andreika-git
/
ChibiOS
mirror of https://github.com/andreika-git/ChibiOS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@10888 35acf78f-673a-0410-8e92-d51de3d6d3f4

This commit is contained in:
Giovanni Di Sirio 2017-10-23 14:43:43 +00:00
parent 7707340e0b
commit 7156f2c323
8 changed files with 560 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
demos/STM32/RT-STM32F746G-DISCOVERY/Makefile
View File

@ -5,7 +5,7 @@
# Compiler options here.
ifeq ($(USE_OPT),)
USE_OPT = -O0 -ggdb -fomit-frame-pointer -falign-functions=16
USE_OPT = -O2 -ggdb -fomit-frame-pointer -falign-functions=16
endif
# C specific options here (added to USE_OPT).

4
demos/STM32/RT-STM32F746G-DISCOVERY/halconf.h
View File

@ -55,7 +55,7 @@
* @brief Enables the cryptographic subsystem.
*/
#if !defined(HAL_USE_CRY) || defined(__DOXYGEN__)
#define HAL_USE_CRY TRUE
#define HAL_USE_CRY FALSE
#endif
/**
@ -227,7 +227,7 @@
* @note Fall-back implementations may not be present for all algorithms.
*/
#if !defined(HAL_CRY_USE_FALLBACK) || defined(__DOXYGEN__)
#define HAL_CRY_USE_FALLBACK TRUE
#define HAL_CRY_USE_FALLBACK FALSE
#endif
/**

31
os/hal/include/hal_crypto.h
View File

@ -95,8 +95,7 @@ typedef enum {
CRY_ERR_INV_ALGO = 1, /**< Invalid cypher/mode. */
CRY_ERR_INV_KEY_SIZE = 2, /**< Invalid key size. */
CRY_ERR_INV_KEY_TYPE = 3, /**< Invalid key type. */
CRY_ERR_INV_KEY_ID = 4, /**< Invalid key type. */
CRY_ERR_AUTH_FAILED = 5 /**< Authentication failed. */
CRY_ERR_INV_KEY_ID = 4 /**< Invalid key type. */
} cryerror_t;
/**
@ -120,6 +119,7 @@ typedef enum {
#define CRY_LLD_SUPPORTS_AES_CBC FALSE
#define CRY_LLD_SUPPORTS_AES_CFB FALSE
#define CRY_LLD_SUPPORTS_AES_CTR FALSE
#define CRY_LLD_SUPPORTS_AES_GCM FALSE
typedef uint_fast8_t crykey_t;
@ -141,8 +141,9 @@ struct CRYDriver {
#if !defined(CRY_LLD_SUPPORTS_AES_ECB) || \
!defined(CRY_LLD_SUPPORTS_AES_CBC) || \
!defined(CRY_LLD_SUPPORTS_AES_CFB) || \
!defined(CRY_LLD_SUPPORTS_AES_CTR)
#error "CRYPTO LLD does not export required switches"
!defined(CRY_LLD_SUPPORTS_AES_CTR) || \
!defined(CRY_LLD_SUPPORTS_AES_GCM)
#error "CRYPTO LLD does not export the required switches"
#endif
/*===========================================================================*/
@ -209,33 +210,31 @@ extern "C" {
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt);
const uint8_t *iv);
cryerror_t cryDecryptAES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt);
const uint8_t *iv);
cryerror_t cryEncryptAES_GCM(CRYDriver *cryp,
crykey_t key_id,
bitsize_t size,
size_t size,
const uint8_t *in,
uint8_t *out,
bitsize_t ivsize,
const uint8_t *iv,
bitsize_t authsize,
uint8_t *authout);
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
cryerror_t cryDecryptAES_GCM(CRYDriver *cryp,
crykey_t key_id,
bitsize_t size,
size_t size,
const uint8_t *in,
uint8_t *out,
bitsize_t ivsize,
const uint8_t *iv,
bitsize_t authsize,
const uint8_t *authin);
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
#ifdef __cplusplus
}
#endif

180
os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c
View File

@ -120,6 +120,9 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp,
/**
* @brief Encryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -137,7 +140,7 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id,
@ -156,6 +159,9 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
/**
* @brief Decryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -173,7 +179,7 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id,
@ -192,6 +198,9 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
/**
* @brief Encryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -201,7 +210,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -210,7 +219,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id,
@ -231,6 +240,9 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
/**
* @brief Decryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -240,7 +252,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -249,7 +261,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id,
@ -270,6 +282,9 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
/**
* @brief Encryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -279,7 +294,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -288,7 +303,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id,
@ -309,6 +324,9 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
/**
* @brief Decryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -318,7 +336,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -327,7 +345,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id,
@ -348,17 +366,20 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
/**
* @brief Encryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of the selected key size
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] nonce the "nonce" constant
* @param[in,out] cnt the initial value of the counter, normally zero
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -367,40 +388,41 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt) {
const uint8_t *iv) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)nonce;
(void)cnt;
(void)iv;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] nonce the "nonce" constant
* @param[in,out] cnt the initial value of the counter, normally zero
* multiple of 16
* @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output plaintext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -416,16 +438,120 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt) {
const uint8_t *iv) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)nonce;
(void)cnt;
(void)iv;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer for the output cyphertext
* @param[out] out buffer containing the input plaintext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
}

25
os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h
View File

@ -39,6 +39,7 @@
#define CRY_LLD_SUPPORTS_AES_CBC TRUE
#define CRY_LLD_SUPPORTS_AES_CFB FALSE
#define CRY_LLD_SUPPORTS_AES_CTR TRUE
#define CRY_LLD_SUPPORTS_AES_GCM TRUE
/** @{ */
/*===========================================================================*/
@ -178,15 +179,31 @@ extern "C" {
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt);
const uint8_t *iv);
cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt);
const uint8_t *iv);
cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
#ifdef __cplusplus
}
#endif

212
os/hal/src/hal_crypto.c
View File

@ -174,6 +174,9 @@ cryerror_t cryLoadTransientKey(CRYDriver *cryp,
/**
* @brief Encryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -221,6 +224,9 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp,
/**
* @brief Decryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -228,8 +234,8 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp,
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output plaintext
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -268,6 +274,9 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp,
/**
* @brief Encryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -277,7 +286,7 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp,
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -318,6 +327,9 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp,
/**
* @brief Decryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -325,9 +337,9 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp,
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output plaintext
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -368,6 +380,9 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp,
/**
* @brief Encryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -377,7 +392,7 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp,
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -418,6 +433,9 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp,
/**
* @brief Decryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -425,9 +443,9 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp,
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output plaintext
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -468,6 +486,9 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp,
/**
* @brief Encryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -477,8 +498,8 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp,
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] nonce the "nonce" constant
* @param[in,out] cnt the initial value of the counter, normally zero
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -494,19 +515,17 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt) {
const uint8_t *iv) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
(nonce != NULL) && (cnt != NULL) &&
((size & (size_t)15) == (size_t)0));
(iv != NULL) && ((size & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_CTR == TRUE
return cry_lld_encrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
return cry_lld_encrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#elif HAL_CRY_USE_FALLBACK == TRUE
return cry_fallback_encrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
return cry_fallback_encrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#else
(void)cryp;
(void)key_id;
@ -522,6 +541,9 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp,
/**
* @brief Decryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -529,10 +551,10 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp,
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] nonce the "nonce" constant
* @param[in,out] cnt the initial value of the counter, normally zero
* @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output plaintext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -548,19 +570,17 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt) {
const uint8_t *iv) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
(nonce != NULL) && (cnt != NULL) &&
((size & (size_t)15) == (size_t)0));
(iv != NULL) && ((size & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_CTR == TRUE
return cry_lld_decrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
return cry_lld_decrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#elif HAL_CRY_USE_FALLBACK == TRUE
return cry_fallback_decrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
return cry_fallback_decrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#else
(void)cryp;
(void)key_id;
@ -574,6 +594,142 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp,
#endif
}
/**
* @brief Encryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
*/
cryerror_t cryEncryptAES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
(iv != NULL) && (aad != NULL) && (authtag != NULL) &&
((size & (size_t)15) == (size_t)0) &&
((aadsize & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_GCM== TRUE
return cry_lld_encrypt_AES_GCM(cryp, key_id, size, in, out, iv,
aadsize, aad, authtag);
#elif HAL_CRY_USE_FALLBACK == TRUE
return cry_fallback_encrypt_AES_GCM(cryp, key_id, size, in, out, iv,
aadsize, aad, authtag);
#else
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
#endif
}
/**
* @brief Decryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer for the output cyphertext
* @param[out] out buffer containing the input plaintext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
*/
cryerror_t cryDecryptAES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
(iv != NULL) && (aad != NULL) && (authtag != NULL) &&
((size & (size_t)15) == (size_t)0) &&
((aadsize & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_GCM== TRUE
return cry_lld_decrypt_AES_GCM(cryp, key_id, size, in, out, iv,
aadsize, aad, authtag);
#elif HAL_CRY_USE_FALLBACK == TRUE
return cry_fallback_decrypt_AES_GCM(cryp, key_id, size, in, out, iv,
aadsize, aad, authtag);
#else
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
#endif
}
#endif /* HAL_USE_CRY == TRUE */
/** @} */

200
os/hal/templates/hal_crypto_lld.c
View File

@ -15,8 +15,8 @@
*/
/**
* @file CRYPv1/hal_crypto_lld.c
* @brief STM32 cryptographic subsystem low level driver source.
* @file hal_crypto_lld.c
* @brief PLATFORM cryptographic subsystem low level driver source.
*
* @addtogroup CRYPTO
* @{
@ -120,6 +120,9 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp,
/**
* @brief Encryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -137,7 +140,7 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id,
@ -151,11 +154,14 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
(void)in;
(void)out;
return CRY_NOERROR;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -173,7 +179,7 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id,
@ -187,11 +193,14 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
(void)in;
(void)out;
return CRY_NOERROR;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -201,7 +210,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -210,7 +219,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id,
@ -226,11 +235,14 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
(void)out;
(void)iv;
return CRY_NOERROR;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -240,7 +252,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -249,7 +261,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id,
@ -265,11 +277,14 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
(void)out;
(void)iv;
return CRY_NOERROR;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -279,7 +294,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -288,7 +303,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id,
@ -304,11 +319,14 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
(void)out;
(void)iv;
return CRY_NOERROR;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@ -318,7 +336,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv input vector
* @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -327,7 +345,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id,
@ -343,22 +361,25 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
(void)out;
(void)iv;
return CRY_NOERROR;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of the selected key size
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] nonce the "nonce" constant
* @param[in,out] cnt the initial value of the counter, normally zero
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -367,40 +388,41 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt) {
const uint8_t *iv) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)nonce;
(void)cnt;
(void)iv;
return CRY_NOERROR;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] nonce the "nonce" constant
* @param[in,out] cnt the initial value of the counter, normally zero
* multiple of 16
* @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output plaintext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -416,18 +438,122 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt) {
const uint8_t *iv) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)nonce;
(void)cnt;
(void)iv;
return CRY_NOERROR;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer for the output cyphertext
* @param[out] out buffer containing the input plaintext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
}
#endif /* HAL_USE_CRY == TRUE */

25
os/hal/templates/hal_crypto_lld.h
View File

@ -39,6 +39,7 @@
#define CRY_LLD_SUPPORTS_AES_CBC TRUE
#define CRY_LLD_SUPPORTS_AES_CFB TRUE
#define CRY_LLD_SUPPORTS_AES_CTR TRUE
#define CRY_LLD_SUPPORTS_AES_GCM TRUE
/** @{ */
/*===========================================================================*/
@ -178,15 +179,31 @@ extern "C" {
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt);
const uint8_t *iv);
cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *nonce,
uint8_t *cnt);
const uint8_t *iv);
cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
#ifdef __cplusplus
}
#endif