+0.1%, 235,048 B / 262,144 B, total: 90% used)

linuxkm-pie

• Data: __patchable_function_entries +8 B (+0.0%, 24,296 B)

stm32-sim-stm32h753

• FLASH: .text +240 B (+0.1%, 181,924 B / 2,097,152 B, total: 9% used)
  No memory changes detected for:
• gcc-arm-cortex-m0plus
• gcc-arm-cortex-m4-min-ecc
• gcc-arm-cortex-m4-sp-math
• gcc-arm-cortex-m4-tls12

[Frauschi]

Only found one small possible memory usage optimization. Otherwise LGTM

[kaleb-himes]

retest this please.

Fixed noted items, dismissing review for a re-review.

[kaleb-himes]

NOTE: The following error is expected until both the FIPS PR and this one are merged since fips.c won't have the new integrity check size (SHA512) till both PR's are merged. We should coordinate the merging of both during a lul period to be least disruptive.

make -j17  check-recursive
make[1]: Entering directory '/extend/var/lib/jenkins/workspace/PRB-fips-ready-config/wolfssl-fips'
make[2]: Entering directory '/extend/var/lib/jenkins/workspace/PRB-fips-ready-config/wolfssl-fips'
make[2]: warning: -j17 forced in submake: resetting jobserver mode.
  CC       wolfcrypt/src/src_libwolfssl_la-fips_test.lo
In file included from ./wolfssl/wolfcrypt/libwolfssl_sources.h:46,
                 from wolfcrypt/src/fips_test.c:22:
./wolfssl/wolfcrypt/types.h:2231:40: error: static assertion failed: "sizeof(verifyCore) == WC_SHA256_DIGEST_SIZE*2 + 1"
 2231 |         #define wc_static_assert(expr) _Static_assert(expr, #expr)
      |                                        ^~~~~~~~~~~~~~
wolfcrypt/src/fips_test.c:4414:1: note: in expansion of macro ‘wc_static_assert’
 4414 | wc_static_assert(sizeof(verifyCore) == WC_SHA256_DIGEST_SIZE*2 + 1);
      | ^~~~~~~~~~~~~~~~
cc1: error: unrecognized command line option ‘-Wno-deprecated-enum-enum-conversion’ [-Werror]
cc1: all warnings being treated as errors
make[2]: *** [Makefile:9303: wolfcrypt/src/src_libwolfssl_la-fips_test.lo] Error 1
make[2]: Leaving directory '/extend/var/lib/jenkins/workspace/PRB-fips-ready-config/wolfssl-fips'
make[1]: *** [Makefile:12363: check-recursive] Error 1
make[1]: Leaving directory '/extend/var/lib/jenkins/workspace/PRB-fips-ready-config/wolfssl-fips'
make: *** [Makefile:12832: check] Error 2

[github-actions]

retest this please