From f0a3045d62a16547c9ea177f8bfb32c46f748d1a Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 24 Aug 2018 10:24:53 -0600 Subject: [PATCH] af_alg sha3 addition hardware acceleration with RSA add AES-GCM hardware acceleration refactor setting RSA IV flag check and set AF_ALG flags fix for default AF_ALG use set buffer alignment with Xilinx RSA macro guard after rebase use ALIGN64 clean up test cases --- configure.ac | 8 + tests/api.c | 6 +- wolfcrypt/benchmark/benchmark.c | 13 +- wolfcrypt/src/aes.c | 6 +- wolfcrypt/src/hmac.c | 48 ++++ wolfcrypt/src/port/af_alg/afalg_aes.c | 203 ++++++++++++++--- wolfcrypt/src/port/af_alg/afalg_hash.c | 242 ++++++++++++++++----- wolfcrypt/src/port/af_alg/wc_afalg.c | 2 +- wolfcrypt/src/rsa.c | 184 ++++++++++++++++ wolfcrypt/src/sha256.c | 2 +- wolfcrypt/src/sha3.c | 3 +- wolfcrypt/test/test.c | 137 ++++++++---- wolfssl/wolfcrypt/aes.h | 13 +- wolfssl/wolfcrypt/port/af_alg/afalg_hash.h | 5 +- wolfssl/wolfcrypt/rsa.h | 4 + wolfssl/wolfcrypt/settings.h | 6 +- wolfssl/wolfcrypt/sha3.h | 3 + wolfssl/wolfcrypt/types.h | 21 +- 18 files changed, 751 insertions(+), 155 deletions(-) diff --git a/configure.ac b/configure.ac index 5fe56f787..4e9978006 100644 --- a/configure.ac +++ b/configure.ac @@ -1078,6 +1078,14 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH" fi +if test "$ENABLED_AFALG" = "xilinx" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512" + ENABLED_AFALG="yes" + ENABLED_XILINX="yes" +fi + AM_CONDITIONAL([BUILD_AFALG], [test "x$ENABLED_AFALG" = "xyes"]) diff --git a/tests/api.c b/tests/api.c index bc102fff6..d203a2a5a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -5544,7 +5544,8 @@ static int testing_wc_Sha3_Update (void) { int ret = 0; -#if defined(WOLFSSL_SHA3) +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \ + !defined(WOLFSSL_AFALG_XILINX) wc_Sha3 sha3; byte msg[] = "Everybody's working for the weekend."; byte msg2[] = "Everybody gets Friday off."; @@ -6022,7 +6023,8 @@ static int test_wc_Sha3_512_Final (void) { int ret = 0; -#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \ + !defined(WOLFSSL_NOSHA3_384) wc_Sha3 sha3; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index f6150e87b..3b96bb9a0 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1125,8 +1125,13 @@ static void* benchmarks_do(void* args) if (bench_buf_size % 16) bench_buf_size += 16 - (bench_buf_size % 16); - bench_plain = (byte*)XMALLOC((size_t)bench_buf_size, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); - bench_cipher = (byte*)XMALLOC((size_t)bench_buf_size, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); +#ifdef WOLFSSL_AFALG_XILINX_AES + bench_plain = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); + bench_cipher = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); +#else + bench_plain = (byte*)XMALLOC((size_t)bench_buf_size + 16, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + bench_cipher = (byte*)XMALLOC((size_t)bench_buf_size + 16, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); +#endif if (bench_plain == NULL || bench_cipher == NULL) { XFREE(bench_plain, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); XFREE(bench_cipher, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); @@ -1993,11 +1998,11 @@ exit: void bench_aesgcm(int doAsync) { -#ifdef WOLFSSL_AES_128 +#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) bench_aesgcm_internal(doAsync, bench_key, 16, bench_iv, 12, "AES-128-GCM-enc", "AES-128-GCM-dec"); #endif -#ifdef WOLFSSL_AES_192 +#if defined(WOLFSSL_AES_192) && !defined(WOLFSSL_AFALG_XILINX_AES) bench_aesgcm_internal(doAsync, bench_key, 24, bench_iv, 12, "AES-192-GCM-enc", "AES-192-GCM-dec"); #endif diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index c6cbf62fc..cacd18970 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -3485,6 +3485,8 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) #if defined(WOLFSSL_XILINX_CRYPT) wc_AesGcmSetKey_ex(aes, key, len, XSECURE_CSU_AES_KEY_SRC_KUP); +#elif defined(WOLFSSL_AFALG_XILINX_AES) + wc_AesGcmSetKey_ex(aes, key, len, 0); #endif #ifdef WOLFSSL_IMX6_CAAM_BLOB @@ -8217,7 +8219,7 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c, #endif /* end GCM_WORD32 */ -#if !defined(WOLFSSL_XILINX_CRYPT) +#if !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) #ifdef FREESCALE_LTC_AES_GCM int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -9654,7 +9656,7 @@ void wc_AesFree(Aes* aes) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) wolfAsync_DevCtxFree(&aes->asyncDev, WOLFSSL_ASYNC_MARKER_AES); #endif /* WOLFSSL_ASYNC_CRYPT */ -#ifdef WOLFSSL_AFALG +#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES) if (aes->rdFd > 0) { /* negative is error case */ close(aes->rdFd); } diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index c4e5e75e5..549e773de 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -248,18 +248,26 @@ int _InitHmac(Hmac* hmac, int type, void* heap) #endif /* HAVE_BLAKE2 */ #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID); break; + #endif + #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID); break; + #endif + #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID); break; + #endif + #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID); break; + #endif #endif default: @@ -465,6 +473,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) #endif /* HAVE_BLAKE2 */ #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: hmac_block_size = WC_SHA3_224_BLOCK_SIZE; if (length <= WC_SHA3_224_BLOCK_SIZE) { @@ -483,6 +492,8 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) length = WC_SHA3_224_DIGEST_SIZE; } break; + #endif + #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: hmac_block_size = WC_SHA3_256_BLOCK_SIZE; if (length <= WC_SHA3_256_BLOCK_SIZE) { @@ -501,6 +512,8 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) length = WC_SHA3_256_DIGEST_SIZE; } break; + #endif + #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: hmac_block_size = WC_SHA3_384_BLOCK_SIZE; if (length <= WC_SHA3_384_BLOCK_SIZE) { @@ -519,6 +532,8 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) length = WC_SHA3_384_DIGEST_SIZE; } break; + #endif + #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: hmac_block_size = WC_SHA3_512_BLOCK_SIZE; if (length <= WC_SHA3_512_BLOCK_SIZE) { @@ -537,6 +552,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) length = WC_SHA3_512_DIGEST_SIZE; } break; + #endif #endif /* WOLFSSL_SHA3 */ default: @@ -630,22 +646,30 @@ static int HmacKeyInnerHash(Hmac* hmac) #endif /* HAVE_BLAKE2 */ #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->ipad, WC_SHA3_224_BLOCK_SIZE); break; + #endif + #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->ipad, WC_SHA3_256_BLOCK_SIZE); break; + #endif + #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->ipad, WC_SHA3_384_BLOCK_SIZE); break; + #endif + #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->ipad, WC_SHA3_512_BLOCK_SIZE); break; + #endif #endif /* WOLFSSL_SHA3 */ default: @@ -729,18 +753,26 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) #endif /* HAVE_BLAKE2 */ #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: ret = wc_Sha3_224_Update(&hmac->hash.sha3, msg, length); break; + #endif + #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: ret = wc_Sha3_256_Update(&hmac->hash.sha3, msg, length); break; + #endif + #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: ret = wc_Sha3_384_Update(&hmac->hash.sha3, msg, length); break; + #endif + #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: ret = wc_Sha3_512_Update(&hmac->hash.sha3, msg, length); break; + #endif #endif /* WOLFSSL_SHA3 */ default: @@ -907,6 +939,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) #endif /* HAVE_BLAKE2 */ #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: ret = wc_Sha3_224_Final(&hmac->hash.sha3, (byte*)hmac->innerHash); if (ret != 0) @@ -921,6 +954,8 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) break; ret = wc_Sha3_224_Final(&hmac->hash.sha3, hash); break; + #endif + #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: ret = wc_Sha3_256_Final(&hmac->hash.sha3, (byte*)hmac->innerHash); if (ret != 0) @@ -935,6 +970,8 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) break; ret = wc_Sha3_256_Final(&hmac->hash.sha3, hash); break; + #endif + #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: ret = wc_Sha3_384_Final(&hmac->hash.sha3, (byte*)hmac->innerHash); if (ret != 0) @@ -949,6 +986,8 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) break; ret = wc_Sha3_384_Final(&hmac->hash.sha3, hash); break; + #endif + #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: ret = wc_Sha3_512_Final(&hmac->hash.sha3, (byte*)hmac->innerHash); if (ret != 0) @@ -963,6 +1002,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) break; ret = wc_Sha3_512_Final(&hmac->hash.sha3, hash); break; + #endif #endif /* WOLFSSL_SHA3 */ default: @@ -1049,18 +1089,26 @@ void wc_HmacFree(Hmac* hmac) #endif /* HAVE_BLAKE2 */ #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: wc_Sha3_224_Free(&hmac->hash.sha3); break; + #endif + #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: wc_Sha3_256_Free(&hmac->hash.sha3); break; + #endif + #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: wc_Sha3_384_Free(&hmac->hash.sha3); break; + #endif + #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: wc_Sha3_512_Free(&hmac->hash.sha3); break; + #endif #endif /* WOLFSSL_SHA3 */ default: diff --git a/wolfcrypt/src/port/af_alg/afalg_aes.c b/wolfcrypt/src/port/af_alg/afalg_aes.c index 35a41ab31..da8cad347 100644 --- a/wolfcrypt/src/port/af_alg/afalg_aes.c +++ b/wolfcrypt/src/port/af_alg/afalg_aes.c @@ -20,6 +20,7 @@ */ + #ifdef HAVE_CONFIG_H #include #endif @@ -27,7 +28,8 @@ #include #include -#if !defined(NO_AES) && defined(WOLFSSL_AFALG) +#if !defined(NO_AES) && (defined(WOLFSSL_AFALG) || \ + defined(WOLFSSL_AFALG_XILINX_AES)) #include #include @@ -43,10 +45,15 @@ #endif static const char WC_TYPE_SYMKEY[] = "skcipher"; -static const char WC_NAME_AESCBC[] = "cbc(aes)"; static int wc_AesSetup(Aes* aes, const char* type, const char* name, int ivSz, int aadSz) { +#ifdef WOLFSSL_AFALG_XILINX_AES + byte* key = (byte*)aes->msgBuf; +#else + byte* key = (byte*)aes->key; +#endif + aes->rdFd = wc_Afalg_CreateRead(aes->alFd, type, name); if (aes->rdFd < 0) { WOLFSSL_MSG("Unable to accept and get AF_ALG read socket"); @@ -54,18 +61,23 @@ static int wc_AesSetup(Aes* aes, const char* type, const char* name, int ivSz, i return aes->rdFd; } - if (setsockopt(aes->alFd, SOL_ALG, ALG_SET_KEY, (byte*)aes->key, aes->keylen) != 0) { + if (setsockopt(aes->alFd, SOL_ALG, ALG_SET_KEY, key, aes->keylen) != 0) { WOLFSSL_MSG("Unable to set AF_ALG key"); aes->rdFd = WC_SOCK_NOTSET; return WC_AFALG_SOCK_E; } - ForceZero((byte*)aes->key, sizeof(aes->key)); + ForceZero(key, sizeof(aes->key)); /* set up CMSG headers */ XMEMSET((byte*)&(aes->msg), 0, sizeof(struct msghdr)); - aes->msg.msg_control = (byte*)(aes->key); /* use existing key buffer for + aes->msg.msg_control = key; /* use existing key buffer for * control buffer */ +#ifdef WOLFSSL_AFALG_XILINX_AES + aes->msg.msg_controllen = CMSG_SPACE(4) + + CMSG_SPACE(sizeof(struct af_alg_iv) + ivSz); + (void)aadSz; +#else aes->msg.msg_controllen = CMSG_SPACE(4); if (aadSz > 0) { aes->msg.msg_controllen += CMSG_SPACE(4); @@ -73,6 +85,7 @@ static int wc_AesSetup(Aes* aes, const char* type, const char* name, int ivSz, i if (ivSz > 0) { aes->msg.msg_controllen += CMSG_SPACE((sizeof(struct af_alg_iv) + ivSz)); } +#endif if (wc_Afalg_SetOp(CMSG_FIRSTHDR(&(aes->msg)), aes->dir) < 0) { WOLFSSL_MSG("Error with setting AF_ALG operation"); @@ -84,6 +97,7 @@ static int wc_AesSetup(Aes* aes, const char* type, const char* name, int ivSz, i } +#ifdef WOLFSSL_AFALG int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) { @@ -122,10 +136,12 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, return wc_AesSetIV(aes, iv); } - +#endif /* AES-CBC */ -#ifdef HAVE_AES_CBC +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AFALG) + static const char WC_NAME_AESCBC[] = "cbc(aes)"; + int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { struct cmsghdr* cmsg; @@ -235,7 +251,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, /* AES-DIRECT */ -#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_ECB) +#if (defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AES_ECB)) && \ + defined(WOLFSSL_AFALG) static const char WC_NAME_AESECB[] = "ecb(aes)"; @@ -279,7 +296,7 @@ static int wc_Afalg_AesDirect(Aes* aes, byte* out, const byte* in, word32 sz) #endif -#if defined(WOLFSSL_AES_DIRECT) +#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AFALG) void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) { if (wc_Afalg_AesDirect(aes, out, in, AES_BLOCK_SIZE) != 0) { @@ -305,7 +322,7 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, /* AES-CTR */ -#if defined(WOLFSSL_AES_COUNTER) +#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AFALG) static const char WC_NAME_AESCTR[] = "ctr(aes)"; /* Increment AES counter */ @@ -424,8 +441,14 @@ int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, #ifdef HAVE_AESGCM -static const char WC_TYPE_AEAD[] = "aead"; -static const char WC_NAME_AESGCM[] = "gcm(aes)"; + +#ifdef WOLFSSL_AFALG_XILINX_AES + static const char WC_NAME_AESGCM[] = "xilinx-zynqmp-aes"; + static const char* WC_TYPE_AEAD = WC_TYPE_SYMKEY; +#else + static const char WC_NAME_AESGCM[] = "gcm(aes)"; + static const char WC_TYPE_AEAD[] = "aead"; +#endif #ifndef WC_SYSTEM_AESGCM_IV /* size of IV allowed on system for AES-GCM */ @@ -438,7 +461,16 @@ static const char WC_NAME_AESGCM[] = "gcm(aes)"; #define WOLFSSL_MAX_AUTH_TAG_SZ 16 #endif +#ifdef WOLFSSL_AFALG_XILINX_AES +/* Xilinx uses a slightly different function because the default AES key is also + * needed if handling additional data with creating/validating the TAG. + * + * returns 0 on success + */ +int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup) +#else int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) +#endif { #if defined(AES_MAX_KEY_SIZE) const word32 max_key_len = (AES_MAX_KEY_SIZE / 8); @@ -466,13 +498,26 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) } /* save key until direction is known i.e. encrypt or decrypt */ +#ifdef WOLFSSL_AFALG_XILINX_AES + (void)kup; /* using alternate buffer because software key is needed */ + XMEMCPY((byte*)(aes->msgBuf), key, len); +#else XMEMCPY((byte*)(aes->key), key, len); +#endif return 0; } +/* Performs AES-GCM encryption and returns 0 on success + * + * Warning: If using Xilinx hardware acceleration it is assumed that the out + * buffer is large enough to hold both cipher text and tag. That is + * sz | 16 bytes. The input and output buffer is expected to be 64 bit + * aligned + * + */ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, @@ -482,7 +527,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, struct iovec iov[3]; int ret; struct msghdr* msg; - byte scratch[16]; + byte scratch[AES_BLOCK_SIZE]; /* argument checks */ if (aes == NULL || authTagSz > AES_BLOCK_SIZE) { @@ -510,6 +555,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, /* note that if the ivSz was to change, the msg_controllen would need reset */ +#ifndef WOLFSSL_AFALG_XILINX_AES /* set auth tag * @TODO case where tag size changes between calls? */ ret = setsockopt(aes->alFd, SOL_ALG, ALG_SET_AEAD_AUTHSIZE, NULL, @@ -519,8 +565,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, WOLFSSL_MSG("Unable to set AF_ALG tag size "); return WC_AFALG_SOCK_E; } +#endif } + msg = &(aes->msg); cmsg = CMSG_FIRSTHDR(msg); cmsg = CMSG_NXTHDR(msg, cmsg); @@ -532,7 +580,37 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, return ret; } +#ifdef WOLFSSL_AFALG_XILINX_AES + if (sz > 0) { + iov[0].iov_base = (byte*)in; + iov[0].iov_len = sz + AES_BLOCK_SIZE; + msg->msg_iov = iov; + msg->msg_iovlen = 1; /* # of iov structures */ + + ret = (int)sendmsg(aes->rdFd, msg, 0); + if (ret < 0) { + return ret; + } + + ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE); + if (ret < 0) { + return ret; + } + XMEMCPY(authTag, out + sz, authTagSz); + } + + /* handle completing tag with using software if additional data added */ + if (authIn != NULL) { + byte initalCounter[AES_BLOCK_SIZE]; + XMEMSET(initalCounter, 0, AES_BLOCK_SIZE); + XMEMCPY(initalCounter, iv, ivSz); + initalCounter[AES_BLOCK_SIZE - 1] = 1; + GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); + wc_AesEncryptDirect(aes, scratch, initalCounter); + xorbuf(authTag, scratch, authTagSz); + } +#else if (authInSz > 0) { cmsg = CMSG_NXTHDR(msg, cmsg); ret = wc_Afalg_SetAad(cmsg, authInSz); @@ -549,12 +627,11 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, iov[1].iov_base = (byte*)in; iov[1].iov_len = sz; - aes->msg.msg_iov = iov; - aes->msg.msg_iovlen = 2; /* # of iov structures */ + msg->msg_iov = iov; + msg->msg_iovlen = 2; /* # of iov structures */ - ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0); + ret = (int)sendmsg(aes->rdFd, msg, 0); if (ret < 0) { - perror("sendmsg error"); return ret; } @@ -570,24 +647,36 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, ret = (int)readv(aes->rdFd, iov, 3); if (ret < 0) { - perror("read error"); return ret; } +#endif + return 0; } #if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT) +/* Performs AES-GCM decryption and returns 0 on success + * + * Warning: If using Xilinx hardware acceleration it is assumed that the in + * buffer is large enough to hold both cipher text and tag. That is + * sz | 16 bytes + */ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { struct cmsghdr* cmsg; - struct iovec iov[3]; - int ret; struct msghdr* msg; - byte scratch[16]; + struct iovec iov[3]; + byte scratch[AES_BLOCK_SIZE]; + int ret; +#ifdef WOLFSSL_AFALG_XILINX_AES + byte* tag = (byte*)authTag; + byte buf[AES_BLOCK_SIZE]; + byte initalCounter[AES_BLOCK_SIZE]; +#endif /* argument checks */ if (aes == NULL || authTagSz > AES_BLOCK_SIZE) { @@ -612,6 +701,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, return ret; } +#ifndef WOLFSSL_AFALG_XILINX_AES /* set auth tag * @TODO case where tag size changes between calls? */ ret = setsockopt(aes->alFd, SOL_ALG, ALG_SET_AEAD_AUTHSIZE, NULL, @@ -620,18 +710,71 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, WOLFSSL_MSG("Unable to set AF_ALG tag size "); return WC_AFALG_SOCK_E; } +#endif } - /* set IV and AAD size */ - msg = &(aes->msg); - cmsg = CMSG_FIRSTHDR(msg); - cmsg = CMSG_NXTHDR(msg, cmsg); + msg = &aes->msg; + if ((cmsg = CMSG_FIRSTHDR(msg)) == NULL) { + return WC_AFALG_SOCK_E; + } + if (wc_Afalg_SetOp(cmsg, aes->dir) < 0) { + WOLFSSL_MSG("Error with setting AF_ALG operation"); + return WC_AFALG_SOCK_E; + } + if ((cmsg = CMSG_NXTHDR(msg, cmsg)) == NULL) { + return WC_AFALG_SOCK_E; + } ret = wc_Afalg_SetIv(cmsg, (byte*)iv, ivSz); if (ret < 0) { return ret; } +#ifdef WOLFSSL_AFALG_XILINX_AES + /* check for and handle additional data */ + if (authIn != NULL && authInSz > 0) { + + XMEMSET(initalCounter, 0, AES_BLOCK_SIZE); + XMEMCPY(initalCounter, iv, ivSz); + initalCounter[AES_BLOCK_SIZE - 1] = 1; + tag = buf; + GHASH(aes, NULL, 0, in, sz, tag, AES_BLOCK_SIZE); + wc_AesEncryptDirect(aes, scratch, initalCounter); + xorbuf(tag, scratch, AES_BLOCK_SIZE); + if (ret != 0) { + return AES_GCM_AUTH_E; + } + } + + /* it is assumed that in buffer size is large enough to hold TAG */ + XMEMCPY((byte*)in + sz, tag, AES_BLOCK_SIZE); + iov[0].iov_base = (byte*)in; + iov[0].iov_len = sz + AES_BLOCK_SIZE; + + msg->msg_iov = iov; + msg->msg_iovlen = 1; + + ret = sendmsg(aes->rdFd, msg, 0); + if (ret < 0) { + return ret; + } + + ret = read(aes->rdFd, out, sz + AES_BLOCK_SIZE); + if (ret < 0) { + return AES_GCM_AUTH_E; + } + + /* check on tag */ + if (authIn != NULL && authInSz > 0) { + GHASH(aes, authIn, authInSz, in, sz, tag, AES_BLOCK_SIZE); + wc_AesEncryptDirect(aes, scratch, initalCounter); + xorbuf(tag, scratch, AES_BLOCK_SIZE); + if (ConstantCompare(tag, authTag, authTagSz) != 0) { + return AES_GCM_AUTH_E; + } + } + +#else if (authInSz > 0) { cmsg = CMSG_NXTHDR(msg, cmsg); ret = wc_Afalg_SetAad(cmsg, authInSz); @@ -643,16 +786,13 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, /* set data to be decrypted*/ iov[0].iov_base = (byte*)authIn; iov[0].iov_len = authInSz; - iov[1].iov_base = (byte*)in; iov[1].iov_len = sz; - iov[2].iov_base = (byte*)authTag; iov[2].iov_len = authTagSz; - aes->msg.msg_iov = iov; - aes->msg.msg_iovlen = 3; /* # of iov structures */ - + msg->msg_iov = iov; + msg->msg_iovlen = 3; /* # of iov structures */ ret = (int)sendmsg(aes->rdFd, &(aes->msg), 0); if (ret < 0) { return ret; @@ -660,14 +800,13 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, iov[0].iov_base = scratch; iov[0].iov_len = authInSz; - iov[1].iov_base = out; iov[1].iov_len = sz; - ret = (int)readv(aes->rdFd, iov, 2); if (ret < 0) { return AES_GCM_AUTH_E; } +#endif return 0; } diff --git a/wolfcrypt/src/port/af_alg/afalg_hash.c b/wolfcrypt/src/port/af_alg/afalg_hash.c index f355f61c3..bf9c0503e 100644 --- a/wolfcrypt/src/port/af_alg/afalg_hash.c +++ b/wolfcrypt/src/port/af_alg/afalg_hash.c @@ -26,83 +26,106 @@ #include -#if defined(WOLFSSL_AFALG_HASH) +#if defined(WOLFSSL_AFALG_HASH) || defined(WOLFSSL_AFALG_XILINX) #include #include #include +#include static const char WC_TYPE_HASH[] = "hash"; -#if !defined(NO_SHA256) -#include -static const char WC_NAME_SHA256[] = "sha256"; - - -/* create AF_ALG sockets for SHA256 operation */ -int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId) +/* generic AF_ALG hash free */ +static void AfalgHashFree(wolfssl_AFALG_Hash* hash) { - if (sha == NULL) { + if (hash == NULL) + return; + + if (hash->alFd > 0) { + close(hash->alFd); + hash->alFd = -1; /* avoid possible double close on socket */ + } + if (hash->rdFd > 0) { + close(hash->rdFd); + hash->rdFd = -1; /* avoid possible double close on socket */ + } + + #if defined(WOLFSSL_AFALG_HASH_KEEP) + if (hash->msg != NULL) { + XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); + hash->msg = NULL; + } + #endif +} + + +/* generic hash init for AF_ALG, returns 0 on success */ +static int AfalgHashInit(wolfssl_AFALG_Hash* hash, void* heap, int devId, + const char* type) +{ + if (hash == NULL) { return BAD_FUNC_ARG; } (void)devId; /* no async for now */ - XMEMSET(sha, 0, sizeof(wc_Sha256)); - sha->heap = heap; + XMEMSET(hash, 0, sizeof(wolfssl_AFALG_Hash)); + hash->heap = heap; - sha->len = 0; - sha->used = 0; - sha->msg = NULL; - sha->alFd = -1; - sha->rdFd = -1; + hash->len = 0; + hash->used = 0; + hash->msg = NULL; + hash->alFd = -1; + hash->rdFd = -1; - sha->alFd = wc_Afalg_Socket(); - if (sha->alFd < 0) { + hash->alFd = wc_Afalg_Socket(); + if (hash->alFd < 0) { return WC_AFALG_SOCK_E; } - sha->rdFd = wc_Afalg_CreateRead(sha->alFd, WC_TYPE_HASH, WC_NAME_SHA256); - if (sha->rdFd < 0) { - close(sha->alFd); + hash->rdFd = wc_Afalg_CreateRead(hash->alFd, WC_TYPE_HASH, type); + if (hash->rdFd < 0) { + close(hash->alFd); return WC_AFALG_SOCK_E; } return 0; + } -int wc_Sha256Update(wc_Sha256* sha, const byte* in, word32 sz) +/* generic hash update for AF_ALG, returns 0 on success */ +static int AfalgHashUpdate(wolfssl_AFALG_Hash* hash, const byte* in, word32 sz) { - if (sha == NULL || (sz > 0 && in == NULL)) { + if (hash == NULL || (sz > 0 && in == NULL)) { return BAD_FUNC_ARG; } #ifdef WOLFSSL_AFALG_HASH_KEEP /* keep full message to hash at end instead of incremental updates */ - if (sha->len < sha->used + sz) { - if (sha->msg == NULL) { - sha->msg = (byte*)XMALLOC(sha->used + sz, sha->heap, + if (hash->len < hash->used + sz) { + if (hash->msg == NULL) { + hash->msg = (byte*)XMALLOC(hash->used + sz, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); } else { - byte* pt = (byte*)XREALLOC(sha->msg, sha->used + sz, sha->heap, + byte* pt = (byte*)XREALLOC(hash->msg, hash->used + sz, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pt == NULL) { return MEMORY_E; } - sha->msg = pt; + hash->msg = pt; } - if (sha->msg == NULL) { + if (hash->msg == NULL) { return MEMORY_E; } - sha->len = sha->used + sz; + hash->len = hash->used + sz; } - XMEMCPY(sha->msg + sha->used, in, sz); - sha->used += sz; + XMEMCPY(hash->msg + hash->used, in, sz); + hash->used += sz; #else int ret; - if ((ret = (int)send(sha->rdFd, in, sz, MSG_MORE)) < 0) { + if ((ret = (int)send(hash->rdFd, in, sz, MSG_MORE)) < 0) { return ret; } #endif @@ -110,72 +133,78 @@ int wc_Sha256Update(wc_Sha256* sha, const byte* in, word32 sz) } -int wc_Sha256Final(wc_Sha256* sha, byte* hash) +/* generic hash final for AF_ALG, return 0 on success */ +static int AfalgHashFinal(wolfssl_AFALG_Hash* hash, byte* out, word32 outSz, + const char* type) { - int ret; + int ret; + void* heap; - if (sha == NULL || hash == NULL) { + if (hash == NULL || out == NULL) { return BAD_FUNC_ARG; } + heap = hash->heap; /* keep because AfalgHashInit clears the pointer */ #ifdef WOLFSSL_AFALG_HASH_KEEP - /* keep full message to hash at end instead of incremental updates */ - if ((ret = (int)send(sha->rdFd, sha->msg, sha->used, 0)) < 0) { + /* keep full message to out at end instead of incremental updates */ + if ((ret = (int)send(hash->rdFd, hash->msg, hash->used, 0)) < 0) { return ret; } - XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); - sha->msg = NULL; + XFREE(hash->msg, heap, DYNAMIC_TYPE_TMP_BUFFER); + hash->msg = NULL; #else - if ((ret = (int)send(sha->rdFd, NULL, 0, 0)) < 0) { + if ((ret = (int)send(hash->rdFd, NULL, 0, 0)) < 0) { return ret; } #endif - if ((ret = (int)read(sha->rdFd, hash, WC_SHA256_DIGEST_SIZE)) != - WC_SHA256_DIGEST_SIZE) { + if ((ret = (int)read(hash->rdFd, out, outSz)) != (int)outSz) { return ret; } - wc_Sha256Free(sha); - return wc_InitSha256_ex(sha, sha->heap, 0); + AfalgHashFree(hash); + return AfalgHashInit(hash, heap, 0, type); } -int wc_Sha256GetHash(wc_Sha256* sha, byte* hash) +/* generic function to get intermediate hash */ +static int AfalgHashGet(wolfssl_AFALG_Hash* hash, byte* out, word32 outSz) { int ret; - if (sha == NULL || hash == NULL) { + if (hash == NULL || out == NULL) { return BAD_FUNC_ARG; } (void)ret; #ifdef WOLFSSL_AFALG_HASH_KEEP - if ((ret = (int)send(sha->rdFd, sha->msg, sha->used, 0)) < 0) { + if ((ret = (int)send(hash->rdFd, hash->msg, hash->used, 0)) < 0) { return ret; } - if ((ret = (int)read(sha->rdFd, hash, WC_SHA256_DIGEST_SIZE)) != - WC_SHA256_DIGEST_SIZE) { + if ((ret = (int)read(hash->rdFd, out, outSz)) != (int)outSz) { return ret; } return 0; #else - (void)sha; (void)hash; + (void)out; + (void)outSz; WOLFSSL_MSG("Compile with WOLFSSL_AFALG_HASH_KEEP for this feature"); return NOT_COMPILED_IN; #endif } -int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) + +/* generic struct copy for AF_ALG, returns 0 on success */ +static int AfalgHashCopy(wolfssl_AFALG_Hash* src, wolfssl_AFALG_Hash* dst) { if (src == NULL || dst == NULL) { return BAD_FUNC_ARG; } - XMEMCPY(dst, src, sizeof(wc_Sha256)); + XMEMCPY(dst, src, sizeof(wolfssl_AFALG_Hash)); #ifdef WOLFSSL_AFALG_HASH_KEEP dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -189,16 +218,121 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) dst->alFd = accept(src->alFd, NULL, 0); if (dst->rdFd == -1 || dst->alFd == -1) { - wc_Sha256Free(dst); + AfalgHashFree(dst); return -1; } return 0; } + +#if !defined(NO_SHA256) && defined(WOLFSSL_AFALG_HASH) +#include + +static const char WC_NAME_SHA256[] = "sha256"; + + +/* create AF_ALG sockets for SHA256 operation */ +int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId) +{ + return AfalgHashInit(sha, heap, devId, WC_NAME_SHA256); +} + + +int wc_Sha256Update(wc_Sha256* sha, const byte* in, word32 sz) +{ + return AfalgHashUpdate(sha, in, sz); +} + + +int wc_Sha256Final(wc_Sha256* sha, byte* hash) +{ + return AfalgHashFinal(sha, hash, WC_SHA256_DIGEST_SIZE, WC_NAME_SHA256); +} + + +int wc_Sha256GetHash(wc_Sha256* sha, byte* hash) +{ + return AfalgHashGet(sha, hash, WC_SHA256_DIGEST_SIZE); +} + + +int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) +{ + return AfalgHashCopy(src, dst); +} #endif /* !NO_SHA256 */ +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_AFALG_XILINX) +#include + +static const char WC_NAME_SHA3[] = "xilinx-keccak-384"; + +void wc_Sha3_384_Free(wc_Sha3* sha) +{ + AfalgHashFree(sha); +} + + +/* create AF_ALG sockets for SHA256 operation */ +int wc_InitSha3_384(wc_Sha3* sha, void* heap, int devId) +{ + return AfalgHashInit(sha, heap, devId, WC_NAME_SHA3); +} + + +int wc_Sha3_384_Update(wc_Sha3* sha, const byte* in, word32 sz) +{ +#ifndef WOLFSSL_AFALG_HASH_KEEP + if (sz % 4) { + WOLFSSL_MSG("Alignment issue. Message size needs to be divisable by 4") + return BAD_FUNC_ARG; + } +#endif + + return AfalgHashUpdate(sha, in, sz); +} + + +int wc_Sha3_384_Final(wc_Sha3* sha, byte* hash) +{ + if (sha == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_AFALG_HASH_KEEP + if (sha->used % 4) { + WOLFSSL_MSG("Alignment issue. Message size needs to be divisable by 4"); + return BAD_FUNC_ARG; + } +#endif + + return AfalgHashFinal(sha, hash, WC_SHA3_384_DIGEST_SIZE, WC_NAME_SHA3); +} + + +int wc_Sha3_384_GetHash(wc_Sha3* sha, byte* hash) +{ + if (sha == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_AFALG_HASH_KEEP + if (sha->used % 4) { + WOLFSSL_MSG("Alignment issue. Message size needs to be divisable by 4"); + return BAD_FUNC_ARG; + } +#endif + + return AfalgHashGet(sha, hash, WC_SHA3_384_DIGEST_SIZE); +} + +int wc_Sha3_384_Copy(wc_Sha3* src, wc_Sha3* dst) +{ + return AfalgHashCopy(src, dst); +} +#endif /* WOLFSSL_SHA3 && WOLFSSL_AFALG_XILINX */ #endif /* WOLFSSL_AFALG */ diff --git a/wolfcrypt/src/port/af_alg/wc_afalg.c b/wolfcrypt/src/port/af_alg/wc_afalg.c index cecf32368..6713c851e 100644 --- a/wolfcrypt/src/port/af_alg/wc_afalg.c +++ b/wolfcrypt/src/port/af_alg/wc_afalg.c @@ -27,7 +27,7 @@ #include #include -#if !defined(NO_AES) && defined(WOLFSSL_AFALG) +#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX) #include #include diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 016966832..f64cbbcaa 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -43,6 +43,10 @@ #include +#ifdef WOLFSSL_AFALG_XILINX +#include +#endif + #ifdef WOLFSSL_HAVE_SP_RSA #include #endif @@ -221,6 +225,7 @@ enum { RSA_STATE_DECRYPT_RES, }; + static void wc_RsaCleanup(RsaKey* key) { #ifndef WOLFSSL_RSA_VERIFY_INLINE @@ -317,6 +322,11 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) key->mod = NULL; #endif +#ifdef WOLFSSL_AFALG_XILINX + key->alFd = WC_SOCK_NOTSET; + key->rdFd = WC_SOCK_NOTSET; +#endif + return ret; } @@ -469,6 +479,18 @@ int wc_FreeRsaKey(RsaKey* key) key->mod = NULL; #endif +#ifdef WOLFSSL_AFALG_XILINX + /* make sure that sockets are closed on cleanup */ + if (key->alFd > 0) { + close(key->alFd); + key->alFd = WC_SOCK_NOTSET; + } + if (key->rdFd > 0) { + close(key->rdFd); + key->rdFd = WC_SOCK_NOTSET; + } +#endif + return ret; } @@ -1508,6 +1530,167 @@ static int wc_RsaFunctionNonBlock(const byte* in, word32 inLen, byte* out, } #endif /* WC_RSA_NONBLOCK */ +#ifdef WOLFSSL_AFALG_XILINX +#ifndef ERROR_OUT +#define ERROR_OUT(x) ret = (x); goto done +#endif + +static const char WC_TYPE_ASYMKEY[] = "skcipher"; +static const char WC_NAME_RSA[] = "xilinx-zynqmp-rsa"; +#ifndef MAX_XILINX_RSA_KEY + /* max key size of 4096 bits / 512 bytes */ + #define MAX_XILINX_RSA_KEY 512 +#endif +static const byte XILINX_RSA_FLAG[] = {0x1}; + + +/* AF_ALG implementation of RSA */ +static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng) +{ + struct msghdr msg; + struct cmsghdr* cmsg; + struct iovec iov; + byte* keyBuf = NULL; + word32 keyBufSz = 0; + char cbuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) + 1)] = {0}; + int ret = 0; + int op = 0; /* decryption vs encryption flag */ + word32 keyLen; + + /* input and output buffer need to be aligned */ + ALIGN64 byte outBuf[MAX_XILINX_RSA_KEY]; + ALIGN64 byte inBuf[MAX_XILINX_RSA_KEY]; + + XMEMSET(&msg, 0, sizeof(struct msghdr)); + (void)rng; + + keyLen = wc_RsaEncryptSize(key); + if (keyLen > *outLen) { + ERROR_OUT(RSA_BUFFER_E); + } + + if (keyLen > MAX_XILINX_RSA_KEY) { + WOLFSSL_MSG("RSA key size larger than supported"); + ERROR_OUT(BAD_FUNC_ARG); + } + + if ((keyBuf = (byte*)XMALLOC(keyLen * 2, key->heap, DYNAMIC_TYPE_KEY)) + == NULL) { + ERROR_OUT(MEMORY_E); + } + + if ((ret = mp_to_unsigned_bin(&(key->n), keyBuf)) != MP_OKAY) { + ERROR_OUT(MP_TO_E); + } + + switch(type) { + case RSA_PRIVATE_DECRYPT: + case RSA_PRIVATE_ENCRYPT: + op = 1; /* set as decrypt */ + { + keyBufSz = mp_unsigned_bin_size(&(key->d)); + if ((mp_to_unsigned_bin(&(key->d), keyBuf + keyLen)) + != MP_OKAY) { + ERROR_OUT(MP_TO_E); + } + } + break; + + case RSA_PUBLIC_DECRYPT: + case RSA_PUBLIC_ENCRYPT: { + word32 exp = 0; + word32 eSz = mp_unsigned_bin_size(&(key->e)); + if ((mp_to_unsigned_bin(&(key->e), (byte*)&exp + + (sizeof(word32) - eSz))) != MP_OKAY) { + ERROR_OUT(MP_TO_E); + } + keyBufSz = sizeof(word32); + XMEMCPY(keyBuf + keyLen, (byte*)&exp, keyBufSz); + break; + } + + default: + ERROR_OUT(RSA_WRONG_TYPE_E); + } + keyBufSz += keyLen; /* add size of modulus */ + + /* check for existing sockets before creating new ones */ + if (key->alFd > 0) { + close(key->alFd); + key->alFd = WC_SOCK_NOTSET; + } + if (key->rdFd > 0) { + close(key->rdFd); + key->rdFd = WC_SOCK_NOTSET; + } + + /* create new sockets and set the key to use */ + if ((key->alFd = wc_Afalg_Socket()) < 0) { + WOLFSSL_MSG("Unable to create socket"); + ERROR_OUT(key->alFd); + } + if ((key->rdFd = wc_Afalg_CreateRead(key->alFd, WC_TYPE_ASYMKEY, + WC_NAME_RSA)) < 0) { + WOLFSSL_MSG("Unable to bind and create read/send socket"); + ERROR_OUT(key->rdFd); + } + if ((ret = setsockopt(key->alFd, SOL_ALG, ALG_SET_KEY, keyBuf, + keyBufSz)) < 0) { + WOLFSSL_MSG("Error setting RSA key"); + ERROR_OUT(ret); + } + + msg.msg_control = cbuf; + msg.msg_controllen = sizeof(cbuf); + cmsg = CMSG_FIRSTHDR(&msg); + if ((ret = wc_Afalg_SetOp(cmsg, op)) < 0) { + ERROR_OUT(ret); + } + + /* set flag in IV spot, needed for Xilinx hardware acceleration use */ + cmsg = CMSG_NXTHDR(&msg, cmsg); + if ((ret = wc_Afalg_SetIv(cmsg, (byte*)XILINX_RSA_FLAG, + sizeof(XILINX_RSA_FLAG))) != 0) { + ERROR_OUT(ret); + } + + /* compose and send msg */ + XMEMCPY(inBuf, (byte*)in, inLen); /* for alignment */ + iov.iov_base = inBuf; + iov.iov_len = inLen; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + if ((ret = sendmsg(key->rdFd, &msg, 0)) <= 0) { + ERROR_OUT(WC_AFALG_SOCK_E); + } + + if ((ret = read(key->rdFd, outBuf, inLen)) <= 0) { + ERROR_OUT(WC_AFALG_SOCK_E); + } + XMEMCPY(out, outBuf, ret); + *outLen = keyLen; + +done: + /* clear key data and free buffer */ + if (keyBuf != NULL) { + ForceZero(keyBuf, keyBufSz); + } + XFREE(keyBuf, key->heap, DYNAMIC_TYPE_KEY); + + if (key->alFd > 0) { + close(key->alFd); + key->alFd = WC_SOCK_NOTSET; + } + if (key->rdFd > 0) { + close(key->rdFd); + key->rdFd = WC_SOCK_NOTSET; + } + + return ret; +} + +#else static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng) { @@ -1775,6 +1958,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, return ret; #endif /* WOLFSSL_SP_MATH */ } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 26831fa20..5bd7a04ef 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -2915,7 +2915,7 @@ void wc_Sha256Free(wc_Sha256* sha256) #ifdef WOLFSSL_DEVCRYPTO_HASH wc_DevCryptoFree(&sha256->ctx); #endif /* WOLFSSL_DEVCRYPTO */ -#if defined(WOLFSSL_AFALG_HASH_KEEP) || \ +#if (defined(WOLFSSL_AFALG_HASH) && defined(WOLFSSL_AFALG_HASH_KEEP)) || \ (defined(WOLFSSL_DEVCRYPTO_HASH) && defined(WOLFSSL_DEVCRYPTO_HASH_KEEP)) if (sha256->msg != NULL) { XFREE(sha256->msg, sha256->heap, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index 43efe6974..6d7bd28b2 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -26,7 +26,8 @@ #include -#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \ + !defined(WOLFSSL_AFALG_XILINX) #if defined(HAVE_FIPS) && \ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 2142364c3..d61a50011 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -222,6 +222,11 @@ #include "wolfcrypt/test/test.h" #endif + /* these cases do not have intermediate hashing support */ +#if (defined(WOLFSSL_AFALG_XILINX) && !defined(WOLFSSL_AFALG_HASH_KEEP)) + #define NO_INTM_HASH_TEST +#endif + #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB) static void initDefaultName(void); #endif @@ -668,7 +673,9 @@ initDefaultName(); printf( "HMAC-BLAKE2 test passed!\n"); #endif - #ifdef WOLFSSL_SHA3 + #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ + !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ + !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) if ( (ret = hmac_sha3_test()) != 0) return err_sys("HMAC-SHA3 test failed!\n", ret); else @@ -690,7 +697,8 @@ initDefaultName(); printf( "X963-KDF test passed!\n"); #endif -#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) +#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \ + !defined(WOLFSSL_AFALG_XILINX_AES) if ( (ret = gmac_test()) != 0) return err_sys("GMAC test failed!\n", ret); else @@ -777,16 +785,13 @@ initDefaultName(); !defined(STM32_CRYPTO) if ( (ret = aesgcm_test()) != 0) return err_sys("AES-GCM test failed!\n", ret); - else #endif - { - if ((ret = aesgcm_default_test()) != 0) { - return err_sys("AES-GCM test failed!\n", ret); - } - else { - printf( "AES-GCM test passed!\n"); - } + #ifndef WOLFSSL_AFALG_XILINX_AES + if ((ret = aesgcm_default_test()) != 0) { + return err_sys("AES-GCM test failed!\n", ret); } + #endif + printf( "AES-GCM test passed!\n"); #endif #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) @@ -2569,7 +2574,9 @@ static int sha3_384_test(void) { wc_Sha3 sha; byte hash[WC_SHA3_384_DIGEST_SIZE]; +#ifndef NO_INTM_HASH_TEST byte hashcopy[WC_SHA3_384_DIGEST_SIZE]; +#endif testVector a, b, c; testVector test_sha[3]; @@ -2584,6 +2591,17 @@ static int sha3_384_test(void) a.inLen = XSTRLEN(a.input); a.outLen = WC_SHA3_384_DIGEST_SIZE; +#ifdef WOLFSSL_AFALG_XILINX + /* NIST test vector with a length that is a multiple of 4 */ + b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44" + "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4"; + b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4" + "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4" + "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14" + "\x19\x87\x22"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_384_DIGEST_SIZE; +#else b.input = "abc"; b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad" "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b" @@ -2591,7 +2609,7 @@ static int sha3_384_test(void) "\x37\x6d\x25"; b.inLen = XSTRLEN(b.input); b.outLen = WC_SHA3_384_DIGEST_SIZE; - +#endif c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49" "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4" @@ -2613,17 +2631,21 @@ static int sha3_384_test(void) (word32)test_sha[i].inLen); if (ret != 0) ERROR_OUT(-2701 - i, exit); + #ifndef NO_INTM_HASH_TEST ret = wc_Sha3_384_GetHash(&sha, hashcopy); if (ret != 0) ERROR_OUT(-2702 - i, exit); + #endif ret = wc_Sha3_384_Final(&sha, hash); if (ret != 0) ERROR_OUT(-2703 - i, exit); if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0) ERROR_OUT(-2704 - i, exit); + #ifndef NO_INTM_HASH_TEST if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0) ERROR_OUT(-2705 - i, exit); + #endif } /* BEGIN LARGE HASH TEST */ { @@ -3761,7 +3783,9 @@ int hmac_sha512_test(void) #endif -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ + !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ + !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) int hmac_sha3_test(void) { Hmac hmac; @@ -6763,7 +6787,7 @@ int aesgcm_default_test(void) 0xe4, 0xed, 0x2f, 0x6d }; - byte plain1[] = { + ALIGN64 byte plain1[] = { 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad, 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01, 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac, @@ -6775,7 +6799,7 @@ int aesgcm_default_test(void) 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1 }; - byte cipher1[] = { + ALIGN64 byte cipher1[] = { 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d, 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d, 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46, @@ -6798,12 +6822,12 @@ int aesgcm_default_test(void) 0xc9, 0x8a, 0xff, 0xe3 }; - byte plain2[] = { + ALIGN64 byte plain2[] = { 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b, 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7 }; - byte cipher2[] = { + ALIGN64 byte cipher2[] = { 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe, 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c }; @@ -6855,6 +6879,7 @@ int aesgcm_default_test(void) int aesgcm_test(void) { Aes enc; + Aes dec; /* * This is Test Case 16 from the document Galois/ @@ -6918,7 +6943,7 @@ int aesgcm_test(void) #if !defined(HAVE_FIPS) && \ !defined(STM32_CRYPTO) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \ - !defined(WOLFSSL_XILINX_CRYPT) + !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) #define ENABLE_NON_12BYTE_IV_TEST #ifdef WOLFSSL_AES_192 @@ -7004,11 +7029,14 @@ int aesgcm_test(void) #endif byte resultT[sizeof(t1)]; - byte resultP[sizeof(p)]; - byte resultC[sizeof(p)]; + byte resultP[sizeof(p) + AES_BLOCK_SIZE]; + byte resultC[sizeof(p) + AES_BLOCK_SIZE]; int result; #ifdef WOLFSSL_AES_256 - int alen, plen; + int alen; + #ifndef WOLFSSL_AFALG_XILINX_AES + int plen; + #endif #endif #if !defined(BENCH_EMBEDDED) @@ -7031,6 +7059,9 @@ int aesgcm_test(void) if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) { return -5700; } + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) { + return -5700; + } #ifdef WOLFSSL_AES_256 result = wc_AesGcmSetKey(&enc, k1, sizeof(k1)); @@ -7045,20 +7076,24 @@ int aesgcm_test(void) #endif if (result != 0) return -5702; - if (XMEMCMP(c1, resultC, sizeof(resultC))) + if (XMEMCMP(c1, resultC, sizeof(c1))) return -5703; if (XMEMCMP(t1, resultT, sizeof(resultT))) return -5704; #ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), + result = wc_AesGcmSetKey(&dec, k1, sizeof(k1)); + if (result != 0) + return -5701; + + result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); #if defined(WOLFSSL_ASYNC_CRYPT) result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) return -5705; - if (XMEMCMP(p, resultP, sizeof(resultP))) + if (XMEMCMP(p, resultP, sizeof(p))) return -5706; #endif /* HAVE_AES_DECRYPT */ @@ -7079,7 +7114,7 @@ int aesgcm_test(void) return -5707; #ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&enc, large_outdec, large_output, + result = wc_AesGcmDecrypt(&dec, large_outdec, large_output, BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -7103,10 +7138,10 @@ int aesgcm_test(void) if (result != 0) return -5710; #ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), k1, + result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), k1, (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a)); #if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) return -5711; @@ -7125,16 +7160,17 @@ int aesgcm_test(void) if (result != 0) return -5712; #ifdef HAVE_AES_DECRYPT - result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), iv1, + result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), iv1, sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen); #if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); + result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); #endif if (result != 0) return -5713; #endif /* HAVE_AES_DECRYPT */ } +#ifndef WOLFSSL_AFALG_XILINX_AES #ifdef BENCH_AESGCM_LARGE /* Variable plain text length test */ for (plen=1; plen= 2 */ wc_AesFree(&enc); + wc_AesFree(&dec); return 0; } @@ -9260,6 +9303,9 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) * -101 = USER_CRYPTO_ERROR */ if (ret == 0) +#elif defined(WOLFSSL_AFALG_XILINX) + /* blinding / rng handled with hardware acceleration */ + if (ret != 0) #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) /* async may not require RNG */ if (ret != 0 && ret != MISSING_RNG_E) @@ -9320,6 +9366,7 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) sigSz = (word32)ret; #ifndef WOLFSSL_RSA_PUBLIC_ONLY + XMEMSET(out, 0, sizeof(out)); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != 0) diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index e05a58697..18d37bd9c 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -68,9 +68,9 @@ #include "xsecure_aes.h" #endif -#ifdef WOLFSSL_AFALG +#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES) /* included for struct msghdr */ -#include +#include #endif #if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC) @@ -172,11 +172,15 @@ typedef struct Aes { word32 key_init[8]; word32 kup; #endif -#ifdef WOLFSSL_AFALG +#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_AFALG_XILINX_AES) int alFd; /* server socket to bind to */ int rdFd; /* socket to read from */ struct msghdr msg; int dir; /* flag for encrpyt or decrypt */ +#ifdef WOLFSSL_AFALG_XILINX_AES + word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) + + GCM_NONCE_MID_SZ)]; +#endif #endif #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) @@ -258,6 +262,9 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, #ifdef WOLFSSL_XILINX_CRYPT WOLFSSL_API int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup); +#elif defined(WOLFSSL_AFALG_XILINX_AES) + WOLFSSL_LOCAL int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, + word32 kup); #endif WOLFSSL_API int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len); WOLFSSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out, diff --git a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h index 4a87169b0..1432d5759 100644 --- a/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h +++ b/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h @@ -39,9 +39,12 @@ typedef struct { -#if !defined(NO_SHA256) +#if !defined(NO_SHA256) && defined(WOLFSSL_AFALG_HASH) typedef wolfssl_AFALG_Hash wc_Sha256; #endif +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_AFALG_XILINX) + typedef wolfssl_AFALG_Hash wc_Sha3; +#endif #endif /* WOLF_CRYPT_AFALG_HASH_H */ diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 9caeac0f8..3596609d8 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -179,6 +179,10 @@ struct RsaKey { #ifdef WC_RSA_NONBLOCK RsaNb* nb; #endif +#ifdef WOLFSSL_AFALG_XILINX + int alFd; + int rdFd; +#endif }; #ifndef WC_RSAKEY_TYPE_DEFINED diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 0ea0a4477..d7142a8b9 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1272,7 +1272,7 @@ extern void uITRON4_free(void *p) ; #define HAVE_AESGCM #endif -#if defined(WOLFSSL_XILINX_CRYPT) +#if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX) #if defined(WOLFSSL_ARMASM) #error can not use both ARMv8 instructions and XILINX hardened crypto #endif @@ -1285,6 +1285,10 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NOSHA3_256 #define WOLFSSL_NOSHA3_512 #endif + #ifdef WOLFSSL_AFALG_XILINX_AES + #undef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT + #endif #endif /*(WOLFSSL_XILINX_CRYPT)*/ #if defined(WOLFSSL_APACHE_MYNEWT) diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index 622d3b575..e6a762274 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -81,8 +81,11 @@ enum { #endif + #ifdef WOLFSSL_XILINX_CRYPT #include "wolfssl/wolfcrypt/port/xilinx/xil-sha3.h" +#elif defined(WOLFSSL_AFALG_XILINX) + #include #else /* Sha3 digest */ typedef struct Sha3 { diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 1d1ad9596..7950e875d 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -640,8 +640,10 @@ #define INVALID_DEVID -2 - /* AESNI requires alignment and ARMASM gains some performance from it */ - #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || defined(USE_INTEL_SPEEDUP) + /* AESNI requires alignment and ARMASM gains some performance from it + * Xilinx RSA operations require alignment */ + #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ + defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) #if !defined(ALIGN16) #if defined(__GNUC__) #define ALIGN16 __attribute__ ( (aligned (16))) @@ -664,19 +666,19 @@ #else #define ALIGN32 #endif - #endif + #endif /* !ALIGN32 */ - #if !defined(ALIGN32) + #if !defined(ALIGN64) #if defined(__GNUC__) - #define ALIGN32 __attribute__ ( (aligned (32))) + #define ALIGN64 __attribute__ ( (aligned (64))) #elif defined(_MSC_VER) /* disable align warning, we want alignment ! */ #pragma warning(disable: 4324) - #define ALIGN32 __declspec (align (32)) + #define ALIGN64 __declspec (align (64)) #else - #define ALIGN32 + #define ALIGN64 #endif - #endif /* !ALIGN32 */ + #endif /* !ALIGN64 */ #if defined(__GNUC__) #define ALIGN128 __attribute__ ( (aligned (128))) @@ -705,6 +707,9 @@ #ifndef ALIGN32 #define ALIGN32 #endif + #ifndef ALIGN64 + #define ALIGN64 + #endif #ifndef ALIGN128 #define ALIGN128 #endif