Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NEED HELP To Implement OpenSSL Compliant Encryption On FPGA #212

Open
bornlibra23 opened this issue Feb 24, 2025 · 3 comments
Open

NEED HELP To Implement OpenSSL Compliant Encryption On FPGA #212

bornlibra23 opened this issue Feb 24, 2025 · 3 comments

Comments

@bornlibra23
Copy link

Reference:
https://github.com/Xilinx/Vitis_Libraries/blob/main/security/L1/include/xf_security/gcm.hpp

TLDR:
Current implementation expects & reuses the IV with each call. I need to to work more like OpenSSL where it can mutate the IV for subsequent calls.

Details:
The current implementation of aes256GcmEncrypt & aes256GcmDecrypt are single shot functions unsuitable for implementing OpenSSL compliant encryption on successive blocks of data. They behave similar to aes_gcm_encrypt & aes_gcm_decrypt in https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/demos/evp/aesgcm.c

I need them to work like EVP_EncryptUpdate & EVP_DecryptUpdate in OpenSSL
Here is my production tested wrapper code:

#include <openssl11/openssl/evp.h>
class crypto
{
    using cryptoKey_t = char[32];
    using cryptoIV_t = char[16];
    cryptoKey_t cryptoKey;
    cryptoIV_t cryptoIV;

    EVP_CIPHER_CTX *enc_ctx;
    EVP_CIPHER_CTX *dec_ctx;

    public:
        bool initialize(cryptoKey_t cryptoKey, cryptoIV_t cryptoIV, uint8_t ivLength);
        bool encrypt(const unsigned char *plainText, int plainTextLength, unsigned char *cipherText, int& cipherTextLength);
        bool decrypt(const unsigned char *cipherText, int cipherTextLength, unsigned char *plainText, int& plainTextLength);
};

bool crypto::initialize(cryptoKey_t cryptoKey, cryptoIV_t cryptoIV, uint8_t ivLength)
{
    enc_ctx = EVP_CIPHER_CTX_new();
    EVP_EncryptInit_ex(enc_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
    EVP_CIPHER_CTX_ctrl(enc_ctx, EVP_CTRL_GCM_SET_IVLEN, ivLength, NULL);
    EVP_EncryptInit_ex(enc_ctx, NULL, NULL, reinterpret_cast<const unsigned char*>(cryptoKey), reinterpret_cast<const unsigned char*>(cryptoIV));

    dec_ctx = EVP_CIPHER_CTX_new();
    EVP_DecryptInit_ex(dec_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
    EVP_CIPHER_CTX_ctrl(dec_ctx, EVP_CTRL_GCM_SET_IVLEN, ivLength, NULL);
    EVP_DecryptInit_ex(dec_ctx, NULL, NULL, reinterpret_cast<const unsigned char*>(cryptoKey), reinterpret_cast<const unsigned char*>(cryptoIV));

    return(true);
}
bool crypto::encrypt(const unsigned char *plainText, int plainTextLength, unsigned char *cipherText, int& cipherTextLength)
{
    return(EVP_EncryptUpdate(enc_ctx, cipherText, &cipherTextLength, plainText, plainTextLength));
}
bool crypto::decrypt(const unsigned char *cipherText, int cipherTextLength, unsigned char *plainText, int& plainTextLength)
{
    return(EVP_DecryptUpdate(dec_ctx, plainText, &plainTextLength, cipherText, cipherTextLength));
}
@bornlibra23
Copy link
Author

I have managed to implement OpenSSL sequential compatibility for 16 byte messages. I need help with implementing for case involving residue bytes.

@bornlibra23
Copy link
Author

I have managed to implement OpenSSL sequential compatibility for variable byte messages. I need help with implementing test cases.

@bornlibra23
Copy link
Author

I have managed to implement OpenSSL sequential test cases. I need help with implementing the decryption logic & test cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bornlibra23