wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rework of DCP after reviewer's comments.

Browse Source 
- using wolfSSL_CryptHwMutexLock/UnLock as DCP mutex.
- fixed AES Free
- using separate per-channel key store
This commit is contained in:
Daniele Lacamera
2020-09-23 13:08:02 +02:00
committed by David Garske
parent ce62f46442
commit cec3d542d1
5 changed files with 121 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wolfcrypt/src/aes.c
View File

@@ -4195,15 +4195,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
#ifdef WOLFSSL_IMX6_CAAM_BLOB
ForceZero(local, sizeof(local));
#endif
#ifdef WOLFSSL_IMXRT_DCP
ret = 0;
if (len == 16)
ret = DCPAesSetKey(aes, key, len, iv, AES_ENCRYPTION);
if (ret != 0)
return WC_HW_E;
#endif
return ret;
}
@@ -7645,6 +7636,9 @@ void wc_AesFree(Aes* aes)
(defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES))
ForceZero((byte*)aes->devKey, AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE);
#endif
#if defined(WOLFSSL_IMXRT_DCP)
DCPAesFree(aes);
#endif
}

174
wolfcrypt/src/port/nxp/dcp_port.c
View File

@@ -49,23 +49,9 @@
#include "fsl_debug_console.h"
#include "fsl_dcp.h"
static int dcp_is_initialized = 0;
#ifndef SINGLE_THREADED
static wolfSSL_Mutex dcp_mutex;
static void dcp_lock(void)
{
if (!dcp_is_initialized)
return;
wc_LockMutex(&dcp_mutex);
}
static void dcp_unlock(void)
{
if (!dcp_is_initialized)
return;
wc_UnLockMutex(&dcp_mutex);
}
#define dcp_lock() wolfSSL_CryptHwMutexLock()
#define dcp_unlock() wolfSSL_CryptHwMutexLock()
#else
#define dcp_lock() do{}while(0)
#define dcp_unlock() do{}while(0)
@@ -85,7 +71,6 @@ typedef enum _dcp_otp_key_select
static status_t DCP_OTPKeySelect(dcp_otp_key_select keySelect)
{
status_t retval = kStatus_Success;
dcp_lock();
if (keySelect == kDCP_OTPMKKeyLow)
{
IOMUXC_GPR->GPR3 &= ~(1 << IOMUXC_GPR_GPR3_DCP_KEY_SEL_SHIFT);
@@ -114,7 +99,6 @@ static status_t DCP_OTPKeySelect(dcp_otp_key_select keySelect)
{
retval = kStatus_InvalidArgument;
}
dcp_unlock();
return retval;
}
#endif
@@ -125,7 +109,10 @@ static const int dcp_channels[4] = {
kDCP_Channel2,
kDCP_Channel3
};
#ifndef SINGLE_THREADED
static int dcp_status[4] = {0, 0, 0, 0};
#endif
static int dcp_get_channel(void)
{
@@ -133,54 +120,74 @@ static int dcp_get_channel(void)
return dcp_channels[0];
#else
int i;
int ret = 0;
dcp_lock();
for (i = 0; i < 4; i++) {
if (dcp_status[i] == 0) {
dcp_status[i]++;
return dcp_channels[i];
ret = dcp_channels[i];
}
}
return 0;
dcp_unlock();
return ret;
#endif
}
static int dcp_init(void)
static int dcp_key_slot(int ch)
{
int ch = dcp_get_channel();
if (!ch) {
return 0;
}
if (!dcp_is_initialized) {
dcp_config_t dcpConfig;
#ifndef SINGLE_THREADED
/* Initialize and lock mutex */
wc_InitMutex(&dcp_mutex);
dcp_lock();
#endif
DCP_GetDefaultConfig(&dcpConfig);
/* Initialize DCP */
/* Reset and initialize DCP */
DCP_Init(DCP, &dcpConfig);
int ret = -1;
#if DCP_USE_OTP_KEY
/* Set OTP key type in IOMUX registers before initializing DCP. */
/* Software reset of DCP must be issued after changing the OTP key type. */
DCP_OTPKeySelect(kDCP_OTPMKKeyLow);
return kDCP_OtpKey;
#endif
dcp_is_initialized++;
/* Release mutex */
dcp_unlock();
#ifndef SINGLE_THREADED
int i;
dcp_lock();
for (i = 0; i < 4; i++) {
if (ch == dcp_channels[i]) {
ret = i;
break;
}
}
return ch;
dcp_unlock();
#else
ret = 0;
#endif
return ret;
}
static void dcp_fini(int ch)
int wc_dcp_init(void)
{
#ifdef SINGLE_THREADED
dcp_config_t dcpConfig;
dcp_lock();
DCP_GetDefaultConfig(&dcpConfig);
/* Reset and initialize DCP */
DCP_Init(DCP, &dcpConfig);
#if DCP_USE_OTP_KEY
/* Set OTP key type in IOMUX registers before initializing DCP. */
/* Software reset of DCP must be issued after changing the OTP key type. */
DCP_OTPKeySelect(kDCP_OTPMKKeyLow);
#endif
/* Release mutex */
dcp_unlock();
return 0;
}
static void dcp_free(int ch)
{
#ifndef SINGLE_THREADED
int i;
dcp_lock();
for (i = 0; i < 4; i++) {
if (ch == dcp_channels[i])
if (ch == dcp_channels[i]) {
dcp_status[i] = 0;
break;
}
}
dcp_unlock();
#endif
}
@@ -191,17 +198,21 @@ int DCPAesInit(Aes *aes)
int ch;
if (!aes)
return BAD_FUNC_ARG;
ch = dcp_init();
ch = dcp_get_channel();
if (ch == 0)
return WC_PENDING_E;
dcp_lock();
XMEMSET(&aes->handle, 0, sizeof(aes->handle));
aes->handle.channel = ch;
aes->handle.channel = ch;
aes->handle.keySlot = dcp_key_slot(aes->handle.channel);
aes->handle.swapConfig = kDCP_NoSwap;
dcp_unlock();
return 0;
}
void DCPAesFree(Aes *aes)
{
dcp_free(aes->handle.channel);
}
int DCPAesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
int dir)
{
@@ -215,16 +226,10 @@ int DCPAesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
if (len != 16)
return BAD_FUNC_ARG;
if (aes->handle.channel == 0)
if (aes->handle.channel == 0) {
return BAD_FUNC_ARG;
}
dcp_lock();
#if DCP_USE_OTP_KEY
aes->handle.keySlot = kDCP_OtpKey;
#else
aes->handle.keySlot = kDCP_KeySlot0;
#endif
status = DCP_AES_SetKey(DCP, &aes->handle, key, 16);
if (status != kStatus_Success)
status = WC_HW_E;
@@ -270,12 +275,28 @@ int DCPAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
int DCPAesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
return DCP_AES_EncryptEcb(DCP, &aes->handle, in, out, sz);
int ret;
if (sz % 16)
return BAD_FUNC_ARG;
dcp_lock();
ret = DCP_AES_EncryptEcb(DCP, &aes->handle, in, out, sz);
if (ret)
ret = WC_HW_E;
dcp_unlock();
return ret;
}
int DCPAesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
return DCP_AES_DecryptEcb(DCP, &aes->handle, in, out, sz);
int ret;
if (sz % 16)
return BAD_FUNC_ARG;
dcp_lock();
ret = DCP_AES_DecryptEcb(DCP, &aes->handle, in, out, sz);
if (ret)
ret = WC_HW_E;
dcp_unlock();
return ret;
}
#endif
@@ -285,21 +306,25 @@ int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
{
int ret;
int ch;
int keyslot;
if (sha256 == NULL)
return BAD_FUNC_ARG;
ch = dcp_init();
ch = dcp_get_channel();
if (ch == 0)
return WC_PENDING_E;
keyslot = dcp_key_slot(ch);
dcp_lock();
(void)devId;
XMEMSET(sha256, 0, sizeof(wc_Sha256));
sha256->handle.channel = ch;
sha256->handle.keySlot = kDCP_KeySlot0;
sha256->handle.keySlot = keyslot;
sha256->handle.swapConfig = kDCP_NoSwap;
ret = DCP_HASH_Init(DCP, &sha256->handle, &sha256->ctx, kDCP_Sha256);
if (ret != kStatus_Success)
ret = WC_HW_E;
dcp_unlock();
return ret;
}
@@ -311,7 +336,7 @@ int wc_InitSha256(wc_Sha256* sha256)
void DCPSha256Free(wc_Sha256* sha256)
{
if (sha256)
dcp_fini(sha256->handle.channel);
dcp_free(sha256->handle.channel);
}
int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
@@ -328,7 +353,6 @@ int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
return ret;
}
int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
{
int ret;
@@ -357,9 +381,6 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
if ((ret != kStatus_Success) || (outlen != SHA256_DIGEST_SIZE))
ret = WC_HW_E;
else {
sha256->handle.channel = kDCP_Channel1;
sha256->handle.keySlot = kDCP_KeySlot0;
sha256->handle.swapConfig = kDCP_NoSwap;
ret = DCP_HASH_Init(DCP, &sha256->handle, &sha256->ctx, kDCP_Sha256);
if (ret < 0)
ret = WC_HW_E;
@@ -403,14 +424,18 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
{
int ret;
int ch;
int keyslot;
if (sha == NULL)
return BAD_FUNC_ARG;
ch = dcp_init();
ch = dcp_get_channel();
if (ch == 0)
return WC_PENDING_E;
keyslot = dcp_key_slot(ch);
dcp_lock();
(void)devId;
XMEMSET(sha, 0, sizeof(wc_Sha));
sha->handle.channel = ch;
sha->handle.keySlot = kDCP_KeySlot0;
sha->handle.keySlot = keyslot;
sha->handle.swapConfig = kDCP_NoSwap;
ret = DCP_HASH_Init(DCP, &sha->handle, &sha->ctx, kDCP_Sha1);
if (ret != kStatus_Success)
@@ -427,7 +452,7 @@ int wc_InitSha(wc_Sha* sha)
void DCPShaFree(wc_Sha* sha)
{
if (sha)
dcp_fini(sha->handle.channel);
dcp_free(sha->handle.channel);
}
int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
@@ -470,12 +495,9 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
size_t outlen = WC_SHA_DIGEST_SIZE;
dcp_lock();
ret = DCP_HASH_Finish(DCP, &sha->ctx, hash, &outlen);
if ((ret != kStatus_Success) || (outlen != SHA_DIGEST_SIZE))
if ((ret != kStatus_Success) || (outlen != SHA_DIGEST_SIZE)) {
ret = WC_HW_E;
else {
sha->handle.channel = kDCP_Channel1;
sha->handle.keySlot = kDCP_KeySlot0;
sha->handle.swapConfig = kDCP_NoSwap;
} else {
ret = DCP_HASH_Init(DCP, &sha->handle, &sha->ctx, kDCP_Sha1);
if (ret < 0)
ret = WC_HW_E;

11
wolfcrypt/src/wc_port.c
View File

@@ -75,6 +75,10 @@
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#endif
#ifdef WOLFSSL_IMXRT_DCP
#include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
@@ -109,7 +113,6 @@ static volatile int initRefCount = 0;
int wolfCrypt_Init(void)
{
int ret = 0;
if (initRefCount == 0) {
WOLFSSL_ENTER("wolfCrypt_Init");
@@ -264,6 +267,12 @@ int wolfCrypt_Init(void)
}
#endif
#ifdef WOLFSSL_IMXRT_DCP
if ((ret = wc_dcp_init()) != 0) {
return ret;
}
#endif
#if defined(WOLFSSL_DSP) && !defined(WOLFSSL_DSP_BUILD)
if ((ret = wolfSSL_InitHandle()) != 0) {
return ret;

4
wolfssl/wolfcrypt/port/nxp/dcp_port.h
View File

@@ -36,7 +36,11 @@
#include "fsl_debug_console.h"
#include "fsl_dcp.h"
int wc_dcp_init(void);
int DCPAesInit(Aes* aes);
void DCPAesFree(Aes *aes);
int DCPAesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
int dir);
int DCPAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);

6
wolfssl/wolfcrypt/settings.h
View File

@@ -1621,6 +1621,12 @@ extern void uITRON4_free(void *p) ;
#endif
#endif
/* If DCP is used without SINGLE_THREADED, enforce WOLFSSL_CRYPT_HW_MUTEX */
#if defined(WOLFSSL_IMXRT_DCP) && !defined(SINGLE_THREADED)
#undef WOLFSSL_CRYPT_HW_MUTEX
#define WOLFSSL_CRYPT_HW_MUTEX 1
#endif
#if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \
!defined(WOLFSSL_LEANPSK) && !defined(NO_WOLFSSL_MEMORY) && \
!defined(XMALLOC_OVERRIDE)