wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

add AesSetKey fips mode

Browse Source
This commit is contained in:
toddouska
2014-03-19 13:56:11 -07:00
parent faecf7f849
commit 388436c53e
6 changed files with 120 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ctaocrypt/benchmark/benchmark.c
View File

@@ -274,13 +274,20 @@ void bench_aes(int show)
Aes enc; Aes enc;
double start, total, persec; double start, total, persec;
int i; int i;
int ret;
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) {
printf("aes init cavium failed\n"); printf("aes init cavium failed\n");
return;
}
#endif #endif
AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION); ret = AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("AesSetKey failed, ret = %d\n", ret);
return;
}
start = current_time(1); start = current_time(1);
for(i = 0; i < numBlocks; i++) for(i = 0; i < numBlocks; i++)

6
ctaocrypt/src/aes.c
View File

@@ -27,6 +27,11 @@
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_FIPS
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
#define FIPS_NO_WRAPPERS
#endif
#include <cyassl/ctaocrypt/aes.h> #include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/error.h> #include <cyassl/ctaocrypt/error.h>
#include <cyassl/ctaocrypt/logging.h> #include <cyassl/ctaocrypt/logging.h>
@@ -46,6 +51,7 @@
#endif #endif
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
const byte* iv); const byte* iv);

17
ctaocrypt/test/test.c
View File

@@ -1860,6 +1860,7 @@ int aes_test(void)
byte cipher[AES_BLOCK_SIZE * 4]; byte cipher[AES_BLOCK_SIZE * 4];
byte plain [AES_BLOCK_SIZE * 4]; byte plain [AES_BLOCK_SIZE * 4];
int ret;
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0)
@@ -1867,8 +1868,12 @@ int aes_test(void)
if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0) if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0)
return -20004; return -20004;
#endif #endif
AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); ret = AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); if (ret != 0)
return -1001;
ret = AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
if (ret != 0)
return -1002;
AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE);
AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE);
@@ -1990,13 +1995,17 @@ int aes_test(void)
}; };
XMEMSET(cipher, 0, AES_BLOCK_SIZE); XMEMSET(cipher, 0, AES_BLOCK_SIZE);
AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); ret = AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
if (ret != 0)
return -1003;
AesEncryptDirect(&enc, cipher, niPlain); AesEncryptDirect(&enc, cipher, niPlain);
if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
return -20006; return -20006;
XMEMSET(plain, 0, AES_BLOCK_SIZE); XMEMSET(plain, 0, AES_BLOCK_SIZE);
AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); ret = AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
if (ret != 0)
return -1004;
AesDecryptDirect(&dec, plain, niCipher); AesDecryptDirect(&dec, plain, niCipher);
if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
return -20007; return -20007;

14
cyassl/ctaocrypt/aes.h
View File

@@ -149,6 +149,20 @@ CYASSL_API int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
CYASSL_API void AesFreeCavium(Aes*); CYASSL_API void AesFreeCavium(Aes*);
#endif #endif
#ifdef HAVE_FIPS
/* fips wrapper calls, user can call direct */
CYASSL_API int AesSetKey_fips(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir);
#ifndef FIPS_NO_WRAPPERS
/* if not internal or fips.c consumer force fips calls if fips build */
#define AesSetKey AesSetKey_fips
#endif /* FIPS_NO_WRAPPERS */
#endif /* HAVE_FIPS */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

18
src/keys.c
View File

@@ -1614,6 +1614,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#ifdef BUILD_AES #ifdef BUILD_AES
if (specs->bulk_cipher_algorithm == cyassl_aes) { if (specs->bulk_cipher_algorithm == cyassl_aes) {
int aesRet = 0;
if (enc->aes == NULL) if (enc->aes == NULL)
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL) if (enc->aes == NULL)
@@ -1635,20 +1637,28 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
} }
#endif #endif
if (side == CYASSL_CLIENT_END) { if (side == CYASSL_CLIENT_END) {
AesSetKey(enc->aes, keys->client_write_key, aesRet = AesSetKey(enc->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV, specs->key_size, keys->client_write_IV,
AES_ENCRYPTION); AES_ENCRYPTION);
AesSetKey(dec->aes, keys->server_write_key, if (aesRet != 0)
return aesRet;
aesRet = AesSetKey(dec->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV, specs->key_size, keys->server_write_IV,
AES_DECRYPTION); AES_DECRYPTION);
if (aesRet != 0)
return aesRet;
} }
else { else {
AesSetKey(enc->aes, keys->server_write_key, aesRet = AesSetKey(enc->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV, specs->key_size, keys->server_write_IV,
AES_ENCRYPTION); AES_ENCRYPTION);
AesSetKey(dec->aes, keys->client_write_key, if (aesRet != 0)
return aesRet;
aesRet = AesSetKey(dec->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV, specs->key_size, keys->client_write_IV,
AES_DECRYPTION); AES_DECRYPTION);
if (aesRet != 0)
return aesRet;
} }
enc->setup = 1; enc->setup = 1;
dec->setup = 1; dec->setup = 1;

68
src/ssl.c
View File

@@ -2018,6 +2018,7 @@ int CyaSSL_Init(void)
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return ret; return ret;
} }
ret = 0; /* back to good status */
if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) { if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) {
Des enc; Des enc;
@@ -2031,23 +2032,34 @@ int CyaSSL_Init(void)
} }
else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) { else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) {
Aes enc; Aes enc;
AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv, AES_DECRYPTION); ret = AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv,
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); AES_DECRYPTION);
if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
} }
else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) { else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) {
Aes enc; Aes enc;
AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv, AES_DECRYPTION); ret = AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv,
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); AES_DECRYPTION);
if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
} }
else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) { else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) {
Aes enc; Aes enc;
AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv, AES_DECRYPTION); ret = AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv,
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); AES_DECRYPTION);
if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
} }
else { else {
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return SSL_BAD_FILE; return SSL_BAD_FILE;
} }
if (ret != 0) {
XFREE(der.buffer, heap, dynamicType);
return ret;
}
} }
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
@@ -6723,6 +6735,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
const CYASSL_EVP_CIPHER* type, byte* key, const CYASSL_EVP_CIPHER* type, byte* key,
byte* iv, int enc) byte* iv, int enc)
{ {
int ret = 0;
CYASSL_ENTER("CyaSSL_EVP_CipherInit"); CYASSL_ENTER("CyaSSL_EVP_CipherInit");
if (ctx == NULL) { if (ctx == NULL) {
CYASSL_MSG("no ctx"); CYASSL_MSG("no ctx");
@@ -6741,9 +6755,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 16; ctx->keyLen = 16;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@@ -6754,9 +6771,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 24; ctx->keyLen = 24;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@@ -6767,9 +6787,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 32; ctx->keyLen = 32;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@@ -6781,9 +6804,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 16; ctx->keyLen = 16;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION); AES_ENCRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@@ -6794,9 +6820,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 24; ctx->keyLen = 24;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION); AES_ENCRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@@ -6807,9 +6836,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 32; ctx->keyLen = 32;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION); AES_ENCRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }