Merge pull request #7051 from JacobBarthelmeh/mb

fix and enhancement for AES-GCM use with Xilsecure

Author: SparkiDev

configure.ac

@@ -9093,6 +9093,7 @@ AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_U
 AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
 AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
 AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"])
+AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
 
 if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
    (test "$ax_enable_debug" = "yes" ||

src/include.am

@@ -881,10 +881,14 @@ endif
 
 endif !BUILD_CRYPTONLY
 
+if BUILD_XILINX
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/xilinx/xil-aesgcm.c
+endif
 
 endif !BUILD_FIPS_RAND
 
 if BUILD_ARIA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-crypt.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/aria/aria-cryptocb.c
 endif
+

wolfcrypt/src/port/xilinx/xil-aesgcm.c

@@ -135,7 +135,9 @@ int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
     aes->xKeySize =
             len == AES_128_KEY_SIZE ? XSECURE_AES_KEY_SIZE_128 :
                                       XSECURE_AES_KEY_SIZE_256;
-    XMEMCPY(aes->keyInit, key, len);
+    if (key != NULL) {
+        XMEMCPY(aes->keyInit, key, len);
+    }
 
     return 0;
 }
@@ -478,7 +480,12 @@ int  wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
 {
     XCsuDma_Config* con;
 
-    if (aes == NULL || key == NULL) {
+    if (aes == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (kup == XSECURE_CSU_AES_KEY_SRC_KUP && key == NULL) {
+        WOLFSSL_MSG("Expecting key buffer passed in if using KUP");
         return BAD_FUNC_ARG;
     }
 
@@ -501,7 +508,9 @@ int  wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup)
 
     aes->keylen = len;
     aes->kup    = kup;
-    XMEMCPY((byte*)(aes->keyInit), key, len);
+    if (key != NULL) {
+        XMEMCPY((byte*)(aes->keyInit), key, len);
+    }
 
     return 0;
 }
@@ -538,18 +547,26 @@ int  wc_AesGcmEncrypt(Aes* aes, byte* out,
             return BAD_FUNC_ARG;
         }
 
+    #ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
         tmp = (byte*)XMALLOC(sz + AES_GCM_AUTH_SZ, aes->heap,
             DYNAMIC_TYPE_TMP_BUFFER);
         if (tmp == NULL) {
             return MEMORY_E;
         }
+    #else
+        /* if NO_WOLFSSL_XILINX_TAG_MALLOC is defined than it is assumed that
+         * out buffer is large enough to hold both the cipher out and tag */
+        tmp = out;
+    #endif
 
         XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup, (word32*)iv,
             aes->keyInit);
         XSecure_AesEncryptData(&(aes->xilAes), tmp, in, sz);
-        XMEMCPY(out, tmp, sz);
         XMEMCPY(authTag, tmp + sz, authTagSz);
+    #ifndef NO_WOLFSSL_XILINX_TAG_MALLOC
+        XMEMCPY(out, tmp, sz);
         XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
     }
 
     /* handle completing tag with any additional data */
@@ -610,7 +627,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
     /* calls to hardened crypto */
     XSecure_AesInitialize(&(aes->xilAes), &(aes->dma), aes->kup,
                 (word32*)iv, aes->keyInit);
-    XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
+    ret = XSecure_AesDecryptData(&(aes->xilAes), out, in, sz, tag);
 
     /* account for additional data */
     if (authIn != NULL && authInSz > 0) {
@@ -623,6 +640,12 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out,
             return AES_GCM_AUTH_E;
         }
     }
+    else {
+        /* if no aad then check the result of the initial tag passed in */
+        if (ret != XST_SUCCESS) {
+            return AES_GCM_AUTH_E;
+        }
+    }
 
     return 0;
 

wolfcrypt/src/random.c

@@ -809,6 +809,26 @@ static WC_INLINE word64 Entropy_TimeHiRes(void)
     );
     return cnt;
 }
+#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__MICROBLAZE__)
+
+#define LPD_SCNTR_BASE_ADDRESS 0xFF250000
+
+/* Get the high resolution time counter.
+ * Collect ticks from LPD_SCNTR
+ * @return  64-bit tick count.
+ */
+static WC_INLINE word64 Entropy_TimeHiRes(void)
+{
+    word64 cnt;
+    word32 *ptr;
+
+    ptr = (word32*)LPD_SCNTR_BASE_ADDRESS;
+    cnt = *(ptr+1);
+    cnt = cnt << 32;
+    cnt |= *ptr;
+
+    return cnt;
+}
 #elif !defined(ENTROPY_MEMUSE_THREAD) && (_POSIX_C_SOURCE >= 199309L)
 /* Get the high resolution time counter.
  *
@@ -3515,6 +3535,26 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
      * extern int myRngFunc(byte* output, word32 sz);
      */
 
+#elif defined(__MICROBLAZE__)
+    #warning weak source of entropy
+    #define LPD_SCNTR_BASE_ADDRESS 0xFF250000
+
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        word32* cnt;
+        word32 i;
+
+        /* using current time with srand */
+        cnt = (word32*)LPD_SCNTR_BASE_ADDRESS;
+        srand(*cnt | *(cnt+1));
+
+        for (i = 0; i < sz; i++)
+            output[i] = rand();
+
+        (void)os;
+        return 0;
+    }
+
 #elif defined(WOLFSSL_ZEPHYR)
 
         #include <version.h>

wolfcrypt/src/sp_int.c

@@ -7031,7 +7031,7 @@ int sp_mod_d(const sp_int* a, sp_int_digit d, sp_int_digit* r)
 
 #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
     (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-     !defined(WOLFSSL_RSA_PUBLIC_ONLY))
+     !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_SP_INVMOD)
 /* Divides a by 2 and stores in r: r = a >> 1
  *
  * @param  [in]   a  SP integer to divide.
@@ -19254,7 +19254,7 @@ int sp_prime_is_prime_ex(const sp_int* a, int trials, int* result, WC_RNG* rng)
 }
 #endif /* WOLFSSL_SP_PRIME_GEN */
 
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN)
 
 /* Calculates the Greatest Common Denominator (GCD) of a and b into r.
  *

wolfssl/wolfcrypt/aes.h

@@ -85,10 +85,14 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
 #ifdef WOLFSSL_XILINX_CRYPT_VERSAL
 #include <wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h>
 #include <xsecure_aesclient.h>
-#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
+#if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
+    #define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_AES_USER_KEY_0
+#endif
 #else /* versal */
 #include <xsecure_aes.h>
-#define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
+#if !defined(WOLFSSL_XILINX_AES_KEY_SRC)
+    #define WOLFSSL_XILINX_AES_KEY_SRC XSECURE_CSU_AES_KEY_SRC_KUP
+#endif
 #endif /* !versal */
 #endif /* WOLFSSL_XILINX_CRYPT */
 

wolfssl/wolfcrypt/settings.h

@@ -1844,7 +1844,10 @@ extern void uITRON4_free(void *p) ;
     #if !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
         #define NO_DEV_RANDOM
     #endif
+    #undef  NO_WOLFSSL_DIR
     #define NO_WOLFSSL_DIR
+
+    #undef  HAVE_AESGCM
     #define HAVE_AESGCM
 #endif
 

wolfssl/wolfcrypt/sp_int.h

@@ -1067,7 +1067,7 @@ MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap);
 MP_API int sp_prime_is_prime(const sp_int* a, int t, int* result);
 MP_API int sp_prime_is_prime_ex(const sp_int* a, int t, int* result,
     WC_RNG* rng);
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN)
 MP_API int sp_gcd(const sp_int* a, const sp_int* b, sp_int* r);
 #endif
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \