Merge pull request #1 from auth12/windows

Windows
author: auth12 <[email protected]> 2020-07-19 11:57:04 -0700
committer: GitHub <[email protected]> 2020-07-19 11:57:04 -0700
commit: 1bae439a35a3aadca6772716aaeea8c8a0991114 (patch)
tree: f8eab7a7bae237ad697feecfae26b17bab91b16e /client/wolfssl/wolfcrypt/src/port/xilinx
parent: More placeholders and general plan. (diff)
parent: Merge branch 'master' into windows (diff)
download: loader-1bae439a35a3aadca6772716aaeea8c8a0991114.tar.xz
loader-1bae439a35a3aadca6772716aaeea8c8a0991114.zip
2 files changed, 360 insertions, 0 deletions
diff --git a/client/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c b/client/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c
new file mode 100644
index 0000000..6af4b31
--- /dev/null
+++ b/client/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c
@@ -0,0 +1,202 @@
+/* xil-aesgcm.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(NO_AES) && defined(WOLFSSL_XILINX_CRYPT)
+
+#include <wolfssl/wolfcrypt/aes.h>
+
+
+#ifdef HAVE_AESGCM
+/* Make calls to Xilinx hardened AES-GCM crypto */
+
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include "xparameters.h"
+
+enum {
+    AEAD_NONCE_SZ       = 12,
+    AES_GCM_AUTH_SZ     = 16, /* AES-GCM Auth Tag length    */
+};
+
+
+int  wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
+{
+    XCsuDma_Config* con;
+
+    if (aes == NULL || key == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (len != 32) {
+        WOLFSSL_MSG("Expecting a 256 bit key");
+        return BAD_FUNC_ARG;
+    }
+
+    if ((con = XCsuDma_LookupConfig(0)) == NULL) {
+        WOLFSSL_MSG("Failed to look up config");
+        return MEMORY_E;
+    }
+
+    /* XST_SUCCESS comes from Xilinx header file */
+    if (XCsuDma_CfgInitialize(&(aes->dma), con, con->BaseAddress) !=
+            XST_SUCCESS) {
+        WOLFSSL_MSG("Failed to initialize hardware");
+        return MEMORY_E;
+    }
+
+    aes->keylen = len;
+    aes->kup    = kup;
+    XMEMCPY((byte*)(aes->key_init), key, len);
+
+    return 0;
+}
+
+
+
+int  wc_AesGcmEncrypt(Aes* aes, byte* out,
+                                   const byte* in, word32 sz,
+                                   const byte* iv, word32 ivSz,
+                                   byte* authTag, word32 authTagSz,
+                                   const byte* authIn, word32 authInSz)
+{
+    byte* tmp;
+    byte scratch[AES_BLOCK_SIZE];
+    byte initalCounter[AES_BLOCK_SIZE];
+
+    if ((in == NULL && sz > 0) || iv == NULL || authTag == NULL ||
+            authTagSz > AES_GCM_AUTH_SZ) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (ivSz != AEAD_NONCE_SZ) {
+        WOLFSSL_MSG("Expecting an IV size of 12");
+        return BAD_FUNC_ARG;
+    }
+
+    /* API expects that output is size of input + 16 byte tag. A temporary
+     * buffer is created to keep AES encrypt from writing over the end of
+     * out buffer. */
+    if (in != NULL) {
+        if (aes->keylen != 32) {
+            WOLFSSL_MSG("Expecting 256 bit AES key");
+            return BAD_FUNC_ARG;
+        }
+
+        tmp = (byte*)XMALLOC(sz + AES_GCM_AUTH_SZ, aes->heap,
+            DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmp == NULL) {
+            return MEMORY_E;
+        }
+
+        XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv,
+            aes->key_init);
+        XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
+        XMEMCPY(out, tmp, sz);
+        XMEMCPY(authTag, tmp + sz, authTagSz);
+        XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+
+    /* handle completing tag with any additional data */
+    if (authIn != NULL) {
+        /* @TODO avoid hashing out again since Xilinx call already does */
+        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        XMEMCPY(initalCounter, iv, ivSz);
+        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
+        wc_AesEncryptDirect(aes, scratch, initalCounter);
+        xorbuf(authTag, scratch, authTagSz);
+    }
+
+    return 0;
+}
+
+
+int  wc_AesGcmDecrypt(Aes* aes, byte* out,
+                                   const byte* in, word32 sz,
+                                   const byte* iv, word32 ivSz,
+                                   const byte* authTag, word32 authTagSz,
+                                   const byte* authIn, word32 authInSz)
+{
+    byte* tag;
+    byte buf[AES_GCM_AUTH_SZ];
+    byte scratch[AES_BLOCK_SIZE];
+    byte initalCounter[AES_BLOCK_SIZE];
+
+    if (in == NULL || iv == NULL || authTag == NULL ||
+            authTagSz < AES_GCM_AUTH_SZ) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (ivSz != AEAD_NONCE_SZ) {
+        WOLFSSL_MSG("Expecting an IV size of 12");
+        return BAD_FUNC_ARG;
+    }
+
+    /* account for additional data */
+    if (authIn != NULL && authInSz > 0) {
+        XMEMSET(initalCounter, 0, AES_BLOCK_SIZE);
+        XMEMCPY(initalCounter, iv, ivSz);
+        initalCounter[AES_BLOCK_SIZE - 1] = 1;
+        tag = buf;
+        GHASH(aes, NULL, 0, in, sz, tag, AES_GCM_AUTH_SZ);
+        wc_AesEncryptDirect(aes, scratch, initalCounter);
+        xorbuf(tag, scratch, AES_GCM_AUTH_SZ);
+    }
+    else {
+        tag = authTag;
+    }
+
+    /* calls to hardened crypto */
+    XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
+                (word32*)iv, aes->key_init);
+    XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
+
+    /* account for additional data */
+    if (authIn != NULL && authInSz > 0) {
+        GHASH(aes, authIn, authInSz, in, sz, tag, AES_GCM_AUTH_SZ);
+        wc_AesEncryptDirect(aes, scratch, initalCounter);
+        xorbuf(tag, scratch, AES_GCM_AUTH_SZ);
+        if (ConstantCompare(authTag, tag, authTagSz) != 0) {
+            return AES_GCM_AUTH_E;
+        }
+    }
+
+    return 0;
+
+}
+#endif /* HAVE_AESGCM */
+
+#endif
diff --git a/client/wolfssl/wolfcrypt/src/port/xilinx/xil-sha3.c b/client/wolfssl/wolfcrypt/src/port/xilinx/xil-sha3.c
new file mode 100644
index 0000000..a9db6b9
--- /dev/null
+++ b/client/wolfssl/wolfcrypt/src/port/xilinx/xil-sha3.c
@@ -0,0 +1,158 @@
+/* xil-sha3.c
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_XILINX_CRYPT)
+
+#include <wolfssl/wolfcrypt/sha3.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+
+#if !defined(WOLFSSL_NOSHA3_224) || !defined(WOLFSSL_NOSHA3_256) \
+    || !defined(WOLFSSL_NOSHA3_512)
+    #error sizes of SHA3 other than 384 are not supported
+#endif
+
+/* Initialize hardware for SHA3 operations
+ *
+ * sha   SHA3 structure to initialize
+ * heap  memory heap hint to use
+ * devId used for async operations (currently not supported here)
+ */
+int wc_InitSha3_384(wc_Sha3* sha, void* heap, int devId)
+{
+    XCsuDma_Config* con;
+
+    (void)heap;
+    (void)devId;
+
+    if (sha == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if ((con = XCsuDma_LookupConfig(0)) == NULL) {
+        WOLFSSL_MSG("Unable to look up configure for SHA3");
+        return BAD_STATE_E;
+    }
+
+    /* XST_SUCCESS is success macro from Xilinx header */
+    if (XCsuDma_CfgInitialize(&(sha->dma), con, con->BaseAddress) !=
+            XST_SUCCESS) {
+        WOLFSSL_MSG("Unable to initialize CsuDma");
+        return BAD_STATE_E;
+    }
+
+    XSecure_Sha3Initialize(&(sha->hw), &(sha->dma));
+    XSecure_Sha3Start(&(sha->hw));
+
+    return 0;
+}
+
+
+/* Update SHA3 state
+ *
+ * sha   SHA3 structure to update
+ * data  message to update SHA3 state with
+ * len   length of data buffer
+ */
+int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len)
+{
+    if (sha == NULL ||  (data == NULL && len > 0)) {
+        return BAD_FUNC_ARG;
+    }
+    XSecure_Sha3Update(&(sha->hw), (byte*)data, len);
+
+    return 0;
+}
+
+
+/* Finalize SHA3 state and get digest
+ *
+ * sha  SHA3 structure to get hash
+ * out  digest out, expected to be large enough to hold SHA3 digest
+ */
+int wc_Sha3_384_Final(wc_Sha3* sha, byte* out)
+{
+    if (sha == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+    XSecure_Sha3Finish(&(sha->hw), out);
+
+    return wc_InitSha3_384(sha, NULL, INVALID_DEVID);
+}
+
+
+/* Free SHA3 structure
+ *
+ * sha  SHA3 structure to free
+ */
+void wc_Sha3_384_Free(wc_Sha3* sha)
+{
+    (void)sha;
+    /* nothing to free yet */
+}
+
+
+/* Get SHA3 digest without finalize SHA3 state
+ *
+ * sha  SHA3 structure to get hash
+ * out  digest out, expected to be large enough to hold SHA3 digest
+ */
+int wc_Sha3_384_GetHash(wc_Sha3* sha, byte* out)
+{
+    wc_Sha3 s;
+
+    if (sha == NULL || out == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (wc_Sha3_384_Copy(sha, &s) != 0) {
+        WOLFSSL_MSG("Unable to copy SHA3 structure");
+        return MEMORY_E;
+    }
+
+    return wc_Sha3_384_Final(&s, out);
+}
+
+
+/* Get copy of SHA3 structure
+ *
+ * src SHA3 structure to make copy of
+ * dst [out]structure to hold copy
+ */
+int wc_Sha3_384_Copy(wc_Sha3* src, wc_Sha3* dst)
+{
+    if (src == NULL || dst== NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMCPY((byte*)dst, (byte*)src, sizeof(wc_Sha3));
+    return 0;
+}
+
+#endif
author	auth12 <[email protected]>	2020-07-19 11:57:04 -0700
committer	GitHub <[email protected]>	2020-07-19 11:57:04 -0700
commit	1bae439a35a3aadca6772716aaeea8c8a0991114 (patch)
tree	f8eab7a7bae237ad697feecfae26b17bab91b16e /client/wolfssl/wolfcrypt/src/port/xilinx
parent	More placeholders and general plan. (diff)
parent	Merge branch 'master' into windows (diff)
download	loader-1bae439a35a3aadca6772716aaeea8c8a0991114.tar.xz loader-1bae439a35a3aadca6772716aaeea8c8a0991114.zip