Skip to content

Commit 0fe8c78

Browse files
FrauschiFrauschi
committed
Improvements for AES-GCM
1 parent 1dd7b18 commit 0fe8c78

5 files changed

Lines changed: 181 additions & 236 deletions

File tree

src/wh_client_crypto.c

Lines changed: 47 additions & 87 deletions
Original file line numberDiff line numberDiff line change
@@ -1036,7 +1036,7 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
10361036
const uint8_t* dec_tag, uint8_t* enc_tag, uint32_t tag_len,
10371037
uint8_t* out)
10381038
{
1039-
int ret = 0;
1039+
int ret = WH_ERROR_OK;
10401040

10411041
if ((ctx == NULL) || (aes == NULL) || ((in == NULL) && (len > 0)) ||
10421042
((iv == NULL) && (iv_len > 0)) ||
@@ -1122,7 +1122,7 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
11221122

11231123
/* Send request and receive response */
11241124
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
1125-
if (ret == 0) {
1125+
if (ret == WH_ERROR_OK) {
11261126
uint16_t res_len = 0;
11271127
do {
11281128
ret =
@@ -1135,7 +1135,7 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
11351135
ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
11361136
/* wolfCrypt allows positive error codes on success in some
11371137
* scenarios */
1138-
if (ret >= 0) {
1138+
if (ret >= WH_ERROR_OK) {
11391139
/* The encrypted/decrypted data follows directly after the
11401140
* response struct */
11411141
uint8_t* res_out = (uint8_t*)(res + 1);
@@ -1182,18 +1182,13 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc,
11821182
uint8_t* dataPtr = NULL;
11831183
uintptr_t inAddr = 0;
11841184
uintptr_t outAddr = 0;
1185-
uintptr_t keyAddr = 0;
1186-
uintptr_t ivAddr = 0;
11871185
uintptr_t aadAddr = 0;
1188-
uintptr_t authTagAddr = 0;
11891186

11901187
uint16_t group = WH_MESSAGE_GROUP_CRYPTO_DMA;
11911188
uint16_t action = WC_ALGO_TYPE_CIPHER;
1192-
uint16_t type =
1193-
WC_CIPHER_AES_GCM; /* Algorithm type for response validation */
1189+
uint16_t type = WC_CIPHER_AES_GCM;
1190+
11941191
const uint8_t* key = NULL;
1195-
uint32_t keyLen = 0;
1196-
uint16_t reqLen;
11971192

11981193
if (ctx == NULL || aes == NULL) {
11991194
return WH_ERROR_BADARGS;
@@ -1224,31 +1219,39 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc,
12241219
/* Setup generic header and get pointer to request data */
12251220
req = (whMessageCrypto_AesGcmDmaRequest*)_createCryptoRequest(
12261221
dataPtr, WC_CIPHER_AES_GCM);
1222+
uint8_t* req_iv = (uint8_t*)req + sizeof(whMessageCrypto_AesGcmDmaRequest);
1223+
uint8_t* req_tag = req_iv + iv_len;
1224+
uint8_t* req_key = req_tag + (enc != 0 ? 0 : tag_len);
1225+
uint32_t req_len = sizeof(whMessageCrypto_GenericRequestHeader) +
1226+
sizeof(*req) + iv_len + (enc != 0 ? 0 : tag_len);
1227+
1228+
/* Setup request packet */
12271229
memset(req, 0, sizeof(*req));
12281230
req->enc = enc;
1231+
req->ivSz = iv_len;
1232+
req->authTagSz = tag_len;
12291233

12301234
req->keyId = WH_DEVCTX_TO_KEYID(aes->devCtx);
12311235
if (req->keyId != WH_KEYID_ERASED) {
12321236
/* Using keyId-based key, server will load it from keystore */
1233-
key = NULL;
1234-
keyLen = 0;
1237+
key = NULL;
1238+
req->keySz = 0;
12351239
}
12361240
else {
12371241
/* Using direct key */
1238-
key = (const uint8_t*)(aes->devKey);
1239-
keyLen = aes->keylen;
1242+
key = (const uint8_t*)(aes->devKey);
1243+
req->keySz = aes->keylen;
1244+
req_len += req->keySz;
12401245
}
12411246

1242-
/* Handle key operations */
1243-
if (ret == WH_ERROR_OK && key != NULL && keyLen > 0) {
1244-
req->key.addr = (uintptr_t)key;
1245-
req->key.sz = keyLen;
1246-
ret = wh_Client_DmaProcessClientAddress(
1247-
ctx, (uintptr_t)key, (void**)&keyAddr, req->key.sz,
1248-
WH_DMA_OPER_CLIENT_READ_PRE, (whDmaFlags){0});
1249-
if (ret == WH_ERROR_OK) {
1250-
req->key.addr = keyAddr;
1251-
}
1247+
/* Copy request data not handled by DMA */
1248+
memcpy(req_iv, iv, iv_len);
1249+
if (enc == 0 && tag_len > 0) {
1250+
memcpy(req_tag, dec_tag, tag_len);
1251+
WH_DEBUG_VERBOSE_HEXDUMP("[client] dec tag: \n", dec_tag, tag_len);
1252+
}
1253+
if (key != NULL && req->keySz > 0) {
1254+
memcpy(req_key, key, req->keySz);
12521255
}
12531256

12541257
if (ret == WH_ERROR_OK && in != NULL) {
@@ -1271,16 +1274,6 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc,
12711274
}
12721275
}
12731276

1274-
if (ret == WH_ERROR_OK && iv != NULL) {
1275-
req->iv.sz = iv_len;
1276-
ret = wh_Client_DmaProcessClientAddress(
1277-
ctx, (uintptr_t)iv, (void**)&ivAddr, req->iv.sz,
1278-
WH_DMA_OPER_CLIENT_READ_PRE, (whDmaFlags){0});
1279-
if (ret == WH_ERROR_OK) {
1280-
req->iv.addr = ivAddr;
1281-
}
1282-
}
1283-
12841277
if (ret == WH_ERROR_OK && authin != NULL) {
12851278
req->aad.sz = authin_len;
12861279
ret = wh_Client_DmaProcessClientAddress(
@@ -1291,37 +1284,16 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc,
12911284
}
12921285
}
12931286

1294-
/* set auth tag by direction */
1295-
if (enc == 0 && dec_tag != NULL && tag_len > 0) {
1296-
/* Decryption: use provided auth tag for verification */
1297-
req->authTag.sz = tag_len;
1298-
ret = wh_Client_DmaProcessClientAddress(
1299-
ctx, (uintptr_t)dec_tag, (void**)&authTagAddr, req->authTag.sz,
1300-
WH_DMA_OPER_CLIENT_READ_PRE, (whDmaFlags){0});
1301-
if (ret == WH_ERROR_OK) {
1302-
req->authTag.addr = authTagAddr;
1303-
}
1304-
WH_DEBUG_VERBOSE_HEXDUMP("[client] dec tag: \n", dec_tag, tag_len);
1305-
}
1306-
else if (enc == 1 && enc_tag != NULL && tag_len > 0) {
1307-
/* Encryption: set up auth tag buffer to receive generated tag */
1308-
req->authTag.sz = tag_len;
1309-
ret = wh_Client_DmaProcessClientAddress(
1310-
ctx, (uintptr_t)enc_tag, (void**)&authTagAddr, req->authTag.sz,
1311-
WH_DMA_OPER_CLIENT_WRITE_PRE, (whDmaFlags){0});
1312-
if (ret == WH_ERROR_OK) {
1313-
req->authTag.addr = authTagAddr;
1314-
}
1315-
WH_DEBUG_VERBOSE_HEXDUMP("[client] enc tag buffer: \n", enc_tag, tag_len);
1316-
}
1287+
WH_DEBUG_VERBOSE_HEXDUMP("[client] key: \n", req_key, req->keySz);
1288+
WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len);
1289+
WH_DEBUG_VERBOSE_HEXDUMP("[client] authin: \n", authin, authin_len);
13171290

13181291
/* Send request and receive response */
1319-
reqLen = sizeof(whMessageCrypto_GenericRequestHeader) + sizeof(*req);
1320-
WH_DEBUG_VERBOSE_HEXDUMP("[client] AESGCM DMA req packet: \n", dataPtr, reqLen);
1292+
WH_DEBUG_VERBOSE_HEXDUMP("[client] AESGCM DMA req packet: \n", dataPtr, req_len);
13211293
if (ret == WH_ERROR_OK) {
1322-
ret = wh_Client_SendRequest(ctx, group, action, reqLen, dataPtr);
1294+
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
13231295
}
1324-
if (ret == 0) {
1296+
if (ret == WH_ERROR_OK) {
13251297
uint16_t resLen = 0;
13261298
do {
13271299
ret =
@@ -1334,50 +1306,38 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc,
13341306
ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
13351307
/* wolfCrypt allows positive error codes on success in some
13361308
* scenarios */
1337-
if (ret >= 0) {
1338-
/* For DMA operations, data is already in client memory,
1339-
* no need to copy it back */
1340-
ret = 0; /* Success */
1309+
if (ret >= WH_ERROR_OK) {
1310+
if (enc != 0 && res->authTagSz > 0) {
1311+
uint8_t* res_tag = (uint8_t*)res +
1312+
sizeof(whMessageCrypto_AesGcmDmaResponse);
1313+
memcpy(enc_tag, res_tag, tag_len);
1314+
WH_DEBUG_CLIENT_VERBOSE("res tag_len:%d exp tag_len:%u",
1315+
(int)res->authTagSz, (unsigned int)tag_len);
1316+
WH_DEBUG_VERBOSE_HEXDUMP("[client] enc authtag: ", enc_tag,
1317+
res->authTagSz);
1318+
}
1319+
ret = WH_ERROR_OK; /* Success */
13411320
}
13421321
}
13431322
}
13441323

13451324
/* post address translation callbacks (for cleanup) */
1346-
if (key != NULL) {
1347-
(void)wh_Client_DmaProcessClientAddress(
1348-
ctx, (uintptr_t)key, (void**)&keyAddr, req->key.sz,
1349-
WH_DMA_OPER_CLIENT_READ_POST, (whDmaFlags){0});
1350-
}
1351-
if (iv != NULL) {
1352-
(void)wh_Client_DmaProcessClientAddress(
1353-
ctx, (uintptr_t)iv, (void**)&ivAddr, iv_len,
1354-
WH_DMA_OPER_CLIENT_READ_POST, (whDmaFlags){0});
1355-
}
13561325
if (in != NULL) {
13571326
(void)wh_Client_DmaProcessClientAddress(
1358-
ctx, (uintptr_t)in, (void**)&inAddr, req->input.sz,
1327+
ctx, (uintptr_t)in, (void**)&inAddr, len,
13591328
WH_DMA_OPER_CLIENT_READ_POST, (whDmaFlags){0});
13601329
}
13611330
if (out != NULL) {
13621331
(void)wh_Client_DmaProcessClientAddress(
1363-
ctx, (uintptr_t)out, (void**)&outAddr, req->output.sz,
1332+
ctx, (uintptr_t)out, (void**)&outAddr, len,
13641333
WH_DMA_OPER_CLIENT_WRITE_POST, (whDmaFlags){0});
13651334
}
13661335
if (authin != NULL) {
13671336
(void)wh_Client_DmaProcessClientAddress(
13681337
ctx, (uintptr_t)authin, (void**)&aadAddr, authin_len,
13691338
WH_DMA_OPER_CLIENT_READ_POST, (whDmaFlags){0});
13701339
}
1371-
if (enc == 0 && dec_tag != NULL && tag_len > 0) {
1372-
(void)wh_Client_DmaProcessClientAddress(
1373-
ctx, (uintptr_t)dec_tag, (void**)&authTagAddr, req->authTag.sz,
1374-
WH_DMA_OPER_CLIENT_READ_POST, (whDmaFlags){0});
1375-
}
1376-
else if (enc == 1 && enc_tag != NULL && tag_len > 0) {
1377-
(void)wh_Client_DmaProcessClientAddress(
1378-
ctx, (uintptr_t)enc_tag, (void**)&authTagAddr, req->authTag.sz,
1379-
WH_DMA_OPER_CLIENT_WRITE_POST, (whDmaFlags){0});
1380-
}
1340+
13811341
return ret;
13821342
}
13831343
#endif /* WOLFHSM_CFG_DMA */

src/wh_message_crypto.c

Lines changed: 11 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -1327,70 +1327,39 @@ int wh_MessageCrypto_TranslateAesGcmDmaRequest(
13271327
uint16_t magic, const whMessageCrypto_AesGcmDmaRequest* src,
13281328
whMessageCrypto_AesGcmDmaRequest* dest)
13291329
{
1330-
int ret;
1331-
13321330
if ((src == NULL) || (dest == NULL)) {
13331331
return WH_ERROR_BADARGS;
13341332
}
13351333

13361334
WH_T32(magic, dest, src, enc);
1337-
WH_T32(magic, dest, src, finalize);
13381335
WH_T32(magic, dest, src, keyId);
1336+
WH_T32(magic, dest, src, keySz);
1337+
WH_T32(magic, dest, src, ivSz);
1338+
WH_T32(magic, dest, src, authTagSz);
13391339

1340-
ret = wh_MessageCrypto_TranslateDmaBuffer(magic, &src->key, &dest->key);
1341-
if (ret != 0) {
1342-
return ret;
1343-
}
1344-
1345-
ret = wh_MessageCrypto_TranslateDmaBuffer(magic, &src->input, &dest->input);
1346-
if (ret != 0) {
1347-
return ret;
1348-
}
1349-
1350-
ret =
1351-
wh_MessageCrypto_TranslateDmaBuffer(magic, &src->output, &dest->output);
1352-
if (ret != 0) {
1353-
return ret;
1354-
}
1355-
1356-
ret = wh_MessageCrypto_TranslateDmaBuffer(magic, &src->authTag,
1357-
&dest->authTag);
1358-
if (ret != 0) {
1359-
return ret;
1360-
}
1361-
1362-
ret = wh_MessageCrypto_TranslateDmaBuffer(magic, &src->iv, &dest->iv);
1363-
if (ret != 0) {
1364-
return ret;
1365-
}
1366-
1367-
ret = wh_MessageCrypto_TranslateDmaBuffer(magic, &src->aad, &dest->aad);
1368-
if (ret != 0) {
1369-
return ret;
1370-
}
1340+
(void)wh_MessageCrypto_TranslateDmaBuffer(magic, &src->input, &dest->input);
1341+
(void)wh_MessageCrypto_TranslateDmaBuffer(magic, &src->output, &dest->output);
1342+
(void)wh_MessageCrypto_TranslateDmaBuffer(magic, &src->aad, &dest->aad);
13711343

1372-
return 0;
1344+
return WH_ERROR_OK;
13731345
}
13741346

13751347
/* AES-GCM DMA Response translation */
13761348
int wh_MessageCrypto_TranslateAesGcmDmaResponse(
13771349
uint16_t magic, const whMessageCrypto_AesGcmDmaResponse* src,
13781350
whMessageCrypto_AesGcmDmaResponse* dest)
13791351
{
1380-
int ret;
1381-
13821352
if ((src == NULL) || (dest == NULL)) {
13831353
return WH_ERROR_BADARGS;
13841354
}
13851355

1386-
ret = wh_MessageCrypto_TranslateDmaAddrStatus(magic, &src->dmaAddrStatus,
1356+
(void)wh_MessageCrypto_TranslateDmaAddrStatus(magic, &src->dmaAddrStatus,
13871357
&dest->dmaAddrStatus);
1388-
if (ret != 0) {
1389-
return ret;
1390-
}
13911358

13921359
WH_T32(magic, dest, src, outSz);
1393-
return 0;
1360+
WH_T32(magic, dest, src, authTagSz);
1361+
1362+
return WH_ERROR_OK;
13941363
}
13951364

13961365
/* RNG DMA Request translation */

0 commit comments

Comments
 (0)