From 67861bb222e8c127e3e8b23950d4d200a4af3f85 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 13 Oct 2015 12:36:24 -0700 Subject: [PATCH] Added crypto hardware mutex capabilities to wolfcrypt/wc_port. Added optional define "WOLFSSL_CRYPT_HW_MUTEX" to override use of hardware mutex. Enabled hardware mutex protection for Freescale MMCAU. Cleanup of the AES FREESCALE_MMCAU implementation to use wc_AesEncrypt/wc_AesDecrypt wrappers. Fixes #154. --- wolfcrypt/src/aes.c | 227 ++++++++++-------------------------- wolfcrypt/src/des3.c | 32 ++++- wolfcrypt/src/md5.c | 14 ++- wolfcrypt/src/sha.c | 22 +++- wolfcrypt/src/sha256.c | 17 ++- wolfcrypt/src/wc_port.c | 38 ++++++ wolfssl/wolfcrypt/wc_port.h | 27 +++++ 7 files changed, 200 insertions(+), 177 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 9487132d0..0550d6118 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -217,6 +217,25 @@ void wc_AesFreeCavium(Aes* aes) * Guide (See note in README). * NOTE: no support for AES-CTR */ #include "cau_api.h" + + static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) + { + int ret = wolfSSL_CryptHwMutexLock(); + if(ret == 0) { + cau_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } + static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) + { + int ret = wolfSSL_CryptHwMutexLock(); + if(ret == 0) { + cau_aes_decrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } #elif defined(WOLFSSL_PIC32MZ_CRYPT) /* NOTE: no support for AES-CCM/Direct */ #define DEBUG_WOLFSSL @@ -1490,6 +1509,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) { + int ret; byte *rk = (byte*)aes->key; if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) @@ -1499,9 +1519,16 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) return BAD_FUNC_ARG; aes->rounds = keylen/4 + 6; - cau_aes_set_key(userKey, keylen*8, rk); - - return wc_AesSetIV(aes, iv); + + ret = wolfSSL_CryptHwMutexLock(); + if(ret == 0) { + cau_aes_set_key(userKey, keylen*8, rk); + wolfSSL_CryptHwMutexUnLock(); + + ret = wc_AesSetIV(aes, iv); + } + + return ret; } int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, @@ -1724,27 +1751,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* AES-DIRECT */ #if defined(WOLFSSL_AES_DIRECT) - #if defined(FREESCALE_MMCAU) - - /* Allow direct access to one block encrypt */ - void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) - { - byte* key; - key = (byte*)aes->key; - - return cau_aes_encrypt(in, key, aes->rounds, out); - } - - /* Allow direct access to one block decrypt */ - void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) - { - byte* key; - key = (byte*)aes->key; - - return cau_aes_decrypt(in, key, aes->rounds, out); - } - - #elif defined(STM32F2_CRYPTO) + #if defined(STM32F2_CRYPTO) #error "STM32F2 crypto doesn't yet support AES direct" #elif defined(HAVE_COLDFIRE_SEC) @@ -1766,7 +1773,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) wc_AesDecrypt(aes, in, out); } - #endif /* FREESCALE_MMCAU, AES direct block */ + #endif /* AES direct block */ #endif /* WOLFSSL_AES_DIRECT */ @@ -2109,11 +2116,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int offset = 0; int len = sz; - byte *iv, *enc_key; + byte *iv; byte temp_block[AES_BLOCK_SIZE]; iv = (byte*)aes->reg; - enc_key = (byte*)aes->key; if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) { WOLFSSL_MSG("Bad cau_aes_encrypt alignment"); @@ -2128,7 +2134,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) for (i = 0; i < AES_BLOCK_SIZE; i++) temp_block[i] ^= iv[i]; - cau_aes_encrypt(temp_block, enc_key, aes->rounds, out + offset); + wc_AesEncrypt(aes, temp_block, out + offset); len -= AES_BLOCK_SIZE; offset += AES_BLOCK_SIZE; @@ -2146,11 +2152,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int offset = 0; int len = sz; - byte* iv, *dec_key; + byte* iv; byte temp_block[AES_BLOCK_SIZE]; iv = (byte*)aes->reg; - dec_key = (byte*)aes->key; if ((wolfssl_word)out % WOLFSSL_MMCAU_ALIGNMENT) { WOLFSSL_MSG("Bad cau_aes_decrypt alignment"); @@ -2161,8 +2166,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); - cau_aes_decrypt(in + offset, dec_key, aes->rounds, out + offset); - + wc_AesEncrypt(aes, in + offset, out + offset); + /* XOR block with IV for CBC */ for (i = 0; i < AES_BLOCK_SIZE; i++) (out + offset)[i] ^= iv[i]; @@ -2741,10 +2746,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) int ret; byte iv[AES_BLOCK_SIZE]; - #ifdef FREESCALE_MMCAU - byte* rk = (byte*)aes->key; - #endif - if (!((len == 16) || (len == 24) || (len == 32))) return BAD_FUNC_ARG; @@ -2752,11 +2753,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION); if (ret == 0) { - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(iv, rk, aes->rounds, aes->H); - #else wc_AesEncrypt(aes, iv, aes->H); - #endif #ifdef GCM_TABLE GenerateM0(aes); #endif /* GCM_TABLE */ @@ -3282,10 +3279,6 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte *ctr ; byte scratch[AES_BLOCK_SIZE]; -#ifdef FREESCALE_MMCAU - byte* key = (byte*)aes->key; -#endif - WOLFSSL_ENTER("AesGcmEncrypt"); #ifdef WOLFSSL_PIC32MZ_CRYPT @@ -3306,13 +3299,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, while (blocks--) { IncrementGcmCounter(ctr); #ifndef WOLFSSL_PIC32MZ_CRYPT - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(ctr, key, aes->rounds, scratch); - #else - wc_AesEncrypt(aes, ctr, scratch); - #endif - xorbuf(scratch, p, AES_BLOCK_SIZE); - XMEMCPY(c, scratch, AES_BLOCK_SIZE); + wc_AesEncrypt(aes, ctr, scratch); + xorbuf(scratch, p, AES_BLOCK_SIZE); + XMEMCPY(c, scratch, AES_BLOCK_SIZE); #endif p += AES_BLOCK_SIZE; c += AES_BLOCK_SIZE; @@ -3320,11 +3309,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, if (partial != 0) { IncrementGcmCounter(ctr); - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(ctr, key, aes->rounds, scratch); - #else - wc_AesEncrypt(aes, ctr, scratch); - #endif + wc_AesEncrypt(aes, ctr, scratch); xorbuf(scratch, p, partial); XMEMCPY(c, scratch, partial); @@ -3332,11 +3317,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); InitGcmCounter(ctr); - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(ctr, key, aes->rounds, scratch); - #else - wc_AesEncrypt(aes, ctr, scratch); - #endif + wc_AesEncrypt(aes, ctr, scratch); xorbuf(authTag, scratch, authTagSz); return 0; @@ -3356,10 +3337,6 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte *ctr ; byte scratch[AES_BLOCK_SIZE]; -#ifdef FREESCALE_MMCAU - byte* key = (byte*)aes->key; -#endif - WOLFSSL_ENTER("AesGcmDecrypt"); #ifdef WOLFSSL_PIC32MZ_CRYPT @@ -3379,11 +3356,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte EKY0[AES_BLOCK_SIZE]; GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime)); - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(ctr, key, aes->rounds, EKY0); - #else - wc_AesEncrypt(aes, ctr, EKY0); - #endif + wc_AesEncrypt(aes, ctr, EKY0); xorbuf(Tprime, EKY0, sizeof(Tprime)); if (ConstantCompare(authTag, Tprime, authTagSz) != 0) { @@ -3400,24 +3373,16 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, while (blocks--) { IncrementGcmCounter(ctr); #ifndef WOLFSSL_PIC32MZ_CRYPT - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(ctr, key, aes->rounds, scratch); - #else - wc_AesEncrypt(aes, ctr, scratch); - #endif - xorbuf(scratch, c, AES_BLOCK_SIZE); - XMEMCPY(p, scratch, AES_BLOCK_SIZE); + wc_AesEncrypt(aes, ctr, scratch); + xorbuf(scratch, c, AES_BLOCK_SIZE); + XMEMCPY(p, scratch, AES_BLOCK_SIZE); #endif p += AES_BLOCK_SIZE; c += AES_BLOCK_SIZE; } if (partial != 0) { IncrementGcmCounter(ctr); - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(ctr, key, aes->rounds, scratch); - #else - wc_AesEncrypt(aes, ctr, scratch); - #endif + wc_AesEncrypt(aes, ctr, scratch); xorbuf(scratch, c, partial); XMEMCPY(p, scratch, partial); } @@ -3470,31 +3435,19 @@ void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz) static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out) { - #ifdef FREESCALE_MMCAU - byte* key = (byte*)aes->key; - #endif - /* process the bulk of the data */ while (inSz >= AES_BLOCK_SIZE) { xorbuf(out, in, AES_BLOCK_SIZE); in += AES_BLOCK_SIZE; inSz -= AES_BLOCK_SIZE; - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(out, key, aes->rounds, out); - #else - wc_AesEncrypt(aes, out, out); - #endif + wc_AesEncrypt(aes, out, out); } /* process remainder of the data */ if (inSz > 0) { xorbuf(out, in, inSz); - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(out, key, aes->rounds, out); - #else - wc_AesEncrypt(aes, out, out); - #endif + wc_AesEncrypt(aes, out, out); } } @@ -3504,10 +3457,6 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out) word32 authLenSz; word32 remainder; - #ifdef FREESCALE_MMCAU - byte* key = (byte*)aes->key; - #endif - /* encode the length in */ if (inSz <= 0xFEFF) { authLenSz = 2; @@ -3541,11 +3490,7 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out) xorbuf(out + authLenSz, in, inSz); inSz = 0; } - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(out, key, aes->rounds, out); - #else - wc_AesEncrypt(aes, out, out); - #endif + wc_AesEncrypt(aes, out, out); if (inSz > 0) roll_x(aes, in, inSz, out); @@ -3575,19 +3520,11 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, byte mask = 0xFF; word32 wordSz = (word32)sizeof(word32); - #ifdef FREESCALE_MMCAU - byte* key; - #endif - /* sanity check on arugments */ if (aes == NULL || out == NULL || in == NULL || nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13) return BAD_FUNC_ARG; - #ifdef FREESCALE_MMCAU - key = (byte*)aes->key; - #endif - XMEMCPY(B+1, nonce, nonceSz); lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz; B[0] = (authInSz > 0 ? 64 : 0) @@ -3599,11 +3536,8 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask; } - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(B, key, aes->rounds, A); - #else - wc_AesEncrypt(aes, B, A); - #endif + wc_AesEncrypt(aes, B, A); + if (authInSz > 0) roll_auth(aes, authIn, authInSz, A); if (inSz > 0) @@ -3613,20 +3547,12 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, B[0] = lenSz - 1; for (i = 0; i < lenSz; i++) B[AES_BLOCK_SIZE - 1 - i] = 0; - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(B, key, aes->rounds, A); - #else - wc_AesEncrypt(aes, B, A); - #endif + wc_AesEncrypt(aes, B, A); xorbuf(authTag, A, authTagSz); B[15] = 1; while (inSz >= AES_BLOCK_SIZE) { - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(B, key, aes->rounds, A); - #else - wc_AesEncrypt(aes, B, A); - #endif + wc_AesEncrypt(aes, B, A); xorbuf(A, in, AES_BLOCK_SIZE); XMEMCPY(out, A, AES_BLOCK_SIZE); @@ -3636,11 +3562,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, out += AES_BLOCK_SIZE; } if (inSz > 0) { - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(B, key, aes->rounds, A); - #else - wc_AesEncrypt(aes, B, A); - #endif + wc_AesEncrypt(aes, B, A); xorbuf(A, in, inSz); XMEMCPY(out, A, inSz); } @@ -3666,19 +3588,11 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, byte mask = 0xFF; word32 wordSz = (word32)sizeof(word32); - #ifdef FREESCALE_MMCAU - byte* key; - #endif - /* sanity check on arugments */ if (aes == NULL || out == NULL || in == NULL || nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13) return BAD_FUNC_ARG; - #ifdef FREESCALE_MMCAU - key = (byte*)aes->key; - #endif - o = out; oSz = inSz; XMEMCPY(B+1, nonce, nonceSz); @@ -3690,11 +3604,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, B[15] = 1; while (oSz >= AES_BLOCK_SIZE) { - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(B, key, aes->rounds, A); - #else - wc_AesEncrypt(aes, B, A); - #endif + wc_AesEncrypt(aes, B, A); xorbuf(A, in, AES_BLOCK_SIZE); XMEMCPY(o, A, AES_BLOCK_SIZE); @@ -3704,22 +3614,14 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, o += AES_BLOCK_SIZE; } if (inSz > 0) { - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(B, key, aes->rounds, A); - #else - wc_AesEncrypt(aes, B, A); - #endif + wc_AesEncrypt(aes, B, A); xorbuf(A, in, oSz); XMEMCPY(o, A, oSz); } for (i = 0; i < lenSz; i++) B[AES_BLOCK_SIZE - 1 - i] = 0; - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(B, key, aes->rounds, A); - #else - wc_AesEncrypt(aes, B, A); - #endif + wc_AesEncrypt(aes, B, A); o = out; oSz = inSz; @@ -3733,11 +3635,8 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, B[AES_BLOCK_SIZE - 1 - i] = (inSz >> ((8 * i) & mask)) & mask; } - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(B, key, aes->rounds, A); - #else - wc_AesEncrypt(aes, B, A); - #endif + wc_AesEncrypt(aes, B, A); + if (authInSz > 0) roll_auth(aes, authIn, authInSz, A); if (inSz > 0) @@ -3746,11 +3645,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, B[0] = lenSz - 1; for (i = 0; i < lenSz; i++) B[AES_BLOCK_SIZE - 1 - i] = 0; - #ifdef FREESCALE_MMCAU - cau_aes_encrypt(B, key, aes->rounds, B); - #else - wc_AesEncrypt(aes, B, B); - #endif + wc_AesEncrypt(aes, B, B); xorbuf(A, B, authTagSz); if (ConstantCompare(A, authTag, authTagSz) != 0) { diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 423afb4a0..e1199ef13 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -654,6 +654,7 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) int i; int offset = 0; int len = sz; + int ret = 0; byte *iv; byte temp_block[DES_BLOCK_SIZE]; @@ -672,7 +673,12 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) for (i = 0; i < DES_BLOCK_SIZE; i++) temp_block[i] ^= iv[i]; + ret = wolfSSL_CryptHwMutexLock(); + if(ret != 0) { + return ret; + } cau_des_encrypt(temp_block, (byte*)des->key, out + offset); + wolfSSL_CryptHwMutexUnLock(); len -= DES_BLOCK_SIZE; offset += DES_BLOCK_SIZE; @@ -681,7 +687,7 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); } - return 0; + return ret; } int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) @@ -689,6 +695,7 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) int i; int offset = 0; int len = sz; + int ret = 0; byte* iv; byte temp_block[DES_BLOCK_SIZE]; @@ -703,7 +710,12 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + ret = wolfSSL_CryptHwMutexLock(); + if(ret != 0) { + return ret; + } cau_des_decrypt(in + offset, (byte*)des->key, out + offset); + wolfSSL_CryptHwMutexUnLock(); /* XOR block with IV for CBC */ for (i = 0; i < DES_BLOCK_SIZE; i++) @@ -716,7 +728,7 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) offset += DES_BLOCK_SIZE; } - return 0; + return ret; } int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) @@ -724,6 +736,7 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) int i; int offset = 0; int len = sz; + int ret = 0; byte *iv; byte temp_block[DES_BLOCK_SIZE]; @@ -743,9 +756,14 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) for (i = 0; i < DES_BLOCK_SIZE; i++) temp_block[i] ^= iv[i]; + ret = wolfSSL_CryptHwMutexLock(); + if(ret != 0) { + return ret; + } cau_des_encrypt(temp_block , (byte*)des->key[0], out + offset); cau_des_decrypt(out + offset, (byte*)des->key[1], out + offset); cau_des_encrypt(out + offset, (byte*)des->key[2], out + offset); + wolfSSL_CryptHwMutexUnLock(); len -= DES_BLOCK_SIZE; offset += DES_BLOCK_SIZE; @@ -754,7 +772,7 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); } - return 0; + return ret; } int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) @@ -762,6 +780,7 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) int i; int offset = 0; int len = sz; + int ret = 0; byte* iv; byte temp_block[DES_BLOCK_SIZE]; @@ -777,9 +796,14 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) { XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + ret = wolfSSL_CryptHwMutexLock(); + if(ret != 0) { + return ret; + } cau_des_decrypt(in + offset , (byte*)des->key[2], out + offset); cau_des_encrypt(out + offset, (byte*)des->key[1], out + offset); cau_des_decrypt(out + offset, (byte*)des->key[0], out + offset); + wolfSSL_CryptHwMutexUnLock(); /* XOR block with IV for CBC */ for (i = 0; i < DES_BLOCK_SIZE; i++) @@ -792,7 +816,7 @@ int wc_Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) offset += DES_BLOCK_SIZE; } - return 0; + return ret; } diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c index fbf732add..5d1339a8f 100644 --- a/wolfcrypt/src/md5.c +++ b/wolfcrypt/src/md5.c @@ -49,7 +49,7 @@ #ifdef FREESCALE_MMCAU #include "cau_api.h" - #define XTRANSFORM(S,B) cau_md5_hash_n((B), 1, (unsigned char*)(S)->digest) + #define XTRANSFORM(S,B) Transform((S), (B)) #else #define XTRANSFORM(S,B) Transform((S)) #endif @@ -192,6 +192,18 @@ void wc_InitMd5(Md5* md5) md5->hiLen = 0; } +#ifdef FREESCALE_MMCAU +static int Transform(Md5* md5, byte* data) +{ + int ret = wolfSSL_CryptHwMutexLock(); + if(ret == 0) { + cau_md5_hash_n(data, 1, (unsigned char*)md5->digest); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; +} +#endif /* FREESCALE_MMCAU */ + #ifndef FREESCALE_MMCAU static void Transform(Md5* md5) diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 984d7343d..bde6376c8 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -72,7 +72,7 @@ #ifdef FREESCALE_MMCAU #include "cau_api.h" - #define XTRANSFORM(S,B) cau_sha1_hash_n((B), 1, ((S))->digest) + #define XTRANSFORM(S,B) Transform((S), (B)) #else #define XTRANSFORM(S,B) Transform((S)) #endif @@ -210,8 +210,14 @@ int wc_ShaFinal(Sha* sha, byte* hash) int wc_InitSha(Sha* sha) { + int ret = 0; #ifdef FREESCALE_MMCAU + ret = wolfSSL_CryptHwMutexLock(); + if(ret != 0) { + return ret; + } cau_sha1_initialize_output(sha->digest); + wolfSSL_CryptHwMutexUnLock(); #else sha->digest[0] = 0x67452301L; sha->digest[1] = 0xEFCDAB89L; @@ -224,9 +230,21 @@ int wc_InitSha(Sha* sha) sha->loLen = 0; sha->hiLen = 0; - return 0; + return ret; } +#ifdef FREESCALE_MMCAU +static int Transform(Sha* sha, byte* data) +{ + int ret = wolfSSL_CryptHwMutexLock(); + if(ret == 0) { + cau_sha1_hash_n(data, 1, sha->digest); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; +} +#endif /* FREESCALE_MMCAU */ + #ifndef FREESCALE_MMCAU #define blk0(i) (W[i] = sha->buffer[i]) diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 3dc1f4a8e..2cdad7d88 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -301,8 +301,14 @@ static void set_Transform(void) { int wc_InitSha256(Sha256* sha256) { + int ret = 0; #ifdef FREESCALE_MMCAU + ret = wolfSSL_CryptHwMutexLock(); + if(ret != 0) { + return ret; + } cau_sha256_initialize_output(sha256->digest); + wolfSSL_CryptHwMutexUnLock(); #else sha256->digest[0] = 0x6A09E667L; sha256->digest[1] = 0xBB67AE85L; @@ -322,7 +328,7 @@ int wc_InitSha256(Sha256* sha256) set_Transform() ; /* choose best Transform function under this runtime environment */ #endif - return 0; + return ret; } @@ -349,9 +355,12 @@ static const ALIGN32 word32 K[64] = { static int Transform(Sha256* sha256, byte* buf) { - cau_sha256_hash_n(buf, 1, sha256->digest); - - return 0; + int ret = wolfSSL_CryptHwMutexLock(); + if(ret == 0) { + cau_sha256_hash_n(buf, 1, sha256->digest); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; } #endif /* FREESCALE_MMCAU */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 72a014065..8a6d7513a 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -34,6 +34,44 @@ #endif +#if WOLFSSL_CRYPT_HW_MUTEX +/* Mutex for protection of cryptograpghy hardware */ +static wolfSSL_Mutex wcCryptHwMutex; +static int wcCryptHwMutexInit = 0; + +int wolfSSL_CryptHwMutexInit(void) { + int ret = 0; + if(wcCryptHwMutexInit == 0) { + ret = InitMutex(&wcCryptHwMutex); + if(ret == 0) { + wcCryptHwMutexInit = 1; + } + } + return ret; +} + +int wolfSSL_CryptHwMutexLock(void) { + int ret = BAD_MUTEX_E; + + /* Make sure HW Mutex has been initialized */ + wolfSSL_CryptHwMutexInit(); + + if(wcCryptHwMutexInit) { + ret = LockMutex(&wcCryptHwMutex); + } + return ret; +} + +int wolfSSL_CryptHwMutexUnLock(void) { + int ret = BAD_MUTEX_E; + + if(wcCryptHwMutexInit) { + ret = UnLockMutex(&wcCryptHwMutex); + } + return ret; +} +#endif /* WOLFSSL_CRYPT_HW_MUTEX */ + #ifdef SINGLE_THREADED diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 4989d19f1..7e260f923 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -136,7 +136,34 @@ #error Need a mutex type in multithreaded mode #endif /* USE_WINDOWS_API */ #endif /* SINGLE_THREADED */ + +/* Enable crypt HW mutex for Freescale MMCAU */ +#if defined(FREESCALE_MMCAU) + #ifndef WOLFSSL_CRYPT_HW_MUTEX + #define WOLFSSL_CRYPT_HW_MUTEX 1 + #endif +#endif /* FREESCALE_MMCAU */ +#ifndef WOLFSSL_CRYPT_HW_MUTEX + #define WOLFSSL_CRYPT_HW_MUTEX 0 +#endif + +#if WOLFSSL_CRYPT_HW_MUTEX + /* wolfSSL_CryptHwMutexInit is called on first wolfSSL_CryptHwMutexLock, + however it's recommended to call this directly on Hw init to avoid possible + race condition where two calls to wolfSSL_CryptHwMutexLock are made at + the same time. */ + int wolfSSL_CryptHwMutexInit(void); + int wolfSSL_CryptHwMutexLock(void); + int wolfSSL_CryptHwMutexUnLock(void); +#else + /* Define stubs, since HW mutex is disabled */ + #define wolfSSL_CryptHwMutexInit() 0 /* Success */ + #define wolfSSL_CryptHwMutexLock() 0 /* Success */ + #define wolfSSL_CryptHwMutexUnLock() 0 /* Success */ +#endif /* WOLFSSL_CRYPT_HW_MUTEX */ + +/* Mutex functions */ WOLFSSL_LOCAL int InitMutex(wolfSSL_Mutex*); WOLFSSL_LOCAL int FreeMutex(wolfSSL_Mutex*); WOLFSSL_LOCAL int LockMutex(wolfSSL_Mutex*);