diff --git a/README.md b/README.md new file mode 100644 index 000000000..0cd9cbfc4 --- /dev/null +++ b/README.md @@ -0,0 +1,1063 @@ +# Notes - Please read + +## Note 1 +``` +CyaSSL now needs all examples and tests to be run from the CyaSSL home +directory. This is because it finds certs and keys from ./certs/. Trying to +maintain the ability to run each program from its own directory, the testsuite +directory, the main directory (for make check/test), and for the various +different project layouts (with or without config) was becoming harder and +harder. Now to run testsuite just do: + +./testsuite/testsuite + +or + +make check (when using autoconf) + +On *nix or Windows the examples and testsuite will check to see if the current +directory is the source directory and if so, attempt to change to the CyaSSL +home directory. This should work in most setup cases, if not, just follow the +beginning of the note and specify the full path. +``` + +## Note 2 +``` +CyaSSL takes a different approach to certificate verification than OpenSSL does. +The default policy for the client is to verify the server, this means that if +you don't load CAs to verify the server you'll get a connect error, no signer +error to confirm failure (-188). If you want to mimic OpenSSL behavior of +having SSL_connect succeed even if verifying the server fails and reducing +security you can do this by calling: + +SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); + +before calling SSL_new(); Though it's not recommended. +``` + + +# CyaSSL Release 3.1.0 (07/14/2014) + +#### Release 3.1.0 CyaSSL has bug fixes and new features including: + +- Fix for older versions of icc without 128-bit type +- Intel ASM syntax for AES-NI +- Updated NTRU support, keygen benchmark +- FIPS check for minimum required HMAC key length +- Small stack (--enable-smallstack) improvements for PKCS#7, ASN +- TLS extension support for DTLS +- Default I/O callbacks external to user +- Updated example client with bad clock test +- Ability to set optional ECC context info +- Ability to enable/disable DH separate from opensslextra +- Additional test key/cert buffers for CA and server +- Updated example certificates + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.0.2 (05/30/2014) + +#### Release 3.0.2 CyaSSL has bug fixes and new features including: + +- Added the following cipher suites: + * TLS_PSK_WITH_AES_128_GCM_SHA256 + * TLS_PSK_WITH_AES_256_GCM_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA384 + * TLS_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_NULL_SHA256 + * TLS_DHE_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CCM + * TLS_DHE_PSK_WITH_AES_256_CCM +- Added AES-NI support for Microsoft Visual Studio builds. +- Changed small stack build to be disabled by default. +- Updated the Hash DRBG and provided a configure option to enable. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.0.0 (04/29/2014) + +#### Release 3.0.0 CyaSSL has bug fixes and new features including: + +- FIPS release candidate +- X.509 improvements that address items reported by Suman Jana with security + researchers at UT Austin and UC Davis +- Small stack size improvements, --enable-smallstack. Offloads large local + variables to the heap. (Note this is not complete.) +- Updated AES-CCM-8 cipher suites to use approved suite numbers. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.9.4 (04/09/2014) + +#### Release 2.9.4 CyaSSL has bug fixes and new features including: + +- Security fixes that address items reported by Ivan Fratric of the Google + Security Team +- X.509 Unknown critical extensions treated as errors, report by Suman Jana with + security researchers at UT Austin and UC Davis +- Sniffer fixes for corrupted packet length and Jumbo frames +- ARM thumb mode assembly fixes +- Xcode 5.1 support including new clang +- PIC32 MZ hardware support +- CyaSSL Object has enough room to read the Record Header now w/o allocs +- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. +- A sample I/O pool is demonstrated with --enable-iopool to overtake memory + handling and reduce memory fragmentation on I/O large sizes + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.9.0 (02/07/2014) + +#### Release 2.9.0 CyaSSL has bug fixes and new features including: +- Freescale Kinetis RNGB support +- Freescale Kinetis mmCAU support +- TLS Hello extensions + - ECC + - Secure Renegotiation (null) + - Truncated HMAC +- SCEP support + - PKCS #7 Enveloped data and signed data + - PKCS #10 Certificate Signing Request generation +- DTLS sliding window +- OCSP Improvements + - API change to integrate into Certificate Manager + - IPv4/IPv6 agnostic + - example client/server support for OCSP + - OCSP nonces are optional +- GMAC hashing +- Windows build additions +- Windows CYGWIN build fixes +- Updated test certificates +- Microchip MPLAB Harmony support +- Update autoconf scripts +- Additional X.509 inspection functions +- ECC encrypt/decrypt primitives +- ECC Certificate generation + +The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the +K53 Sub-Family Reference Manual: +http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf + +Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation +can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library +User Guide": +http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf + + +# CyaSSL Release 2.8.0 (8/30/2013) + +#### Release 2.8.0 CyaSSL has bug fixes and new features including: +- AES-GCM and AES-CCM use AES-NI +- NetX default IO callback handlers +- IPv6 fixes for DTLS Hello Cookies +- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() +- SEP certificate extensions +- Callback getters for easier resource freeing +- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing +- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing +- Public Key Callbacks for ECC and RSA +- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 + + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.7.0 (6/17/2013) + +#### Release 2.7.0 CyaSSL has bug fixes and new features including: +- SNI support for client and server +- KEIL MDK-ARM projects +- Wildcard check to domain name match, and Subject altnames are checked too +- Better error messages for certificate verification errors +- Ability to discard session during handshake verify +- More consistent error returns across all APIs +- Ability to unload CAs at the CTX or CertManager level +- Authority subject id support for Certificate matching +- Persistent session cache functionality +- Persistent CA cache functionality +- Client session table lookups to push serverID table to library level +- Camellia support to sniffer +- User controllable settings for DTLS timeout values +- Sniffer fixes for caching long lived sessions +- DTLS reliability enhancements for the handshake +- Better ThreadX support + +When compiling with Mingw, libtool may give the following warning due to +path conversion errors: + +``` +libtool: link: Could not determine host file name corresponding to ** +libtool: link: Continuing, but uninstalled executables may not work. +``` + +If so, examples and testsuite will have problems when run, showing an +error while loading shared libraries. To resolve, please run "make install". + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.6.0 (04/15/2013) + +#### Release 2.6.0 CyaSSL has bug fixes and new features including: +- DTLS 1.2 support including AEAD ciphers +- SHA-3 finalist Blake2 support, it's fast and uses little resources +- SHA-384 cipher suites including ECC ones +- HMAC now supports SHA-512 +- Track memory use for example client/server with -t option +- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were + turned on, localhost only was used. Now link-local (with scope ids) and ipv6 + hosts can be used as well. +- Xcode v4.6 project for iOS v6.1 update +- settings.h is now checked in all *.c files for true one file setting detection +- Better alignment at SSL layer for hardware crypto alignment needs + * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and + 13 bytes DTLS headers, but every effort is now made to align with the + CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement +- NO_64BIT flag to turn off 64bit data type accumulators in public key code + * Note, some systems are faster with 32bit accumulators +- --enable-stacksize for example client/server stack use + * Note, modern desktop Operating Systems may add bytes to each stack frame +- Updated compression/decompression with direct crypto access +- All ./configure options are now lowercase only for consistency +- ./configure builds default to fastmath option + * Note, if on ia32 and building in shared mode this may produce a problem + with a missing register being available because of PIC, there are at least + 5 solutions to this: + 1) --disable-fastmath , don't use fastmath + 2) --disable-shared, don't build a shared library + 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use + 4) use clang, it just seems to work + 5) play around with no PIC options to force all registers being open +- Many new ./configure switches for option enable/disable for example + * rsa + * dh + * dsa + * md5 + * sha + * arc4 + * null (allow NULL ciphers) + * oldtls (only use TLS 1.2) + * asn (no certs or public keys allowed) +- ./configure generates cyassl/options.h which allows a header the user can + include in their app to make sure the same options are set at the app and + CyaSSL level. +- autoconf no longer needs serial-tests which lowers version requirements of + automake to 1.11 and autoconf to 2.63 + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.5.0 (02/04/2013) + +#### Release 2.5.0 CyaSSL has bug fixes and new features including: +- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and + Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ +- Microchip PIC32 (MIPS16, MIPS32) support +- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit +- Updated CTaoCrypt benchmark app for embedded systems +- 1024-bit test certs/keys and cert/key buffers +- AES-CCM-8 crypto and cipher suites +- Camellia crypto and cipher suites +- Bumped minimum autoconf version to 2.65, automake version to 1.12 +- Addition of OCSP callbacks +- STM32F2 support with hardware crypto and RNG +- Cavium NITROX support + +CTaoCrypt now has support for the Microchip PIC32 and has been tested with +the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and +MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README +located under the /mplabx directory for more details. + +To add Cavium NITROX support do: + +./configure --with-cavium=/home/user/cavium/software + +pointing to your licensed cavium/software directory. Since Cavium doesn't +build a library we pull in the cavium_common.o file which gives a libtool +warning about the portability of this. Also, if you're using the github source +tree you'll need to remove the -Wredundant-decls warning from the generated +Makefile because the cavium headers don't conform to this warning. Currently +CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto +layer. Support at the SSL level is partial and currently just does AES, 3DES, +and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non +blocking mode. The example client turns on cavium support as does the crypto +test and benchmark. Please see the HAVE_CAVIUM define. + +CyaSSL is able to use the STM32F2 hardware-based cryptography and random number +generator through the STM32F2 Standard Peripheral Library. For necessary +defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the +STM32F2 Standard Peripheral Library can be found in the following document: +http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.4.6 (12/20/2012) + +#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: +- ECC into main version +- Lean PSK build (reduced code size, RAM usage, and stack usage) +- FreeBSD CRL monitor support +- CyaSSL_peek() +- CyaSSL_send() and CyaSSL_recv() for I/O flag setting +- CodeWarrior Support +- MQX Support +- Freescale Kinetis support including Hardware RNG +- autoconf builds use jobserver +- cyassl-config +- Sniffer memory reductions + +Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, +warning system, and general good ideas for improving CyaSSL! + +The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the +K70 Sub-Family Reference Manual: +http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.4.0 (10/10/2012) + +#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: +- DTLS reliability +- Reduced memory usage after handshake +- Updated build process + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.3.0 (8/10/2012) + +#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: +- AES-GCM crypto and cipher suites +- make test cipher suite checks +- Subject AltName processing +- Command line support for client/server examples +- Sniffer SessionTicket support +- SHA-384 cipher suites +- Verify cipher suite validity when user overrides +- CRL dir monitoring +- DTLS Cookie support, reliability coming soon + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.2.0 (5/18/2012) + +#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: +- Initial CRL support (--enable-crl) +- Initial OCSP support (--enable-ocsp) +- Add static ECDH suites +- SHA-384 support +- ECC client certificate support +- Add medium session cache size (1055 sessions) +- Updated unit tests +- Protection against mutex reinitialization + + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.8 (2/24/2012) + +#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: +- A fix for malicious certificates pointed out by Remi Gacogne (thanks) + resulting in NULL pointer use. +- Respond to renegotiation attempt with no_renegoatation alert +- Add basic path support for load_verify_locations() +- Add set Temp EC-DHE key size +- Extra checks on rsa test when porting into + + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.6 (1/27/2012) + +#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: +- Fixes for CA basis constraint check +- CTX reference counting +- Initial unit test additions +- Lean and Mean Windows fix +- ECC benchmarking +- SSMTP build support +- Ability to group handshake messages with set_group_messages(ctx/ssl) +- CA cache addition callback +- Export Base64_Encode for general use + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.2 (12/05/2011) + +#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: +- CTaoCrypt Runtime library detection settings when directly using the crypto + library +- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation +- All test certificates now use 2048bit and SHA-1 for better modern browser + support +- Direct AES block access and AES-CTR (counter) mode +- Microchip pic32 support + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.0rc3 (9/28/2011) + +#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: +- updated autoconf support +- better make install and uninstall (uses system directories) +- make test / make check +- CyaSSL headers now in +- CTaocrypt headers now in +- OpenSSL compatibility headers now in +- examples and tests all run from home directory so can use certs in ./certs + (see note 1) + +So previous applications that used the OpenSSL compatibility header + now need to include instead, no other +changes are required. + +Special Thanks to Brian Aker for his autoconf, install, and header patches. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +# CyaSSL Release 2.0.0rc2 (6/6/2011) + +#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: +- bug fixes (Alerts, DTLS with DHE) +- FreeRTOS support +- lwIP support +- Wshadow warnings removed +- asn public header +- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being + updated to reflect this change) +- and more. + +This is the 2nd and perhaps final release candidate for version 2. +Please send any comments or questions to support@yassl.com. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +# CyaSSL Release 2.0.0rc1 (5/2/2011) + +#### Release 2.0.0rc1 for CyaSSL has many new features including: +- bug fixes +- SHA-256 cipher suites +- Root Certificate Verification (instead of needing all certs in the chain) +- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) +- Serial number retrieval for x509 +- PBKDF2 and PKCS #12 PBKDF +- UID parsing for x509 +- SHA-256 certificate signatures +- Client and server can send chains (SSL_CTX_use_certificate_chain_file) +- CA loading can now parse multiple certificates per file +- Dynamic memory runtime hooks +- Runtime hooks for logging +- EDH on server side +- More informative error codes +- More informative logging messages +- Version downgrade more robust (use SSL_v23*) +- Shared build only by default through ./configure +- Compiler visibility is now used, internal functions not polluting namespace +- Single Makefile, no recursion, for faster and simpler building +- Turn on all warnings possible build option, warning fixes +- and more. + +Because of all the new features and the multiple OS, compiler, feature-set +options that CyaSSL allows, there may be some configuration fixes needed. +Please send any comments or questions to support@yassl.com. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +# CyaSSL Release 1.9.0 (3/2/2011) + +Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and +better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, +improper AES key setup detection, user cert verify callback improvements, and +more. + +The CyaSSL manual offering is included in the doc/ directory. For build +instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@yassl.com. + +# CyaSSL Release 1.8.0 (12/23/2010) + +Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate +generation, a C standard library abstraction layer, lower memory use, increased +portability through the os_settings.h file, and the ability to use NTRU cipher +suites when used in conjunction with an NTRU license and library. + +The initial CyaSSL manual offering is included in the doc/ directory. For +build instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@yassl.com. + +Happy Holidays. + + +# CyaSSL Release 1.6.5 (9/9/2010) + +Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To enable certificate generation support add this option to ./configure +./configure --enable-certgen + +An example is included in ctaocrypt/test/test.c and documentation is provided +in doc/CyaSSL_Extensions_Reference.pdf item 11. + +# CyaSSL Release 1.6.0 (8/27/2010) + +Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add RIPEMD-160 support add this option to ./configure +./configure --enable-ripemd + +To add SHA-512 support add this option to ./configure +./configure --enable-sha512 + +To add RSA key generation support add this option to ./configure +./configure --enable-keygen + +Please see ctaocrypt/test/test.c for examples and usage. + +For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is +off by default. To turn key generation on add the define CYASSL_KEY_GEN to +CyaSSL. + + +# CyaSSL Release 1.5.6 (7/28/2010) + +Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, +and a fix for GCC builds on some systems. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +# CyaSSL Release 1.5.4 (7/7/2010) + +Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed +improvements from loop unrolling, and support for the Mongoose Web Server. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +# CyaSSL Release 1.5.0 (5/11/2010) + +Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer +support, and initial swig interface support. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add support for GoAhead WebServer either --enable-opensslExtra or if you +don't want all the features of opensslExtra you can just define GOAHEAD_WS +instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or +you can define it yourself. + +To look at the sniffer support please see the sniffertest app in +sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the +vcproj files on windows. You'll need to have pcap installed on *nix and +WinPcap on windows. + +A swig interface file is now located in the swig directory for using Python, +Java, Perl, and others with CyaSSL. This is initial support and experimental, +please send questions or comments to support@yassl.com. + +When doing load testing with CyaSSL, on the echoserver example say, the client +machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT +queue, and can't be reused by default. There are generally two ways to fix +this. + +1. Reduce the length sockets remain on the TIME_WAIT queue OR +2. Allow items on the TIME_WAIT queue to be reused. + + +To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) + +`sudo sysctl -w net.inet.tcp.msl=3000` + +In Linux + +`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` + +allows reuse of sockets in TIME_WAIT + +`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` + +works but seems to remove sockets from TIME_WAIT entirely? + +`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` + +doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts + + +# CyaSSL Release 1.4.0 (2/18/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support +through SSLv23_server_method(), and improved documentation in the doc/ folder. + +For general build instructions doc/Building_CyaSSL.pdf. + +# CyaSSL Release 1.3.0 (1/21/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, +better porting support, removal of assert()s, and a complete THREADX port. + +For general build instructions see rc1 below. + +# CyaSSL Release 1.2.0 (11/2/2009) + +Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is +read or write. + +For general build instructions see rc1 below. + +# CyaSSL Release 1.1.0 (9/2/2009) + +Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session +cache use, support for lighttpd, and TLS 1.2. + +To get TLS 1.2 support please use the client and server functions: + +```c +SSL_METHOD *TLSv1_2_server_method(void); +SSL_METHOD *TLSv1_2_client_method(void); +``` + +CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with +lighttpd use the following commands from the CyaSSL install dir : + +``` +./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib + +make +make openssl-links +``` + +Then to build lighttpd with CyaSSL use the following commands from the +lighttpd install dir: + +``` +./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm + +make +``` + +On some systems you may get a linker error about a duplicate symbol for +MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file +md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. +When liblightcomp is linked with the SSL_LIBs the linker may complain about +the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c +and adding this line to the beginning of the file: + +\#if 0 + +and this line to the end of the file + +\#endif + +Then from the lighttpd src dir do a: + +``` +make clean +make +``` + +If you get link errors about undefined symbols more than likely the actual +OpenSSL libraries are found by the linker before the CyaSSL openssl-links that +point to the CyaSSL library, causing the linker confusion. This can be fixed +by editing the Makefile in the lighttpd src directory and changing the line: + +`SSL_LIB = -lssl -lcrypto` + +to + +`SSL_LIB = -lcyassl` + +Then from the lighttpd src dir do a: + +``` +make clean +make +``` + +This should remove any confusion the linker may be having with missing symbols. + +For any questions or concerns please contact support@yassl.com . + +For general build instructions see rc1 below. + +# CyaSSL Release 1.0.6 (8/03/2009) + +Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster +math with a huge code option. + +The session cache now defaults to a client mode, also good for embedded servers. +For servers not under heavy load (less than 200 new sessions per minute), define +BIG_SESSION_CACHE. If the server will be under heavy load, define +HUGE_SESSION_CACHE. + +There is now a fasthugemath option for configure. This enables fastmath plus +even faster math by greatly increasing the code size of the math library. Use +the benchmark utility to compare public key operations. + + +For general build instructions see rc1 below. + +# CyaSSL Release 1.0.3 (5/10/2009) + +Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL +compatibility when building other applications. + +Release 1.0.3 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +# CyaSSL Release 1.0.2 (4/3/2009) + +Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems +will send a SIGPIPE on socket recv() at any time and this should be handled by +the application by turning off SIGPIPE through setsockopt() or returning from +the handler. + +Release 1.0.2 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +## CyaSSL Release Candidiate 3 rc3-1.0.0 (2/25/2009) + + +Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for +iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root +directory. This release also includes a fix for supporting other +implementations that bundle multiple messages at the record layer, this was +lost when cyassl i/o was re-implemented but is now fixed. + +For general build instructions see rc1 below. + +## CyaSSL Release Candidiate 2 rc2-1.0.0 (1/21/2009) + + +Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream +ciphers along with their respective cipher suites. CyaSSL adds support for +HC-128 and RABBIT stream ciphers. The new suites are: + +``` +TLS_RSA_WITH_HC_128_SHA +TLS_RSA_WITH_RABBIT_SHA +``` + +And the corresponding cipher names are + +``` +HC128-SHA +RABBIT-SHA +``` + +CyaSSL also adds support for building with devkitPro for PPC by changing the +library proper to use libogc. The examples haven't been changed yet but if +there's interest they can be. Here's an example ./configure to build CyaSSL +for devkitPro: + +``` +./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" +``` + +For linking purposes you'll need + +`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` + +For general build instructions see rc1 below. + + +## CyaSSL Release Candidiate 1 rc1-1.0.0 (12/17/2008) + + +Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several +areas have optimization improvements, less dynamic memory use, and the I/O +strategy has been refactored to allow alternate I/O handling or Library use. +Many thanks to Thierry Fournier for providing these ideas and most of the work. + +Because of these changes, this release is only a candidate since some problems +are probably inevitable on some platform with some I/O use. Please report any +problems and we'll try to resolve them as soon as possible. You can contact us +at support@yassl.com or todd@yassl.com. + +Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly +on some platforms. This is new so please report any problems as every compiler, +mode, OS combination hasn't been tested. On ia32 all of the registers need to +be available so be sure to pass these options to CFLAGS: + +`CFLAGS="-O3 -fomit-frame-pointer"` + +OS X will also need -mdynamic-no-pic added to CFLAGS + +Also if you're building in shared mode for ia32 you'll need to pass options to +LDFLAGS as well on OS X: + +`LDFLAGS=-Wl,-read_only_relocs,warning` + +This gives warnings for some symbols but seems to work. + + +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +#### To make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +#### To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + + + +# CyaSSL version 0.9.9 (7/25/2008) + +This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory +handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the +work on TomsFastMath. + +To optionally use TomsFastMath pass --enable-fastmath to ./configure +Or define USE_FAST_MATH in each project from CyaSSL for MSVC. + +Please use the benchmark routine before and after to see the performance +difference, on some platforms the gains will be little but RSA encryption +always seems to be faster. On x86-64 machines with GCC the normal math library +may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't +yet use -m64 because of GCCs inability to do 128bit division. + + *** UPDATE GCC 4.2.1 can now do 128bit division *** + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.9.8 (5/7/2008) + +This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better +socket handling. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.9.6 (1/31/2008) + +This release of CyaSSL adds bug fixes, increased session management, and a fix +for gnutls. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.9.0 (10/15/2007) + +This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, +IPV6 support and test, and new test certificates. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.8.0 (1/10/2007) + +This release of CyaSSL adds increased socket support, for non-blocking writes, +connects, and interrupted system calls. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.6.3 (10/30/2006) + +This release of CyaSSL adds debug logging to stderr to aid in the debugging of +CyaSSL on systems that may not provide the best support. + +If CyaSSL is built with debugging support then you need to call +CyaSSL_Debugging_ON() to turn logging on. + +On Unix use ./configure --enable-debug + +On Windows define DEBUG_CYASSL when building CyaSSL + + +To turn logging back off call CyaSSL_Debugging_OFF() + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.6.2 (10/29/2006) + +This release of CyaSSL adds TLS 1.1. + +Note that CyaSSL has certificate verification on by default, unlike OpenSSL. +To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with +SSL_VERIFY_NONE. In order to have full security you should never do this, +provide CyaSSL with the proper certificates to eliminate impostors and call +CyaSSL_check_domain_name() to prevent man in the middle attacks. + +See notes below (0.2.0) for build instructions. + +# CyaSSL version 0.6.0 (10/25/2006) + +This release of CyaSSL adds more SSL functions, better autoconf, nonblocking +I/O for accept, connect, and read. There is now an --enable-small configure +option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in +for the defines. Note that TLS requires HMAC and AES requires TLS. + +See notes below (0.2.0) for build instructions. + + +# CyaSSL version 0.5.5 (09/27/2006) + +This mini release of CyaSSL adds better input processing through buffered input +and big message support. Added SSL_pending() and some sanity checks on user +settings. + +See notes below (0.2.0) for build instructions. + + +# CyaSSL version 0.5.0 (03/27/2006) + +This release of CyaSSL adds AES support and minor bug fixes. + +See notes below (0.2.0) for build instructions. + + +# CyaSSL version 0.4.0 (03/15/2006) + +This release of CyaSSL adds TLSv1 client/server support and libtool. + +See notes below for build instructions. + + +# CyaSSL version 0.3.0 (02/26/2006) + +This release of CyaSSL adds SSLv3 server support and session resumption. + +See notes below for build instructions. + + +# CyaSSL version 0.2.0 (02/19/2006) + + +This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL +is written in ANSI C with the idea of a small code size, footprint, and memory +usage in mind. CTaoCrypt can be as small as 32K, and the current client +version of CyaSSL can be as small as 12K. + + +The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer +Support, RSA, ASN parsing, and basic x509 (en/de)coding. + +The first release of CyaSSL supports normal client RSA mode SSLv3 connections +with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. + + +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +#### to make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +#### To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + +*** The next release of CyaSSL will support a server and more OpenSSL +compatibility functions. + + +Please send questions or comments to todd@yassl.com diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 083bc807b..f5fa52b53 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -51,841 +51,59 @@ #endif +#if defined(STM32F2_CRYPTO) + /* STM32F2 hardware AES support for CBC, CTR modes through the STM32F2 + * Standard Peripheral Library. Documentation located in STM32F2xx + * Standard Peripheral Library document (See note in README). + * NOTE: no support for AES-GCM/CCM/Direct */ + #include "stm32f2xx.h" + #include "stm32f2xx_cryp.h" +#elif defined(HAVE_COLDFIRE_SEC) + /* Freescale Coldfire SEC support for CBC mode. + * NOTE: no support for AES-CTR/GCM/CCM/Direct */ + #include + #include "sec.h" + #include "mcf5475_sec.h" + #include "mcf5475_siu.h" +#elif defined(FREESCALE_MMCAU) + /* Freescale mmCAU hardware AES support for Direct, CBC, CCM, GCM modes + * through the CAU/mmCAU library. Documentation located in + * ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library User + * Guide (See note in README). + * NOTE: no support for AES-CTR */ + #include "cau_api.h" +#elif defined(CYASSL_PIC32MZ_CRYPT) + /* NOTE: no support for AES-CCM/Direct */ + #define DEBUG_CYASSL + #include "cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h" +#elif defined(HAVE_CAVIUM) + #include + #include "cavium_common.h" + + /* still leave SW crypto available */ + #define NEED_AES_TABLES -#ifdef HAVE_CAVIUM static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, const byte* iv); static int AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length); static int AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length); -#endif +#else + /* using CTaoCrypt software AES implementation */ + #define NEED_AES_TABLES +#endif /* STM32F2_CRYPTO */ -#if defined(CYASSL_PIC32MZ_CRYPT) -#include "cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h" -#define DEBUG_CYASSL - - /* core hardware crypt engine driver */ - static void AesCrypt(Aes *aes, byte* out, const byte* in, word32 sz, - int dir, int algo, int cryptoalgo) - { - securityAssociation *sa_p ; - bufferDescriptor *bd_p ; - - volatile securityAssociation sa __attribute__((aligned (8))); - volatile bufferDescriptor bd __attribute__((aligned (8))); - volatile int k ; - - /* get uncached address */ - sa_p = KVA0_TO_KVA1(&sa) ; - bd_p = KVA0_TO_KVA1(&bd) ; - - /* Sync cache and physical memory */ - if(PIC32MZ_IF_RAM(in)) { - XMEMCPY((void *)KVA0_TO_KVA1(in), (void *)in, sz); - } - XMEMSET((void *)KVA0_TO_KVA1(out), 0, sz); - /* Set up the Security Association */ - XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa)); - sa_p->SA_CTRL.ALGO = algo ; /* AES */ - sa_p->SA_CTRL.LNC = 1; - sa_p->SA_CTRL.LOADIV = 1; - sa_p->SA_CTRL.FB = 1; - sa_p->SA_CTRL.ENCTYPE = dir ; /* Encryption/Decryption */ - sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo; - - if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM){ - switch(aes->keylen) { - case 32: - sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_256 ; - break ; - case 24: - sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_192 ; - break ; - case 16: - sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ; - break ; - } - } else - sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ; - - ByteReverseWords( - (word32 *)KVA0_TO_KVA1(sa.SA_ENCKEY + 8 - aes->keylen/sizeof(word32)), - (word32 *)aes->key_ce, aes->keylen); - ByteReverseWords( - (word32*)KVA0_TO_KVA1(sa.SA_ENCIV), (word32 *)aes->iv_ce, 16); - - XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd)); - /* Set up the Buffer Descriptor */ - bd_p->BD_CTRL.BUFLEN = sz; - if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM) { - if(sz % 0x10) - bd_p->BD_CTRL.BUFLEN = (sz/0x10 + 1) * 0x10 ; - } - bd_p->BD_CTRL.LIFM = 1; - bd_p->BD_CTRL.SA_FETCH_EN = 1; - bd_p->BD_CTRL.LAST_BD = 1; - bd_p->BD_CTRL.DESC_EN = 1; - - bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; - bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; - bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); - bd_p->MSGLEN = sz ; - - CECON = 1 << 6; - while (CECON); - - /* Run the engine */ - CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; - CEINTEN = 0x07; - CECON = 0x27; - - WAIT_ENGINE ; - - if((cryptoalgo == PIC32_CRYPTOALGO_CBC) || - (cryptoalgo == PIC32_CRYPTOALGO_TCBC)|| - (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) { - /* set iv for the next call */ - if(dir == PIC32_ENCRYPTION) { - XMEMCPY((void *)aes->iv_ce, - (void*)KVA0_TO_KVA1(out + sz - AES_BLOCK_SIZE), - AES_BLOCK_SIZE) ; - } else { - ByteReverseWords((word32*)aes->iv_ce, - (word32 *)KVA0_TO_KVA1(in + sz - AES_BLOCK_SIZE), - AES_BLOCK_SIZE); - } - } - XMEMCPY((byte *)out, (byte *)KVA0_TO_KVA1(out), sz) ; - ByteReverseWords((word32*)out, (word32 *)out, sz); - } - - int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) - { - AesCrypt(aes, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_AES, - PIC32_CRYPTOALGO_RCBC ); - return 0 ; - } - - int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) - { - AesCrypt(aes, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_AES, - PIC32_CRYPTOALGO_RCBC); - return 0 ; - } - - #if defined(CYASSL_AES_COUNTER) - void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) - { - int i ; - char out_block[AES_BLOCK_SIZE] ; - int odd ; - int even ; - char *tmp ; /* (char *)aes->tmp, for short */ - - tmp = (char *)aes->tmp ; - if(aes->left) { - if((aes->left + sz) >= AES_BLOCK_SIZE){ - odd = AES_BLOCK_SIZE - aes->left ; - } else { - odd = sz ; - } - XMEMCPY(tmp+aes->left, in, odd) ; - if((odd+aes->left) == AES_BLOCK_SIZE){ - AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE, - PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR); - XMEMCPY(out, out_block+aes->left, odd) ; - aes->left = 0 ; - XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ; - /* Increment IV */ - for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) { - if (++((byte *)aes->iv_ce)[i]) - break ; - } - } - in += odd ; - out+= odd ; - sz -= odd ; - } - odd = sz % AES_BLOCK_SIZE ; /* if there is tail flagment */ - if(sz / AES_BLOCK_SIZE) { - even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ; - AesCrypt(aes, out, in, even, PIC32_ENCRYPTION, PIC32_ALGO_AES, - PIC32_CRYPTOALGO_RCTR); - out += even ; - in += even ; - do { /* Increment IV */ - for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) { - if (++((byte *)aes->iv_ce)[i]) - break ; - } - even -= AES_BLOCK_SIZE ; - } while((int)even > 0) ; - } - if(odd) { - XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ; - XMEMCPY(tmp+aes->left, in, odd) ; - AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE, - PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR); - XMEMCPY(out, out_block+aes->left,odd) ; - aes->left += odd ; - } - } - #endif /* CYASSL_AES_COUNTER */ - - #ifdef HAVE_AESGCM - #define HAVE_AES_ENGINE - /* Hardware AESGCM borows most of the software AESGCM, GMAC */ - #endif - -#endif /* CYASSL_PIC32MZ_CRYPT */ - -#ifdef STM32F2_CRYPTO - /* - * STM32F2 hardware AES support through the STM32F2 standard peripheral - * library. Documentation located in STM32F2xx Standard Peripheral Library - * document (See note in README). - */ - #include "stm32f2xx.h" - #include "stm32f2xx_cryp.h" - - int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, - int dir) - { - word32 *rk = aes->key; - - if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) - return BAD_FUNC_ARG; - - aes->rounds = keylen/4 + 6; - XMEMCPY(rk, userKey, keylen); - ByteReverseWords(rk, rk, keylen); - - return AesSetIV(aes, iv); - } - - int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) - { - word32 *enc_key, *iv; - CRYP_InitTypeDef AES_CRYP_InitStructure; - CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; - CRYP_IVInitTypeDef AES_CRYP_IVInitStructure; - - enc_key = aes->key; - iv = aes->reg; - - /* crypto structure initialization */ - CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); - CRYP_StructInit(&AES_CRYP_InitStructure); - CRYP_IVStructInit(&AES_CRYP_IVInitStructure); - - /* reset registers to their default values */ - CRYP_DeInit(); - - /* load key into correct registers */ - switch(aes->rounds) - { - case 10: /* 128-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3]; - break; - - case 12: /* 192-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5]; - break; - - case 14: /* 256-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; - AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7]; - break; - - default: - break; - } - CRYP_KeyInit(&AES_CRYP_KeyInitStructure); - - /* set iv */ - ByteReverseWords(iv, iv, AES_BLOCK_SIZE); - AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; - AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; - AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2]; - AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3]; - CRYP_IVInit(&AES_CRYP_IVInitStructure); - - /* set direction, mode, and datatype */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; - CRYP_Init(&AES_CRYP_InitStructure); - - /* enable crypto processor */ - CRYP_Cmd(ENABLE); - - while (sz > 0) - { - /* flush IN/OUT FIFOs */ - CRYP_FIFOFlush(); - - CRYP_DataIn(*(uint32_t*)&in[0]); - CRYP_DataIn(*(uint32_t*)&in[4]); - CRYP_DataIn(*(uint32_t*)&in[8]); - CRYP_DataIn(*(uint32_t*)&in[12]); - - /* wait until the complete message has been processed */ - while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - - *(uint32_t*)&out[0] = CRYP_DataOut(); - *(uint32_t*)&out[4] = CRYP_DataOut(); - *(uint32_t*)&out[8] = CRYP_DataOut(); - *(uint32_t*)&out[12] = CRYP_DataOut(); - - /* store iv for next call */ - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - sz -= 16; - in += 16; - out += 16; - } - - /* disable crypto processor */ - CRYP_Cmd(DISABLE); - - return 0; - } - - int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) - { - word32 *dec_key, *iv; - CRYP_InitTypeDef AES_CRYP_InitStructure; - CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; - CRYP_IVInitTypeDef AES_CRYP_IVInitStructure; - - dec_key = aes->key; - iv = aes->reg; - - /* crypto structure initialization */ - CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); - CRYP_StructInit(&AES_CRYP_InitStructure); - CRYP_IVStructInit(&AES_CRYP_IVInitStructure); - - /* if input and output same will overwrite input iv */ - XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - /* reset registers to their default values */ - CRYP_DeInit(); - - /* load key into correct registers */ - switch(aes->rounds) - { - case 10: /* 128-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[3]; - break; - - case 12: /* 192-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[5]; - break; - - case 14: /* 256-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; - AES_CRYP_KeyInitStructure.CRYP_Key0Left = dec_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key0Right = dec_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[5]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[6]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[7]; - break; - - default: - break; - } - - /* set direction, mode, and datatype for key preparation */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_Key; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_32b; - CRYP_Init(&AES_CRYP_InitStructure); - CRYP_KeyInit(&AES_CRYP_KeyInitStructure); - - /* enable crypto processor */ - CRYP_Cmd(ENABLE); - - /* wait until key has been prepared */ - while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - - /* set direction, mode, and datatype for decryption */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; - CRYP_Init(&AES_CRYP_InitStructure); - - /* set iv */ - ByteReverseWords(iv, iv, AES_BLOCK_SIZE); - - AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; - AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; - AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2]; - AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3]; - CRYP_IVInit(&AES_CRYP_IVInitStructure); - - /* enable crypto processor */ - CRYP_Cmd(ENABLE); - - while (sz > 0) - { - /* flush IN/OUT FIFOs */ - CRYP_FIFOFlush(); - - CRYP_DataIn(*(uint32_t*)&in[0]); - CRYP_DataIn(*(uint32_t*)&in[4]); - CRYP_DataIn(*(uint32_t*)&in[8]); - CRYP_DataIn(*(uint32_t*)&in[12]); - - /* wait until the complete message has been processed */ - while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - - *(uint32_t*)&out[0] = CRYP_DataOut(); - *(uint32_t*)&out[4] = CRYP_DataOut(); - *(uint32_t*)&out[8] = CRYP_DataOut(); - *(uint32_t*)&out[12] = CRYP_DataOut(); - - /* store iv for next call */ - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); - - sz -= 16; - in += 16; - out += 16; - } - - /* disable crypto processor */ - CRYP_Cmd(DISABLE); - - return 0; - } - - #ifdef CYASSL_AES_COUNTER - - /* AES-CTR calls this for key setup */ - int AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir) - { - return AesSetKey(aes, userKey, keylen, iv, dir); - } - - void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) - { - word32 *enc_key, *iv; - CRYP_InitTypeDef AES_CRYP_InitStructure; - CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; - CRYP_IVInitTypeDef AES_CRYP_IVInitStructure; - - enc_key = aes->key; - iv = aes->reg; - - /* crypto structure initialization */ - CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); - CRYP_StructInit(&AES_CRYP_InitStructure); - CRYP_IVStructInit(&AES_CRYP_IVInitStructure); - - /* reset registers to their default values */ - CRYP_DeInit(); - - /* load key into correct registers */ - switch(aes->rounds) - { - case 10: /* 128-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3]; - break; - - case 12: /* 192-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5]; - break; - - case 14: /* 256-bit key */ - AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; - AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0]; - AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1]; - AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2]; - AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3]; - AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4]; - AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5]; - AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6]; - AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7]; - break; - - default: - break; - } - CRYP_KeyInit(&AES_CRYP_KeyInitStructure); - - /* set iv */ - ByteReverseWords(iv, iv, AES_BLOCK_SIZE); - AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; - AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; - AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2]; - AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3]; - CRYP_IVInit(&AES_CRYP_IVInitStructure); - - /* set direction, mode, and datatype */ - AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; - AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CTR; - AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; - CRYP_Init(&AES_CRYP_InitStructure); - - /* enable crypto processor */ - CRYP_Cmd(ENABLE); - - while (sz > 0) - { - /* flush IN/OUT FIFOs */ - CRYP_FIFOFlush(); - - CRYP_DataIn(*(uint32_t*)&in[0]); - CRYP_DataIn(*(uint32_t*)&in[4]); - CRYP_DataIn(*(uint32_t*)&in[8]); - CRYP_DataIn(*(uint32_t*)&in[12]); - - /* wait until the complete message has been processed */ - while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} - - *(uint32_t*)&out[0] = CRYP_DataOut(); - *(uint32_t*)&out[4] = CRYP_DataOut(); - *(uint32_t*)&out[8] = CRYP_DataOut(); - *(uint32_t*)&out[12] = CRYP_DataOut(); - - /* store iv for next call */ - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - sz -= 16; - in += 16; - out += 16; - } - - /* disable crypto processor */ - CRYP_Cmd(DISABLE); - } - - #endif /* CYASSL_AES_COUNTER */ - -#elif defined(HAVE_COLDFIRE_SEC) - - #include - - #include "sec.h" - #include "mcf5475_sec.h" - #include "mcf5475_siu.h" - - #if defined (HAVE_THREADX) - #include "memory_pools.h" - extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */ - #endif - - #define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 64) - static unsigned char *AESBuffIn = NULL; - static unsigned char *AESBuffOut = NULL; - static byte *secReg; - static byte *secKey; - static volatile SECdescriptorType *secDesc; - - static CyaSSL_Mutex Mutex_AesSEC; - - #define SEC_DESC_AES_CBC_ENCRYPT 0x60300010 - #define SEC_DESC_AES_CBC_DECRYPT 0x60200010 - - extern volatile unsigned char __MBAR[]; - - static int AesCbcCrypt(Aes* aes, byte* po, const byte* pi, word32 sz, - word32 descHeader) - { - #ifdef DEBUG_CYASSL - int i; int stat1, stat2; int ret; - #endif - - int size; - volatile int v; - - if ((pi == NULL) || (po == NULL)) - return BAD_FUNC_ARG; /*wrong pointer*/ - - LockMutex(&Mutex_AesSEC); - - /* Set descriptor for SEC */ - secDesc->length1 = 0x0; - secDesc->pointer1 = NULL; - - secDesc->length2 = AES_BLOCK_SIZE; - secDesc->pointer2 = (byte *)secReg; /* Initial Vector */ - - switch(aes->rounds) { - case 10: secDesc->length3 = 16 ; break ; - case 12: secDesc->length3 = 24 ; break ; - case 14: secDesc->length3 = 32 ; break ; - } - XMEMCPY(secKey, aes->key, secDesc->length3); - - secDesc->pointer3 = (byte *)secKey; - secDesc->pointer4 = AESBuffIn; - secDesc->pointer5 = AESBuffOut; - secDesc->length6 = 0x0; - secDesc->pointer6 = NULL; - secDesc->length7 = 0x0; - secDesc->pointer7 = NULL; - secDesc->nextDescriptorPtr = NULL; - - while (sz) { - secDesc->header = descHeader; - XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE); - if ((sz % AES_BUFFER_SIZE) == sz) { - size = sz; - sz = 0; - } else { - size = AES_BUFFER_SIZE; - sz -= AES_BUFFER_SIZE; - } - secDesc->length4 = size; - secDesc->length5 = size; - - XMEMCPY(AESBuffIn, pi, size); - if(descHeader == SEC_DESC_AES_CBC_DECRYPT) { - XMEMCPY((void*)aes->tmp, (void*)&(pi[size-AES_BLOCK_SIZE]), - AES_BLOCK_SIZE); - } - - /* Point SEC to the location of the descriptor */ - MCF_SEC_FR0 = (uint32)secDesc; - /* Initialize SEC and wait for encryption to complete */ - MCF_SEC_CCCR0 = 0x0000001a; - /* poll SISR to determine when channel is complete */ - v=0; - - while ((secDesc->header>> 24) != 0xff) v++; - - #ifdef DEBUG_CYASSL - ret = MCF_SEC_SISRH; - stat1 = MCF_SEC_AESSR; - stat2 = MCF_SEC_AESISR; - if (ret & 0xe0000000) { - db_printf("Aes_Cbc(i=%d):ISRH=%08x, AESSR=%08x, " - "AESISR=%08x\n", i, ret, stat1, stat2); - } - #endif - - XMEMCPY(po, AESBuffOut, size); - - if (descHeader == SEC_DESC_AES_CBC_ENCRYPT) { - XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]), - AES_BLOCK_SIZE); - } else { - XMEMCPY((void*)aes->reg, (void*)aes->tmp, AES_BLOCK_SIZE); - } - - pi += size; - po += size; - } - - UnLockMutex(&Mutex_AesSEC); - return 0; - } - - int AesCbcEncrypt(Aes* aes, byte* po, const byte* pi, word32 sz) - { - return (AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_ENCRYPT)); - } - - int AesCbcDecrypt(Aes* aes, byte* po, const byte* pi, word32 sz) - { - return (AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_DECRYPT)); - } - - int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, - int dir) - { - if (AESBuffIn == NULL) { - #if defined (HAVE_THREADX) - int s1, s2, s3, s4, s5 ; - s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc, - sizeof(SECdescriptorType), TX_NO_WAIT); - s1 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffIn, - AES_BUFFER_SIZE, TX_NO_WAIT); - s2 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffOut, - AES_BUFFER_SIZE, TX_NO_WAIT); - s3 = tx_byte_allocate(&mp_ncached, (void *)&secKey, - AES_BLOCK_SIZE*2, TX_NO_WAIT); - s4 = tx_byte_allocate(&mp_ncached, (void *)&secReg, - AES_BLOCK_SIZE, TX_NO_WAIT); - - if(s1 || s2 || s3 || s4 || s5) - return BAD_FUNC_ARG; - #else - #warning "Allocate non-Cache buffers" - #endif - - InitMutex(&Mutex_AesSEC); - } - - if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) - return BAD_FUNC_ARG; - - if (aes == NULL) - return BAD_FUNC_ARG; - - aes->rounds = keylen/4 + 6; - XMEMCPY(aes->key, userKey, keylen); - - if (iv) - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - - return 0; - } - -#elif defined FREESCALE_MMCAU - /* - * Freescale mmCAU hardware AES support through the CAU/mmCAU library. - * Documentation located in ColdFire/ColdFire+ CAU and Kinetis mmCAU - * Software Library User Guide (See note in README). - */ - #include "cau_api.h" - - int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, - int dir) - { - byte *rk = (byte*)aes->key; - - if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) - return BAD_FUNC_ARG; - - if (rk == NULL) - return BAD_FUNC_ARG; - - aes->rounds = keylen/4 + 6; - cau_aes_set_key(userKey, keylen*8, rk); - - return AesSetIV(aes, iv); - } - - int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) - { - int i; - int offset = 0; - int len = sz; - - byte *iv, *enc_key; - byte temp_block[AES_BLOCK_SIZE]; - - iv = (byte*)aes->reg; - enc_key = (byte*)aes->key; - - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_aes_encrypt alignment"); - return BAD_ALIGN_E; - } - - while (len > 0) - { - XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); - - /* XOR block with IV for CBC */ - for (i = 0; i < AES_BLOCK_SIZE; i++) - temp_block[i] ^= iv[i]; - - cau_aes_encrypt(temp_block, enc_key, aes->rounds, out + offset); - - len -= AES_BLOCK_SIZE; - offset += AES_BLOCK_SIZE; - - /* store IV for next block */ - XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - } - - return 0; - } - - int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) - { - int i; - int offset = 0; - int len = sz; - - byte* iv, *dec_key; - byte temp_block[AES_BLOCK_SIZE]; - - iv = (byte*)aes->reg; - dec_key = (byte*)aes->key; - - if ((word)out % CYASSL_MMCAU_ALIGNMENT) { - CYASSL_MSG("Bad cau_aes_decrypt alignment"); - return BAD_ALIGN_E; - } - - while (len > 0) - { - XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); - - cau_aes_decrypt(in + offset, dec_key, aes->rounds, out + offset); - - /* XOR block with IV for CBC */ - for (i = 0; i < AES_BLOCK_SIZE; i++) - (out + offset)[i] ^= iv[i]; - - /* store IV for next block */ - XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); - - len -= AES_BLOCK_SIZE; - offset += AES_BLOCK_SIZE; - } - - return 0; - } - - -#else /* CTaoCrypt software implementation */ +#ifdef NEED_AES_TABLES static const word32 rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ }; - static const word32 Te[5][256] = { { 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, @@ -1219,7 +437,6 @@ static const word32 Te[5][256] = { } }; - static const word32 Td[5][256] = { { 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, @@ -1554,10 +771,8 @@ static const word32 Td[5][256] = { } }; - #define GETBYTE(x, y) (word32)((byte)((x) >> (8 * (y)))) - #ifdef CYASSL_AESNI /* Each platform needs to query info type 1 from cpuid to see if aesni is @@ -1581,7 +796,7 @@ static const word32 Td[5][256] = { #endif /* _MSC_VER */ - + static int Check_CPU_support_AES(void) { unsigned int reg[4]; /* put a,b,c,d into 0,1,2,3 */ @@ -1619,25 +834,25 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long length, const unsigned char* KS, int nr) XASM_LINK("AES_ECB_decrypt"); -void AES_128_Key_Expansion(const unsigned char* userkey, +void AES_128_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) XASM_LINK("AES_128_Key_Expansion"); -void AES_192_Key_Expansion(const unsigned char* userkey, +void AES_192_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) XASM_LINK("AES_192_Key_Expansion"); -void AES_256_Key_Expansion(const unsigned char* userkey, +void AES_256_Key_Expansion(const unsigned char* userkey, unsigned char* key_schedule) XASM_LINK("AES_256_Key_Expansion"); static int AES_set_encrypt_key(const unsigned char *userKey, const int bits, Aes* aes) -{ +{ if (!userKey || !aes) return BAD_FUNC_ARG; - + if (bits == 128) { AES_128_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 10; return 0; @@ -1661,7 +876,7 @@ static int AES_set_decrypt_key(const unsigned char* userKey, const int bits, Aes temp_key; __m128i *Key_Schedule = (__m128i*)aes->key; __m128i *Temp_Key_Schedule = (__m128i*)temp_key.key; - + if (!userKey || !aes) return BAD_FUNC_ARG; @@ -1681,7 +896,7 @@ static int AES_set_decrypt_key(const unsigned char* userKey, const int bits, Key_Schedule[nr-7] = _mm_aesimc_si128(Temp_Key_Schedule[7]); Key_Schedule[nr-8] = _mm_aesimc_si128(Temp_Key_Schedule[8]); Key_Schedule[nr-9] = _mm_aesimc_si128(Temp_Key_Schedule[9]); - + if(nr>10) { Key_Schedule[nr-10] = _mm_aesimc_si128(Temp_Key_Schedule[10]); Key_Schedule[nr-11] = _mm_aesimc_si128(Temp_Key_Schedule[11]); @@ -1693,7 +908,7 @@ static int AES_set_decrypt_key(const unsigned char* userKey, const int bits, } Key_Schedule[0] = Temp_Key_Schedule[nr]; - + return 0; } @@ -1702,189 +917,6 @@ static int AES_set_decrypt_key(const unsigned char* userKey, const int bits, #endif /* CYASSL_AESNI */ -static int AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir) -{ - word32 temp, *rk = aes->key; - unsigned int i = 0; - - #ifdef CYASSL_AESNI - aes->use_aesni = 0; - #endif /* CYASSL_AESNI */ - #ifdef CYASSL_AES_COUNTER - aes->left = 0; - #endif /* CYASSL_AES_COUNTER */ - - aes->rounds = keylen/4 + 6; - - XMEMCPY(rk, userKey, keylen); - #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords(rk, rk, keylen); - #endif - -#ifdef CYASSL_PIC32MZ_CRYPT - { - word32 *akey1 = aes->key_ce; - word32 *areg = aes->iv_ce ; - aes->keylen = keylen ; - XMEMCPY(akey1, userKey, keylen); - if (iv) - XMEMCPY(areg, iv, AES_BLOCK_SIZE); - else - XMEMSET(areg, 0, AES_BLOCK_SIZE); - } -#endif - - switch(keylen) - { - case 16: - while (1) - { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^ - (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^ - (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^ - (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) - break; - rk += 4; - } - break; - - case 24: - while (1) /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */ - { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^ - (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^ - (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^ - (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) - break; - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - break; - - case 32: - while (1) - { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^ - (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^ - (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^ - (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) - break; - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te[4][GETBYTE(temp, 3)] & 0xff000000) ^ - (Te[4][GETBYTE(temp, 2)] & 0x00ff0000) ^ - (Te[4][GETBYTE(temp, 1)] & 0x0000ff00) ^ - (Te[4][GETBYTE(temp, 0)] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - - rk += 8; - } - break; - - default: - return BAD_FUNC_ARG; - } - - if (dir == AES_DECRYPTION) - { - unsigned int j; - rk = aes->key; - - /* invert the order of the round keys: */ - for (i = 0, j = 4* aes->rounds; i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the - first and the last: */ - for (i = 1; i < aes->rounds; i++) { - rk += 4; - rk[0] = - Td[0][Te[4][GETBYTE(rk[0], 3)] & 0xff] ^ - Td[1][Te[4][GETBYTE(rk[0], 2)] & 0xff] ^ - Td[2][Te[4][GETBYTE(rk[0], 1)] & 0xff] ^ - Td[3][Te[4][GETBYTE(rk[0], 0)] & 0xff]; - rk[1] = - Td[0][Te[4][GETBYTE(rk[1], 3)] & 0xff] ^ - Td[1][Te[4][GETBYTE(rk[1], 2)] & 0xff] ^ - Td[2][Te[4][GETBYTE(rk[1], 1)] & 0xff] ^ - Td[3][Te[4][GETBYTE(rk[1], 0)] & 0xff]; - rk[2] = - Td[0][Te[4][GETBYTE(rk[2], 3)] & 0xff] ^ - Td[1][Te[4][GETBYTE(rk[2], 2)] & 0xff] ^ - Td[2][Te[4][GETBYTE(rk[2], 1)] & 0xff] ^ - Td[3][Te[4][GETBYTE(rk[2], 0)] & 0xff]; - rk[3] = - Td[0][Te[4][GETBYTE(rk[3], 3)] & 0xff] ^ - Td[1][Te[4][GETBYTE(rk[3], 2)] & 0xff] ^ - Td[2][Te[4][GETBYTE(rk[3], 1)] & 0xff] ^ - Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff]; - } - } - - return AesSetIV(aes, iv); -} - - -int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, - int dir) -{ - - if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) - return BAD_FUNC_ARG; - -#ifdef HAVE_CAVIUM - if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) - return AesCaviumSetKey(aes, userKey, keylen, iv); -#endif - -#ifdef CYASSL_AESNI - if (checkAESNI == 0) { - haveAESNI = Check_CPU_support_AES(); - checkAESNI = 1; - } - if (haveAESNI) { - aes->use_aesni = 1; - if (iv) - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - if (dir == AES_ENCRYPTION) - return AES_set_encrypt_key(userKey, keylen * 8, aes); - else - return AES_set_decrypt_key(userKey, keylen * 8, aes); - } -#endif /* CYASSL_AESNI */ - - return AesSetKeyLocal(aes, userKey, keylen, iv, dir); -} - - static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) { word32 s0, s1, s2, s3; @@ -1958,7 +990,7 @@ static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) s1 ^= rk[1]; s2 ^= rk[2]; s3 ^= rk[3]; - + /* * Nr - 1 full rounds: */ @@ -1993,7 +1025,7 @@ static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) if (--r == 0) { break; } - + s0 = Te[0][GETBYTE(t0, 3)] ^ Te[1][GETBYTE(t1, 2)] ^ @@ -2064,7 +1096,6 @@ static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3)); } - static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) { word32 s0, s1, s2, s3; @@ -2120,7 +1151,7 @@ static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) s1 ^= rk[1]; s2 ^= rk[2]; s3 ^= rk[3]; - + /* * Nr - 1 full rounds: */ @@ -2224,203 +1255,1227 @@ static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) XMEMCPY(outBlock + 3 * sizeof(s0), &s3, sizeof(s3)); } -#ifndef HAVE_AES_ENGINE -int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) -{ - word32 blocks = sz / AES_BLOCK_SIZE; +#endif /* NEED_AES_TABLES */ -#ifdef HAVE_CAVIUM - if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) - return AesCaviumCbcEncrypt(aes, out, in, sz); -#endif -#ifdef CYASSL_AESNI - if (haveAESNI) { - #ifdef DEBUG_AESNI - printf("about to aes cbc encrypt\n"); - printf("in = %p\n", in); - printf("out = %p\n", out); - printf("aes->key = %p\n", aes->key); - printf("aes->reg = %p\n", aes->reg); - printf("aes->rounds = %d\n", aes->rounds); - printf("sz = %d\n", sz); - #endif +/* AesSetKey */ +#ifdef STM32F2_CRYPTO + int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, + int dir) + { + word32 *rk = aes->key; - /* check alignment, decrypt doesn't need alignment */ - if ((word)in % 16) { - #ifndef NO_CYASSL_ALLOC_ALIGN - byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - CYASSL_MSG("AES-CBC encrypt with bad alignment"); - if (tmp == NULL) return MEMORY_E; + if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) + return BAD_FUNC_ARG; - XMEMCPY(tmp, in, sz); - AES_CBC_encrypt(tmp, tmp, (byte*)aes->reg, sz, (byte*)aes->key, - aes->rounds); - /* store iv for next call */ - XMEMCPY(aes->reg, tmp + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + aes->rounds = keylen/4 + 6; + XMEMCPY(rk, userKey, keylen); + ByteReverseWords(rk, rk, keylen); - XMEMCPY(out, tmp, sz); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 0; - #else - return BAD_ALIGN_E; - #endif + return AesSetIV(aes, iv); + } + + int AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return AesSetKey(aes, userKey, keylen, iv, dir); + } + +#elif defined(HAVE_COLDFIRE_SEC) + #if defined (HAVE_THREADX) + #include "memory_pools.h" + extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */ + #endif + + #define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 64) + static unsigned char *AESBuffIn = NULL; + static unsigned char *AESBuffOut = NULL; + static byte *secReg; + static byte *secKey; + static volatile SECdescriptorType *secDesc; + + static CyaSSL_Mutex Mutex_AesSEC; + + #define SEC_DESC_AES_CBC_ENCRYPT 0x60300010 + #define SEC_DESC_AES_CBC_DECRYPT 0x60200010 + + extern volatile unsigned char __MBAR[]; + + int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, + int dir) + { + if (AESBuffIn == NULL) { + #if defined (HAVE_THREADX) + int s1, s2, s3, s4, s5 ; + s5 = tx_byte_allocate(&mp_ncached,(void *)&secDesc, + sizeof(SECdescriptorType), TX_NO_WAIT); + s1 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffIn, + AES_BUFFER_SIZE, TX_NO_WAIT); + s2 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffOut, + AES_BUFFER_SIZE, TX_NO_WAIT); + s3 = tx_byte_allocate(&mp_ncached, (void *)&secKey, + AES_BLOCK_SIZE*2, TX_NO_WAIT); + s4 = tx_byte_allocate(&mp_ncached, (void *)&secReg, + AES_BLOCK_SIZE, TX_NO_WAIT); + + if(s1 || s2 || s3 || s4 || s5) + return BAD_FUNC_ARG; + #else + #warning "Allocate non-Cache buffers" + #endif + + InitMutex(&Mutex_AesSEC); } - AES_CBC_encrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key, - aes->rounds); - /* store iv for next call */ - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) + return BAD_FUNC_ARG; + + if (aes == NULL) + return BAD_FUNC_ARG; + + aes->rounds = keylen/4 + 6; + XMEMCPY(aes->key, userKey, keylen); + + if (iv) + XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); return 0; } -#endif +#elif defined(FREESCALE_MMCAU) + int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, + int dir) + { + byte *rk = (byte*)aes->key; - while (blocks--) { - xorbuf((byte*)aes->reg, in, AES_BLOCK_SIZE); - AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->reg); - XMEMCPY(out, aes->reg, AES_BLOCK_SIZE); + if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) + return BAD_FUNC_ARG; - out += AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; + if (rk == NULL) + return BAD_FUNC_ARG; + + aes->rounds = keylen/4 + 6; + cau_aes_set_key(userKey, keylen*8, rk); + + return AesSetIV(aes, iv); } - return 0; -} + int AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return AesSetKey(aes, userKey, keylen, iv, dir); + } +#else + static int AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + word32 temp, *rk = aes->key; + unsigned int i = 0; + #ifdef CYASSL_AESNI + aes->use_aesni = 0; + #endif /* CYASSL_AESNI */ + #ifdef CYASSL_AES_COUNTER + aes->left = 0; + #endif /* CYASSL_AES_COUNTER */ -int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) -{ - word32 blocks = sz / AES_BLOCK_SIZE; + aes->rounds = keylen/4 + 6; -#ifdef HAVE_CAVIUM - if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) - return AesCaviumCbcDecrypt(aes, out, in, sz); -#endif - -#ifdef CYASSL_AESNI - if (haveAESNI) { - #ifdef DEBUG_AESNI - printf("about to aes cbc decrypt\n"); - printf("in = %p\n", in); - printf("out = %p\n", out); - printf("aes->key = %p\n", aes->key); - printf("aes->reg = %p\n", aes->reg); - printf("aes->rounds = %d\n", aes->rounds); - printf("sz = %d\n", sz); + XMEMCPY(rk, userKey, keylen); + #ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords(rk, rk, keylen); #endif - /* if input and output same will overwrite input iv */ - XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - AES_CBC_decrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key, - aes->rounds); - /* store iv for next call */ - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); - return 0; - } -#endif + #ifdef CYASSL_PIC32MZ_CRYPT + { + word32 *akey1 = aes->key_ce; + word32 *areg = aes->iv_ce ; + aes->keylen = keylen ; + XMEMCPY(akey1, userKey, keylen); + if (iv) + XMEMCPY(areg, iv, AES_BLOCK_SIZE); + else + XMEMSET(areg, 0, AES_BLOCK_SIZE); + } + #endif - while (blocks--) { - XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE); - AesDecrypt(aes, (byte*)aes->tmp, out); - xorbuf(out, (byte*)aes->reg, AES_BLOCK_SIZE); - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + switch(keylen) + { + case 16: + while (1) + { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^ + (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^ + (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^ + (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) + break; + rk += 4; + } + break; - out += AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; + case 24: + /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */ + while (1) + { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^ + (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^ + (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^ + (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) + break; + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + break; + + case 32: + while (1) + { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + (Te[4][GETBYTE(temp, 2)] & 0xff000000) ^ + (Te[4][GETBYTE(temp, 1)] & 0x00ff0000) ^ + (Te[4][GETBYTE(temp, 0)] & 0x0000ff00) ^ + (Te[4][GETBYTE(temp, 3)] & 0x000000ff) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) + break; + temp = rk[11]; + rk[12] = rk[ 4] ^ + (Te[4][GETBYTE(temp, 3)] & 0xff000000) ^ + (Te[4][GETBYTE(temp, 2)] & 0x00ff0000) ^ + (Te[4][GETBYTE(temp, 1)] & 0x0000ff00) ^ + (Te[4][GETBYTE(temp, 0)] & 0x000000ff); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; + + rk += 8; + } + break; + + default: + return BAD_FUNC_ARG; + } + + if (dir == AES_DECRYPTION) + { + unsigned int j; + rk = aes->key; + + /* invert the order of the round keys: */ + for (i = 0, j = 4* aes->rounds; i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the + first and the last: */ + for (i = 1; i < aes->rounds; i++) { + rk += 4; + rk[0] = + Td[0][Te[4][GETBYTE(rk[0], 3)] & 0xff] ^ + Td[1][Te[4][GETBYTE(rk[0], 2)] & 0xff] ^ + Td[2][Te[4][GETBYTE(rk[0], 1)] & 0xff] ^ + Td[3][Te[4][GETBYTE(rk[0], 0)] & 0xff]; + rk[1] = + Td[0][Te[4][GETBYTE(rk[1], 3)] & 0xff] ^ + Td[1][Te[4][GETBYTE(rk[1], 2)] & 0xff] ^ + Td[2][Te[4][GETBYTE(rk[1], 1)] & 0xff] ^ + Td[3][Te[4][GETBYTE(rk[1], 0)] & 0xff]; + rk[2] = + Td[0][Te[4][GETBYTE(rk[2], 3)] & 0xff] ^ + Td[1][Te[4][GETBYTE(rk[2], 2)] & 0xff] ^ + Td[2][Te[4][GETBYTE(rk[2], 1)] & 0xff] ^ + Td[3][Te[4][GETBYTE(rk[2], 0)] & 0xff]; + rk[3] = + Td[0][Te[4][GETBYTE(rk[3], 3)] & 0xff] ^ + Td[1][Te[4][GETBYTE(rk[3], 2)] & 0xff] ^ + Td[2][Te[4][GETBYTE(rk[3], 1)] & 0xff] ^ + Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff]; + } + } + + return AesSetIV(aes, iv); } + int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, + int dir) + { + + if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) + return BAD_FUNC_ARG; + + #ifdef HAVE_CAVIUM + if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) + return AesCaviumSetKey(aes, userKey, keylen, iv); + #endif + + #ifdef CYASSL_AESNI + if (checkAESNI == 0) { + haveAESNI = Check_CPU_support_AES(); + checkAESNI = 1; + } + if (haveAESNI) { + aes->use_aesni = 1; + if (iv) + XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + if (dir == AES_ENCRYPTION) + return AES_set_encrypt_key(userKey, keylen * 8, aes); + else + return AES_set_decrypt_key(userKey, keylen * 8, aes); + } + #endif /* CYASSL_AESNI */ + + return AesSetKeyLocal(aes, userKey, keylen, iv, dir); + } + + #if defined(CYASSL_AES_DIRECT) || defined(CYASSL_AES_COUNTER) + + /* AES-CTR and AES-DIRECT need to use this for key setup, no aesni yet */ + int AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return AesSetKeyLocal(aes, userKey, keylen, iv, dir); + } + + #endif /* CYASSL_AES_DIRECT || CYASSL_AES_COUNTER */ +#endif /* STM32F2_CRYPTO, AesSetKey block */ + + +/* AesSetIV is shared between software and hardware */ +int AesSetIV(Aes* aes, const byte* iv) +{ + if (aes == NULL) + return BAD_FUNC_ARG; + + if (iv) + XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + else + XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); + return 0; } -#endif - -#ifdef CYASSL_AES_DIRECT - -/* Allow direct access to one block encrypt */ -void AesEncryptDirect(Aes* aes, byte* out, const byte* in) -{ - return AesEncrypt(aes, in, out); -} -/* Allow direct access to one block decrypt */ -void AesDecryptDirect(Aes* aes, byte* out, const byte* in) -{ - return AesDecrypt(aes, in, out); -} +/* AES-DIRECT */ +#if defined(CYASSL_AES_DIRECT) + #if defined(FREESCALE_MMCAU) + /* Allow direct access to one block encrypt */ + void AesEncryptDirect(Aes* aes, byte* out, const byte* in) + { + byte* key; + key = (byte*)aes->key; + return cau_aes_encrypt(in, key, aes->rounds, out); + } + + /* Allow direct access to one block decrypt */ + void AesDecryptDirect(Aes* aes, byte* out, const byte* in) + { + byte* key; + key = (byte*)aes->key; + + return cau_aes_decrypt(in, key, aes->rounds, out); + } + + #elif defined(STM32F2_CRYPTO) + #error "STM32F2 crypto doesn't yet support AES direct" + + #elif defined(HAVE_COLDFIRE_SEC) + #error "Coldfire SEC doesn't yet support AES direct" + + #elif defined(CYASSL_PIC32MZ_CRYPT) + #error "PIC32MZ doesn't yet support AES direct" + + #else + /* Allow direct access to one block encrypt */ + void AesEncryptDirect(Aes* aes, byte* out, const byte* in) + { + return AesEncrypt(aes, in, out); + } + + /* Allow direct access to one block decrypt */ + void AesDecryptDirect(Aes* aes, byte* out, const byte* in) + { + return AesDecrypt(aes, in, out); + } + + #endif /* FREESCALE_MMCAU, AES direct block */ #endif /* CYASSL_AES_DIRECT */ -#if defined(CYASSL_AES_DIRECT) || defined(CYASSL_AES_COUNTER) +/* AES-CBC */ +#ifdef STM32F2_CRYPTO + int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + word32 *enc_key, *iv; + CRYP_InitTypeDef AES_CRYP_InitStructure; + CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; + CRYP_IVInitTypeDef AES_CRYP_IVInitStructure; -/* AES-CTR and AES-DIRECT need to use this for key setup, no aesni yet */ -int AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir) -{ - return AesSetKeyLocal(aes, userKey, keylen, iv, dir); -} + enc_key = aes->key; + iv = aes->reg; -#endif /* CYASSL_AES_DIRECT || CYASSL_AES_COUNTER */ + /* crypto structure initialization */ + CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); + CRYP_StructInit(&AES_CRYP_InitStructure); + CRYP_IVStructInit(&AES_CRYP_IVInitStructure); + /* reset registers to their default values */ + CRYP_DeInit(); -#if defined(CYASSL_AES_COUNTER) && !defined(HAVE_AES_ENGINE) + /* load key into correct registers */ + switch(aes->rounds) + { + case 10: /* 128-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3]; + break; -/* Increment AES counter */ -static INLINE void IncrementAesCounter(byte* inOutCtr) -{ - int i; + case 12: /* 192-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; + AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5]; + break; - /* in network byte order so start at end and work back */ - for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) { - if (++inOutCtr[i]) /* we're done unless we overflow */ - return; - } -} - + case 14: /* 256-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; + AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3]; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7]; + break; -void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) -{ - byte* tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; - - /* consume any unused bytes left in aes->tmp */ - while (aes->left && sz) { - *(out++) = *(in++) ^ *(tmp++); - aes->left--; - sz--; - } - - /* do as many block size ops as possible */ - while (sz >= AES_BLOCK_SIZE) { - AesEncrypt(aes, (byte*)aes->reg, out); - IncrementAesCounter((byte*)aes->reg); - xorbuf(out, in, AES_BLOCK_SIZE); - - out += AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - sz -= AES_BLOCK_SIZE; - aes->left = 0; - } - - /* handle non block size remaining and sotre unused byte count in left */ - if (sz) { - AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp); - IncrementAesCounter((byte*)aes->reg); - - aes->left = AES_BLOCK_SIZE; - tmp = (byte*)aes->tmp; - - while (sz--) { - *(out++) = *(in++) ^ *(tmp++); - aes->left--; + default: + break; } + CRYP_KeyInit(&AES_CRYP_KeyInitStructure); + + /* set iv */ + ByteReverseWords(iv, iv, AES_BLOCK_SIZE); + AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; + AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; + AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2]; + AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3]; + CRYP_IVInit(&AES_CRYP_IVInitStructure); + + /* set direction, mode, and datatype */ + AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; + AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC; + AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; + CRYP_Init(&AES_CRYP_InitStructure); + + /* enable crypto processor */ + CRYP_Cmd(ENABLE); + + while (sz > 0) + { + /* flush IN/OUT FIFOs */ + CRYP_FIFOFlush(); + + CRYP_DataIn(*(uint32_t*)&in[0]); + CRYP_DataIn(*(uint32_t*)&in[4]); + CRYP_DataIn(*(uint32_t*)&in[8]); + CRYP_DataIn(*(uint32_t*)&in[12]); + + /* wait until the complete message has been processed */ + while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} + + *(uint32_t*)&out[0] = CRYP_DataOut(); + *(uint32_t*)&out[4] = CRYP_DataOut(); + *(uint32_t*)&out[8] = CRYP_DataOut(); + *(uint32_t*)&out[12] = CRYP_DataOut(); + + /* store iv for next call */ + XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + sz -= 16; + in += 16; + out += 16; + } + + /* disable crypto processor */ + CRYP_Cmd(DISABLE); + + return 0; } -} + + int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + word32 *dec_key, *iv; + CRYP_InitTypeDef AES_CRYP_InitStructure; + CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; + CRYP_IVInitTypeDef AES_CRYP_IVInitStructure; + + dec_key = aes->key; + iv = aes->reg; + + /* crypto structure initialization */ + CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); + CRYP_StructInit(&AES_CRYP_InitStructure); + CRYP_IVStructInit(&AES_CRYP_IVInitStructure); + + /* if input and output same will overwrite input iv */ + XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + /* reset registers to their default values */ + CRYP_DeInit(); + + /* load key into correct registers */ + switch(aes->rounds) + { + case 10: /* 128-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[3]; + break; + + case 12: /* 192-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; + AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[3]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[4]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[5]; + break; + + case 14: /* 256-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; + AES_CRYP_KeyInitStructure.CRYP_Key0Left = dec_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key0Right = dec_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key1Left = dec_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key1Right = dec_key[3]; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = dec_key[4]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = dec_key[5]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = dec_key[6]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = dec_key[7]; + break; + + default: + break; + } + + /* set direction, mode, and datatype for key preparation */ + AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; + AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_Key; + AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_32b; + CRYP_Init(&AES_CRYP_InitStructure); + CRYP_KeyInit(&AES_CRYP_KeyInitStructure); + + /* enable crypto processor */ + CRYP_Cmd(ENABLE); + + /* wait until key has been prepared */ + while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} + + /* set direction, mode, and datatype for decryption */ + AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Decrypt; + AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CBC; + AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; + CRYP_Init(&AES_CRYP_InitStructure); + + /* set iv */ + ByteReverseWords(iv, iv, AES_BLOCK_SIZE); + + AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; + AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; + AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2]; + AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3]; + CRYP_IVInit(&AES_CRYP_IVInitStructure); + + /* enable crypto processor */ + CRYP_Cmd(ENABLE); + + while (sz > 0) + { + /* flush IN/OUT FIFOs */ + CRYP_FIFOFlush(); + + CRYP_DataIn(*(uint32_t*)&in[0]); + CRYP_DataIn(*(uint32_t*)&in[4]); + CRYP_DataIn(*(uint32_t*)&in[8]); + CRYP_DataIn(*(uint32_t*)&in[12]); + + /* wait until the complete message has been processed */ + while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} + + *(uint32_t*)&out[0] = CRYP_DataOut(); + *(uint32_t*)&out[4] = CRYP_DataOut(); + *(uint32_t*)&out[8] = CRYP_DataOut(); + *(uint32_t*)&out[12] = CRYP_DataOut(); + + /* store iv for next call */ + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + + sz -= 16; + in += 16; + out += 16; + } + + /* disable crypto processor */ + CRYP_Cmd(DISABLE); + + return 0; + } + +#elif defined(HAVE_COLDFIRE_SEC) + static int AesCbcCrypt(Aes* aes, byte* po, const byte* pi, word32 sz, + word32 descHeader) + { + #ifdef DEBUG_CYASSL + int i; int stat1, stat2; int ret; + #endif + + int size; + volatile int v; + + if ((pi == NULL) || (po == NULL)) + return BAD_FUNC_ARG; /*wrong pointer*/ + + LockMutex(&Mutex_AesSEC); + + /* Set descriptor for SEC */ + secDesc->length1 = 0x0; + secDesc->pointer1 = NULL; + + secDesc->length2 = AES_BLOCK_SIZE; + secDesc->pointer2 = (byte *)secReg; /* Initial Vector */ + + switch(aes->rounds) { + case 10: secDesc->length3 = 16 ; break ; + case 12: secDesc->length3 = 24 ; break ; + case 14: secDesc->length3 = 32 ; break ; + } + XMEMCPY(secKey, aes->key, secDesc->length3); + + secDesc->pointer3 = (byte *)secKey; + secDesc->pointer4 = AESBuffIn; + secDesc->pointer5 = AESBuffOut; + secDesc->length6 = 0x0; + secDesc->pointer6 = NULL; + secDesc->length7 = 0x0; + secDesc->pointer7 = NULL; + secDesc->nextDescriptorPtr = NULL; + + while (sz) { + secDesc->header = descHeader; + XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE); + if ((sz % AES_BUFFER_SIZE) == sz) { + size = sz; + sz = 0; + } else { + size = AES_BUFFER_SIZE; + sz -= AES_BUFFER_SIZE; + } + secDesc->length4 = size; + secDesc->length5 = size; + + XMEMCPY(AESBuffIn, pi, size); + if(descHeader == SEC_DESC_AES_CBC_DECRYPT) { + XMEMCPY((void*)aes->tmp, (void*)&(pi[size-AES_BLOCK_SIZE]), + AES_BLOCK_SIZE); + } + + /* Point SEC to the location of the descriptor */ + MCF_SEC_FR0 = (uint32)secDesc; + /* Initialize SEC and wait for encryption to complete */ + MCF_SEC_CCCR0 = 0x0000001a; + /* poll SISR to determine when channel is complete */ + v=0; + + while ((secDesc->header>> 24) != 0xff) v++; + + #ifdef DEBUG_CYASSL + ret = MCF_SEC_SISRH; + stat1 = MCF_SEC_AESSR; + stat2 = MCF_SEC_AESISR; + if (ret & 0xe0000000) { + db_printf("Aes_Cbc(i=%d):ISRH=%08x, AESSR=%08x, " + "AESISR=%08x\n", i, ret, stat1, stat2); + } + #endif + + XMEMCPY(po, AESBuffOut, size); + + if (descHeader == SEC_DESC_AES_CBC_ENCRYPT) { + XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]), + AES_BLOCK_SIZE); + } else { + XMEMCPY((void*)aes->reg, (void*)aes->tmp, AES_BLOCK_SIZE); + } + + pi += size; + po += size; + } + + UnLockMutex(&Mutex_AesSEC); + return 0; + } + + int AesCbcEncrypt(Aes* aes, byte* po, const byte* pi, word32 sz) + { + return (AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_ENCRYPT)); + } + + int AesCbcDecrypt(Aes* aes, byte* po, const byte* pi, word32 sz) + { + return (AesCbcCrypt(aes, po, pi, sz, SEC_DESC_AES_CBC_DECRYPT)); + } + +#elif defined(FREESCALE_MMCAU) + int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + + byte *iv, *enc_key; + byte temp_block[AES_BLOCK_SIZE]; + + iv = (byte*)aes->reg; + enc_key = (byte*)aes->key; + + if ((word)out % CYASSL_MMCAU_ALIGNMENT) { + CYASSL_MSG("Bad cau_aes_encrypt alignment"); + return BAD_ALIGN_E; + } + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); + + /* XOR block with IV for CBC */ + for (i = 0; i < AES_BLOCK_SIZE; i++) + temp_block[i] ^= iv[i]; + + cau_aes_encrypt(temp_block, enc_key, aes->rounds, out + offset); + + len -= AES_BLOCK_SIZE; + offset += AES_BLOCK_SIZE; + + /* store IV for next block */ + XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + } + + return 0; + } + + int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + int i; + int offset = 0; + int len = sz; + + byte* iv, *dec_key; + byte temp_block[AES_BLOCK_SIZE]; + + iv = (byte*)aes->reg; + dec_key = (byte*)aes->key; + + if ((word)out % CYASSL_MMCAU_ALIGNMENT) { + CYASSL_MSG("Bad cau_aes_decrypt alignment"); + return BAD_ALIGN_E; + } + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); + + cau_aes_decrypt(in + offset, dec_key, aes->rounds, out + offset); + + /* XOR block with IV for CBC */ + for (i = 0; i < AES_BLOCK_SIZE; i++) + (out + offset)[i] ^= iv[i]; + + /* store IV for next block */ + XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); + + len -= AES_BLOCK_SIZE; + offset += AES_BLOCK_SIZE; + } + + return 0; + } + +#elif defined(CYASSL_PIC32MZ_CRYPT) + /* core hardware crypt engine driver */ + static void AesCrypt(Aes *aes, byte* out, const byte* in, word32 sz, + int dir, int algo, int cryptoalgo) + { + securityAssociation *sa_p ; + bufferDescriptor *bd_p ; + + volatile securityAssociation sa __attribute__((aligned (8))); + volatile bufferDescriptor bd __attribute__((aligned (8))); + volatile int k ; + + /* get uncached address */ + sa_p = KVA0_TO_KVA1(&sa) ; + bd_p = KVA0_TO_KVA1(&bd) ; + + /* Sync cache and physical memory */ + if(PIC32MZ_IF_RAM(in)) { + XMEMCPY((void *)KVA0_TO_KVA1(in), (void *)in, sz); + } + XMEMSET((void *)KVA0_TO_KVA1(out), 0, sz); + /* Set up the Security Association */ + XMEMSET((byte *)KVA0_TO_KVA1(&sa), 0, sizeof(sa)); + sa_p->SA_CTRL.ALGO = algo ; /* AES */ + sa_p->SA_CTRL.LNC = 1; + sa_p->SA_CTRL.LOADIV = 1; + sa_p->SA_CTRL.FB = 1; + sa_p->SA_CTRL.ENCTYPE = dir ; /* Encryption/Decryption */ + sa_p->SA_CTRL.CRYPTOALGO = cryptoalgo; + + if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM){ + switch(aes->keylen) { + case 32: + sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_256 ; + break ; + case 24: + sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_192 ; + break ; + case 16: + sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ; + break ; + } + } else + sa_p->SA_CTRL.KEYSIZE = PIC32_AES_KEYSIZE_128 ; + + ByteReverseWords( + (word32 *)KVA0_TO_KVA1(sa.SA_ENCKEY + 8 - aes->keylen/sizeof(word32)), + (word32 *)aes->key_ce, aes->keylen); + ByteReverseWords( + (word32*)KVA0_TO_KVA1(sa.SA_ENCIV), (word32 *)aes->iv_ce, 16); + + XMEMSET((byte *)KVA0_TO_KVA1(&bd), 0, sizeof(bd)); + /* Set up the Buffer Descriptor */ + bd_p->BD_CTRL.BUFLEN = sz; + if(cryptoalgo == PIC32_CRYPTOALGO_AES_GCM) { + if(sz % 0x10) + bd_p->BD_CTRL.BUFLEN = (sz/0x10 + 1) * 0x10 ; + } + bd_p->BD_CTRL.LIFM = 1; + bd_p->BD_CTRL.SA_FETCH_EN = 1; + bd_p->BD_CTRL.LAST_BD = 1; + bd_p->BD_CTRL.DESC_EN = 1; + + bd_p->SA_ADDR = (unsigned int)KVA_TO_PA(&sa) ; + bd_p->SRCADDR = (unsigned int)KVA_TO_PA(in) ; + bd_p->DSTADDR = (unsigned int)KVA_TO_PA(out); + bd_p->MSGLEN = sz ; + + CECON = 1 << 6; + while (CECON); + + /* Run the engine */ + CEBDPADDR = (unsigned int)KVA_TO_PA(&bd) ; + CEINTEN = 0x07; + CECON = 0x27; + + WAIT_ENGINE ; + + if((cryptoalgo == PIC32_CRYPTOALGO_CBC) || + (cryptoalgo == PIC32_CRYPTOALGO_TCBC)|| + (cryptoalgo == PIC32_CRYPTOALGO_RCBC)) { + /* set iv for the next call */ + if(dir == PIC32_ENCRYPTION) { + XMEMCPY((void *)aes->iv_ce, + (void*)KVA0_TO_KVA1(out + sz - AES_BLOCK_SIZE), + AES_BLOCK_SIZE) ; + } else { + ByteReverseWords((word32*)aes->iv_ce, + (word32 *)KVA0_TO_KVA1(in + sz - AES_BLOCK_SIZE), + AES_BLOCK_SIZE); + } + } + XMEMCPY((byte *)out, (byte *)KVA0_TO_KVA1(out), sz) ; + ByteReverseWords((word32*)out, (word32 *)out, sz); + } + + int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + AesCrypt(aes, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_AES, + PIC32_CRYPTOALGO_RCBC ); + return 0 ; + } + + int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + AesCrypt(aes, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_AES, + PIC32_CRYPTOALGO_RCBC); + return 0 ; + } + +#else + int AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + word32 blocks = sz / AES_BLOCK_SIZE; + + #ifdef HAVE_CAVIUM + if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) + return AesCaviumCbcEncrypt(aes, out, in, sz); + #endif + + #ifdef CYASSL_AESNI + if (haveAESNI) { + #ifdef DEBUG_AESNI + printf("about to aes cbc encrypt\n"); + printf("in = %p\n", in); + printf("out = %p\n", out); + printf("aes->key = %p\n", aes->key); + printf("aes->reg = %p\n", aes->reg); + printf("aes->rounds = %d\n", aes->rounds); + printf("sz = %d\n", sz); + #endif + + /* check alignment, decrypt doesn't need alignment */ + if ((word)in % 16) { + #ifndef NO_CYASSL_ALLOC_ALIGN + byte* tmp = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + CYASSL_MSG("AES-CBC encrypt with bad alignment"); + if (tmp == NULL) return MEMORY_E; + + XMEMCPY(tmp, in, sz); + AES_CBC_encrypt(tmp, tmp, (byte*)aes->reg, sz, (byte*)aes->key, + aes->rounds); + /* store iv for next call */ + XMEMCPY(aes->reg, tmp + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + XMEMCPY(out, tmp, sz); + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return 0; + #else + return BAD_ALIGN_E; + #endif + } + + AES_CBC_encrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key, + aes->rounds); + /* store iv for next call */ + XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + return 0; + } + #endif + + while (blocks--) { + xorbuf((byte*)aes->reg, in, AES_BLOCK_SIZE); + AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->reg); + XMEMCPY(out, aes->reg, AES_BLOCK_SIZE); + + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + } + + return 0; + } + + int AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + word32 blocks = sz / AES_BLOCK_SIZE; + + #ifdef HAVE_CAVIUM + if (aes->magic == CYASSL_AES_CAVIUM_MAGIC) + return AesCaviumCbcDecrypt(aes, out, in, sz); + #endif + + #ifdef CYASSL_AESNI + if (haveAESNI) { + #ifdef DEBUG_AESNI + printf("about to aes cbc decrypt\n"); + printf("in = %p\n", in); + printf("out = %p\n", out); + printf("aes->key = %p\n", aes->key); + printf("aes->reg = %p\n", aes->reg); + printf("aes->rounds = %d\n", aes->rounds); + printf("sz = %d\n", sz); + #endif + + /* if input and output same will overwrite input iv */ + XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + AES_CBC_decrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key, + aes->rounds); + /* store iv for next call */ + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + return 0; + } + #endif + + while (blocks--) { + XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE); + AesDecrypt(aes, (byte*)aes->tmp, out); + xorbuf(out, (byte*)aes->reg, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + } + + return 0; + } + +#endif /* STM32F2_CRYPTO, AES-CBC block */ + +/* AES-CTR */ +#ifdef CYASSL_AES_COUNTER + + #ifdef STM32F2_CRYPTO + void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + word32 *enc_key, *iv; + CRYP_InitTypeDef AES_CRYP_InitStructure; + CRYP_KeyInitTypeDef AES_CRYP_KeyInitStructure; + CRYP_IVInitTypeDef AES_CRYP_IVInitStructure; + + enc_key = aes->key; + iv = aes->reg; + + /* crypto structure initialization */ + CRYP_KeyStructInit(&AES_CRYP_KeyInitStructure); + CRYP_StructInit(&AES_CRYP_InitStructure); + CRYP_IVStructInit(&AES_CRYP_IVInitStructure); + + /* reset registers to their default values */ + CRYP_DeInit(); + + /* load key into correct registers */ + switch(aes->rounds) + { + case 10: /* 128-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_128b; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[3]; + break; + + case 12: /* 192-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_192b; + AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[3]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[4]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[5]; + break; + + case 14: /* 256-bit key */ + AES_CRYP_InitStructure.CRYP_KeySize = CRYP_KeySize_256b; + AES_CRYP_KeyInitStructure.CRYP_Key0Left = enc_key[0]; + AES_CRYP_KeyInitStructure.CRYP_Key0Right = enc_key[1]; + AES_CRYP_KeyInitStructure.CRYP_Key1Left = enc_key[2]; + AES_CRYP_KeyInitStructure.CRYP_Key1Right = enc_key[3]; + AES_CRYP_KeyInitStructure.CRYP_Key2Left = enc_key[4]; + AES_CRYP_KeyInitStructure.CRYP_Key2Right = enc_key[5]; + AES_CRYP_KeyInitStructure.CRYP_Key3Left = enc_key[6]; + AES_CRYP_KeyInitStructure.CRYP_Key3Right = enc_key[7]; + break; + + default: + break; + } + CRYP_KeyInit(&AES_CRYP_KeyInitStructure); + + /* set iv */ + ByteReverseWords(iv, iv, AES_BLOCK_SIZE); + AES_CRYP_IVInitStructure.CRYP_IV0Left = iv[0]; + AES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1]; + AES_CRYP_IVInitStructure.CRYP_IV1Left = iv[2]; + AES_CRYP_IVInitStructure.CRYP_IV1Right = iv[3]; + CRYP_IVInit(&AES_CRYP_IVInitStructure); + + /* set direction, mode, and datatype */ + AES_CRYP_InitStructure.CRYP_AlgoDir = CRYP_AlgoDir_Encrypt; + AES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_AES_CTR; + AES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b; + CRYP_Init(&AES_CRYP_InitStructure); + + /* enable crypto processor */ + CRYP_Cmd(ENABLE); + + while (sz > 0) + { + /* flush IN/OUT FIFOs */ + CRYP_FIFOFlush(); + + CRYP_DataIn(*(uint32_t*)&in[0]); + CRYP_DataIn(*(uint32_t*)&in[4]); + CRYP_DataIn(*(uint32_t*)&in[8]); + CRYP_DataIn(*(uint32_t*)&in[12]); + + /* wait until the complete message has been processed */ + while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {} + + *(uint32_t*)&out[0] = CRYP_DataOut(); + *(uint32_t*)&out[4] = CRYP_DataOut(); + *(uint32_t*)&out[8] = CRYP_DataOut(); + *(uint32_t*)&out[12] = CRYP_DataOut(); + + /* store iv for next call */ + XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + sz -= 16; + in += 16; + out += 16; + } + + /* disable crypto processor */ + CRYP_Cmd(DISABLE); + } + + #elif defined(CYASSL_PIC32MZ_CRYPT) + void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + int i ; + char out_block[AES_BLOCK_SIZE] ; + int odd ; + int even ; + char *tmp ; /* (char *)aes->tmp, for short */ + + tmp = (char *)aes->tmp ; + if(aes->left) { + if((aes->left + sz) >= AES_BLOCK_SIZE){ + odd = AES_BLOCK_SIZE - aes->left ; + } else { + odd = sz ; + } + XMEMCPY(tmp+aes->left, in, odd) ; + if((odd+aes->left) == AES_BLOCK_SIZE){ + AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE, + PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR); + XMEMCPY(out, out_block+aes->left, odd) ; + aes->left = 0 ; + XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ; + /* Increment IV */ + for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) { + if (++((byte *)aes->iv_ce)[i]) + break ; + } + } + in += odd ; + out+= odd ; + sz -= odd ; + } + odd = sz % AES_BLOCK_SIZE ; /* if there is tail flagment */ + if(sz / AES_BLOCK_SIZE) { + even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ; + AesCrypt(aes, out, in, even, PIC32_ENCRYPTION, PIC32_ALGO_AES, + PIC32_CRYPTOALGO_RCTR); + out += even ; + in += even ; + do { /* Increment IV */ + for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) { + if (++((byte *)aes->iv_ce)[i]) + break ; + } + even -= AES_BLOCK_SIZE ; + } while((int)even > 0) ; + } + if(odd) { + XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ; + XMEMCPY(tmp+aes->left, in, odd) ; + AesCrypt(aes, out_block, tmp, AES_BLOCK_SIZE, + PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR); + XMEMCPY(out, out_block+aes->left,odd) ; + aes->left += odd ; + } + } + + #elif defined(HAVE_COLDFIRE_SEC) + #error "Coldfire SEC doesn't currently support AES-CTR mode" + + #elif defined(FREESCALE_MMCAU) + #error "Freescale mmCAU doesn't currently support AES-CTR mode" + + #else + /* Increment AES counter */ + static INLINE void IncrementAesCounter(byte* inOutCtr) + { + int i; + + /* in network byte order so start at end and work back */ + for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) { + if (++inOutCtr[i]) /* we're done unless we overflow */ + return; + } + } + + void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + byte* tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; + + /* consume any unused bytes left in aes->tmp */ + while (aes->left && sz) { + *(out++) = *(in++) ^ *(tmp++); + aes->left--; + sz--; + } + + /* do as many block size ops as possible */ + while (sz >= AES_BLOCK_SIZE) { + AesEncrypt(aes, (byte*)aes->reg, out); + IncrementAesCounter((byte*)aes->reg); + xorbuf(out, in, AES_BLOCK_SIZE); + + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + sz -= AES_BLOCK_SIZE; + aes->left = 0; + } + + /* handle non block size remaining and sotre unused byte count in left */ + if (sz) { + AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp); + IncrementAesCounter((byte*)aes->reg); + + aes->left = AES_BLOCK_SIZE; + tmp = (byte*)aes->tmp; + + while (sz--) { + *(out++) = *(in++) ^ *(tmp++); + aes->left--; + } + } + } + + #endif /* STM32F2_CRYPTO, AES-CTR block */ #endif /* CYASSL_AES_COUNTER */ - #ifdef HAVE_AESGCM /* @@ -2435,6 +2490,14 @@ void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) * number counter. */ +#ifdef STM32F2_CRYPTO + #error "STM32F2 crypto doesn't currently support AES-GCM mode" + +#elif defined(HAVE_COLDFIRE_SEC) + #error "Coldfire SEC doesn't currently support AES-GCM mode" + +#endif + enum { CTR_SZ = 4 }; @@ -2530,13 +2593,21 @@ void AesGcmSetKey(Aes* aes, const byte* key, word32 len) { byte iv[AES_BLOCK_SIZE]; + #ifdef FREESCALE_MMCAU + byte* rk = (byte*)aes->key; + #endif + if (!((len == 16) || (len == 24) || (len == 32))) return; XMEMSET(iv, 0, AES_BLOCK_SIZE); AesSetKey(aes, key, len, iv, AES_ENCRYPTION); - AesEncrypt(aes, iv, aes->H); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(iv, rk, aes->rounds, aes->H); + #else + AesEncrypt(aes, iv, aes->H); + #endif #ifdef GCM_TABLE GenerateM0(aes); #endif /* GCM_TABLE */ @@ -3059,6 +3130,10 @@ void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte *ctr ; byte scratch[AES_BLOCK_SIZE]; +#ifdef FREESCALE_MMCAU + byte* key = (byte*)aes->key; +#endif + CYASSL_ENTER("AesGcmEncrypt"); #ifdef CYASSL_PIC32MZ_CRYPT @@ -3079,7 +3154,11 @@ void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, while (blocks--) { IncrementGcmCounter(ctr); #ifndef CYASSL_PIC32MZ_CRYPT - AesEncrypt(aes, ctr, scratch); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(ctr, key, aes->rounds, scratch); + #else + AesEncrypt(aes, ctr, scratch); + #endif xorbuf(scratch, p, AES_BLOCK_SIZE); XMEMCPY(c, scratch, AES_BLOCK_SIZE); #endif @@ -3089,7 +3168,11 @@ void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, if (partial != 0) { IncrementGcmCounter(ctr); - AesEncrypt(aes, ctr, scratch); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(ctr, key, aes->rounds, scratch); + #else + AesEncrypt(aes, ctr, scratch); + #endif xorbuf(scratch, p, partial); XMEMCPY(c, scratch, partial); @@ -3097,7 +3180,11 @@ void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); InitGcmCounter(ctr); - AesEncrypt(aes, ctr, scratch); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(ctr, key, aes->rounds, scratch); + #else + AesEncrypt(aes, ctr, scratch); + #endif xorbuf(authTag, scratch, authTagSz); } @@ -3116,6 +3203,10 @@ int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte *ctr ; byte scratch[AES_BLOCK_SIZE]; +#ifdef FREESCALE_MMCAU + byte* key = (byte*)aes->key; +#endif + CYASSL_ENTER("AesGcmDecrypt"); #ifdef CYASSL_PIC32MZ_CRYPT @@ -3135,7 +3226,11 @@ int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte EKY0[AES_BLOCK_SIZE]; GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime)); - AesEncrypt(aes, ctr, EKY0); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(ctr, key, aes->rounds, EKY0); + #else + AesEncrypt(aes, ctr, EKY0); + #endif xorbuf(Tprime, EKY0, sizeof(Tprime)); if (XMEMCMP(authTag, Tprime, authTagSz) != 0) { @@ -3152,7 +3247,11 @@ int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, while (blocks--) { IncrementGcmCounter(ctr); #ifndef CYASSL_PIC32MZ_CRYPT - AesEncrypt(aes, ctr, scratch); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(ctr, key, aes->rounds, scratch); + #else + AesEncrypt(aes, ctr, scratch); + #endif xorbuf(scratch, c, AES_BLOCK_SIZE); XMEMCPY(p, scratch, AES_BLOCK_SIZE); #endif @@ -3161,7 +3260,11 @@ int AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, } if (partial != 0) { IncrementGcmCounter(ctr); - AesEncrypt(aes, ctr, scratch); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(ctr, key, aes->rounds, scratch); + #else + AesEncrypt(aes, ctr, scratch); + #endif xorbuf(scratch, c, partial); XMEMCPY(p, scratch, partial); } @@ -3186,8 +3289,20 @@ CYASSL_API void GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, #endif /* HAVE_AESGCM */ + #ifdef HAVE_AESCCM +#ifdef STM32F2_CRYPTO + #error "STM32F2 crypto doesn't currently support AES-CCM mode" + +#elif defined(HAVE_COLDFIRE_SEC) + #error "Coldfire SEC doesn't currently support AES-CCM mode" + +#elif defined(CYASSL_PIC32MZ_CRYPT) + #error "PIC32MZ doesn't currently support AES-CCM mode" + +#endif + void AesCcmSetKey(Aes* aes, const byte* key, word32 keySz) { byte nonce[AES_BLOCK_SIZE]; @@ -3202,19 +3317,31 @@ void AesCcmSetKey(Aes* aes, const byte* key, word32 keySz) static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out) { + #ifdef FREESCALE_MMCAU + byte* key = (byte*)aes->key; + #endif + /* process the bulk of the data */ while (inSz >= AES_BLOCK_SIZE) { xorbuf(out, in, AES_BLOCK_SIZE); in += AES_BLOCK_SIZE; inSz -= AES_BLOCK_SIZE; - AesEncrypt(aes, out, out); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(out, key, aes->rounds, out); + #else + AesEncrypt(aes, out, out); + #endif } /* process remainder of the data */ if (inSz > 0) { xorbuf(out, in, inSz); - AesEncrypt(aes, out, out); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(out, key, aes->rounds, out); + #else + AesEncrypt(aes, out, out); + #endif } } @@ -3224,6 +3351,10 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out) word32 authLenSz; word32 remainder; + #ifdef FREESCALE_MMCAU + byte* key = (byte*)aes->key; + #endif + /* encode the length in */ if (inSz <= 0xFEFF) { authLenSz = 2; @@ -3257,7 +3388,11 @@ static void roll_auth(Aes* aes, const byte* in, word32 inSz, byte* out) xorbuf(out + authLenSz, in, inSz); inSz = 0; } - AesEncrypt(aes, out, out); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(out, key, aes->rounds, out); + #else + AesEncrypt(aes, out, out); + #endif if (inSz > 0) roll_x(aes, in, inSz, out); @@ -3284,6 +3419,10 @@ void AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, byte lenSz; word32 i; + #ifdef FREESCALE_MMCAU + byte* key = (byte*)aes->key; + #endif + XMEMCPY(B+1, nonce, nonceSz); lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz; B[0] = (authInSz > 0 ? 64 : 0) @@ -3292,7 +3431,11 @@ void AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, for (i = 0; i < lenSz; i++) B[AES_BLOCK_SIZE - 1 - i] = (inSz >> (8 * i)) & 0xFF; - AesEncrypt(aes, B, A); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(B, key, aes->rounds, A); + #else + AesEncrypt(aes, B, A); + #endif if (authInSz > 0) roll_auth(aes, authIn, authInSz, A); if (inSz > 0) @@ -3302,12 +3445,20 @@ void AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, B[0] = lenSz - 1; for (i = 0; i < lenSz; i++) B[AES_BLOCK_SIZE - 1 - i] = 0; - AesEncrypt(aes, B, A); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(B, key, aes->rounds, A); + #else + AesEncrypt(aes, B, A); + #endif xorbuf(authTag, A, authTagSz); B[15] = 1; while (inSz >= AES_BLOCK_SIZE) { - AesEncrypt(aes, B, A); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(B, key, aes->rounds, A); + #else + AesEncrypt(aes, B, A); + #endif xorbuf(A, in, AES_BLOCK_SIZE); XMEMCPY(out, A, AES_BLOCK_SIZE); @@ -3317,7 +3468,11 @@ void AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, out += AES_BLOCK_SIZE; } if (inSz > 0) { - AesEncrypt(aes, B, A); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(B, key, aes->rounds, A); + #else + AesEncrypt(aes, B, A); + #endif xorbuf(A, in, inSz); XMEMCPY(out, A, inSz); } @@ -3339,6 +3494,10 @@ int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, word32 i, oSz; int result = 0; + #ifdef FREESCALE_MMCAU + byte* key = (byte*)aes->key; + #endif + o = out; oSz = inSz; XMEMCPY(B+1, nonce, nonceSz); @@ -3350,7 +3509,11 @@ int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, B[15] = 1; while (oSz >= AES_BLOCK_SIZE) { - AesEncrypt(aes, B, A); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(B, key, aes->rounds, A); + #else + AesEncrypt(aes, B, A); + #endif xorbuf(A, in, AES_BLOCK_SIZE); XMEMCPY(o, A, AES_BLOCK_SIZE); @@ -3360,14 +3523,22 @@ int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, o += AES_BLOCK_SIZE; } if (inSz > 0) { - AesEncrypt(aes, B, A); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(B, key, aes->rounds, A); + #else + AesEncrypt(aes, B, A); + #endif xorbuf(A, in, oSz); XMEMCPY(o, A, oSz); } for (i = 0; i < lenSz; i++) B[AES_BLOCK_SIZE - 1 - i] = 0; - AesEncrypt(aes, B, A); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(B, key, aes->rounds, A); + #else + AesEncrypt(aes, B, A); + #endif o = out; oSz = inSz; @@ -3378,7 +3549,11 @@ int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, for (i = 0; i < lenSz; i++) B[AES_BLOCK_SIZE - 1 - i] = (inSz >> (8 * i)) & 0xFF; - AesEncrypt(aes, B, A); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(B, key, aes->rounds, A); + #else + AesEncrypt(aes, B, A); + #endif if (authInSz > 0) roll_auth(aes, authIn, authInSz, A); if (inSz > 0) @@ -3387,7 +3562,11 @@ int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, B[0] = lenSz - 1; for (i = 0; i < lenSz; i++) B[AES_BLOCK_SIZE - 1 - i] = 0; - AesEncrypt(aes, B, B); + #ifdef FREESCALE_MMCAU + cau_aes_encrypt(B, key, aes->rounds, B); + #else + AesEncrypt(aes, B, B); + #endif xorbuf(A, B, authTagSz); if (XMEMCMP(A, authTag, authTagSz) != 0) { @@ -3405,22 +3584,7 @@ int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, return result; } -#endif - -#endif /* STM32F2_CRYPTO */ - -int AesSetIV(Aes* aes, const byte* iv) -{ - if (aes == NULL) - return BAD_FUNC_ARG; - - if (iv) - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - else - XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); - - return 0; -} +#endif /* HAVE_AESCCM */ #ifdef HAVE_CAVIUM @@ -3548,4 +3712,3 @@ static int AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, #endif /* NO_AES */ - diff --git a/cyassl/internal.h b/cyassl/internal.h index ccd7c8138..beb477c1a 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -153,9 +153,6 @@ typedef byte word24[3]; -/* used by ssl.c and cyassl_int.c */ -void c32to24(word32 in, word24 out); - /* Define or comment out the cipher suites you'd like to be compiled in make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined @@ -802,7 +799,6 @@ enum Misc { COPY = 1 /* should we copy static buffer for write */ }; - #ifdef SESSION_INDEX /* Shift values for making a session index */ #define SESSIDX_ROW_SHIFT 4 @@ -1969,6 +1965,10 @@ struct CYASSL { byte hsInfoOn; /* track handshake info */ byte toInfoOn; /* track timeout info */ #endif +#ifdef HAVE_FUZZER + CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */ + void* fuzzerCtx; /* user defined pointer */ +#endif #ifdef KEEP_PEER_CERT CYASSL_X509 peerCert; /* X509 peer cert */ #endif @@ -2212,6 +2212,12 @@ CYASSL_LOCAL void FreeX509(CYASSL_X509*); CYASSL_LOCAL int CopyDecodedToX509(CYASSL_X509*, DecodedCert*); #endif +/* used by ssl.c and cyassl_int.c */ +CYASSL_LOCAL void c32to24(word32 in, word24 out); + +CYASSL_LOCAL const char* const* GetCipherNames(void); +CYASSL_LOCAL int GetCipherNamesSize(void); + #ifdef __cplusplus } /* extern "C" */ diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 7109b0726..cf7819d56 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -233,6 +233,7 @@ CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int); CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*); CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*); CYASSL_API int CyaSSL_set_fd (CYASSL*, int); +CYASSL_API int CyaSSL_get_ciphers(char*, int); CYASSL_API int CyaSSL_get_fd(const CYASSL*); CYASSL_API void CyaSSL_set_using_nonblock(CYASSL*, int); CYASSL_API int CyaSSL_get_using_nonblock(CYASSL*); @@ -930,6 +931,21 @@ CYASSL_API int CyaSSL_set_group_messages(CYASSL*); typedef int (*CallbackIORecv)(CYASSL *ssl, char *buf, int sz, void *ctx); typedef int (*CallbackIOSend)(CYASSL *ssl, char *buf, int sz, void *ctx); +#ifdef HAVE_FUZZER +enum fuzzer_type { + FUZZ_HMAC = 0, + FUZZ_ENCRYPT = 1, + FUZZ_SIGNATURE = 2, + FUZZ_HASH = 3, + FUZZ_HEAD = 4 +}; + +typedef int (*CallbackFuzzer)(CYASSL* ssl, const unsigned char* buf, int sz, + int type, void* fuzzCtx); + +CYASSL_API void CyaSSL_SetFuzzerCb(CYASSL* ssl, CallbackFuzzer cbf, void* fCtx); +#endif + CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX*, CallbackIORecv); CYASSL_API void CyaSSL_SetIOSend(CYASSL_CTX*, CallbackIOSend); diff --git a/src/internal.c b/src/internal.c index fb7b42217..827a47a68 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1752,6 +1752,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->MacEncryptCtx = NULL; ssl->DecryptVerifyCtx = NULL; #endif +#ifdef HAVE_FUZZER + ssl->fuzzerCb = NULL; + ssl->fuzzerCtx = NULL; +#endif #ifdef HAVE_PK_CALLBACKS #ifdef HAVE_ECC ssl->EccSignCtx = NULL; @@ -2529,6 +2533,10 @@ static int HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz) const byte* adj = output + RECORD_HEADER_SZ + ivSz; sz -= RECORD_HEADER_SZ; +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx); +#endif #ifdef CYASSL_DTLS if (ssl->options.dtls) { adj += DTLS_RECORD_EXTRA; @@ -2954,6 +2962,11 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, RecordLayerHeader* rh, word16 *size) { if (!ssl->options.dtls) { +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, input + *inOutIdx, RECORD_HEADER_SZ, FUZZ_HEAD, + ssl->fuzzerCtx); +#endif XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ); *inOutIdx += RECORD_HEADER_SZ; ato16(rh->length, size); @@ -2969,6 +2982,12 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, *inOutIdx += 4; /* advance past rest of seq */ ato16(input + *inOutIdx, size); *inOutIdx += LENGTH_SZ; +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, input + *inOutIdx - LENGTH_SZ - 8 - ENUM_LEN - + VERSION_SZ, ENUM_LEN + VERSION_SZ + 8 + LENGTH_SZ, + FUZZ_HEAD, ssl->fuzzerCtx); +#endif #endif } @@ -5115,6 +5134,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) return ENCRYPT_ERROR; } +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, input, sz, FUZZ_ENCRYPT, ssl->fuzzerCtx); +#endif + switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case cyassl_rc4: @@ -6392,6 +6416,11 @@ static int SSL_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */ const byte* macSecret = CyaSSL_GetMacSecret(ssl, verify); +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); +#endif + XMEMSET(seq, 0, SEQ_SZ); conLen[0] = (byte)content; c16toa((word16)sz, &conLen[ENUM_LEN]); @@ -7870,7 +7899,6 @@ static const char* const cipher_names[] = }; - /* cipher suite number that matches above name table */ static int cipher_name_idx[] = { @@ -8257,6 +8285,20 @@ static int cipher_name_idx[] = }; +/* returns the cipher_names array */ +const char* const* GetCipherNames(void) +{ + return cipher_names; +} + + +/* returns the size of the cipher_names array */ +int GetCipherNamesSize(void) +{ + return (int)(sizeof(cipher_names) / sizeof(char*)); +} + + /* return true if set, else false */ /* only supports full name from cipher_name[] delimited by : */ int SetCipherList(Suites* s, const char* list) @@ -10545,6 +10587,12 @@ static void PickHashSigAlgo(CYASSL* ssl, /* Signtaure length will be written later, when we're sure what it is */ +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, FUZZ_SIGNATURE, + ssl->fuzzerCtx); +#endif + /* do signature */ { #ifndef NO_OLD_TLS @@ -10897,6 +10945,12 @@ static void PickHashSigAlgo(CYASSL* ssl, c16toa((word16)sigSz, output + idx); idx += LENGTH_SZ; +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, FUZZ_SIGNATURE, + ssl->fuzzerCtx); +#endif + /* do signature */ { #ifndef NO_OLD_TLS diff --git a/src/ssl.c b/src/ssl.c index 1b99e98fd..2bd63f238 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29,7 +29,6 @@ #include #endif - #include #include #include @@ -227,6 +226,38 @@ int CyaSSL_set_fd(CYASSL* ssl, int fd) } +int CyaSSL_get_ciphers(char* buf, int len) +{ + const char* const* ciphers = GetCipherNames(); + int totalInc = 0; + int step = 0; + char delim = ':'; + int size = GetCipherNamesSize(); + int i; + + if (buf == NULL || len <= 0) + return BAD_FUNC_ARG; + + /* Add each member to the buffer delimitted by a : */ + for (i = 0; i < size; i++) { + step = (int)(XSTRLEN(ciphers[i]) + 1); /* delimiter */ + totalInc += step; + + /* Check to make sure buf is large enough and will not overflow */ + if (totalInc < len) { + XSTRNCPY(buf, ciphers[i], XSTRLEN(ciphers[i])); + buf += XSTRLEN(ciphers[i]); + + if (i < size - 1) + *buf++ = delim; + } + else + return BUFFER_E; + } + return SSL_SUCCESS; +} + + int CyaSSL_get_fd(const CYASSL* ssl) { CYASSL_ENTER("SSL_get_fd"); @@ -11501,6 +11532,15 @@ const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session) #endif /* SESSION_CERTS */ +#ifdef HAVE_FUZZER +void CyaSSL_SetFuzzerCb(CYASSL* ssl, CallbackFuzzer cbf, void* fCtx) +{ + if (ssl) { + ssl->fuzzerCb = cbf; + ssl->fuzzerCtx = fCtx; + } +} +#endif #ifndef NO_CERTS #ifdef HAVE_PK_CALLBACKS diff --git a/src/tls.c b/src/tls.c index a569f064e..30feb6129 100644 --- a/src/tls.c +++ b/src/tls.c @@ -677,6 +677,11 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, if (ssl == NULL) return BAD_FUNC_ARG; +#ifdef HAVE_FUZZER + if (ssl->fuzzerCb) + ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); +#endif + CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 35b7820db..8b91249a6 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -161,6 +161,14 @@ int testsuite_test(int argc, char** argv) if (server_args.return_code != 0) return server_args.return_code; } + /* show ciphers */ + { + char ciphers[1024]; + XMEMSET(ciphers, 0, sizeof(ciphers)); + CyaSSL_get_ciphers(ciphers, sizeof(ciphers)-1); + printf("ciphers = %s\n", ciphers); + } + /* validate output equals input */ { byte input[SHA256_DIGEST_SIZE]; diff --git a/tirtos/packages/ti/net/cyassl/package.bld b/tirtos/packages/ti/net/cyassl/package.bld index 8fbdde318..d28f06e66 100644 --- a/tirtos/packages/ti/net/cyassl/package.bld +++ b/tirtos/packages/ti/net/cyassl/package.bld @@ -10,34 +10,47 @@ Pkg.makePrologue = "vpath %.c $(subst ;, ,$(XPKGPATH))"; /* CYASSL sources */ var cyaSSLObjList = [ - "ctaocrypt/src/aes.c", - "ctaocrypt/src/arc4.c", - "ctaocrypt/src/asn.c", - "ctaocrypt/src/coding.c", - "ctaocrypt/src/des3.c", - "ctaocrypt/src/dsa.c", - "ctaocrypt/src/error.c", - "ctaocrypt/src/hmac.c", - "ctaocrypt/src/logging.c", - "ctaocrypt/src/md4.c", - "ctaocrypt/src/md5.c", - "ctaocrypt/src/memory.c", - "ctaocrypt/src/wc_port.c", - "ctaocrypt/src/pwdbased.c", - "ctaocrypt/src/random.c", - "ctaocrypt/src/rsa.c", - "ctaocrypt/src/sha.c", - "ctaocrypt/src/sha256.c", - "ctaocrypt/src/tfm.c", - "src/internal.c", - "src/io.c", - "src/keys.c", - "src/ssl.c", - "src/tls.c", -]; + "ctaocrypt/src/aes.c", + "ctaocrypt/src/arc4.c", + "ctaocrypt/src/asm.c", + "ctaocrypt/src/asn.c", + "ctaocrypt/src/blake2b.c", + "ctaocrypt/src/camellia.c", + "ctaocrypt/src/chacha.c", + "ctaocrypt/src/coding.c", + "ctaocrypt/src/des3.c", + "ctaocrypt/src/dh.c", + "ctaocrypt/src/dsa.c", + "ctaocrypt/src/ecc.c", + "ctaocrypt/src/error.c", + "ctaocrypt/src/hc128.c", + "ctaocrypt/src/hmac.c", + "ctaocrypt/src/integer.c", + "ctaocrypt/src/logging.c", + "ctaocrypt/src/md4.c", + "ctaocrypt/src/md5.c", + "ctaocrypt/src/memory.c", + "ctaocrypt/src/poly1305.c", + "ctaocrypt/src/pwdbased.c", + "ctaocrypt/src/rabbit.c", + "ctaocrypt/src/random.c", + "ctaocrypt/src/rsa.c", + "ctaocrypt/src/sha.c", + "ctaocrypt/src/sha256.c", + "ctaocrypt/src/sha512.c", + "ctaocrypt/src/tfm.c", + "ctaocrypt/src/wc_port.c", + + "src/internal.c", + "src/io.c", + "src/keys.c", + "src/ssl.c", + "src/tls.c", + ]; for each (var targ in Build.targets) { var libOptions = {incs: cyasslPathInclude}; var lib = Pkg.addLibrary("lib/" + Pkg.name, targ, libOptions); lib.addObjects(cyaSSLObjList); } +