forked from wolfSSL/wolfssl
Merge pull request #2475 from dgarske/qat_key
Fixes and improvements for async
This commit is contained in:
John Safranek
GitHub
@@ -3110,7 +3110,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
|
||||
if (flatSession) {
|
||||
XFREE(flatSession, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
wolfSSL_SESSION_free(session);
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -23197,7 +23197,7 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
|
||||
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
|
||||
sizeof_client_key_der_2048);
|
||||
AssertNotNull(bufPtr);
|
||||
free(bufPtr);
|
||||
XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
|
||||
RSA_free(rsa);
|
||||
#endif /* NO_RSA */
|
||||
|
||||
@@ -3815,11 +3815,7 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
|
||||
{
|
||||
#ifndef WC_NO_RNG
|
||||
int err;
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
|
||||
DECLARE_VAR(buf, byte, ECC_MAXSIZE_GEN, rng->heap);
|
||||
#else
|
||||
byte buf[ECC_MAXSIZE_GEN];
|
||||
#endif
|
||||
|
||||
/*generate 8 extra bytes to mitigate bias from the modulo operation below*/
|
||||
/*see section A.1.2 in 'Suite B Implementor's Guide to FIPS 186-3 (ECDSA)'*/
|
||||
@@ -3846,9 +3842,6 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order)
|
||||
}
|
||||
|
||||
ForceZero(buf, ECC_MAXSIZE);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
|
||||
FREE_VAR(buf, rng->heap);
|
||||
#endif
|
||||
|
||||
return err;
|
||||
#else
|
||||
@@ -4514,6 +4507,83 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen,
|
||||
}
|
||||
#endif /* WOLFSSL_ATECC508A || PLUTON_CRYPTO_ECC || WOLFSSL_CRYPTOCELL */
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
|
||||
static int wc_ecc_sign_hash_async(const byte* in, word32 inlen, byte* out,
|
||||
word32 *outlen, WC_RNG* rng, ecc_key* key)
|
||||
{
|
||||
int err;
|
||||
mp_int *r = NULL, *s = NULL;
|
||||
|
||||
if (in == NULL || out == NULL || outlen == NULL || key == NULL ||
|
||||
rng == NULL) {
|
||||
return ECC_BAD_ARG_E;
|
||||
}
|
||||
|
||||
err = wc_ecc_alloc_async(key);
|
||||
if (err != 0) {
|
||||
return err;
|
||||
}
|
||||
r = key->r;
|
||||
s = key->s;
|
||||
|
||||
switch(key->state) {
|
||||
case ECC_STATE_NONE:
|
||||
case ECC_STATE_SIGN_DO:
|
||||
key->state = ECC_STATE_SIGN_DO;
|
||||
|
||||
if ((err = mp_init_multi(r, s, NULL, NULL, NULL, NULL)) != MP_OKAY){
|
||||
break;
|
||||
}
|
||||
|
||||
err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s);
|
||||
if (err < 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
FALL_THROUGH;
|
||||
|
||||
case ECC_STATE_SIGN_ENCODE:
|
||||
key->state = ECC_STATE_SIGN_ENCODE;
|
||||
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
/* Nitrox requires r and s in sep buffer, so split it */
|
||||
NitroxEccRsSplit(key, &r->raw, &s->raw);
|
||||
#endif
|
||||
#ifndef WOLFSSL_ASYNC_CRYPT_TEST
|
||||
/* only do this if not simulator, since it overwrites result */
|
||||
wc_bigint_to_mp(&r->raw, r);
|
||||
wc_bigint_to_mp(&s->raw, s);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* encoded with DSA header */
|
||||
err = StoreECC_DSA_Sig(out, outlen, r, s);
|
||||
|
||||
/* done with R/S */
|
||||
mp_clear(r);
|
||||
mp_clear(s);
|
||||
break;
|
||||
|
||||
default:
|
||||
err = BAD_STATE_E;
|
||||
break;
|
||||
}
|
||||
|
||||
/* if async pending then return and skip done cleanup below */
|
||||
if (err == WC_PENDING_E) {
|
||||
key->state++;
|
||||
return err;
|
||||
}
|
||||
|
||||
/* cleanup */
|
||||
wc_ecc_free_async(key);
|
||||
key->state = ECC_STATE_NONE;
|
||||
|
||||
return err;
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */
|
||||
|
||||
/**
|
||||
Sign a message digest
|
||||
in The message digest to sign
|
||||
@@ -4527,10 +4597,12 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
||||
WC_RNG* rng, ecc_key* key)
|
||||
{
|
||||
int err;
|
||||
#if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(WC_ASYNC_ENABLE_ECC)
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
mp_int *r = NULL, *s = NULL;
|
||||
#if (!defined(WOLFSSL_ASYNC_CRYPT) || !defined(WC_ASYNC_ENABLE_ECC)) && \
|
||||
!defined(WOLFSSL_SMALL_STACK)
|
||||
mp_int r_lcl, s_lcl;
|
||||
#else
|
||||
mp_int r[1], s[1];
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (in == NULL || out == NULL || outlen == NULL || key == NULL ||
|
||||
@@ -4548,15 +4620,11 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
|
||||
err = wc_ecc_alloc_async(key);
|
||||
if (err != 0)
|
||||
return err;
|
||||
r = key->r;
|
||||
s = key->s;
|
||||
#elif !defined(WOLFSSL_SMALL_STACK)
|
||||
r = &r_lcl;
|
||||
s = &s_lcl;
|
||||
/* handle async cases */
|
||||
err = wc_ecc_sign_hash_async(in, inlen, out, outlen, rng, key);
|
||||
#else
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
r = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC);
|
||||
if (r == NULL)
|
||||
return MEMORY_E;
|
||||
@@ -4565,19 +4633,16 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
||||
XFREE(r, key->heap, DYNAMIC_TYPE_ECC);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_ECC */
|
||||
|
||||
switch(key->state) {
|
||||
case ECC_STATE_NONE:
|
||||
case ECC_STATE_SIGN_DO:
|
||||
key->state = ECC_STATE_SIGN_DO;
|
||||
#endif
|
||||
XMEMSET(r, 0, sizeof(mp_int));
|
||||
XMEMSET(s, 0, sizeof(mp_int));
|
||||
|
||||
if ((err = mp_init_multi(r, s, NULL, NULL, NULL, NULL)) != MP_OKAY){
|
||||
#if !defined(WOLFSSL_ASYNC_CRYPT) && defined(WOLFSSL_SMALL_STACK)
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(s, key->heap, DYNAMIC_TYPE_ECC);
|
||||
XFREE(r, key->heap, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
break;
|
||||
return err;
|
||||
}
|
||||
|
||||
/* hardware crypto */
|
||||
@@ -4587,62 +4652,25 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
|
||||
err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s);
|
||||
#endif
|
||||
if (err < 0) {
|
||||
#if !defined(WOLFSSL_ASYNC_CRYPT) && defined(WOLFSSL_SMALL_STACK)
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(s, key->heap, DYNAMIC_TYPE_ECC);
|
||||
XFREE(r, key->heap, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
break;
|
||||
return err;
|
||||
}
|
||||
|
||||
FALL_THROUGH;
|
||||
|
||||
case ECC_STATE_SIGN_ENCODE:
|
||||
key->state = ECC_STATE_SIGN_ENCODE;
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
|
||||
if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) {
|
||||
#ifdef HAVE_CAVIUM_V
|
||||
/* Nitrox requires r and s in sep buffer, so split it */
|
||||
NitroxEccRsSplit(key, &r->raw, &s->raw);
|
||||
#endif
|
||||
#ifndef WOLFSSL_ASYNC_CRYPT_TEST
|
||||
/* only do this if not simulator, since it overwrites result */
|
||||
wc_bigint_to_mp(&r->raw, r);
|
||||
wc_bigint_to_mp(&s->raw, s);
|
||||
#endif
|
||||
}
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
/* encoded with DSA header */
|
||||
err = StoreECC_DSA_Sig(out, outlen, r, s);
|
||||
|
||||
/* done with R/S */
|
||||
/* cleanup */
|
||||
mp_clear(r);
|
||||
mp_clear(s);
|
||||
#if !defined(WOLFSSL_ASYNC_CRYPT) && defined(WOLFSSL_SMALL_STACK)
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(s, key->heap, DYNAMIC_TYPE_ECC);
|
||||
XFREE(r, key->heap, DYNAMIC_TYPE_ECC);
|
||||
#endif
|
||||
break;
|
||||
|
||||
default:
|
||||
err = BAD_STATE_E;
|
||||
break;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
|
||||
/* if async pending then return and skip done cleanup below */
|
||||
if (err == WC_PENDING_E) {
|
||||
key->state++;
|
||||
return err;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* cleanup */
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
|
||||
wc_ecc_free_async(key);
|
||||
#endif
|
||||
key->state = ECC_STATE_NONE;
|
||||
#endif /* WOLFSSL_ASYNC_CRYPT */
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -311,6 +311,8 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
|
||||
#endif
|
||||
#ifdef WC_ASYNC_ENABLE_SHA256
|
||||
DECLARE_VAR(digest, byte, WC_SHA256_DIGEST_SIZE, drbg->heap);
|
||||
if (digest == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
byte digest[WC_SHA256_DIGEST_SIZE];
|
||||
#endif
|
||||
@@ -443,6 +445,8 @@ static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
|
||||
#endif
|
||||
#ifdef WC_ASYNC_ENABLE_SHA256
|
||||
DECLARE_VAR(digest, byte, WC_SHA256_DIGEST_SIZE, drbg->heap);
|
||||
if (digest == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
byte digest[WC_SHA256_DIGEST_SIZE];
|
||||
#endif
|
||||
@@ -551,6 +555,8 @@ static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
|
||||
} else {
|
||||
#ifdef WC_ASYNC_ENABLE_SHA256
|
||||
DECLARE_VAR(digest, byte, WC_SHA256_DIGEST_SIZE, drbg->heap);
|
||||
if (digest == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
byte digest[WC_SHA256_DIGEST_SIZE];
|
||||
#endif
|
||||
@@ -749,6 +755,8 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
|
||||
if (wc_RNG_HealthTestLocal(0) == 0) {
|
||||
#ifdef WC_ASYNC_ENABLE_SHA256
|
||||
DECLARE_VAR(seed, byte, MAX_SEED_SZ, rng->heap);
|
||||
if (seed == NULL)
|
||||
return MEMORY_E;
|
||||
#else
|
||||
byte seed[MAX_SEED_SZ];
|
||||
#endif
|
||||
|
||||
@@ -97,17 +97,13 @@ int get_rand_digit(WC_RNG* rng, mp_digit* d)
|
||||
int mp_rand(mp_int* a, int digits, WC_RNG* rng)
|
||||
{
|
||||
int ret = 0;
|
||||
DECLARE_VAR(d, mp_digit, 1, rng ? rng->heap : NULL);
|
||||
mp_digit d;
|
||||
|
||||
if (rng == NULL) {
|
||||
ret = MISSING_RNG_E; goto exit;
|
||||
}
|
||||
|
||||
if (a == NULL
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
|| d == NULL
|
||||
#endif
|
||||
) {
|
||||
if (a == NULL) {
|
||||
ret = BAD_FUNC_ARG; goto exit;
|
||||
}
|
||||
|
||||
@@ -118,13 +114,13 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
|
||||
|
||||
/* first place a random non-zero digit */
|
||||
do {
|
||||
ret = get_rand_digit(rng, d);
|
||||
ret = get_rand_digit(rng, &d);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
} while (*d == 0);
|
||||
} while (d == 0);
|
||||
|
||||
if ((ret = mp_add_d(a, *d, a)) != MP_OKAY) {
|
||||
if ((ret = mp_add_d(a, d, a)) != MP_OKAY) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
@@ -132,17 +128,15 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng)
|
||||
if ((ret = mp_lshd(a, 1)) != MP_OKAY) {
|
||||
goto exit;
|
||||
}
|
||||
if ((ret = get_rand_digit(rng, d)) != 0) {
|
||||
if ((ret = get_rand_digit(rng, &d)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
if ((ret = mp_add_d(a, *d, a)) != MP_OKAY) {
|
||||
if ((ret = mp_add_d(a, d, a)) != MP_OKAY) {
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
exit:
|
||||
FREE_VAR(d, rng ? rng->heap : NULL);
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* WC_RSA_BLINDING */
|
||||
|
||||
@@ -13002,21 +13002,33 @@ static int dh_test_ffdhe(WC_RNG *rng, const DhParams* params)
|
||||
}
|
||||
|
||||
ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
|
||||
#endif
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7184, done);
|
||||
}
|
||||
|
||||
ret = wc_DhGenerateKeyPair(&key2, rng, priv2, &privSz2, pub2, &pubSz2);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE);
|
||||
#endif
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7185, done);
|
||||
}
|
||||
|
||||
ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE);
|
||||
#endif
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7186, done);
|
||||
}
|
||||
|
||||
ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE);
|
||||
#endif
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-7187, done);
|
||||
}
|
||||
|
||||
@@ -59,6 +59,9 @@ typedef struct WOLFSSL_AES_KEY {
|
||||
#ifdef HAVE_PKCS11
|
||||
void* pkcs11_holder[(AES_MAX_ID_LEN + sizeof(int)) / sizeof(void*)];
|
||||
#endif
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
void* async_holder[128 / sizeof(void*)];
|
||||
#endif
|
||||
} WOLFSSL_AES_KEY;
|
||||
typedef WOLFSSL_AES_KEY AES_KEY;
|
||||
|
||||
|
||||
0
wolfssl/wolfcrypt/types.h
Executable file → Normal file
0
wolfssl/wolfcrypt/types.h
Executable file → Normal file
Reference in New Issue
Block a user