Estimated savings: ~350-400 lines removed, ~28 bytes per WOLFSPDM_CTX from bit-field packing.

Author: aidangarske

spdm/src/spdm_context.c

@@ -44,15 +44,15 @@ int wolfSPDM_Init(WOLFSPDM_CTX* ctx)
     if (rc != 0) {
         return WOLFSPDM_E_CRYPTO_FAIL;
     }
-    ctx->rngInitialized = 1;
+    ctx->flags.rngInitialized = 1;
 
     /* Set default requester capabilities */
     ctx->reqCaps = WOLFSPDM_DEFAULT_REQ_CAPS;
 
     /* Set default session ID (0x0001 is valid; 0x0000/0xFFFF are reserved) */
     ctx->reqSessionId = 0x0001;
 
-    ctx->initialized = 1;
+    ctx->flags.initialized = 1;
     /* isDynamic remains 0 — only wolfSPDM_New sets it */
 
     return WOLFSPDM_SUCCESS;
@@ -73,7 +73,7 @@ WOLFSPDM_CTX* wolfSPDM_New(void)
         XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return NULL;
     }
-    ctx->isDynamic = 1;  /* Tag AFTER Init so it isn't wiped */
+    ctx->flags.isDynamic = 1;  /* Tag AFTER Init so it isn't wiped */
 
     return ctx;
 }
@@ -87,29 +87,29 @@ void wolfSPDM_Free(WOLFSPDM_CTX* ctx)
 
 #ifdef WOLFSPDM_DYNAMIC_MEMORY
     {
-        int wasDynamic = ctx->isDynamic;
+        int wasDynamic = ctx->flags.isDynamic;
 #endif
 
     /* Free RNG */
-    if (ctx->rngInitialized) {
+    if (ctx->flags.rngInitialized) {
         wc_FreeRng(&ctx->rng);
     }
 
     /* Free ephemeral key */
-    if (ctx->ephemeralKeyInitialized) {
+    if (ctx->flags.ephemeralKeyInit) {
         wc_ecc_free(&ctx->ephemeralKey);
     }
 
     /* Free responder public key (used for measurement/challenge verification) */
-    if (ctx->hasResponderPubKey) {
+    if (ctx->flags.hasResponderPubKey) {
         wc_ecc_free(&ctx->responderPubKey);
     }
 
 #ifndef NO_WOLFSPDM_CHALLENGE
     /* Free M1/M2 challenge hash if still initialized */
-    if (ctx->m1m2HashInit) {
+    if (ctx->flags.m1m2HashInit) {
         wc_Sha384Free(&ctx->m1m2Hash);
-        ctx->m1m2HashInit = 0;
+        ctx->flags.m1m2HashInit = 0;
     }
 #endif
 
@@ -169,7 +169,7 @@ int wolfSPDM_SetResponderPubKey(WOLFSPDM_CTX* ctx,
 
     XMEMCPY(ctx->rspPubKey, pubKey, pubKeySz);
     ctx->rspPubKeyLen = pubKeySz;
-    ctx->hasRspPubKey = 1;
+    ctx->flags.hasRspPubKey = 1;
 
     return WOLFSPDM_SUCCESS;
 }
@@ -191,7 +191,7 @@ int wolfSPDM_SetRequesterKeyPair(WOLFSPDM_CTX* ctx,
     ctx->reqPrivKeyLen = privKeySz;
     XMEMCPY(ctx->reqPubKey, pubKey, pubKeySz);
     ctx->reqPubKeyLen = pubKeySz;
-    ctx->hasReqKeyPair = 1;
+    ctx->flags.hasReqKeyPair = 1;
 
     return WOLFSPDM_SUCCESS;
 }
@@ -225,15 +225,15 @@ int wolfSPDM_SetTrustedCAs(WOLFSPDM_CTX* ctx, const byte* derCerts,
 
     XMEMCPY(ctx->trustedCAs, derCerts, derCertsSz);
     ctx->trustedCAsSz = derCertsSz;
-    ctx->hasTrustedCAs = 1;
+    ctx->flags.hasTrustedCAs = 1;
 
     return WOLFSPDM_SUCCESS;
 }
 
 void wolfSPDM_SetDebug(WOLFSPDM_CTX* ctx, int enable)
 {
     if (ctx != NULL) {
-        ctx->debug = enable;
+        ctx->flags.debug = enable;
     }
 }
 
@@ -334,11 +334,11 @@ static int wolfSPDM_ConnectStandard(WOLFSPDM_CTX* ctx)
         wolfSPDM_GetCertificate(ctx, 0));
 
     /* Validate certificate chain if trusted CAs are loaded */
-    if (ctx->hasTrustedCAs) {
+    if (ctx->flags.hasTrustedCAs) {
         SPDM_CONNECT_STEP(ctx, "Validating certificate chain\n",
             wolfSPDM_ValidateCertChain(ctx));
     }
-    else if (!ctx->hasResponderPubKey) {
+    else if (!ctx->flags.hasResponderPubKey) {
         wolfSPDM_DebugPrint(ctx,
             "Warning: No trusted CAs loaded — chain not validated\n");
     }
@@ -361,7 +361,7 @@ int wolfSPDM_Connect(WOLFSPDM_CTX* ctx)
         return WOLFSPDM_E_INVALID_ARG;
     }
 
-    if (!ctx->initialized) {
+    if (!ctx->flags.initialized) {
         return WOLFSPDM_E_BAD_STATE;
     }
 
@@ -453,11 +453,8 @@ int wolfSPDM_SendReceive(WOLFSPDM_CTX* ctx,
             if (totalSz > sizeof(tcgTx)) {
                 return WOLFSPDM_E_BUFFER_SMALL;
             }
-            SPDM_Set16BE(tcgTx, WOLFSPDM_TCG_TAG_SECURED);
-            SPDM_Set32BE(tcgTx + 2, totalSz);
-            SPDM_Set32BE(tcgTx + 6, ctx->connectionHandle);
-            SPDM_Set16BE(tcgTx + 10, ctx->fipsIndicator);
-            XMEMSET(tcgTx + 12, 0, 4);  /* Reserved */
+            wolfSPDM_WriteTcgHeader(tcgTx, WOLFSPDM_TCG_TAG_SECURED,
+                totalSz, ctx->connectionHandle, ctx->fipsIndicator);
             XMEMCPY(tcgTx + WOLFSPDM_TCG_HEADER_SIZE, txBuf, txSz);
             tcgTxSz = (int)totalSz;
         }
@@ -538,7 +535,7 @@ void wolfSPDM_DebugPrint(WOLFSPDM_CTX* ctx, const char* fmt, ...)
 {
     va_list args;
 
-    if (ctx == NULL || !ctx->debug) {
+    if (ctx == NULL || !ctx->flags.debug) {
         return;
     }
 
@@ -554,7 +551,7 @@ void wolfSPDM_DebugHex(WOLFSPDM_CTX* ctx, const char* label,
 {
     word32 i;
 
-    if (ctx == NULL || !ctx->debug || data == NULL) {
+    if (ctx == NULL || !ctx->flags.debug || data == NULL) {
         return;
     }
 
@@ -575,7 +572,7 @@ void wolfSPDM_DebugHex(WOLFSPDM_CTX* ctx, const char* label,
 
 int wolfSPDM_GetMeasurementCount(WOLFSPDM_CTX* ctx)
 {
-    if (ctx == NULL || !ctx->hasMeasurements) {
+    if (ctx == NULL || !ctx->flags.hasMeasurements) {
         return 0;
     }
     return (int)ctx->measBlockCount;
@@ -586,7 +583,7 @@ int wolfSPDM_GetMeasurementBlock(WOLFSPDM_CTX* ctx, int blockIdx,
 {
     const WOLFSPDM_MEAS_BLOCK* blk;
 
-    if (ctx == NULL || !ctx->hasMeasurements) {
+    if (ctx == NULL || !ctx->flags.hasMeasurements) {
         return WOLFSPDM_E_INVALID_ARG;
     }
     if (blockIdx < 0 || blockIdx >= (int)ctx->measBlockCount) {

spdm/src/spdm_crypto.c

@@ -42,7 +42,7 @@ int wolfSPDM_GetRandom(WOLFSPDM_CTX* ctx, byte* out, word32 outSz)
         return WOLFSPDM_E_INVALID_ARG;
     }
 
-    if (!ctx->rngInitialized) {
+    if (!ctx->flags.rngInitialized) {
         return WOLFSPDM_E_BAD_STATE;
     }
 
@@ -64,14 +64,14 @@ int wolfSPDM_GenerateEphemeralKey(WOLFSPDM_CTX* ctx)
         return WOLFSPDM_E_INVALID_ARG;
     }
 
-    if (!ctx->rngInitialized) {
+    if (!ctx->flags.rngInitialized) {
         return WOLFSPDM_E_BAD_STATE;
     }
 
     /* Free existing key if any */
-    if (ctx->ephemeralKeyInitialized) {
+    if (ctx->flags.ephemeralKeyInit) {
         wc_ecc_free(&ctx->ephemeralKey);
-        ctx->ephemeralKeyInitialized = 0;
+        ctx->flags.ephemeralKeyInit = 0;
     }
 
     /* Initialize new key */
@@ -87,7 +87,7 @@ int wolfSPDM_GenerateEphemeralKey(WOLFSPDM_CTX* ctx)
         return WOLFSPDM_E_CRYPTO_FAIL;
     }
 
-    ctx->ephemeralKeyInitialized = 1;
+    ctx->flags.ephemeralKeyInit = 1;
     wolfSPDM_DebugPrint(ctx, "Generated P-384 ephemeral key\n");
 
     return WOLFSPDM_SUCCESS;
@@ -104,7 +104,7 @@ int wolfSPDM_ExportEphemeralPubKey(WOLFSPDM_CTX* ctx,
         return WOLFSPDM_E_INVALID_ARG;
     }
 
-    if (!ctx->ephemeralKeyInitialized) {
+    if (!ctx->flags.ephemeralKeyInit) {
         return WOLFSPDM_E_BAD_STATE;
     }
 
@@ -135,7 +135,7 @@ int wolfSPDM_ComputeSharedSecret(WOLFSPDM_CTX* ctx,
         return WOLFSPDM_E_INVALID_ARG;
     }
 
-    if (!ctx->ephemeralKeyInitialized) {
+    if (!ctx->flags.ephemeralKeyInit) {
         return WOLFSPDM_E_BAD_STATE;
     }
 
@@ -199,7 +199,7 @@ int wolfSPDM_SignHash(WOLFSPDM_CTX* ctx, const byte* hash, word32 hashSz,
         return WOLFSPDM_E_INVALID_ARG;
     }
 
-    if (!ctx->hasReqKeyPair || ctx->reqPrivKeyLen == 0) {
+    if (!ctx->flags.hasReqKeyPair || ctx->reqPrivKeyLen == 0) {
         wolfSPDM_DebugPrint(ctx, "No requester key pair for signing\n");
         return WOLFSPDM_E_BAD_STATE;
     }

spdm/src/spdm_internal.h

@@ -85,10 +85,20 @@ struct WOLFSPDM_CTX {
     /* State machine */
     int state;
 
-    /* Configuration flags */
-    int debug;
-    int initialized;
-    int isDynamic;          /* Set by wolfSPDM_New(), checked by wolfSPDM_Free() */
+    /* Boolean flags — packed into a bit-field struct to save ~28 bytes */
+    struct {
+        byte debug              : 1;
+        byte initialized        : 1;
+        byte isDynamic          : 1;  /* Set by wolfSPDM_New(), checked by Free */
+        byte rngInitialized     : 1;
+        byte ephemeralKeyInit   : 1;
+        byte hasRspPubKey       : 1;
+        byte hasReqKeyPair      : 1;
+        byte hasMeasurements    : 1;
+        byte hasResponderPubKey : 1;
+        byte hasTrustedCAs      : 1;
+        byte m1m2HashInit       : 1;
+    } flags;
 
     /* Protocol mode (standard SPDM or Nuvoton) */
     WOLFSPDM_MODE mode;
@@ -109,7 +119,6 @@ struct WOLFSPDM_CTX {
 
     /* Random number generator */
     WC_RNG rng;
-    int rngInitialized;
 
     /* Negotiated parameters */
     byte spdmVersion;           /* Negotiated SPDM version */
@@ -120,7 +129,6 @@ struct WOLFSPDM_CTX {
 
     /* Ephemeral ECDHE key (generated for KEY_EXCHANGE) */
     ecc_key ephemeralKey;
-    int ephemeralKeyInitialized;
 
     /* ECDH shared secret (P-384 X-coordinate = 48 bytes) */
     byte sharedSecret[WOLFSPDM_ECC_KEY_SIZE];
@@ -165,14 +173,12 @@ struct WOLFSPDM_CTX {
     /* Responder's identity public key (for cert-less mode like Nuvoton) */
     byte rspPubKey[128];  /* TPMT_PUBLIC (120 bytes for P-384) or raw X||Y (96) */
     word32 rspPubKeyLen;
-    int hasRspPubKey;
 
     /* Requester's identity key pair (for mutual auth) */
     byte reqPrivKey[WOLFSPDM_ECC_KEY_SIZE];
     word32 reqPrivKeyLen;
     byte reqPubKey[WOLFSPDM_ECC_POINT_SIZE];
     word32 reqPubKeyLen;
-    int hasReqKeyPair;
 
     /* Message buffers */
     byte sendBuf[WOLFSPDM_MAX_MSG_SIZE + WOLFSPDM_AEAD_TAG_SIZE];
@@ -186,7 +192,6 @@ struct WOLFSPDM_CTX {
     byte   measSummaryHash[WOLFSPDM_HASH_SIZE];     /* Summary hash from response */
     byte   measSignature[WOLFSPDM_ECC_SIG_SIZE];    /* Captured signature (96 bytes P-384) */
     word32 measSignatureSize;                       /* 0 if unsigned, 96 if signed */
-    int    hasMeasurements;
 
 #ifndef NO_WOLFSPDM_MEAS_VERIFY
     /* Saved GET_MEASUREMENTS request for L1/L2 transcript */
@@ -197,12 +202,10 @@ struct WOLFSPDM_CTX {
 
     /* Responder identity for signature verification (measurements + challenge) */
     ecc_key         responderPubKey;                /* Extracted from cert chain leaf */
-    int             hasResponderPubKey;             /* 1 if key extracted successfully */
 
     /* Certificate chain validation */
     byte   trustedCAs[WOLFSPDM_MAX_CERT_CHAIN];    /* DER-encoded root CAs */
     word32 trustedCAsSz;
-    int    hasTrustedCAs;                           /* 1 if CAs loaded */
 
 #ifndef NO_WOLFSPDM_CHALLENGE
     /* Challenge authentication */
@@ -217,7 +220,6 @@ struct WOLFSPDM_CTX {
      * This hash accumulates A+B during NegAlgo/GetDigests/GetCertificate,
      * then C is added in VerifyChallengeAuthSig. */
     wc_Sha384 m1m2Hash;
-    int       m1m2HashInit;                         /* 1 if m1m2Hash is initialized */
 #endif
 
     /* Key update state — app secrets for re-derivation */
@@ -268,6 +270,20 @@ static WC_INLINE word64 SPDM_Get64LE(const byte* buf) {
            ((word64)buf[6] << 48) | ((word64)buf[7] << 56);
 }
 
+/* Write TCG SPDM Binding header (16 bytes): tag(2/BE) + size(4/BE) +
+ * connHandle(4/BE) + fips(2/BE) + reserved(4) */
+#ifdef WOLFSPDM_NUVOTON
+static WC_INLINE void wolfSPDM_WriteTcgHeader(byte* buf, word16 tag,
+    word32 totalSz, word32 connHandle, word16 fips)
+{
+    SPDM_Set16BE(buf, tag);
+    SPDM_Set32BE(buf + 2, totalSz);
+    SPDM_Set32BE(buf + 6, connHandle);
+    SPDM_Set16BE(buf + 10, fips);
+    XMEMSET(buf + 12, 0, 4);  /* Reserved */
+}
+#endif
+
 /* Build IV: BaseIV XOR zero-extended sequence number (DSP0277) */
 static WC_INLINE void wolfSPDM_BuildIV(byte* iv, const byte* baseIv,
     word64 seqNum, int nuvotonMode)