Hi,
When building master as of today with:
make PLATFORM=vexpress PLATFORM_FLAVOR=juno CFG_CRYPTOLIB_NAME=mbedtls CFG_CRYPTOLIB_DIR=lib/libmbedtls
I get the following build failure:
core/lib/libtomcrypt/aes_accel.c: In function ‘aes_ctr_encrypt_nblocks’: core/lib/libtomcrypt/aes_accel.c:182:21: error: ‘CTR_COUNTER_LITTLE_ENDIAN’ undeclared (first use in this function) 182 | if (mode == CTR_COUNTER_LITTLE_ENDIAN) {
I can fix the build with:
diff --git a/core/lib/libtomcrypt/src/headers/tomcrypt_cipher.h b/core/lib/libtomcrypt/src/headers/tomcrypt_cipher.h index aa94698de..760aa70e1 100644 --- a/core/lib/libtomcrypt/src/headers/tomcrypt_cipher.h +++ b/core/lib/libtomcrypt/src/headers/tomcrypt_cipher.h @@ -925,12 +925,12 @@ int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc); int cbc_done(symmetric_CBC *cbc); #endif
-#ifdef LTC_CTR_MODE - #define CTR_COUNTER_LITTLE_ENDIAN 0x0000 #define CTR_COUNTER_BIG_ENDIAN 0x1000 #define LTC_CTR_RFC3686 0x2000
+#ifdef LTC_CTR_MODE + int ctr_start( int cipher, const unsigned char *IV, const unsigned char *key, int keylen,
------------------
Does this look like a proper fix ? If so, can I send patches to the mailing list, or do I need to go via a github pull-request ?
Regards Jacob
Hi Jacob,
On Mon, May 27, 2024 at 2:59 PM Jacob Kroon Jacob.Kroon@axis.com wrote:
Hi,
When building master as of today with:
make PLATFORM=vexpress PLATFORM_FLAVOR=juno CFG_CRYPTOLIB_NAME=mbedtls CFG_CRYPTOLIB_DIR=lib/libmbedtls
I get the following build failure:
core/lib/libtomcrypt/aes_accel.c: In function ‘aes_ctr_encrypt_nblocks’: core/lib/libtomcrypt/aes_accel.c:182:21: error: ‘CTR_COUNTER_LITTLE_ENDIAN’ undeclared (first use in this function) 182 | if (mode == CTR_COUNTER_LITTLE_ENDIAN) {
I can fix the build with:
diff --git a/core/lib/libtomcrypt/src/headers/tomcrypt_cipher.h b/core/lib/libtomcrypt/src/headers/tomcrypt_cipher.h index aa94698de..760aa70e1 100644 --- a/core/lib/libtomcrypt/src/headers/tomcrypt_cipher.h +++ b/core/lib/libtomcrypt/src/headers/tomcrypt_cipher.h @@ -925,12 +925,12 @@ int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc); int cbc_done(symmetric_CBC *cbc); #endif
-#ifdef LTC_CTR_MODE
#define CTR_COUNTER_LITTLE_ENDIAN 0x0000 #define CTR_COUNTER_BIG_ENDIAN 0x1000 #define LTC_CTR_RFC3686 0x2000
+#ifdef LTC_CTR_MODE
int ctr_start( int cipher, const unsigned char *IV, const unsigned char *key, int keylen,
Does this look like a proper fix ? If so, can I send patches to the mailing list, or do I need to go via a github pull-request ?
Thanks for reporting the error. The fix looks easy, but I'm not sure it's the right one. I think the problem is in core/lib/libtomcrypt/aes_accel.c, if _CFG_CORE_LTC_CTR isn't y (or LTC_CTR_MODE undefined) then I suppose that aes_ctr_encrypt_nblocks() shouldn't be provided either.
Anyway, patches are best sent as a github pull-request. Issues on github tend to reach a broader audience, but there's nothing wrong with discussing them here if you prefer that.
Cheers, Jens
Hi Jens,
On 5/28/24 10:51, Jens Wiklander wrote: <cut>
Thanks for reporting the error. The fix looks easy, but I'm not sure it's the right one. I think the problem is in core/lib/libtomcrypt/aes_accel.c, if _CFG_CORE_LTC_CTR isn't y (or LTC_CTR_MODE undefined) then I suppose that aes_ctr_encrypt_nblocks() shouldn't be provided either.
Anyway, patches are best sent as a github pull-request. Issues on github tend to reach a broader audience, but there's nothing wrong with discussing them here if you prefer that.
Ok, how about instead doing something along the lines of the patch below ?
diff --git a/core/lib/libtomcrypt/aes_accel.c b/core/lib/libtomcrypt/aes_accel.c index 5b622e58a..cc667795a 100644 --- a/core/lib/libtomcrypt/aes_accel.c +++ b/core/lib/libtomcrypt/aes_accel.c @@ -170,6 +170,7 @@ static int aes_cbc_decrypt_nblocks(const unsigned char *ct, unsigned char *pt, return CRYPT_OK; }
+#ifdef LTC_CTR_MODE static int aes_ctr_encrypt_nblocks(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey) @@ -189,6 +190,7 @@ static int aes_ctr_encrypt_nblocks(const unsigned char *pt, unsigned char *ct,
return CRYPT_OK; } +#endif
static int aes_xts_encrypt_nblocks(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *tweak, @@ -245,7 +247,9 @@ const struct ltc_cipher_descriptor aes_desc = { .accel_ecb_decrypt = aes_ecb_decrypt_nblocks, .accel_cbc_encrypt = aes_cbc_encrypt_nblocks, .accel_cbc_decrypt = aes_cbc_decrypt_nblocks, +#ifdef LTC_CTR_MODE .accel_ctr_encrypt = aes_ctr_encrypt_nblocks, +#endif .accel_xts_encrypt = aes_xts_encrypt_nblocks, .accel_xts_decrypt = aes_xts_decrypt_nblocks, };
Regards Jacob
Hi Jacob,
On Wed, May 29, 2024 at 8:33 AM Jacob Kroon jacob.kroon@axis.com wrote:
Hi Jens,
On 5/28/24 10:51, Jens Wiklander wrote:
<cut> > Thanks for reporting the error. The fix looks easy, but I'm not sure > it's the right one. I think the problem is in > core/lib/libtomcrypt/aes_accel.c, if _CFG_CORE_LTC_CTR isn't y (or > LTC_CTR_MODE undefined) then I suppose that aes_ctr_encrypt_nblocks() > shouldn't be provided either. > > Anyway, patches are best sent as a github pull-request. Issues on > github tend to reach a broader audience, but there's nothing wrong > with discussing them here if you prefer that. >
Ok, how about instead doing something along the lines of the patch below ?
diff --git a/core/lib/libtomcrypt/aes_accel.c b/core/lib/libtomcrypt/aes_accel.c index 5b622e58a..cc667795a 100644 --- a/core/lib/libtomcrypt/aes_accel.c +++ b/core/lib/libtomcrypt/aes_accel.c @@ -170,6 +170,7 @@ static int aes_cbc_decrypt_nblocks(const unsigned char *ct, unsigned char *pt, return CRYPT_OK; }
+#ifdef LTC_CTR_MODE static int aes_ctr_encrypt_nblocks(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey) @@ -189,6 +190,7 @@ static int aes_ctr_encrypt_nblocks(const unsigned char *pt, unsigned char *ct,
return CRYPT_OK;} +#endif
static int aes_xts_encrypt_nblocks(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *tweak, @@ -245,7 +247,9 @@ const struct ltc_cipher_descriptor aes_desc = { .accel_ecb_decrypt = aes_ecb_decrypt_nblocks, .accel_cbc_encrypt = aes_cbc_encrypt_nblocks, .accel_cbc_decrypt = aes_cbc_decrypt_nblocks, +#ifdef LTC_CTR_MODE .accel_ctr_encrypt = aes_ctr_encrypt_nblocks, +#endif .accel_xts_encrypt = aes_xts_encrypt_nblocks, .accel_xts_decrypt = aes_xts_decrypt_nblocks, };
Yes, it makes sense. Please submit a PR for further review.
Cheers, Jens
op-tee@lists.trustedfirmware.org
-
Jacob Kroon -
Jacob Kroon
-
Jens Wiklander