diff --git a/configure.ac b/configure.ac index 30ba57b79..0dcac9dbe 100644 --- a/configure.ac +++ b/configure.ac @@ -9093,6 +9093,7 @@ AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_U AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"]) AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"]) +AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"]) if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" && (test "$ax_enable_debug" = "yes" || diff --git a/src/include.am b/src/include.am index ba5c1a027..b9be36b07 100644 --- a/src/include.am +++ b/src/include.am @@ -881,6 +881,9 @@ endif endif !BUILD_CRYPTONLY +if BUILD_XILINX +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/xilinx/xil-aesgcm.c +endif endif !BUILD_FIPS_RAND @@ -888,3 +891,4 @@ if BUILD_ARIA src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-crypt.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-cryptocb.c endif + diff --git a/wolfcrypt/src/port/xilinx/xil-aesgcm.c b/wolfcrypt/src/port/xilinx/xil-aesgcm.c index aabcbd379..e2dfc8af4 100644 --- a/wolfcrypt/src/port/xilinx/xil-aesgcm.c +++ b/wolfcrypt/src/port/xilinx/xil-aesgcm.c @@ -135,7 +135,9 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup) aes->xKeySize = len == AES_128_KEY_SIZE ? XSECURE_AES_KEY_SIZE_128 : XSECURE_AES_KEY_SIZE_256; - XMEMCPY(aes->keyInit, key, len); + if (key != NULL) { + XMEMCPY(aes->keyInit, key, len); + } return 0; } @@ -478,7 +480,12 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup) { XCsuDma_Config* con; - if (aes == NULL || key == NULL) { + if (aes == NULL) { + return BAD_FUNC_ARG; + } + + if (kup == XSECURE_CSU_AES_KEY_SRC_KUP && key == NULL) { + WOLFSSL_MSG("Expecting key buffer passed in if using KUP"); return BAD_FUNC_ARG; } @@ -501,7 +508,9 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup) aes->keylen = len; aes->kup = kup; - XMEMCPY((byte*)(aes->keyInit), key, len); + if (key != NULL) { + XMEMCPY((byte*)(aes->keyInit), key, len); + } return 0; } @@ -538,18 +547,26 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, return BAD_FUNC_ARG; } + #ifndef NO_WOLFSSL_XILINX_TAG_MALLOC tmp = (byte*)XMALLOC(sz + AES_GCM_AUTH_SZ, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { return MEMORY_E; } + #else + /* if NO_WOLFSSL_XILINX_TAG_MALLOC is defined than it is assumed that + * out buffer is large enough to hold both the cipher out and tag */ + tmp = out; + #endif XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv, aes->keyInit); XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz); - XMEMCPY(out, tmp, sz); XMEMCPY(authTag, tmp + sz, authTagSz); + #ifndef NO_WOLFSSL_XILINX_TAG_MALLOC + XMEMCPY(out, tmp, sz); XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif } /* handle completing tag with any additional data */ @@ -610,7 +627,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, /* calls to hardened crypto */ XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv, aes->keyInit); - XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag); + ret = XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag); /* account for additional data */ if (authIn != NULL && authInSz > 0) { @@ -623,6 +640,12 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, return AES_GCM_AUTH_E; } } + else { + /* if no aad then check the result of the initial tag passed in */ + if (ret != XST_SUCCESS) { + return AES_GCM_AUTH_E; + } + } return 0; diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 16c0d3309..518733419 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -809,6 +809,26 @@ static WC_INLINE word64 Entropy_TimeHiRes(void) ); return cnt; } +#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__MICROBLAZE__) + +#define LPD_SCNTR_BASE_ADDRESS 0xFF250000 + +/* Get the high resolution time counter. + * Collect ticks from LPD_SCNTR + * @return 64-bit tick count. + */ +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + word64 cnt; + word32 *ptr; + + ptr = (word32*)LPD_SCNTR_BASE_ADDRESS; + cnt = *(ptr+1); + cnt = cnt << 32; + cnt |= *ptr; + + return cnt; +} #elif !defined(ENTROPY_MEMUSE_THREAD) && (_POSIX_C_SOURCE >= 199309L) /* Get the high resolution time counter. * @@ -3515,6 +3535,26 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) * extern int myRngFunc(byte* output, word32 sz); */ +#elif defined(__MICROBLAZE__) + #warning weak source of entropy + #define LPD_SCNTR_BASE_ADDRESS 0xFF250000 + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + word32* cnt; + word32 i; + + /* using current time with srand */ + cnt = (word32*)LPD_SCNTR_BASE_ADDRESS; + srand(*cnt | *(cnt+1)); + + for (i = 0; i < sz; i++) + output[i] = rand(); + + (void)os; + return 0; + } + #elif defined(WOLFSSL_ZEPHYR) #include diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 94fc01c35..37a34d8e9 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -7031,7 +7031,7 @@ int sp_mod_d(const sp_int* a, sp_int_digit d, sp_int_digit* r) #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_SP_INVMOD) /* Divides a by 2 and stores in r: r = a >> 1 * * @param [in] a SP integer to divide. @@ -19254,7 +19254,7 @@ int sp_prime_is_prime_ex(const sp_int* a, int trials, int* result, WC_RNG* rng) } #endif /* WOLFSSL_SP_PRIME_GEN */ -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) /* Calculates the Greatest Common Denominator (GCD) of a and b into r. * diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index 75653bad3..dcd3320de 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -85,10 +85,14 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, #ifdef WOLFSSL_XILINX_CRYPT_VERSAL #include #include -#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0 +#if !defined(WOLFSSL_XILINX_AES_KEY_SRC) + #define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0 +#endif #else /* versal */ #include -#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP +#if !defined(WOLFSSL_XILINX_AES_KEY_SRC) + #define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP +#endif #endif /* !versal */ #endif /* WOLFSSL_XILINX_CRYPT */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 9c8049954..53825ae62 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1844,7 +1844,10 @@ extern void uITRON4_free(void *p) ; #if !defined(WOLFSSL_XILINX_CRYPT_VERSAL) #define NO_DEV_RANDOM #endif + #undef NO_WOLFSSL_DIR #define NO_WOLFSSL_DIR + + #undef HAVE_AESGCM #define HAVE_AESGCM #endif diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index e768d0cd5..cf7b8f289 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -1067,7 +1067,7 @@ MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap); MP_API int sp_prime_is_prime(const sp_int* a, int t, int* result); MP_API int sp_prime_is_prime_ex(const sp_int* a, int t, int* result, WC_RNG* rng); -#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) MP_API int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r); #endif #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \