feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6400 from bandi13/ARIA-cipher

Browse Source 
Aria cipher
This commit is contained in:
David Garske
2023-07-11 09:50:42 -07:00
committed by GitHub
parent ba4c96f727 ecc138fc6e
commit 8f36f78e6c
28 changed files with 2252 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -419,3 +419,6 @@ user_settings_asm.h
# auto-created CMake backups
**/CMakeLists.txt.old
# MagicCrypto (ARIA Cipher)
MagicCrypto

27
configure.ac
View File

@@ -2520,6 +2520,31 @@ fi
]
)
AC_ARG_ENABLE([aria],
[AS_HELP_STRING([--enable-aria],[Enable wolfSSL support for ARIA (default: disabled)])],
[ ENABLED_ARIA=$enableval ],
[ ENABLED_ARIA=no ]
)
if test "$ENABLED_ARIA" = "yes"
then
ARIA_DIR=MagicCrypto
# Enable dependency
ENABLED_OPENSSLEXTRA="yes"
CFLAGS="$CFLAGS -I$ARIA_DIR/include"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ARIA -DOPENSSL_EXTRA"
AM_LDFLAGS="$AM_LDFLAGS -L$ARIA_DIR/lib -lMagicCrypto"
build_pwd="$(pwd)"
headers="mcapi_error.h mcapi_type.h mcapi.h"
for header in $headers
do
AC_CHECK_HEADER([$header], [], [
AC_MSG_ERROR([Error including $header. Please put the MagicCrypto library in $build_pwd.])
], [
extern int dummy_int_to_make_compiler_happy;
])
done
fi
AC_ARG_ENABLE([caam],
[AS_HELP_STRING([--enable-caam],[Enable wolfSSL support for CAAM (default: disabled)])],
[ ENABLED_CAAM=$enableval ],
@@ -8830,6 +8855,7 @@ AM_CONDITIONAL([BUILD_DTLS_CID],[test "x$ENABLED_DTLS_CID" = "xyes"])
AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"])
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
(test "$ax_enable_debug" = "yes" ||
@@ -9146,6 +9172,7 @@ echo " * AES-CTR: $ENABLED_AESCTR"
echo " * AES-CFB: $ENABLED_AESCFB"
echo " * AES-OFB: $ENABLED_AESOFB"
echo " * AES-SIV: $ENABLED_AESSIV"
echo " * ARIA: $ENABLED_ARIA"
echo " * DES3: $ENABLED_DES3"
echo " * Camellia: $ENABLED_CAMELLIA"
echo " * SM4-ECB: $ENABLED_SM4_ECB"

143
scripts/sniffer-gen.sh
View File

@@ -1,4 +1,5 @@
#!/bin/bash
#set -x
# Run this script from the wolfSSL root
if [ ! -f wolfssl/ssl.h ]; then
@@ -6,93 +7,87 @@ if [ ! -f wolfssl/ssl.h ]; then
exit 1
fi
run_sequence() {
if [ "$1" == "dh" ] || [ "$1" == "ecc" ]; then
# TLS v1.3
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256
server_pid=0
tcpdump_pid=0
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384
cleanup() {
if [ "$server_pid" -ne 0 ]; then kill $server_pid; server_pid=0; fi
if [ "$tcpdump_pid" -ne 0 ]; then sleep 1; kill -15 $tcpdump_pid; tcpdump_pid=0; fi
}
trap cleanup EXIT INT TERM HUP
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256
set -o pipefail
prepend() { # Usage: cmd 2>&1 | prepend "sometext "
while read line; do echo "${1}${line}"; done
}
run_test() { # Usage: run_test <cipher> [serverArgs [clientArgs]]
echo "Running test $1"
CIPHER=$1
if [ "$CIPHER" != "" ]; then
CIPHER="-l $CIPHER"
fi
if [ "$1" == "dh-resume" ] || [ "$1" == "ecc-resume" ]; then
# TLS v1.3 Resumption
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r
fi
if [ "$1" == "x25519" ]; then
# TLS v1.3
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
fi
# Run: with x25519_resume
if [ "$1" == "x25519-resume" ]; then
# TLS v1.3 Resumption
./examples/server/server -v 4 -l TLS13-AES128-GCM-SHA256 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES128-GCM-SHA256 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-AES256-GCM-SHA384 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-AES256-GCM-SHA384 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
./examples/server/server -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem &
sleep 0.1
./examples/client/client -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem
fi
# TLS v1.3 Hello Retry Request
if [ "$1" == "hrr" ]; then
# TLS v1.3 Hello Retry Request
./examples/server/server -v 4 -i -x -g &
stdbuf -oL -eL ./examples/server/server -i -x $CIPHER $2 2>&1 | prepend "[server] " &
server_pid=$!
((server_pid--)) # Get the first PID in the pipe
sleep 0.1
./examples/client/client -v 4 -J
kill $server_pid
stdbuf -oL -eL ./examples/client/client $CIPHER $3 2>&1 | prepend "[client] "
RET=$?
if [ "$RET" != 0 ]; then
echo "Error in test: $RET"
exit $RET
fi
kill $server_pid; server_pid=0
echo "Test passed: $1"
}
run_sequence() {
if [ "$1" == "tls13-dh" ] || [ "$1" == "tls13-ecc" ]; then # TLS v1.3
run_test "TLS13-AES128-GCM-SHA256" "-v 4" "-v 4"
run_test "TLS13-AES256-GCM-SHA384" "-v 4" "-v 4"
run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4" "-v 4"
elif [ "$1" == "tls12" ]; then # TLS v1.2
run_test "ECDHE-ECDSA-AES128-GCM-SHA256" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem -V" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem -C"
run_test "ECDHE-ECDSA-AES256-GCM-SHA384" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem -V" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem -C"
elif [ "$1" == "tls13-dh-resume" ] || [ "$1" == "tls13-ecc-resume" ]; then # TLS v1.3 Resumption
run_test "TLS13-AES128-GCM-SHA256" "-v 4 -r" "-v 4 -r"
run_test "TLS13-AES256-GCM-SHA384" "-v 4 -r" "-v 4 -r"
run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -r" "-v 4 -r"
elif [ "$1" == "tls13-x25519" ]; then # TLS v1.3
run_test "TLS13-AES128-GCM-SHA256" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
run_test "TLS13-AES256-GCM-SHA384" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
elif [ "$1" == "tls13-x25519-resume" ]; then # TLS v1.3 x25519 Resumption
run_test "TLS13-AES128-GCM-SHA256" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
run_test "TLS13-AES256-GCM-SHA384" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
elif [ "$1" == "tls13-hrr" ]; then # TLS v1.3 Hello Retry Request
run_test "" "-v 4 -g" "-v 4 -J"
else
echo "Invalid test"
exit -1
fi
sleep 1
}
run_capture(){
echo -e "\nconfiguring and building wolfssl..."
echo -e "\nconfiguring and building wolfssl ($1)..."
./configure --enable-sniffer $2 1>/dev/null || exit $?
make 1>/dev/null || exit $?
echo "starting capture"
tcpdump -i lo0 -nn port 11111 -w ./scripts/sniffer-tls13-$1.pcap &
tcpdump -i lo -n port 11111 -w ./scripts/sniffer-${1}.pcap -U &
tcpdump_pid=$!
run_sequence $1
kill $tcpdump_pid
sleep 1
kill -15 $tcpdump_pid; tcpdump_pid=0
}
run_capture "ecc" ""
run_capture "ecc-resume" "--enable-session-ticket"
run_capture "dh" "--disable-ecc"
run_capture "dh-resume" "--disable-ecc --enable-session-ticket"
run_capture "x25519" "--enable-curve25519 --disable-dh --disable-ecc"
run_capture "x25519-resume" "--enable-curve25519 --disable-dh --disable-ecc --enable-session-ticket"
run_capture "hrr" "--disable-dh CFLAGS=-DWOLFSSL_SNIFFER_WATCH"
run_capture "tls12" ""
run_capture "tls13-ecc" ""
run_capture "tls13-ecc-resume" "--enable-session-ticket"
run_capture "tls13-dh" "--disable-ecc"
run_capture "tls13-dh-resume" "--disable-ecc --enable-session-ticket"
run_capture "tls13-x25519" "--enable-curve25519 --disable-dh --disable-ecc"
run_capture "tls13-x25519-resume" "--enable-curve25519 --disable-dh --disable-ecc --enable-session-ticket"
run_capture "tls13-hrr" "--disable-dh CFLAGS=-DWOLFSSL_SNIFFER_WATCH"
echo "Tests passed in $SECONDS seconds"

5
src/include.am
View File

@@ -791,3 +791,8 @@ endif !BUILD_CRYPTONLY
endif !BUILD_FIPS_RAND
if BUILD_ARIA
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-crypt.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-cryptocb.c
endif

190
src/internal.c
View File

@@ -128,6 +128,11 @@
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#endif
#ifdef HAVE_ARIA
/* included to get ARIA devId value */
#include <wolfssl/wolfcrypt/port/aria/aria-cryptocb.h>
#endif
#if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || \
defined(CHACHA_AEAD_TEST) || defined(WOLFSSL_SESSION_EXPORT_DEBUG)
#ifndef NO_STDIO_FILESYSTEM
@@ -2302,6 +2307,8 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#ifdef WOLFSSL_QNX_CAAM
/* default to try using CAAM when built */
ctx->devId = WOLFSSL_CAAM_DEVID;
#elif defined(HAVE_ARIA) && defined(WOLF_CRYPTO_CB)
ctx->devId = WOLFSSL_ARIA_DEVID;
#else
ctx->devId = INVALID_DEVID;
#endif
@@ -2707,6 +2714,10 @@ void InitCiphers(WOLFSSL* ssl)
ssl->encrypt.aes = NULL;
ssl->decrypt.aes = NULL;
#endif
#ifdef HAVE_ARIA
ssl->encrypt.aria = NULL;
ssl->decrypt.aria = NULL;
#endif
#ifdef HAVE_CAMELLIA
ssl->encrypt.cam = NULL;
ssl->decrypt.cam = NULL;
@@ -2750,9 +2761,8 @@ void FreeCiphers(WOLFSSL* ssl)
XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
#endif
#if defined(BUILD_AES) || defined(BUILD_AESGCM) /* See: InitKeys() in keys.c
* on addition of BUILD_AESGCM
* check (enc->aes, dec->aes) */
#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA)
/* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, dec->aes) */
wc_AesFree(ssl->encrypt.aes);
wc_AesFree(ssl->decrypt.aes);
XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
@@ -2764,7 +2774,7 @@ void FreeCiphers(WOLFSSL* ssl)
XFREE(ssl->encrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER);
XFREE(ssl->decrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER);
#endif
#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM)) && \
#if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \
!defined(WOLFSSL_NO_TLS12)
XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER);
XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER);
@@ -2773,6 +2783,12 @@ void FreeCiphers(WOLFSSL* ssl)
XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER);
XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER);
#endif
#ifdef HAVE_ARIA
wc_AriaFreeCrypt(ssl->encrypt.aria);
wc_AriaFreeCrypt(ssl->decrypt.aria);
XFREE(ssl->encrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER);
XFREE(ssl->decrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER);
#endif
#ifdef HAVE_CAMELLIA
XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
@@ -3364,6 +3380,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
if (tls1_2 && haveECC) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384;
}
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
if (tls1_2 && haveECC) {
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
if (tls1_2 && haveDH && havePSK) {
suites->suites[idx++] = CIPHER_BYTE;
@@ -11420,6 +11450,14 @@ static int CipherRequires(byte first, byte second, int requirement)
#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
#endif /* !NO_RSA */
#ifdef HAVE_ARIA
case TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 :
case TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 :
if (requirement == REQUIRES_ECC)
return 1;
break;
#endif /* HAVE_ARIA */
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
@@ -17913,6 +17951,58 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
break;
#endif /* BUILD_AESGCM || HAVE_AESCCM */
#ifdef HAVE_ARIA
case wolfssl_aria_gcm:
{
const byte* additionalSrc = input - RECORD_HEADER_SZ;
byte *outBuf = NULL;
XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
/* sequence number field is 64-bits */
WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
/* Store the type, version. Unfortunately, they are in
* the input buffer ahead of the plaintext. */
#ifdef WOLFSSL_DTLS
if (ssl->options.dtls) {
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
}
#endif
XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
additionalSrc, 3);
/* Store the length of the plain text minus the explicit
* IV length minus the authentication tag size. */
c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
ssl->encrypt.additional + AEAD_LEN_OFFSET);
XMEMCPY(ssl->encrypt.nonce,
ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ,
ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
outBuf = (byte*)XMALLOC(sz - AESGCM_EXP_IV_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (outBuf == NULL) {
ret = MEMORY_ERROR;
break;
}
ret = wc_AriaEncrypt(ssl->encrypt.aria, outBuf,
(byte*) input + AESGCM_EXP_IV_SZ,
sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
ssl->encrypt.nonce, AESGCM_NONCE_SZ,
ssl->encrypt.additional, AEAD_AUTH_DATA_SZ,
out + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size
);
if (ret != 0)
break;
XMEMCPY(out,
ssl->encrypt.nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ);
XMEMCPY(out + AESGCM_EXP_IV_SZ,outBuf,sz - AESGCM_EXP_IV_SZ);
XFREE(outBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
break;
}
#endif
#ifdef HAVE_CAMELLIA
case wolfssl_camellia:
ret = wc_CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
@@ -18071,11 +18161,12 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
ssl->fuzzerCb(ssl, input, sz, FUZZ_ENCRYPT, ssl->fuzzerCtx);
#endif
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA)
/* make sure AES GCM/CCM memory is allocated */
/* free for these happens in FreeCiphers */
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm ||
ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm) {
/* make sure auth iv and auth are allocated */
if (ssl->encrypt.additional == NULL)
ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
@@ -18095,7 +18186,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
return MEMORY_E;
}
}
#endif /* BUILD_AESGCM || HAVE_AESCCM */
#endif /* BUILD_AESGCM || HAVE_AESCCM || HAVE_ARIA */
#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
/* make sure SM4 GCM/CCM memory is allocated */
@@ -18159,9 +18250,10 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
sizeof(ssl->encrypt.sanityCheck));
#endif
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA)
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm ||
ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm)
{
/* finalize authentication cipher */
#if !defined(NO_PUBLIC_GCM_SET_IV) && \
@@ -18172,7 +18264,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input,
if (ssl->encrypt.nonce)
ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ);
}
#endif /* BUILD_AESGCM || HAVE_AESCCM */
#endif /* BUILD_AESGCM || HAVE_AESCCM || HAVE_ARIA */
#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
if (ssl->specs.bulk_cipher_algorithm == wolfssl_sm4_ccm ||
ssl->specs.bulk_cipher_algorithm == wolfssl_sm4_gcm)
@@ -18339,6 +18431,57 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
break;
#endif /* BUILD_AESGCM || HAVE_AESCCM */
#ifdef HAVE_ARIA
case wolfssl_aria_gcm:
{
byte *outBuf = NULL;
XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
/* sequence number field is 64-bits */
WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
ssl->decrypt.additional + AEAD_LEN_OFFSET);
#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION)
if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl))
XMEMCPY(ssl->decrypt.nonce,
ssl->secure_renegotiation->tmp_keys.aead_dec_imp_IV,
AESGCM_IMP_IV_SZ);
else
#endif
XMEMCPY(ssl->decrypt.nonce, ssl->keys.aead_dec_imp_IV,
AESGCM_IMP_IV_SZ);
XMEMCPY(ssl->decrypt.nonce + AESGCM_IMP_IV_SZ, input,
AESGCM_EXP_IV_SZ);
outBuf = (byte*)XMALLOC(sz - AESGCM_EXP_IV_SZ, ssl->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (outBuf == NULL) {
ret = MEMORY_ERROR;
break;
}
ret = wc_AriaDecrypt(ssl->decrypt.aria, outBuf,
(byte *)input + AESGCM_EXP_IV_SZ,
sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
ssl->decrypt.nonce, AESGCM_NONCE_SZ,
ssl->decrypt.additional, AEAD_AUTH_DATA_SZ,
(byte *)input + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size
);
if (ret != 0)
break;
XMEMCPY(plain + AESGCM_EXP_IV_SZ,
outBuf,
sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size);
XFREE(outBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
break;
}
#endif /* HAVE_ARIA */
#ifdef HAVE_CAMELLIA
case wolfssl_camellia:
ret = wc_CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
@@ -18490,11 +18633,12 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz)
return DECRYPT_ERROR;
}
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA)
/* make sure AES GCM/CCM memory is allocated */
/* free for these happens in FreeCiphers */
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm ||
ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm) {
/* make sure auth iv and auth are allocated */
if (ssl->decrypt.additional == NULL)
ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
@@ -18514,7 +18658,7 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz)
return MEMORY_E;
}
}
#endif /* BUILD_AESGCM || HAVE_AESCCM */
#endif /* BUILD_AESGCM || HAVE_AESCCM || HAVE_ARIA */
#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
/* make sure SM4 GCM/CCM memory is allocated */
@@ -18588,7 +18732,7 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz)
FALL_THROUGH;
case CIPHER_STATE_END:
{
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
#if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA)
/* make sure AES GCM/CCM nonce is cleared */
if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
@@ -18600,7 +18744,7 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz)
WOLFSSL_ERROR_VERBOSE(ret);
}
}
#endif /* BUILD_AESGCM || HAVE_AESCCM */
#endif /* BUILD_AESGCM || HAVE_AESCCM || HAVE_ARIA */
#if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
/* make sure SM4 GCM/CCM nonce is cleared */
if (ssl->specs.bulk_cipher_algorithm == wolfssl_sm4_ccm ||
@@ -24845,6 +24989,14 @@ static const CipherSuiteInfo cipher_names[] =
SUITE_INFO("EDH-RSA-DES-CBC3-SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
SUITE_INFO("ECDHE-ECDSA-ARIA128-GCM-SHA256","TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
SUITE_INFO("ECDHE-ECDSA-ARIA256-GCM-SHA384","TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
#endif
#ifdef BUILD_WDM_WITH_NULL_SHA256
SUITE_INFO("WDM-NULL-SHA256","WDM_WITH_NULL_SHA256",CIPHER_BYTE,WDM_WITH_NULL_SHA256, TLSv1_3_MINOR, SSLv3_MAJOR)
#endif
@@ -25044,6 +25196,14 @@ const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]) {
(XSTRCMP(n[2],"AES") == 0 && XSTRCMP(n[3],"256") == 0))
encStr = "AES(256)";
#ifdef HAVE_ARIA
else if ((XSTRCMP(n[0],"ARIA256") == 0) ||
(XSTRCMP(n[2],"ARIA256") == 0))
encStr = "ARIA(256)";
else if ((XSTRCMP(n[0],"ARIA128") == 0) ||
(XSTRCMP(n[2],"ARIA128") == 0))
encStr = "ARIA(128)";
#endif
else if ((XSTRCMP(n[0],"CAMELLIA256") == 0) ||
(XSTRCMP(n[2],"CAMELLIA256") == 0))
encStr = "CAMELLIA(256)";

136
src/keys.c
View File

@@ -1019,6 +1019,42 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
case TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 :
specs->bulk_cipher_algorithm = wolfssl_aria_gcm;
specs->cipher_type = aead;
specs->mac_algorithm = sha256_mac;
specs->kea = ecc_diffie_hellman_kea;
specs->sig_algo = ecc_dsa_sa_algo;
specs->hash_size = WC_SHA256_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
specs->key_size = ARIA_128_KEY_SIZE;
specs->block_size = ARIA_BLOCK_SIZE;
specs->iv_size = AESGCM_IMP_IV_SZ;
specs->aead_mac_size = ARIA_GCM_AUTH_SZ;
break;
#endif
#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
case TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 :
specs->bulk_cipher_algorithm = wolfssl_aria_gcm;
specs->cipher_type = aead;
specs->mac_algorithm = sha384_mac;
specs->kea = ecc_diffie_hellman_kea;
specs->sig_algo = ecc_dsa_sa_algo;
specs->hash_size = WC_SHA384_DIGEST_SIZE;
specs->pad_size = PAD_SHA;
specs->static_ecdh = 0;
specs->key_size = ARIA_256_KEY_SIZE;
specs->block_size = ARIA_BLOCK_SIZE;
specs->iv_size = AESGCM_IMP_IV_SZ;
specs->aead_mac_size = ARIA_GCM_AUTH_SZ;
break;
#endif
#endif /* HAVE_ECC */
#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
@@ -2829,6 +2865,106 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
#endif /* HAVE_AESCCM */
#ifdef HAVE_ARIA
/* check that buffer sizes are sufficient */
#if (MAX_WRITE_IV_SZ < 16) /* AES_IV_SIZE */
#error MAX_WRITE_IV_SZ too small for AES
#endif
if (specs->bulk_cipher_algorithm == wolfssl_aria_gcm) {
int ret = 0;
MC_ALGID algo;
switch(specs->key_size) {
case ARIA_128_KEY_SIZE:
algo = MC_ALGID_ARIA_128BITKEY;
break;
case ARIA_192_KEY_SIZE:
algo = MC_ALGID_ARIA_192BITKEY;
break;
case ARIA_256_KEY_SIZE:
algo = MC_ALGID_ARIA_256BITKEY;
break;
default:
return WOLFSSL_NOT_IMPLEMENTED; /* This should never happen */
}
if (enc) {
if (enc->aria == NULL) {
enc->aria = (wc_Aria*)XMALLOC(sizeof(wc_Aria), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aria == NULL)
return MEMORY_E;
} else {
wc_AriaFreeCrypt(enc->aria);
}
XMEMSET(enc->aria, 0, sizeof(wc_Aria));
if (wc_AriaInitCrypt(enc->aria, algo) != 0) {
WOLFSSL_MSG("AriaInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
if (dec) {
if (dec->aria == NULL) {
dec->aria = (wc_Aria*)XMALLOC(sizeof(wc_Aria), heap, DYNAMIC_TYPE_CIPHER);
if (dec->aria == NULL)
return MEMORY_E;
} else {
wc_AriaFreeCrypt(dec->aria);
}
XMEMSET(dec->aria, 0, sizeof(wc_Aria));
if (wc_AriaInitCrypt(dec->aria, algo) != 0) {
WOLFSSL_MSG("AriaInit failed in SetKeys");
return ASYNC_INIT_E;
}
}
if (side == WOLFSSL_CLIENT_END) {
if (enc) {
ret = wc_AriaSetKey(enc->aria, keys->client_write_key);
if (ret != 0) return ret;
XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV,
AEAD_MAX_IMP_SZ);
if (!tls13) {
ret = wc_AriaGcmSetIV(enc->aria, AESGCM_NONCE_SZ,
keys->client_write_IV, AESGCM_IMP_IV_SZ, rng);
if (ret != 0) return ret;
}
}
if (dec) {
ret = wc_AriaSetKey(dec->aria, keys->server_write_key);
if (ret != 0) return ret;
XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV,
AEAD_MAX_IMP_SZ);
}
}
else {
if (enc) {
ret = wc_AriaSetKey(enc->aria, keys->server_write_key);
if (ret != 0) return ret;
XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV,
AEAD_MAX_IMP_SZ);
if (!tls13) {
ret = wc_AriaGcmSetIV(enc->aria, AESGCM_NONCE_SZ,
keys->server_write_IV, AESGCM_IMP_IV_SZ, rng);
if (ret != 0) return ret;
}
}
if (dec) {
ret = wc_AriaSetKey(dec->aria, keys->client_write_key);
if (ret != 0) return ret;
XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV,
AEAD_MAX_IMP_SZ);
}
}
if (enc)
enc->setup = 1;
if (dec)
dec->setup = 1;
}
#endif /* HAVE_ARIA */
#ifdef HAVE_CAMELLIA
/* check that buffer sizes are sufficient */
#if (MAX_WRITE_IV_SZ < 16) /* CAMELLIA_IV_SIZE */

12
src/sniffer.c
View File

@@ -4761,6 +4761,18 @@ static int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
break;
#endif /* HAVE_AESGCM || HAVE_AESCCM */
#ifdef HAVE_ARIA
case wolfssl_aria_gcm:
ret = wc_AriaDecrypt(ssl->decrypt.aria,
plain,
(byte *)input + AESGCM_EXP_IV_SZ,
sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
ssl->decrypt.nonce, AESGCM_NONCE_SZ,
ssl->decrypt.additional, ssl->specs.aead_mac_size,
NULL, 0);
break;
#endif
#ifdef HAVE_CAMELLIA
case wolfssl_camellia:
ret = wc_CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);

32
src/ssl.c
View File

@@ -21353,6 +21353,18 @@ static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size)
encStr = "CHACHA20/POLY1305(256)";
break;
#endif
#ifdef HAVE_ARIA
case wolfssl_aria_gcm:
if (key_size == 128)
encStr = "Aria(128)";
else if (key_size == 192)
encStr = "Aria(192)";
else if (key_size == 256)
encStr = "Aria(256)";
else
encStr = "Aria(?)";
break;
#endif
#ifdef HAVE_CAMELLIA
case wolfssl_camellia:
if (key_size == 128)
@@ -28434,7 +28446,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
return obj_info->sName;
}
}
WOLFSSL_MSG("SN not found");
WOLFSSL_MSG_EX("SN not found (nid:%d)",n);
return NULL;
}
@@ -35277,6 +35289,15 @@ int wolfSSL_RAND_poll(void)
#endif /* WOLFSSL_AES_XTS */
#endif /* NO_AES */
#ifdef HAVE_ARIA
case ARIA_128_GCM_TYPE :
case ARIA_192_GCM_TYPE :
case ARIA_256_GCM_TYPE :
WOLFSSL_MSG("ARIA GCM");
XMEMCPY(ctx->iv, &ctx->cipher.aria.nonce, ARIA_BLOCK_SIZE);
break;
#endif /* HAVE_ARIA */
#ifndef NO_DES3
case DES_CBC_TYPE :
WOLFSSL_MSG("DES CBC");
@@ -35399,6 +35420,15 @@ int wolfSSL_RAND_poll(void)
#endif /* NO_AES */
#ifdef HAVE_ARIA
case ARIA_128_GCM_TYPE :
case ARIA_192_GCM_TYPE :
case ARIA_256_GCM_TYPE :
WOLFSSL_MSG("ARIA GCM");
XMEMCPY(&ctx->cipher.aria.nonce, ctx->iv, ARIA_BLOCK_SIZE);
break;
#endif /* HAVE_ARIA */
#ifndef NO_DES3
case DES_CBC_TYPE :
WOLFSSL_MSG("DES CBC");

137
tests/api.c
View File

@@ -51868,6 +51868,141 @@ static int test_wolfssl_EVP_aes_gcm(void)
return EXPECT_RESULT();
}
static int test_wolfssl_EVP_aria_gcm(void)
{
int res = TEST_SKIPPED;
#if defined(OPENSSL_EXTRA) && defined(HAVE_ARIA) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
/* A 256 bit key, AES_128 will use the first 128 bit*/
byte *key = (byte*)"01234567890123456789012345678901";
/* A 128 bit IV */
byte *iv = (byte*)"0123456789012345";
int ivSz = ARIA_BLOCK_SIZE;
/* Message to be encrypted */
const int plaintxtSz = 40;
byte plaintxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)];
XMEMCPY(plaintxt,"for things to change you have to change",plaintxtSz);
/* Additional non-confidential data */
byte *aad = (byte*)"Don't spend major time on minor things.";
unsigned char tag[ARIA_BLOCK_SIZE] = {0};
int aadSz = (int)XSTRLEN((char*)aad);
byte ciphertxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)];
byte decryptedtxt[plaintxtSz];
int ciphertxtSz = 0;
int decryptedtxtSz = 0;
int len = 0;
int i = 0;
#define TEST_ARIA_GCM_COUNT 6
EVP_CIPHER_CTX en[TEST_ARIA_GCM_COUNT];
EVP_CIPHER_CTX de[TEST_ARIA_GCM_COUNT];
for (i = 0; i < TEST_ARIA_GCM_COUNT; i++) {
EVP_CIPHER_CTX_init(&en[i]);
switch (i) {
case 0:
/* Default uses 96-bits IV length */
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, key, iv));
break;
case 1:
/* Default uses 96-bits IV length */
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, key, iv));
break;
case 2:
/* Default uses 96-bits IV length */
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, key, iv));
break;
case 3:
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, NULL, NULL));
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
break;
case 4:
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, NULL, NULL));
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
break;
case 5:
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, NULL, NULL));
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
break;
}
XMEMSET(ciphertxt,0,sizeof(ciphertxt));
AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz));
ciphertxtSz = len;
AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
AssertIntNE(0, XMEMCMP(plaintxt, ciphertxt, plaintxtSz));
ciphertxtSz += len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, ARIA_BLOCK_SIZE, tag));
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
EVP_CIPHER_CTX_init(&de[i]);
switch (i) {
case 0:
/* Default uses 96-bits IV length */
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, key, iv));
break;
case 1:
/* Default uses 96-bits IV length */
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, key, iv));
break;
case 2:
/* Default uses 96-bits IV length */
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, key, iv));
break;
case 3:
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, NULL, NULL));
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
break;
case 4:
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, NULL, NULL));
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
break;
case 5:
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, NULL, NULL));
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
break;
}
XMEMSET(decryptedtxt,0,sizeof(decryptedtxt));
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
decryptedtxtSz = len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag));
AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
decryptedtxtSz += len;
AssertIntEQ(plaintxtSz, decryptedtxtSz);
AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
XMEMSET(decryptedtxt,0,sizeof(decryptedtxt));
/* modify tag*/
tag[AES_BLOCK_SIZE-1]+=0xBB;
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag));
/* fail due to wrong tag */
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
AssertIntEQ(0, len);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
}
res = TEST_RES_CHECK(1);
#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
return res;
}
static int test_wolfssl_EVP_aes_ccm_zeroLen(void)
{
EXPECT_DECLS;
@@ -63498,7 +63633,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_AES_ecb_encrypt),
TEST_DECL(test_wolfSSL_AES_cbc_encrypt),
TEST_DECL(test_wolfSSL_CRYPTO_cts128),
TEST_DECL(test_wolfssl_EVP_aria_gcm),
TEST_DECL(test_wolfSSL_OCSP_id_get0_info),
TEST_DECL(test_wolfSSL_i2d_OCSP_CERTID),
TEST_DECL(test_wolfSSL_d2i_OCSP_CERTID),

4
wolfcrypt/src/asn.c
View File

@@ -32644,7 +32644,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)
/* build DER formatted ECC key, include optional public key if requested,
* return length on success, negative on error */
static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
int pubIn, int curveIn)
{
#ifndef WOLFSSL_ASN_TEMPLATE
@@ -32960,8 +32960,6 @@ int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen)
return wc_BuildEccKeyDer(key, output, &inLen, 0, 1);
}
#ifdef HAVE_PKCS8
/* Write only private ecc key or both private and public parts to unencrypted

6
wolfcrypt/src/cryptocb.c
View File

@@ -34,6 +34,10 @@
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef HAVE_ARIA
#include <wolfssl/wolfcrypt/port/aria/aria-cryptocb.h>
#endif
#ifdef WOLFSSL_CAAM
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#endif
@@ -1337,6 +1341,8 @@ int wc_CryptoCb_DefaultDevID(void)
/* conditional macro selection based on build */
#ifdef WOLFSSL_CAAM_DEVID
ret = WOLFSSL_CAAM_DEVID;
#elif defined(HAVE_ARIA)
ret = WOLFSSL_ARIA_DEVID;
#else
ret = INVALID_DEVID;
#endif

376
wolfcrypt/src/evp.c
View File

@@ -47,7 +47,6 @@
#include <wolfssl/openssl/kdf.h>
#include <wolfssl/wolfcrypt/wolfmath.h>
static const struct s_ent {
const enum wc_HashType macType;
const int nid;
@@ -237,6 +236,13 @@ static const struct s_ent {
#endif
#endif
#ifdef HAVE_ARIA
#include <wolfssl/wolfcrypt/port/aria/aria-crypt.h>
static const char EVP_ARIA_128_GCM[] = "ARIA-128-GCM";
static const char EVP_ARIA_192_GCM[] = "ARIA-192-GCM";
static const char EVP_ARIA_256_GCM[] = "ARIA-256-GCM";
#endif
#ifndef NO_DES3
static const char EVP_DES_CBC[] = "DES-CBC";
static const char EVP_DES_ECB[] = "DES-ECB";
@@ -859,6 +865,69 @@ static int wolfSSL_EVP_CipherUpdate_CCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
}
#endif /* HAVE_AESCCM || WOLFSSL_SM4_CCM */
#if defined(HAVE_ARIA)
static int wolfSSL_EVP_CipherUpdate_AriaGCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
const unsigned char *in, int inl)
{
if (in && inl > 0) {
byte* tmp = (byte*)XREALLOC(ctx->authIn,
ctx->authInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL);
if (tmp) {
ctx->authIn = tmp;
XMEMCPY(ctx->authIn + ctx->authInSz, in, inl);
ctx->authInSz += inl;
}
else {
WOLFSSL_MSG("realloc error");
return MEMORY_E;
}
}
return 0;
}
static int wolfSSL_EVP_CipherUpdate_AriaGCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int ret = 0;
*outl = inl;
if (out) {
/* Buffer input for one-shot API */
if (inl > 0) {
byte* tmp;
int size = ctx->authBufferLen + inl;
if (ctx->enc == 0) { /* Append extra space for the tag */
size = WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(size);
}
tmp = (byte*)XREALLOC(ctx->authBuffer,
size, NULL,
DYNAMIC_TYPE_OPENSSL);
if (tmp) {
XMEMCPY(tmp + ctx->authBufferLen, in, inl);
ctx->authBufferLen += inl;
ctx->authBuffer = tmp;
*outl = 0;
}
else {
ret = MEMORY_E;
}
}
}
else {
ret = wolfSSL_EVP_CipherUpdate_AriaGCM_AAD(ctx, in, inl);
}
if (ret != 0) {
*outl = 0;
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
#endif /* HAVE_ARIA */
/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl,
@@ -900,6 +969,13 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
* additional auth data */
return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl);
#endif /* !defined(NO_AES) && defined(HAVE_AESCCM) */
#if defined(HAVE_ARIA)
case ARIA_128_GCM_TYPE:
case ARIA_192_GCM_TYPE:
case ARIA_256_GCM_TYPE:
/* if out == NULL, in/inl contains the additional auth data */
return wolfSSL_EVP_CipherUpdate_AriaGCM(ctx, out, outl, in, inl);
#endif /* defined(HAVE_ARIA) */
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case CHACHA20_POLY1305_TYPE:
if (out == NULL) {
@@ -1231,6 +1307,61 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
break;
#endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
* HAVE_FIPS_VERSION >= 2 */
#if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
|| FIPS_VERSION_GE(2,0))
case ARIA_128_GCM_TYPE:
case ARIA_192_GCM_TYPE:
case ARIA_256_GCM_TYPE:
if ((ctx->authBuffer && ctx->authBufferLen > 0)
|| (ctx->authBufferLen == 0)) {
if (ctx->enc)
ret = wc_AriaEncrypt(&ctx->cipher.aria, out,
ctx->authBuffer, ctx->authBufferLen,
ctx->iv, ctx->ivSz, ctx->authIn, ctx->authInSz,
ctx->authTag, ctx->authTagSz);
else
ret = wc_AriaDecrypt(&ctx->cipher.aria, out,
ctx->authBuffer, ctx->authBufferLen,
ctx->iv, ctx->ivSz, ctx->authIn, ctx->authInSz,
ctx->authTag, ctx->authTagSz);
if (ret == 0) {
ret = WOLFSSL_SUCCESS;
*outl = ctx->authBufferLen;
}
else {
ret = WOLFSSL_FAILURE;
*outl = 0;
}
XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->authBuffer = NULL;
ctx->authBufferLen = 0;
if (ctx->authIncIv) {
IncCtr((byte*)ctx->cipher.aria.nonce,
ctx->cipher.aria.nonceSz);
ctx->authIncIv = 0;
}
}
else {
*outl = 0;
}
if (ret == WOLFSSL_SUCCESS) {
if (ctx->authIncIv) {
ctx->authIncIv = 0;
}
else {
/* Clear IV, since IV reuse is not recommended for AES GCM. */
XMEMSET(ctx->iv, 0, ARIA_BLOCK_SIZE);
}
if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
ret = WOLFSSL_FAILURE;
}
}
break;
#endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
* HAVE_FIPS_VERSION >= 2 */
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case CHACHA20_POLY1305_TYPE:
if (wc_ChaCha20Poly1305_Final(&ctx->cipher.chachaPoly,
@@ -1569,6 +1700,11 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
case AES_128_XTS_TYPE:
case AES_256_XTS_TYPE:
#endif
#if defined(HAVE_ARIA)
case ARIA_128_GCM_TYPE:
case ARIA_192_GCM_TYPE:
case ARIA_256_GCM_TYPE:
#endif
case AES_128_ECB_TYPE:
case AES_192_ECB_TYPE:
@@ -1751,6 +1887,14 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
#endif
#endif
#endif /* !NO_AES */
#if defined(HAVE_ARIA)
else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_128_GCM))
return ARIA_128_GCM_TYPE;
else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_192_GCM))
return ARIA_192_GCM_TYPE;
else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_256_GCM))
return ARIA_256_GCM_TYPE;
#endif /* HAVE_ARIA */
#ifndef NO_RC4
else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARC4))
@@ -1857,6 +2001,12 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
case ARC4_TYPE:
return 1;
#endif
#if defined(HAVE_ARIA)
case ARIA_128_GCM_TYPE:
case ARIA_192_GCM_TYPE:
case ARIA_256_GCM_TYPE:
return 1;
#endif
#ifndef NO_DES3
case DES_CBC_TYPE: return 8;
@@ -1959,6 +2109,13 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
case AES_256_ECB_TYPE:
return WOLFSSL_EVP_CIPH_ECB_MODE;
#endif /* !NO_AES */
#if defined(HAVE_ARIA)
case ARIA_128_GCM_TYPE:
case ARIA_192_GCM_TYPE:
case ARIA_256_GCM_TYPE:
return WOLFSSL_EVP_CIPH_GCM_MODE |
WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
#endif
#ifndef NO_DES3
case DES_CBC_TYPE:
case DES_EDE3_CBC_TYPE:
@@ -4718,6 +4875,12 @@ static const struct cipher{
#endif
#endif
#ifdef HAVE_ARIA
{ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, NID_aria_128_gcm},
{ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, NID_aria_192_gcm},
{ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, NID_aria_256_gcm},
#endif
#ifndef NO_DES3
{DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc},
{DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb},
@@ -4862,6 +5025,14 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name)
#endif
#endif
#endif
#ifdef HAVE_ARIA
{EVP_ARIA_128_GCM, "aria-128-gcm"},
{EVP_ARIA_128_GCM, "id-aria128-GCM"},
{EVP_ARIA_192_GCM, "aria-192-gcm"},
{EVP_ARIA_192_GCM, "id-aria192-GCM"},
{EVP_ARIA_256_GCM, "aria-256-gcm"},
{EVP_ARIA_256_GCM, "id-aria256-GCM"},
#endif
#ifdef WOLFSSL_SM4_EBC
{EVP_SM4_ECB, "sm4-ecb"},
#endif
@@ -4999,6 +5170,15 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
#endif
#endif
#ifdef HAVE_ARIA
case NID_aria_128_gcm:
return wolfSSL_EVP_aria_128_gcm();
case NID_aria_192_gcm:
return wolfSSL_EVP_aria_192_gcm();
case NID_aria_256_gcm:
return wolfSSL_EVP_aria_256_gcm();
#endif
#ifndef NO_DES3
case NID_des_cbc:
return wolfSSL_EVP_des_cbc();
@@ -5476,6 +5656,24 @@ void wolfSSL_EVP_init(void)
#endif /* HAVE_AES_ECB */
#endif /* NO_AES */
#ifdef HAVE_ARIA
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aria_128_gcm(void)
{
WOLFSSL_ENTER("wolfSSL_EVP_aria_128_gcm");
return EVP_ARIA_128_GCM;
}
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aria_192_gcm(void)
{
WOLFSSL_ENTER("wolfSSL_EVP_aria_192_gcm");
return EVP_ARIA_192_GCM;
}
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aria_256_gcm(void)
{
WOLFSSL_ENTER("wolfSSL_EVP_aria_256_gcm");
return EVP_ARIA_256_GCM;
}
#endif /* HAVE_ARIA */
#ifndef NO_DES3
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
{
@@ -5607,7 +5805,7 @@ void wolfSSL_EVP_init(void)
case EVP_CTRL_SET_KEY_LENGTH:
ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg);
break;
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
case EVP_CTRL_AEAD_SET_IVLEN:
@@ -5832,7 +6030,7 @@ void wolfSSL_EVP_init(void)
}
break;
#endif /* HAVE_AESGCM || HAVE_AESCCM || WOLFSSL_SM4_GCM || WOLFSSL_SM4_CCM ||
* (HAVE_CHACHA && HAVE_POLY1305) */
* HAVE_ARIA || (HAVE_CHACHA && HAVE_POLY1305) */
default:
WOLFSSL_MSG("EVP_CIPHER_CTX_ctrl operation not yet handled");
break;
@@ -5843,10 +6041,12 @@ void wolfSSL_EVP_init(void)
/* WOLFSSL_SUCCESS on ok */
int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_cleanup");
if (ctx) {
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
switch (ctx->cipherType) {
#if (defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)) || \
defined(HAVE_AESCCM) || \
defined(HAVE_AESCBC) || \
@@ -5856,7 +6056,6 @@ void wolfSSL_EVP_init(void)
defined(HAVE_AES_OFB) || \
defined(WOLFSSL_AES_XTS)
switch (ctx->cipherType) {
#if defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
case AES_128_GCM_TYPE:
case AES_192_GCM_TYPE:
@@ -5903,9 +6102,23 @@ void wolfSSL_EVP_init(void)
case AES_256_XTS_TYPE:
#endif
wc_AesFree(&ctx->cipher.aes);
break;
#endif /* AES */
#ifdef HAVE_ARIA
case ARIA_128_GCM_TYPE:
case ARIA_192_GCM_TYPE:
case ARIA_256_GCM_TYPE:
{
int result = wc_AriaFreeCrypt(&ctx->cipher.aria);
if (result != 0) {
WOLFSSL_MSG("wc_AriaFreeCrypt failure");
ret = result;
}
}
break;
#endif
}
#endif /* AES */
#endif /* not FIPS or FIPS v2+ */
#ifdef WOLFSSL_SM4
@@ -5938,7 +6151,7 @@ void wolfSSL_EVP_init(void)
}
#endif
ctx->keyLen = 0;
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
if (ctx->authBuffer) {
XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -5955,7 +6168,7 @@ void wolfSSL_EVP_init(void)
#endif
}
return WOLFSSL_SUCCESS;
return ret;
}
/* Permanent stub for Qt compilation. */
@@ -6383,6 +6596,86 @@ void wolfSSL_EVP_init(void)
#endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
* HAVE_FIPS_VERSION >= 2 */
#if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
|| FIPS_VERSION_GE(2,0))
static int EvpCipherInitAriaGCM(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type,
const byte* key, const byte* iv, int enc)
{
int ret = WOLFSSL_SUCCESS;
if (ctx->cipherType == ARIA_128_GCM_TYPE ||
(type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))) {
WOLFSSL_MSG("EVP_ARIA_128_GCM");
ctx->cipherType = ARIA_128_GCM_TYPE;
ctx->keyLen = ARIA_128_KEY_SIZE;
} else if (ctx->cipherType == ARIA_192_GCM_TYPE ||
(type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))) {
WOLFSSL_MSG("EVP_ARIA_192_GCM");
ctx->cipherType = ARIA_192_GCM_TYPE;
ctx->keyLen = ARIA_192_KEY_SIZE;
} else if (ctx->cipherType == ARIA_256_GCM_TYPE ||
(type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))) {
WOLFSSL_MSG("EVP_ARIA_256_GCM");
ctx->cipherType = ARIA_256_GCM_TYPE;
ctx->keyLen = ARIA_256_KEY_SIZE;
} else {
WOLFSSL_MSG("Unrecognized cipher type");
return WOLFSSL_FAILURE;
}
if (ctx->authIn) {
XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->authIn = NULL;
}
ctx->authInSz = 0;
ctx->block_size = AES_BLOCK_SIZE;
ctx->authTagSz = AES_BLOCK_SIZE;
if (ctx->ivSz == 0) {
ctx->ivSz = GCM_NONCE_MID_SZ;
}
ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
if (enc == 0 || enc == 1) {
ctx->enc = enc ? 1 : 0;
}
switch(ctx->cipherType) {
case ARIA_128_GCM_TYPE:
ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_128BITKEY);
break;
case ARIA_192_GCM_TYPE:
ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_192BITKEY);
break;
case ARIA_256_GCM_TYPE:
ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_256BITKEY);
break;
default:
WOLFSSL_MSG("Not implemented cipherType");
return WOLFSSL_NOT_IMPLEMENTED; /* This should never happen */
}
if (ret != 0) {
WOLFSSL_MSG(MC_GetErrorString(ret));
WOLFSSL_MSG(MC_GetError(ctx->cipher.aria.hSession));
return WOLFSSL_FAILURE;
}
if (key && wc_AriaSetKey(&ctx->cipher.aria, (byte *)key)) {
WOLFSSL_MSG("wc_AriaSetKey() failed");
return WOLFSSL_FAILURE;
}
if (iv && wc_AriaGcmSetExtIV(&ctx->cipher.aria, iv, ctx->ivSz)) {
WOLFSSL_MSG("wc_AriaGcmSetIV() failed");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
#endif /* HAVE_ARIA && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
* HAVE_FIPS_VERSION >= 2 */
/* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */
int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
const WOLFSSL_EVP_CIPHER* type, const byte* key,
@@ -7063,6 +7356,23 @@ void wolfSSL_EVP_init(void)
#endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AES_XTS */
#endif /* NO_AES */
#if defined(HAVE_ARIA)
if (ctx->cipherType == ARIA_128_GCM_TYPE ||
(type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))
|| ctx->cipherType == ARIA_192_GCM_TYPE ||
(type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))
|| ctx->cipherType == ARIA_256_GCM_TYPE ||
(type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))
) {
if (EvpCipherInitAriaGCM(ctx, type, key, iv, enc)
!= WOLFSSL_SUCCESS) {
return WOLFSSL_FAILURE;
}
}
#endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
* HAVE_FIPS_VERSION >= 2 */
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
if (ctx->cipherType == CHACHA20_POLY1305_TYPE ||
(type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20_POLY1305))) {
@@ -7440,6 +7750,15 @@ void wolfSSL_EVP_init(void)
#endif /* NO_AES */
#ifdef HAVE_ARIA
case ARIA_128_GCM_TYPE :
return NID_aria_128_gcm;
case ARIA_192_GCM_TYPE :
return NID_aria_192_gcm;
case ARIA_256_GCM_TYPE :
return NID_aria_256_gcm;
#endif
#ifndef NO_DES3
case DES_CBC_TYPE :
return NID_des_cbc;
@@ -7608,6 +7927,11 @@ void wolfSSL_EVP_init(void)
ctx->cipherType != AES_192_CCM_TYPE &&
ctx->cipherType != AES_256_CCM_TYPE
#endif
#ifdef HAVE_ARIA
&& ctx->cipherType != ARIA_128_GCM_TYPE &&
ctx->cipherType != ARIA_192_GCM_TYPE &&
ctx->cipherType != ARIA_256_GCM_TYPE
#endif
#ifdef WOLFSSL_SM4_GCM
&& ctx->cipherType != SM4_GCM_TYPE
#endif
@@ -7752,6 +8076,26 @@ void wolfSSL_EVP_init(void)
#endif /* WOLFSSL_AES_COUNTER */
#endif /* NO_AES */
#if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
|| FIPS_VERSION_GE(2,0))
case ARIA_128_GCM_TYPE :
case ARIA_192_GCM_TYPE :
case ARIA_256_GCM_TYPE :
WOLFSSL_MSG("ARIA GCM");
if (ctx->enc) {
ret = wc_AriaEncrypt(&ctx->cipher.aria, dst, src, len,
ctx->iv, ctx->ivSz, NULL, 0,
ctx->authTag, ctx->authTagSz);
}
else {
ret = wc_AriaDecrypt(&ctx->cipher.aria, dst, src, len,
ctx->iv, ctx->ivSz, NULL, 0,
ctx->authTag, ctx->authTagSz);
}
break;
#endif /* HAVE_ARIA&& ((!HAVE_FIPS && !HAVE_SELFTEST) ||
* HAVE_FIPS_VERSION >= 2 */
#ifndef NO_DES3
case DES_CBC_TYPE :
WOLFSSL_MSG("DES CBC");
@@ -8770,6 +9114,16 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
WOLFSSL_MSG("AES XTS");
return AES_BLOCK_SIZE;
#endif /* WOLFSSL_AES_XTS */
#ifdef HAVE_ARIA
case ARIA_128_GCM_TYPE :
case ARIA_192_GCM_TYPE :
case ARIA_256_GCM_TYPE :
WOLFSSL_MSG("ARIA GCM");
if (ctx->ivSz != 0) {
return ctx->ivSz;
}
return GCM_NONCE_MID_SZ;
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case CHACHA20_POLY1305_TYPE:
WOLFSSL_MSG("CHACHA20 POLY1305");
@@ -8896,6 +9250,14 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
#endif /* WOLFSSL_AES_XTS */
#endif
#ifdef HAVE_ARIA
if (XSTRCMP(name, EVP_ARIA_128_GCM) == 0)
return GCM_NONCE_MID_SZ;
if (XSTRCMP(name, EVP_ARIA_192_GCM) == 0)
return GCM_NONCE_MID_SZ;
if (XSTRCMP(name, EVP_ARIA_256_GCM) == 0)
return GCM_NONCE_MID_SZ;
#endif /* HAVE_ARIA */
#ifndef NO_DES3
if ((XSTRCMP(name, EVP_DES_CBC) == 0) ||

2
wolfcrypt/src/include.am
View File

@@ -63,6 +63,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/arm/armv8-aes.c \
wolfcrypt/src/port/arm/armv8-sha256.c \
wolfcrypt/src/port/arm/armv8-chacha.c \
wolfcrypt/src/port/aria/aria-crypt.c \
wolfcrypt/src/port/aria/aria-cryptocb.c \
wolfcrypt/src/port/nxp/ksdk_port.c \
wolfcrypt/src/port/nxp/dcp_port.c \
wolfcrypt/src/port/nxp/se050_port.c \

296
wolfcrypt/src/port/aria/aria-crypt.c Normal file
View File

@@ -0,0 +1,296 @@
/* aria-crypt.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides the interfaces to the ARIA cipher, an encryption algorithm
developed by the Korean Agency for Technology (KATS). It uses a 128-bit block
size and a key size of 128, 192, or 256 bits.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_ARIA
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/port/aria/aria-crypt.h>
/* return 0 on success or WC_INIT_E on failure */
int wc_AriaInitCrypt(wc_Aria* aria, MC_ALGID algo)
{
MC_RV rv = MC_OK;
MC_APIMODE gApimode = MC_MODE_KCMV;
MC_ALGMODE algMode = MC_ALGMODE_GCM;
MC_PADTYPE algPad = MC_PADTYPE_NONE;
if (aria == NULL)
return BAD_FUNC_ARG;
if (rv == MC_OK)
rv = MC_Initialize(NULL);
if (rv == MC_OK)
rv = wc_AriaFreeCrypt(aria);
if (rv == MC_OK)
rv = MC_OpenSession(&(aria->hSession));
if (rv == MC_OK)
rv = MC_SetApiMode(aria->hSession, gApimode);
if (rv == MC_OK)
rv = MC_SetOption(aria->hSession, algMode, algPad);
if (rv == MC_OK) {
aria->algo = algo;
XMEMSET(aria->nonce,0,sizeof(aria->nonce));
aria->nonceSz = 0;
}
if (rv != MC_OK) {
if (aria->hSession != NULL) {
MC_CloseSession(aria->hSession);
aria->hSession = NULL;
}
WOLFSSL_MSG(MC_GetErrorString(rv));
return WC_INIT_E;
}
return 0;
}
/* return 0 on success or BAD_STATE_E on failure */
int wc_AriaFreeCrypt(wc_Aria* aria)
{
MC_RV rv = MC_OK;
if (aria == NULL)
return 0;
if (aria->hKey != NULL) {
if (rv == MC_OK) rv = MC_DestroyObject(aria->hSession, aria->hKey);
if (rv == MC_OK) aria->hKey = NULL;
}
if (aria->hSession != NULL) {
if (rv == MC_OK) rv = MC_CloseSession(aria->hSession);
if (rv == MC_OK) aria->hSession = NULL;
}
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return BAD_STATE_E;
}
return 0;
}
/* return 0 on success or BAD_FUNC_ARG/PUBLIC_KEY_E on failure */
int wc_AriaSetKey(wc_Aria* aria, byte* key)
{
MC_RV rv = MC_OK;
MC_UINT keylen;
if (aria->algo == MC_ALGID_ARIA_128BITKEY) {
keylen = ARIA_128_KEY_SIZE;
} else if (aria->algo == MC_ALGID_ARIA_192BITKEY) {
keylen = ARIA_192_KEY_SIZE;
} else if (aria->algo == MC_ALGID_ARIA_256BITKEY) {
keylen = ARIA_256_KEY_SIZE;
} else {
WOLFSSL_MSG_EX("Unsupported algorithm: %d", aria->algo);
return PUBLIC_KEY_E;
}
if (aria->hKey != NULL) {
if (rv == MC_OK)
rv = MC_DestroyObject(aria->hSession, aria->hKey);
if (rv == MC_OK)
aria->hKey = NULL;
}
if (rv == MC_OK)
rv = MC_CreateObject(aria->hSession, (MC_UCHAR*)key, keylen, &(aria->hKey));
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return BAD_FUNC_ARG;
}
return 0;
}
static WARN_UNUSED_RESULT WC_INLINE int CheckAriaGcmIvSize(int ivSz) {
return (ivSz == GCM_NONCE_MIN_SZ ||
ivSz == GCM_NONCE_MID_SZ ||
ivSz == GCM_NONCE_MAX_SZ);
}
/* return 0 on success or BAD_FUNC_ARG on failure */
int wc_AriaGcmSetExtIV(wc_Aria* aria, const byte* iv, word32 ivSz)
{
int ret = 0;
if (aria == NULL || iv == NULL || !CheckAriaGcmIvSize((int)ivSz)) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
XMEMCPY((byte*)aria->nonce, iv, ivSz);
aria->nonceSz = ivSz;
}
return ret;
}
/* return 0 on success or BAD_FUNC_ARG on failure */
int wc_AriaGcmSetIV(wc_Aria* aria, word32 ivSz,
const byte* ivFixed, word32 ivFixedSz,
WC_RNG* rng)
{
int ret = 0;
if (aria == NULL || rng == NULL || !CheckAriaGcmIvSize((int)ivSz) ||
(ivFixed == NULL && ivFixedSz != 0) ||
(ivFixed != NULL && ivFixedSz != AES_IV_FIXED_SZ)) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
byte* iv = (byte*)aria->nonce;
if (ivFixedSz)
XMEMCPY(iv, ivFixed, ivFixedSz);
ret = wc_RNG_GenerateBlock(rng, iv + ivFixedSz, ivSz - ivFixedSz);
}
if (ret == 0) {
aria->nonceSz = ivSz;
}
return ret;
}
/* 'out' buffer is expected to be 'inSz + authTagSz'
* return 0 on success or BAD_FUNC_ARG/ENCRYPT_ERROR on failure */
int wc_AriaEncrypt(wc_Aria* aria, byte* out, byte* in, word32 inSz,
byte* iv, word32 ivSz, byte* aad, word32 aadSz,
byte* authTag, word32 authTagSz)
{
MC_RV rv = MC_OK;
MC_ALGPARAM param;
MC_UINT outSz = inSz + authTagSz;
MC_ALGORITHM mcAlg;
XMEMSET(&param,0,sizeof(MC_ALGPARAM));
param.pNonce = iv;
param.pAData = aad;
param.nNonce = ivSz;
param.nAData = aadSz;
param.nTLen = authTagSz;
param.nDataLen = inSz;
XMEMSET(&mcAlg,0,sizeof(MC_ALGORITHM));
mcAlg.mcAlgId = aria->algo;
mcAlg.pParam = (MC_UCHAR*)&param;
mcAlg.nParam = sizeof(param);
if (authTag == NULL || iv == NULL || authTagSz > ARIA_BLOCK_SIZE ||
authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ ||
ivSz == 0 || ivSz > ARIA_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}
if (out == NULL || in == NULL || inSz == 0) {
return BAD_FUNC_ARG;
}
if (out <= in + inSz && in <= out + inSz) { /* check for overlapping range */
return BAD_FUNC_ARG;
}
if (rv == MC_OK)
rv = MC_EncryptInit(aria->hSession, &mcAlg, aria->hKey);
if (rv == MC_OK)
rv = MC_Encrypt(aria->hSession, in, inSz, out, &outSz);
if (rv == MC_OK)
XMEMCPY(authTag, out + inSz, authTagSz);
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return ENCRYPT_ERROR;
}
return 0;
}
/* 'in' buffer is expected to be 'inSz + authTagSz'
* return 0 on success or BAD_FUNC_ARG/ENCRYPT_ERROR on failure */
int wc_AriaDecrypt(wc_Aria* aria, byte* out, byte* in, word32 inSz,
byte* iv, word32 ivSz, byte* aad, word32 aadSz,
byte* authTag, word32 authTagSz)
{
MC_RV rv = MC_OK;
MC_ALGPARAM param;
MC_UINT outSz = inSz;
MC_ALGORITHM mcAlg;
XMEMSET(&param,0,sizeof(MC_ALGPARAM));
param.pNonce = iv;
param.pAData = aad;
param.nNonce = ivSz;
param.nAData = aadSz;
param.nTLen = authTagSz;
param.nDataLen = inSz;
XMEMSET(&mcAlg,0,sizeof(MC_ALGORITHM));
mcAlg.mcAlgId = aria->algo;
mcAlg.pParam = (MC_UCHAR*)&param;
mcAlg.nParam = sizeof(param);
if (authTag == NULL || iv == NULL || authTagSz > ARIA_BLOCK_SIZE ||
authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ ||
ivSz == 0 || ivSz > ARIA_BLOCK_SIZE) {
return BAD_FUNC_ARG;
}
if (out == NULL || in == NULL || inSz == 0) {
return BAD_FUNC_ARG;
}
if (out <= in + inSz && in <= out + inSz) { /* check for overlapping range */
return BAD_FUNC_ARG;
}
if (rv == MC_OK)
rv = MC_DecryptInit(aria->hSession, &mcAlg, aria->hKey);
if (rv == MC_OK) {
XMEMCPY((byte*)in + inSz, authTag, authTagSz);
inSz += authTagSz;
}
if (rv == MC_OK)
rv = MC_Decrypt(aria->hSession, in, inSz, out, &outSz);
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return DECRYPT_ERROR;
}
return 0;
}
#endif /* HAVE_ARIA */

598
wolfcrypt/src/port/aria/aria-cryptocb.c Normal file
View File

@@ -0,0 +1,598 @@
/* aria-cryptocb.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
DESCRIPTION
This library provides the interfaces to the ARIA cipher, an encryption algorithm
developed by the Korean Agency for Technology (KATS). It uses a 128-bit block
size and a key size of 128, 192, or 256 bits.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_ARIA
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#include <wolfssl/wolfcrypt/port/aria/aria-cryptocb.h>
int wc_AriaInit(void)
{
MC_RV rv = MC_OK;
static char isInit = 0;
if (isInit == 0) {
if (rv == MC_OK)
rv = MC_Initialize(NULL);
if (rv == MC_OK)
isInit = 1;
#ifdef WOLF_CRYPTO_CB
if (rv == MC_OK) {
rv = wc_CryptoDev_RegisterDevice(WOLFSSL_ARIA_DEVID, wc_AriaCryptoCb, NULL);
}
#endif
}
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return WC_INIT_E;
}
return 0;
}
/* return 0 on success or WC_INIT_E on failure */
int wc_AriaInitSha(MC_HSESSION* hSession, MC_ALGID algo)
{
MC_RV rv = MC_OK;
MC_APIMODE gApimode = MC_MODE_KCMV;
MC_ALGORITHM mcAlg = {algo, NULL, 0};
WOLFSSL_MSG_EX("AriaInitSha(0x%X)",algo);
if (hSession == NULL) {
return BAD_FUNC_ARG;
}
if (rv == MC_OK)
rv = wc_AriaInit();
if (rv == MC_OK)
rv = MC_OpenSession(hSession);
if (rv == MC_OK)
rv = MC_SetApiMode(*hSession, gApimode);
if (rv == MC_OK)
rv = MC_DigestInit(*hSession, &mcAlg);
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return WC_INIT_E;
}
return 0;
}
/* return 0 on success or BAD_FUNC_ARG on failure */
int wc_AriaShaUpdate(MC_HSESSION hSession, byte* data, word32 len)
{
MC_RV rv = MC_OK;
WOLFSSL_ENTER("AriaShaUpdate");
if (data == NULL) {
return BAD_FUNC_ARG;
}
if (rv == MC_OK)
rv = MC_DigestUpdate(hSession, data, len);
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return BAD_FUNC_ARG;
}
return 0;
}
/* return 0 on success or BAD_FUNC_ARG on failure */
int wc_AriaShaFinal(MC_HSESSION hSession, byte* out, word32* len)
{
MC_RV rv = MC_OK;
WOLFSSL_ENTER("AriaShaFinal");
if (out == NULL || len == NULL) {
return BAD_FUNC_ARG;
}
/* Do an extra DigestUpdate noop just in case it is never explicitly called. */
if (rv == MC_OK)
rv = MC_DigestUpdate(hSession, NULL, 0);
if (rv == MC_OK)
rv = MC_DigestFinal(hSession, out, len);
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return BAD_FUNC_ARG;
}
/* WOLFSSL_MSG_EX("Digest len: %d", *len); */
return 0;
}
/* return 0 on success or BAD_STATE_E on failure */
int wc_AriaFree(MC_HSESSION* hSession, MC_HOBJECT *obj1)
{
MC_RV rv = MC_OK;
WOLFSSL_ENTER("AriaFree");
if (hSession == NULL && obj1 != NULL) {
return BAD_FUNC_ARG;
}
if (obj1 != NULL) {
if (rv == MC_OK)
rv = MC_DestroyObject(*hSession, *obj1);
if (rv == MC_OK)
*obj1 = NULL;
}
if (hSession != NULL) {
if (rv == MC_OK)
rv = MC_CloseSession(*hSession);
if (rv == MC_OK)
*hSession = NULL;
}
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return BAD_STATE_E;
}
return 0;
}
int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
{
MC_HOBJECT hPrikey = 0;
MC_HSESSION hSession = 0;
const ecc_set_type* dp;
MC_RV rv = MC_OK;
MC_APIMODE gApimode = MC_MODE_KCMV;
MC_ALGORITHM mcAlg = {MC_ALGID_NONE, NULL, 0};
byte keyAsn1[ARIA_KEYASN1_MAXSZ];
word32 keyAsn1Sz=(word32)sizeof(keyAsn1);
WOLFSSL_ENTER("AriaSign");
if (in == NULL || out == NULL || outSz == NULL || key == NULL) {
return BAD_FUNC_ARG;
}
if (rv == MC_OK)
rv = wc_AriaInit();
if (rv == MC_OK)
rv = MC_OpenSession(&hSession);
if (rv == MC_OK)
rv = MC_SetApiMode(hSession, gApimode);
if (rv == MC_OK) {
int ret = wc_BuildEccKeyDer(key,keyAsn1,&keyAsn1Sz,0,0);
if (ret < 0) { rv = ret; }
else { keyAsn1Sz = ret; }
}
WOLFSSL_MSG_EX("AriaSign key(%d):",keyAsn1Sz);
WOLFSSL_BUFFER(keyAsn1,keyAsn1Sz);
WOLFSSL_MSG_EX("AriaSign rv=%d",rv);
if (key->dp != NULL) {
dp = key->dp;
}
else {
dp = wc_ecc_get_curve_params(key->idx);
}
if (dp->id == ECC_SECP256R1) {
mcAlg.mcAlgId = MC_ALGID_SHA256WithECDSA_P256_r1;
} else if (dp->id == ECC_SECP224R1) {
mcAlg.mcAlgId = MC_ALGID_SHA256WithECDSA_P224_12;
} else {
rv = MC_ERR_UNSUPPORTED_ALGORITHM;
}
if (rv == MC_OK)
rv = MC_CreateObject(hSession, keyAsn1, keyAsn1Sz, &hPrikey);
WOLFSSL_MSG_EX("AriaSign CreateObject rv=%d",rv);
if (rv == MC_OK)
rv = MC_SignInit(hSession, &mcAlg, hPrikey);
WOLFSSL_MSG_EX("AriaSign SignInit rv=%d",rv);
if (rv == MC_OK)
rv = MC_Sign(hSession, in, inSz, out, outSz);
WOLFSSL_MSG_EX("AriaSign Sign rv=%d",rv);
wc_AriaFree(&hSession, &hPrikey);
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return BAD_STATE_E;
}
return 0;
}
int wc_AriaVerify(byte* sig, word32 sigSz, byte* hash, word32 hashSz,
int* res, ecc_key* key)
{
MC_HOBJECT hPubkey = 0;
MC_HSESSION hSession = 0;
const ecc_set_type* dp;
MC_RV rv = MC_OK;
MC_APIMODE gApimode = MC_MODE_KCMV;
MC_ALGORITHM mcAlg = {MC_ALGID_NONE, NULL, 0};
byte keyarr[ARIA_KEYASN1_MAXSZ];
word32 keySz=sizeof(keyarr);
WOLFSSL_ENTER("AriaVerify");
if (sig == NULL || hash == NULL || res == NULL || key == NULL) {
return BAD_FUNC_ARG;
}
*res = 0; /* Default to invalid signature */
if (rv == MC_OK)
rv = wc_AriaInit();
if (rv == MC_OK)
rv = MC_OpenSession(&hSession);
if (rv == MC_OK)
rv = MC_SetApiMode(hSession, gApimode);
if (rv == MC_OK) {
int ret = wc_EccPublicKeyToDer(key,keyarr,keySz,0);
if (ret < 0) { rv = ret; }
else { keySz = ret; }
}
WOLFSSL_MSG_EX("AriaVerify key(%d):",keySz);
WOLFSSL_BUFFER(keyarr,keySz);
WOLFSSL_MSG_EX("AriaVerify rv=%d",rv);
if (key->dp != NULL) {
dp = key->dp;
}
else {
dp = wc_ecc_get_curve_params(key->idx);
}
if (dp->id == ECC_SECP256R1) {
mcAlg.mcAlgId = MC_ALGID_SHA256WithECDSA_P256_r1;
} else if (dp->id == ECC_SECP224R1) {
mcAlg.mcAlgId = MC_ALGID_SHA256WithECDSA_P224_12;
} else {
rv = MC_ERR_UNSUPPORTED_ALGORITHM;
}
if (rv == MC_OK)
rv = MC_CreateObject(hSession, keyarr, keySz, &hPubkey);
WOLFSSL_MSG_EX("AriaVerify CreateObject rv=%d",rv);
if (rv == MC_OK)
rv = MC_VerifyInit(hSession, &mcAlg, hPubkey);
WOLFSSL_MSG_EX("AriaVerify VerifyInit rv=%d",rv);
if (rv == MC_OK)
rv = MC_Verify(hSession, hash, hashSz, sig, sigSz);
WOLFSSL_MSG_EX("AriaVerify Verify rv=%d",rv);
wc_AriaFree(&hSession, &hPubkey);
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return BAD_STATE_E;
}
*res = 1; /* Valid signature */
return 0;
}
int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
byte* out, word32* outSz)
{
MC_HOBJECT hPrikey = 0;
MC_HSESSION hSession = 0;
const ecc_set_type* dp;
MC_RV rv = MC_OK;
MC_APIMODE gApimode = MC_MODE_KCMV;
MC_ALGORITHM mcAlg = {MC_ALGID_NONE, NULL, 0};
byte pubAsn1[ARIA_KEYASN1_MAXSZ];
word32 pubAsn1Sz=sizeof(pubAsn1);
byte privAsn1[ARIA_KEYASN1_MAXSZ];
word32 privAsn1Sz=sizeof(privAsn1);
WOLFSSL_ENTER("AriaDerive");
if (private_key == NULL || public_key == NULL ||
out == NULL || outSz == NULL) {
return BAD_FUNC_ARG;
}
if (rv == MC_OK)
rv = wc_AriaInit();
if (rv == MC_OK)
rv = MC_OpenSession(&hSession);
if (rv == MC_OK)
rv = MC_SetApiMode(hSession, gApimode);
if (rv == MC_OK) {
int ret = wc_EccPublicKeyToDer(public_key,pubAsn1,pubAsn1Sz,0);
if (ret < 0) {
rv = ret;
} else {
pubAsn1Sz = ret;
}
WOLFSSL_MSG_EX("AriaDerive PublicKeyToDer ret=%d",ret);
}
WOLFSSL_MSG_EX("AriaVerify pubAsn1(%d):",pubAsn1Sz);
WOLFSSL_BUFFER(pubAsn1,pubAsn1Sz);
mcAlg.pParam=pubAsn1;
mcAlg.nParam=pubAsn1Sz;
if (rv == MC_OK) {
int ret = wc_BuildEccKeyDer(private_key,privAsn1,&privAsn1Sz,0,0);
if (ret < 0) {
rv = ret;
} else {
privAsn1Sz = ret;
}
WOLFSSL_MSG_EX("AriaDerive PrivateKeyToDer ret=%d",ret);
}
WOLFSSL_MSG_EX("AriaVerify privAsn1(%d):",privAsn1Sz);
WOLFSSL_BUFFER(privAsn1,privAsn1Sz);
if (private_key->dp != NULL) {
dp = private_key->dp;
}
else {
dp = wc_ecc_get_curve_params(private_key->idx);
}
if (dp->id == ECC_SECP256R1) {
mcAlg.mcAlgId = MC_ALGID_ECDH_P256_r1;
} else if (dp->id == ECC_SECP224R1) {
mcAlg.mcAlgId = MC_ALGID_ECDH_P224_12;
} else {
rv = MC_ERR_UNSUPPORTED_ALGORITHM;
}
if (rv == MC_OK)
rv = MC_CreateObject(hSession, privAsn1, privAsn1Sz, &hPrikey);
WOLFSSL_MSG_EX("AriaDerive CreateObject rv=%d",rv);
if (rv == MC_OK)
rv = MC_DeriveKey(hSession, &mcAlg, hPrikey, out, outSz);
WOLFSSL_MSG_EX("AriaDerive DeriveKey rv=%d",rv);
wc_AriaFree(&hSession, &hPrikey);
if (rv != MC_OK) {
WOLFSSL_MSG(MC_GetErrorString(rv));
return BAD_STATE_E;
}
return 0;
}
#ifdef WOLF_CRYPTO_CB
static void printOutput(const char* strName, unsigned char* data,
unsigned int dataSz)
{
#ifdef DEBUG_WOLFSSL
WOLFSSL_MSG_EX("%s (%d):", strName,dataSz);
WOLFSSL_BUFFER(data,dataSz);
#else
#if 0
unsigned int i;
int line = 1;
printf("%s:\n",strName);
printf(" ");
for(i=1; i<=dataSz; i++)
{
printf(",0x%02X", data[i-1]);
if(!(i%16) && i!= dataSz) printf("\n ");
else if(!(i%4)) printf(" ");
}
printf("\n");
#else
(void)strName;
(void)data;
(void)dataSz;
#endif
#endif
}
int wc_AriaCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
{
int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */
(void)ctx;
if (info == NULL)
return BAD_FUNC_ARG;
#ifdef DEBUG_CRYPTOCB
wc_CryptoCb_InfoString(info);
#endif
if (info->algo_type == WC_ALGO_TYPE_PK) {
if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
/* set devId to invalid, so software is used */
info->pk.eccsign.key->devId = INVALID_DEVID;
printOutput((char *)"eccsign.in (before)",
(byte *)info->pk.eccsign.in,info->pk.eccsign.inlen);
printOutput((char *)"eccsign.out(before)",
(byte *)info->pk.eccsign.out,*(info->pk.eccsign.outlen));
printOutput((char *)"eccsign.key(before)",
(byte *)info->pk.eccsign.key,sizeof(info->pk.eccsign.key));
byte buf[ARIA_KEYASN1_MAXSZ];
word32 bufSz = sizeof(buf);
ret = wc_AriaSign((byte *)info->pk.eccsign.in,info->pk.eccsign.inlen,
buf,&bufSz,
info->pk.eccsign.key);
if (ret != 0) {
ret = CRYPTOCB_UNAVAILABLE;
} else {
memcpy(info->pk.eccsign.out, buf, bufSz);
*(info->pk.eccsign.outlen) = bufSz;
}
printOutput((char *)"eccsign.in (after)",
(byte *)info->pk.eccsign.in,info->pk.eccsign.inlen);
printOutput((char *)"eccsign.out(after)",
(byte *)info->pk.eccsign.out,*(info->pk.eccsign.outlen));
printOutput((char *)"eccsign.key(after)",
(byte *)info->pk.eccsign.key,sizeof(info->pk.eccsign.key));
/* reset devId */
info->pk.eccsign.key->devId = devIdArg;
}
else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
/* set devId to invalid, so software is used */
info->pk.eccverify.key->devId = INVALID_DEVID;
printOutput((char *)"eccverify.sig (before)",
(byte *)info->pk.eccverify.sig,info->pk.eccverify.siglen);
printOutput((char *)"eccverify.hash(before)",
(byte *)info->pk.eccverify.hash,info->pk.eccverify.hashlen);
printOutput((char *)"eccverify.key (before)",
(byte *)info->pk.eccverify.key,sizeof(info->pk.eccverify.key));
ret = wc_AriaVerify((byte *)info->pk.eccverify.sig,info->pk.eccverify.siglen,
(byte *)info->pk.eccverify.hash, info->pk.eccverify.hashlen,
info->pk.eccverify.res, info->pk.eccverify.key);
printOutput((char *)"eccverify.sig (after)",
(byte *)info->pk.eccverify.sig,info->pk.eccverify.siglen);
printOutput((char *)"eccverify.hash(after)",
(byte *)info->pk.eccverify.hash,info->pk.eccverify.hashlen);
printOutput((char *)"eccverify.key (after)",
(byte *)info->pk.eccverify.key,sizeof(info->pk.eccverify.key));
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
/* reset devId */
info->pk.eccverify.key->devId = devIdArg;
}
else if (info->pk.type == WC_PK_TYPE_ECDH) {
/* set devId to invalid, so software is used */
info->pk.ecdh.private_key->devId = INVALID_DEVID;
ret = wc_AriaDerive(
info->pk.ecdh.private_key, info->pk.ecdh.public_key,
info->pk.ecdh.out, info->pk.ecdh.outlen);
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
/* reset devId */
info->pk.ecdh.private_key->devId = devIdArg;
}
}
else if (info->algo_type == WC_ALGO_TYPE_HASH) {
if (info->hash.type == WC_HASH_TYPE_SHA256) {
if (info->hash.sha256 == NULL)
return CRYPTOCB_UNAVAILABLE;
/* set devId to invalid, so software is used */
info->hash.sha256->devId = INVALID_DEVID;
if (info->hash.sha256->hSession == NULL) {
ret = wc_AriaInitSha(&(info->hash.sha256->hSession), MC_ALGID_SHA256);
}
if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
&& (info->hash.in != NULL)) {
ret = wc_AriaShaUpdate(info->hash.sha256->hSession,
(byte *) info->hash.in, info->hash.inSz);
}
if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
&& (info->hash.digest != NULL)) {
MC_UINT digestSz = 32;
ret = wc_AriaShaFinal(info->hash.sha256->hSession,
info->hash.digest, &digestSz);
if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
ret = wc_AriaFree(&(info->hash.sha256->hSession),NULL);
}
if (ret != 0)
ret = CRYPTOCB_UNAVAILABLE;
/* reset devId */
info->hash.sha256->devId = devIdArg;
}
else if (info->hash.type == WC_HASH_TYPE_SHA384) {
if (info->hash.sha384 == NULL)
return CRYPTOCB_UNAVAILABLE;
/* set devId to invalid, so software is used */
info->hash.sha384->devId = INVALID_DEVID;
if (info->hash.sha384->hSession == NULL) {
ret = wc_AriaInitSha(&(info->hash.sha384->hSession), MC_ALGID_SHA384);
}
if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
&& (info->hash.in != NULL)) {
ret = wc_AriaShaUpdate(info->hash.sha384->hSession,
(byte *) info->hash.in, info->hash.inSz);
}
if (((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
&& (info->hash.digest != NULL)) {
MC_UINT digestSz = 48;
ret = wc_AriaShaFinal(info->hash.sha384->hSession,
info->hash.digest, &digestSz);
if ((ret == 0) || (ret == CRYPTOCB_UNAVAILABLE))
ret = wc_AriaFree(&(info->hash.sha384->hSession),NULL);
}
if (ret != 0) ret = CRYPTOCB_UNAVAILABLE;
/* reset devId */
info->hash.sha384->devId = devIdArg;
}
}
return ret;
}
#endif /* WOLF_CRYPTO_CB */
#endif /* HAVE_ARIA */

18
wolfcrypt/src/sha256.c
View File

@@ -266,6 +266,10 @@ static int InitSha256(wc_Sha256* sha256)
XMEMSET(&sha256->maxq_ctx, 0, sizeof(sha256->maxq_ctx));
#endif
#ifdef HAVE_ARIA
sha256->hSession = NULL;
#endif
return ret;
}
#endif
@@ -1831,6 +1835,13 @@ void wc_Sha256Free(wc_Sha256* sha256)
wc_MAXQ10XX_Sha256Free(sha256);
#endif
#ifdef HAVE_ARIA
if (sha256->hSession != NULL) {
MC_CloseSession(sha256->hSession);
sha256->hSession = NULL;
}
#endif
/* Espressif embedded hardware acceleration specific: */
#if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)
if (sha256->ctx.lockDepth > 0) {
@@ -2085,6 +2096,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
esp_sha256_ctx_copy(src, dst);
#endif
#ifdef HAVE_ARIA
dst->hSession = NULL;
if((src->hSession != NULL) && (MC_CopySession(src->hSession, &(dst->hSession)) != MC_OK)) {
return MEMORY_E;
}
#endif
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif

18
wolfcrypt/src/sha512.c
View File

@@ -1364,6 +1364,10 @@ static int InitSha384(wc_Sha384* sha384)
sha384->flags = 0;
#endif
#ifdef HAVE_ARIA
sha384->hSession = NULL;
#endif
#ifdef WOLFSSL_HASH_KEEP
sha384->msg = NULL;
sha384->len = 0;
@@ -1549,6 +1553,13 @@ void wc_Sha384Free(wc_Sha384* sha384)
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
wolfAsync_DevCtxFree(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384);
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef HAVE_ARIA
if (sha384->hSession != NULL) {
MC_CloseSession(sha384->hSession);
sha384->hSession = NULL;
}
#endif
}
#endif /* WOLFSSL_SHA384 */
@@ -1882,6 +1893,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
esp_sha384_ctx_copy(src, dst);
#endif
#ifdef HAVE_ARIA
dst->hSession = NULL;
if((src->hSession != NULL) && (MC_CopySession(src->hSession, &(dst->hSession)) != MC_OK)) {
return MEMORY_E;
}
#endif
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif

9
wolfcrypt/src/wc_port.c
View File

@@ -85,6 +85,9 @@
#if defined(WOLFSSL_CAAM)
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#endif
#if defined(HAVE_ARIA)
#include <wolfssl/wolfcrypt/port/aria/aria-cryptocb.h>
#endif
#if defined(WOLFSSL_DEVCRYPTO)
#include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
#endif
@@ -367,6 +370,12 @@ int wolfCrypt_Init(void)
}
#endif
#if defined(HAVE_ARIA)
if ((ret = wc_AriaInit()) != 0) {
return ret;
}
#endif
#ifdef WOLFSSL_IMXRT_DCP
if ((ret = wc_dcp_init()) != 0) {
return ret;

102
wolfcrypt/test/test.c
View File

@@ -628,6 +628,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void);
#ifdef WOLFSSL_CAAM_BLOB
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void);
#endif
#ifdef HAVE_ARIA
#include "wolfssl/wolfcrypt/port/aria/aria-crypt.h"
void printOutput(const char *strName, unsigned char *data, unsigned int dataSz);
WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID);
#endif
#ifdef WOLF_CRYPTO_CB
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void);
@@ -1387,6 +1392,23 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
#endif
#endif
#ifdef HAVE_ARIA
if ( (ret = ariagcm_test(MC_ALGID_ARIA_128BITKEY)) != 0)
TEST_FAIL("ARIA128 test failed!\n", ret);
else
TEST_PASS("ARIA128 test passed!\n");
if ( (ret = ariagcm_test(MC_ALGID_ARIA_192BITKEY)) != 0)
TEST_FAIL("ARIA192 test failed!\n", ret);
else
TEST_PASS("ARIA192 test passed!\n");
if ( (ret = ariagcm_test(MC_ALGID_ARIA_256BITKEY)) != 0)
TEST_FAIL("ARIA256 test failed!\n", ret);
else
TEST_PASS("ARIA256 test passed!\n");
#endif
#ifdef HAVE_CAMELLIA
if ( (ret = camellia_test()) != 0)
TEST_FAIL("CAMELLIA test failed!\n", ret);
@@ -13007,6 +13029,86 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
#endif /* NO_AES */
#ifdef HAVE_ARIA
void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
{
#ifndef DEBUG_WOLFSSL
(void)strName;
(void)data;
(void)dataSz;
#else
WOLFSSL_MSG_EX("%s (%d):", strName,dataSz);
WOLFSSL_BUFFER(data,dataSz);
#endif
}
WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
{
int ret = 0;
byte data[] = TEST_STRING;
word32 dataSz = TEST_STRING_SZ;
/* Arbitrarily random long key that we will truncate to the right size */
byte key[] = { 0x1E, 0xCC, 0x95, 0xCB, 0xD3, 0x74, 0x58, 0x4F,
0x6F, 0x8A, 0x70, 0x26, 0xF7, 0x3C, 0x8D, 0xB6,
0xDC, 0x32, 0x76, 0x20, 0xCF, 0x05, 0x4A, 0xCF,
0x11, 0x86, 0xCD, 0x23, 0x5E, 0xC1, 0x6E, 0x2B };
byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[AES_BLOCK_SIZE];
word32 keySz, adSz = 256, authTagSz = sizeof(authTag);
wc_Aria aria;
XMEMSET((void *)&aria, 0, sizeof(aria));
ret = wc_AriaInitCrypt(&aria, algo);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
ret = wc_AriaSetKey(&aria, key);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
MC_GetObjectValue(aria.hSession, aria.hKey, key, &keySz);
printOutput("Key", key, keySz);
WC_RNG rng;
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AriaGcmSetIV(&aria, GCM_NONCE_MID_SZ, NULL, 0, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
wc_FreeRng(&rng);
printOutput("Plaintext", data, sizeof(data));
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AriaEncrypt(&aria, cipher, data, dataSz,
(byte *)aria.nonce, aria.nonceSz, ad, adSz,
authTag, authTagSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
printOutput("Ciphertext", cipher, sizeof(cipher));
printOutput("AuthTag", authTag, sizeof(authTag));
XMEMSET(plain, 0, sizeof(plain));
ret = wc_AriaDecrypt(&aria, plain, cipher, dataSz,
(byte *)aria.nonce, aria.nonceSz, ad, adSz,
authTag, authTagSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
printOutput("Plaintext", plain, sizeof(plain));
if (XMEMCMP(plain, data, dataSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC,out);
out:
if (ret != 0) { wc_AriaFreeCrypt(&aria); }
else { ret = wc_AriaFreeCrypt(&aria); }
return ret;
}
#endif /* HAVE_ARIA */
#ifdef HAVE_CAMELLIA

29
wolfssl/internal.h
View File

@@ -55,6 +55,9 @@
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && defined(OPENSSL_EXTRA)
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#endif
#ifdef HAVE_ARIA
#include <wolfssl/wolfcrypt/port/aria/aria-crypt.h>
#endif
#ifdef HAVE_CAMELLIA
#include <wolfssl/wolfcrypt/camellia.h>
#endif
@@ -649,6 +652,10 @@
#endif
#endif
#endif /* NO_AES */
#ifdef HAVE_ARIA
#define BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
#define BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
#endif /* HAVE_ARIA */
#if !defined(NO_RC4) && !defined(WSSL_HARDEN_TLS)
/* MUST NOT negotiate RC4 cipher suites
* https://www.rfc-editor.org/rfc/rfc9325#section-4.1 */
@@ -954,6 +961,11 @@
#define NO_AESGCM_AEAD
#endif
#if defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256) || \
defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384)
#define BUILD_ARIA
#endif
#if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
@@ -999,6 +1011,7 @@
#if defined(WOLFSSL_MAX_STRENGTH) || \
(defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \
defined(HAVE_AESCCM) || \
defined(HAVE_ARIA) || \
(defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
!defined(NO_CHAPOL_AEAD)) || \
defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
@@ -1178,6 +1191,12 @@ enum {
TLS_SHA256_SHA256 = 0xB4,
TLS_SHA384_SHA384 = 0xB5,
/* ARIA-GCM, first byte is 0xC0 (ECC_BYTE)
* See: https://www.rfc-editor.org/rfc/rfc6209.html#section-5
*/
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0x5c,
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0x5d,
/* TLS v1.3 SM cipher suites - 0x00 (CIPHER_BYTE) is first byte */
TLS_SM4_GCM_SM3 = 0xC6,
TLS_SM4_CCM_SM3 = 0xC7,
@@ -4010,8 +4029,8 @@ enum CipherType { aead };
#endif
#if defined(BUILD_AES) || defined(BUILD_AESGCM) || (defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13)
#if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA) || \
(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13)
#define CIPHER_NONCE
#endif
@@ -4040,10 +4059,12 @@ typedef struct Ciphers {
#endif
#if defined(BUILD_AES) || defined(BUILD_AESGCM)
Aes* aes;
#if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && \
!defined(WOLFSSL_NO_TLS12)
#endif
#if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && !defined(WOLFSSL_NO_TLS12)
byte* additional;
#endif
#ifdef HAVE_ARIA
wc_Aria* aria;
#endif
#ifdef CIPHER_NONCE
byte* nonce;

27
wolfssl/openssl/evp.h
View File

@@ -68,6 +68,10 @@
#include <wolfssl/wolfcrypt/coding.h>
#endif
#ifdef HAVE_ARIA
#include <wolfssl/wolfcrypt/port/aria/aria-crypt.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
@@ -142,6 +146,11 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ccm(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void);
#if defined(HAVE_ARIA)
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aria_128_gcm(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aria_192_gcm(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aria_256_gcm(void);
#endif
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void);
@@ -236,6 +245,9 @@ typedef union {
XtsAes xts;
#endif
#endif
#ifdef HAVE_ARIA
wc_Aria aria;
#endif
#ifndef NO_DES3
Des des;
Des3 des3;
@@ -381,6 +393,9 @@ typedef union {
#define NID_auth_null 1054
#define NID_auth_any 1055
/* Curve */
#define NID_aria_128_gcm 1123
#define NID_aria_192_gcm 1124
#define NID_aria_256_gcm 1125
#define NID_sm2 1172
#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC
@@ -446,7 +461,10 @@ enum {
SM4_CBC_TYPE = 44,
SM4_CTR_TYPE = 45,
SM4_GCM_TYPE = 46,
SM4_CCM_TYPE = 47
SM4_CCM_TYPE = 47,
ARIA_128_GCM_TYPE = 48,
ARIA_192_GCM_TYPE = 49,
ARIA_256_GCM_TYPE = 50
};
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
@@ -490,10 +508,10 @@ struct WOLFSSL_EVP_CIPHER_CTX {
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
byte* key; /* used in partial Init()s */
#endif
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA)
ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
#elif defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
ALIGN16 unsigned char authTag[SM4_BLOCK_SIZE];
@@ -973,6 +991,9 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
#define EVP_rc4 wolfSSL_EVP_rc4
#define EVP_chacha20 wolfSSL_EVP_chacha20
#define EVP_chacha20_poly1305 wolfSSL_EVP_chacha20_poly1305
#define EVP_aria_128_gcm wolfSSL_EVP_aria_128_gcm
#define EVP_aria_192_gcm wolfSSL_EVP_aria_192_gcm
#define EVP_aria_256_gcm wolfSSL_EVP_aria_256_gcm
#define EVP_sm4_ecb wolfSSL_EVP_sm4_ecb
#define EVP_sm4_cbc wolfSSL_EVP_sm4_cbc
#define EVP_sm4_ctr wolfSSL_EVP_sm4_ctr

3
wolfssl/ssl.h
View File

@@ -3242,7 +3242,8 @@ enum BulkCipherAlgorithm {
wolfssl_camellia = 10,
wolfssl_sm4_cbc = 11,
wolfssl_sm4_gcm = 12,
wolfssl_sm4_ccm = 13
wolfssl_sm4_ccm = 13,
wolfssl_aria_gcm = 14
};

2
wolfssl/wolfcrypt/asn_public.h
View File

@@ -747,6 +747,8 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
WOLFSSL_ABI
WOLFSSL_API int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx,
ecc_key* key, word32 inSz);
WOLFSSL_LOCAL int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
int pubIn, int curveIn);
WOLFSSL_ABI
WOLFSSL_API int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen);
WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output,

7
wolfssl/wolfcrypt/include.am
View File

@@ -81,6 +81,8 @@ nobase_include_HEADERS+= \
wolfssl/wolfcrypt/sm4.h
noinst_HEADERS+= \
wolfssl/wolfcrypt/port/aria/aria-crypt.h \
wolfssl/wolfcrypt/port/aria/aria-cryptocb.h \
wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \
wolfssl/wolfcrypt/port/ti/ti-hash.h \
wolfssl/wolfcrypt/port/ti/ti-ccm.h \
@@ -130,6 +132,11 @@ if BUILD_DEVCRYPTO
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h
endif
if BUILD_ARIA
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/aria/aria-crypt.h
nobase_include_HEADERS+= wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
endif
if BUILD_ASYNCCRYPT
nobase_include_HEADERS+= wolfssl/wolfcrypt/async.h
endif

80
wolfssl/wolfcrypt/port/aria/aria-crypt.h Normal file
View File

@@ -0,0 +1,80 @@
/* aria-crypt.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/port/aria/aria-crypt.h
*/
/*
DESCRIPTION
This library provides the interfaces to the ARIA cipher implementation for
encrypting and decrypting data.
*/
#ifndef WOLF_CRYPT_ARIA_CRYPT_H
#define WOLF_CRYPT_ARIA_CRYPT_H
#include <wolfssl/wolfcrypt/types.h>
#ifdef __cplusplus
extern "C" {
#endif
#include "mcapi.h"
#include "mcapi_error.h"
#define ARIA_128_KEY_SIZE 16
#define ARIA_192_KEY_SIZE 24
#define ARIA_256_KEY_SIZE 32
#define ARIA_BLOCK_SIZE 16
#define ARIA_GCM_AUTH_SZ 16
#define WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(x) (x+ARIA_GCM_AUTH_SZ)
typedef struct {
MC_HSESSION hSession;
MC_ALGID algo;
MC_HOBJECT hKey;
word32 nonce[ARIA_BLOCK_SIZE / sizeof(word32)];
word32 nonceSz;
} wc_Aria;
WOLFSSL_API int wc_AriaInitCrypt(wc_Aria* aria, MC_ALGID algo);
WOLFSSL_API int wc_AriaFreeCrypt(wc_Aria* aria);
WOLFSSL_API int wc_AriaSetKey(wc_Aria* aria, byte* key);
WOLFSSL_API int wc_AriaGcmSetExtIV(wc_Aria* aria, const byte* iv, word32 ivSz);
WOLFSSL_API int wc_AriaGcmSetIV(wc_Aria* aria, word32 ivSz,
const byte* ivFixed, word32 ivFixedSz,
WC_RNG* rng);
WOLFSSL_API int wc_AriaEncrypt(wc_Aria *aria, byte* out, byte* in, word32 inSz,
byte* iv, word32 ivSz, byte* aad, word32 aadSz,
byte* authTag, word32 authTagSz);
WOLFSSL_API int wc_AriaDecrypt(wc_Aria *aria, byte* out, byte* in, word32 inSz,
byte* iv, word32 ivSz, byte* aad, word32 aadSz,
byte* authTag, word32 authTagSz);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_ARIA_CRYPT_H */

69
wolfssl/wolfcrypt/port/aria/aria-cryptocb.h Normal file
View File

@@ -0,0 +1,69 @@
/* aria-cryptocb.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/port/aria/aria-cryptocb.h
*/
/*
DESCRIPTION
This library provides the interfaces to the ARIA cipher implementation for
signing, verifying and hashing data.
*/
#ifndef WOLF_CRYPT_ARIA_CRYPTOCB_H
#define WOLF_CRYPT_ARIA_CRYPTOCB_H
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/cryptocb.h>
#ifdef __cplusplus
extern "C" {
#endif
#include "mcapi.h"
#include "mcapi_error.h"
int wc_AriaInit(void);
int wc_AriaInitSha(MC_HSESSION* hSession, MC_ALGID algo);
int wc_AriaShaUpdate(MC_HSESSION hSession, byte* data, word32 len);
int wc_AriaShaFinal(MC_HSESSION hSession, byte* out, word32* len);
int wc_AriaFree(MC_HSESSION* hSession, MC_HOBJECT *obj1);
int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key);
int wc_AriaVerify(byte* sig, word32 sigSz, byte* hash, word32 hashSz, int* res, ecc_key* key);
int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key, byte* out, word32* outSz);
#ifndef ARIA_KEYASN1_MAXSZ
#define ARIA_KEYASN1_MAXSZ 128
#endif
#ifdef WOLF_CRYPTO_CB
#define WOLFSSL_ARIA_DEVID 8
int wc_AriaCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_ARIA_CRYPTOCB_H */

9
wolfssl/wolfcrypt/sha256.h
View File

@@ -169,6 +169,11 @@ enum {
#include <wolfssl/wolfcrypt/port/maxim/maxq10xx.h>
#endif
#ifdef HAVE_ARIA
#include "mcapi.h"
#include "mcapi_error.h"
#endif
/* wc_Sha256 digest */
struct wc_Sha256 {
#ifdef FREESCALE_LTC_SHA
@@ -235,6 +240,9 @@ struct wc_Sha256 {
caam_hash_ctx_t ctx;
caam_handle_t hndl;
#endif
#ifdef HAVE_ARIA
MC_HSESSION hSession;
#endif
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
@@ -329,4 +337,3 @@ WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst);
#endif /* NO_SHA256 */
#endif /* WOLF_CRYPT_SHA256_H */

8
wolfssl/wolfcrypt/sha512.h
View File

@@ -150,6 +150,10 @@ enum {
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
#include "wolfssl/wolfcrypt/port/nxp/se050_port.h"
#endif
#ifdef HAVE_ARIA
#include "mcapi.h"
#include "mcapi_error.h"
#endif
/* wc_Sha512 digest */
struct wc_Sha512 {
#ifdef WOLFSSL_PSOC6_CRYPTO
@@ -201,6 +205,9 @@ struct wc_Sha512 {
caam_hash_ctx_t ctx;
caam_handle_t hndl;
#endif
#ifdef HAVE_ARIA
MC_HSESSION hSession;
#endif
#endif /* WOLFSSL_PSOC6_CRYPTO */
};
@@ -342,4 +349,3 @@ WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst);
#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
#endif /* WOLF_CRYPT_SHA512_H */