c1640e8a3d
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
271 lines
7.9 KiB
C
271 lines
7.9 KiB
C
/* crypto.h
|
|
*
|
|
* Copyright (C) 2006-2016 wolfSSL Inc.
|
|
*
|
|
* This file is part of wolfSSL.
|
|
*
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
*/
|
|
|
|
|
|
|
|
/* Defines Microchip CRYPTO API layer */
|
|
|
|
|
|
#ifndef MC_CRYPTO_API_H
|
|
#define MC_CRYPTO_API_H
|
|
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/* MD5 */
|
|
typedef struct CRYPT_MD5_CTX {
|
|
int holder[28]; /* big enough to hold internal, but check on init */
|
|
} CRYPT_MD5_CTX;
|
|
|
|
int CRYPT_MD5_Initialize(CRYPT_MD5_CTX*);
|
|
int CRYPT_MD5_DataAdd(CRYPT_MD5_CTX*, const unsigned char*, unsigned int);
|
|
int CRYPT_MD5_Finalize(CRYPT_MD5_CTX*, unsigned char*);
|
|
|
|
enum {
|
|
CRYPT_MD5_DIGEST_SIZE = 16
|
|
};
|
|
|
|
|
|
/* SHA */
|
|
typedef struct CRYPT_SHA_CTX {
|
|
int holder[28]; /* big enough to hold internal, but check on init */
|
|
} CRYPT_SHA_CTX;
|
|
|
|
int CRYPT_SHA_Initialize(CRYPT_SHA_CTX*);
|
|
int CRYPT_SHA_DataAdd(CRYPT_SHA_CTX*, const unsigned char*, unsigned int);
|
|
int CRYPT_SHA_Finalize(CRYPT_SHA_CTX*, unsigned char*);
|
|
|
|
enum {
|
|
CRYPT_SHA_DIGEST_SIZE = 20
|
|
};
|
|
|
|
|
|
/* SHA-256 */
|
|
typedef struct CRYPT_SHA256_CTX {
|
|
int holder[32]; /* big enough to hold internal, but check on init */
|
|
} CRYPT_SHA256_CTX;
|
|
|
|
int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX*);
|
|
int CRYPT_SHA256_DataAdd(CRYPT_SHA256_CTX*, const unsigned char*, unsigned int);
|
|
int CRYPT_SHA256_Finalize(CRYPT_SHA256_CTX*, unsigned char*);
|
|
|
|
enum {
|
|
CRYPT_SHA256_DIGEST_SIZE = 32
|
|
};
|
|
|
|
|
|
/* SHA-384 */
|
|
typedef struct CRYPT_SHA384_CTX {
|
|
long long holder[36]; /* big enough to hold internal, but check on init */
|
|
} CRYPT_SHA384_CTX;
|
|
|
|
int CRYPT_SHA384_Initialize(CRYPT_SHA384_CTX*);
|
|
int CRYPT_SHA384_DataAdd(CRYPT_SHA384_CTX*, const unsigned char*, unsigned int);
|
|
int CRYPT_SHA384_Finalize(CRYPT_SHA384_CTX*, unsigned char*);
|
|
|
|
enum {
|
|
CRYPT_SHA384_DIGEST_SIZE = 48
|
|
};
|
|
|
|
|
|
/* SHA-512 */
|
|
typedef struct CRYPT_SHA512_CTX {
|
|
long long holder[36]; /* big enough to hold internal, but check on init */
|
|
} CRYPT_SHA512_CTX;
|
|
|
|
int CRYPT_SHA512_Initialize(CRYPT_SHA512_CTX*);
|
|
int CRYPT_SHA512_DataAdd(CRYPT_SHA512_CTX*, const unsigned char*, unsigned int);
|
|
int CRYPT_SHA512_Finalize(CRYPT_SHA512_CTX*, unsigned char*);
|
|
|
|
enum {
|
|
CRYPT_SHA512_DIGEST_SIZE = 64
|
|
};
|
|
|
|
|
|
/* HMAC */
|
|
typedef struct CRYPT_HMAC_CTX {
|
|
long long holder[72]; /* big enough to hold internal, but check on init */
|
|
} CRYPT_HMAC_CTX;
|
|
|
|
int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX*, int, const unsigned char*, unsigned int);
|
|
int CRYPT_HMAC_DataAdd(CRYPT_HMAC_CTX*, const unsigned char*, unsigned int);
|
|
int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX*, unsigned char*);
|
|
|
|
/* HMAC types */
|
|
enum {
|
|
CRYPT_HMAC_SHA = 1,
|
|
CRYPT_HMAC_SHA256 = 2,
|
|
CRYPT_HMAC_SHA384 = 5,
|
|
CRYPT_HMAC_SHA512 = 4
|
|
};
|
|
|
|
|
|
/* Huffman */
|
|
int CRYPT_HUFFMAN_Compress(unsigned char*, unsigned int, const unsigned char*,
|
|
unsigned int, unsigned int);
|
|
int CRYPT_HUFFMAN_DeCompress(unsigned char*, unsigned int, const unsigned char*,
|
|
unsigned int);
|
|
|
|
/* flag to use static huffman */
|
|
enum {
|
|
CRYPT_HUFFMAN_COMPRESS_STATIC = 1
|
|
};
|
|
|
|
|
|
/* RNG */
|
|
typedef struct CRYPT_RNG_CTX {
|
|
int holder[66]; /* big enough to hold internal, but check on init */
|
|
} CRYPT_RNG_CTX;
|
|
|
|
int CRYPT_RNG_Initialize(CRYPT_RNG_CTX*);
|
|
int CRYPT_RNG_Get(CRYPT_RNG_CTX*, unsigned char*);
|
|
int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX*, unsigned char*, unsigned int);
|
|
|
|
|
|
/* TDES */
|
|
typedef struct CRYPT_TDES_CTX {
|
|
int holder[104]; /* big enough to hold internal, but check on init */
|
|
} CRYPT_TDES_CTX;
|
|
|
|
int CRYPT_TDES_KeySet(CRYPT_TDES_CTX*, const unsigned char*,
|
|
const unsigned char*, int);
|
|
int CRYPT_TDES_IvSet(CRYPT_TDES_CTX*, const unsigned char*);
|
|
int CRYPT_TDES_CBC_Encrypt(CRYPT_TDES_CTX*, unsigned char*,
|
|
const unsigned char*, unsigned int);
|
|
int CRYPT_TDES_CBC_Decrypt(CRYPT_TDES_CTX*, unsigned char*,
|
|
const unsigned char*, unsigned int);
|
|
|
|
/* key direction flags for setup */
|
|
enum {
|
|
CRYPT_TDES_ENCRYPTION = 0,
|
|
CRYPT_TDES_DECRYPTION = 1
|
|
};
|
|
|
|
|
|
/* AES */
|
|
typedef struct CRYPT_AES_CTX {
|
|
int holder[78]; /* big enough to hold internal, but check on init */
|
|
} CRYPT_AES_CTX;
|
|
|
|
/* key */
|
|
int CRYPT_AES_KeySet(CRYPT_AES_CTX*, const unsigned char*, unsigned int,
|
|
const unsigned char*, int);
|
|
int CRYPT_AES_IvSet(CRYPT_AES_CTX*, const unsigned char*);
|
|
|
|
/* cbc */
|
|
int CRYPT_AES_CBC_Encrypt(CRYPT_AES_CTX*, unsigned char*,
|
|
const unsigned char*, unsigned int);
|
|
int CRYPT_AES_CBC_Decrypt(CRYPT_AES_CTX*, unsigned char*,
|
|
const unsigned char*, unsigned int);
|
|
|
|
/* ctr (counter), use Encrypt both ways with ENCRYPT key setup */
|
|
int CRYPT_AES_CTR_Encrypt(CRYPT_AES_CTX*, unsigned char*,
|
|
const unsigned char*, unsigned int);
|
|
|
|
/* direct, one block at a time */
|
|
int CRYPT_AES_DIRECT_Encrypt(CRYPT_AES_CTX*, unsigned char*,
|
|
const unsigned char*);
|
|
int CRYPT_AES_DIRECT_Decrypt(CRYPT_AES_CTX*, unsigned char*,
|
|
const unsigned char*);
|
|
|
|
/* key direction flags for setup, ctr always uses ENCRYPT flag */
|
|
enum {
|
|
CRYPT_AES_ENCRYPTION = 0,
|
|
CRYPT_AES_DECRYPTION = 1,
|
|
CRYPT_AES_BLOCK_SIZE = 16
|
|
};
|
|
|
|
|
|
|
|
/* RSA */
|
|
typedef struct CRYPT_RSA_CTX {
|
|
void* holder;
|
|
} CRYPT_RSA_CTX;
|
|
|
|
/* init/free */
|
|
int CRYPT_RSA_Initialize(CRYPT_RSA_CTX*);
|
|
int CRYPT_RSA_Free(CRYPT_RSA_CTX*);
|
|
|
|
/* key decode */
|
|
int CRYPT_RSA_PublicKeyDecode(CRYPT_RSA_CTX*, const unsigned char*,
|
|
unsigned int);
|
|
int CRYPT_RSA_PrivateKeyDecode(CRYPT_RSA_CTX*, const unsigned char*,
|
|
unsigned int);
|
|
|
|
/* encrypt/decrypt */
|
|
int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX*, unsigned char*,
|
|
unsigned int, const unsigned char*, unsigned int,
|
|
CRYPT_RNG_CTX*);
|
|
int CRYPT_RSA_PrivateDecrypt(CRYPT_RSA_CTX*, unsigned char*,
|
|
unsigned int, const unsigned char*, unsigned int);
|
|
|
|
/* helpers */
|
|
int CRYPT_RSA_EncryptSizeGet(CRYPT_RSA_CTX*);
|
|
int CRYPT_RSA_SetRng(CRYPT_RSA_CTX*, CRYPT_RNG_CTX*);
|
|
|
|
|
|
|
|
/* ECC */
|
|
typedef struct CRYPT_ECC_CTX {
|
|
void* holder;
|
|
} CRYPT_ECC_CTX;
|
|
|
|
/* init/free */
|
|
int CRYPT_ECC_Initialize(CRYPT_ECC_CTX*);
|
|
int CRYPT_ECC_Free(CRYPT_ECC_CTX*);
|
|
|
|
/* key coders */
|
|
int CRYPT_ECC_PublicExport(CRYPT_ECC_CTX*, unsigned char*, unsigned int,
|
|
unsigned int*);
|
|
int CRYPT_ECC_PublicImport(CRYPT_ECC_CTX*, const unsigned char*, unsigned int);
|
|
int CRYPT_ECC_PrivateImport(CRYPT_ECC_CTX*, const unsigned char*, unsigned int,
|
|
const unsigned char*, unsigned int);
|
|
|
|
/* dhe */
|
|
int CRYPT_ECC_DHE_KeyMake(CRYPT_ECC_CTX*, CRYPT_RNG_CTX*, int);
|
|
int CRYPT_ECC_DHE_SharedSecretMake(CRYPT_ECC_CTX*, CRYPT_ECC_CTX*,
|
|
unsigned char*, unsigned int, unsigned int*);
|
|
|
|
/* dsa */
|
|
int CRYPT_ECC_DSA_HashSign(CRYPT_ECC_CTX*, CRYPT_RNG_CTX*, unsigned char*,
|
|
unsigned int, unsigned int*, const unsigned char*, unsigned int);
|
|
int CRYPT_ECC_DSA_HashVerify(CRYPT_ECC_CTX*, const unsigned char*,
|
|
unsigned int, unsigned char*, unsigned int, int*);
|
|
|
|
/* helpers */
|
|
int CRYPT_ECC_KeySizeGet(CRYPT_ECC_CTX*);
|
|
int CRYPT_ECC_SignatureSizeGet(CRYPT_ECC_CTX*);
|
|
|
|
|
|
/* Error string helper, string needs to be >= 80 chars */
|
|
int CRYPT_ERROR_StringGet(int, char*);
|
|
|
|
|
|
#ifdef __cplusplus
|
|
} /* extern "C" */
|
|
#endif
|
|
|
|
|
|
#endif /* MC_CRYPTO_API_H */
|
|
|