mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-29 18:27:29 +02:00
Merge pull request #7051 from JacobBarthelmeh/mb
fix and enhancement for AES-GCM use with Xilsecure
This commit is contained in:
Sean Parkinson
GitHub
@ -9093,6 +9093,7 @@ AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_U
|
||||
AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
|
||||
|
||||
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
|
||||
(test "$ax_enable_debug" = "yes" ||
|
||||
|
||||
@ -881,6 +881,9 @@ endif
|
||||
|
||||
endif !BUILD_CRYPTONLY
|
||||
|
||||
if BUILD_XILINX
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/xilinx/xil-aesgcm.c
|
||||
endif
|
||||
|
||||
endif !BUILD_FIPS_RAND
|
||||
|
||||
@ -888,3 +891,4 @@ if BUILD_ARIA
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-crypt.c
|
||||
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-cryptocb.c
|
||||
endif
|
||||
|
||||
|
||||
@ -135,7 +135,9 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
|
||||
aes->xKeySize =
|
||||
len == AES_128_KEY_SIZE ? XSECURE_AES_KEY_SIZE_128 :
|
||||
XSECURE_AES_KEY_SIZE_256;
|
||||
XMEMCPY(aes->keyInit, key, len);
|
||||
if (key != NULL) {
|
||||
XMEMCPY(aes->keyInit, key, len);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -478,7 +480,12 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
|
||||
{
|
||||
XCsuDma_Config* con;
|
||||
|
||||
if (aes == NULL || key == NULL) {
|
||||
if (aes == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (kup == XSECURE_CSU_AES_KEY_SRC_KUP && key == NULL) {
|
||||
WOLFSSL_MSG("Expecting key buffer passed in if using KUP");
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@ -501,7 +508,9 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
|
||||
|
||||
aes->keylen = len;
|
||||
aes->kup = kup;
|
||||
XMEMCPY((byte*)(aes->keyInit), key, len);
|
||||
if (key != NULL) {
|
||||
XMEMCPY((byte*)(aes->keyInit), key, len);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -538,18 +547,26 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
|
||||
tmp = (byte*)XMALLOC(sz + AES_GCM_AUTH_SZ, aes->heap,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (tmp == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
#else
|
||||
/* if NO_WOLFSSL_XILINX_TAG_MALLOC is defined than it is assumed that
|
||||
* out buffer is large enough to hold both the cipher out and tag */
|
||||
tmp = out;
|
||||
#endif
|
||||
|
||||
XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv,
|
||||
aes->keyInit);
|
||||
XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
|
||||
XMEMCPY(out, tmp, sz);
|
||||
XMEMCPY(authTag, tmp + sz, authTagSz);
|
||||
#ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
|
||||
XMEMCPY(out, tmp, sz);
|
||||
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* handle completing tag with any additional data */
|
||||
@ -610,7 +627,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out,
|
||||
/* calls to hardened crypto */
|
||||
XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
|
||||
(word32*)iv, aes->keyInit);
|
||||
XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
|
||||
ret = XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
|
||||
|
||||
/* account for additional data */
|
||||
if (authIn != NULL && authInSz > 0) {
|
||||
@ -623,6 +640,12 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out,
|
||||
return AES_GCM_AUTH_E;
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* if no aad then check the result of the initial tag passed in */
|
||||
if (ret != XST_SUCCESS) {
|
||||
return AES_GCM_AUTH_E;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
|
||||
@ -809,6 +809,26 @@ static WC_INLINE word64 Entropy_TimeHiRes(void)
|
||||
);
|
||||
return cnt;
|
||||
}
|
||||
#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__MICROBLAZE__)
|
||||
|
||||
#define LPD_SCNTR_BASE_ADDRESS 0xFF250000
|
||||
|
||||
/* Get the high resolution time counter.
|
||||
* Collect ticks from LPD_SCNTR
|
||||
* @return 64-bit tick count.
|
||||
*/
|
||||
static WC_INLINE word64 Entropy_TimeHiRes(void)
|
||||
{
|
||||
word64 cnt;
|
||||
word32 *ptr;
|
||||
|
||||
ptr = (word32*)LPD_SCNTR_BASE_ADDRESS;
|
||||
cnt = *(ptr+1);
|
||||
cnt = cnt << 32;
|
||||
cnt |= *ptr;
|
||||
|
||||
return cnt;
|
||||
}
|
||||
#elif !defined(ENTROPY_MEMUSE_THREAD) && (_POSIX_C_SOURCE >= 199309L)
|
||||
/* Get the high resolution time counter.
|
||||
*
|
||||
@ -3515,6 +3535,26 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
* extern int myRngFunc(byte* output, word32 sz);
|
||||
*/
|
||||
|
||||
#elif defined(__MICROBLAZE__)
|
||||
#warning weak source of entropy
|
||||
#define LPD_SCNTR_BASE_ADDRESS 0xFF250000
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
word32* cnt;
|
||||
word32 i;
|
||||
|
||||
/* using current time with srand */
|
||||
cnt = (word32*)LPD_SCNTR_BASE_ADDRESS;
|
||||
srand(*cnt | *(cnt+1));
|
||||
|
||||
for (i = 0; i < sz; i++)
|
||||
output[i] = rand();
|
||||
|
||||
(void)os;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_ZEPHYR)
|
||||
|
||||
#include <version.h>
|
||||
|
||||
@ -7031,7 +7031,7 @@ int sp_mod_d(const sp_int* a, sp_int_digit d, sp_int_digit* r)
|
||||
|
||||
#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
|
||||
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY))
|
||||
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_SP_INVMOD)
|
||||
/* Divides a by 2 and stores in r: r = a >> 1
|
||||
*
|
||||
* @param [in] a SP integer to divide.
|
||||
@ -19254,7 +19254,7 @@ int sp_prime_is_prime_ex(const sp_int* a, int trials, int* result, WC_RNG* rng)
|
||||
}
|
||||
#endif /* WOLFSSL_SP_PRIME_GEN */
|
||||
|
||||
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
|
||||
#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN)
|
||||
|
||||
/* Calculates the Greatest Common Denominator (GCD) of a and b into r.
|
||||
*
|
||||
|
||||
@ -85,10 +85,14 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
|
||||
#ifdef WOLFSSL_XILINX_CRYPT_VERSAL
|
||||
#include <wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h>
|
||||
#include <xsecure_aesclient.h>
|
||||
#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
|
||||
#if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
|
||||
#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
|
||||
#endif
|
||||
#else /* versal */
|
||||
#include <xsecure_aes.h>
|
||||
#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
|
||||
#if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
|
||||
#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
|
||||
#endif
|
||||
#endif /* !versal */
|
||||
#endif /* WOLFSSL_XILINX_CRYPT */
|
||||
|
||||
|
||||
@ -1844,7 +1844,10 @@ extern void uITRON4_free(void *p) ;
|
||||
#if !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
|
||||
#define NO_DEV_RANDOM
|
||||
#endif
|
||||
#undef NO_WOLFSSL_DIR
|
||||
#define NO_WOLFSSL_DIR
|
||||
|
||||
#undef HAVE_AESGCM
|
||||
#define HAVE_AESGCM
|
||||
#endif
|
||||
|
||||
|
||||
@ -1067,7 +1067,7 @@ MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap);
|
||||
MP_API int sp_prime_is_prime(const sp_int* a, int t, int* result);
|
||||
MP_API int sp_prime_is_prime_ex(const sp_int* a, int t, int* result,
|
||||
WC_RNG* rng);
|
||||
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
|
||||
#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN)
|
||||
MP_API int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r);
|
||||
#endif
|
||||
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
|
||||
|
||||
Reference in New Issue
Block a user