diff options
| author | Giovanni Di Sirio <gdisirio@gmail.com> | 2017-10-23 14:43:43 +0000 |
|---|---|---|
| committer | Giovanni Di Sirio <gdisirio@gmail.com> | 2017-10-23 14:43:43 +0000 |
| commit | 7156f2c323f5b4d6a3f9eec7673b0b1680fb8ff9 (patch) | |
| tree | 759246e8d5beac64e8acafcb5e5e37903b907f69 /os/hal/src | |
| parent | 7707340e0b2e9e6552378d1520993686856f8134 (diff) | |
| download | ChibiOS-7156f2c323f5b4d6a3f9eec7673b0b1680fb8ff9.tar.gz ChibiOS-7156f2c323f5b4d6a3f9eec7673b0b1680fb8ff9.tar.bz2 ChibiOS-7156f2c323f5b4d6a3f9eec7673b0b1680fb8ff9.zip | |
git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@10888 35acf78f-673a-0410-8e92-d51de3d6d3f4
Diffstat (limited to 'os/hal/src')
| -rw-r--r-- | os/hal/src/hal_crypto.c | 212 |
1 files changed, 184 insertions, 28 deletions
diff --git a/os/hal/src/hal_crypto.c b/os/hal/src/hal_crypto.c index 710495343..31bee80db 100644 --- a/os/hal/src/hal_crypto.c +++ b/os/hal/src/hal_crypto.c @@ -174,6 +174,9 @@ cryerror_t cryLoadTransientKey(CRYDriver *cryp, /**
* @brief Encryption operation using AES-ECB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -221,6 +224,9 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp, /**
* @brief Decryption operation using AES-ECB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -228,8 +234,8 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp, * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -268,6 +274,9 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp, /**
* @brief Encryption operation using AES-CBC.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -277,7 +286,7 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp, * multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -318,6 +327,9 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp, /**
* @brief Decryption operation using AES-CBC.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -325,9 +337,9 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp, * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -368,6 +380,9 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp, /**
* @brief Encryption operation using AES-CFB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -377,7 +392,7 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp, * multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -418,6 +433,9 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp, /**
* @brief Decryption operation using AES-CFB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -425,9 +443,9 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp, * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -468,6 +486,9 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp, /**
* @brief Encryption operation using AES-CTR.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -477,8 +498,8 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp, * multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] nonce the "nonce" constant
- * @param[in,out] cnt the initial value of the counter, normally zero
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -494,19 +515,17 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt) {
+ const uint8_t *iv) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
- (nonce != NULL) && (cnt != NULL) &&
- ((size & (size_t)15) == (size_t)0));
+ (iv != NULL) && ((size & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_CTR == TRUE
- return cry_lld_encrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
+ return cry_lld_encrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#elif HAL_CRY_USE_FALLBACK == TRUE
- return cry_fallback_encrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
+ return cry_fallback_encrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#else
(void)cryp;
(void)key_id;
@@ -522,6 +541,9 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, /**
* @brief Decryption operation using AES-CTR.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -529,10 +551,10 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
- * @param[in] nonce the "nonce" constant
- * @param[in,out] cnt the initial value of the counter, normally zero
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -548,19 +570,17 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt) {
+ const uint8_t *iv) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
- (nonce != NULL) && (cnt != NULL) &&
- ((size & (size_t)15) == (size_t)0));
+ (iv != NULL) && ((size & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_CTR == TRUE
- return cry_lld_decrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
+ return cry_lld_decrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#elif HAL_CRY_USE_FALLBACK == TRUE
- return cry_fallback_decrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
+ return cry_fallback_decrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#else
(void)cryp;
(void)key_id;
@@ -574,6 +594,142 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, #endif
}
+/**
+ * @brief Encryption operation using AES-GCM.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] key_id the key to be used for the operation, zero is the
+ * transient key, other values are keys stored in an
+ * unspecified way
+ * @param[in] size size of the text buffers, this number must be a
+ * multiple of 16
+ * @param[in] in buffer containing the input plaintext
+ * @param[out] out buffer for the output cyphertext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
+ * @param[in] aadsize size of the authentication data, this number must be a
+ * multiple of 16
+ * @param[in] aad buffer containing the authentication data
+ * @param[in] authtag 128 bits buffer for the generated authentication tag
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
+ * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
+ * or refers and empty key slot.
+ *
+ * @api
+ */
+cryerror_t cryEncryptAES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag) {
+
+ osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
+ (iv != NULL) && (aad != NULL) && (authtag != NULL) &&
+ ((size & (size_t)15) == (size_t)0) &&
+ ((aadsize & (size_t)15) == (size_t)0));
+
+ osalDbgAssert(cryp->state == CRY_READY, "not ready");
+
+#if CRY_LLD_SUPPORTS_AES_GCM== TRUE
+ return cry_lld_encrypt_AES_GCM(cryp, key_id, size, in, out, iv,
+ aadsize, aad, authtag);
+#elif HAL_CRY_USE_FALLBACK == TRUE
+ return cry_fallback_encrypt_AES_GCM(cryp, key_id, size, in, out, iv,
+ aadsize, aad, authtag);
+#else
+ (void)cryp;
+ (void)key_id;
+ (void)size;
+ (void)in;
+ (void)out;
+ (void)iv;
+ (void)aadsize;
+ (void)aad;
+ (void)authtag;
+
+ return CRY_ERR_INV_ALGO;
+#endif
+}
+
+/**
+ * @brief Decryption operation using AES-GCM.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] key_id the key to be used for the operation, zero is the
+ * transient key, other values are keys stored in an
+ * unspecified way
+ * @param[in] size size of the text buffers, this number must be a
+ * multiple of 16
+ * @param[in] in buffer for the output cyphertext
+ * @param[out] out buffer containing the input plaintext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
+ * @param[in] aadsize size of the authentication data, this number must be a
+ * multiple of 16
+ * @param[in] aad buffer containing the authentication data
+ * @param[in] authtag 128 bits buffer for the generated authentication tag
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
+ * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
+ * or refers and empty key slot.
+ *
+ * @api
+ */
+cryerror_t cryDecryptAES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag) {
+
+ osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
+ (iv != NULL) && (aad != NULL) && (authtag != NULL) &&
+ ((size & (size_t)15) == (size_t)0) &&
+ ((aadsize & (size_t)15) == (size_t)0));
+
+ osalDbgAssert(cryp->state == CRY_READY, "not ready");
+
+#if CRY_LLD_SUPPORTS_AES_GCM== TRUE
+ return cry_lld_decrypt_AES_GCM(cryp, key_id, size, in, out, iv,
+ aadsize, aad, authtag);
+#elif HAL_CRY_USE_FALLBACK == TRUE
+ return cry_fallback_decrypt_AES_GCM(cryp, key_id, size, in, out, iv,
+ aadsize, aad, authtag);
+#else
+ (void)cryp;
+ (void)key_id;
+ (void)size;
+ (void)in;
+ (void)out;
+ (void)iv;
+ (void)aadsize;
+ (void)aad;
+ (void)authtag;
+
+ return CRY_ERR_INV_ALGO;
+#endif
+}
+
#endif /* HAL_USE_CRY == TRUE */
/** @} */
|