• State Resolved
  • Locked Locked
  • Replies 19 replies
  • Subscribers 98 subscribers
  • Views 3444 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Linux/AM4378: AES examples

cobsonchael
Mastermind 7930 points
Part Number: AM4378
Other Parts Discussed in Thread: CCSTUDIO

Tool/software: Linux

i am having a hard time finding any code examples for using the TI drivers for the AES HW encryption.

i did find this: 

but it did not include any code examples.

  • 0
    TI__Guru**** 170625 points

    Hello,

    Check {PSDK}/example-applications/ti-crypto-examples-git/AES/

    http://software-dl.ti.com/processor-sdk-linux/esd/docs/latest/linux/Examples_and_Demos.html#cryptography

    Regards,
    Pavel

  • 0 in reply to Pavel Botev
    Mastermind 7930 points

    i did find that shortly after i posted. it seems to be what i am looking for.

    FYI i am using code composer in ubuntu 16.04

    2 things about adding in the code and libraries:

    1) now when i run my debug gdb session it doesn't automatically load to main. i get this output:

    GNU gdb (Linaro GDB) 7.8-2014.09

    Copyright (C) 2014 Free Software Foundation, Inc.

    License GPLv3+: GNU GPL version 3 or later <>

    This is free software: you are free to change and redistribute it.

    There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

    and "show warranty" for details.

    This GDB was configured as "--host=x86_64-arago-linux --target=arm-linux-gnueabi".

    Type "show configuration" for configuration details.

    For bug reporting instructions, please see:

    <>.

    Find the GDB manual and other documentation resources online at:

    <>.

    For help, type "help".

    Type "apropos word" to search for commands related to "word".

    0xb6fd79c0 in _start () from /opt/ti-processor-sdk-linux-am437x-evm-04.03.00.05/targetNFS/lib/ld-linux-armhf.so.3

    Program received signal SIGILL, Illegal instruction.

    Cannot access memory at address 0x0

    0xb6eef9a8 in ?? () from /opt/ti-processor-sdk-linux-am437x-evm-04.03.00.05/targetNFS/usr/lib/libcrypto.so.1.0.0

    and when i hit run THEN i hit my temporary breakpoint at main and then i run like i normall do

    2) i am trying to interface with an existing system so i need to be in ecb mode, when i do i get a crash every time when i try to encrypt where as when i tried it with cbc it worked fine. here is my failure message:

    Program received signal SIGSEGV, Segmentation fault.
    0xb6e850c4 in EVP_EncryptUpdate () from /opt/ti-processor-sdk-linux-am437x-evm-04.03.00.05/targetNFS/usr/lib/libcrypto.so.1.0.0

    here is my code:

    void aes_init(void)
{
/****************Enabling use of a hardware engine******************/
    ENGINE *e;

    ENGINE_load_builtin_engines();
    if (!(e = ENGINE_by_id("cryptodev")))
        fprintf(stderr, "Error finding specified ENGINE\n");
    else if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
        fprintf(stderr, "Error using ENGINE\n");
    else
        fprintf(stderr, "Engine successfully enabled\n");
/*******************************************************************/

  EVP_CIPHER_CTX_init(&en);
  EVP_EncryptInit_ex(&en, EVP_aes_256_ecb(), e, AesKey, NULL);  //sets up cipher context e_ctx for encryption with aes_256_ecb cipher type
  EVP_CIPHER_CTX_init(&de);
  EVP_DecryptInit_ex(&de, EVP_aes_256_ecb(), e, AesKey, NULL);  //sets up cipher context d_ctx for decryption with aes_256_ecb cipher type

 /* Release the structural reference from ENGINE_by_id() */
 ENGINE_free(e);
}

/********************************************************************
*   AES encryption function
*********************************************************************/
int aes_encrypt(unsigned char *input, unsigned char *output, unsigned int len)
{
  int c_len = 0;
  int ret_len = 0;
  int EncLen = 0;

  EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL);

  //encryption works on factors of 16, if there are any stragglers we have to round up to a x16 value
  if((len & 0x0F) != 0)
  {
      EncLen = (len & 0xFFF0) + 0x10;
  }
  else
  {
      EncLen = len;
  }

  EVP_EncryptUpdate(&en, output, &c_len, input, EncLen);
  ret_len = c_len;

  return ret_len;
}


/********************************************************************
*   AES decryption function
*********************************************************************/
int aes_decrypt(unsigned char *input, unsigned char *output, unsigned int len)
{
  int c_len = 0;
  int ret_len = 0;

  EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL);

  EVP_DecryptUpdate(&de, output, &c_len, input, len);
  ret_len = c_len;

  return ret_len;
}

  • 0 in reply to cobsonchael
    TI__Guru**** 170625 points
    Hello,

    Regarding GDB issue, make sure you are using Linaro GCC toolchain 6.2.1 2016.11 hard-float.

    See also below pointers:

    software-dl.ti.com/.../Foundational_Components.html
    software-dl.ti.com/.../Foundational_Components.html

    processors.wiki.ti.com/.../Processor_SDK_Linux_Training:_Hands_on_with_the_Linux_SDK

    You can also check how GDB is used for Qt application examples:

    software-dl.ti.com/.../Examples_and_Demos.html

    Regards,
    Pavel
  • 0 in reply to Pavel Botev
    Mastermind 7930 points
    so i've been to a lot of places for the toolchain you listed and i can't seem to find it. even when i try to update through code composer it only gives me the option of 6.3

    how do i get that version of linaro? i am using version:

    Using built-in specs.
    COLLECT_GCC=gcc
    COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/5/lto-wrapper
    Target: x86_64-linux-gnu
    Configured with: ../src/configure -v --with-pkgversion='Ubuntu 5.4.0-6ubuntu1~16.04.9' --with-bugurl=file:///usr/share/doc/gcc-5/README.Bugs --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-5 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-5-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-5-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-5-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
    Thread model: posix
    gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9)

    cpe@uti-cpelnx-01:Downloads$ gcc --version
    gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609
    Copyright (C) 2015 Free Software Foundation, Inc.
    This is free software; see the source for copying conditions. There is NO
    warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  • 0 in reply to cobsonchael
    Mastermind 7930 points
    any word on how i get this version of linaro?
  • 0 in reply to cobsonchael
    TI__Guru**** 170625 points

    Linaro GCC toolchain 6.2.1 2016.11 hard-float comes with AM437x PSDK v4.03:

    ti-processor-sdk-linux-am437x-evm-04.03.00.05/linux-devkit/sysroots/x86_64-arago-linux/usr/bin/arm-linux-gnueabihf-gcc-6.2.1

    Or you can download it separate from PSDK from below location:

    releases.linaro.org/.../gcc-linaro-6.2.1-2016.11-x86_64_arm-linux-gnueabihf.tar.xz

    Refer also to below links for more info regarding cross compile applications with GCC ARM Linaro toolchain.

    Regards,
    Pavel

  • 0 in reply to cobsonchael
    TI__Guru**** 170625 points

    cobsonchael said:

    2) i am trying to interface with an existing system so i need to be in ecb mode, when i do i get a crash every time when i try to encrypt where as when i tried it with cbc it worked fine. here is my failure message:

    Program received signal SIGSEGV, Segmentation fault.
    0xb6e850c4 in EVP_EncryptUpdate () from /opt/ti-processor-sdk-linux-am437x-evm-04.03.00.05/targetNFS/usr/lib/libcrypto.so.1.0.0

    From what I can find, only AES CBC mode is implemented in PSDK/example-applications/ti-crypto-examples-git/AES/

    You should modify that application to add ECB support also.

    Can you provide what is your output of the below command?

    root@am437x-evm:~# openssl help

    See also below e2e thread regarding ECB testing from user space:

    e2e.ti.com/.../2257403

    Regards,
    Pavel

  • 0 in reply to Pavel Botev
    Mastermind 7930 points
    so i have that SDK installed so that is the version i am using, i would imagine.

    so why do i get the start up error? any ideas?
  • 0 in reply to Pavel Botev
    Mastermind 7930 points
    i did take from that project and it is crashing, as stated in other replies in this post

    output from the command:
    openssl:Error: 'help' is an invalid command.

    Standard commands
    asn1parse ca ciphers cms
    crl crl2pkcs7 dgst dh
    dhparam dsa dsaparam ec
    ecparam enc engine errstr
    gendh gendsa genpkey genrsa
    nseq ocsp passwd pkcs12
    pkcs7 pkcs8 pkey pkeyparam
    pkeyutl prime rand req
    rsa rsautl s_client s_server
    s_time sess_id smime speed
    spkac srp ts verify
    version x509

    Message Digest commands (see the `dgst' command for more details)
    md4 md5 mdc2 rmd160
    sha sha1

    Cipher commands (see the `enc' command for more details)
    aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
    aes-256-cbc aes-256-ecb base64 bf
    bf-cbc bf-cfb bf-ecb bf-ofb
    camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
    camellia-256-cbc camellia-256-ecb cast cast-cbc
    cast5-cbc cast5-cfb cast5-ecb cast5-ofb
    des des-cbc des-cfb des-ecb
    des-ede des-ede-cbc des-ede-cfb des-ede-ofb
    des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
    des-ofb des3 desx idea
    idea-cbc idea-cfb idea-ecb idea-ofb
    rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
    rc2-cfb rc2-ecb rc2-ofb rc4
    rc4-40 seed seed-cbc seed-cfb
    seed-ecb seed-ofb
  • 0 in reply to cobsonchael
    TI__Guru**** 170625 points
    Make sure you have the below message during kernel boot up:

    omap-aes 53500000.aes: OMAP AES hw accel rev: 3.2

    Then when boot up, check with lsmod command that you have cryptodev.ko module inserted.

    The AES crypto linux kernel driver support ECB mode. You should modify the example application to use ECB mode instead of CBC mode. But application development support is out of scope of this forum, as explained in below e2e thread.

    e2e.ti.com/.../700399

    Regards,
    Pavel
  • 0 in reply to Pavel Botev
    Mastermind 7930 points
    this is what i get during boot up:

    [ 16.567601] omap-aes 53501000.aes: OMAP AES hw accel rev: 0.1
    [ 16.629198] omap-aes 53501000.aes: will run requests pump with realtime prioy

    cryptodev is running

    well i don't think my version supports ecb mode because i did exactly as you said and it crashes when i encrypt
  • 0 in reply to cobsonchael
    TI__Guru**** 170625 points
    From what I can see in the linux kernel crypto aes driver, it support ECB, CBC and CTR mode:

    linux-4.9.69/drivers/crypto/omap-aes.c

    Then is up to your application to use that driver properly.

    I also found some e2e threads that state AES ECB mode is supported in kernel driver:

    e2e.ti.com/.../502960
    e2e.ti.com/.../213506
    e2e.ti.com/.../399382
    e2e.ti.com/.../593413
    e2e.ti.com/.../552876
    e2e.ti.com/.../423611
    e2e.ti.com/.../407247

    Regards,
    Pavel
  • 0 in reply to Pavel Botev
    Mastermind 7930 points
    i'm sure it supports it but mine crashes, so either my version of the AES hardware (version 0.1) has issues or there is some problem with the way i am initializing my code which you guys won't help me with since it isn't supported.

    but according to Matthijs van Duin it doesn't matter anyway because, as he claims, the software implementation is faster for smaller data sets so it looks like i will just do that
  • 0
    Mastermind 7930 points

    Part Number: AM4378

    Tool/software: Linux

    so when i start the GDBServer and start my debug configuration in code composer i get this error before i even attempt to run any code:

    Program received signal SIGILL, Illegal instruction.
    Cannot access memory at address 0x0
    0xb6f4b9a8 in ?? () from /opt/ti-processor-sdk-linux-am437x-evm-04.03.00.05/targetNFS/usr/lib/libcrypto.so.1.0.0

    if i try to run from this point i will make it to the temporary breakpoint in main i expected to hit initially. from there i am able to run my program.

    if i do not include crypto and ssl libraries it starts at main no problem. 

    in the related thread  stated i should be using "Linaro GCC toolchain 6.2.1 2016.11 hard-float" which comes with the SDK 4.03.0.05, which i have installed. so it should be used, right?

    did i miss something i needed to add when i added in the libraries?

  • 0 in reply to cobsonchael
    TI__Guru**** 170625 points

    cobsonchael said:

    so when i start the GDBServer and start my debug configuration in code composer i get this error before i even attempt to run any code:

    Program received signal SIGILL, Illegal instruction.
    Cannot access memory at address 0x0
    0xb6f4b9a8 in ?? () from /opt/ti-processor-sdk-linux-am437x-evm-04.03.00.05/targetNFS/usr/lib/libcrypto.so.1.0.0

    This might be a SW bug if your application. Can you reproduce this issue with the example applications that are coming with PSDK package? See also below e2e thread:

    Make sure also you are align with below instructions when using GDBServer:

    cobsonchael said:
    in the related thread  stated i should be using "Linaro GCC toolchain 6.2.1 2016.11 hard-float" which comes with the SDK 4.03.0.05, which i have installed. so it should be used, right?

    From what I understand you are building your application from within CCStudio. Make sure for cross compiler path you have "<SDK INSTALL DIR>/linux-devkit/sysroot/x86_64-arago-linux/usr/bin" and for cross compiler prefix you have "arm-linux-gnueabihf-"

    http://software-dl.ti.com/processor-sdk-linux/esd/docs/latest/linux/Foundational_Components.html#ccs-compiling

    Regards,
    Pavel

  • 0 in reply to Pavel Botev
    Mastermind 7930 points

    yes it does it for the AES example project as well. i don't see how it would be a software problem on my end when it happens before i even get to main.

    my cross compiler is set to the right values

  • 0 in reply to cobsonchael
    TI__Guru**** 170625 points
    cobsonchael,

    software-dl.ti.com/.../Foundational_Components.html

    "Its important that the debug version of the executable is built."

    It seems that AES example has only Release option, there is no debug option. That might be the root cause. Can you try with {SDK}/example-applications/am-sysinfo-git/mem_util project (as there is Debug version), are you able to start GDBServer? If yes, you will need to create Debug version of you project, similar to mem_util project.

    Regards,
    Pavel
  • 0 in reply to Pavel Botev
    Mastermind 7930 points

    my project is in debug. i haven't built it in release yet

  • 0 in reply to cobsonchael
    TI__Guru**** 170625 points
    Cobsonchael,

    Do you observe the same GDBserver issue with "helloworld" and/or "mem_util" debug projects?

    "0xb6f4b9a8 in ?? () from /opt/ti-processor-sdk-linux-am437x-evm-04.03.00.05/targetNFS/usr/lib/libcrypto.so.1.0.0"

    Do you use Ethernet connection? If yes, do you mount and use your rootfs through ethernet? Can you provide console log of booting?

    Regards,
    Pavel