Commit Graph

537 Commits

Author SHA1 Message Date
Sean Parkinson e1274013d8 AES: NO_AES_DECRYPT defined
Allow code to compile with NO_AES_DECRYPT with AES modes enabled and
disabled.
2024-05-14 16:27:36 +10:00
Daniel Pouzzner 4cc27fa58b rename WC_AES_C_DYNAMIC_FALLBACK to WC_C_DYNAMIC_FALLBACK. 2024-04-27 12:35:23 -05:00
András Fekete a75c2befb5 Add CUDA support (#7436)
* Redirect the AesEncrypt_C call to device
* Fix function declarations
* Force CC=nvcc with CUDA
* Don't let C++ mangle function names
* Add larger parallelization
* Add in memory copy to device
* `nvcc` does not support '-Wall' nor '-Wno-unused'
* Add in README.md
* Clean up script to output color coded data
* Fix Asymmetric cipher comparisons
* Add in standard output parsing in addition to the CSV
* Add option to output results in a CSV

---------

Co-authored-by: Andras Fekete <andras@wolfssl.com>
2024-04-23 08:26:27 -07:00
David Garske 3a89c452b3 Merge pull request #7454 from lealem47/stm32AesCtr
Fix for AES CTR on STM32
2024-04-22 10:04:06 -07:00
Lealem Amedie 9bc0e31a32 Fix for AES CTR on STM32 2024-04-19 12:35:33 -06:00
JacobBarthelmeh 69be7a7c54 Merge pull request #7431 from lealem47/aes_cfb
Fix for AES-CFB1 encrypt/decrypt on size (8*x-1) bits
2024-04-19 10:55:27 -06:00
Lealem Amedie 295033441c Fix for AES-CFB1 encrypt/decrypt on size (8*x-1) bits 2024-04-18 11:31:28 -06:00
Daniel Pouzzner 9f55dba2f2 wolfcrypt/src/aes.c: in AES-XTS AESNI, use cautious strategy as in AESGCM_STREAM for SAVE_VECTOR_REGISTERS, due to random failures seen with DEBUG_VECTOR_REGISTER_ACCESS_FUZZING using the old per-call fallback strategy. 2024-04-17 00:43:41 -05:00
kaleb-himes e45867bbc3 WIN fips section refactor / wolfEntropy API syntax adjustment 2024-04-09 09:48:33 -06:00
kaleb-himes 2e63ae750d Comments for SP800-38E TODO, wolfEntropy optional setup and remove forced errors api.c 2024-04-09 09:48:33 -06:00
kaleb_himes 81f5ac7f6c SRTP-KDF FS Preview 2024-04-09 09:48:33 -06:00
Sean Parkinson d5142d8553 Merge pull request #7234 from douzzer/20240208-test-config-and-linuxkm-tweaks
20240208-test-config-and-linuxkm-tweaks
2024-02-12 22:50:28 +10:00
Daniel Pouzzner 63fe12efe3 wolfcrypt/src/aes.c: fix WOLFSSL_AESGCM_STREAM && WC_AES_C_DYNAMIC_FALLBACK: establish AESNI status dynamically at time of wc_AesGcmSetKey(), and stick to it (or return failure) until the next wc_AesGcmSetKey(). this matches the semantics of the Linux kernel in-tree implementation, allowing safe registration of the wolfCrypt AESNI implementation with the LKCAPI.
configure.ac: move enable_aesgcm_stream=yes clauses in enable-all and enable-all-crypto to the main section, from the !ENABLED_LINUXKM_DEFAULTS section, and in ENABLED_LINUXKM_LKCAPI_REGISTER setup, remove the !ENABLED_AESNI from the condition for forcing on ENABLED_AESGCM_STREAM.

linuxkm/lkcapi_glue.c:
* remove all special-casing for AES-GCM with AESNI.
* add support for a LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING macro.

wolfssl/wolfcrypt/memory.h: add missing definition of SAVE_VECTOR_REGISTERS2() when DEBUG_VECTOR_REGISTER_ACCESS_FUZZING && !DEBUG_VECTOR_REGISTER_ACCESS.

wolfcrypt/src/memory.c:
* define SAVE_VECTOR_REGISTERS2_fuzzer() if DEBUG_VECTOR_REGISTER_ACCESS_FUZZING, regardless of DEBUG_VECTOR_REGISTER_ACCESS.
* add a DEBUG_VECTOR_REGISTER_ACCESS clause to the !HAVE_THREAD_LS version of SAVE_VECTOR_REGISTERS2_fuzzer().

wolfcrypt/test/test.c: remove several errant wc_AesFree()s in aes256_test().
2024-02-10 01:09:15 -06:00
gojimmypi bf29066d70 Add wolfSSL debug messages 2024-02-08 17:22:36 -08:00
Daniel Pouzzner 3a280e8295 linuxkm fixes:
linuxkm/linuxkm_wc_port.h: add fallback definition for static_assert() to support legacy kernels.
wolfcrypt/src/aes.c: fix AESNI runtime failure/fallback logic in wc_AesXtsSetKeyNoInit().
2024-02-03 13:46:45 -06:00
Daniel Pouzzner 11e8a89f67 wolfcrypt/src/aes.c: coddle XCode (clang) to clear frivolous -Wparentheses-equality. 2024-01-29 17:58:13 -06:00
Daniel Pouzzner 6261108d49 linuxkm: fix line lengths throughout; in linuxkm/lkcapi_glue.c: fix/harmonize error catching, reporting, and error codes; further address peer review feedback. 2024-01-29 17:48:31 -06:00
Daniel Pouzzner 1fc67183a5 linuxkm: address peer review:
* support AES_ENCRYPTION_AND_DECRYPTION only if WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS is defined, and define it in linuxkm_wc_port.h if LINUXKM_LKCAPI_REGISTER.
* fix a typo in km_AesInitCommon().
* remove #if 0 code in lkcapi_glue.c.
2024-01-28 23:58:46 -06:00
Daniel Pouzzner b1e5d0f9bb linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.

linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.

configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).

linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.

linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.

linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.

linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.

wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
Daniel Pouzzner 39c74a9bf8 AES-XTS:
split XtsAes.aes in two, XtsAes.aes_encrypt and XtsAes.aes_decrypt, and add AES_ENCRYPTION_AND_DECRYPTION option constant, to accommodate Linux kernel crypto API model.
in wc_AesXtsSetKeyNoInit(), add FIPS check that main and tweak keys differ, and allow setting encrypt and decrypt keys simultaneously using AES_ENCRYPTION_AND_DECRYPTION.
in wc_AesXtsEncrypt() and wc_AesXtsDecrypt(), error if the required subkey has not been set.
2024-01-26 15:22:34 -06:00
Andras Fekete 2c162ffb97 Make sure aes->rounds is initialized
Warning 684346.5627323
2024-01-19 10:39:33 -05:00
David Garske 9e28d5010c Fixes for ARM ASM with Thumb. Fix for AES ECB build with Thumb. Add alignment to thumb2 AES tables. Refactor alignment macros and expose generic alignment macro XALIGNED. The WOLFSSL_USE_ALIGN still controls alignment enablement in wolfSSL/wolfCrypt. ZD 17225 and ZD 17226 2024-01-05 08:16:02 -08:00
Daniel Pouzzner 931ac4e568 add documentation for wc_AesXtsInit(), wc_AesXtsSetKeyNoInit(), wc_CmacFinalNoFree(), and wc_CmacFree();
rename wc_AesXtsSetKey_NoInit() to wc_AesXtsSetKeyNoInit() for morphological consistency;

refactor wc_AesXtsSetKey() to call wc_AesXtsSetKeyNoInit() and clean up on failure;

readability tweak in wolfSSL_EVP_CipherFinal().
2023-12-06 19:26:46 -06:00
Daniel Pouzzner b14aba48af wolfcrypt/src/cmac.c: add wc_CmacFree(), revert wc_CmacFinal(), rename wc_CmacFinal() as wc_CmacFinalNoFree() removing its deallocation clauses, and add new wc_CmacFinal() that calls wc_CmacFinalNoFree() then calls wc_CmacFree() unconditionally, for compatibility with legacy client code (some of which may have previously leaked).
tests/api.c: modify test_wc_CmacFinal() to use wc_CmacFinalNoFree() except for the final call.

wolfcrypt/src/aes.c:
* fix wc_AesEaxEncryptAuth() and wc_AesEaxDecryptAuth() to call wc_AesEaxFree() only if wc_AesEaxInit() succeeded.
* fix wc_AesEaxInit() to free all resources on failure.
* revert wc_AesEaxEncryptFinal() and wc_AesEaxDecryptFinal() changes, then change wc_CmacFinal() calls in them to wc_CmacFinalNoFree() calls.
* wc_AesEaxFree(): add wc_CmacFree() calls.
2023-12-06 16:55:57 -06:00
Daniel Pouzzner 689a82a622 fix AES-related code, in both crypto and TLS layers, for various uninitialized data and resource leak defects around wc_AesInit() and wc_AesFree():
* followup to https://github.com/wolfSSL/wolfssl/pull/7009 "20231128-misc-fixes" and  https://github.com/wolfSSL/wolfssl/pull/7011 "Add missing wc_AesInit calls."

* adds WC_DEBUG_CIPHER_LIFECYCLE, which embeds asserts in low-level AES implementations for proper usage of wc_AesInit() and wc_AesFree().

* fixes native CMAC, AES-EAX, and AES-XTS implementations to assure resource release.

* adds missing wc_AesXtsInit() API, and adds a new wc_AesXtsSetKey_NoInit().

* fixes misspellings in EVP that unconditionally gated out AES-OFB and AES-XTS.

* fixes misspellings in EVP that unconditionally gated out AES-CBC and AES-CFB code in wolfSSL_EVP_CIPHER_CTX_cleanup_cipher().

* openssl compat AES low level cipher API has no counterpart to wc_AesFree(), so these compat APIs will now be gated out in configurations where they would otherwise leak memory or file descriptors (WOLFSSL_AFALG, WOLFSSL_DEVCRYPTO, WOLF_CRYPTO_CB, etc.).  A new macro, WC_AESFREE_IS_MANDATORY, is defined in wolfcrypt/aes.h to streamline this dependency.

* fixes 40 missing EVP_CIPHER_CTX_cleanup()s and 11 wc_AesFree()s in src/ssl.c, src/ssl_crypto.c, tests/api.c, and wolfcrypt/test/test.c.
2023-12-05 15:58:09 -06:00
Daniel Pouzzner 4642077146 src/ssl.c: remove frivolous (void)heap to clear -Wdeclaration-after-statement.
wolfcrypt/src/aes.c: add NEED_AES_TABLES gate around AesSetKey_C() implementations (fixes WOLFSSL_KCAPI_AES builds, probably among others).

wolfcrypt/src/sp_int.c: add missing casts to clear -Wconversions.
2023-11-28 23:25:31 -06:00
JacobBarthelmeh 12ee732fe2 Merge pull request #6981 from douzzer/20231102-vector-register-dynamic-fallback-aes
20231102-vector-register-dynamic-fallback-aes
2023-11-28 13:15:02 -07:00
gojimmypi 7e69030df1 Espressif ESP32-C3 ESP32-C6 ESP32-S2 Hardware Acceleration 2023-11-20 18:05:18 -08:00
David Garske 7566328610 Implement proper wc_AesSetKeyLocal for NXP/Freescale MMCAU and LTC. This is required for AES CTR and AES Direct. 2023-11-20 08:15:50 -08:00
Anthony Hu 3fa612f49f Fix build errors when defining FREESCALE_MMCAU 2023-11-20 08:15:45 -08:00
Daniel Pouzzner efa61ade89 wolfcrypt/src/aes.c: add fallthrough no-op definitions for VECTOR_REGISTERS_{PUSH,POP} to cover WOLFSSL_TI_CRYPT || WOLFSSL_ARMASM. 2023-11-17 16:55:40 -06:00
Daniel Pouzzner a10260ca5f refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.

wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(),  wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).

wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.

wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.

wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.

wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.

linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().

wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().

configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."

wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).

wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).

wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).

wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().

wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.

wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).

wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.

wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
Daniel Pouzzner 748b058dde wolfcrypt/src/aes.c: fix for -Wrestrict in wc_AesCbcDecrypt() when WOLFSSL_AESNI. 2023-11-15 00:51:21 -06:00
Sean Parkinson 5b863dcb12 AES bitsliced implementation added
AES bitsliced implementation that is cache attack safe.
Configure with:
  --enable-aes-bitslice
or define:
  WC_AES_BITSLICE
  HAVE_AES_ECB
  HAVE_AES_DIRECT
Very slow for CBC, CFB, OFB and any mode that uses a previous encrypt
block to calculate current.
CTR, GCM, XTS can parallelize the data and be much faster.

Added AES-ECB test to test.c.
2023-11-03 14:19:58 +10:00
jordan 34f349e510 Used codespell and fixed obvious typos. 2023-11-01 10:35:12 -05:00
Brett d805e06469 add AesEax struct to header for public use 2023-10-18 09:23:39 -06:00
Daniel Pouzzner 3a195563f7 wolfcrypt/src/aes.c: fix zerodivcond and -Wconversion in wc_AesXtsEncryptConsecutiveSectors() and wc_AesXtsDecryptConsecutiveSectors().
wolfcrypt/test/test.c: add missing FIPS gating around AES-XTS testing.
2023-10-12 12:08:16 -05:00
JacobBarthelmeh 0e35e9cbbe Merge pull request #6806 from lealem47/XTS
Add XTS API's required for VeraCrypt
2023-10-11 13:35:45 -06:00
Lealem Amedie e7eec645b0 Sanity checks and correct comment 2023-10-11 12:03:02 -06:00
JacobBarthelmeh 5e4baf898c Merge pull request #6786 from SparkiDev/aes_gcm_align_arm_fix
AES GCM ARM32 alignment fix
2023-10-11 10:18:11 -06:00
Lealem Amedie a27b49882d Add XTS API's required for VeraCrypt 2023-10-10 15:09:35 -06:00
Daniel Pouzzner 61371d403a minor fixes for AES-EAX implementation and test routines. 2023-10-08 18:02:52 -05:00
JacobBarthelmeh fd2d098566 Merge pull request #6821 from bigbrett/aes-eax
AES EAX mode
2023-10-06 14:14:28 -06:00
Brett Nicholas fafb9e81c0 Add support for AES EAX mode, as described in https://eprint.iacr.org/2003/069 2023-10-06 11:10:06 -06:00
Sean Parkinson 862a98abe0 Aarch64 and ARM32 AES XTS with crypto instructions
Optimised assembly of AES-XTS for Aarch64 and ARM32 using hardware
crypto instructions.
Aarch64 has loop unrolling.
Update aes.c to not have AES-XTS implementation when assembly
compilable.
Update test of AES-XTS to check expected cipher text of partial block
encryption.
2023-10-06 12:39:31 +10:00
Sean Parkinson 3ea0fb30dd AES XTS x64 ASM: add AVX1 and AESNI implementations
Adding AES-XTS AVX1 and AESNI implementations.
Fix name in comment at top of x64 assembly files.
2023-09-28 14:44:23 -05:00
David Garske f7ca923b4b Merge pull request #6783 from bandi13/more_async_cb
More async cb
2023-09-20 10:16:08 -07:00
Hideki Miyazaki 8f9c3716ed fix ra6m4 port 2023-09-20 09:00:22 +09:00
Chris Conlon 5bc5b8a99b Merge pull request #6768 from miyazakh/renesas_rz
Renesas RZN2L support
2023-09-19 14:38:03 -06:00
Andras Fekete ad9779cdc1 Explicitly define code with WOLFCRYPT_ASYNC_CRYPT_SW 2023-09-19 13:10:16 -04:00