feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2987 from JacobBarthelmeh/Xilinx

Browse Source 
Update for RSA calls to Xilsecure
This commit is contained in:
toddouska
2020-05-20 09:03:52 -07:00
committed by GitHub
parent 516f329f23 d09b947478
commit a6f5bc84e6
4 changed files with 108 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wolfcrypt/benchmark/benchmark.c
View File

@@ -2340,11 +2340,13 @@ exit:
void bench_aesgcm(int doAsync) void bench_aesgcm(int doAsync)
{ {
#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) #if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) \
&& !defined(WOLFSSL_XILINX_CRYPT)
bench_aesgcm_internal(doAsync, bench_key, 16, bench_iv, 12, bench_aesgcm_internal(doAsync, bench_key, 16, bench_iv, 12,
"AES-128-GCM-enc", "AES-128-GCM-dec"); "AES-128-GCM-enc", "AES-128-GCM-dec");
#endif #endif
#if defined(WOLFSSL_AES_192) && !defined(WOLFSSL_AFALG_XILINX_AES) #if defined(WOLFSSL_AES_192) && !defined(WOLFSSL_AFALG_XILINX_AES) \
&& !defined(WOLFSSL_XILINX_CRYPT)
bench_aesgcm_internal(doAsync, bench_key, 24, bench_iv, 12, bench_aesgcm_internal(doAsync, bench_key, 24, bench_iv, 12,
"AES-192-GCM-enc", "AES-192-GCM-dec"); "AES-192-GCM-enc", "AES-192-GCM-dec");
#endif #endif

21
wolfcrypt/src/port/xilinx/xil-sha3.c
View File

@@ -130,13 +130,17 @@ int wc_Sha3_384_GetHash(wc_Sha3* sha, byte* out)
if (sha == NULL || out == NULL) { if (sha == NULL || out == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#ifdef WOLFSSL_XILINX_CRYPTO_OLD
if (wc_Sha3_384_Copy(sha, &s) != 0) {
WOLFSSL_MSG("Unable to copy SHA3 structure");
return MEMORY_E;
}
if (wc_Sha3_384_Copy(sha, &s) != 0) { return wc_Sha3_384_Final(&s, out);
WOLFSSL_MSG("Unable to copy SHA3 structure"); #else
return MEMORY_E; XSecure_Sha3_ReadHash(&(sha->hw), out);
} return 0;
#endif
return wc_Sha3_384_Final(&s, out);
} }
@@ -151,8 +155,13 @@ int wc_Sha3_384_Copy(wc_Sha3* src, wc_Sha3* dst)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#ifdef WOLFSSL_XILINX_CRYPTO_OLD
XMEMCPY((byte*)dst, (byte*)src, sizeof(wc_Sha3)); XMEMCPY((byte*)dst, (byte*)src, sizeof(wc_Sha3));
return 0; return 0;
#else
WOLFSSL_MSG("Copy of SHA3 struct not supported with this build");
return -1;
#endif
} }
#endif #endif

140
wolfcrypt/src/rsa.c
View File

@@ -380,7 +380,7 @@ int wc_InitRsaHw(RsaKey* key)
mSz = mp_unsigned_bin_size(&(key->n)); mSz = mp_unsigned_bin_size(&(key->n));
m = (unsigned char*)XMALLOC(mSz, key->heap, DYNAMIC_TYPE_KEY); m = (unsigned char*)XMALLOC(mSz, key->heap, DYNAMIC_TYPE_KEY);
if (m == 0) { if (m == NULL) {
return MEMORY_E; return MEMORY_E;
} }
@@ -1718,54 +1718,6 @@ int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
return ret; return ret;
} }
#if defined(WOLFSSL_XILINX_CRYPT)
/*
* Xilinx hardened crypto acceleration.
*
* Returns 0 on success and negative values on error.
*/
static int wc_RsaFunctionXil(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
{
int ret = 0;
word32 keyLen;
(void)rng;
keyLen = wc_RsaEncryptSize(key);
if (keyLen > *outLen) {
WOLFSSL_MSG("Output buffer is not big enough");
return BAD_FUNC_ARG;
}
if (inLen != keyLen) {
WOLFSSL_MSG("Expected that inLen equals RSA key length");
return BAD_FUNC_ARG;
}
switch(type) {
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
/* Currently public exponent is loaded by default.
* In SDK 2017.1 RSA exponent values are expected to be of 4 bytes
* leading to private key operations with Xsecure_RsaDecrypt not being
* supported */
ret = RSA_WRONG_TYPE_E;
break;
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
if (XSecure_RsaDecrypt(&(key->xRsa), in, out) != XST_SUCCESS) {
ret = BAD_STATE_E;
}
break;
default:
ret = RSA_WRONG_TYPE_E;
}
*outLen = keyLen;
return ret;
}
#endif /* WOLFSSL_XILINX_CRYPT */
#ifdef WC_RSA_NONBLOCK #ifdef WC_RSA_NONBLOCK
static int wc_RsaFunctionNonBlock(const byte* in, word32 inLen, byte* out, static int wc_RsaFunctionNonBlock(const byte* in, word32 inLen, byte* out,
@@ -1845,7 +1797,88 @@ static int wc_RsaFunctionNonBlock(const byte* in, word32 inLen, byte* out,
} }
#endif /* WC_RSA_NONBLOCK */ #endif /* WC_RSA_NONBLOCK */
#ifdef WOLFSSL_AFALG_XILINX_RSA #ifdef WOLFSSL_XILINX_CRYPT
/*
* Xilinx hardened crypto acceleration.
*
* Returns 0 on success and negative values on error.
*/
static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng)
{
int ret = 0;
word32 keyLen;
(void)rng;
keyLen = wc_RsaEncryptSize(key);
if (keyLen > *outLen) {
WOLFSSL_MSG("Output buffer is not big enough");
return BAD_FUNC_ARG;
}
if (inLen != keyLen) {
WOLFSSL_MSG("Expected that inLen equals RSA key length");
return BAD_FUNC_ARG;
}
switch(type) {
case RSA_PRIVATE_DECRYPT:
case RSA_PRIVATE_ENCRYPT:
#ifdef WOLFSSL_XILINX_CRYPTO_OLD
/* Currently public exponent is loaded by default.
* In SDK 2017.1 RSA exponent values are expected to be of 4 bytes
* leading to private key operations with Xsecure_RsaDecrypt not being
* supported */
ret = RSA_WRONG_TYPE_E;
#else
{
byte *d;
int dSz;
XSecure_Rsa rsa;
dSz = mp_unsigned_bin_size(&key->d);
d = (byte*)XMALLOC(dSz, key->heap, DYNAMIC_TYPE_PRIVATE_KEY);
if (d == NULL) {
ret = MEMORY_E;
}
else {
ret = mp_to_unsigned_bin(&key->d, d);
XSecure_RsaInitialize(&rsa, key->mod, NULL, d);
}
if (ret == 0) {
if (XSecure_RsaPrivateDecrypt(&rsa, (u8*)in, inLen, out) != XST_SUCCESS) {
ret = BAD_STATE_E;
}
}
XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY);
}
#endif
break;
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
#ifdef WOLFSSL_XILINX_CRYPTO_OLD
if (XSecure_RsaDecrypt(&(key->xRsa), in, out) != XST_SUCCESS) {
ret = BAD_STATE_E;
}
#else
/* starting at Xilinx release 2019 the function XSecure_RsaDecrypt was removed */
if (XSecure_RsaPublicEncrypt(&(key->xRsa), (u8*)in, inLen, out) != XST_SUCCESS) {
WOLFSSL_MSG("Error happened when calling hardware RSA public operation");
ret = BAD_STATE_E;
}
#endif
break;
default:
ret = RSA_WRONG_TYPE_E;
}
*outLen = keyLen;
return ret;
}
#elif defined(WOLFSSL_AFALG_XILINX_RSA)
#ifndef ERROR_OUT #ifndef ERROR_OUT
#define ERROR_OUT(x) ret = (x); goto done #define ERROR_OUT(x) ret = (x); goto done
#endif #endif
@@ -2265,12 +2298,8 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
#endif #endif
case RSA_PUBLIC_ENCRYPT: case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT: case RSA_PUBLIC_DECRYPT:
#ifdef WOLFSSL_XILINX_CRYPT
ret = wc_RsaFunctionXil(in, inLen, out, outLen, type, key, rng);
#else
if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY) if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY)
ret = MP_EXPTMOD_E; ret = MP_EXPTMOD_E;
#endif
break; break;
default: default:
ret = RSA_WRONG_TYPE_E; ret = RSA_WRONG_TYPE_E;
@@ -2283,11 +2312,14 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
if (keyLen > *outLen) if (keyLen > *outLen)
ret = RSA_BUFFER_E; ret = RSA_BUFFER_E;
} }
#ifndef WOLFSSL_XILINX_CRYPT
if (ret == 0) { if (ret == 0) {
*outLen = keyLen; *outLen = keyLen;
if (mp_to_unsigned_bin_len(tmp, out, keyLen) != MP_OKAY) if (mp_to_unsigned_bin_len(tmp, out, keyLen) != MP_OKAY)
ret = MP_TO_E; ret = MP_TO_E;
} }
#endif
#else #else
(void)type; (void)type;
(void)key; (void)key;

6
wolfcrypt/test/test.c
View File

@@ -7513,10 +7513,10 @@ static int aes_cbc_test(void)
int aes_test(void) int aes_test(void)
{ {
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
Aes enc; Aes enc;
byte cipher[AES_BLOCK_SIZE * 4]; byte cipher[AES_BLOCK_SIZE * 4];
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
Aes dec; Aes dec;
byte plain [AES_BLOCK_SIZE * 4]; byte plain [AES_BLOCK_SIZE * 4];
#endif #endif
@@ -11251,7 +11251,7 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
* -101 = USER_CRYPTO_ERROR * -101 = USER_CRYPTO_ERROR
*/ */
if (ret == 0) if (ret == 0)
#elif defined(WOLFSSL_AFALG_XILINX_RSA) #elif defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
/* blinding / rng handled with hardware acceleration */ /* blinding / rng handled with hardware acceleration */
if (ret != 0) if (ret != 0)
#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)