From a0254178772a8505934fd077111b58a4fc0ed16c Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 30 Jun 2017 11:35:51 -0700 Subject: [PATCH] Fix issue with QAT and DH operations where key size is larger than block size. Fix issue with DhAgree in TLS not setting agreeSz, which caused result to not be returned. Renamed the internal.c HashType to HashAlgoToType static function because of name conflict with Cavium. Optimize the Hmac struct to replace keyRaw with ipad. Enable RNG HW for benchmark. Fixed missing AES free in AES 192/256 tests. --- src/internal.c | 26 ++++++++++++++------------ wolfcrypt/benchmark/benchmark.c | 2 +- wolfcrypt/src/hmac.c | 22 +++++++++++++++++----- wolfcrypt/test/test.c | 15 +++++++++++++-- wolfssl/wolfcrypt/hmac.h | 3 +-- 5 files changed, 46 insertions(+), 22 deletions(-) diff --git a/src/internal.c b/src/internal.c index 79283d3da..b7956639f 100755 --- a/src/internal.c +++ b/src/internal.c @@ -2673,7 +2673,7 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) #if !defined(NO_DH) || defined(HAVE_ECC) -static enum wc_HashType HashType(int hashAlgo) +static enum wc_HashType HashAlgoToType(int hashAlgo) { switch (hashAlgo) { #ifdef WOLFSSL_SHA512 @@ -17070,7 +17070,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, DecodeSigAlg(&input[args->idx], &args->hashAlgo, &args->sigAlgo); args->idx += 2; - hashType = HashType(args->hashAlgo); + hashType = HashAlgoToType(args->hashAlgo); if (hashType == WC_HASH_TYPE_NONE) { ERROR_OUT(ALGO_ID_E, exit_dske); } @@ -17343,10 +17343,10 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifdef WC_RSA_PSS case rsa_pss_sa_algo: ret = wc_RsaPSS_CheckPadding( - ssl->buffers.digest.buffer, - ssl->buffers.digest.length, - args->output, args->sigSz, - HashType(args->hashAlgo)); + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, + args->output, args->sigSz, + HashAlgoToType(args->hashAlgo)); if (ret != 0) return ret; break; @@ -18190,6 +18190,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key, ssl->buffers.sig.buffer, &ssl->buffers.sig.length, args->encSecret, &args->encSz); + + ssl->arrays->preMasterSz = ENCRYPT_LEN; break; } #endif /* !NO_DH */ @@ -20547,7 +20549,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, &args->output[args->idx]); args->idx += 2; - hashType = HashType(ssl->suites->hashAlgo); + hashType = HashAlgoToType(ssl->suites->hashAlgo); if (hashType == WC_HASH_TYPE_NONE) { ERROR_OUT(ALGO_ID_E, exit_sske); } @@ -20790,7 +20792,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, &args->output[args->idx]); args->idx += 2; - hashType = HashType(ssl->suites->hashAlgo); + hashType = HashAlgoToType(ssl->suites->hashAlgo); if (hashType == WC_HASH_TYPE_NONE) { ERROR_OUT(ALGO_ID_E, exit_sske); } @@ -22385,10 +22387,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, SetDigest(ssl, args->hashAlgo); ret = wc_RsaPSS_CheckPadding( - ssl->buffers.digest.buffer, - ssl->buffers.digest.length, - args->output, args->sigSz, - HashType(args->hashAlgo)); + ssl->buffers.digest.buffer, + ssl->buffers.digest.length, + args->output, args->sigSz, + HashAlgoToType(args->hashAlgo)); if (ret != 0) return ret; } diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 08d022781..c30b6779a 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -711,7 +711,7 @@ static void* benchmarks_do(void* args) int rngRet; #ifndef HAVE_FIPS - rngRet = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID); + rngRet = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else rngRet = wc_InitRng(&rng); #endif diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 97fa2e2e0..886a838c1 100755 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -261,18 +261,18 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { - #if defined(HAVE_CAVIUM) || defined(HAVE_INTEL_QA) + #if defined(HAVE_CAVIUM) if (length > HMAC_BLOCK_SIZE) { return WC_KEY_SIZE_E; } if (key != NULL) { - XMEMCPY(hmac->keyRaw, key, length); + XMEMCPY(hmac->ipad, key, length); } hmac->keyLen = (word16)length; return 0; /* nothing to do here */ - #endif /* HAVE_CAVIUM || HAVE_INTEL_QA */ + #endif /* HAVE_CAVIUM */ } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -440,6 +440,18 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) return BAD_FUNC_ARG; } +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_HMAC) + if (hmac->asyncDev.marker == WOLFSSL_ASYNC_MARKER_HMAC) { + if (length > hmac_block_size) + length = hmac_block_size; + /* update key length */ + hmac->keyLen = (word16)length; + + return ret; + /* no need to pad below */ + } +#endif + if (ret == 0) { if (length < hmac_block_size) XMEMSET(ip + length, 0, hmac_block_size - length); @@ -532,7 +544,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) return NitroxHmacUpdate(hmac, msg, length); #elif defined(HAVE_INTEL_QA) return IntelQaHmac(&hmac->asyncDev, hmac->macType, - hmac->keyRaw, hmac->keyLen, NULL, msg, length); + (byte*)hmac->ipad, hmac->keyLen, NULL, msg, length); #endif } #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -611,7 +623,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) return NitroxHmacFinal(hmac, hmac->macType, hash, hashLen); #elif defined(HAVE_INTEL_QA) return IntelQaHmac(&hmac->asyncDev, hmac->macType, - hmac->keyRaw, hmac->keyLen, hash, NULL, hashLen); + (byte*)hmac->ipad, hmac->keyLen, hash, NULL, hashLen); #endif } #endif /* WOLFSSL_ASYNC_CRYPT */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 460b3f4e1..942f4e0b3 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4314,7 +4314,6 @@ int aes192_test(void) return -4231; #endif - ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) return -4232; @@ -4344,6 +4343,12 @@ int aes192_test(void) if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) return -4237; + + wc_AesFree(&enc); +#ifdef HAVE_AES_DECRYPT + wc_AesFree(&dec); +#endif + #endif /* HAVE_AES_CBC */ return ret; @@ -4394,7 +4399,6 @@ int aes256_test(void) return -4241; #endif - ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) return -4242; @@ -4424,7 +4428,14 @@ int aes256_test(void) if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) return -4247; + + wc_AesFree(&enc); +#ifdef HAVE_AES_DECRYPT + wc_AesFree(&dec); +#endif + #endif /* HAVE_AES_CBC */ + return 0; } diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index 9501b84b6..9085512a9 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -157,8 +157,7 @@ typedef struct Hmac { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; - byte keyRaw[HMAC_BLOCK_SIZE]; - word16 keyLen; /* hmac key length */ + word16 keyLen; /* hmac key length (key in ipad) */ #ifdef HAVE_CAVIUM byte* data; /* buffered input data for one call */ word16 dataLen;