From 5c07391f1bcfb469e2f231f25fa261179c958743 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 14 Oct 2019 15:39:46 -0700 Subject: [PATCH] Various fixes for asynchronous mode: * Fix for AES CBC issue with IV (QAT only). * Fix for test cases with QAT. * Remove poorly placed debug for AES CFB. --- src/ssl.c | 25 ++++++++++++++++++++---- wolfcrypt/src/aes.c | 41 ++++++++++++++++++---------------------- wolfcrypt/src/des3.c | 26 ++++++++++++------------- wolfcrypt/test/test.c | 9 +++++---- wolfssl/wolfcrypt/aes.h | 7 +++---- wolfssl/wolfcrypt/des3.h | 9 +++++---- 6 files changed, 64 insertions(+), 53 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 6c3c02051..e5b5f828f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -17039,6 +17039,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_DES_key_schedule* ks3, WOLFSSL_DES_cblock* ivec, int enc) { + int ret; Des3 des; byte key[24];/* EDE uses 24 size key */ byte lastblock[DES_BLOCK_SIZE]; @@ -17059,19 +17060,35 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc) { wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION); - wc_Des3_CbcEncrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE); + ret = wc_Des3_CbcEncrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + (void)ret; /* ignore return codes for processing */ if(lb_sz){ XMEMSET(lastblock, 0, DES_BLOCK_SIZE); XMEMCPY(lastblock, input+sz-lb_sz, lb_sz); - wc_Des3_CbcEncrypt(&des, output+blk*DES_BLOCK_SIZE, + ret = wc_Des3_CbcEncrypt(&des, output+blk*DES_BLOCK_SIZE, lastblock, (word32)DES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + (void)ret; /* ignore return codes for processing */ } } else { wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_DECRYPTION); - wc_Des3_CbcDecrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE); + ret = wc_Des3_CbcDecrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + (void)ret; /* ignore return codes for processing */ if(lb_sz){ - wc_Des3_CbcDecrypt(&des, lastblock, input+sz-lb_sz, (word32)DES_BLOCK_SIZE); + ret = wc_Des3_CbcDecrypt(&des, lastblock, input+sz-lb_sz, (word32)DES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + (void)ret; /* ignore return codes for processing */ XMEMCPY(output+sz-lb_sz, lastblock, lb_sz); } } diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 8e2ecfdd5..08b3fec73 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2292,15 +2292,13 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) aes->keylen = keylen; aes->rounds = keylen/4 + 6; - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) - if (aes->asyncDev.marker == WOLFSSL_ASYNC_MARKER_AES) { - XMEMCPY(aes->asyncKey, userKey, keylen); - if (iv) - XMEMCPY(aes->asyncIv, iv, AES_BLOCK_SIZE); - } - #endif /* WOLFSSL_ASYNC_CRYPT */ - #ifdef WOLF_CRYPTO_CB - if (aes->devId != INVALID_DEVID) { + #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ + (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) + #ifdef WOLF_CRYPTO_CB + if (aes->devId != INVALID_DEVID) + #endif + { XMEMCPY(aes->devKey, userKey, keylen); } #endif @@ -2333,7 +2331,6 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) aes->ctx.cfd = -1; - XMEMCPY(aes->devKey, userKey, keylen); #endif #ifdef WOLFSSL_IMX6_CAAM_BLOB ForceZero(local, sizeof(local)); @@ -3036,8 +3033,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return NitroxAesCbcEncrypt(aes, out, in, sz); #elif defined(HAVE_INTEL_QA) return IntelQaSymAesCbcEncrypt(&aes->asyncDev, out, in, sz, - (const byte*)aes->asyncKey, aes->keylen, - (const byte*)aes->asyncIv, AES_BLOCK_SIZE); + (const byte*)aes->devKey, aes->keylen, + (byte*)aes->reg, AES_BLOCK_SIZE); #else /* WOLFSSL_ASYNC_CRYPT_TEST */ if (wc_AsyncTestInit(&aes->asyncDev, ASYNC_TEST_AES_CBC_ENCRYPT)) { WC_ASYNC_TEST* testDev = &aes->asyncDev.test; @@ -3135,8 +3132,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return NitroxAesCbcDecrypt(aes, out, in, sz); #elif defined(HAVE_INTEL_QA) return IntelQaSymAesCbcDecrypt(&aes->asyncDev, out, in, sz, - (const byte*)aes->asyncKey, aes->keylen, - (const byte*)aes->asyncIv, AES_BLOCK_SIZE); + (const byte*)aes->devKey, aes->keylen, + (byte*)aes->reg, AES_BLOCK_SIZE); #else /* WOLFSSL_ASYNC_CRYPT_TEST */ if (wc_AsyncTestInit(&aes->asyncDev, ASYNC_TEST_AES_CBC_DECRYPT)) { WC_ASYNC_TEST* testDev = &aes->asyncDev.test; @@ -3185,6 +3182,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE); wc_AesDecrypt(aes, (byte*)aes->tmp, out); xorbuf(out, (byte*)aes->reg, AES_BLOCK_SIZE); + /* store iv for next call */ XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); out += AES_BLOCK_SIZE; @@ -5687,13 +5685,13 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, #ifdef HAVE_CAVIUM_V if (authInSz == 20) { /* Nitrox V GCM is only working with 20 byte AAD */ return NitroxAesGcmEncrypt(aes, out, in, sz, - (const byte*)aes->asyncKey, aes->keylen, iv, ivSz, + (const byte*)aes->devKey, aes->keylen, iv, ivSz, authTag, authTagSz, authIn, authInSz); } #endif #elif defined(HAVE_INTEL_QA) return IntelQaSymAesGcmEncrypt(&aes->asyncDev, out, in, sz, - (const byte*)aes->asyncKey, aes->keylen, iv, ivSz, + (const byte*)aes->devKey, aes->keylen, iv, ivSz, authTag, authTagSz, authIn, authInSz); #else /* WOLFSSL_ASYNC_CRYPT_TEST */ if (wc_AsyncTestInit(&aes->asyncDev, ASYNC_TEST_AES_GCM_ENCRYPT)) { @@ -6123,13 +6121,13 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, #ifdef HAVE_CAVIUM_V if (authInSz == 20) { /* Nitrox V GCM is only working with 20 byte AAD */ return NitroxAesGcmDecrypt(aes, out, in, sz, - (const byte*)aes->asyncKey, aes->keylen, iv, ivSz, + (const byte*)aes->devKey, aes->keylen, iv, ivSz, authTag, authTagSz, authIn, authInSz); } #endif #elif defined(HAVE_INTEL_QA) return IntelQaSymAesGcmDecrypt(&aes->asyncDev, out, in, sz, - (const byte*)aes->asyncKey, aes->keylen, iv, ivSz, + (const byte*)aes->devKey, aes->keylen, iv, ivSz, authTag, authTagSz, authIn, authInSz); #else /* WOLFSSL_ASYNC_CRYPT_TEST */ if (wc_AsyncTestInit(&aes->asyncDev, ASYNC_TEST_AES_GCM_DECRYPT)) { @@ -6871,7 +6869,8 @@ void wc_AesFree(Aes* aes) wc_DevCryptoFree(&aes->ctx); #endif #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ - (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) + (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ + defined(WOLFSSL_ASYNC_CRYPT) ForceZero((byte*)aes->devKey, AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE); #endif } @@ -6979,8 +6978,6 @@ int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) byte* tmp = NULL; byte* reg = NULL; - WOLFSSL_ENTER("wc_AesCfbEncrypt"); - if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; } @@ -7040,8 +7037,6 @@ int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { byte* tmp; - WOLFSSL_ENTER("wc_AesCfbDecrypt"); - if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; } diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index f8575750c..9180ddda1 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -1447,18 +1447,12 @@ return BAD_FUNC_ARG; } - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES) - if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES) { - /* key_raw holds orignal key copy */ - des->key_raw = key; - des->iv_raw = iv; - - /* continue on to set normal key for smaller DES operations */ - } - #endif /* WOLFSSL_ASYNC_CRYPT */ - - #ifdef WOLF_CRYPTO_CB - if (des->devId != INVALID_DEVID) { + #if defined(WOLF_CRYPTO_CB) || \ + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) + #ifdef WOLF_CRYPTO_CB + if (des->devId != INVALID_DEVID) + #endif + { XMEMCPY(des->devKey, key, DES3_KEYLEN); } #endif @@ -1613,7 +1607,7 @@ return NitroxDes3CbcEncrypt(des, out, in, sz); #elif defined(HAVE_INTEL_QA) return IntelQaSymDes3CbcEncrypt(&des->asyncDev, out, in, sz, - des->key_raw, DES3_KEYLEN, (byte*)des->iv_raw, DES3_IVLEN); + (const byte*)des->devKey, DES3_KEYLEN, (byte*)des->reg, DES3_IVLEN); #else /* WOLFSSL_ASYNC_CRYPT_TEST */ if (wc_AsyncTestInit(&des->asyncDev, ASYNC_TEST_DES3_CBC_ENCRYPT)) { WC_ASYNC_TEST* testDev = &des->asyncDev.test; @@ -1664,7 +1658,7 @@ return NitroxDes3CbcDecrypt(des, out, in, sz); #elif defined(HAVE_INTEL_QA) return IntelQaSymDes3CbcDecrypt(&des->asyncDev, out, in, sz, - des->key_raw, DES3_KEYLEN, (byte*)des->iv_raw, DES3_IVLEN); + (const byte*)des->devKey, DES3_KEYLEN, (byte*)des->reg, DES3_IVLEN); #else /* WOLFSSL_ASYNC_CRYPT_TEST */ if (wc_AsyncTestInit(&des->asyncDev, ASYNC_TEST_DES3_CBC_DECRYPT)) { WC_ASYNC_TEST* testDev = &des->asyncDev.test; @@ -1786,6 +1780,10 @@ void wc_Des3Free(Des3* des3) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES) wolfAsync_DevCtxFree(&des3->asyncDev, WOLFSSL_ASYNC_MARKER_3DES); #endif /* WOLFSSL_ASYNC_CRYPT */ +#if defined(WOLF_CRYPTO_CB) || \ + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) + ForceZero(des3->devKey, sizeof(des3->devKey)); +#endif } #endif /* WOLFSSL_TI_CRYPT */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 65ea38490..0beb2a47e 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2642,7 +2642,7 @@ static int sha3_256_test(void) "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb" "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15"; -#ifdef WOLFSSL_HASH_FLAGS +#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) /* test vector with hash of empty string */ const char* Keccak256EmptyOut = "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0" @@ -2714,7 +2714,8 @@ static int sha3_256_test(void) ERROR_OUT(-2608, exit); } /* END LARGE HASH TEST */ -#ifdef WOLFSSL_HASH_FLAGS + /* this is a software only variant of SHA3 not supported by external hardware devices */ +#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) /* Test for Keccak256 */ ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256); if (ret != 0) { @@ -2731,7 +2732,7 @@ static int sha3_256_test(void) if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) { ERROR_OUT(-2612, exit); } -#endif +#endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */ exit: wc_Sha3_256_Free(&sha); @@ -6530,7 +6531,7 @@ int aes_test(void) } } } -#endif /* WOLFSSL_AESNI HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */ /* Test of AES IV state with encrypt/decrypt */ #ifdef WOLFSSL_AES_128 diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 4fba4d1c0..cf25d6249 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -171,9 +171,7 @@ struct Aes { byte id[AES_MAX_ID_LEN]; int idLen; #endif -#ifdef WOLFSSL_ASYNC_CRYPT - word32 asyncKey[AES_MAX_KEY_SIZE/8/sizeof(word32)]; /* raw key */ - word32 asyncIv[AES_BLOCK_SIZE/sizeof(word32)]; /* raw IV */ +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) @@ -196,7 +194,8 @@ struct Aes { #endif #endif #if defined(WOLF_CRYPTO_CB) || (defined(WOLFSSL_DEVCRYPTO) && \ - (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) + (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))) || \ + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)) word32 devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */ #endif #if defined(WOLFSSL_DEVCRYPTO) && \ diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h index d231a0f35..69cd6ed47 100644 --- a/wolfssl/wolfcrypt/des3.h +++ b/wolfssl/wolfcrypt/des3.h @@ -99,13 +99,14 @@ struct Des3 { word32 key[3][DES_KS_SIZE]; word32 reg[DES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ word32 tmp[DES_BLOCK_SIZE / sizeof(word32)]; /* same */ -#ifdef WOLFSSL_ASYNC_CRYPT - const byte* key_raw; - const byte* iv_raw; +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES) WC_ASYNC_DEV asyncDev; #endif -#ifdef WOLF_CRYPTO_CB +#if defined(WOLF_CRYPTO_CB) || \ + (defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) word32 devKey[DES3_KEYLEN/sizeof(word32)]; /* raw key */ +#endif +#ifdef WOLF_CRYPTO_CB int devId; void* devCtx; #endif