Comments (5)
victor-dumas
commented on July 18, 2024
1
Thank you for your help. I was mixing up the auth argument for the TAG.
What I should have done is :
int Encryption::aes_encrypt_hw_cryptodev(uint8_t* message, size_t size)
{
int status = aes_gcm_encrypt(&_ctx, _iv.data(), nullptr, 0, message, message, size);
memcpy(message + size + GCM_TAG_SIZE, _iv.data(), IV_SIZE);
return status;
}from cryptodev-linux.
cristian-stoica
commented on July 18, 2024
Do you suspect a regression? Are you able to verify with older kernels or older cryptodev releases?
from cryptodev-linux.
victor-dumas
commented on July 18, 2024
I was able to test 1.12 and 1.13 under Debian 11 (Linux 5.10) and 1.13 and master under a custom Linux OS (Buildroot 2022 - Linux 5.15). Every test gives me the same tag. Either I'm doing something wrong or the tag is not calculated the same way in the python implementation and in Linux.
from cryptodev-linux.
victor-dumas
commented on July 18, 2024
I tested quickly with openssl:
int main(int ac, char **av, char **ae)
{
const EVP_CIPHER *cipher;
//unsigned char key[32];
int len;
unsigned char tag[16];
unsigned char key[] = {0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31};//av[1];
unsigned char iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b};
unsigned char data[] = {0x0,0x1,0x2,0x3,0x4,0x5,0x6,0x7,0x8,0x9,0xa,0xb,0xc,0xd,0xe,0xf,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b};
ERR_load_crypto_strings();
//encrypt
ctx = EVP_CIPHER_CTX_new();
cipher = EVP_aes_256_gcm();
EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, sizeof(iv), NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv);
len = sizeof(data);
int h=0;
EVP_EncryptUpdate(ctx, data, &len, data, len);
EVP_EncryptFinal(ctx, tag, &h);
printf("DATA:");
for (int i = 0; i < sizeof(data); ++i)
printf("%02X,", data[i]);
printf("\n");
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
printf("TAG:");
for (int i = 0; i < sizeof(tag); ++i)
printf("%02X,", tag[i]);
printf("\n");
//decrypt
ctx = EVP_CIPHER_CTX_new();
EVP_DecryptInit (ctx, cipher, key, iv);
EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
EVP_DecryptInit (ctx, NULL, key, iv);
EVP_DecryptUpdate (ctx, data, &h, data, len);
printf("DATA:");
for (int i = 0; i < sizeof(data); ++i)
printf("%02X,", data[i]);
printf("\n");
int dec_success = EVP_DecryptFinal (ctx, data, &h);
printf("TAG: %d\n", dec_success);
fflush(stdout);
freeCrypto();
return 0;
}And this results in:
DATA:FA,1B,10,B6,99,EC,4B,53,4E,62,F5,19,B0,45,12,1B,87,03,FF,CC,4B,BF,ED,CF,30,FE,32,63,2D,B4,74,2C,4C,30,9D,4C,71,C9,96,C0,15,1E,B2,B6,DB,D9,4F,77,40,95,FD,0A,82,3E,81,62,D2,E0,87,50,
TAG:5E,E3,02,88,05,E7,16,12,02,CB,6D,CD,AC,77,A1,55,
DATA:00,01,02,03,04,05,06,07,08,09,0A,0B,0C,0D,0E,0F,10,11,12,13,14,15,16,17,18,19,1A,1B,1C,1D,1E,1F,20,21,22,23,24,25,26,27,28,29,2A,2B,2C,2D,2E,2F,30,31,32,33,34,35,36,37,38,39,3A,3B,
TAG: 1
Which is the same as both python implementations. I already tried using openssl but it is too slow in my application compared to cryptodev.
I'm not sure how to use cryptodev through openssl though.
from cryptodev-linux.
cristian-stoica
commented on July 18, 2024
You can find a relevant example in tests/cipher-gcm.c. I've patched it with your data and the results are as expected. Remember to change keylen to 32 in test_cipher:
struct aes_gcm_vectors_st aes_gcm_vectors[] = {
{
.key = (uint8_t *)"\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x30\x31",
.auth = NULL,
.auth_size = 0,
.plaintext = (uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\xa\xb\xc\xd\xe\xf\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b",
.plaintext_size = 60,
.ciphertext = (uint8_t *)"\xFA\x1B\x10\xB6\x99\xEC\x4B\x53\x4E\x62\xF5\x19\xB0\x45\x12\x1B\x87\x03\xFF\xCC\x4B\xBF\xED\xCF\x30\xFE\x32\x63\x2D\xB4\x74\x2C\x4C\x30\x9D\x4C\x71\xC9\x96\xC0\x15\x1E\xB2\xB6\xDB\xD9\x4F\x77\x40\x95\xFD\x0A\x82\x3E\x81\x62\xD2\xE0\x87\x50",
.iv = (uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b",
.tag = (uint8_t *)"\x5E\xE3\x02\x88\x05\xE7\x16\x12\x02\xCB\x6D\xCD\xAC\x77\xA1\x55"
}
};
I'm rusty on openssl and engines but you probably should do something in the following lines:
ERR_load_crypto_strings();
ENGINE *e = NULL;
int ret = 0;
if ((e = ENGINE_by_id("devcrypto")) == NULL) {
printf("cryptodev engine not found!\n\n");
} else {
ENGINE_set_default(e, ENGINE_METHOD_ALL);
ENGINE_init(e);
}
then use 'e' inside relevant functions. I couldn't make it work in your app though.
Openssl itself works with cryptodev if you build it (with "configure enable-devcryptoeng") and specify the engine in the command line (openssl speed for example etc).
from cryptodev-linux.
Related Issues (20)
- SSH with openssl "mux digest failed" HOT 5
- make fail: zc.c:80:8: error: too many arguments to function ‘get_user_pages_remote’ HOT 9
- Openembedded out of tree patches HOT 5
- OpenSSL patch website cannot be opened, where to find the patch please? HOT 3
- encrypt-then-mac in aead is more secure
- kle
- openssl_wrapper.c needs to be updated for openssl 3.0.0 HOT 3
- "possible circular locking dependency" warning HOT 3
- pgcrypto to use cryptodev HOT 2
- [OpenBMC] Kernel panic while running "openssl engine" within cryptodev-linux kernel module inserted HOT 1
- What's the supported kernel version list? HOT 2
- Unable to fetch URL from any source HOT 3
- No file to patch. Skipping patch. HOT 3
- module install HOT 1
- Cryptodev module fails to load with Unknown symbol errors HOT 1
- Cipher supports in cryptodev-linux HOT 2
- performance issue HOT 4
- the async mode is not truely async
- Phase 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cryptodev-linux.