summaryrefslogtreecommitdiff
path: root/cesar
diff options
context:
space:
mode:
authorlaranjeiro2009-06-15 13:04:16 +0000
committerlaranjeiro2009-06-15 13:04:16 +0000
commit1cad1f444a2f085e3031c6efdf29e5b0b9b8615e (patch)
tree83fd30ffbfe1342414970d2a1135dd2517d93f5f /cesar
parent5c4119fe62c6ea3373b79961dd4ecd47781bc8cb (diff)
*cp/secu:
* Added the checkpoint function call on the AES cbc encrypt and decrypt function, when the loop variable is modulo CP_SECU_CHECKPOINT_ITERATION. * Use the define in the pbkdf1 function. git-svn-id: svn+ssh://pessac/svn/cesar/trunk@4791 017c9cb6-072f-447c-8318-d5b54f68fe89
Diffstat (limited to 'cesar')
-rw-r--r--cesar/cp/secu/defs.h3
-rw-r--r--cesar/cp/secu/secu.h11
-rw-r--r--cesar/cp/secu/src/pbkdf1.c2
-rw-r--r--cesar/cp/secu/src/secu.c23
-rw-r--r--cesar/cp/secu/test/sparc-ecos.ecc.sh4
-rw-r--r--cesar/cp/secu/test/src/test-aes.c10
6 files changed, 38 insertions, 15 deletions
diff --git a/cesar/cp/secu/defs.h b/cesar/cp/secu/defs.h
index d5c1fe61a4..3c44a82d94 100644
--- a/cesar/cp/secu/defs.h
+++ b/cesar/cp/secu/defs.h
@@ -42,6 +42,9 @@
See 7.10.3.5. */
#define CP_SECU_HASH_KEY_FOR_TEK_SIZE 384
+/** Number of allowed iteration before calling the sta core checkpoint
+ * function. */
+#define CP_SECU_CHECKPOINT_ITERATION 10
/** Enumerate the PIDs. */
enum cp_secu_pid_t
diff --git a/cesar/cp/secu/secu.h b/cesar/cp/secu/secu.h
index ded1e84971..73be8d98c3 100644
--- a/cesar/cp/secu/secu.h
+++ b/cesar/cp/secu/secu.h
@@ -22,6 +22,7 @@
#include "cp/secu/inc/openssl_aes.h"
#include "string.h"
+
#define GET_UINT32(n,b,i) \
{ \
(n) = ( (u32) (b)[(i) ] ) \
@@ -293,26 +294,28 @@ cp_secu_aes_decrypt ( cp_secu_aes_t *ctx, const u32 *input, u32 *output)
/**
* Encrypt a buffer.
- * \param ctx the aes context.
+ * \param ctx the module context.
+ * \param aes_ctx the aes context.
* \param iv the initializer vector.
* \param input the input buffer.
* \param output the output buffer.
* \param length the input buffer length in bytes.
*/
void
-cp_secu_aes_cbc_encrypt (cp_secu_aes_t *ctx, u32 iv[4],
+cp_secu_aes_cbc_encrypt (cp_t *ctx, cp_secu_aes_t *aes_ctx, u32 iv[4],
const u32 *input, u32 *output, int length);
/**
* Decrypt a buffer.
- * \param ctx the aes context.
+ * \param ctx the module context.
+ * \param aes_ctx the aes context.
* \param iv the initializer vector.
* \param input the input buffer.
* \param output the output buffer.
* \param length the input buffer length in bytes.
*/
void
-cp_secu_aes_cbc_decrypt (cp_secu_aes_t *ctx, u32 iv[4],
+cp_secu_aes_cbc_decrypt (cp_t *ctx, cp_secu_aes_t *aes_ctx, u32 iv[4],
const u32 *input, u32 *output, int length);
/**
diff --git a/cesar/cp/secu/src/pbkdf1.c b/cesar/cp/secu/src/pbkdf1.c
index e99ece2125..3615e6dd40 100644
--- a/cesar/cp/secu/src/pbkdf1.c
+++ b/cesar/cp/secu/src/pbkdf1.c
@@ -58,7 +58,7 @@ secu_pbkdf1 (cp_t *ctx, const u8 input[], const uint input_length,
uint i;
for (i = 1; i < it_count; i++)
{
- if ((i % 10) == 0)
+ if ((i % CP_SECU_CHECKPOINT_ITERATION) == 0)
cp_sta_core_checkpoint (ctx);
cp_secu_sha256 (sha_output, CP_SECU_SHA256_SIZE, sha_output);
}
diff --git a/cesar/cp/secu/src/secu.c b/cesar/cp/secu/src/secu.c
index e8257692a7..17b3cd2e4c 100644
--- a/cesar/cp/secu/src/secu.c
+++ b/cesar/cp/secu/src/secu.c
@@ -16,6 +16,7 @@
#include "lib/bitstream.h"
#include "cp/defs.h"
+#include "cp/sta/core/core.h"
#include "cp/secu/defs.h"
#include "cp/secu/secu.h"
#include "cp/secu/pbkdf1.h"
@@ -207,7 +208,7 @@ cp_secu_generate_hash (cp_t *ctx, const u32 seed, u8 *hash,
}
void
-cp_secu_aes_cbc_encrypt (cp_secu_aes_t *ctx, u32 iv[4],
+cp_secu_aes_cbc_encrypt (cp_t *ctx, cp_secu_aes_t *aes_ctx, u32 iv[4],
const u32 *input, u32 *output, int length)
{
/* Based on the Real AES CBC function, this one only work with word
@@ -215,12 +216,15 @@ cp_secu_aes_cbc_encrypt (cp_secu_aes_t *ctx, u32 iv[4],
int i;
int len;
u32 wb[4];
+ uint loop;
dbg_assert (ctx);
+ dbg_assert (aes_ctx);
dbg_assert (iv);
dbg_assert (input);
dbg_assert (output);
+ loop = 0;
while (length > 0)
{
len = (length > 16) ? 128 : length * 8;
@@ -231,7 +235,10 @@ cp_secu_aes_cbc_encrypt (cp_secu_aes_t *ctx, u32 iv[4],
len -= 32;
}
- cp_secu_aes_encrypt (ctx, wb, wb);
+ if (loop % CP_SECU_CHECKPOINT_ITERATION == 0)
+ cp_sta_core_checkpoint (ctx);
+
+ cp_secu_aes_encrypt (aes_ctx, wb, wb);
len = (length > 16) ? 128 : length * 8;
for (i = 0; len; i++)
@@ -244,23 +251,27 @@ cp_secu_aes_cbc_encrypt (cp_secu_aes_t *ctx, u32 iv[4],
input += 4;
output += 4;
length -= 16;
+ loop ++;
}
}
void
-cp_secu_aes_cbc_decrypt (cp_secu_aes_t *ctx, u32 iv[4],
+cp_secu_aes_cbc_decrypt (cp_t *ctx, cp_secu_aes_t *aes_ctx, u32 iv[4],
const u32 *input, u32 *output, int length)
{
int i;
u32 temp[4];
u32 wb[4];
int len;
+ uint loop;
dbg_assert (ctx);
+ dbg_assert (aes_ctx);
dbg_assert (iv);
dbg_assert (input);
dbg_assert (output);
+ loop = 0;
while (length > 0)
{
len = (length > 16) ? 128 : length * 8;
@@ -272,7 +283,10 @@ cp_secu_aes_cbc_decrypt (cp_secu_aes_t *ctx, u32 iv[4],
len -= 32;
}
- cp_secu_aes_decrypt (ctx, wb, wb);
+ if ((loop % CP_SECU_CHECKPOINT_ITERATION) == 0)
+ cp_sta_core_checkpoint (ctx);
+
+ cp_secu_aes_decrypt (aes_ctx, wb, wb);
for (i = 0; i < 4; i++)
wb[i] ^= iv[i];
@@ -290,6 +304,7 @@ cp_secu_aes_cbc_decrypt (cp_secu_aes_t *ctx, u32 iv[4],
input += 4;
output += 4;
length -= 16;
+ loop ++;
}
}
diff --git a/cesar/cp/secu/test/sparc-ecos.ecc.sh b/cesar/cp/secu/test/sparc-ecos.ecc.sh
index ae6774d302..534ab66398 100644
--- a/cesar/cp/secu/test/sparc-ecos.ecc.sh
+++ b/cesar/cp/secu/test/sparc-ecos.ecc.sh
@@ -2,10 +2,10 @@ config=${1:-ecos-gen.ecc}
ecosconfig --config=$config new sparc_leon default
cat >> $config <<'EOF'
cdl_option CYGNUM_HAL_SYSTEM_CLOCK_FREQ {
- user_value TO_CHANGE
+ user_value 75
}
cdl_option CYGNUM_HAL_UART_TRACE_FREQ {
- user_value TO_CHANGE
+ user_value 50
}
EOF
ecosconfig --config=$config check
diff --git a/cesar/cp/secu/test/src/test-aes.c b/cesar/cp/secu/test/src/test-aes.c
index 26696a5edc..e36b943048 100644
--- a/cesar/cp/secu/test/src/test-aes.c
+++ b/cesar/cp/secu/test/src/test-aes.c
@@ -88,6 +88,7 @@ test_case_cp_secu_aes_crypt (test_t test)
test_begin (test, "encrypt")
{
bitstream_t stream;
+ uint ctx;
cp_secu_aes_t aes;
u32 input[380];
u32 output[380];
@@ -138,7 +139,7 @@ test_case_cp_secu_aes_crypt (test_t test)
length = bitstream_finalise (&stream);
cp_secu_aes_set_encrypt_key (&aes, dak);
- cp_secu_aes_cbc_encrypt (&aes, iv, input, output, length);
+ cp_secu_aes_cbc_encrypt ((cp_t *) &ctx, &aes, iv, input, output, length);
for (i = 0; i < sizeof(res) / 4; i ++)
{
@@ -151,7 +152,7 @@ test_case_cp_secu_aes_crypt (test_t test)
iv[3] = 0x10325476;
cp_secu_aes_set_decrypt_key (&aes, dak);
- cp_secu_aes_cbc_decrypt (&aes, iv, output, output, length);
+ cp_secu_aes_cbc_decrypt ((cp_t* ) &ctx, &aes, iv, output, output, length);
for (i = 0; i < sizeof(res) / 4; i ++)
{
@@ -165,6 +166,7 @@ test_case_cp_secu_aes_crypt (test_t test)
test_begin (test, "encrypt")
{
bitstream_t stream;
+ uint ctx;
cp_secu_aes_t aes;
u32 res [20] = {0xCA87A8A9, 0x31095349, 0xAD6073BB, 0x6184B222,
0x07B1AF9E, 0x6485318A, 0xD3D10BA9, 0xBDB729E6, 0x68628A00,
@@ -217,7 +219,7 @@ test_case_cp_secu_aes_crypt (test_t test)
length = bitstream_finalise (&stream);
cp_secu_aes_set_encrypt_key (&aes, dak);
- cp_secu_aes_cbc_encrypt (&aes, iv, (u32 *) (((u8*) input2) + 1),
+ cp_secu_aes_cbc_encrypt ((cp_t *) &ctx, &aes, iv, (u32 *) (((u8*) input2) + 1),
(u32 *) (((u8*) output2) + 1), length);
bitstream_read_init (&stream, ((u8*)output2) + 1, 1517);
@@ -233,7 +235,7 @@ test_case_cp_secu_aes_crypt (test_t test)
iv[3] = 0x10325476;
cp_secu_aes_set_decrypt_key (&aes, dak);
- cp_secu_aes_cbc_decrypt (&aes, iv, (u32 *) (((u8*) output2) + 1),
+ cp_secu_aes_cbc_decrypt ((cp_t *) &ctx, &aes, iv, (u32 *) (((u8*) output2) + 1),
(u32 *) (((u8*) output2) + 1), length);
for (i = 0; i < sizeof(res) / 4; i ++)