wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7051 from JacobBarthelmeh/mb

Browse Source 
fix and enhancement for AES-GCM use with Xilsecure
This commit is contained in:
Sean Parkinson
2024-01-12 03:44:43 +10:00
committed by GitHub
parent 5e8fca420e 3f10496757
commit 8c6de41eb9
8 changed files with 85 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@ -9093,6 +9093,7 @@ AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_U
AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"]) AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"]) AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"])
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" && if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
(test "$ax_enable_debug" = "yes" || (test "$ax_enable_debug" = "yes" ||

4
src/include.am
View File

@ -881,6 +881,9 @@ endif
endif !BUILD_CRYPTONLY endif !BUILD_CRYPTONLY
if BUILD_XILINX
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/xilinx/xil-aesgcm.c
endif
endif !BUILD_FIPS_RAND endif !BUILD_FIPS_RAND
@ -888,3 +891,4 @@ if BUILD_ARIA
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-crypt.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-crypt.c
src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-cryptocb.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-cryptocb.c
endif endif

33
wolfcrypt/src/port/xilinx/xil-aesgcm.c
View File

@ -135,7 +135,9 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
aes->xKeySize = aes->xKeySize =
len == AES_128_KEY_SIZE ? XSECURE_AES_KEY_SIZE_128 : len == AES_128_KEY_SIZE ? XSECURE_AES_KEY_SIZE_128 :
XSECURE_AES_KEY_SIZE_256; XSECURE_AES_KEY_SIZE_256;
XMEMCPY(aes->keyInit, key, len); if (key != NULL) {
XMEMCPY(aes->keyInit, key, len);
}
return 0; return 0;
} }
@ -478,7 +480,12 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
{ {
XCsuDma_Config* con; XCsuDma_Config* con;
if (aes == NULL || key == NULL) { if (aes == NULL) {
return BAD_FUNC_ARG;
}
if (kup == XSECURE_CSU_AES_KEY_SRC_KUP && key == NULL) {
WOLFSSL_MSG("Expecting key buffer passed in if using KUP");
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@ -501,7 +508,9 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
aes->keylen = len; aes->keylen = len;
aes->kup = kup; aes->kup = kup;
XMEMCPY((byte*)(aes->keyInit), key, len); if (key != NULL) {
XMEMCPY((byte*)(aes->keyInit), key, len);
}
return 0; return 0;
} }
@ -538,18 +547,26 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
tmp = (byte*)XMALLOC(sz + AES_GCM_AUTH_SZ, aes->heap, tmp = (byte*)XMALLOC(sz + AES_GCM_AUTH_SZ, aes->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) { if (tmp == NULL) {
return MEMORY_E; return MEMORY_E;
} }
#else
/* if NO_WOLFSSL_XILINX_TAG_MALLOC is defined than it is assumed that
* out buffer is large enough to hold both the cipher out and tag */
tmp = out;
#endif
XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv, XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv,
aes->keyInit); aes->keyInit);
XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz); XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
XMEMCPY(out, tmp, sz);
XMEMCPY(authTag, tmp + sz, authTagSz); XMEMCPY(authTag, tmp + sz, authTagSz);
#ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
XMEMCPY(out, tmp, sz);
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
} }
/* handle completing tag with any additional data */ /* handle completing tag with any additional data */
@ -610,7 +627,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out,
/* calls to hardened crypto */ /* calls to hardened crypto */
XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
(word32*)iv, aes->keyInit); (word32*)iv, aes->keyInit);
XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag); ret = XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
/* account for additional data */ /* account for additional data */
if (authIn != NULL && authInSz > 0) { if (authIn != NULL && authInSz > 0) {
@ -623,6 +640,12 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out,
return AES_GCM_AUTH_E; return AES_GCM_AUTH_E;
} }
} }
else {
/* if no aad then check the result of the initial tag passed in */
if (ret != XST_SUCCESS) {
return AES_GCM_AUTH_E;
}
}
return 0; return 0;

40
wolfcrypt/src/random.c
View File

@ -809,6 +809,26 @@ static WC_INLINE word64 Entropy_TimeHiRes(void)
); );
return cnt; return cnt;
} }
#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__MICROBLAZE__)
#define LPD_SCNTR_BASE_ADDRESS 0xFF250000
/* Get the high resolution time counter.
* Collect ticks from LPD_SCNTR
* @return 64-bit tick count.
*/
static WC_INLINE word64 Entropy_TimeHiRes(void)
{
word64 cnt;
word32 *ptr;
ptr = (word32*)LPD_SCNTR_BASE_ADDRESS;
cnt = *(ptr+1);
cnt = cnt << 32;
cnt |= *ptr;
return cnt;
}
#elif !defined(ENTROPY_MEMUSE_THREAD) && (_POSIX_C_SOURCE >= 199309L) #elif !defined(ENTROPY_MEMUSE_THREAD) && (_POSIX_C_SOURCE >= 199309L)
/* Get the high resolution time counter. /* Get the high resolution time counter.
* *
@ -3515,6 +3535,26 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
* extern int myRngFunc(byte* output, word32 sz); * extern int myRngFunc(byte* output, word32 sz);
*/ */
#elif defined(__MICROBLAZE__)
#warning weak source of entropy
#define LPD_SCNTR_BASE_ADDRESS 0xFF250000
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
word32* cnt;
word32 i;
/* using current time with srand */
cnt = (word32*)LPD_SCNTR_BASE_ADDRESS;
srand(*cnt | *(cnt+1));
for (i = 0; i < sz; i++)
output[i] = rand();
(void)os;
return 0;
}
#elif defined(WOLFSSL_ZEPHYR) #elif defined(WOLFSSL_ZEPHYR)
#include <version.h> #include <version.h>

4
wolfcrypt/src/sp_int.c
View File

@ -7031,7 +7031,7 @@ int sp_mod_d(const sp_int* a, sp_int_digit d, sp_int_digit* r)
#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_SP_INVMOD)
/* Divides a by 2 and stores in r: r = a >> 1 /* Divides a by 2 and stores in r: r = a >> 1
* *
* @param [in] a SP integer to divide. * @param [in] a SP integer to divide.
@ -19254,7 +19254,7 @@ int sp_prime_is_prime_ex(const sp_int* a, int trials, int* result, WC_RNG* rng)
} }
#endif /* WOLFSSL_SP_PRIME_GEN */ #endif /* WOLFSSL_SP_PRIME_GEN */
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) #if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN)
/* Calculates the Greatest Common Denominator (GCD) of a and b into r. /* Calculates the Greatest Common Denominator (GCD) of a and b into r.
* *

8
wolfssl/wolfcrypt/aes.h
View File

@ -85,10 +85,14 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
#ifdef WOLFSSL_XILINX_CRYPT_VERSAL #ifdef WOLFSSL_XILINX_CRYPT_VERSAL
#include <wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h> #include <wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h>
#include <xsecure_aesclient.h> #include <xsecure_aesclient.h>
#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0 #if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
#endif
#else /* versal */ #else /* versal */
#include <xsecure_aes.h> #include <xsecure_aes.h>
#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP #if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
#endif
#endif /* !versal */ #endif /* !versal */
#endif /* WOLFSSL_XILINX_CRYPT */ #endif /* WOLFSSL_XILINX_CRYPT */

3
wolfssl/wolfcrypt/settings.h
View File

@ -1844,7 +1844,10 @@ extern void uITRON4_free(void *p) ;
#if !defined(WOLFSSL_XILINX_CRYPT_VERSAL) #if !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
#define NO_DEV_RANDOM #define NO_DEV_RANDOM
#endif #endif
#undef NO_WOLFSSL_DIR
#define NO_WOLFSSL_DIR #define NO_WOLFSSL_DIR
#undef HAVE_AESGCM
#define HAVE_AESGCM #define HAVE_AESGCM
#endif #endif

2
wolfssl/wolfcrypt/sp_int.h
View File

@ -1067,7 +1067,7 @@ MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap);
MP_API int sp_prime_is_prime(const sp_int* a, int t, int* result); MP_API int sp_prime_is_prime(const sp_int* a, int t, int* result);
MP_API int sp_prime_is_prime_ex(const sp_int* a, int t, int* result, MP_API int sp_prime_is_prime_ex(const sp_int* a, int t, int* result,
WC_RNG* rng); WC_RNG* rng);
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) #if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN)
MP_API int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r); MP_API int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r);
#endif #endif
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \