mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-18 12:28:09 +00:00
feat(crypto): Integrate AES GCM into trezor-crypto.
This commit is contained in:
parent
6e207215e3
commit
a3adf98e47
@ -84,6 +84,7 @@ CFLAGS += -DUSE_NEM=1
|
||||
CFLAGS += -DUSE_CARDANO=1
|
||||
CFLAGS += -DUSE_INSECURE_PRNG=1
|
||||
CFLAGS += -DAES_128
|
||||
CFLAGS += -DAES_VAR
|
||||
CFLAGS += $(shell pkg-config --cflags openssl)
|
||||
|
||||
# disable certain optimizations and features when small footprint is required
|
||||
@ -98,7 +99,7 @@ SRCS += ripemd160.c
|
||||
SRCS += sha2.c
|
||||
SRCS += sha3.c
|
||||
SRCS += hasher.c
|
||||
SRCS += aes/aesccm.c aes/aescrypt.c aes/aeskey.c aes/aestab.c aes/aes_modes.c
|
||||
SRCS += aes/aesccm.c aes/aescrypt.c aes/aesgcm.c aes/aeskey.c aes/aestab.c aes/aes_modes.c aes/gf128mul.c
|
||||
SRCS += ed25519-donna/curve25519-donna-32bit.c ed25519-donna/curve25519-donna-helpers.c ed25519-donna/modm-donna-32bit.c
|
||||
SRCS += ed25519-donna/ed25519-donna-basepoint-table.c ed25519-donna/ed25519-donna-32bit-tables.c ed25519-donna/ed25519-donna-impl-base.c
|
||||
SRCS += ed25519-donna/ed25519.c ed25519-donna/curve25519-donna-scalarmult-base.c ed25519-donna/ed25519-sha3.c ed25519-donna/ed25519-keccak.c
|
||||
@ -157,7 +158,7 @@ tests/test_openssl: tests/test_openssl.o $(OBJS)
|
||||
$(CC) $(CFLAGS) tests/test_openssl.o $(OBJS) $(TESTSSLLIBS) -o tests/test_openssl
|
||||
|
||||
tests/libtrezor-crypto.so: $(SRCS) secp256k1-zkp.o precomputed_ecmult.o precomputed_ecmult_gen.o
|
||||
$(CC) $(CFLAGS) -DAES_128 -DAES_192 -fPIC -shared $(SRCS) secp256k1-zkp.o precomputed_ecmult.o precomputed_ecmult_gen.o -o tests/libtrezor-crypto.so
|
||||
$(CC) $(CFLAGS) -fPIC -shared $(SRCS) secp256k1-zkp.o precomputed_ecmult.o precomputed_ecmult_gen.o -o tests/libtrezor-crypto.so
|
||||
|
||||
tools: tools/xpubaddrgen tools/mktable tools/bip39bruteforce
|
||||
|
||||
|
@ -27,7 +27,6 @@ Issue Date: 02/08/2018
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define VOID_RETURN void
|
||||
#define INT_RETURN int
|
||||
#define ALIGN_OFFSET(x,n) (((intptr_t)(x)) & ((n) - 1))
|
||||
#define ALIGN_FLOOR(x,n) ((uint8_t*)(x) - ( ((intptr_t)(x)) & ((n) - 1)))
|
||||
|
@ -29,7 +29,7 @@ Issue Date: 30/03/2011
|
||||
a bug in the fast buffer operations on big endian systems.
|
||||
*/
|
||||
|
||||
#include "gcm.h"
|
||||
#include "aesgcm.h"
|
||||
#include "mode_hdr.h"
|
||||
|
||||
/* This GCM implementation needs a Galois Field multiplier for GF(2^128).
|
||||
@ -176,7 +176,7 @@ ret_type gcm_init_message( /* initialise a new message */
|
||||
xor_block_aligned(ctx->ctr_val, ctx->ctr_val, iv);
|
||||
n_pos -= BLOCK_SIZE;
|
||||
iv += BLOCK_SIZE;
|
||||
gf_mul_hh((gf_t*)ctx->ctr_val, ctx);
|
||||
gf_mul_hh(ctx->ctr_val, ctx);
|
||||
}
|
||||
|
||||
if(n_pos)
|
||||
@ -184,12 +184,12 @@ ret_type gcm_init_message( /* initialise a new message */
|
||||
p = UI8_PTR(ctx->ctr_val);
|
||||
while(n_pos-- > 0)
|
||||
*p++ ^= *iv++;
|
||||
gf_mul_hh((gf_t*)ctx->ctr_val, ctx);
|
||||
gf_mul_hh(ctx->ctr_val, ctx);
|
||||
}
|
||||
n_pos = (iv_len << 3);
|
||||
for(i = BLOCK_SIZE - 1; n_pos; --i, n_pos >>= 8)
|
||||
UI8_PTR(ctx->ctr_val)[i] ^= (unsigned char)n_pos;
|
||||
gf_mul_hh((gf_t*)ctx->ctr_val, ctx);
|
||||
gf_mul_hh(ctx->ctr_val, ctx);
|
||||
}
|
||||
|
||||
ctx->y0_val = *UI32_PTR(UI8_PTR(ctx->ctr_val) + CTR_POS);
|
||||
@ -210,7 +210,7 @@ ret_type gcm_auth_header( /* authenticate the header */
|
||||
return RETURN_GOOD;
|
||||
|
||||
if(ctx->hdr_cnt && b_pos == 0)
|
||||
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
|
||||
gf_mul_hh(ctx->hdr_ghv, ctx);
|
||||
|
||||
if(!((hdr - (UI8_PTR(ctx->hdr_ghv) + b_pos)) & BUF_ADRMASK))
|
||||
{
|
||||
@ -225,7 +225,7 @@ ret_type gcm_auth_header( /* authenticate the header */
|
||||
|
||||
while(cnt + BLOCK_SIZE <= hdr_len)
|
||||
{
|
||||
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
|
||||
gf_mul_hh(ctx->hdr_ghv, ctx);
|
||||
xor_block_aligned(ctx->hdr_ghv, ctx->hdr_ghv, hdr + cnt);
|
||||
cnt += BLOCK_SIZE;
|
||||
}
|
||||
@ -237,7 +237,7 @@ ret_type gcm_auth_header( /* authenticate the header */
|
||||
|
||||
while(cnt + BLOCK_SIZE <= hdr_len)
|
||||
{
|
||||
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
|
||||
gf_mul_hh(ctx->hdr_ghv, ctx);
|
||||
xor_block(ctx->hdr_ghv, ctx->hdr_ghv, hdr + cnt);
|
||||
cnt += BLOCK_SIZE;
|
||||
}
|
||||
@ -247,7 +247,7 @@ ret_type gcm_auth_header( /* authenticate the header */
|
||||
{
|
||||
if(b_pos == BLOCK_SIZE)
|
||||
{
|
||||
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
|
||||
gf_mul_hh(ctx->hdr_ghv, ctx);
|
||||
b_pos = 0;
|
||||
}
|
||||
UI8_PTR(ctx->hdr_ghv)[b_pos++] ^= hdr[cnt++];
|
||||
@ -267,7 +267,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */
|
||||
return RETURN_GOOD;
|
||||
|
||||
if(ctx->txt_acnt && b_pos == 0)
|
||||
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
|
||||
gf_mul_hh(ctx->txt_ghv, ctx);
|
||||
|
||||
if(!((data - (UI8_PTR(ctx->txt_ghv) + b_pos)) & BUF_ADRMASK))
|
||||
{
|
||||
@ -282,7 +282,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */
|
||||
|
||||
while(cnt + BLOCK_SIZE <= data_len)
|
||||
{
|
||||
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
|
||||
gf_mul_hh(ctx->txt_ghv, ctx);
|
||||
xor_block_aligned(ctx->txt_ghv, ctx->txt_ghv, data + cnt);
|
||||
cnt += BLOCK_SIZE;
|
||||
}
|
||||
@ -294,7 +294,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */
|
||||
|
||||
while(cnt + BLOCK_SIZE <= data_len)
|
||||
{
|
||||
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
|
||||
gf_mul_hh(ctx->txt_ghv, ctx);
|
||||
xor_block(ctx->txt_ghv, ctx->txt_ghv, data + cnt);
|
||||
cnt += BLOCK_SIZE;
|
||||
}
|
||||
@ -304,7 +304,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */
|
||||
{
|
||||
if(b_pos == BLOCK_SIZE)
|
||||
{
|
||||
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
|
||||
gf_mul_hh(ctx->txt_ghv, ctx);
|
||||
b_pos = 0;
|
||||
}
|
||||
UI8_PTR(ctx->txt_ghv)[b_pos++] ^= data[cnt++];
|
||||
@ -385,8 +385,8 @@ ret_type gcm_compute_tag( /* compute authentication tag */
|
||||
if(ctx->txt_acnt != ctx->txt_ccnt && ctx->txt_ccnt > 0)
|
||||
return RETURN_ERROR;
|
||||
|
||||
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
|
||||
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
|
||||
gf_mul_hh(ctx->hdr_ghv, ctx);
|
||||
gf_mul_hh(ctx->txt_ghv, ctx);
|
||||
|
||||
if(ctx->hdr_cnt)
|
||||
{
|
||||
@ -424,7 +424,7 @@ ret_type gcm_compute_tag( /* compute authentication tag */
|
||||
convert_representation(tbuf, tbuf, GF_REPRESENTATION);
|
||||
# endif
|
||||
if(i & ln)
|
||||
gf_mul_hh((gf_t*)tbuf, ctx);
|
||||
gf_mul_hh(tbuf, ctx);
|
||||
i >>= 1;
|
||||
}
|
||||
# if defined( GF_REPRESENTATION )
|
||||
@ -466,7 +466,7 @@ ret_type gcm_compute_tag( /* compute authentication tag */
|
||||
}
|
||||
#endif
|
||||
|
||||
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
|
||||
gf_mul_hh(ctx->hdr_ghv, ctx);
|
||||
|
||||
memcpy(ctx->enc_ctr, ctx->ctr_val, BLOCK_SIZE);
|
||||
*UI32_PTR(UI8_PTR(ctx->enc_ctr) + CTR_POS) = ctx->y0_val;
|
||||
|
@ -95,9 +95,7 @@ Issue Date: 20/12/2007
|
||||
|
||||
/* PLATFORM SPECIFIC INCLUDES */
|
||||
|
||||
#define IS_BIG_ENDIAN 4321
|
||||
#define IS_LITTLE_ENDIAN 1234
|
||||
#define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
|
||||
#include "brg_endian.h"
|
||||
|
||||
/* CONFIGURATION - THE USE OF DEFINES
|
||||
|
||||
|
@ -116,7 +116,7 @@ Issue Date: 11/01/2011
|
||||
# define NEED_UINT_64T
|
||||
#endif
|
||||
|
||||
#include "brg_types.h"
|
||||
#include "mode_hdr.h"
|
||||
|
||||
/* Choose the Galois Field representation to use (see above) */
|
||||
#if 0
|
||||
@ -141,7 +141,7 @@ Issue Date: 11/01/2011
|
||||
#if 0
|
||||
# define TABLES_8K
|
||||
#endif
|
||||
#if 1
|
||||
#if 0
|
||||
# define TABLES_4K
|
||||
#endif
|
||||
#if 0
|
||||
|
@ -51,7 +51,12 @@ This header file is an INTERNAL file which supports mode implementation
|
||||
# define NEED_UINT_64T
|
||||
#endif
|
||||
|
||||
#include "brg_types.h"
|
||||
#include <stdint.h>
|
||||
#define UI_TYPE(size) uint##size##_t
|
||||
#define UNIT_TYPEDEF(x,size) typedef UI_TYPE(size) x
|
||||
#define BUFR_TYPEDEF(x,size,bsize) typedef UI_TYPE(size) x[bsize / (size >> 3)]
|
||||
#define UNIT_CAST(x,size) ((UI_TYPE(size) )(x))
|
||||
#define UPTR_CAST(x,size) ((UI_TYPE(size)*)(x))
|
||||
|
||||
/* Use of inlines is preferred but code blocks can also be expanded inline
|
||||
using 'defines'. But the latter approach will typically generate a LOT
|
||||
|
Loading…
Reference in New Issue
Block a user