feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add suport for AES acceleration

Browse Source
This commit is contained in:
JacobBarthelmeh
2020-02-04 16:10:20 -08:00
parent b7d772700a
commit e75b1b5cb9
4 changed files with 213 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
IDE/Renesas/e2studio/DK-S7G2/README.md
View File

@ -1,27 +1,29 @@
## Building wolfSSL For DK-S7G2
- First physically toggle the ENET1 and JTAG switch to on with the DK-S7G2 board.
- Open e2studio and set the workspace to be wolfssl-X.X.X/IDE/Renesas/e2studio/DK-S7G2/
- Create a Synergy library project named wolfssl "File->New->Synergy C/C++ Project", "Renesas Synergy C Library Project" then "Next", set wolfssl as the "Project Name" then "Next", set Board to "S7G2 DK" then "Next", finally select the BSP radius and click "Finish"
- Copy configuration.xml and .project from wolfssl-X.X.X/IDE/Renesas/e2studio/DK-S7G2/wolfssl-template-project/ into the wolfssl-X.X.X/IDE/Renesas/e2studio/DK-S7G2/wolfssl directory
- (optional but necessary for production) Add TRNG support by clicking on Threads tab and highlight HAL/Common click "New Stack > Driver > Crypto > TRNG Driver on r_sce_trng". Then uncomment WOLFSSL_SCE define in wolfssl project src/user_settings.h
- Generate the changes by clicking on "Generate Project Content"
- Exclude src/wolfcrypt/port and all src/wolfcrypt/*.S and src/wolfcrypt/*.asm files from the build
- Exclude src/wolfcrypt/evp.c, src/wolfcrypt/misc.c and src/wolfssl/bio.c
- Set the Preprocessor define in wolfssl proejct to have WOLFSSL_USER_SETTINGS. Right click on wolfssl project "Properties -> C/C++ Build -> GNU ARM Cross C Compiler -> Preprocessor" add WOLFSSL_USER_SETTINGS under "Defined symbols"
- Set include to wolfssl directory. Right click on project "Properties -> C/C++Build -> GNU ARM Cross Compiler -> Includes". Add "${ProjDirPath}/../../../../.." and "${ProjDirPath}/../"
- Build wolfssl by right clicking on wolfssl project and selecting "Build Project"
## Example Projects and Building
- Create a new Synergy project "Renesas Synergy C Project Using Synergy Library"
- Set it to use the wolfssl library
- Copy in the .cproject, .project and source file from the template desired i.e. wolfssl-X.X.X/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/
- Right click on the created project and select "Build Project"
The example_server loops looking to accept connections and closes immediatly after a successful connection was made.
The benchmark example tries to do a TCP connection to SERVER_IP on port 11112 and a TLS connection to SERVER_IP on port 11111 then does wolfCrypt benchmark collection.
## Building wolfSSL For DK-S7G2
- First physically toggle the ENET1 and JTAG switch to on with the DK-S7G2 board.
- Open e2studio and set the workspace to be wolfssl-X.X.X/IDE/Renesas/e2studio/DK-S7G2/
- Create a Synergy library project named wolfssl "File->New->Synergy C/C++ Project", "Renesas Synergy C Library Project" then "Next", set wolfssl as the "Project Name" then "Next", set Board to "S7G2 DK" then "Next", finally select the BSP radius and click "Finish"
- Copy configuration.xml and .project from wolfssl-X.X.X/IDE/Renesas/e2studio/DK-S7G2/wolfssl-template-project/ into the wolfssl-X.X.X/IDE/Renesas/e2studio/DK-S7G2/wolfssl directory
- (optional but necessary for production) Add TRNG support by clicking on Threads tab and highlight HAL/Common click "New Stack > Driver > Crypto > TRNG Driver on r_sce_trng". Then comment out WOLFSSL_SCE_NO_TRNG define in wolfssl project src/user_settings.h
- (optional SHA acceleration) Add HASH support by clicking on Threads tab and highlight HAL/Common click "New Stack > Driver > Crypto > HASH Driver on r_sce_hash". Then uncomment WOLFSSL_SCE_NO_HASH define in wolfssl project src/user_settings.h
- (optional AES acceleration) Add the stacks for AES128, AES192, and AES256. Click on Threads tab and highlight HAL/Common click "New Stack > Driver > Crypto > AES Driver on r_sce_aes". Add three one for each key size and rename them to g_sce_aes_256, g_sce_aes_192, and g_sce_aes_128. Changing each to ECB chaining mode and the key length that matches the name.
- Generate the changes by clicking on "Generate Project Content"
- Exclude src/wolfcrypt/port and all src/wolfcrypt/*.S and src/wolfcrypt/*.asm files from the build
- Exclude src/wolfcrypt/evp.c, src/wolfcrypt/misc.c and src/wolfssl/bio.c
- Set the Preprocessor define in wolfssl proejct to have WOLFSSL_USER_SETTINGS. Right click on wolfssl project "Properties -> C/C++ Build -> GNU ARM Cross C Compiler -> Preprocessor" add WOLFSSL_USER_SETTINGS under "Defined symbols"
- Set include to wolfssl directory. Right click on project "Properties -> C/C++Build -> GNU ARM Cross Compiler -> Includes". Add "${ProjDirPath}/../../../../.." and "${ProjDirPath}/../"
- Build wolfssl by right clicking on wolfssl project and selecting "Build Project"
## Example Projects and Building
- Create a new Synergy project "Renesas Synergy C Project Using Synergy Library"
- Set it to use the wolfssl library
- Copy in the .cproject, .project and source file from the template desired i.e. wolfssl-X.X.X/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/
- Right click on the created project and select "Build Project"
The example_server loops looking to accept connections and closes immediatly after a successful connection was made.
The benchmark example tries to do a TCP connection to SERVER_IP on port 11112 and a TLS connection to SERVER_IP on port 11111 then does wolfCrypt benchmark collection.
The wolfcryptest runs through all of the unit tests from wolfcrypt/test/test.c

19
IDE/Renesas/e2studio/DK-S7G2/user_settings.h
View File

@ -12,9 +12,19 @@
#define SYNERGY_CYCLE_COUNT
#define BENCH_EMBEDDED
/* Use TRNG */
//#define WOLFSSL_SCE
#ifndef WOLFSSL_SCE
/* Use turn on all SCE acceleration */
#define WOLFSSL_SCE
/* Used to turn off TRNG */
#define WOLFSSL_SCE_NO_TRNG
/* Used to turn off AES hardware acc. */
#define WOLFSSL_SCE_NO_AES
/* Used to turn off HASH hardware acc. */
#define WOLFSSL_SCE_NO_HASH
#if defined(WOLFSSL_SCE_NO_TRNG)
/* use unsafe test seed if TRNG not used (not for production) */
#define WOLFSSL_GENSEED_FORTEST
#endif
@ -27,6 +37,9 @@
#define HAVE_ONE_TIME_AUTH
#define HAVE_AESGCM
#define HAVE_AES_ECB
#define WOLFSSL_AES_DIRECT
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT

165
wolfcrypt/src/aes.c
View File

@ -772,6 +772,132 @@
#elif defined(WOLFSSL_AFALG)
#elif defined(WOLFSSL_DEVCRYPTO_AES)
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
#include "hal_data.h"
#ifndef WOLFSSL_SCE_AES256_HANDLE
#define WOLFSSL_SCE_AES256_HANDLE g_sce_aes_256
#endif
#ifndef WOLFSSL_SCE_AES192_HANDLE
#define WOLFSSL_SCE_AES192_HANDLE g_sce_aes_192
#endif
#ifndef WOLFSSL_SCE_AES128_HANDLE
#define WOLFSSL_SCE_AES128_HANDLE g_sce_aes_128
#endif
static int AES_ECB_encrypt(Aes* aes, const byte* inBlock, byte* outBlock, int sz)
{
uint32_t ret;
if (g_sce.p_cfg->endian_flag == CRYPTO_WORD_ENDIAN_BIG) {
ByteReverseWords((word32*)inBlock, (word32*)inBlock, sz);
}
switch (aes->keylen) {
#ifdef WOLFSSL_AES_128
case AES_128_KEY_SIZE:
ret = WOLFSSL_SCE_AES128_HANDLE.p_api->encrypt(WOLFSSL_SCE_AES128_HANDLE.p_ctrl, aes->key,
NULL, (sz / sizeof(word32)),
(word32*)inBlock, (word32*)outBlock);
break;
#endif
#ifdef WOLFSSL_AES_192
case AES_192_KEY_SIZE:
ret = WOLFSSL_SCE_AES192_HANDLE.p_api->encrypt(WOLFSSL_SCE_AES192_HANDLE.p_ctrl, aes->key,
NULL, (sz / sizeof(word32)),
(word32*)inBlock, (word32*)outBlock);
break;
#endif
#ifdef WOLFSSL_AES_256
case AES_256_KEY_SIZE:
ret = WOLFSSL_SCE_AES256_HANDLE.p_api->encrypt(WOLFSSL_SCE_AES256_HANDLE.p_ctrl, aes->key,
NULL, (sz / sizeof(word32)),
(word32*)inBlock, (word32*)outBlock);
break;
#endif
default:
WOLFSSL_MSG("Unknown key size");
return BAD_FUNC_ARG;
}
if (ret != SSP_SUCCESS) {
ByteReverseWords((word32*)inBlock, (word32*)inBlock, sz); /* revert input*/
return WC_HW_E;
}
if (g_sce.p_cfg->endian_flag == CRYPTO_WORD_ENDIAN_BIG) {
ByteReverseWords((word32*)outBlock, (word32*)outBlock, sz);
if (inBlock != outBlock) {
ByteReverseWords((word32*)inBlock, (word32*)inBlock, sz); /* revert input*/
}
}
return 0;
}
#if defined(HAVE_AES_DECRYPT)
static int AES_ECB_decrypt(Aes* aes, const byte* inBlock, byte* outBlock, int sz)
{
uint32_t ret;
if (g_sce.p_cfg->endian_flag == CRYPTO_WORD_ENDIAN_BIG) {
ByteReverseWords((word32*)inBlock, (word32*)inBlock, sz);
}
switch (aes->keylen) {
#ifdef WOLFSSL_AES_128
case AES_128_KEY_SIZE:
ret = WOLFSSL_SCE_AES128_HANDLE.p_api->decrypt(WOLFSSL_SCE_AES128_HANDLE.p_ctrl, aes->key, aes->reg,
(sz / sizeof(word32)), (word32*)inBlock, (word32*)outBlock);
break;
#endif
#ifdef WOLFSSL_AES_192
case AES_192_KEY_SIZE:
ret = WOLFSSL_SCE_AES192_HANDLE.p_api->decrypt(WOLFSSL_SCE_AES192_HANDLE.p_ctrl, aes->key, aes->reg,
(sz / sizeof(word32)), (word32*)inBlock, (word32*)outBlock);
break;
#endif
#ifdef WOLFSSL_AES_256
case AES_256_KEY_SIZE:
ret = WOLFSSL_SCE_AES256_HANDLE.p_api->decrypt(WOLFSSL_SCE_AES256_HANDLE.p_ctrl, aes->key, aes->reg,
(sz / sizeof(word32)), (word32*)inBlock, (word32*)outBlock);
break;
#endif
default:
WOLFSSL_MSG("Unknown key size");
return BAD_FUNC_ARG;
}
if (ret != SSP_SUCCESS) {
return WC_HW_E;
}
if (g_sce.p_cfg->endian_flag == CRYPTO_WORD_ENDIAN_BIG) {
ByteReverseWords((word32*)outBlock, (word32*)outBlock, sz);
if (inBlock != outBlock) {
ByteReverseWords((word32*)inBlock, (word32*)inBlock, sz); /* revert input*/
}
}
return 0;
}
#endif
#if defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT)
static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
{
return AES_ECB_encrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
}
#endif
#if defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT)
static int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
{
return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
}
#endif
#else
/* using wolfCrypt software implementation */
@ -1455,6 +1581,10 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
#endif
}
#endif
#if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
AES_ECB_encrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
return;
#endif
/*
* map byte array block to cipher state
@ -1653,6 +1783,9 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
#endif
}
#endif /* WOLFSSL_AESNI */
#if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE);
#endif
/*
* map byte array block to cipher state
@ -2280,6 +2413,13 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
#endif /* HAVE_AES_DECRYPT */
#endif /* NEED_AES_TABLES */
#if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
XMEMCPY((byte*)aes->key, userKey, keylen);
if (g_sce.p_cfg->endian_flag == CRYPTO_WORD_ENDIAN_BIG) {
ByteReverseWords(aes->key, aes->key, 32);
}
#endif
return wc_AesSetIV(aes, iv);
}
@ -5705,7 +5845,7 @@ int AES_GCM_encrypt_C(Aes* aes, byte* out, const byte* in, word32 sz,
#if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT)
/* some hardware acceleration can gain performance from doing AES encryption
* of the whole buffer at once */
if (c != p) { /* can not handle inline encryption */
if (c != p && blocks > 0) { /* can not handle inline encryption */
while (blocks--) {
IncrementGcmCounter(ctr);
XMEMCPY(c, ctr, AES_BLOCK_SIZE);
@ -6157,7 +6297,7 @@ int AES_GCM_decrypt_C(Aes* aes, byte* out, const byte* in, word32 sz,
#if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT)
/* some hardware acceleration can gain performance from doing AES encryption
* of the whole buffer at once */
if (c != p) { /* can not handle inline decryption */
if (c != p && blocks > 0) { /* can not handle inline decryption */
while (blocks--) {
IncrementGcmCounter(ctr);
XMEMCPY(p, ctr, AES_BLOCK_SIZE);
@ -6166,6 +6306,7 @@ int AES_GCM_decrypt_C(Aes* aes, byte* out, const byte* in, word32 sz,
/* reset number of blocks and then do encryption */
blocks = sz / AES_BLOCK_SIZE;
wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks);
xorbuf(out, c, AES_BLOCK_SIZE * blocks);
c += AES_BLOCK_SIZE * blocks;
@ -7034,6 +7175,26 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize)
#elif defined(WOLFSSL_DEVCRYPTO_AES)
/* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES)
/* Software AES - ECB */
int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if ((in == NULL) || (out == NULL) || (aes == NULL))
return BAD_FUNC_ARG;
return AES_ECB_encrypt(aes, in, out, sz);
}
int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
if ((in == NULL) || (out == NULL) || (aes == NULL))
return BAD_FUNC_ARG;
return AES_ECB_decrypt(aes, in, out, sz);
}
#else
/* Software AES - ECB */

8
wolfcrypt/src/wc_port.c
View File

@ -230,8 +230,12 @@ int wolfCrypt_Init(void)
#ifdef WOLFSSL_SCE
ret = (int)g_sce.p_api->open(g_sce.p_ctrl, g_sce.p_cfg);
if (ret != SSP_SUCCESS && ret != SSP_ERR_CRYPTO_ALREADY_OPEN) {
WOLFSSL_MSG("Error opening SCE\n");
if (ret == SSP_ERR_CRYPTO_SCE_ALREADY_OPEN) {
WOLFSSL_MSG("SCE already open");
ret = 0;
}
if (ret != SSP_SUCCESS) {
WOLFSSL_MSG("Error opening SCE");
return -1; /* FATAL_ERROR */
}
#endif