mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add AesSetKey fips mode

Browse Source
This commit is contained in:
toddouska 2014-03-19 13:56:11 -07:00
parent faecf7f849
commit 388436c53e
6 changed files with 120 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ctaocrypt/benchmark/benchmark.c
View File

@ -274,13 +274,20 @@ void bench_aes(int show)
Aes enc;
double start, total, persec;
int i;
int ret;
#ifdef HAVE_CAVIUM
if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0)
if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) {
printf("aes init cavium failed\n");
return;
}
#endif
AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION);
ret = AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("AesSetKey failed, ret = %d\n", ret);
return;
}
start = current_time(1);
for(i = 0; i < numBlocks; i++)

6
ctaocrypt/src/aes.c
View File

@ -27,6 +27,11 @@
#ifndef NO_AES
#ifdef HAVE_FIPS
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
#define FIPS_NO_WRAPPERS
#endif
#include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/error.h>
#include <cyassl/ctaocrypt/logging.h>
@ -46,6 +51,7 @@
#endif
#ifdef HAVE_CAVIUM
static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
const byte* iv);

17
ctaocrypt/test/test.c
View File

@ -1860,6 +1860,7 @@ int aes_test(void)
byte cipher[AES_BLOCK_SIZE * 4];
byte plain [AES_BLOCK_SIZE * 4];
int ret;
#ifdef HAVE_CAVIUM
if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0)
@ -1867,8 +1868,12 @@ int aes_test(void)
if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0)
return -20004;
#endif
AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
ret = AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
return -1001;
ret = AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
if (ret != 0)
return -1002;
AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE);
AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE);
@ -1990,13 +1995,17 @@ int aes_test(void)
};
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
ret = AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
if (ret != 0)
return -1003;
AesEncryptDirect(&enc, cipher, niPlain);
if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
return -20006;
XMEMSET(plain, 0, AES_BLOCK_SIZE);
AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
ret = AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
if (ret != 0)
return -1004;
AesDecryptDirect(&dec, plain, niCipher);
if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
return -20007;

14
cyassl/ctaocrypt/aes.h
View File

@ -149,6 +149,20 @@ CYASSL_API int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
CYASSL_API void AesFreeCavium(Aes*);
#endif
#ifdef HAVE_FIPS
/* fips wrapper calls, user can call direct */
CYASSL_API int AesSetKey_fips(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir);
#ifndef FIPS_NO_WRAPPERS
/* if not internal or fips.c consumer force fips calls if fips build */
#define AesSetKey AesSetKey_fips
#endif /* FIPS_NO_WRAPPERS */
#endif /* HAVE_FIPS */
#ifdef __cplusplus
} /* extern "C" */
#endif

34
src/keys.c
View File

@ -1614,6 +1614,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#ifdef BUILD_AES
if (specs->bulk_cipher_algorithm == cyassl_aes) {
int aesRet = 0;
if (enc->aes == NULL)
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL)
@ -1635,20 +1637,28 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
}
#endif
if (side == CYASSL_CLIENT_END) {
AesSetKey(enc->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV,
AES_ENCRYPTION);
AesSetKey(dec->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV,
AES_DECRYPTION);
aesRet = AesSetKey(enc->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV,
AES_ENCRYPTION);
if (aesRet != 0)
return aesRet;
aesRet = AesSetKey(dec->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV,
AES_DECRYPTION);
if (aesRet != 0)
return aesRet;
}
else {
AesSetKey(enc->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV,
AES_ENCRYPTION);
AesSetKey(dec->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV,
AES_DECRYPTION);
aesRet = AesSetKey(enc->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV,
AES_ENCRYPTION);
if (aesRet != 0)
return aesRet;
aesRet = AesSetKey(dec->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV,
AES_DECRYPTION);
if (aesRet != 0)
return aesRet;
}
enc->setup = 1;
dec->setup = 1;

80
src/ssl.c
View File

@ -2018,6 +2018,7 @@ int CyaSSL_Init(void)
XFREE(der.buffer, heap, dynamicType);
return ret;
}
ret = 0; /* back to good status */
if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) {
Des enc;
@ -2031,23 +2032,34 @@ int CyaSSL_Init(void)
}
else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) {
Aes enc;
AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv, AES_DECRYPTION);
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
ret = AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv,
AES_DECRYPTION);
if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
}
else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) {
Aes enc;
AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv, AES_DECRYPTION);
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
ret = AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv,
AES_DECRYPTION);
if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
}
else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) {
Aes enc;
AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv, AES_DECRYPTION);
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
ret = AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv,
AES_DECRYPTION);
if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
}
else {
XFREE(der.buffer, heap, dynamicType);
return SSL_BAD_FILE;
}
if (ret != 0) {
XFREE(der.buffer, heap, dynamicType);
return ret;
}
}
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
@ -6723,6 +6735,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
const CYASSL_EVP_CIPHER* type, byte* key,
byte* iv, int enc)
{
int ret = 0;
CYASSL_ENTER("CyaSSL_EVP_CipherInit");
if (ctx == NULL) {
CYASSL_MSG("no ctx");
@ -6741,9 +6755,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 16;
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key)
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (key) {
ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv);
}
@ -6754,9 +6771,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 24;
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key)
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (key) {
ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv);
}
@ -6767,9 +6787,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 32;
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key)
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (key) {
ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv);
}
@ -6781,9 +6804,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 16;
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key)
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION);
if (key) {
ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv);
}
@ -6794,9 +6820,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 24;
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key)
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION);
if (key) {
ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv);
}
@ -6807,9 +6836,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 32;
if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0;
if (key)
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION);
if (key) {
ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv);
}