Improved key handling.

git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@12786 27425a3e-05d8-49a3-a47f-9c15f0e5edd8

os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c

@@ -86,6 +86,8 @@ static inline void cryp_set_key_encrypt(CRYDriver *cryp, uint32_t algomode) {
   cr &= ~(CRYP_CR_KEYSIZE_Msk | CRYP_CR_ALGOMODE_Msk | CRYP_CR_ALGODIR_Msk);
   cr |= cryp->cryp_ksize | algomode | CRYP_CR_CRYPEN;
   CRYP->CR = cr;
+
+  cryp->cryp_ktype = cryp_key_aes_encrypt;
 }
 
 /**
@@ -107,6 +109,8 @@ static inline void cryp_set_key_decrypt(CRYDriver *cryp, uint32_t algomode) {
   cr &= ~(CRYP_CR_KEYSIZE_Msk | CRYP_CR_ALGOMODE_Msk | CRYP_CR_ALGODIR_Msk);
   cr |= cryp->cryp_ksize | algomode | CRYP_CR_ALGODIR | CRYP_CR_CRYPEN;
   CRYP->CR = cr;
+
+  cryp->cryp_ktype = cryp_key_aes_decrypt;
 }
 
 /**
@@ -447,6 +451,18 @@ void cry_lld_start(CRYDriver *cryp) {
 #endif
   }
 
+  /* Resetting trasient key data.*/
+  cryp->cryp_ktype = cryp_key_none;
+  cryp->cryp_ksize = 0U;
+  cryp->cryp_k[0]  = 0U;
+  cryp->cryp_k[1]  = 0U;
+  cryp->cryp_k[2]  = 0U;
+  cryp->cryp_k[3]  = 0U;
+  cryp->cryp_k[4]  = 0U;
+  cryp->cryp_k[5]  = 0U;
+  cryp->cryp_k[6]  = 0U;
+  cryp->cryp_k[7]  = 0U;
+
 #if STM32_CRY_USE_CRYP1
   /* CRYP setup.*/
   CRYP->CR    = CRYP_CR_DATATYPE_1;
@@ -594,7 +610,9 @@ cryerror_t cry_lld_encrypt_AES(CRYDriver *cryp,
   }
 
   /* Setting the stored key.*/
+  if (cryp->cryp_ktype != cryp_key_aes_encrypt) {
     cryp_set_key_encrypt(cryp, CRYP_CR_ALGOMODE_AES_ECB);
+  }
 
   /* Pushing the AES block in the FIFO, it is assumed to be empty.*/
   CRYP->DR = __UNALIGNED_UINT32_READ(&in[0]);
@@ -650,7 +668,9 @@ cryerror_t cry_lld_decrypt_AES(CRYDriver *cryp,
   }
 
   /* Setting the stored key.*/
+  if (cryp->cryp_ktype != cryp_key_aes_decrypt) {
     cryp_set_key_decrypt(cryp, CRYP_CR_ALGOMODE_AES_ECB);
+  }
 
   /* Pushing the AES block in the FIFO, it is assumed to be empty.*/
   CRYP->DR = __UNALIGNED_UINT32_READ(&in[0]);
@@ -711,7 +731,9 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
   }
 
   /* Setting the stored key.*/
+  if (cryp->cryp_ktype != cryp_key_aes_encrypt) {
     cryp_set_key_encrypt(cryp, CRYP_CR_ALGOMODE_AES_ECB);
+  }
 
   return cryp_do_transfer(cryp, size, in, out);
 }
@@ -754,7 +776,9 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
   }
 
   /* Setting the stored key.*/
+  if (cryp->cryp_ktype != cryp_key_aes_decrypt) {
     cryp_set_key_decrypt(cryp, CRYP_CR_ALGOMODE_AES_ECB);
+  }
 
   return cryp_do_transfer(cryp, size, in, out);
 }
@@ -802,7 +826,9 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
 
   /* Setting the stored key and IV.*/
   cryp_set_iv(cryp, iv);
+  if (cryp->cryp_ktype != cryp_key_aes_encrypt) {
     cryp_set_key_encrypt(cryp, CRYP_CR_ALGOMODE_AES_CBC);
+  }
 
   return cryp_do_transfer(cryp, size, in, out);
 }
@@ -848,7 +874,9 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
 
   /* Setting the stored key and IV.*/
   cryp_set_iv(cryp, iv);
+  if (cryp->cryp_ktype != cryp_key_aes_decrypt) {
     cryp_set_key_decrypt(cryp, CRYP_CR_ALGOMODE_AES_CBC);
+  }
 
   return cryp_do_transfer(cryp, size, in, out);
 }

os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h

@@ -225,7 +225,7 @@
 #define CRY_LLD_SUPPORTS_AES                TRUE
 #define CRY_LLD_SUPPORTS_AES_ECB            TRUE
 #define CRY_LLD_SUPPORTS_AES_CBC            TRUE
-#define CRY_LLD_SUPPORTS_AES_CFB            TRUE
+#define CRY_LLD_SUPPORTS_AES_CFB            FALSE
 #define CRY_LLD_SUPPORTS_AES_CTR            TRUE
 #define CRY_LLD_SUPPORTS_AES_GCM            TRUE
 #define CRY_LLD_SUPPORTS_DES                TRUE
@@ -271,6 +271,17 @@ typedef uint32_t crykey_t;
  */
 typedef struct CRYDriver CRYDriver;
 
+/**
+ * @brief   Type of key stored in CRYP.
+ */
+typedef enum {
+  cryp_key_none = 0,
+  cryp_key_des = 1,
+  cryp_key_tdes = 2,
+  cryp_key_aes_encrypt = 3,
+  cryp_key_aes_decrypt = 4
+} cryp_ktype_t;
+
 /**
  * @brief   Driver configuration structure.
  * @note    It could be empty on some architectures.
@@ -296,6 +307,18 @@ struct CRYDriver {
 #endif
   /* End of the mandatory fields.*/
 #if (STM32_CRY_USE_CRYP1 == TRUE) || defined (__DOXYGEN__)
+  /**
+   * @brief   Type of the key currently stored in CRYP.
+   */
+  cryp_ktype_t              cryp_ktype;
+  /**
+   * @brief   Key size setup value for CR register.
+   */
+  uint32_t                  cryp_ksize;
+  /**
+   * @brief   Transient key data.
+   */
+  uint32_t                  cryp_k[8];
 #if (STM32_CRY_CRYP_SIZE_THRESHOLD != 0) || defined (__DOXYGEN__)
   /**
    * @brief   Thread reference for CRYP operations.
@@ -310,14 +333,6 @@ struct CRYDriver {
    */
   const stm32_dma_stream_t  *cryp_dma_out;
 #endif /* STM32_CRY_CRYP_SIZE_THRESHOLD != 0 */
-  /**
-   * @brief   Key size setup value for CR register.
-   */
-  uint32_t                  cryp_ksize;
-  /**
-   * @brief   Transient key data.
-   */
-  uint32_t                  cryp_k[8];
 #endif /* STM32_CRY_USE_CRYP1 == TRUE */
 #if (STM32_CRY_USE_HASH1 == TRUE) || defined (__DOXYGEN__)
 #if (STM32_CRY_HASH_SIZE_THRESHOLD != 0) || defined (__DOXYGEN__)

testhal/STM32/multi/CRYPTO/main.c

@@ -66,6 +66,8 @@ int main(void) {
   /* Normal main() thread activity, in this demo it does nothing.*/
   while (true) {
     uint8_t digest[32];
+    static uint8_t iv[16]   = {00, 00, 00, 00, 00, 00, 00, 00,
+                               00, 00, 00, 00, 00, 00, 00, 00};
     static uint8_t key[16]  = {00, 00, 00, 00, 00, 00, 00, 00,
                                00, 00, 00, 00, 00, 00, 00, 00};
     static uint8_t data[16] = {00, 00, 00, 00, 00, 00, 00, 00,
@@ -92,6 +94,8 @@ int main(void) {
       cryDecryptAES(&CRYD1, (crykey_t)0, data, out);
       cryEncryptAES_ECB(&CRYD1, (crykey_t)0, 16U, data, out);
       cryDecryptAES_ECB(&CRYD1, (crykey_t)0, 16U, data, out);
+      cryEncryptAES_CBC(&CRYD1, (crykey_t)0, 16U, data, out, iv);
+      cryDecryptAES_CBC(&CRYD1, (crykey_t)0, 16U, data, out, iv);
     }
     chThdSleepMilliseconds(500);
   }