diff options
| author | areviu <areviu.info@gmail.com> | 2018-05-19 13:15:06 +0000 |
|---|---|---|
| committer | areviu <areviu.info@gmail.com> | 2018-05-19 13:15:06 +0000 |
| commit | 7454fa6ad5597582688495252c801c8daeeaf07e (patch) | |
| tree | 48d89549877a21be7d22fe922d45ff70a2c65df4 /os/hal/ports/SAMA/SAMA5D2x | |
| parent | e9399566d7eaa76ca6114d108d1b7bf34fca157b (diff) | |
| download | ChibiOS-7454fa6ad5597582688495252c801c8daeeaf07e.tar.gz ChibiOS-7454fa6ad5597582688495252c801c8daeeaf07e.tar.bz2 ChibiOS-7454fa6ad5597582688495252c801c8daeeaf07e.zip | |
added SAMA HMAC + fixed TRNG 128 bit generation
git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@12042 110e8d01-0319-4d1e-a829-52ad28d1bb01
Diffstat (limited to 'os/hal/ports/SAMA/SAMA5D2x')
| -rw-r--r-- | os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c | 295 | ||||
| -rw-r--r-- | os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h | 47 |
2 files changed, 335 insertions, 7 deletions
diff --git a/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c b/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c index 01209bc6e..b62e4654c 100644 --- a/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c +++ b/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c @@ -786,9 +786,6 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, *
* @notapi
*/
-
-uint8_t gcmbuff[32*2];
-
cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
crykey_t key_id,
size_t size,
@@ -1457,6 +1454,10 @@ cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp, */
cryerror_t cry_lld_TRNG(CRYDriver *cryp, uint8_t *out) {
+ size_t i=0;
+
+ osalMutexLock(&cryp->mutex);
+
if (!(cryp->enabledPer & TRNG_PER)) {
cryp->enabledPer |= TRNG_PER;
pmcEnableTRNG();
@@ -1464,14 +1465,298 @@ cryerror_t cry_lld_TRNG(CRYDriver *cryp, uint8_t *out) { //start trng
TRNG->TRNG_CR = TRNG_CR_ENABLE | TRNG_CR_KEY_PASSWD;
}
+ while (i<4) {
+ while (!(TRNG->TRNG_ISR & TRNG_ISR_DATRDY));
- while (!(TRNG->TRNG_ISR & TRNG_ISR_DATRDY));
+ ((uint32_t*) out)[i] = TRNG->TRNG_ODATA;
+ i++;
+ }
- *((uint32_t*) out) = TRNG->TRNG_ODATA;
+ osalMutexUnlock(&cryp->mutex);
return (cryerror_t)CRY_NOERROR;
}
+
+/**
+ * @brief Hash initialization using HMAC_SHA256.
+ * @note Use of this algorithm is not recommended because proven weak.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[out] hmacsha256ctxp pointer to a HMAC_SHA256 context to be
+ * initialized
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ *
+ * @notapi
+ */
+cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp,
+ HMACSHA256Context *hmacsha256ctxp) {
+
+ hmacsha256ctxp->kipad = 0;
+
+ if (cryp->key0_size > HAL_CRY_MAX_KEY_SIZE)
+ return CRY_ERR_INV_KEY_SIZE;
+
+ if (cryp->key0_size > 64) //this implementation doesn't hash the key
+ return CRY_ERR_INV_KEY_TYPE;
+
+ return cry_lld_SHA256_init(cryp,&hmacsha256ctxp->shacontext);
+
+}
+
+/**
+ * @brief Hash update using HMAC.
+ * @note Use of this algorithm is not recommended because proven weak.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context
+ * @param[in] size size of input buffer
+ * @param[in] in buffer containing the input text
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ *
+ * @notapi
+ */
+cryerror_t cry_lld_HMACSHA256_update(CRYDriver *cryp,
+ HMACSHA256Context *hmacsha256ctxp,
+ size_t size,
+ const uint8_t *in) {
+ uint8_t i;
+ cryerror_t res;
+ uint32_t buffer[16];
+
+ if (hmacsha256ctxp->kipad == 0)
+ {
+ memset(buffer,0,64);
+ memcpy(buffer,cryp->key0_buffer,cryp->key0_size);
+
+ memset((uint8_t *)buffer + cryp->key0_size, 0, 64 - cryp->key0_size);
+
+ for (i = 0; i < 16; ++i) {
+ buffer[i] ^= 0x36363636;
+ }
+
+
+ res = cry_lld_SHA256_update(cryp,&hmacsha256ctxp->shacontext,64,(const uint8_t *)buffer);
+
+ hmacsha256ctxp->kipad = 1;
+ }
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+ return cry_lld_SHA256_update(cryp,&hmacsha256ctxp->shacontext,size,in);
+
+
+}
+
+/**
+ * @brief Hash finalization using HMAC.
+ * @note Use of this algorithm is not recommended because proven weak.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context
+ * @param[out] out 256 bits output buffer
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ *
+ * @notapi
+ */
+
+cryerror_t cry_lld_HMACSHA256_final(CRYDriver *cryp,
+ HMACSHA256Context *hmacsha256ctxp,
+ uint8_t *out) {
+
+ uint8_t i;
+ cryerror_t res;
+ uint32_t buffer[16]; //max block size for sha256
+ uint8_t digest[32];
+
+ //H( k1pad || m )
+
+ res = cry_lld_SHA256_final(cryp, &hmacsha256ctxp->shacontext,digest);
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+ res = cry_lld_SHA256_init(cryp,&hmacsha256ctxp->shacontext);
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+ memset(buffer,0,64);
+ memcpy(buffer,cryp->key0_buffer,cryp->key0_size);
+
+ memset((uint8_t *)buffer + cryp->key0_size, 0, 64 - cryp->key0_size);
+
+ for (i = 0; i < 16; ++i) {
+ buffer[i] ^= 0x5C5C5C5C;
+ }
+
+
+ // k+opad || H( k+ipad || m )
+ res = cry_lld_SHA256_update(cryp,&hmacsha256ctxp->shacontext,64,(const uint8_t *)buffer);
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+ res = cry_lld_SHA256_update(cryp,&hmacsha256ctxp->shacontext,32,digest);
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+ hmacsha256ctxp->shacontext.sha.out = out;
+
+ return cry_lld_SHA256_final(cryp, &hmacsha256ctxp->shacontext,out);
+}
+
+/**
+ * @brief Hash initialization using HMAC_SHA512.
+ * @note Use of this algorithm is not recommended because proven weak.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[out] hmacsha512ctxp pointer to a HMAC_SHA512 context to be
+ * initialized
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ *
+ * @notapi
+ */
+cryerror_t cry_lld_HMACSHA512_init(CRYDriver *cryp,
+ HMACSHA512Context *hmacsha512ctxp) {
+
+ hmacsha512ctxp->kipad = 0;
+
+ if (cryp->key0_size > HAL_CRY_MAX_KEY_SIZE)
+ return CRY_ERR_INV_KEY_SIZE;
+
+ if (cryp->key0_size > 128) //this implementation doesn't hash the key
+ return CRY_ERR_INV_KEY_TYPE;
+
+
+ return cry_lld_SHA512_init(cryp,&hmacsha512ctxp->shacontext);
+}
+
+/**
+ * @brief Hash update using HMAC.
+ * @note Use of this algorithm is not recommended because proven weak.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context
+ * @param[in] size size of input buffer
+ * @param[in] in buffer containing the input text
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ *
+ * @notapi
+ */
+cryerror_t cry_lld_HMACSHA512_update(CRYDriver *cryp,
+ HMACSHA512Context *hmacsha512ctxp,
+ size_t size,
+ const uint8_t *in) {
+
+ cryerror_t res;
+ uint8_t i;
+ uint32_t buffer[32];
+
+ if (hmacsha512ctxp->kipad == 0)
+ {
+ memset(buffer,0,128);
+ memcpy(buffer,cryp->key0_buffer,cryp->key0_size);
+
+
+ memset((uint8_t *)buffer + cryp->key0_size, 0, 128 - cryp->key0_size);
+
+ for (i = 0; i < 32; ++i) {
+ buffer[i] ^= 0x36363636;
+ }
+
+
+ res = cry_lld_SHA512_update(cryp,&hmacsha512ctxp->shacontext,128,(const uint8_t *)buffer);
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+ hmacsha512ctxp->kipad = 1;
+ }
+
+ return cry_lld_SHA512_update(cryp,&hmacsha512ctxp->shacontext,size,in);
+}
+
+/**
+ * @brief Hash finalization using HMAC.
+ * @note Use of this algorithm is not recommended because proven weak.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context
+ * @param[out] out 512 bits output buffer
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ *
+ * @notapi
+ */
+cryerror_t cry_lld_HMACSHA512_final(CRYDriver *cryp,
+ HMACSHA512Context *hmacsha512ctxp,
+ uint8_t *out) {
+
+ uint8_t i;
+ cryerror_t res;
+ uint32_t buffer[32]; //max block size for sha256
+ uint8_t digest[64];
+
+ //H( k1pad || m )
+
+ res = cry_lld_SHA512_final(cryp, &hmacsha512ctxp->shacontext,digest);
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+ res = cry_lld_SHA512_init(cryp,&hmacsha512ctxp->shacontext);
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+
+ memset(buffer,0,128);
+ memcpy(buffer,cryp->key0_buffer,cryp->key0_size);
+
+ memset((uint8_t *)buffer + cryp->key0_size, 0, 128 - cryp->key0_size);
+
+ for (i = 0; i < 32; ++i) {
+ buffer[i] ^= 0x5C5C5C5C;
+ }
+
+
+ // k+opad || H( k+ipad || m )
+ res = cry_lld_SHA512_update(cryp,&hmacsha512ctxp->shacontext,128,(const uint8_t *)buffer);
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+ res = cry_lld_SHA512_update(cryp,&hmacsha512ctxp->shacontext,64,digest);
+
+ if (res!= CRY_NOERROR)
+ return res;
+
+ hmacsha512ctxp->shacontext.sha.out = out;
+
+ return cry_lld_SHA512_final(cryp, &hmacsha512ctxp->shacontext,out);
+}
+
+
#endif /* HAL_USE_CRY */
/** @} */
diff --git a/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h b/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h index e6c08ca68..1bacbc80b 100644 --- a/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h +++ b/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h @@ -15,7 +15,7 @@ */
/**
- * @file hal_cry_lld.h
+ * @file hal_crypto_lld.h
* @brief PLATFORM cryptographic subsystem low level driver header.
*
* @addtogroup CRYPTO
@@ -47,6 +47,8 @@ #define CRY_LLD_SUPPORTS_SHA1 TRUE
#define CRY_LLD_SUPPORTS_SHA256 TRUE
#define CRY_LLD_SUPPORTS_SHA512 TRUE
+#define CRY_LLD_SUPPORTS_HMAC_SHA256 TRUE
+#define CRY_LLD_SUPPORTS_HMAC_SHA512 TRUE
#define CRY_LLD_SUPPORTS_TRNG TRUE
/** @{ */
@@ -118,7 +120,13 @@ typedef enum { CRY_SHA_224,
CRY_SHA_256,
CRY_SHA_384,
- CRY_SHA_512
+ CRY_SHA_512,
+
+ CRY_HMACSHA_1,
+ CRY_HMACSHA_224,
+ CRY_HMACSHA_256,
+ CRY_HMACSHA_384,
+ CRY_HMACSHA_512,
}shadalgo_t;
@@ -241,6 +249,25 @@ typedef struct { struct sha_data sha;
} SHA512Context;
#endif
+#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__)
+/**
+ * @brief Type of a HMAC_SHA256 context.
+ */
+typedef struct {
+ SHA256Context shacontext;
+ uint8_t kipad;
+} HMACSHA256Context;
+#endif
+
+#if (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || defined(__DOXYGEN__)
+/**
+ * @brief Type of a HMAC_SHA512 context.
+ */
+typedef struct {
+ SHA512Context shacontext;
+ uint8_t kipad;
+} HMACSHA512Context;
+#endif
/*===========================================================================*/
/* Driver macros. */
@@ -381,6 +408,22 @@ extern "C" { size_t size, const uint8_t *in);
cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp,
uint8_t *out);
+ cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp,
+ HMACSHA256Context *hmacsha256ctxp);
+ cryerror_t cry_lld_HMACSHA256_update(CRYDriver *cryp,
+ HMACSHA256Context *hmacsha256ctxp,
+ size_t size, const uint8_t *in);
+ cryerror_t cry_lld_HMACSHA256_final(CRYDriver *cryp,
+ HMACSHA256Context *hmacsha256ctxp,
+ uint8_t *out);
+ cryerror_t cry_lld_HMACSHA512_init(CRYDriver *cryp,
+ HMACSHA512Context *hmacsha512ctxp);
+ cryerror_t cry_lld_HMACSHA512_update(CRYDriver *cryp,
+ HMACSHA512Context *hmacsha512ctxp,
+ size_t size, const uint8_t *in);
+ cryerror_t cry_lld_HMACSHA512_final(CRYDriver *cryp,
+ HMACSHA512Context *hmacsha512ctxp,
+ uint8_t *out);
cryerror_t cry_lld_TRNG(CRYDriver *cryp, uint8_t *out);
#ifdef __cplusplus
}
|