diff options
author | gdisirio <gdisirio@110e8d01-0319-4d1e-a829-52ad28d1bb01> | 2018-12-19 11:26:37 +0000 |
---|---|---|
committer | gdisirio <gdisirio@110e8d01-0319-4d1e-a829-52ad28d1bb01> | 2018-12-19 11:26:37 +0000 |
commit | 282f50256531ffee5f9f5baf8d275fb64464769d (patch) | |
tree | 2d381d201c87d4df1fa723cd7c5c867b87c193e4 | |
parent | 29de2108ac4d0cff889ffd8b3cb3153118f80a6c (diff) | |
download | ChibiOS-282f50256531ffee5f9f5baf8d275fb64464769d.tar.gz ChibiOS-282f50256531ffee5f9f5baf8d275fb64464769d.tar.bz2 ChibiOS-282f50256531ffee5f9f5baf8d275fb64464769d.zip |
Crypto driver changes, removed TRNG.
git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@12477 110e8d01-0319-4d1e-a829-52ad28d1bb01
-rw-r--r-- | os/hal/include/hal_crypto.h | 18 | ||||
-rw-r--r-- | os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c | 64 | ||||
-rw-r--r-- | os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h | 52 | ||||
-rw-r--r-- | os/hal/src/hal_crypto.c | 155 | ||||
-rw-r--r-- | os/hal/templates/hal_crypto_lld.c | 32 | ||||
-rw-r--r-- | os/hal/templates/hal_crypto_lld.h | 34 | ||||
-rw-r--r-- | readme.txt | 3 |
7 files changed, 152 insertions, 206 deletions
diff --git a/os/hal/include/hal_crypto.h b/os/hal/include/hal_crypto.h index 4df1a45c3..78ba32b00 100644 --- a/os/hal/include/hal_crypto.h +++ b/os/hal/include/hal_crypto.h @@ -123,8 +123,7 @@ typedef enum { !defined(CRY_LLD_SUPPORTS_SHA256) || \
!defined(CRY_LLD_SUPPORTS_SHA512) || \
!defined(CRY_LLD_SUPPORTS_HMAC_SHA256) || \
- !defined(CRY_LLD_SUPPORTS_HMAC_SHA512) || \
- !defined(CRY_LLD_SUPPORTS_TRNG)
+ !defined(CRY_LLD_SUPPORTS_HMAC_SHA512)
#error "CRYPTO LLD does not export the required switches"
#endif
@@ -145,7 +144,6 @@ typedef enum { #define CRY_LLD_SUPPORTS_SHA512 FALSE
#define CRY_LLD_SUPPORTS_HMAC_SHA256 FALSE
#define CRY_LLD_SUPPORTS_HMAC_SHA512 FALSE
-#define CRY_LLD_SUPPORTS_TRNG FALSE
typedef uint_fast8_t crykey_t;
@@ -227,10 +225,9 @@ extern "C" { void cryObjectInit(CRYDriver *cryp);
void cryStart(CRYDriver *cryp, const CRYConfig *config);
void cryStop(CRYDriver *cryp);
- cryerror_t cryLoadTransientKey(CRYDriver *cryp,
- cryalgorithm_t algorithm,
- size_t size,
- const uint8_t *keyp);
+ cryerror_t cryLoadAESTransientKey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp);
cryerror_t cryEncryptAES(CRYDriver *cryp,
crykey_t key_id,
const uint8_t *in,
@@ -303,6 +300,9 @@ extern "C" { size_t aadsize,
const uint8_t *aad,
uint8_t *authtag);
+ cryerror_t cryLoadDESTransientKey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp);
cryerror_t cryEncryptDES(CRYDriver *cryp,
crykey_t key_id,
const uint8_t *in,
@@ -348,6 +348,9 @@ extern "C" { size_t size, const uint8_t *in);
cryerror_t crySHA512Final(CRYDriver *cryp, SHA512Context *sha512ctxp,
uint8_t *out);
+ cryerror_t cryLoadHMACTransientKey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp);
cryerror_t cryHMACSHA256Init(CRYDriver *cryp,
HMACSHA256Context *hmacsha256ctxp);
cryerror_t cryHMACSHA256Update(CRYDriver *cryp,
@@ -366,7 +369,6 @@ extern "C" { cryerror_t cryHMACSHA512Final(CRYDriver *cryp,
HMACSHA512Context *hmacsha512ctxp,
uint8_t *out);
- cryerror_t cryTRNG(CRYDriver *cryp, size_t size, uint8_t *out);
#ifdef __cplusplus
}
#endif
diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c index 5c02434e3..60a1f88f2 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c @@ -70,9 +70,6 @@ void cry_lld_init(void) { #if STM32_CRY_USE_HASH1
CRYD1.hash = HASH;
#endif
-#if STM32_CRY_USE_RNG1
- CRYD1.rng = RNG;
-#endif
#endif
}
@@ -94,9 +91,6 @@ void cry_lld_start(CRYDriver *cryp) { #if STM32_CRY_USE_HASH1
rccEnableHASH(true);
#endif
-#if STM32_CRY_USE_RNG1
- rccEnableRNG(true);
-#endif
}
#endif
}
@@ -107,9 +101,6 @@ void cry_lld_start(CRYDriver *cryp) { #if STM32_CRY_USE_HASH1
/* HASH setup and enable.*/
#endif
-#if STM32_CRY_USE_RNG1
- /* RNG setup and enable.*/
-#endif
}
/**
@@ -123,29 +114,6 @@ void cry_lld_stop(CRYDriver *cryp) { if (cryp->state == CRY_READY) {
-#if STM32_CRY_USE_CRYP1
- /* CRYP disable.*/
-#endif
-#if STM32_CRY_USE_HASH1
- /* HASH disable.*/
-#endif
-#if STM32_CRY_USE_RNG1
- /* RNG disable.*/
-#endif
-
-#if STM32_CRY_ENABLED1
- if (&CRYD1 == cryp) {
-#if STM32_CRY_USE_CRYP1
- rccDisableCRYP();
-#endif
-#if STM32_CRY_USE_HASH1
- rccDisableHASH();
-#endif
-#if STM32_CRY_USE_RNG1
- rccDisableRNG();
-#endif
- }
-#endif
}
}
@@ -1201,7 +1169,6 @@ cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp, #if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__)
/**
* @brief Hash initialization using HMAC_SHA256.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[out] hmacsha256ctxp pointer to a HMAC_SHA256 context to be
@@ -1226,7 +1193,6 @@ cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp, /**
* @brief Hash update using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context
@@ -1256,7 +1222,6 @@ cryerror_t cry_lld_HMACSHA256_update(CRYDriver *cryp, /**
* @brief Hash finalization using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context
@@ -1285,7 +1250,6 @@ cryerror_t cry_lld_HMACSHA256_final(CRYDriver *cryp, #if (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || defined(__DOXYGEN__)
/**
* @brief Hash initialization using HMAC_SHA512.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[out] hmacsha512ctxp pointer to a HMAC_SHA512 context to be
@@ -1310,7 +1274,6 @@ cryerror_t cry_lld_HMACSHA512_init(CRYDriver *cryp, /**
* @brief Hash update using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context
@@ -1340,7 +1303,6 @@ cryerror_t cry_lld_HMACSHA512_update(CRYDriver *cryp, /**
* @brief Hash finalization using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context
@@ -1366,32 +1328,6 @@ cryerror_t cry_lld_HMACSHA512_final(CRYDriver *cryp, }
#endif
-#if (CRY_LLD_SUPPORTS_TRNG == TRUE) || defined(__DOXYGEN__)
-/**
- * @brief True random numbers generator.
- *
- * @param[in] cryp pointer to the @p CRYDriver object
- * @param[in] size size of output buffer
- * @param[out] out output buffer
- * @return The operation status.
- * @retval CRY_NOERROR if the operation succeeded.
- * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
- * device instance.
- * @retval CRY_ERR_OP_FAILURE if the operation failed, implementation
- * dependent.
- *
- * @notapi
- */
-cryerror_t cry_lld_TRNG(CRYDriver *cryp, size_t size, uint8_t *out) {
-
- (void)cryp;
- (void)size;
- (void)out;
-
- return CRY_ERR_INV_ALGO;
-}
-#endif
-
#endif /* HAL_USE_CRY == TRUE */
/** @} */
diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h index 60c50e03c..94eae3fd7 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h @@ -56,15 +56,6 @@ #if !defined(STM32_CRY_USE_HASH1) || defined(__DOXYGEN__)
#define STM32_CRY_USE_HASH1 FALSE
#endif
-
-/**
- * @brief RNG1 driver enable switch.
- * @details If set to @p TRUE the support for CRYP1 is included.
- * @note The default is @p FALSE.
- */
-#if !defined(STM32_CRY_USE_RNG1) || defined(__DOXYGEN__)
-#define STM32_CRY_USE_RNG1 FALSE
-#endif
/** @} */
/*===========================================================================*/
@@ -144,10 +135,6 @@ #define CRY_LLD_SUPPORTS_HMAC_SHA256 FALSE
#define CRY_LLD_SUPPORTS_HMAC_SHA512 FALSE
#endif
-#if STM32_CRY_USE_RNG1 || defined (__DOXYGEN__)
-#define CRY_LLD_SUPPORTS_TRNG TRUE
-#else
-#define CRY_LLD_SUPPORTS_TRNG FALSE
#endif
/** @} */
@@ -201,12 +188,6 @@ struct CRYDriver { */
HASH_TypeDef *hash;
#endif
-#if STM32_CRY_USE_RNG1 || defined (__DOXYGEN__)
- /**
- * @brief Pointer to the RNG registers block.
- */
- RNG_TypeDef *rng;
-#endif
};
#if (CRY_LLD_SUPPORTS_SHA1 == TRUE) || defined(__DOXYGEN__)
@@ -272,10 +253,17 @@ extern "C" { void cry_lld_init(void);
void cry_lld_start(CRYDriver *cryp);
void cry_lld_stop(CRYDriver *cryp);
- cryerror_t cry_lld_loadkey(CRYDriver *cryp,
- cryalgorithm_t algorithm,
- size_t size,
- const uint8_t *keyp);
+#if (CRY_LLD_SUPPORTS_AES == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_ECB == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_CBC == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_CFB == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_CTR == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_GCM == TRUE) || \
+ defined(__DOXYGEN__)
+ cryerror_t cry_lld_aes_loadkey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp);
+#endif
#if (CRY_LLD_SUPPORTS_AES == TRUE) || defined(__DOXYGEN__)
cryerror_t cry_lld_encrypt_AES(CRYDriver *cryp,
crykey_t key_id,
@@ -360,6 +348,14 @@ extern "C" { const uint8_t *aad,
uint8_t *authtag);
#endif
+#if (CRY_LLD_SUPPORTS_DES == TRUE) || \
+ (CRY_LLD_SUPPORTS_DES_ECB == TRUE) || \
+ (CRY_LLD_SUPPORTS_DES_CBC == TRUE) || \
+ defined(__DOXYGEN__)
+ cryerror_t cry_lld_des_loadkey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp);
+#endif
#if (CRY_LLD_SUPPORTS_DES == TRUE) || defined(__DOXYGEN__)
cryerror_t cry_lld_encrypt_DES(CRYDriver *cryp,
crykey_t key_id,
@@ -417,6 +413,13 @@ extern "C" { cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp,
uint8_t *out);
#endif
+#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || \
+ (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || \
+ defined(__DOXYGEN__)
+ cryerror_t cry_lld_hmac_loadkey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp);
+#endif
#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__)
cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp,
HMACSHA256Context *hmacsha256ctxp);
@@ -437,9 +440,6 @@ extern "C" { HMACSHA512Context *hmacsha512ctxp,
uint8_t *out);
#endif
-#if (CRY_LLD_SUPPORTS_TRNG == TRUE) || defined(__DOXYGEN__)
- cryerror_t cry_lld_TRNG(CRYDriver *cryp, size_t size, uint8_t *out);
-#endif
#ifdef __cplusplus
}
#endif
diff --git a/os/hal/src/hal_crypto.c b/os/hal/src/hal_crypto.c index a58cc7bec..5609e1ee3 100644 --- a/os/hal/src/hal_crypto.c +++ b/os/hal/src/hal_crypto.c @@ -126,46 +126,39 @@ void cryStop(CRYDriver *cryp) { }
/**
- * @brief Initializes the transient key for a specific algorithm.
- * @note It is the underlying implementation to decide which combinations
- * of algorithm and key size are allowable.
+ * @brief Initializes the AES transient key.
+ * @note It is the underlying implementation to decide which key sizes are
+ * allowable.
*
* @param[in] cryp pointer to the @p CRYDriver object
- * @param[in] algorithm the algorithm identifier
* @param[in] size key size in bytes
* @param[in] keyp pointer to the key data
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
- * @retval CRY_ERR_INV_ALGO if the specified algorithm is unknown or
- * unsupported.
+ * @retval CRY_ERR_INV_ALGO if the algorithm is unsupported.
* @retval CRY_ERR_INV_KEY_SIZE if the specified key size is invalid for
* the specified algorithm.
*
* @api
*/
-cryerror_t cryLoadTransientKey(CRYDriver *cryp,
- cryalgorithm_t algorithm,
- size_t size,
- const uint8_t *keyp) {
- cryerror_t err;
+cryerror_t cryLoadAESTransientKey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp) {
osalDbgCheck((cryp != NULL) && (keyp != NULL));
-#if HAL_CRY_ENFORCE_FALLBACK == FALSE
- /* Key setup in the low level driver.*/
- err = cry_lld_loadkey(cryp, algorithm, size, keyp);
+#if CRY_LLD_SUPPORTS_AES == TRUE
+ return cry_lld_aes_loadkey(cryp, size, keyp);
+#elif HAL_CRY_USE_FALLBACK == TRUE
+ return cry_fallback_aes_loadkey(cryp, size, keyp);
#else
- err = CRY_ERR_INV_ALGO;
-#endif
+ (void)cryp;
+ (void)size;
+ (void)keyp;
-#if HAL_CRY_USE_FALLBACK == TRUE
- if (err == CRY_ERR_INV_ALGO) {
- err = cry_fallback_loadkey(cryp, algorithm, size, keyp);
- }
+ return CRY_ERR_INV_ALGO;
#endif
-
- return err;
}
/**
@@ -839,6 +832,42 @@ cryerror_t cryDecryptAES_GCM(CRYDriver *cryp, }
/**
+ * @brief Initializes the DES transient key.
+ * @note It is the underlying implementation to decide which key sizes are
+ * allowable.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] size key size in bytes
+ * @param[in] keyp pointer to the key data
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the algorithm is unsupported.
+ * @retval CRY_ERR_INV_KEY_SIZE if the specified key size is invalid for
+ * the specified algorithm.
+ *
+ * @api
+ */
+cryerror_t cryLoadDESTransientKey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp) {
+
+ osalDbgCheck((cryp != NULL) && (keyp != NULL));
+
+
+#if CRY_LLD_SUPPORTS_DES == TRUE
+ return cry_lld_des_loadkey(cryp, size, keyp);
+#elif HAL_CRY_USE_FALLBACK == TRUE
+ return cry_fallback_des_loadkey(cryp, size, keyp);
+#else
+ (void)cryp;
+ (void)size;
+ (void)keyp;
+
+ return CRY_ERR_INV_ALGO;
+#endif
+}
+
+/**
* @brief Encryption of a single block using (T)DES.
* @note The implementation of this function must guarantee that it can
* be called from any context.
@@ -1253,7 +1282,6 @@ cryerror_t crySHA1Final(CRYDriver *cryp, SHA1Context *sha1ctxp, uint8_t *out) { /**
* @brief Hash initialization using SHA256.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[out] sha256ctxp pointer to a SHA256 context to be initialized
@@ -1286,7 +1314,6 @@ cryerror_t crySHA256Init(CRYDriver *cryp, SHA256Context *sha256ctxp) { /**
* @brief Hash update using SHA256.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] sha256ctxp pointer to a SHA256 context
@@ -1324,7 +1351,6 @@ cryerror_t crySHA256Update(CRYDriver *cryp, SHA256Context *sha256ctxp, /**
* @brief Hash finalization using SHA256.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] sha256ctxp pointer to a SHA256 context
@@ -1360,7 +1386,6 @@ cryerror_t crySHA256Final(CRYDriver *cryp, SHA256Context *sha256ctxp, /**
* @brief Hash initialization using SHA512.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[out] sha512ctxp pointer to a SHA512 context to be initialized
@@ -1393,7 +1418,6 @@ cryerror_t crySHA512Init(CRYDriver *cryp, SHA512Context *sha512ctxp) { /**
* @brief Hash update using SHA512.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] sha512ctxp pointer to a SHA512 context
@@ -1431,7 +1455,6 @@ cryerror_t crySHA512Update(CRYDriver *cryp, SHA512Context *sha512ctxp, /**
* @brief Hash finalization using SHA512.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] sha512ctxp pointer to a SHA512 context
@@ -1466,8 +1489,43 @@ cryerror_t crySHA512Final(CRYDriver *cryp, SHA512Context *sha512ctxp, }
/**
+ * @brief Initializes the HMAC transient key.
+ * @note It is the underlying implementation to decide which key sizes are
+ * allowable.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] size key size in bytes
+ * @param[in] keyp pointer to the key data
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the algorithm is unsupported.
+ * @retval CRY_ERR_INV_KEY_SIZE if the specified key size is invalid for
+ * the specified algorithm.
+ *
+ * @api
+ */
+cryerror_t cryLoadHMACTransientKey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp) {
+
+ osalDbgCheck((cryp != NULL) && (keyp != NULL));
+
+#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || \
+ (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE)
+ return cry_lld_hmac_loadkey(cryp, size, keyp);
+#elif HAL_CRY_USE_FALLBACK == TRUE
+ return cry_fallback_hmac_loadkey(cryp, size, keyp);
+#else
+ (void)cryp;
+ (void)size;
+ (void)keyp;
+
+ return CRY_ERR_INV_ALGO;
+#endif
+}
+
+/**
* @brief Hash initialization using HMAC_SHA256.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[out] hmacsha256ctxp pointer to a HMAC_SHA256 context to be
@@ -1502,7 +1560,6 @@ cryerror_t cryHMACSHA256Init(CRYDriver *cryp, /**
* @brief Hash update using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context
@@ -1542,7 +1599,6 @@ cryerror_t cryHMACSHA256Update(CRYDriver *cryp, /**
* @brief Hash finalization using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context
@@ -1579,7 +1635,6 @@ cryerror_t cryHMACSHA256Final(CRYDriver *cryp, /**
* @brief Hash initialization using HMAC_SHA512.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[out] hmacsha512ctxp pointer to a HMAC_SHA512 context to be
@@ -1614,7 +1669,6 @@ cryerror_t cryHMACSHA512Init(CRYDriver *cryp, /**
* @brief Hash update using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context
@@ -1654,7 +1708,6 @@ cryerror_t cryHMACSHA512Update(CRYDriver *cryp, /**
* @brief Hash finalization using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context
@@ -1689,40 +1742,6 @@ cryerror_t cryHMACSHA512Final(CRYDriver *cryp, #endif
}
-/**
- * @brief True random numbers generator.
- *
- * @param[in] cryp pointer to the @p CRYDriver object
- * @param[in] size size of output buffer
- * @param[out] out output buffer
- * @return The operation status.
- * @retval CRY_NOERROR if the operation succeeded.
- * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
- * device instance.
- * @retval CRY_ERR_OP_FAILURE if the operation failed, implementation
- * dependent.
- *
- * @api
- */
-cryerror_t cryTRNG(CRYDriver *cryp, size_t size, uint8_t *out) {
-
- osalDbgCheck((cryp != NULL) && (out != NULL));
-
- osalDbgAssert(cryp->state == CRY_READY, "not ready");
-
-#if CRY_LLD_SUPPORTS_TRNG == TRUE
- return cry_lld_TRNG(cryp, size, out);
-#elif HAL_CRY_USE_FALLBACK == TRUE
- return cry_fallback_TRNG(cryp, size, out);
-#else
- (void)cryp;
- (void)size;
- (void)out;
-
- return CRY_ERR_INV_ALGO;
-#endif
-}
-
#endif /* HAL_USE_CRY == TRUE */
/** @} */
diff --git a/os/hal/templates/hal_crypto_lld.c b/os/hal/templates/hal_crypto_lld.c index 0d1656787..b079bd064 100644 --- a/os/hal/templates/hal_crypto_lld.c +++ b/os/hal/templates/hal_crypto_lld.c @@ -1144,7 +1144,6 @@ cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp, #if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__)
/**
* @brief Hash initialization using HMAC_SHA256.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[out] hmacsha256ctxp pointer to a HMAC_SHA256 context to be
@@ -1169,7 +1168,6 @@ cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp, /**
* @brief Hash update using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context
@@ -1199,7 +1197,6 @@ cryerror_t cry_lld_HMACSHA256_update(CRYDriver *cryp, /**
* @brief Hash finalization using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context
@@ -1228,7 +1225,6 @@ cryerror_t cry_lld_HMACSHA256_final(CRYDriver *cryp, #if (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || defined(__DOXYGEN__)
/**
* @brief Hash initialization using HMAC_SHA512.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[out] hmacsha512ctxp pointer to a HMAC_SHA512 context to be
@@ -1253,7 +1249,6 @@ cryerror_t cry_lld_HMACSHA512_init(CRYDriver *cryp, /**
* @brief Hash update using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context
@@ -1283,7 +1278,6 @@ cryerror_t cry_lld_HMACSHA512_update(CRYDriver *cryp, /**
* @brief Hash finalization using HMAC.
- * @note Use of this algorithm is not recommended because proven weak.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context
@@ -1309,32 +1303,6 @@ cryerror_t cry_lld_HMACSHA512_final(CRYDriver *cryp, }
#endif
-#if (CRY_LLD_SUPPORTS_TRNG == TRUE) || defined(__DOXYGEN__)
-/**
- * @brief True random numbers generator.
- *
- * @param[in] cryp pointer to the @p CRYDriver object
- * @param[in] size size of output buffer
- * @param[out] out output buffer
- * @return The operation status.
- * @retval CRY_NOERROR if the operation succeeded.
- * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
- * device instance.
- * @retval CRY_ERR_OP_FAILURE if the operation failed, implementation
- * dependent.
- *
- * @notapi
- */
-cryerror_t cry_lld_TRNG(CRYDriver *cryp, size_t size, uint8_t *out) {
-
- (void)cryp;
- (void)size;
- (void)out;
-
- return CRY_ERR_INV_ALGO;
-}
-#endif
-
#endif /* HAL_USE_CRY == TRUE */
/** @} */
diff --git a/os/hal/templates/hal_crypto_lld.h b/os/hal/templates/hal_crypto_lld.h index d3b1f5755..6020eeff0 100644 --- a/os/hal/templates/hal_crypto_lld.h +++ b/os/hal/templates/hal_crypto_lld.h @@ -49,7 +49,6 @@ #define CRY_LLD_SUPPORTS_SHA512 TRUE
#define CRY_LLD_SUPPORTS_HMAC_SHA256 TRUE
#define CRY_LLD_SUPPORTS_HMAC_SHA512 TRUE
-#define CRY_LLD_SUPPORTS_TRNG TRUE
/** @} */
/*===========================================================================*/
@@ -177,10 +176,17 @@ extern "C" { void cry_lld_init(void);
void cry_lld_start(CRYDriver *cryp);
void cry_lld_stop(CRYDriver *cryp);
- cryerror_t cry_lld_loadkey(CRYDriver *cryp,
- cryalgorithm_t algorithm,
- size_t size,
- const uint8_t *keyp);
+#if (CRY_LLD_SUPPORTS_AES == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_ECB == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_CBC == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_CFB == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_CTR == TRUE) || \
+ (CRY_LLD_SUPPORTS_AES_GCM == TRUE) || \
+ defined(__DOXYGEN__)
+ cryerror_t cry_lld_aes_loadkey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp);
+#endif
#if (CRY_LLD_SUPPORTS_AES == TRUE) || defined(__DOXYGEN__)
cryerror_t cry_lld_encrypt_AES(CRYDriver *cryp,
crykey_t key_id,
@@ -265,6 +271,14 @@ extern "C" { const uint8_t *aad,
uint8_t *authtag);
#endif
+#if (CRY_LLD_SUPPORTS_DES == TRUE) || \
+ (CRY_LLD_SUPPORTS_DES_ECB == TRUE) || \
+ (CRY_LLD_SUPPORTS_DES_CBC == TRUE) || \
+ defined(__DOXYGEN__)
+ cryerror_t cry_lld_des_loadkey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp);
+#endif
#if (CRY_LLD_SUPPORTS_DES == TRUE) || defined(__DOXYGEN__)
cryerror_t cry_lld_encrypt_DES(CRYDriver *cryp,
crykey_t key_id,
@@ -322,6 +336,13 @@ extern "C" { cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp,
uint8_t *out);
#endif
+#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || \
+ (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || \
+ defined(__DOXYGEN__)
+ cryerror_t cry_lld_hmac_loadkey(CRYDriver *cryp,
+ size_t size,
+ const uint8_t *keyp);
+#endif
#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__)
cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp,
HMACSHA256Context *hmacsha256ctxp);
@@ -342,9 +363,6 @@ extern "C" { HMACSHA512Context *hmacsha512ctxp,
uint8_t *out);
#endif
-#if (CRY_LLD_SUPPORTS_TRNG == TRUE) || defined(__DOXYGEN__)
- cryerror_t cry_lld_TRNG(CRYDriver *cryp, size_t size, uint8_t *out);
-#endif
#ifdef __cplusplus
}
#endif
diff --git a/readme.txt b/readme.txt index e7cb3c904..a6bc2486b 100644 --- a/readme.txt +++ b/readme.txt @@ -111,6 +111,9 @@ to eight data lines so "quad" was no more appropriate.
- NEW: Added a new SIO driver model to HAL, it is a low level abstraction of
an UART.
+- NEW: Added separate "load key" functions for each algorithm in the CRY
+ driver. Each "engine" is supposed to have its own transient key.
+- NEW: Removed TRNG functionality from CRY driver, it is a separate thing now.
- NEW: Independent TRNG driver model added to HAL. Implemented a RNGv1 driver
for STM32, added test application.
- NEW: Added a new "pipes" subsystem to the OS library.
|