Merge pull request #29 from dgarske/rel_prep

wolfSSL Async v4.2.0 release prep

Author: JacobBarthelmeh

README-async.md

@@ -268,6 +268,12 @@ wolfSSL Client Benchmark 16384 bytes
 
 ## Change Log
 
+### wolfSSL Async Release v4.2.0 (10/22/2019)
+* Fix for QuickAssist DH Agree issue with leading zero bytes.
+* Fix for QuickAssist AES CBC issue with previous IV on back-to-back operations.
+* Updates to QuickAssist README.md for latest QAT v1.7 driver.
+* Instructions for Octeon III (CN7300) use.
+
 ### wolfSSL Async Release v4.0.0 (03/25/2019)
 
 * Fix for building with QuickAssist v1.7 driver (4.4.0-00023) (was missing usdm_drv during configure with check).

wolfcrypt/src/port/cavium/cavium_nitrox.c

@@ -793,15 +793,15 @@ static int NitroxAesDecrypt(Aes* aes, int aes_algo,
 int NitroxAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length)
 {
     return NitroxAesEncrypt(aes, AES_CBC,
-        (byte*)aes->asyncKey, (byte*)aes->asyncIv,
+        (byte*)aes->devKey, (byte*)aes->reg,
         out, in, length, 0, NULL, NULL);
 }
 
 #ifdef HAVE_AES_DECRYPT
 int NitroxAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length)
 {
     return NitroxAesDecrypt(aes, AES_CBC,
-        (byte*)aes->asyncKey, (byte*)aes->asyncIv,
+        (byte*)aes->devKey, (byte*)aes->reg,
         out, in, length, 0, NULL, NULL);
 }
 #endif /* HAVE_AES_DECRYPT */
@@ -930,13 +930,13 @@ int NitroxDes3CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 length)
         cav_ret = CspEncrypt3Des(des3->asyncDev.nitrox.devId, blockMode,
             DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT,
             des3->asyncDev.nitrox.contextHandle, FROM_DPTR, FROM_CTX, DES3_CBC,
-            (byte*)des3->key_raw, (byte*)des3->iv_raw, (word16)slen, (byte*)in + offset,
+            (byte*)des3->devKey, (byte*)des3->reg, (word16)slen, (byte*)in + offset,
             out + offset, &des3->asyncDev.nitrox.reqId);
     #else
         cav_ret = CspEncrypt3Des(blockMode,
             des3->asyncDev.nitrox.contextHandle, CAVIUM_NO_UPDATE, (word16)slen,
-            (byte*)in + offset, out + offset, (byte*)des3->iv_raw,
-            (byte*)des3->key_raw, &des3->asyncDev.nitrox.reqId,
+            (byte*)in + offset, out + offset, (byte*)des3->reg,
+            (byte*)des3->devKey, &des3->asyncDev.nitrox.reqId,
             des3->asyncDev.nitrox.devId);
     #endif
         ret = NitroxTranslateResponseCode(cav_ret);
@@ -978,13 +978,13 @@ int NitroxDes3CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 length)
         cav_ret = CspDecrypt3Des(des3->asyncDev.nitrox.devId, blockMode,
             DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT,
             des3->asyncDev.nitrox.contextHandle, FROM_DPTR, FROM_CTX, DES3_CBC,
-            (byte*)des3->key_raw, (byte*)des3->iv_raw, (word16)slen, (byte*)in + offset,
+            (byte*)des3->devKey, (byte*)des3->reg, (word16)slen, (byte*)in + offset,
             out + offset, &des3->asyncDev.nitrox.reqId);
     #else
         cav_ret = CspDecrypt3Des(blockMode,
             des3->asyncDev.nitrox.contextHandle, CAVIUM_NO_UPDATE, (word16)slen,
-            (byte*)in + offset, out + offset, (byte*)des3->iv_raw,
-            (byte*)des3->key_raw, &des3->asyncDev.nitrox.reqId,
+            (byte*)in + offset, out + offset, (byte*)des3->reg,
+            (byte*)des3->devKey, &des3->asyncDev.nitrox.reqId,
             des3->asyncDev.nitrox.devId);
     #endif
         ret = NitroxTranslateResponseCode(cav_ret);

wolfcrypt/src/port/intel/README.md

@@ -26,14 +26,16 @@ Note: If you have the older driver installed you may need to remove it or unload
 
 	Prerequisites: 
 	`sudo apt-get install libudev-dev`
+	OR
+	`sudo yum install systemd-devel`
 
 
 	```
-	curl -o qat1.7.l.4.6.0-00025.tar.gz https://01.org/sites/default/files/downloads/qat1.7.l.4.6.0-00025.tar.gz
+	curl -o qat1.7.l.4.7.0-00006.tar.gz https://01.org/sites/default/files/downloads/qat1.7.l.4.7.0-00006.tar.gz
 	mkdir QAT1.7
-	mv qat1.7.l.4.5.0-00034.tar.gz QAT1.7
+	mv qat1.7.l.4.7.0-00006.tar.gz QAT1.7
 	cd QAT1.7
-	tar -xvzf qat1.7.l.4.6.0-00025.tar.gz
+	tar -xvzf qat1.7.l.4.7.0-00006.tar.gz
 	./configure
 	make
 	sudo make install

wolfcrypt/src/port/intel/quickassist.c

@@ -2180,6 +2180,17 @@ static void IntelQaSymCipherCallback(void *pCallbackTag, CpaStatus status,
                 XMEMCPY(dev->qat.out, pDstBuffer->pBuffers->pData, outLen);
             }
 
+            /* capture IV for next call */
+            if (dev->qat.op.cipher.iv && dev->qat.op.cipher.ivSz > 0) {
+                word32 ivSz = dev->qat.op.cipher.ivSz;
+                if (ivSz > outLen)
+                    ivSz = outLen;
+                /* copy last block */
+                XMEMCPY(dev->qat.op.cipher.iv,
+                        &pDstBuffer->pBuffers->pData[outLen - ivSz],
+                        ivSz);
+            }
+
         #ifndef NO_AES
             /* return authTag */
             if (dev->qat.op.cipher.authTag && dev->qat.op.cipher.authTagSz > 0) {
@@ -2207,7 +2218,7 @@ static void IntelQaSymCipherCallback(void *pCallbackTag, CpaStatus status,
 }
 
 static int IntelQaSymCipher(WC_ASYNC_DEV* dev, byte* out, const byte* in,
-    word32 inOutSz, const byte* key, word32 keySz, const byte* iv, word32 ivSz,
+    word32 inOutSz, const byte* key, word32 keySz, byte* iv, word32 ivSz,
     CpaCySymOp symOperation, CpaCySymCipherAlgorithm cipherAlgorithm,
     CpaCySymCipherDirection cipherDirection,
 
@@ -2352,6 +2363,20 @@ static int IntelQaSymCipher(WC_ASYNC_DEV* dev, byte* out, const byte* in,
     /* store info needed for output */
     dev->qat.out = out;
     dev->qat.outLen = inOutSz;
+    /* optional return of next IV */
+    if (cipherAlgorithm != CPA_CY_SYM_CIPHER_AES_GCM && iv) {
+        if (ivSz > inOutSz)
+            ivSz = inOutSz;
+        if (cipherDirection == CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT) {
+            /* capture this on the callback */
+            dev->qat.op.cipher.iv = iv;
+            dev->qat.op.cipher.ivSz = ivSz;
+        }
+        else {
+            /* capture last block of input as next IV */
+            XMEMCPY(iv, &in[inOutSz - ivSz], ivSz);
+        }
+    }
     if (cipherDirection == CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT) {
         dev->qat.op.cipher.authTag = authTag;
         dev->qat.op.cipher.authTagSz = authTagSz;
@@ -2394,7 +2419,7 @@ static int IntelQaSymCipher(WC_ASYNC_DEV* dev, byte* out, const byte* in,
 int IntelQaSymAesCbcEncrypt(WC_ASYNC_DEV* dev,
             byte* out, const byte* in, word32 sz,
             const byte* key, word32 keySz,
-            const byte* iv, word32 ivSz)
+            byte* iv, word32 ivSz)
 {
     return IntelQaSymCipher(dev, out, in, sz,
         key, keySz, iv, ivSz,
@@ -2407,7 +2432,7 @@ int IntelQaSymAesCbcEncrypt(WC_ASYNC_DEV* dev,
 int IntelQaSymAesCbcDecrypt(WC_ASYNC_DEV* dev,
             byte* out, const byte* in, word32 sz,
             const byte* key, word32 keySz,
-            const byte* iv, word32 ivSz)
+            byte* iv, word32 ivSz)
 {
     return IntelQaSymCipher(dev, out, in, sz,
         key, keySz, iv, ivSz,
@@ -2428,7 +2453,7 @@ int IntelQaSymAesGcmEncrypt(WC_ASYNC_DEV* dev,
             const byte* authIn, word32 authInSz)
 {
     return IntelQaSymCipher(dev, out, in, sz,
-        key, keySz, iv, ivSz,
+        key, keySz, (byte*)iv, ivSz,
         CPA_CY_SYM_OP_ALGORITHM_CHAINING, CPA_CY_SYM_CIPHER_AES_GCM,
         CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT,
         CPA_CY_SYM_HASH_AES_GCM, authTag, authTagSz, authIn, authInSz);
@@ -2442,7 +2467,7 @@ int IntelQaSymAesGcmDecrypt(WC_ASYNC_DEV* dev,
             const byte* authIn, word32 authInSz)
 {
     return IntelQaSymCipher(dev, out, in, sz,
-        key, keySz, iv, ivSz,
+        key, keySz, (byte*)iv, ivSz,
         CPA_CY_SYM_OP_ALGORITHM_CHAINING, CPA_CY_SYM_CIPHER_AES_GCM,
         CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT,
         CPA_CY_SYM_HASH_AES_GCM, (byte*)authTag, authTagSz, authIn, authInSz);
@@ -2454,7 +2479,7 @@ int IntelQaSymAesGcmDecrypt(WC_ASYNC_DEV* dev,
 int IntelQaSymDes3CbcEncrypt(WC_ASYNC_DEV* dev,
             byte* out, const byte* in, word32 sz,
             const byte* key, word32 keySz,
-            const byte* iv, word32 ivSz)
+            byte* iv, word32 ivSz)
 {
     return IntelQaSymCipher(dev, out, in, sz,
         key, keySz, iv, ivSz,
@@ -2466,7 +2491,7 @@ int IntelQaSymDes3CbcEncrypt(WC_ASYNC_DEV* dev,
 int IntelQaSymDes3CbcDecrypt(WC_ASYNC_DEV* dev,
             byte* out, const byte* in, word32 sz,
             const byte* key, word32 keySz,
-            const byte* iv, word32 ivSz)
+            byte* iv, word32 ivSz)
 {
     return IntelQaSymCipher(dev, out, in, sz,
         key, keySz, iv, ivSz,

wolfssl/wolfcrypt/port/intel/quickassist.h

@@ -226,6 +226,8 @@ typedef struct IntelQaDev {
             CpaFlatBuffer flatBuffer;
             byte* authTag;
             word32 authTagSz;
+            byte* iv;
+            word32 ivSz;
         } cipher;
     #endif
     #if defined(QAT_ENABLE_PKI) && defined(HAVE_ECC)
@@ -345,12 +347,12 @@ WOLFSSL_LOCAL int IntelQaGetCyInstanceCount(void);
         WOLFSSL_LOCAL int IntelQaSymAesCbcEncrypt(struct WC_ASYNC_DEV* dev,
             byte* out, const byte* in, word32 sz,
             const byte* key, word32 keySz,
-            const byte* iv, word32 ivSz);
+            byte* iv, word32 ivSz);
     #ifdef HAVE_AES_DECRYPT
         WOLFSSL_LOCAL int IntelQaSymAesCbcDecrypt(struct WC_ASYNC_DEV* dev,
             byte* out, const byte* in, word32 sz,
             const byte* key, word32 keySz,
-            const byte* iv, word32 ivSz);
+            byte* iv, word32 ivSz);
     #endif /* HAVE_AES_DECRYPT */
     #endif /* HAVE_AES_CBC */
 
@@ -376,11 +378,11 @@ WOLFSSL_LOCAL int IntelQaGetCyInstanceCount(void);
     WOLFSSL_LOCAL int IntelQaSymDes3CbcEncrypt(struct WC_ASYNC_DEV* dev,
                 byte* out, const byte* in, word32 sz,
                 const byte* key, word32 keySz,
-                const byte* iv, word32 ivSz);
+                byte* iv, word32 ivSz);
     WOLFSSL_LOCAL int IntelQaSymDes3CbcDecrypt(struct WC_ASYNC_DEV* dev,
                 byte* out, const byte* in, word32 sz,
                 const byte* key, word32 keySz,
-                const byte* iv, word32 ivSz);
+                byte* iv, word32 ivSz);
 #endif /*! NO_DES3 */
 
 #ifdef WOLFSSL_SHA512