• State Resolved
  • Locked Locked
  • Replies 5 replies
  • Subscribers 98 subscribers
  • Views 1215 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

Linux/AM4378: AES examples

Linux/AM4378: AES encrypt issues

cobsonchael
Mastermind 7930 points

Part Number: AM4378

Tool/software: Linux

when i try to encrypt i get:

Program received signal SIGSEGV, Segmentation fault.
0xb6e850c4 in EVP_EncryptUpdate () from /opt/ti-processor-sdk-linux-am437x-evm-04.03.00.05/targetNFS/usr/lib/libcrypto.so.1.0.0



some background:

I am developing on an EVM board for the AM4378. I am new to linux and linux development. my dev machine is running ubuntu 16.04. the libraries i have linked in are "ssl" and "crypto". i am sure i forgot something

i found the code for AES as an example project in the SDK folder, so i took what we needed. when i left it at cbc cryptography everything seemed to be working fine, when i switched it to ebc (and nothing else) it crashed on me.

i found this website and it doesn't seem to show anything different in the way i am doing things:

https://github.com/rockyxshen/block_...er/aescipher.c



so am i missing something in the setup? something else entirely? there isn't a whole lot of documentation on how any of this works that i could find so i am a bit at a loss.

here is my code: (the key comes from somewhere else, 32 bytes)

EVP_CIPHER_CTX en, de;

void aes_init(void)
{
/****************Enabling use of a hardware engine******************/
    ENGINE *e;

    ENGINE_load_builtin_engines();
    if (!(e = ENGINE_by_id("cryptodev")))
        fprintf(stderr, "Error finding specified ENGINE\n");
    else if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
        fprintf(stderr, "Error using ENGINE\n");
    else
        fprintf(stderr, "Engine successfully enabled\n");
/*******************************************************************/



  EVP_CIPHER_CTX_init(&en);
  EVP_EncryptInit_ex(&en, EVP_aes_256_ecb(), e, AesKey, NULL);  //sets up cipher context e_ctx for encryption with aes_256_ecb cipher type
  EVP_CIPHER_CTX_init(&de);
  EVP_DecryptInit_ex(&de, EVP_aes_256_ecb(), e, AesKey, NULL);  //sets up cipher context d_ctx for decryption with aes_256_ecb cipher type

 /* Release the structural reference from ENGINE_by_id() */
 ENGINE_free(e);
}

/********************************************************************
*   AES encryption function
*********************************************************************/
int aes_encrypt(unsigned char *input, unsigned char *output, unsigned int len)
{
  int c_len = 0;
  int ret_len = 0;
  int EncLen = 0;

  EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL);

  //encryption works on factors of 16, if there are any stragglers we have to round up to a x16 value
  if((len & 0x0F) != 0)
  {
      EncLen = (len & 0xFFF0) + 0x10;
  }
  else
  {
      EncLen = len;
  }

  EVP_EncryptUpdate(&en, output, &c_len, input, EncLen);
  ret_len = c_len;

  return ret_len;
}


/********************************************************************
*   AES decryption function
*********************************************************************/
int aes_decrypt(unsigned char *input, unsigned char *output, unsigned int len)
{
  int c_len = 0;
  int ret_len = 0;

  EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL);

  EVP_DecryptUpdate(&de, output, &c_len, input, len);
  ret_len = c_len;

  return ret_len;
}

/*********************************************************************
 *
 *********************************************************************/
void aes_close(void)
{
    EVP_CIPHER_CTX_cleanup(&en);
    EVP_CIPHER_CTX_cleanup(&de);
}

does anyone know if i need the additional "init" function calls before update and if i need the "final" function calls? i can't quite figure out what they do. the plan for this stuff is to constantly be encrypting and decrypting data on an open connection so it isn't planned to be a "one and done" deal.

thank you for any help you can give me

  • 0
    TI__Guru**** 174541 points
    Hi,

    Sorry, we don't support user space application development. I understand the Processor SDK provides the AES examples, which you use as an reference, but those examples are included in the SDKs since about 6 years ago, and actually never maintained afterwards to keep update with the crypto/ssl library changes. Those crypto examples will be removed from the coming Processor SDK release.
  • 0 in reply to Bin Liu
    Mastermind 7930 points
    so you have this nice feature that can help developers but you don't let them use it, is that correct? is there a reason why you don't support users developing with it? you obviously did at some point otherwise you wouldn't have provided an example project.

    FYI if i take the engine out of the equation and use NULL for e, encryption happens without issue so it is your engine that is causing failure (which i guess doesn't matter since you don't support it)
  • 0 in reply to cobsonchael
    TI__Guru**** 174541 points

    Now almost all crypto related operations can be done with openssl, so our crypto support scope is any issue which is reproduced with openssl, not with any other user space application. I don't know the story back in 6 years ago when those crypto examples were created, but the examples are removed in the future Processor SDKs and no longer supported.

    cobsonchael said:
    FYI if i take the engine out of the equation and use NULL for e, encryption happens without issue so it is your engine that is causing failure (which i guess doesn't matter since you don't support it)

    How exactly did you take out the engine? by "rmmod cryptodev" or "rmmod omap_aes_driver"? If removing omap_aes_drvier makes the issue disappears, I will ask you more details and I will take a look.

  • 0 in reply to Bin Liu
    Mastermind 7930 points

    if i remove "e" and initialize it like this:

    en = EVP_CIPHER_CTX_new();
  EVP_EncryptInit_ex(en, EVP_aes_256_ecb(), NULL, AesKey, NULL);  //sets up cipher context e_ctx for encryption with aes_256_ecb cipher type
  de = EVP_CIPHER_CTX_new();;
  EVP_DecryptInit_ex(de, EVP_aes_256_ecb(), NULL, AesKey, NULL);  //sets up cipher context d_ctx for decryption with aes_256_ecb cipher type

    which uses NULL instead of "e" it works

    does this code still use the cryptography engine even though i did not "load" it?

  • 0 in reply to cobsonchael
    TI__Guru**** 174541 points
    I don't do crypto application development, I cannot comment on that.

    Crypto in Linux has multiple layers to provide services to applications, user space libraries such as libcrypto/libssl, kernel crypto libraries, and kernel crypto hardware accelerations.

    AM437x devices have a crypto hardware accelerator, and the Processor SDK kernel has the kernel driver to enable the accelerator. We support any issue related to the accelerator and its drivers. For any other issue related to the libraries in user space or kernel, please ask the corresponding open source community for help.