Update AES integration of fortuna

* Use `aes_` based API instead of `rijndael_`, so we can profit from a potential hardware accelerated version of AES. * Add option to use 'encrypt_only' variant of AES inside fortuna Signed-off-by: Steffen Jaeckel <[email protected]>
libtom · Feb 26, 2024 · 0e12dbd · 0e12dbd
1 parent 090f527
commit 0e12dbd
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 30 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -34,24 +34,24 @@ jobs:
         cc: [ gcc, clang ]
         os: [ ubuntu-20.04, ubuntu-22.04 ]
         config:
-          - { BUILDNAME: 'META_BUILDS',          BUILDOPTIONS: '-DGMP_DESC',                                          BUILDSCRIPT: '.ci/meta_builds.sh' }
-          - { BUILDNAME: 'VALGRIND',             BUILDOPTIONS: '',                                                    BUILDSCRIPT: '.ci/valgrind.sh' }
-          - { BUILDNAME: 'STOCK',                BUILDOPTIONS: '',                                                    BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'STOCK-MPI',            BUILDOPTIONS: '-ULTM_DESC -UTFM_DESC -UUSE_LTM -UUSE_TFM',           BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'STOCK+AESNI',          BUILDOPTIONS: '-msse4.1 -maes',                                      BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'EASY',                 BUILDOPTIONS: '-DLTC_EASY',                                          BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'SMALL',                BUILDOPTIONS: '-DLTC_SMALL_CODE',                                    BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'NOTABLES',             BUILDOPTIONS: '-DLTC_NO_TABLES',                                     BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'SMALL+NOTABLES',       BUILDOPTIONS: '-DLTC_SMALL_CODE -DLTC_NO_TABLES',                    BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'NO_FAST',              BUILDOPTIONS: '-DLTC_NO_FAST',                                       BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'NO_FAST+NOTABLES',     BUILDOPTIONS: '-DLTC_NO_FAST -DLTC_NO_TABLES',                       BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'NO_ASM',               BUILDOPTIONS: '-DLTC_NO_ASM',                                        BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'NO_TIMING_RESISTANCE', BUILDOPTIONS: '-DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING', BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'PTHREAD',              BUILDOPTIONS: '-DLTC_PTHREAD',                                       BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'STOCK+ARGTYPE=1',      BUILDOPTIONS: '-DARGTYPE=1',                                         BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'STOCK+ARGTYPE=2',      BUILDOPTIONS: '-DARGTYPE=2',                                         BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'STOCK+ARGTYPE=3',      BUILDOPTIONS: '-DARGTYPE=3',                                         BUILDSCRIPT: '.ci/run.sh' }
-          - { BUILDNAME: 'STOCK+ARGTYPE=4',      BUILDOPTIONS: '-DARGTYPE=4',                                         BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'META_BUILDS',             BUILDOPTIONS: '-DGMP_DESC',                                                           BUILDSCRIPT: '.ci/meta_builds.sh' }
+          - { BUILDNAME: 'VALGRIND',                BUILDOPTIONS: '',                                                                     BUILDSCRIPT: '.ci/valgrind.sh' }
+          - { BUILDNAME: 'STOCK',                   BUILDOPTIONS: '',                                                                     BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'STOCK-MPI',               BUILDOPTIONS: '-ULTM_DESC -UTFM_DESC -UUSE_LTM -UUSE_TFM',                            BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'STOCK+AESNI',             BUILDOPTIONS: '-msse4.1 -maes',                                                       BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'EASY',                    BUILDOPTIONS: '-DLTC_EASY',                                                           BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'SMALL',                   BUILDOPTIONS: '-DLTC_SMALL_CODE',                                                     BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'NO_TABLES',               BUILDOPTIONS: '-DLTC_NO_TABLES',                                                      BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'NO_FAST',                 BUILDOPTIONS: '-DLTC_NO_FAST',                                                        BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'NO_FAST+SMALL+NO_TABLES', BUILDOPTIONS: '-DLTC_NO_FAST -DLTC_SMALL_CODE -DLTC_NO_TABLES',                       BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'NO_ASM',                  BUILDOPTIONS: '-DLTC_NO_ASM',                                                         BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'NO_TIMING_RESISTANCE',    BUILDOPTIONS: '-DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING',                  BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'FORTUNA_CUSTOM_OPTIONS',  BUILDOPTIONS: '-DLTC_FORTUNA_USE_ENCRYPT_ONLY -DLTC_FORTUNA_RESEED_RATELIMIT_STATIC', BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'PTHREAD',                 BUILDOPTIONS: '-DLTC_PTHREAD',                                                        BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'STOCK+ARGTYPE=1',         BUILDOPTIONS: '-DARGTYPE=1',                                                          BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'STOCK+ARGTYPE=2',         BUILDOPTIONS: '-DARGTYPE=2',                                                          BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'STOCK+ARGTYPE=3',         BUILDOPTIONS: '-DARGTYPE=3',                                                          BUILDSCRIPT: '.ci/run.sh' }
+          - { BUILDNAME: 'STOCK+ARGTYPE=4',         BUILDOPTIONS: '-DARGTYPE=4',                                                          BUILDSCRIPT: '.ci/run.sh' }
     steps:
       - uses: actions/checkout@v2
       - name: install dependencies

diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h
@@ -375,9 +375,9 @@
 
 /* with non-glibc or glibc 2.17+ prefer clock_gettime over gettimeofday */
 #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
-#if __GLIBC_PREREQ(2, 17)
-  #define LTC_CLOCK_GETTIME
-#endif
+   #if __GLIBC_PREREQ(2, 17)
+      #define LTC_CLOCK_GETTIME
+   #endif
 #elif defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L
   #define LTC_CLOCK_GETTIME
 #endif
@@ -407,6 +407,11 @@
 #define LTC_FORTUNA_POOLS 32
 #endif
 
+/* at compile time you can decide whether fortuna uses the regular AES APIs
+ * or whether it will use the 'encrypt_only' variants.
+ * This is useful for custom builds of libtomcrypt for size-constrained targets. */
+/* #define LTC_FORTUNA_USE_ENCRYPT_ONLY */
+
 #endif /* LTC_FORTUNA */
 
 

diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c
@@ -315,9 +315,12 @@ const char *crypt_build_settings =
 #if defined(LTC_FORTUNA)
     "   Fortuna (" NAME_VALUE(LTC_FORTUNA_POOLS) ", "
 #if defined(LTC_FORTUNA_RESEED_RATELIMIT_TIMED)
-    "LTC_FORTUNA_RESEED_RATELIMIT_TIMED, "
+    "LTC_FORTUNA_RESEED_RATELIMIT_TIMED"
 #else
     "LTC_FORTUNA_RESEED_RATELIMIT_STATIC, " NAME_VALUE(LTC_FORTUNA_WD)
+#endif
+#if defined(LTC_FORTUNA_USE_ENCRYPT_ONLY)
+    ", LTC_FORTUNA_USE_ENCRYPT_ONLY"
 #endif
     ")\n"
 #endif

diff --git a/src/prngs/fortuna.c b/src/prngs/fortuna.c
@@ -39,6 +39,18 @@ we reseed automatically when len(pool0) >= 64 or every LTC_FORTUNA_WD calls to t
    #error LTC_FORTUNA_POOLS must be in [4..32]
 #endif
 
+#ifdef LTC_FORTUNA_USE_ENCRYPT_ONLY
+#define AES_SETUP aes_enc_setup
+#define AES_ENC   aes_enc_ecb_encrypt
+#define AES_DONE  aes_enc_done
+#define AES_TEST  aes_enc_test
+#else
+#define AES_SETUP aes_setup
+#define AES_ENC   aes_ecb_encrypt
+#define AES_DONE  aes_done
+#define AES_TEST  aes_test
+#endif
+
 const struct ltc_prng_descriptor fortuna_desc = {
     "fortuna",
     64,
@@ -146,7 +158,7 @@ static int s_fortuna_reseed(prng_state *prng)
    if ((err = sha256_done(&md, prng->u.fortuna.K)) != CRYPT_OK) {
       return err;
    }
-   if ((err = rijndael_setup(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey)) != CRYPT_OK) {
+   if ((err = AES_SETUP(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey)) != CRYPT_OK) {
       return err;
    }
    s_fortuna_update_iv(prng);
@@ -236,7 +248,7 @@ int fortuna_start(prng_state *prng)
 
    /* reset bufs */
    zeromem(prng->u.fortuna.K, 32);
-   if ((err = rijndael_setup(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey)) != CRYPT_OK) {
+   if ((err = AES_SETUP(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey)) != CRYPT_OK) {
       for (x = 0; x < LTC_FORTUNA_POOLS; x++) {
           sha256_done(&prng->u.fortuna.pool[x], tmp);
       }
@@ -395,27 +407,27 @@ unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state
    /* handle whole blocks without the extra XMEMCPY */
    while (outlen >= 16) {
       /* encrypt the IV and store it */
-      rijndael_ecb_encrypt(prng->u.fortuna.IV, out, &prng->u.fortuna.skey);
+      AES_ENC(prng->u.fortuna.IV, out, &prng->u.fortuna.skey);
       out += 16;
       outlen -= 16;
       s_fortuna_update_iv(prng);
    }
 
    /* left over bytes? */
    if (outlen > 0) {
-      rijndael_ecb_encrypt(prng->u.fortuna.IV, tmp, &prng->u.fortuna.skey);
+      AES_ENC(prng->u.fortuna.IV, tmp, &prng->u.fortuna.skey);
       XMEMCPY(out, tmp, outlen);
       s_fortuna_update_iv(prng);
    }
 
    /* generate new key */
-   rijndael_ecb_encrypt(prng->u.fortuna.IV, prng->u.fortuna.K   , &prng->u.fortuna.skey);
+   AES_ENC(prng->u.fortuna.IV, prng->u.fortuna.K   , &prng->u.fortuna.skey);
    s_fortuna_update_iv(prng);
 
-   rijndael_ecb_encrypt(prng->u.fortuna.IV, prng->u.fortuna.K+16, &prng->u.fortuna.skey);
+   AES_ENC(prng->u.fortuna.IV, prng->u.fortuna.K+16, &prng->u.fortuna.skey);
    s_fortuna_update_iv(prng);
 
-   if (rijndael_setup(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey) != CRYPT_OK) {
+   if (AES_SETUP(prng->u.fortuna.K, 32, 0, &prng->u.fortuna.skey) != CRYPT_OK) {
       tlen = 0;
    }
 
@@ -512,7 +524,7 @@ int fortuna_test(void)
    if ((err = sha256_test()) != CRYPT_OK) {
       return err;
    }
-   return rijndael_test();
+   return AES_TEST();
 #endif
 }