arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-18 05:28:40 +00:00
Code Issues Releases Wiki Activity

feat(crypto): Integrate AES GCM into trezor-crypto.

Browse Source
This commit is contained in:
Andrew Kozlik 2024-03-15 15:53:30 +01:00 committed by Andrew Kozlik
parent 6e207215e3
commit a3adf98e47
6 changed files with 28 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/Makefile
View File

@ -84,6 +84,7 @@ CFLAGS += -DUSE_NEM=1
CFLAGS += -DUSE_CARDANO=1
CFLAGS += -DUSE_INSECURE_PRNG=1
CFLAGS += -DAES_128
CFLAGS += -DAES_VAR
CFLAGS += $(shell pkg-config --cflags openssl)
# disable certain optimizations and features when small footprint is required
@ -98,7 +99,7 @@ SRCS += ripemd160.c
SRCS += sha2.c
SRCS += sha3.c
SRCS += hasher.c
SRCS += aes/aesccm.c aes/aescrypt.c aes/aeskey.c aes/aestab.c aes/aes_modes.c
SRCS += aes/aesccm.c aes/aescrypt.c aes/aesgcm.c aes/aeskey.c aes/aestab.c aes/aes_modes.c aes/gf128mul.c
SRCS += ed25519-donna/curve25519-donna-32bit.c ed25519-donna/curve25519-donna-helpers.c ed25519-donna/modm-donna-32bit.c
SRCS += ed25519-donna/ed25519-donna-basepoint-table.c ed25519-donna/ed25519-donna-32bit-tables.c ed25519-donna/ed25519-donna-impl-base.c
SRCS += ed25519-donna/ed25519.c ed25519-donna/curve25519-donna-scalarmult-base.c ed25519-donna/ed25519-sha3.c ed25519-donna/ed25519-keccak.c
@ -157,7 +158,7 @@ tests/test_openssl: tests/test_openssl.o $(OBJS)
$(CC) $(CFLAGS) tests/test_openssl.o $(OBJS) $(TESTSSLLIBS) -o tests/test_openssl
tests/libtrezor-crypto.so: $(SRCS) secp256k1-zkp.o precomputed_ecmult.o precomputed_ecmult_gen.o
$(CC) $(CFLAGS) -DAES_128 -DAES_192 -fPIC -shared $(SRCS) secp256k1-zkp.o precomputed_ecmult.o precomputed_ecmult_gen.o -o tests/libtrezor-crypto.so
$(CC) $(CFLAGS) -fPIC -shared $(SRCS) secp256k1-zkp.o precomputed_ecmult.o precomputed_ecmult_gen.o -o tests/libtrezor-crypto.so
tools: tools/xpubaddrgen tools/mktable tools/bip39bruteforce

1
crypto/aes/aes.h
View File

@ -27,7 +27,6 @@ Issue Date: 02/08/2018
#include <stdlib.h>
#include <stdint.h>
#define VOID_RETURN void
#define INT_RETURN int
#define ALIGN_OFFSET(x,n) (((intptr_t)(x)) & ((n) - 1))
#define ALIGN_FLOOR(x,n) ((uint8_t*)(x) - ( ((intptr_t)(x)) & ((n) - 1)))

32
crypto/aes/aesgcm.c
View File

@ -29,7 +29,7 @@ Issue Date: 30/03/2011
a bug in the fast buffer operations on big endian systems.
*/
#include "gcm.h"
#include "aesgcm.h"
#include "mode_hdr.h"
/* This GCM implementation needs a Galois Field multiplier for GF(2^128).
@ -176,7 +176,7 @@ ret_type gcm_init_message( /* initialise a new message */
xor_block_aligned(ctx->ctr_val, ctx->ctr_val, iv);
n_pos -= BLOCK_SIZE;
iv += BLOCK_SIZE;
gf_mul_hh((gf_t*)ctx->ctr_val, ctx);
gf_mul_hh(ctx->ctr_val, ctx);
}
if(n_pos)
@ -184,12 +184,12 @@ ret_type gcm_init_message( /* initialise a new message */
p = UI8_PTR(ctx->ctr_val);
while(n_pos-- > 0)
*p++ ^= *iv++;
gf_mul_hh((gf_t*)ctx->ctr_val, ctx);
gf_mul_hh(ctx->ctr_val, ctx);
}
n_pos = (iv_len << 3);
for(i = BLOCK_SIZE - 1; n_pos; --i, n_pos >>= 8)
UI8_PTR(ctx->ctr_val)[i] ^= (unsigned char)n_pos;
gf_mul_hh((gf_t*)ctx->ctr_val, ctx);
gf_mul_hh(ctx->ctr_val, ctx);
}
ctx->y0_val = *UI32_PTR(UI8_PTR(ctx->ctr_val) + CTR_POS);
@ -210,7 +210,7 @@ ret_type gcm_auth_header( /* authenticate the header */
return RETURN_GOOD;
if(ctx->hdr_cnt && b_pos == 0)
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
gf_mul_hh(ctx->hdr_ghv, ctx);
if(!((hdr - (UI8_PTR(ctx->hdr_ghv) + b_pos)) & BUF_ADRMASK))
{
@ -225,7 +225,7 @@ ret_type gcm_auth_header( /* authenticate the header */
while(cnt + BLOCK_SIZE <= hdr_len)
{
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
gf_mul_hh(ctx->hdr_ghv, ctx);
xor_block_aligned(ctx->hdr_ghv, ctx->hdr_ghv, hdr + cnt);
cnt += BLOCK_SIZE;
}
@ -237,7 +237,7 @@ ret_type gcm_auth_header( /* authenticate the header */
while(cnt + BLOCK_SIZE <= hdr_len)
{
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
gf_mul_hh(ctx->hdr_ghv, ctx);
xor_block(ctx->hdr_ghv, ctx->hdr_ghv, hdr + cnt);
cnt += BLOCK_SIZE;
}
@ -247,7 +247,7 @@ ret_type gcm_auth_header( /* authenticate the header */
{
if(b_pos == BLOCK_SIZE)
{
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
gf_mul_hh(ctx->hdr_ghv, ctx);
b_pos = 0;
}
UI8_PTR(ctx->hdr_ghv)[b_pos++] ^= hdr[cnt++];
@ -267,7 +267,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */
return RETURN_GOOD;
if(ctx->txt_acnt && b_pos == 0)
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
gf_mul_hh(ctx->txt_ghv, ctx);
if(!((data - (UI8_PTR(ctx->txt_ghv) + b_pos)) & BUF_ADRMASK))
{
@ -282,7 +282,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */
while(cnt + BLOCK_SIZE <= data_len)
{
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
gf_mul_hh(ctx->txt_ghv, ctx);
xor_block_aligned(ctx->txt_ghv, ctx->txt_ghv, data + cnt);
cnt += BLOCK_SIZE;
}
@ -294,7 +294,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */
while(cnt + BLOCK_SIZE <= data_len)
{
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
gf_mul_hh(ctx->txt_ghv, ctx);
xor_block(ctx->txt_ghv, ctx->txt_ghv, data + cnt);
cnt += BLOCK_SIZE;
}
@ -304,7 +304,7 @@ ret_type gcm_auth_data( /* authenticate ciphertext data */
{
if(b_pos == BLOCK_SIZE)
{
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
gf_mul_hh(ctx->txt_ghv, ctx);
b_pos = 0;
}
UI8_PTR(ctx->txt_ghv)[b_pos++] ^= data[cnt++];
@ -385,8 +385,8 @@ ret_type gcm_compute_tag( /* compute authentication tag */
if(ctx->txt_acnt != ctx->txt_ccnt && ctx->txt_ccnt > 0)
return RETURN_ERROR;
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
gf_mul_hh((gf_t*)ctx->txt_ghv, ctx);
gf_mul_hh(ctx->hdr_ghv, ctx);
gf_mul_hh(ctx->txt_ghv, ctx);
if(ctx->hdr_cnt)
{
@ -424,7 +424,7 @@ ret_type gcm_compute_tag( /* compute authentication tag */
convert_representation(tbuf, tbuf, GF_REPRESENTATION);
# endif
if(i & ln)
gf_mul_hh((gf_t*)tbuf, ctx);
gf_mul_hh(tbuf, ctx);
i >>= 1;
}
# if defined( GF_REPRESENTATION )
@ -466,7 +466,7 @@ ret_type gcm_compute_tag( /* compute authentication tag */
}
#endif
gf_mul_hh((gf_t*)ctx->hdr_ghv, ctx);
gf_mul_hh(ctx->hdr_ghv, ctx);
memcpy(ctx->enc_ctr, ctx->ctr_val, BLOCK_SIZE);
*UI32_PTR(UI8_PTR(ctx->enc_ctr) + CTR_POS) = ctx->y0_val;

4
crypto/aes/aesopt.h
View File

@ -95,9 +95,7 @@ Issue Date: 20/12/2007
/* PLATFORM SPECIFIC INCLUDES */
#define IS_BIG_ENDIAN 4321
#define IS_LITTLE_ENDIAN 1234
#define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
#include "brg_endian.h"
/* CONFIGURATION - THE USE OF DEFINES

4
crypto/aes/gf128mul.h
View File

@ -116,7 +116,7 @@ Issue Date: 11/01/2011
# define NEED_UINT_64T
#endif
#include "brg_types.h"
#include "mode_hdr.h"
/* Choose the Galois Field representation to use (see above) */
#if 0
@ -141,7 +141,7 @@ Issue Date: 11/01/2011
#if 0
# define TABLES_8K
#endif
#if 1
#if 0
# define TABLES_4K
#endif
#if 0

7
crypto/aes/mode_hdr.h
View File

@ -51,7 +51,12 @@ This header file is an INTERNAL file which supports mode implementation
# define NEED_UINT_64T
#endif
#include "brg_types.h"
#include <stdint.h>
#define UI_TYPE(size) uint##size##_t
#define UNIT_TYPEDEF(x,size) typedef UI_TYPE(size) x
#define BUFR_TYPEDEF(x,size,bsize) typedef UI_TYPE(size) x[bsize / (size >> 3)]
#define UNIT_CAST(x,size) ((UI_TYPE(size) )(x))
#define UPTR_CAST(x,size) ((UI_TYPE(size)*)(x))
/* Use of inlines is preferred but code blocks can also be expanded inline
using 'defines'. But the latter approach will typically generate a LOT