Skip to content

Commit

Permalink
Merge pull request #29 from dgarske/rel_prep
Browse files Browse the repository at this point in the history 
wolfSSL Async v4.2.0 release prep
  • Loading branch information
@JacobBarthelmeh
JacobBarthelmeh authored Oct 22, 2019
2 parents ba7cd58 + 0efba4c commit c13afd6
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 22 deletions.
6 changes: 6 additions & 0 deletions README-async.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,12 @@ wolfSSL Client Benchmark 16384 bytes

## Change Log

### wolfSSL Async Release v4.2.0 (10/22/2019)
* Fix for QuickAssist DH Agree issue with leading zero bytes.
* Fix for QuickAssist AES CBC issue with previous IV on back-to-back operations.
* Updates to QuickAssist README.md for latest QAT v1.7 driver.
* Instructions for Octeon III (CN7300) use.

### wolfSSL Async Release v4.0.0 (03/25/2019)

* Fix for building with QuickAssist v1.7 driver (4.4.0-00023) (was missing usdm_drv during configure with check).
Expand Down
16 changes: 8 additions & 8 deletions wolfcrypt/src/port/cavium/cavium_nitrox.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -793,15 +793,15 @@ static int NitroxAesDecrypt(Aes* aes, int aes_algo,
int NitroxAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length)
{
return NitroxAesEncrypt(aes, AES_CBC,
(byte*)aes->asyncKey, (byte*)aes->asyncIv,
(byte*)aes->devKey, (byte*)aes->reg,
out, in, length, 0, NULL, NULL);
}

#ifdef HAVE_AES_DECRYPT
int NitroxAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length)
{
return NitroxAesDecrypt(aes, AES_CBC,
(byte*)aes->asyncKey, (byte*)aes->asyncIv,
(byte*)aes->devKey, (byte*)aes->reg,
out, in, length, 0, NULL, NULL);
}
#endif /* HAVE_AES_DECRYPT */
Expand Down Expand Up @@ -930,13 +930,13 @@ int NitroxDes3CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 length)
cav_ret = CspEncrypt3Des(des3->asyncDev.nitrox.devId, blockMode,
DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT,
des3->asyncDev.nitrox.contextHandle, FROM_DPTR, FROM_CTX, DES3_CBC,
(byte*)des3->key_raw, (byte*)des3->iv_raw, (word16)slen, (byte*)in + offset,
(byte*)des3->devKey, (byte*)des3->reg, (word16)slen, (byte*)in + offset,
out + offset, &des3->asyncDev.nitrox.reqId);
#else
cav_ret = CspEncrypt3Des(blockMode,
des3->asyncDev.nitrox.contextHandle, CAVIUM_NO_UPDATE, (word16)slen,
(byte*)in + offset, out + offset, (byte*)des3->iv_raw,
(byte*)des3->key_raw, &des3->asyncDev.nitrox.reqId,
(byte*)in + offset, out + offset, (byte*)des3->reg,
(byte*)des3->devKey, &des3->asyncDev.nitrox.reqId,
des3->asyncDev.nitrox.devId);
#endif
ret = NitroxTranslateResponseCode(cav_ret);
Expand Down Expand Up @@ -978,13 +978,13 @@ int NitroxDes3CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 length)
cav_ret = CspDecrypt3Des(des3->asyncDev.nitrox.devId, blockMode,
DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT,
des3->asyncDev.nitrox.contextHandle, FROM_DPTR, FROM_CTX, DES3_CBC,
(byte*)des3->key_raw, (byte*)des3->iv_raw, (word16)slen, (byte*)in + offset,
(byte*)des3->devKey, (byte*)des3->reg, (word16)slen, (byte*)in + offset,
out + offset, &des3->asyncDev.nitrox.reqId);
#else
cav_ret = CspDecrypt3Des(blockMode,
des3->asyncDev.nitrox.contextHandle, CAVIUM_NO_UPDATE, (word16)slen,
(byte*)in + offset, out + offset, (byte*)des3->iv_raw,
(byte*)des3->key_raw, &des3->asyncDev.nitrox.reqId,
(byte*)in + offset, out + offset, (byte*)des3->reg,
(byte*)des3->devKey, &des3->asyncDev.nitrox.reqId,
des3->asyncDev.nitrox.devId);
#endif
ret = NitroxTranslateResponseCode(cav_ret);
Expand Down
8 changes: 5 additions & 3 deletions wolfcrypt/src/port/intel/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,16 @@ Note: If you have the older driver installed you may need to remove it or unload

Prerequisites:
`sudo apt-get install libudev-dev`
OR
`sudo yum install systemd-devel`


```
curl -o qat1.7.l.4.6.0-00025.tar.gz https://01.org/sites/default/files/downloads/qat1.7.l.4.6.0-00025.tar.gz
curl -o qat1.7.l.4.7.0-00006.tar.gz https://01.org/sites/default/files/downloads/qat1.7.l.4.7.0-00006.tar.gz
mkdir QAT1.7
mv qat1.7.l.4.5.0-00034.tar.gz QAT1.7
mv qat1.7.l.4.7.0-00006.tar.gz QAT1.7
cd QAT1.7
tar -xvzf qat1.7.l.4.6.0-00025.tar.gz
tar -xvzf qat1.7.l.4.7.0-00006.tar.gz
./configure
make
sudo make install
Expand Down
39 changes: 32 additions & 7 deletions wolfcrypt/src/port/intel/quickassist.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2180,6 +2180,17 @@ static void IntelQaSymCipherCallback(void *pCallbackTag, CpaStatus status,
XMEMCPY(dev->qat.out, pDstBuffer->pBuffers->pData, outLen);
}

/* capture IV for next call */
if (dev->qat.op.cipher.iv && dev->qat.op.cipher.ivSz > 0) {
word32 ivSz = dev->qat.op.cipher.ivSz;
if (ivSz > outLen)
ivSz = outLen;
/* copy last block */
XMEMCPY(dev->qat.op.cipher.iv,
&pDstBuffer->pBuffers->pData[outLen - ivSz],
ivSz);
}

#ifndef NO_AES
/* return authTag */
if (dev->qat.op.cipher.authTag && dev->qat.op.cipher.authTagSz > 0) {
Expand Down Expand Up @@ -2207,7 +2218,7 @@ static void IntelQaSymCipherCallback(void *pCallbackTag, CpaStatus status,
}

static int IntelQaSymCipher(WC_ASYNC_DEV* dev, byte* out, const byte* in,
word32 inOutSz, const byte* key, word32 keySz, const byte* iv, word32 ivSz,
word32 inOutSz, const byte* key, word32 keySz, byte* iv, word32 ivSz,
CpaCySymOp symOperation, CpaCySymCipherAlgorithm cipherAlgorithm,
CpaCySymCipherDirection cipherDirection,

Expand Down Expand Up @@ -2352,6 +2363,20 @@ static int IntelQaSymCipher(WC_ASYNC_DEV* dev, byte* out, const byte* in,
/* store info needed for output */
dev->qat.out = out;
dev->qat.outLen = inOutSz;
/* optional return of next IV */
if (cipherAlgorithm != CPA_CY_SYM_CIPHER_AES_GCM && iv) {
if (ivSz > inOutSz)
ivSz = inOutSz;
if (cipherDirection == CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT) {
/* capture this on the callback */
dev->qat.op.cipher.iv = iv;
dev->qat.op.cipher.ivSz = ivSz;
}
else {
/* capture last block of input as next IV */
XMEMCPY(iv, &in[inOutSz - ivSz], ivSz);
}
}
if (cipherDirection == CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT) {
dev->qat.op.cipher.authTag = authTag;
dev->qat.op.cipher.authTagSz = authTagSz;
Expand Down Expand Up @@ -2394,7 +2419,7 @@ static int IntelQaSymCipher(WC_ASYNC_DEV* dev, byte* out, const byte* in,
int IntelQaSymAesCbcEncrypt(WC_ASYNC_DEV* dev,
byte* out, const byte* in, word32 sz,
const byte* key, word32 keySz,
const byte* iv, word32 ivSz)
byte* iv, word32 ivSz)
{
return IntelQaSymCipher(dev, out, in, sz,
key, keySz, iv, ivSz,
Expand All @@ -2407,7 +2432,7 @@ int IntelQaSymAesCbcEncrypt(WC_ASYNC_DEV* dev,
int IntelQaSymAesCbcDecrypt(WC_ASYNC_DEV* dev,
byte* out, const byte* in, word32 sz,
const byte* key, word32 keySz,
const byte* iv, word32 ivSz)
byte* iv, word32 ivSz)
{
return IntelQaSymCipher(dev, out, in, sz,
key, keySz, iv, ivSz,
Expand All @@ -2428,7 +2453,7 @@ int IntelQaSymAesGcmEncrypt(WC_ASYNC_DEV* dev,
const byte* authIn, word32 authInSz)
{
return IntelQaSymCipher(dev, out, in, sz,
key, keySz, iv, ivSz,
key, keySz, (byte*)iv, ivSz,
CPA_CY_SYM_OP_ALGORITHM_CHAINING, CPA_CY_SYM_CIPHER_AES_GCM,
CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT,
CPA_CY_SYM_HASH_AES_GCM, authTag, authTagSz, authIn, authInSz);
Expand All @@ -2442,7 +2467,7 @@ int IntelQaSymAesGcmDecrypt(WC_ASYNC_DEV* dev,
const byte* authIn, word32 authInSz)
{
return IntelQaSymCipher(dev, out, in, sz,
key, keySz, iv, ivSz,
key, keySz, (byte*)iv, ivSz,
CPA_CY_SYM_OP_ALGORITHM_CHAINING, CPA_CY_SYM_CIPHER_AES_GCM,
CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT,
CPA_CY_SYM_HASH_AES_GCM, (byte*)authTag, authTagSz, authIn, authInSz);
Expand All @@ -2454,7 +2479,7 @@ int IntelQaSymAesGcmDecrypt(WC_ASYNC_DEV* dev,
int IntelQaSymDes3CbcEncrypt(WC_ASYNC_DEV* dev,
byte* out, const byte* in, word32 sz,
const byte* key, word32 keySz,
const byte* iv, word32 ivSz)
byte* iv, word32 ivSz)
{
return IntelQaSymCipher(dev, out, in, sz,
key, keySz, iv, ivSz,
Expand All @@ -2466,7 +2491,7 @@ int IntelQaSymDes3CbcEncrypt(WC_ASYNC_DEV* dev,
int IntelQaSymDes3CbcDecrypt(WC_ASYNC_DEV* dev,
byte* out, const byte* in, word32 sz,
const byte* key, word32 keySz,
const byte* iv, word32 ivSz)
byte* iv, word32 ivSz)
{
return IntelQaSymCipher(dev, out, in, sz,
key, keySz, iv, ivSz,
Expand Down
10 changes: 6 additions & 4 deletions wolfssl/wolfcrypt/port/intel/quickassist.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,8 @@ typedef struct IntelQaDev {
CpaFlatBuffer flatBuffer;
byte* authTag;
word32 authTagSz;
byte* iv;
word32 ivSz;
} cipher;
#endif
#if defined(QAT_ENABLE_PKI) && defined(HAVE_ECC)
Expand Down Expand Up @@ -345,12 +347,12 @@ WOLFSSL_LOCAL int IntelQaGetCyInstanceCount(void);
WOLFSSL_LOCAL int IntelQaSymAesCbcEncrypt(struct WC_ASYNC_DEV* dev,
byte* out, const byte* in, word32 sz,
const byte* key, word32 keySz,
const byte* iv, word32 ivSz);
byte* iv, word32 ivSz);
#ifdef HAVE_AES_DECRYPT
WOLFSSL_LOCAL int IntelQaSymAesCbcDecrypt(struct WC_ASYNC_DEV* dev,
byte* out, const byte* in, word32 sz,
const byte* key, word32 keySz,
const byte* iv, word32 ivSz);
byte* iv, word32 ivSz);
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC */

Expand All @@ -376,11 +378,11 @@ WOLFSSL_LOCAL int IntelQaGetCyInstanceCount(void);
WOLFSSL_LOCAL int IntelQaSymDes3CbcEncrypt(struct WC_ASYNC_DEV* dev,
byte* out, const byte* in, word32 sz,
const byte* key, word32 keySz,
const byte* iv, word32 ivSz);
byte* iv, word32 ivSz);
WOLFSSL_LOCAL int IntelQaSymDes3CbcDecrypt(struct WC_ASYNC_DEV* dev,
byte* out, const byte* in, word32 sz,
const byte* key, word32 keySz,
const byte* iv, word32 ivSz);
byte* iv, word32 ivSz);
#endif /*! NO_DES3 */

#ifdef WOLFSSL_SHA512
Expand Down

0 comments on commit c13afd6

Please sign in to comment.