|
@@ -805,7 +805,12 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
|
|
|
nr = temp_key->rounds;
|
|
|
aes->rounds = nr;
|
|
|
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0) {
|
|
|
+#ifdef WOLFSSL_SMALL_STACK
|
|
|
+ XFREE(temp_key, aes->heap, DYNAMIC_TYPE_AES);
|
|
|
+#endif
|
|
|
+ return BAD_STATE_E;
|
|
|
+ }
|
|
|
|
|
|
Key_Schedule[nr] = Temp_Key_Schedule[0];
|
|
|
Key_Schedule[nr-1] = _mm_aesimc_si128(Temp_Key_Schedule[1]);
|
|
@@ -1738,10 +1743,8 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
|
|
|
tmp_align = tmp + (AESNI_ALIGN - ((wc_ptr_t)tmp % AESNI_ALIGN));
|
|
|
|
|
|
XMEMCPY(tmp_align, inBlock, AES_BLOCK_SIZE);
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
AES_ECB_encrypt(tmp_align, tmp_align, AES_BLOCK_SIZE,
|
|
|
(byte*)aes->key, aes->rounds);
|
|
|
- RESTORE_VECTOR_REGISTERS();
|
|
|
XMEMCPY(outBlock, tmp_align, AES_BLOCK_SIZE);
|
|
|
XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
return;
|
|
@@ -1751,10 +1754,8 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
|
|
|
#endif
|
|
|
}
|
|
|
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
AES_ECB_encrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
|
|
|
aes->rounds);
|
|
|
- RESTORE_VECTOR_REGISTERS();
|
|
|
|
|
|
return;
|
|
|
}
|
|
@@ -2089,10 +2090,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
|
|
|
/* if input and output same will overwrite input iv */
|
|
|
if ((const byte*)aes->tmp != inBlock)
|
|
|
XMEMCPY(aes->tmp, inBlock, AES_BLOCK_SIZE);
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
AES_ECB_decrypt(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key,
|
|
|
aes->rounds);
|
|
|
- RESTORE_VECTOR_REGISTERS();
|
|
|
return;
|
|
|
}
|
|
|
else {
|
|
@@ -3060,6 +3059,62 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
|
|
|
#elif defined(WOLFSSL_DEVCRYPTO_AES)
|
|
|
/* implemented in wolfcrypt/src/port/devcrypt/devcrypto_aes.c */
|
|
|
|
|
|
+ #elif defined(WOLFSSL_LINUXKM)
|
|
|
+
|
|
|
+ #ifdef WOLFSSL_AESNI
|
|
|
+
|
|
|
+ __must_check int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
|
|
|
+ {
|
|
|
+ if (haveAESNI && aes->use_aesni) {
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+ }
|
|
|
+ wc_AesEncrypt(aes, in, out);
|
|
|
+ if (haveAESNI && aes->use_aesni)
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+ /* vector reg save/restore is explicit in all below calls to
|
|
|
+ * wc_Aes{En,De}cryptDirect(), so bypass the public version with a
|
|
|
+ * macro.
|
|
|
+ */
|
|
|
+ #define wc_AesEncryptDirect(aes, out, in) wc_AesEncrypt(aes, in, out)
|
|
|
+ #ifdef HAVE_AES_DECRYPT
|
|
|
+ /* Allow direct access to one block decrypt */
|
|
|
+ __must_check int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
|
|
|
+ {
|
|
|
+ if (haveAESNI && aes->use_aesni) {
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+ }
|
|
|
+ wc_AesDecrypt(aes, in, out);
|
|
|
+ if (haveAESNI && aes->use_aesni)
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+ #define wc_AesDecryptDirect(aes, out, in) wc_AesDecrypt(aes, in, out)
|
|
|
+ #endif /* HAVE_AES_DECRYPT */
|
|
|
+
|
|
|
+ #else /* !WOLFSSL_AESNI */
|
|
|
+
|
|
|
+ __must_check int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
|
|
|
+ {
|
|
|
+ wc_AesEncrypt(aes, in, out);
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+ #define wc_AesEncryptDirect(aes, out, in) wc_AesEncrypt(aes, in, out)
|
|
|
+ #ifdef HAVE_AES_DECRYPT
|
|
|
+ /* Allow direct access to one block decrypt */
|
|
|
+ __must_check int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
|
|
|
+ {
|
|
|
+ wc_AesDecrypt(aes, in, out);
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+ #define wc_AesDecryptDirect(aes, out, in) wc_AesDecrypt(aes, in, out)
|
|
|
+ #endif /* HAVE_AES_DECRYPT */
|
|
|
+
|
|
|
+ #endif /* WOLFSSL_AESNI */
|
|
|
+
|
|
|
#else
|
|
|
/* Allow direct access to one block encrypt */
|
|
|
void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
|
|
@@ -3834,7 +3889,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
|
|
|
|
|
|
tmp_align = tmp + (AESNI_ALIGN - ((wc_ptr_t)tmp % AESNI_ALIGN));
|
|
|
XMEMCPY(tmp_align, in, sz);
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0) {
|
|
|
+ XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
+ return BAD_STATE_E;
|
|
|
+ }
|
|
|
AES_CBC_encrypt(tmp_align, tmp_align, (byte*)aes->reg, sz,
|
|
|
(byte*)aes->key, aes->rounds);
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
@@ -3850,7 +3908,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
|
|
|
#endif
|
|
|
}
|
|
|
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
AES_CBC_encrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
|
|
|
aes->rounds);
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
@@ -3947,7 +4006,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
|
|
|
|
|
|
/* if input and output same will overwrite input iv */
|
|
|
XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
#if defined(WOLFSSL_AESNI_BY4)
|
|
|
AES_CBC_decrypt_by4(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
|
|
|
aes->rounds);
|
|
@@ -7519,7 +7579,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|
|
#ifdef WOLFSSL_AESNI
|
|
|
#ifdef HAVE_INTEL_AVX2
|
|
|
if (IS_INTEL_AVX2(intel_flags)) {
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
AES_GCM_encrypt_avx2(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
|
|
|
authTagSz, (const byte*)aes->key, aes->rounds);
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
@@ -7529,7 +7590,8 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|
|
#endif
|
|
|
#ifdef HAVE_INTEL_AVX1
|
|
|
if (IS_INTEL_AVX1(intel_flags)) {
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
AES_GCM_encrypt_avx1(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
|
|
|
authTagSz, (const byte*)aes->key, aes->rounds);
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
@@ -8041,7 +8103,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|
|
#ifdef WOLFSSL_AESNI
|
|
|
#ifdef HAVE_INTEL_AVX2
|
|
|
if (IS_INTEL_AVX2(intel_flags)) {
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
AES_GCM_decrypt_avx2(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
|
|
|
authTagSz, (byte*)aes->key, aes->rounds, &res);
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
@@ -8053,7 +8116,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|
|
#endif
|
|
|
#ifdef HAVE_INTEL_AVX1
|
|
|
if (IS_INTEL_AVX1(intel_flags)) {
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
AES_GCM_decrypt_avx1(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
|
|
|
authTagSz, (byte*)aes->key, aes->rounds, &res);
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
@@ -8296,7 +8360,7 @@ extern void AES_GCM_encrypt_final_aesni(unsigned char* tag,
|
|
|
* @param [in] iv IV/nonce buffer.
|
|
|
* @param [in] ivSz Length of IV/nonce data.
|
|
|
*/
|
|
|
-static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz)
|
|
|
+static int AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz)
|
|
|
{
|
|
|
/* Reset state fields. */
|
|
|
aes->aSz = 0;
|
|
@@ -8309,7 +8373,8 @@ static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz)
|
|
|
|
|
|
#ifdef HAVE_INTEL_AVX2
|
|
|
if (IS_INTEL_AVX2(intel_flags)) {
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
AES_GCM_init_avx2((byte*)aes->key, aes->rounds, iv, ivSz, aes->H,
|
|
|
AES_COUNTER(aes), AES_INITCTR(aes));
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
@@ -8318,7 +8383,8 @@ static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz)
|
|
|
#endif
|
|
|
#ifdef HAVE_INTEL_AVX1
|
|
|
if (IS_INTEL_AVX1(intel_flags)) {
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
AES_GCM_init_avx1((byte*)aes->key, aes->rounds, iv, ivSz, aes->H,
|
|
|
AES_COUNTER(aes), AES_INITCTR(aes));
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
@@ -8326,11 +8392,13 @@ static void AesGcmInit_aesni(Aes* aes, const byte* iv, word32 ivSz)
|
|
|
else
|
|
|
#endif
|
|
|
{
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
AES_GCM_init_aesni((byte*)aes->key, aes->rounds, iv, ivSz, aes->H,
|
|
|
AES_COUNTER(aes), AES_INITCTR(aes));
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
|
}
|
|
|
+ return 0;
|
|
|
}
|
|
|
|
|
|
/* Update the AES GCM for encryption with authentication data.
|
|
@@ -8458,13 +8526,14 @@ static void AesGcmAadUpdate_aesni(Aes* aes, const byte* a, word32 aSz, int endA)
|
|
|
* @param [in] a Buffer holding authentication data.
|
|
|
* @param [in] aSz Length of authentication data in bytes.
|
|
|
*/
|
|
|
-static void AesGcmEncryptUpdate_aesni(Aes* aes, byte* c, const byte* p,
|
|
|
+static int AesGcmEncryptUpdate_aesni(Aes* aes, byte* c, const byte* p,
|
|
|
word32 cSz, const byte* a, word32 aSz)
|
|
|
{
|
|
|
word32 blocks;
|
|
|
int partial;
|
|
|
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
/* Hash in A, the Authentication Data */
|
|
|
AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL));
|
|
|
|
|
@@ -8573,6 +8642,7 @@ static void AesGcmEncryptUpdate_aesni(Aes* aes, byte* c, const byte* p,
|
|
|
}
|
|
|
}
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
|
+ return 0;
|
|
|
}
|
|
|
|
|
|
/* Finalize the AES GCM for encryption and calculate the authentication tag.
|
|
@@ -8584,12 +8654,13 @@ static void AesGcmEncryptUpdate_aesni(Aes* aes, byte* c, const byte* p,
|
|
|
* @param [in] authTagSz Length of authentication tag in bytes.
|
|
|
* @return 0 on success.
|
|
|
*/
|
|
|
-static void AesGcmEncryptFinal_aesni(Aes* aes, byte* authTag, word32 authTagSz)
|
|
|
+static int AesGcmEncryptFinal_aesni(Aes* aes, byte* authTag, word32 authTagSz)
|
|
|
{
|
|
|
/* AAD block incomplete when > 0 */
|
|
|
byte over = aes->aOver;
|
|
|
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
if (aes->cOver > 0) {
|
|
|
/* Cipher text block incomplete. */
|
|
|
over = aes->cOver;
|
|
@@ -8635,6 +8706,7 @@ static void AesGcmEncryptFinal_aesni(Aes* aes, byte* authTag, word32 authTagSz)
|
|
|
aes->aSz, aes->H, AES_INITCTR(aes));
|
|
|
}
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
|
+ return 0;
|
|
|
}
|
|
|
|
|
|
#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT)
|
|
@@ -8680,13 +8752,14 @@ extern void AES_GCM_decrypt_final_aesni(unsigned char* tag,
|
|
|
* @param [in] a Buffer holding authentication data.
|
|
|
* @param [in] aSz Length of authentication data in bytes.
|
|
|
*/
|
|
|
-static void AesGcmDecryptUpdate_aesni(Aes* aes, byte* p, const byte* c,
|
|
|
+static int AesGcmDecryptUpdate_aesni(Aes* aes, byte* p, const byte* c,
|
|
|
word32 cSz, const byte* a, word32 aSz)
|
|
|
{
|
|
|
word32 blocks;
|
|
|
int partial;
|
|
|
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
/* Hash in A, the Authentication Data */
|
|
|
AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL));
|
|
|
|
|
@@ -8797,6 +8870,7 @@ static void AesGcmDecryptUpdate_aesni(Aes* aes, byte* p, const byte* c,
|
|
|
}
|
|
|
}
|
|
|
RESTORE_VECTOR_REGISTERS();
|
|
|
+ return 0;
|
|
|
}
|
|
|
|
|
|
/* Finalize the AES GCM for decryption and check the authentication tag.
|
|
@@ -8819,7 +8893,8 @@ static int AesGcmDecryptFinal_aesni(Aes* aes, const byte* authTag,
|
|
|
byte over = aes->aOver;
|
|
|
byte *lastBlock = AES_LASTGBLOCK(aes);
|
|
|
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
if (aes->cOver > 0) {
|
|
|
/* Cipher text block incomplete. */
|
|
|
over = aes->cOver;
|
|
@@ -8940,7 +9015,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv,
|
|
|
|| IS_INTEL_AVX1(intel_flags)
|
|
|
#endif
|
|
|
) {
|
|
|
- AesGcmInit_aesni(aes, iv, ivSz);
|
|
|
+ ret = AesGcmInit_aesni(aes, iv, ivSz);
|
|
|
}
|
|
|
else
|
|
|
#endif
|
|
@@ -9052,7 +9127,7 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz,
|
|
|
|| IS_INTEL_AVX1(intel_flags)
|
|
|
#endif
|
|
|
) {
|
|
|
- AesGcmEncryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
|
|
|
+ ret = AesGcmEncryptUpdate_aesni(aes, out, in, sz, authIn, authInSz);
|
|
|
}
|
|
|
else
|
|
|
#endif
|
|
@@ -9818,13 +9893,13 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
|
|
B[15] = 1;
|
|
|
#ifdef WOLFSSL_AESNI
|
|
|
if (haveAESNI && aes->use_aesni) {
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
while (inSz >= AES_BLOCK_SIZE * 4) {
|
|
|
AesCcmCtrIncSet4(B, lenSz);
|
|
|
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
AES_ECB_encrypt(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key,
|
|
|
aes->rounds);
|
|
|
- RESTORE_VECTOR_REGISTERS();
|
|
|
|
|
|
xorbuf(A, in, AES_BLOCK_SIZE * 4);
|
|
|
XMEMCPY(out, A, AES_BLOCK_SIZE * 4);
|
|
@@ -9835,6 +9910,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
|
|
|
|
|
AesCcmCtrInc4(B, lenSz);
|
|
|
}
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
}
|
|
|
#endif
|
|
|
while (inSz >= AES_BLOCK_SIZE) {
|
|
@@ -9903,13 +9979,13 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
|
|
|
|
|
#ifdef WOLFSSL_AESNI
|
|
|
if (haveAESNI && aes->use_aesni) {
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
while (oSz >= AES_BLOCK_SIZE * 4) {
|
|
|
AesCcmCtrIncSet4(B, lenSz);
|
|
|
|
|
|
- SAVE_VECTOR_REGISTERS();
|
|
|
AES_ECB_encrypt(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key,
|
|
|
aes->rounds);
|
|
|
- RESTORE_VECTOR_REGISTERS();
|
|
|
|
|
|
xorbuf(A, in, AES_BLOCK_SIZE * 4);
|
|
|
XMEMCPY(o, A, AES_BLOCK_SIZE * 4);
|
|
@@ -9920,6 +9996,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
|
|
|
|
|
AesCcmCtrInc4(B, lenSz);
|
|
|
}
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
}
|
|
|
#endif
|
|
|
while (oSz >= AES_BLOCK_SIZE) {
|
|
@@ -10274,12 +10351,10 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
|
|
#else
|
|
|
|
|
|
/* Software AES - ECB */
|
|
|
-int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
|
|
+static int _AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
|
|
{
|
|
|
word32 blocks = sz / AES_BLOCK_SIZE;
|
|
|
|
|
|
- if ((in == NULL) || (out == NULL) || (aes == NULL))
|
|
|
- return BAD_FUNC_ARG;
|
|
|
#ifdef WOLFSSL_IMXRT_DCP
|
|
|
if (aes->keylen == 16)
|
|
|
return DCPAesEcbEncrypt(aes, out, in, sz);
|
|
@@ -10293,13 +10368,10 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-
|
|
|
-int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
|
|
+static int _AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
|
|
{
|
|
|
word32 blocks = sz / AES_BLOCK_SIZE;
|
|
|
|
|
|
- if ((in == NULL) || (out == NULL) || (aes == NULL))
|
|
|
- return BAD_FUNC_ARG;
|
|
|
#ifdef WOLFSSL_IMXRT_DCP
|
|
|
if (aes->keylen == 16)
|
|
|
return DCPAesEcbDecrypt(aes, out, in, sz);
|
|
@@ -10312,6 +10384,36 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
|
|
}
|
|
|
return 0;
|
|
|
}
|
|
|
+
|
|
|
+int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
|
|
+{
|
|
|
+ int ret;
|
|
|
+
|
|
|
+ if ((in == NULL) || (out == NULL) || (aes == NULL))
|
|
|
+ return BAD_FUNC_ARG;
|
|
|
+
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+ ret = _AesEcbEncrypt(aes, out, in, sz);
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
|
|
|
+{
|
|
|
+ int ret;
|
|
|
+
|
|
|
+ if ((in == NULL) || (out == NULL) || (aes == NULL))
|
|
|
+ return BAD_FUNC_ARG;
|
|
|
+
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+ ret = _AesEcbDecrypt(aes, out, in, sz);
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
#endif
|
|
|
#endif /* HAVE_AES_ECB */
|
|
|
|
|
@@ -10360,6 +10462,9 @@ static int wc_AesFeedbackEncrypt(Aes* aes, byte* out, const byte* in,
|
|
|
sz--;
|
|
|
}
|
|
|
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+
|
|
|
while (sz >= AES_BLOCK_SIZE) {
|
|
|
/* Using aes->tmp here for inline case i.e. in=out */
|
|
|
wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
|
|
@@ -10406,6 +10511,7 @@ static int wc_AesFeedbackEncrypt(Aes* aes, byte* out, const byte* in,
|
|
|
aes->left--;
|
|
|
}
|
|
|
}
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
|
|
|
return 0;
|
|
|
}
|
|
@@ -10448,6 +10554,9 @@ static int wc_AesFeedbackDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|
|
sz--;
|
|
|
}
|
|
|
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+
|
|
|
while (sz > AES_BLOCK_SIZE) {
|
|
|
/* Using aes->tmp here for inline case i.e. in=out */
|
|
|
wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
|
|
@@ -10491,6 +10600,7 @@ static int wc_AesFeedbackDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|
|
aes->left--;
|
|
|
}
|
|
|
}
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
|
|
|
return 0;
|
|
|
}
|
|
@@ -10572,6 +10682,9 @@ static int wc_AesFeedbackCFB8(Aes* aes, byte* out, const byte* in,
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+
|
|
|
while (sz > 0) {
|
|
|
wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
|
|
|
if (dir == AES_DECRYPTION) {
|
|
@@ -10600,6 +10713,8 @@ static int wc_AesFeedbackCFB8(Aes* aes, byte* out, const byte* in,
|
|
|
sz -= 1;
|
|
|
}
|
|
|
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
+
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
@@ -10621,6 +10736,9 @@ static int wc_AesFeedbackCFB1(Aes* aes, byte* out, const byte* in,
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+
|
|
|
while (sz > 0) {
|
|
|
wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg);
|
|
|
if (dir == AES_DECRYPTION) {
|
|
@@ -10667,6 +10785,7 @@ static int wc_AesFeedbackCFB1(Aes* aes, byte* out, const byte* in,
|
|
|
if (bit > 0 && bit < 7) {
|
|
|
out[0] = cur;
|
|
|
}
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
|
|
|
return 0;
|
|
|
}
|
|
@@ -10843,6 +10962,9 @@ int wc_AesKeyWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
|
|
|
XMEMCPY(tmp, iv, KEYWRAP_BLOCK_SIZE);
|
|
|
}
|
|
|
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+
|
|
|
for (j = 0; j <= 5; j++) {
|
|
|
for (i = 1; i <= inSz / KEYWRAP_BLOCK_SIZE; i++) {
|
|
|
/* load R[i] */
|
|
@@ -10860,6 +10982,7 @@ int wc_AesKeyWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
|
|
|
}
|
|
|
r = out + KEYWRAP_BLOCK_SIZE;
|
|
|
}
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
|
|
|
/* C[0] = A */
|
|
|
XMEMCPY(out, tmp, KEYWRAP_BLOCK_SIZE);
|
|
@@ -10944,6 +11067,9 @@ int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
|
|
|
XMEMCPY(out, in + KEYWRAP_BLOCK_SIZE, inSz - KEYWRAP_BLOCK_SIZE);
|
|
|
XMEMSET(t, 0, sizeof(t));
|
|
|
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+
|
|
|
/* initialize counter to 6n */
|
|
|
n = (inSz - 1) / KEYWRAP_BLOCK_SIZE;
|
|
|
InitKeyWrapCounter(t, 6 * n);
|
|
@@ -10964,6 +11090,7 @@ int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
|
|
|
XMEMCPY(r, tmp + KEYWRAP_BLOCK_SIZE, KEYWRAP_BLOCK_SIZE);
|
|
|
}
|
|
|
}
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
|
|
|
/* verify IV */
|
|
|
if (XMEMCMP(tmp, expIv, KEYWRAP_BLOCK_SIZE) != 0)
|
|
@@ -11178,10 +11305,10 @@ static int _AesXtsHelper(Aes* aes, byte* out, const byte* in, word32 sz, int dir
|
|
|
|
|
|
xorbuf(out, in, totalSz);
|
|
|
if (dir == AES_ENCRYPTION) {
|
|
|
- return wc_AesEcbEncrypt(aes, out, out, totalSz);
|
|
|
+ return _AesEcbEncrypt(aes, out, out, totalSz);
|
|
|
}
|
|
|
else {
|
|
|
- return wc_AesEcbDecrypt(aes, out, out, totalSz);
|
|
|
+ return _AesEcbDecrypt(aes, out, out, totalSz);
|
|
|
}
|
|
|
}
|
|
|
#endif /* HAVE_AES_ECB */
|
|
@@ -11224,6 +11351,9 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
|
|
XMEMSET(tmp, 0, AES_BLOCK_SIZE); /* set to 0's in case of improper AES
|
|
|
* key setup passed to encrypt direct*/
|
|
|
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+
|
|
|
wc_AesEncryptDirect(tweak, tmp, i);
|
|
|
|
|
|
#ifdef HAVE_AES_ECB
|
|
@@ -11231,6 +11361,7 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
|
|
if (in != out) { /* can not handle inline */
|
|
|
XMEMCPY(out, tmp, AES_BLOCK_SIZE);
|
|
|
if ((ret = _AesXtsHelper(aes, out, in, sz, AES_ENCRYPTION)) != 0) {
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
return ret;
|
|
|
}
|
|
|
}
|
|
@@ -11285,6 +11416,7 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
|
|
wc_AesEncryptDirect(aes, out - AES_BLOCK_SIZE, buf);
|
|
|
xorbuf(out - AES_BLOCK_SIZE, tmp, AES_BLOCK_SIZE);
|
|
|
}
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
}
|
|
|
else {
|
|
|
WOLFSSL_MSG("Plain text input too small for encryption");
|
|
@@ -11335,6 +11467,9 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
|
|
XMEMSET(tmp, 0, AES_BLOCK_SIZE); /* set to 0's in case of improper AES
|
|
|
* key setup passed to decrypt direct*/
|
|
|
|
|
|
+ if (SAVE_VECTOR_REGISTERS() != 0)
|
|
|
+ return BAD_STATE_E;
|
|
|
+
|
|
|
wc_AesEncryptDirect(tweak, tmp, i);
|
|
|
|
|
|
/* if Stealing then break out of loop one block early to handle special
|
|
@@ -11348,6 +11483,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
|
|
if (in != out) { /* can not handle inline */
|
|
|
XMEMCPY(out, tmp, AES_BLOCK_SIZE);
|
|
|
if ((ret = _AesXtsHelper(aes, out, in, sz, AES_DECRYPTION)) != 0) {
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
return ret;
|
|
|
}
|
|
|
}
|
|
@@ -11416,6 +11552,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
|
|
/* Make buffer with end of cipher text | last */
|
|
|
XMEMCPY(buf, tmp2, AES_BLOCK_SIZE);
|
|
|
if (sz >= AES_BLOCK_SIZE) { /* extra sanity check before copy */
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
return BUFFER_E;
|
|
|
}
|
|
|
XMEMCPY(buf, in, sz);
|
|
@@ -11426,6 +11563,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
|
|
|
xorbuf(tmp2, tmp, AES_BLOCK_SIZE);
|
|
|
XMEMCPY(out - AES_BLOCK_SIZE, tmp2, AES_BLOCK_SIZE);
|
|
|
}
|
|
|
+ RESTORE_VECTOR_REGISTERS();
|
|
|
}
|
|
|
else {
|
|
|
WOLFSSL_MSG("Plain text input too small for encryption");
|