andreika-git
/
ChibiOS
mirror of https://github.com/andreika-git/ChibiOS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@10888 35acf78f-673a-0410-8e92-d51de3d6d3f4

This commit is contained in:
Giovanni Di Sirio 2017-10-23 14:43:43 +00:00
parent 7707340e0b
commit 7156f2c323
8 changed files with 560 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
demos/STM32/RT-STM32F746G-DISCOVERY/Makefile
View File

@ -5,7 +5,7 @@
# Compiler options here. # Compiler options here.
ifeq ($(USE_OPT),) ifeq ($(USE_OPT),)
USE_OPT = -O0 -ggdb -fomit-frame-pointer -falign-functions=16 USE_OPT = -O2 -ggdb -fomit-frame-pointer -falign-functions=16
endif endif
# C specific options here (added to USE_OPT). # C specific options here (added to USE_OPT).

4
demos/STM32/RT-STM32F746G-DISCOVERY/halconf.h
View File

@ -55,7 +55,7 @@
* @brief Enables the cryptographic subsystem. * @brief Enables the cryptographic subsystem.
*/ */
#if !defined(HAL_USE_CRY) || defined(__DOXYGEN__) #if !defined(HAL_USE_CRY) || defined(__DOXYGEN__)
#define HAL_USE_CRY TRUE #define HAL_USE_CRY FALSE
#endif #endif
/** /**
@ -227,7 +227,7 @@
* @note Fall-back implementations may not be present for all algorithms. * @note Fall-back implementations may not be present for all algorithms.
*/ */
#if !defined(HAL_CRY_USE_FALLBACK) || defined(__DOXYGEN__) #if !defined(HAL_CRY_USE_FALLBACK) || defined(__DOXYGEN__)
#define HAL_CRY_USE_FALLBACK TRUE #define HAL_CRY_USE_FALLBACK FALSE
#endif #endif
/** /**

31
os/hal/include/hal_crypto.h
View File

@ -95,8 +95,7 @@ typedef enum {
CRY_ERR_INV_ALGO = 1, /**< Invalid cypher/mode. */ CRY_ERR_INV_ALGO = 1, /**< Invalid cypher/mode. */
CRY_ERR_INV_KEY_SIZE = 2, /**< Invalid key size. */ CRY_ERR_INV_KEY_SIZE = 2, /**< Invalid key size. */
CRY_ERR_INV_KEY_TYPE = 3, /**< Invalid key type. */ CRY_ERR_INV_KEY_TYPE = 3, /**< Invalid key type. */
CRY_ERR_INV_KEY_ID = 4, /**< Invalid key type. */ CRY_ERR_INV_KEY_ID = 4 /**< Invalid key type. */
CRY_ERR_AUTH_FAILED = 5 /**< Authentication failed. */
} cryerror_t; } cryerror_t;
/** /**
@ -120,6 +119,7 @@ typedef enum {
#define CRY_LLD_SUPPORTS_AES_CBC FALSE #define CRY_LLD_SUPPORTS_AES_CBC FALSE
#define CRY_LLD_SUPPORTS_AES_CFB FALSE #define CRY_LLD_SUPPORTS_AES_CFB FALSE
#define CRY_LLD_SUPPORTS_AES_CTR FALSE #define CRY_LLD_SUPPORTS_AES_CTR FALSE
#define CRY_LLD_SUPPORTS_AES_GCM FALSE
typedef uint_fast8_t crykey_t; typedef uint_fast8_t crykey_t;
@ -141,8 +141,9 @@ struct CRYDriver {
#if !defined(CRY_LLD_SUPPORTS_AES_ECB) || \ #if !defined(CRY_LLD_SUPPORTS_AES_ECB) || \
!defined(CRY_LLD_SUPPORTS_AES_CBC) || \ !defined(CRY_LLD_SUPPORTS_AES_CBC) || \
!defined(CRY_LLD_SUPPORTS_AES_CFB) || \ !defined(CRY_LLD_SUPPORTS_AES_CFB) || \
!defined(CRY_LLD_SUPPORTS_AES_CTR) !defined(CRY_LLD_SUPPORTS_AES_CTR) || \
#error "CRYPTO LLD does not export required switches" !defined(CRY_LLD_SUPPORTS_AES_GCM)
#error "CRYPTO LLD does not export the required switches"
#endif #endif
/*===========================================================================*/ /*===========================================================================*/
@ -209,33 +210,31 @@ extern "C" {
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv);
uint8_t *cnt);
cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, cryerror_t cryDecryptAES_CTR(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv);
uint8_t *cnt);
cryerror_t cryEncryptAES_GCM(CRYDriver *cryp, cryerror_t cryEncryptAES_GCM(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
bitsize_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
bitsize_t ivsize,
const uint8_t *iv, const uint8_t *iv,
bitsize_t authsize, size_t aadsize,
uint8_t *authout); const uint8_t *aad,
uint8_t *authtag);
cryerror_t cryDecryptAES_GCM(CRYDriver *cryp, cryerror_t cryDecryptAES_GCM(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
bitsize_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
bitsize_t ivsize,
const uint8_t *iv, const uint8_t *iv,
bitsize_t authsize, size_t aadsize,
const uint8_t *authin); const uint8_t *aad,
uint8_t *authtag);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

180
os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c
View File

@ -120,6 +120,9 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp,
/** /**
* @brief Encryption operation using AES-ECB. * @brief Encryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -137,7 +140,7 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -156,6 +159,9 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
/** /**
* @brief Decryption operation using AES-ECB. * @brief Decryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -173,7 +179,7 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -192,6 +198,9 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
/** /**
* @brief Encryption operation using AES-CBC. * @brief Encryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -201,7 +210,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
* multiple of the selected key size * multiple of the selected key size
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -210,7 +219,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -231,6 +240,9 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
/** /**
* @brief Decryption operation using AES-CBC. * @brief Decryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -240,7 +252,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
* multiple of the selected key size * multiple of the selected key size
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -249,7 +261,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -270,6 +282,9 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
/** /**
* @brief Encryption operation using AES-CFB. * @brief Encryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -279,7 +294,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
* multiple of the selected key size * multiple of the selected key size
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -288,7 +303,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -309,6 +324,9 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
/** /**
* @brief Decryption operation using AES-CFB. * @brief Decryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -318,7 +336,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
* multiple of the selected key size * multiple of the selected key size
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -327,7 +345,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp, cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -348,17 +366,20 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
/** /**
* @brief Encryption operation using AES-CTR. * @brief Encryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an * transient key, other values are keys stored in an
* unspecified way * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a * @param[in] size size of the plaintext buffer, this number must be a
* multiple of the selected key size * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] nonce the "nonce" constant * @param[in] iv 128 bits initial vector + counter, it contains
* @param[in,out] cnt the initial value of the counter, normally zero * a 96 bits IV and a 32 bits counter
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -367,40 +388,41 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp, cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv) {
uint8_t *cnt) {
(void)cryp; (void)cryp;
(void)key_id; (void)key_id;
(void)size; (void)size;
(void)in; (void)in;
(void)out; (void)out;
(void)nonce; (void)iv;
(void)cnt;
return CRY_ERR_INV_ALGO; return CRY_ERR_INV_ALGO;
} }
/** /**
* @brief Decryption operation using AES-CTR. * @brief Decryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an * transient key, other values are keys stored in an
* unspecified way * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a * @param[in] size size of the plaintext buffer, this number must be a
* multiple of the selected key size * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output plaintext
* @param[in] nonce the "nonce" constant * @param[in] iv 128 bits initial vector + counter, it contains
* @param[in,out] cnt the initial value of the counter, normally zero * a 96 bits IV and a 32 bits counter
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -416,16 +438,120 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv) {
uint8_t *cnt) {
(void)cryp; (void)cryp;
(void)key_id; (void)key_id;
(void)size; (void)size;
(void)in; (void)in;
(void)out; (void)out;
(void)nonce; (void)iv;
(void)cnt;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer for the output cyphertext
* @param[out] out buffer containing the input plaintext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO; return CRY_ERR_INV_ALGO;
} }

25
os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h
View File

@ -39,6 +39,7 @@
#define CRY_LLD_SUPPORTS_AES_CBC TRUE #define CRY_LLD_SUPPORTS_AES_CBC TRUE
#define CRY_LLD_SUPPORTS_AES_CFB FALSE #define CRY_LLD_SUPPORTS_AES_CFB FALSE
#define CRY_LLD_SUPPORTS_AES_CTR TRUE #define CRY_LLD_SUPPORTS_AES_CTR TRUE
#define CRY_LLD_SUPPORTS_AES_GCM TRUE
/** @{ */ /** @{ */
/*===========================================================================*/ /*===========================================================================*/
@ -178,15 +179,31 @@ extern "C" {
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv);
uint8_t *cnt);
cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv);
uint8_t *cnt); cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

212
os/hal/src/hal_crypto.c
View File

@ -174,6 +174,9 @@ cryerror_t cryLoadTransientKey(CRYDriver *cryp,
/** /**
* @brief Encryption operation using AES-ECB. * @brief Encryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -221,6 +224,9 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp,
/** /**
* @brief Decryption operation using AES-ECB. * @brief Decryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -228,8 +234,8 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp,
* unspecified way * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a * @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16 * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output plaintext
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -268,6 +274,9 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp,
/** /**
* @brief Encryption operation using AES-CBC. * @brief Encryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -277,7 +286,7 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp,
* multiple of 16 * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -318,6 +327,9 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp,
/** /**
* @brief Decryption operation using AES-CBC. * @brief Decryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -325,9 +337,9 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp,
* unspecified way * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a * @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16 * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output plaintext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -368,6 +380,9 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp,
/** /**
* @brief Encryption operation using AES-CFB. * @brief Encryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -377,7 +392,7 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp,
* multiple of 16 * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -418,6 +433,9 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp,
/** /**
* @brief Decryption operation using AES-CFB. * @brief Decryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -425,9 +443,9 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp,
* unspecified way * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a * @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16 * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output plaintext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -468,6 +486,9 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp,
/** /**
* @brief Encryption operation using AES-CTR. * @brief Encryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -477,8 +498,8 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp,
* multiple of 16 * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] nonce the "nonce" constant * @param[in] iv 128 bits initial vector + counter, it contains
* @param[in,out] cnt the initial value of the counter, normally zero * a 96 bits IV and a 32 bits counter
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -494,19 +515,17 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp,
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv) {
uint8_t *cnt) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) && osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
(nonce != NULL) && (cnt != NULL) && (iv != NULL) && ((size & (size_t)15) == (size_t)0));
((size & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready"); osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_CTR == TRUE #if CRY_LLD_SUPPORTS_AES_CTR == TRUE
return cry_lld_encrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt); return cry_lld_encrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#elif HAL_CRY_USE_FALLBACK == TRUE #elif HAL_CRY_USE_FALLBACK == TRUE
return cry_fallback_encrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt); return cry_fallback_encrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#else #else
(void)cryp; (void)cryp;
(void)key_id; (void)key_id;
@ -522,6 +541,9 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp,
/** /**
* @brief Decryption operation using AES-CTR. * @brief Decryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -529,10 +551,10 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp,
* unspecified way * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a * @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16 * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output plaintext
* @param[in] nonce the "nonce" constant * @param[in] iv 128 bits initial vector + counter, it contains
* @param[in,out] cnt the initial value of the counter, normally zero * a 96 bits IV and a 32 bits counter
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -548,19 +570,17 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp,
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv) {
uint8_t *cnt) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) && osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
(nonce != NULL) && (cnt != NULL) && (iv != NULL) && ((size & (size_t)15) == (size_t)0));
((size & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready"); osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_CTR == TRUE #if CRY_LLD_SUPPORTS_AES_CTR == TRUE
return cry_lld_decrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt); return cry_lld_decrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#elif HAL_CRY_USE_FALLBACK == TRUE #elif HAL_CRY_USE_FALLBACK == TRUE
return cry_fallback_decrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt); return cry_fallback_decrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#else #else
(void)cryp; (void)cryp;
(void)key_id; (void)key_id;
@ -574,6 +594,142 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp,
#endif #endif
} }
/**
* @brief Encryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
*/
cryerror_t cryEncryptAES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
(iv != NULL) && (aad != NULL) && (authtag != NULL) &&
((size & (size_t)15) == (size_t)0) &&
((aadsize & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_GCM== TRUE
return cry_lld_encrypt_AES_GCM(cryp, key_id, size, in, out, iv,
aadsize, aad, authtag);
#elif HAL_CRY_USE_FALLBACK == TRUE
return cry_fallback_encrypt_AES_GCM(cryp, key_id, size, in, out, iv,
aadsize, aad, authtag);
#else
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
#endif
}
/**
* @brief Decryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer for the output cyphertext
* @param[out] out buffer containing the input plaintext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @api
*/
cryerror_t cryDecryptAES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
(iv != NULL) && (aad != NULL) && (authtag != NULL) &&
((size & (size_t)15) == (size_t)0) &&
((aadsize & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_GCM== TRUE
return cry_lld_decrypt_AES_GCM(cryp, key_id, size, in, out, iv,
aadsize, aad, authtag);
#elif HAL_CRY_USE_FALLBACK == TRUE
return cry_fallback_decrypt_AES_GCM(cryp, key_id, size, in, out, iv,
aadsize, aad, authtag);
#else
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
#endif
}
#endif /* HAL_USE_CRY == TRUE */ #endif /* HAL_USE_CRY == TRUE */
/** @} */ /** @} */

200
os/hal/templates/hal_crypto_lld.c
View File

@ -15,8 +15,8 @@
*/ */
/** /**
* @file CRYPv1/hal_crypto_lld.c * @file hal_crypto_lld.c
* @brief STM32 cryptographic subsystem low level driver source. * @brief PLATFORM cryptographic subsystem low level driver source.
* *
* @addtogroup CRYPTO * @addtogroup CRYPTO
* @{ * @{
@ -120,6 +120,9 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp,
/** /**
* @brief Encryption operation using AES-ECB. * @brief Encryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -137,7 +140,7 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -151,11 +154,14 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
(void)in; (void)in;
(void)out; (void)out;
return CRY_NOERROR; return CRY_ERR_INV_ALGO;
} }
/** /**
* @brief Decryption operation using AES-ECB. * @brief Decryption operation using AES-ECB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -173,7 +179,7 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -187,11 +193,14 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
(void)in; (void)in;
(void)out; (void)out;
return CRY_NOERROR; return CRY_ERR_INV_ALGO;
} }
/** /**
* @brief Encryption operation using AES-CBC. * @brief Encryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -201,7 +210,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
* multiple of the selected key size * multiple of the selected key size
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -210,7 +219,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -226,11 +235,14 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
(void)out; (void)out;
(void)iv; (void)iv;
return CRY_NOERROR; return CRY_ERR_INV_ALGO;
} }
/** /**
* @brief Decryption operation using AES-CBC. * @brief Decryption operation using AES-CBC.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -240,7 +252,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
* multiple of the selected key size * multiple of the selected key size
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -249,7 +261,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -265,11 +277,14 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
(void)out; (void)out;
(void)iv; (void)iv;
return CRY_NOERROR; return CRY_ERR_INV_ALGO;
} }
/** /**
* @brief Encryption operation using AES-CFB. * @brief Encryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -279,7 +294,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
* multiple of the selected key size * multiple of the selected key size
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -288,7 +303,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -304,11 +319,14 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
(void)out; (void)out;
(void)iv; (void)iv;
return CRY_NOERROR; return CRY_ERR_INV_ALGO;
} }
/** /**
* @brief Decryption operation using AES-CFB. * @brief Decryption operation using AES-CFB.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
@ -318,7 +336,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
* multiple of the selected key size * multiple of the selected key size
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] iv input vector * @param[in] iv 128 bits initial vector
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -327,7 +345,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp, cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
@ -343,22 +361,25 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
(void)out; (void)out;
(void)iv; (void)iv;
return CRY_NOERROR; return CRY_ERR_INV_ALGO;
} }
/** /**
* @brief Encryption operation using AES-CTR. * @brief Encryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an * transient key, other values are keys stored in an
* unspecified way * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a * @param[in] size size of the plaintext buffer, this number must be a
* multiple of the selected key size * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output cyphertext
* @param[in] nonce the "nonce" constant * @param[in] iv 128 bits initial vector + counter, it contains
* @param[in,out] cnt the initial value of the counter, normally zero * a 96 bits IV and a 32 bits counter
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -367,40 +388,41 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot. * or refers and empty key slot.
* *
* @api * @notapi
*/ */
cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp, cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv) {
uint8_t *cnt) {
(void)cryp; (void)cryp;
(void)key_id; (void)key_id;
(void)size; (void)size;
(void)in; (void)in;
(void)out; (void)out;
(void)nonce; (void)iv;
(void)cnt;
return CRY_NOERROR; return CRY_ERR_INV_ALGO;
} }
/** /**
* @brief Decryption operation using AES-CTR. * @brief Decryption operation using AES-CTR.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
* *
* @param[in] cryp pointer to the @p CRYDriver object * @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the * @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an * transient key, other values are keys stored in an
* unspecified way * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a * @param[in] size size of the plaintext buffer, this number must be a
* multiple of the selected key size * multiple of 16
* @param[in] in buffer containing the input plaintext * @param[in] in buffer containing the input cyphertext
* @param[out] out buffer for the output cyphertext * @param[out] out buffer for the output plaintext
* @param[in] nonce the "nonce" constant * @param[in] iv 128 bits initial vector + counter, it contains
* @param[in,out] cnt the initial value of the counter, normally zero * a 96 bits IV and a 32 bits counter
* @return The operation status. * @return The operation status.
* @retval CRY_NOERROR if the operation succeeded. * @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@ -416,18 +438,122 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv) {
uint8_t *cnt) {
(void)cryp; (void)cryp;
(void)key_id; (void)key_id;
(void)size; (void)size;
(void)in; (void)in;
(void)out; (void)out;
(void)nonce; (void)iv;
(void)cnt;
return CRY_NOERROR; return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @notapi
*/
cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-GCM.
* @note The function operates on data buffers whose lenght is a multiple
* of an AES block, this means that padding must be done by the
* caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the text buffers, this number must be a
* multiple of 16
* @param[in] in buffer for the output cyphertext
* @param[out] out buffer containing the input plaintext
* @param[in] iv 128 bits initial vector + counter, it contains
* a 96 bits IV and a 32 bits counter
* @param[in] aadsize size of the authentication data, this number must be a
* multiple of 16
* @param[in] aad buffer containing the authentication data
* @param[in] authtag 128 bits buffer for the generated authentication tag
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
* device instance.
* @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
* @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
* @notapi
*/
cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
(void)iv;
(void)aadsize;
(void)aad;
(void)authtag;
return CRY_ERR_INV_ALGO;
} }
#endif /* HAL_USE_CRY == TRUE */ #endif /* HAL_USE_CRY == TRUE */

25
os/hal/templates/hal_crypto_lld.h
View File

@ -39,6 +39,7 @@
#define CRY_LLD_SUPPORTS_AES_CBC TRUE #define CRY_LLD_SUPPORTS_AES_CBC TRUE
#define CRY_LLD_SUPPORTS_AES_CFB TRUE #define CRY_LLD_SUPPORTS_AES_CFB TRUE
#define CRY_LLD_SUPPORTS_AES_CTR TRUE #define CRY_LLD_SUPPORTS_AES_CTR TRUE
#define CRY_LLD_SUPPORTS_AES_GCM TRUE
/** @{ */ /** @{ */
/*===========================================================================*/ /*===========================================================================*/
@ -178,15 +179,31 @@ extern "C" {
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv);
uint8_t *cnt);
cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id, crykey_t key_id,
size_t size, size_t size,
const uint8_t *in, const uint8_t *in,
uint8_t *out, uint8_t *out,
const uint8_t *nonce, const uint8_t *iv);
uint8_t *cnt); cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
const uint8_t *iv,
size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif