diff options
| author | Giovanni Di Sirio <gdisirio@gmail.com> | 2017-10-23 14:43:43 +0000 |
|---|---|---|
| committer | Giovanni Di Sirio <gdisirio@gmail.com> | 2017-10-23 14:43:43 +0000 |
| commit | 7156f2c323f5b4d6a3f9eec7673b0b1680fb8ff9 (patch) | |
| tree | 759246e8d5beac64e8acafcb5e5e37903b907f69 /os | |
| parent | 7707340e0b2e9e6552378d1520993686856f8134 (diff) | |
| download | ChibiOS-7156f2c323f5b4d6a3f9eec7673b0b1680fb8ff9.tar.gz ChibiOS-7156f2c323f5b4d6a3f9eec7673b0b1680fb8ff9.tar.bz2 ChibiOS-7156f2c323f5b4d6a3f9eec7673b0b1680fb8ff9.zip | |
git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@10888 35acf78f-673a-0410-8e92-d51de3d6d3f4
Diffstat (limited to 'os')
| -rw-r--r-- | os/hal/include/hal_crypto.h | 31 | ||||
| -rw-r--r-- | os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c | 180 | ||||
| -rw-r--r-- | os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h | 25 | ||||
| -rw-r--r-- | os/hal/src/hal_crypto.c | 212 | ||||
| -rw-r--r-- | os/hal/templates/hal_crypto_lld.c | 200 | ||||
| -rw-r--r-- | os/hal/templates/hal_crypto_lld.h | 25 |
6 files changed, 557 insertions, 116 deletions
diff --git a/os/hal/include/hal_crypto.h b/os/hal/include/hal_crypto.h index 433953e45..8836dafd5 100644 --- a/os/hal/include/hal_crypto.h +++ b/os/hal/include/hal_crypto.h @@ -95,8 +95,7 @@ typedef enum { CRY_ERR_INV_ALGO = 1, /**< Invalid cypher/mode. */
CRY_ERR_INV_KEY_SIZE = 2, /**< Invalid key size. */
CRY_ERR_INV_KEY_TYPE = 3, /**< Invalid key type. */
- CRY_ERR_INV_KEY_ID = 4, /**< Invalid key type. */
- CRY_ERR_AUTH_FAILED = 5 /**< Authentication failed. */
+ CRY_ERR_INV_KEY_ID = 4 /**< Invalid key type. */
} cryerror_t;
/**
@@ -120,6 +119,7 @@ typedef enum { #define CRY_LLD_SUPPORTS_AES_CBC FALSE
#define CRY_LLD_SUPPORTS_AES_CFB FALSE
#define CRY_LLD_SUPPORTS_AES_CTR FALSE
+#define CRY_LLD_SUPPORTS_AES_GCM FALSE
typedef uint_fast8_t crykey_t;
@@ -141,8 +141,9 @@ struct CRYDriver { #if !defined(CRY_LLD_SUPPORTS_AES_ECB) || \
!defined(CRY_LLD_SUPPORTS_AES_CBC) || \
!defined(CRY_LLD_SUPPORTS_AES_CFB) || \
- !defined(CRY_LLD_SUPPORTS_AES_CTR)
-#error "CRYPTO LLD does not export required switches"
+ !defined(CRY_LLD_SUPPORTS_AES_CTR) || \
+ !defined(CRY_LLD_SUPPORTS_AES_GCM)
+#error "CRYPTO LLD does not export the required switches"
#endif
/*===========================================================================*/
@@ -209,33 +210,31 @@ extern "C" { size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt);
+ const uint8_t *iv);
cryerror_t cryDecryptAES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt);
+ const uint8_t *iv);
cryerror_t cryEncryptAES_GCM(CRYDriver *cryp,
crykey_t key_id,
- bitsize_t size,
+ size_t size,
const uint8_t *in,
uint8_t *out,
- bitsize_t ivsize,
const uint8_t *iv,
- bitsize_t authsize,
- uint8_t *authout);
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag);
cryerror_t cryDecryptAES_GCM(CRYDriver *cryp,
crykey_t key_id,
- bitsize_t size,
+ size_t size,
const uint8_t *in,
uint8_t *out,
- bitsize_t ivsize,
const uint8_t *iv,
- bitsize_t authsize,
- const uint8_t *authin);
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag);
#ifdef __cplusplus
}
#endif
diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c index f871ff4d4..00a4478c7 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c @@ -120,6 +120,9 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp, /**
* @brief Encryption operation using AES-ECB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -137,7 +140,7 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id,
@@ -156,6 +159,9 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, /**
* @brief Decryption operation using AES-ECB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -173,7 +179,7 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id,
@@ -192,6 +198,9 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, /**
* @brief Encryption operation using AES-CBC.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -201,7 +210,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, * multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -210,7 +219,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id,
@@ -231,6 +240,9 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, /**
* @brief Decryption operation using AES-CBC.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -240,7 +252,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, * multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -249,7 +261,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id,
@@ -270,6 +282,9 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, /**
* @brief Encryption operation using AES-CFB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -279,7 +294,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, * multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -288,7 +303,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id,
@@ -309,6 +324,9 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, /**
* @brief Decryption operation using AES-CFB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -318,7 +336,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, * multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -327,7 +345,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id,
@@ -348,17 +366,20 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp, /**
* @brief Encryption operation using AES-CTR.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
- * multiple of the selected key size
+ * multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] nonce the "nonce" constant
- * @param[in,out] cnt the initial value of the counter, normally zero
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -367,40 +388,41 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt) {
+ const uint8_t *iv) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
- (void)nonce;
- (void)cnt;
+ (void)iv;
return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-CTR.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
- * multiple of the selected key size
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
- * @param[in] nonce the "nonce" constant
- * @param[in,out] cnt the initial value of the counter, normally zero
+ * multiple of 16
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -416,16 +438,120 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt) {
+ const uint8_t *iv) {
+
+ (void)cryp;
+ (void)key_id;
+ (void)size;
+ (void)in;
+ (void)out;
+ (void)iv;
+
+ return CRY_ERR_INV_ALGO;
+}
+
+/**
+ * @brief Encryption operation using AES-GCM.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] key_id the key to be used for the operation, zero is the
+ * transient key, other values are keys stored in an
+ * unspecified way
+ * @param[in] size size of the text buffers, this number must be a
+ * multiple of 16
+ * @param[in] in buffer containing the input plaintext
+ * @param[out] out buffer for the output cyphertext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
+ * @param[in] aadsize size of the authentication data, this number must be a
+ * multiple of 16
+ * @param[in] aad buffer containing the authentication data
+ * @param[in] authtag 128 bits buffer for the generated authentication tag
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
+ * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
+ * or refers and empty key slot.
+ *
+ * @notapi
+ */
+cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
- (void)nonce;
- (void)cnt;
+ (void)iv;
+ (void)aadsize;
+ (void)aad;
+ (void)authtag;
+
+ return CRY_ERR_INV_ALGO;
+}
+
+/**
+ * @brief Decryption operation using AES-GCM.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] key_id the key to be used for the operation, zero is the
+ * transient key, other values are keys stored in an
+ * unspecified way
+ * @param[in] size size of the text buffers, this number must be a
+ * multiple of 16
+ * @param[in] in buffer for the output cyphertext
+ * @param[out] out buffer containing the input plaintext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
+ * @param[in] aadsize size of the authentication data, this number must be a
+ * multiple of 16
+ * @param[in] aad buffer containing the authentication data
+ * @param[in] authtag 128 bits buffer for the generated authentication tag
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
+ * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
+ * or refers and empty key slot.
+ *
+ * @notapi
+ */
+cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag) {
+
+ (void)cryp;
+ (void)key_id;
+ (void)size;
+ (void)in;
+ (void)out;
+ (void)iv;
+ (void)aadsize;
+ (void)aad;
+ (void)authtag;
return CRY_ERR_INV_ALGO;
}
diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h index 4273340ad..977e25438 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h @@ -39,6 +39,7 @@ #define CRY_LLD_SUPPORTS_AES_CBC TRUE
#define CRY_LLD_SUPPORTS_AES_CFB FALSE
#define CRY_LLD_SUPPORTS_AES_CTR TRUE
+#define CRY_LLD_SUPPORTS_AES_GCM TRUE
/** @{ */
/*===========================================================================*/
@@ -178,15 +179,31 @@ extern "C" { size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt);
+ const uint8_t *iv);
cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt);
+ const uint8_t *iv);
+ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag);
+ cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag);
#ifdef __cplusplus
}
#endif
diff --git a/os/hal/src/hal_crypto.c b/os/hal/src/hal_crypto.c index 710495343..31bee80db 100644 --- a/os/hal/src/hal_crypto.c +++ b/os/hal/src/hal_crypto.c @@ -174,6 +174,9 @@ cryerror_t cryLoadTransientKey(CRYDriver *cryp, /**
* @brief Encryption operation using AES-ECB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -221,6 +224,9 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp, /**
* @brief Decryption operation using AES-ECB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -228,8 +234,8 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp, * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -268,6 +274,9 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp, /**
* @brief Encryption operation using AES-CBC.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -277,7 +286,7 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp, * multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -318,6 +327,9 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp, /**
* @brief Decryption operation using AES-CBC.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -325,9 +337,9 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp, * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -368,6 +380,9 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp, /**
* @brief Encryption operation using AES-CFB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -377,7 +392,7 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp, * multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -418,6 +433,9 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp, /**
* @brief Decryption operation using AES-CFB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -425,9 +443,9 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp, * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -468,6 +486,9 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp, /**
* @brief Encryption operation using AES-CTR.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -477,8 +498,8 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp, * multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] nonce the "nonce" constant
- * @param[in,out] cnt the initial value of the counter, normally zero
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -494,19 +515,17 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt) {
+ const uint8_t *iv) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
- (nonce != NULL) && (cnt != NULL) &&
- ((size & (size_t)15) == (size_t)0));
+ (iv != NULL) && ((size & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_CTR == TRUE
- return cry_lld_encrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
+ return cry_lld_encrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#elif HAL_CRY_USE_FALLBACK == TRUE
- return cry_fallback_encrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
+ return cry_fallback_encrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#else
(void)cryp;
(void)key_id;
@@ -522,6 +541,9 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, /**
* @brief Decryption operation using AES-CTR.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -529,10 +551,10 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, * unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
* multiple of 16
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
- * @param[in] nonce the "nonce" constant
- * @param[in,out] cnt the initial value of the counter, normally zero
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -548,19 +570,17 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt) {
+ const uint8_t *iv) {
osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
- (nonce != NULL) && (cnt != NULL) &&
- ((size & (size_t)15) == (size_t)0));
+ (iv != NULL) && ((size & (size_t)15) == (size_t)0));
osalDbgAssert(cryp->state == CRY_READY, "not ready");
#if CRY_LLD_SUPPORTS_AES_CTR == TRUE
- return cry_lld_decrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
+ return cry_lld_decrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#elif HAL_CRY_USE_FALLBACK == TRUE
- return cry_fallback_decrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt);
+ return cry_fallback_decrypt_AES_CTR(cryp, key_id, size, in, out, iv);
#else
(void)cryp;
(void)key_id;
@@ -574,6 +594,142 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, #endif
}
+/**
+ * @brief Encryption operation using AES-GCM.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] key_id the key to be used for the operation, zero is the
+ * transient key, other values are keys stored in an
+ * unspecified way
+ * @param[in] size size of the text buffers, this number must be a
+ * multiple of 16
+ * @param[in] in buffer containing the input plaintext
+ * @param[out] out buffer for the output cyphertext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
+ * @param[in] aadsize size of the authentication data, this number must be a
+ * multiple of 16
+ * @param[in] aad buffer containing the authentication data
+ * @param[in] authtag 128 bits buffer for the generated authentication tag
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
+ * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
+ * or refers and empty key slot.
+ *
+ * @api
+ */
+cryerror_t cryEncryptAES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag) {
+
+ osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
+ (iv != NULL) && (aad != NULL) && (authtag != NULL) &&
+ ((size & (size_t)15) == (size_t)0) &&
+ ((aadsize & (size_t)15) == (size_t)0));
+
+ osalDbgAssert(cryp->state == CRY_READY, "not ready");
+
+#if CRY_LLD_SUPPORTS_AES_GCM== TRUE
+ return cry_lld_encrypt_AES_GCM(cryp, key_id, size, in, out, iv,
+ aadsize, aad, authtag);
+#elif HAL_CRY_USE_FALLBACK == TRUE
+ return cry_fallback_encrypt_AES_GCM(cryp, key_id, size, in, out, iv,
+ aadsize, aad, authtag);
+#else
+ (void)cryp;
+ (void)key_id;
+ (void)size;
+ (void)in;
+ (void)out;
+ (void)iv;
+ (void)aadsize;
+ (void)aad;
+ (void)authtag;
+
+ return CRY_ERR_INV_ALGO;
+#endif
+}
+
+/**
+ * @brief Decryption operation using AES-GCM.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] key_id the key to be used for the operation, zero is the
+ * transient key, other values are keys stored in an
+ * unspecified way
+ * @param[in] size size of the text buffers, this number must be a
+ * multiple of 16
+ * @param[in] in buffer for the output cyphertext
+ * @param[out] out buffer containing the input plaintext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
+ * @param[in] aadsize size of the authentication data, this number must be a
+ * multiple of 16
+ * @param[in] aad buffer containing the authentication data
+ * @param[in] authtag 128 bits buffer for the generated authentication tag
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
+ * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
+ * or refers and empty key slot.
+ *
+ * @api
+ */
+cryerror_t cryDecryptAES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag) {
+
+ osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) &&
+ (iv != NULL) && (aad != NULL) && (authtag != NULL) &&
+ ((size & (size_t)15) == (size_t)0) &&
+ ((aadsize & (size_t)15) == (size_t)0));
+
+ osalDbgAssert(cryp->state == CRY_READY, "not ready");
+
+#if CRY_LLD_SUPPORTS_AES_GCM== TRUE
+ return cry_lld_decrypt_AES_GCM(cryp, key_id, size, in, out, iv,
+ aadsize, aad, authtag);
+#elif HAL_CRY_USE_FALLBACK == TRUE
+ return cry_fallback_decrypt_AES_GCM(cryp, key_id, size, in, out, iv,
+ aadsize, aad, authtag);
+#else
+ (void)cryp;
+ (void)key_id;
+ (void)size;
+ (void)in;
+ (void)out;
+ (void)iv;
+ (void)aadsize;
+ (void)aad;
+ (void)authtag;
+
+ return CRY_ERR_INV_ALGO;
+#endif
+}
+
#endif /* HAL_USE_CRY == TRUE */
/** @} */
diff --git a/os/hal/templates/hal_crypto_lld.c b/os/hal/templates/hal_crypto_lld.c index 9268e5398..1aa90d2af 100644 --- a/os/hal/templates/hal_crypto_lld.c +++ b/os/hal/templates/hal_crypto_lld.c @@ -15,8 +15,8 @@ */
/**
- * @file CRYPv1/hal_crypto_lld.c
- * @brief STM32 cryptographic subsystem low level driver source.
+ * @file hal_crypto_lld.c
+ * @brief PLATFORM cryptographic subsystem low level driver source.
*
* @addtogroup CRYPTO
* @{
@@ -120,6 +120,9 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp, /**
* @brief Encryption operation using AES-ECB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -137,7 +140,7 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id,
@@ -151,11 +154,14 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, (void)in;
(void)out;
- return CRY_NOERROR;
+ return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-ECB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -173,7 +179,7 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp,
crykey_t key_id,
@@ -187,11 +193,14 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, (void)in;
(void)out;
- return CRY_NOERROR;
+ return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-CBC.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -201,7 +210,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, * multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -210,7 +219,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id,
@@ -226,11 +235,14 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, (void)out;
(void)iv;
- return CRY_NOERROR;
+ return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-CBC.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -240,7 +252,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, * multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -249,7 +261,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp,
crykey_t key_id,
@@ -265,11 +277,14 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, (void)out;
(void)iv;
- return CRY_NOERROR;
+ return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-CFB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -279,7 +294,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, * multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -288,7 +303,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id,
@@ -304,11 +319,14 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, (void)out;
(void)iv;
- return CRY_NOERROR;
+ return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-CFB.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
@@ -318,7 +336,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, * multiple of the selected key size
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] iv input vector
+ * @param[in] iv 128 bits initial vector
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -327,7 +345,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp,
crykey_t key_id,
@@ -343,22 +361,25 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp, (void)out;
(void)iv;
- return CRY_NOERROR;
+ return CRY_ERR_INV_ALGO;
}
/**
* @brief Encryption operation using AES-CTR.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
- * multiple of the selected key size
+ * multiple of 16
* @param[in] in buffer containing the input plaintext
* @param[out] out buffer for the output cyphertext
- * @param[in] nonce the "nonce" constant
- * @param[in,out] cnt the initial value of the counter, normally zero
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -367,40 +388,41 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
* or refers and empty key slot.
*
- * @api
+ * @notapi
*/
cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt) {
+ const uint8_t *iv) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
- (void)nonce;
- (void)cnt;
+ (void)iv;
- return CRY_NOERROR;
+ return CRY_ERR_INV_ALGO;
}
/**
* @brief Decryption operation using AES-CTR.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
*
* @param[in] cryp pointer to the @p CRYDriver object
* @param[in] key_id the key to be used for the operation, zero is the
* transient key, other values are keys stored in an
* unspecified way
* @param[in] size size of the plaintext buffer, this number must be a
- * multiple of the selected key size
- * @param[in] in buffer containing the input plaintext
- * @param[out] out buffer for the output cyphertext
- * @param[in] nonce the "nonce" constant
- * @param[in,out] cnt the initial value of the counter, normally zero
+ * multiple of 16
+ * @param[in] in buffer containing the input cyphertext
+ * @param[out] out buffer for the output plaintext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
* @return The operation status.
* @retval CRY_NOERROR if the operation succeeded.
* @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
@@ -416,18 +438,122 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt) {
+ const uint8_t *iv) {
(void)cryp;
(void)key_id;
(void)size;
(void)in;
(void)out;
- (void)nonce;
- (void)cnt;
+ (void)iv;
- return CRY_NOERROR;
+ return CRY_ERR_INV_ALGO;
+}
+
+/**
+ * @brief Encryption operation using AES-GCM.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] key_id the key to be used for the operation, zero is the
+ * transient key, other values are keys stored in an
+ * unspecified way
+ * @param[in] size size of the text buffers, this number must be a
+ * multiple of 16
+ * @param[in] in buffer containing the input plaintext
+ * @param[out] out buffer for the output cyphertext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
+ * @param[in] aadsize size of the authentication data, this number must be a
+ * multiple of 16
+ * @param[in] aad buffer containing the authentication data
+ * @param[in] authtag 128 bits buffer for the generated authentication tag
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
+ * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
+ * or refers and empty key slot.
+ *
+ * @notapi
+ */
+cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag) {
+
+ (void)cryp;
+ (void)key_id;
+ (void)size;
+ (void)in;
+ (void)out;
+ (void)iv;
+ (void)aadsize;
+ (void)aad;
+ (void)authtag;
+
+ return CRY_ERR_INV_ALGO;
+}
+
+/**
+ * @brief Decryption operation using AES-GCM.
+ * @note The function operates on data buffers whose lenght is a multiple
+ * of an AES block, this means that padding must be done by the
+ * caller.
+ *
+ * @param[in] cryp pointer to the @p CRYDriver object
+ * @param[in] key_id the key to be used for the operation, zero is the
+ * transient key, other values are keys stored in an
+ * unspecified way
+ * @param[in] size size of the text buffers, this number must be a
+ * multiple of 16
+ * @param[in] in buffer for the output cyphertext
+ * @param[out] out buffer containing the input plaintext
+ * @param[in] iv 128 bits initial vector + counter, it contains
+ * a 96 bits IV and a 32 bits counter
+ * @param[in] aadsize size of the authentication data, this number must be a
+ * multiple of 16
+ * @param[in] aad buffer containing the authentication data
+ * @param[in] authtag 128 bits buffer for the generated authentication tag
+ * @return The operation status.
+ * @retval CRY_NOERROR if the operation succeeded.
+ * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this
+ * device instance.
+ * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation.
+ * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid
+ * or refers and empty key slot.
+ *
+ * @notapi
+ */
+cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag) {
+
+ (void)cryp;
+ (void)key_id;
+ (void)size;
+ (void)in;
+ (void)out;
+ (void)iv;
+ (void)aadsize;
+ (void)aad;
+ (void)authtag;
+
+ return CRY_ERR_INV_ALGO;
}
#endif /* HAL_USE_CRY == TRUE */
diff --git a/os/hal/templates/hal_crypto_lld.h b/os/hal/templates/hal_crypto_lld.h index 05aa5566d..eb139e4aa 100644 --- a/os/hal/templates/hal_crypto_lld.h +++ b/os/hal/templates/hal_crypto_lld.h @@ -39,6 +39,7 @@ #define CRY_LLD_SUPPORTS_AES_CBC TRUE
#define CRY_LLD_SUPPORTS_AES_CFB TRUE
#define CRY_LLD_SUPPORTS_AES_CTR TRUE
+#define CRY_LLD_SUPPORTS_AES_GCM TRUE
/** @{ */
/*===========================================================================*/
@@ -178,15 +179,31 @@ extern "C" { size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt);
+ const uint8_t *iv);
cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp,
crykey_t key_id,
size_t size,
const uint8_t *in,
uint8_t *out,
- const uint8_t *nonce,
- uint8_t *cnt);
+ const uint8_t *iv);
+ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag);
+ cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp,
+ crykey_t key_id,
+ size_t size,
+ const uint8_t *in,
+ uint8_t *out,
+ const uint8_t *iv,
+ size_t aadsize,
+ const uint8_t *aad,
+ uint8_t *authtag);
#ifdef __cplusplus
}
#endif
|