diff --git a/wolfcrypt/src/port/kcapi/kcapi_aes.c b/wolfcrypt/src/port/kcapi/kcapi_aes.c index 4a11a306f..536a955d7 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_aes.c +++ b/wolfcrypt/src/port/kcapi/kcapi_aes.c @@ -236,7 +236,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte* data = NULL; word32 dataSz; int inbuflen = 0, outbuflen = 0; +#ifndef KCAPI_USE_XMALLOC size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); +#endif /* argument checks */ if (aes == NULL || authTagSz > AES_BLOCK_SIZE) { @@ -267,11 +269,17 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, outbuflen = (int)kcapi_aead_outbuflen_enc(aes->handle, sz, authInSz, authTagSz); dataSz = (inbuflen > outbuflen) ? inbuflen : outbuflen; - + #ifdef KCAPI_USE_XMALLOC + data = (byte *)XMALLOC(dataSz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (data == NULL) { + ret = MEMORY_E; + } + #else ret = posix_memalign((void*)&data, pageSz, dataSz); if (ret < 0) { ret = MEMORY_E; } + #endif } if (ret >= 0) { @@ -312,10 +320,12 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, XMEMCPY(authTag, data + authInSz + sz, authTagSz); } - /* Using free as this is in an environment that will have it - * available along with posix_memalign. */ if (data != NULL) { + #ifdef KCAPI_USE_XMALLOC + XFREE(data, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + #else free(data); + #endif } if (aes != NULL && aes->handle != NULL) { kcapi_aead_destroy(aes->handle); @@ -337,7 +347,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte* data = NULL; word32 dataSz; int inbuflen = 0, outbuflen = 0; +#ifndef KCAPI_USE_XMALLOC size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); +#endif /* argument checks */ if (aes == NULL || (sz != 0 && (in == NULL || out == NULL)) || @@ -369,11 +381,17 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, outbuflen = (int)kcapi_aead_outbuflen_dec(aes->handle, sz, authInSz, authTagSz); dataSz = (inbuflen > outbuflen) ? inbuflen : outbuflen; - + #ifdef KCAPI_USE_XMALLOC + data = (byte*)XMALLOC(dataSz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (data == NULL) { + ret = MEMORY_E; + } + #else ret = posix_memalign((void*)&data, pageSz, dataSz); if (ret < 0) { ret = MEMORY_E; } + #endif } if (ret >= 0) { @@ -413,10 +431,12 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, XMEMCPY(out, data + authInSz, sz); } - /* Using free as this is in an environment that will have it - * available along with posix_memalign. */ if (data != NULL) { + #ifdef KCAPI_USE_XMALLOC + XFREE(data, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + #else free(data); + #endif } if (aes != NULL && aes->handle != NULL) { kcapi_aead_destroy(aes->handle); diff --git a/wolfcrypt/src/port/kcapi/kcapi_ecc.c b/wolfcrypt/src/port/kcapi/kcapi_ecc.c index 182d06070..4cb0a1c66 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_ecc.c +++ b/wolfcrypt/src/port/kcapi/kcapi_ecc.c @@ -204,11 +204,12 @@ int KcapiEcc_SharedSecret(ecc_key* private_key, ecc_key* public_key, byte* out, { int ret = 0; word32 kcapiCurveId = 0; - byte* pub_aligned = NULL; - byte* out_aligned = NULL; - size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); + byte* buf_aligned = NULL; byte* pub = NULL; word32 keySz; +#ifndef KCAPI_USE_XMALLOC + size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); +#endif if (private_key == NULL || private_key->dp == NULL || public_key == NULL) { ret = BAD_FUNC_ARG; @@ -242,53 +243,38 @@ int KcapiEcc_SharedSecret(ecc_key* private_key, ecc_key* public_key, byte* out, } } if (ret == 0) { - if ((size_t)pub % pageSz != 0) { - ret = posix_memalign((void*)&pub_aligned, pageSz, keySz * 2); - if (ret == 0) { - XMEMCPY(pub_aligned, pub, keySz * 2); - } - else { - ret = MEMORY_E; - } + #ifdef KCAPI_USE_XMALLOC + buf_aligned = (byte*)XMALLOC(keySz * 2, private_key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (buf_aligned == NULL) { + ret = MEMORY_E; } - else { - pub_aligned = pub; + #else + ret = posix_memalign((void*)&buf_aligned, pageSz, keySz * 2); + if (ret != 0) { + ret = MEMORY_E; } + #endif } if (ret == 0) { - if ((size_t)out % pageSz != 0) { - ret = posix_memalign((void*)&out_aligned, pageSz, keySz * 2); - if (ret != 0) { - ret = MEMORY_E; - } - } - else { - out_aligned = out; - } - } + XMEMCPY(buf_aligned, pub, keySz * 2); - if (ret == 0) { - ret = (int)kcapi_kpp_ssgen(private_key->handle, pub_aligned, - keySz * 2, out_aligned, keySz * 2, KCAPI_ACCESS_HEURISTIC); + ret = (int)kcapi_kpp_ssgen(private_key->handle, buf_aligned, + keySz * 2, buf_aligned, keySz * 2, KCAPI_ACCESS_HEURISTIC); if (ret >= 0) { *outlen = ret / 2; - if (out_aligned != out) { - /* don't overflow out */ - if (ret > (int)*outlen) - ret = (int)*outlen; - XMEMCPY(out, out_aligned, ret); - } + XMEMCPY(out, buf_aligned, *outlen); + ret = 0; /* success */ } } - /* Using free as this is in an environment that will have it - * available along with posix_memalign. */ - if (pub_aligned != NULL && pub != pub_aligned) { - free(pub_aligned); - } - if (out_aligned != NULL && out != out_aligned) { - free(out_aligned); + if (buf_aligned != NULL) { + #ifdef KCAPI_USE_XMALLOC + XFREE(buf_aligned, private_key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #else + free(buf_aligned); + #endif } return ret; @@ -307,8 +293,18 @@ static int KcapiEcc_SetPrivKey(ecc_key* key) if (ret == 0) { priv[0] = ECDSA_KEY_VERSION; priv[1] = kcapiCurveId; - ret = wc_export_int(&key->k, priv + KCAPI_PARAM_SZ, &keySz, keySz, - WC_TYPE_UNSIGNED_BIN); + #ifdef WOLF_PRIVATE_KEY_ID + if (key->idLen > 0) { + WOLFSSL_MSG("Using ID based private key"); + keySz = key->idLen; + XMEMCPY(priv + KCAPI_PARAM_SZ, key->id, keySz); + } + else + #endif + { + ret = wc_export_int(&key->k, priv + KCAPI_PARAM_SZ, &keySz, keySz, + WC_TYPE_UNSIGNED_BIN); + } } if (ret == 0) { /* call with NULL to so KCAPI treats incoming data as hash */ @@ -328,11 +324,13 @@ int KcapiEcc_Sign(ecc_key* key, const byte* hash, word32 hashLen, byte* sig, word32 sigLen) { int ret = 0; - byte* hash_aligned = NULL; - byte* sig_aligned = NULL; - size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); + byte* buf_aligned = NULL; int handleInit = 0; word32 keySz; + word32 maxBufSz; +#ifndef KCAPI_USE_XMALLOC + size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); +#endif if (key == NULL || key->dp == NULL) { ret = BAD_FUNC_ARG; @@ -357,48 +355,37 @@ int KcapiEcc_Sign(ecc_key* key, const byte* hash, word32 hashLen, byte* sig, } } if (ret == 0) { - if ((size_t)sig % pageSz != 0) { - ret = posix_memalign((void*)&sig_aligned, pageSz, keySz * 2); - if (ret != 0) { - ret = MEMORY_E; - } + maxBufSz = (hashLen > keySz * 2) ? hashLen : (keySz * 2); + #ifdef KCAPI_USE_XMALLOC + buf_aligned = (unsigned char*)XMALLOC(maxBufSz, key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (buf_aligned == NULL) { + ret = MEMORY_E; } - else { - sig_aligned = sig; + #else + ret = posix_memalign((void*)&buf_aligned, pageSz, maxBufSz); + if (ret != 0) { + ret = MEMORY_E; } + #endif } if (ret == 0) { - if ((size_t)hash % pageSz != 0) { - ret = posix_memalign((void*)&hash_aligned, pageSz, hashLen); - if (ret == 0) { - XMEMCPY(hash_aligned, hash, hashLen); - } - else { - ret = MEMORY_E; - } - } - else { - hash_aligned = (byte*)hash; - } - } - if (ret == 0) { - ret = (int)kcapi_akcipher_sign(key->handle, hash_aligned, hashLen, - sig_aligned, keySz*2, KCAPI_ACCESS_HEURISTIC); + XMEMCPY(buf_aligned, hash, hashLen); + + ret = (int)kcapi_akcipher_sign(key->handle, buf_aligned, hashLen, + buf_aligned, keySz * 2, KCAPI_ACCESS_HEURISTIC); if (ret >= 0) { - if (sig_aligned != sig) { - XMEMCPY(sig, sig_aligned, ret); - } + XMEMCPY(sig, buf_aligned, ret); ret = 0; /* mark success */ } } - /* Using free as this is in an environment that will have it - * available along with posix_memalign. */ - if (sig_aligned != NULL && sig != sig_aligned) { - free(sig_aligned); - } - if (hash_aligned != NULL && hash != hash_aligned) { - free(hash_aligned); + if (buf_aligned != NULL) { + #ifdef KCAPI_USE_XMALLOC + XFREE(buf_aligned, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #else + free(buf_aligned); + #endif } if (handleInit) { @@ -444,11 +431,12 @@ int KcapiEcc_Verify(ecc_key* key, const byte* hash, word32 hashLen, byte* sig, word32 sigLen) { int ret = 0; - byte* sigHash_aligned = NULL; - size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); + byte* buf_aligned = NULL; int handleInit = 0; word32 keySz = 0; - byte* outbuf = NULL; +#ifndef KCAPI_USE_XMALLOC + size_t pageSz = (size_t)sysconf(_SC_PAGESIZE); +#endif if (key == NULL || key->dp == NULL) { ret = BAD_FUNC_ARG; @@ -464,39 +452,40 @@ int KcapiEcc_Verify(ecc_key* key, const byte* hash, word32 hashLen, byte* sig, ret = KcapiEcc_SetPubKey(key); } } - if (ret == 0) { - ret = posix_memalign((void*)&sigHash_aligned, pageSz, sigLen + hashLen); - if (ret != 0) { - ret = MEMORY_E; - } - } if (ret == 0) { keySz = key->dp->size; - ret = posix_memalign((void*)&outbuf, pageSz, keySz * 2); + #ifdef KCAPI_USE_XMALLOC + buf_aligned = (byte*)XMALLOC(sigLen + hashLen, key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (buf_aligned == NULL) { + ret = MEMORY_E; + } + #else + ret = posix_memalign((void*)&buf_aligned, pageSz, sigLen + hashLen); if (ret != 0) { ret = MEMORY_E; } + #endif } if (ret == 0) { - XMEMCPY(sigHash_aligned, sig, sigLen); - XMEMCPY(sigHash_aligned + sigLen, hash, hashLen); + XMEMCPY(buf_aligned, sig, sigLen); + XMEMCPY(buf_aligned + sigLen, hash, hashLen); - ret = (int)kcapi_akcipher_verify(key->handle, sigHash_aligned, - sigLen + hashLen, outbuf, keySz * 2, + ret = (int)kcapi_akcipher_verify(key->handle, buf_aligned, + sigLen + hashLen, buf_aligned, keySz * 2, KCAPI_ACCESS_HEURISTIC); if (ret >= 0) { + /* verify output in buf_aligned is not used */ ret = 0; } - (void)outbuf; /* not used */ } - /* Using free as this is in an environment that will have it - * available along with posix_memalign. */ - if (sigHash_aligned != NULL) { - free(sigHash_aligned); - } - if (outbuf != NULL) { - free(outbuf); + if (buf_aligned != NULL) { + #ifdef KCAPI_USE_XMALLOC + XFREE(buf_aligned, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #else + free(buf_aligned); + #endif } if (handleInit) {