From 33479f263aff0e2c5354b9d22c43f759a05a4d52 Mon Sep 17 00:00:00 2001 From: Giovanni Di Sirio Date: Fri, 12 Apr 2019 08:30:49 +0000 Subject: Modified AES GCM function signatures. git-svn-id: svn://svn.code.sf.net/p/chibios/svn/branches/stable_19.1.x@12734 27425a3e-05d8-49a3-a47f-9c15f0e5edd8 --- os/hal/include/hal_crypto.h | 29 +++--- os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c | 91 ++++++++--------- os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h | 26 ++--- os/hal/src/hal_crypto.c | 131 ++++++++++++++----------- os/hal/templates/hal_crypto_lld.c | 91 ++++++++--------- os/hal/templates/hal_crypto_lld.h | 26 ++--- readme.txt | 1 + 7 files changed, 210 insertions(+), 185 deletions(-) diff --git a/os/hal/include/hal_crypto.h b/os/hal/include/hal_crypto.h index 78ba32b00..5d477b8d9 100644 --- a/os/hal/include/hal_crypto.h +++ b/os/hal/include/hal_crypto.h @@ -92,7 +92,8 @@ typedef enum { CRY_ERR_INV_KEY_SIZE = 2, /**< Invalid key size. */ CRY_ERR_INV_KEY_TYPE = 3, /**< Invalid key type. */ CRY_ERR_INV_KEY_ID = 4, /**< Invalid key identifier. */ - CRY_ERR_OP_FAILURE = 5 /**< Requested operation failed.*/ + CRY_ERR_AUTH_FAILED = 5, /**< Failed authentication. */ + CRY_ERR_OP_FAILURE = 6 /**< Failed operation. */ } cryerror_t; /** @@ -284,22 +285,24 @@ extern "C" { const uint8_t *iv); cryerror_t cryEncryptAES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag); + size_t tag_size, + uint8_t *tag_out); cryerror_t cryDecryptAES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag); + size_t tag_size, + const uint8_t *tag_in); cryerror_t cryLoadDESTransientKey(CRYDriver *cryp, size_t size, const uint8_t *keyp); diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c index e4ea48940..ec29f63cc 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c @@ -723,17 +723,16 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, * @param[in] key_id the key to be used for the operation, zero is * the transient key, other values are keys stored * in an unspecified way - * @param[in] size size of the text buffers, this number must be a + * @param[in] auth_size size of the data buffer to be authenticated + * @param[in] auth_in buffer containing the data to be authenticated + * @param[in] text_size size of the text buffer, this number must be a * multiple of 16 - * @param[in] in buffer containing the input plaintext - * @param[out] out buffer for the output cyphertext - * @param[in] iv 128 bits initial vector + counter, it contains - * a 96 bits IV and a 32 bits counter - * @param[in] aadsize size of the authentication data, this number - * must be a multiple of 16 - * @param[in] aad buffer containing the authentication data - * @param[in] authtag 128 bits buffer for the generated authentication - * tag + * @param[in] text_in buffer containing the input plaintext + * @param[out] text_out buffer for the output cyphertext + * @param[in] iv 128 bits input vector + * @param[in] tag_size size of the authentication tag, this number + * must be between 1 and 16 + * @param[out] tag_out buffer for the generated authentication tag * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this @@ -748,23 +747,25 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, */ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag) { + size_t tag_size, + uint8_t *tag_out) { (void)cryp; (void)key_id; - (void)size; - (void)in; - (void)out; + (void)auth_size; + (void)auth_in; + (void)text_size; + (void)text_in; + (void)text_out; (void)iv; - (void)aadsize; - (void)aad; - (void)authtag; + (void)tag_size; + (void)tag_out; return CRY_ERR_INV_ALGO; } @@ -779,17 +780,16 @@ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, * @param[in] key_id the key to be used for the operation, zero is * the transient key, other values are keys stored * in an unspecified way - * @param[in] size size of the text buffers, this number must be a + * @param[in] auth_size size of the data buffer to be authenticated + * @param[in] auth_in buffer containing the data to be authenticated + * @param[in] text_size size of the text buffer, this number must be a * multiple of 16 - * @param[in] in buffer for the output cyphertext - * @param[out] out buffer containing the input plaintext - * @param[in] iv 128 bits initial vector + counter, it contains - * a 96 bits IV and a 32 bits counter - * @param[in] aadsize size of the authentication data, this number - * must be a multiple of 16 - * @param[in] aad buffer containing the authentication data - * @param[in] authtag 128 bits buffer for the generated authentication - * tag + * @param[in] text_in buffer containing the input plaintext + * @param[out] text_out buffer for the output cyphertext + * @param[in] iv 128 bits input vector + * @param[in] tag_size size of the authentication tag, this number + * must be between 1 and 16 + * @param[in] tag_in buffer for the generated authentication tag * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this @@ -797,6 +797,7 @@ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * or refers to an empty key slot. + * @retval CRY_ERR_AUTH_FAILED authentication failed * @retval CRY_ERR_OP_FAILURE if the operation failed, implementation * dependent. * @@ -804,23 +805,25 @@ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, */ cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag) { + size_t tag_size, + const uint8_t *tag_in) { (void)cryp; (void)key_id; - (void)size; - (void)in; - (void)out; + (void)auth_size; + (void)auth_in; + (void)text_size; + (void)text_in; + (void)text_out; (void)iv; - (void)aadsize; - (void)aad; - (void)authtag; + (void)tag_size; + (void)tag_in; return CRY_ERR_INV_ALGO; } diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h index b4e436326..9aa1e60a0 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h @@ -412,22 +412,24 @@ extern "C" { #if (CRY_LLD_SUPPORTS_AES_GCM == TRUE) || defined(__DOXYGEN__) cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag); + size_t tag_size, + uint8_t *tag_out); cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag); + size_t tag_size, + const uint8_t *tag_in); #endif #if (CRY_LLD_SUPPORTS_DES == TRUE) || \ (CRY_LLD_SUPPORTS_DES_ECB == TRUE) || \ diff --git a/os/hal/src/hal_crypto.c b/os/hal/src/hal_crypto.c index 5609e1ee3..57430912b 100644 --- a/os/hal/src/hal_crypto.c +++ b/os/hal/src/hal_crypto.c @@ -699,17 +699,16 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, * @param[in] key_id the key to be used for the operation, zero is * the transient key, other values are keys stored * in an unspecified way - * @param[in] size size of the text buffers, this number must be a + * @param[in] auth_size size of the data buffer to be authenticated + * @param[in] auth_in buffer containing the data to be authenticated + * @param[in] text_size size of the text buffer, this number must be a * multiple of 16 - * @param[in] in buffer containing the input plaintext - * @param[out] out buffer for the output cyphertext - * @param[in] iv 128 bits input vector + counter, it contains - * a 96 bits IV and a 32 bits counter - * @param[in] aadsize size of the authentication data, this number - * must be a multiple of 16 - * @param[in] aad buffer containing the authentication data - * @param[in] authtag 128 bits buffer for the generated authentication - * tag + * @param[in] text_in buffer containing the input plaintext + * @param[out] text_out buffer for the output cyphertext + * @param[in] iv 128 bits input vector + * @param[in] tag_size size of the authentication tag, this number + * must be between 1 and 16 + * @param[out] tag_out buffer for the generated authentication tag * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this @@ -724,37 +723,43 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, */ cryerror_t cryEncryptAES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag) { + size_t tag_size, + uint8_t *tag_out) { - osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) && - (iv != NULL) && (aad != NULL) && (authtag != NULL) && - ((size & (size_t)15) == (size_t)0) && - ((aadsize & (size_t)15) == (size_t)0)); + osalDbgCheck((cryp != NULL) && (auth_in != NULL) && + (text_size > (size_t)0) && + ((text_size & (size_t)15) == (size_t)0) && + (text_in != NULL) && (text_out != NULL) && (iv != NULL) && + (tag_size >= (size_t)1) && (tag_size <= (size_t)16) && + (tag_out != NULL)); osalDbgAssert(cryp->state == CRY_READY, "not ready"); #if CRY_LLD_SUPPORTS_AES_GCM== TRUE - return cry_lld_encrypt_AES_GCM(cryp, key_id, size, in, out, iv, - aadsize, aad, authtag); + return cry_lld_encrypt_AES_GCM(cryp, key_id, auth_size, auth_in, + text_size, text_in, text_out, iv, + tag_size, tag_out); #elif HAL_CRY_USE_FALLBACK == TRUE - return cry_fallback_encrypt_AES_GCM(cryp, key_id, size, in, out, iv, - aadsize, aad, authtag); + return cry_fallback_encrypt_AES_GCM(cryp, key_id, auth_size, auth_in, + text_size, text_in, text_out, iv, + tag_size, tag_out); #else (void)cryp; (void)key_id; - (void)size; - (void)in; - (void)out; + (void)auth_size; + (void)auth_in; + (void)text_size; + (void)text_in; + (void)text_out; (void)iv; - (void)aadsize; - (void)aad; - (void)authtag; + (void)tag_size; + (void)tag_out; return CRY_ERR_INV_ALGO; #endif @@ -770,17 +775,16 @@ cryerror_t cryEncryptAES_GCM(CRYDriver *cryp, * @param[in] key_id the key to be used for the operation, zero is * the transient key, other values are keys stored * in an unspecified way - * @param[in] size size of the text buffers, this number must be a + * @param[in] auth_size size of the data buffer to be authenticated + * @param[in] auth_in buffer containing the data to be authenticated + * @param[in] text_size size of the text buffer, this number must be a * multiple of 16 - * @param[in] in buffer for the output cyphertext - * @param[out] out buffer containing the input plaintext - * @param[in] iv 128 bits input vector + counter, it contains - * a 96 bits IV and a 32 bits counter - * @param[in] aadsize size of the authentication data, this number - * must be a multiple of 16 - * @param[in] aad buffer containing the authentication data - * @param[in] authtag 128 bits buffer for the generated authentication - * tag + * @param[in] text_in buffer containing the input plaintext + * @param[out] text_out buffer for the output cyphertext + * @param[in] iv 128 bits input vector + * @param[in] tag_size size of the authentication tag, this number + * must be between 1 and 16 + * @param[in] tag_in buffer for the generated authentication tag * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this @@ -788,6 +792,7 @@ cryerror_t cryEncryptAES_GCM(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * or refers to an empty key slot. + * @retval CRY_ERR_AUTH_FAILED authentication failed * @retval CRY_ERR_OP_FAILURE if the operation failed, implementation * dependent. * @@ -795,37 +800,43 @@ cryerror_t cryEncryptAES_GCM(CRYDriver *cryp, */ cryerror_t cryDecryptAES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag) { + size_t tag_size, + const uint8_t *tag_in) { - osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) && - (iv != NULL) && (aad != NULL) && (authtag != NULL) && - ((size & (size_t)15) == (size_t)0) && - ((aadsize & (size_t)15) == (size_t)0)); + osalDbgCheck((cryp != NULL) && (auth_in != NULL) && + (text_size > (size_t)0) && + ((text_size & (size_t)15) == (size_t)0) && + (text_in != NULL) && (text_out != NULL) && (iv != NULL) && + (tag_size >= (size_t)1) && (tag_size <= (size_t)16) && + (tag_in != NULL)); osalDbgAssert(cryp->state == CRY_READY, "not ready"); #if CRY_LLD_SUPPORTS_AES_GCM== TRUE - return cry_lld_decrypt_AES_GCM(cryp, key_id, size, in, out, iv, - aadsize, aad, authtag); + return cry_lld_decrypt_AES_GCM(cryp, key_id, auth_size, auth_in, + text_size, text_in, text_out, iv, + tag_size, tag_in); #elif HAL_CRY_USE_FALLBACK == TRUE - return cry_fallback_decrypt_AES_GCM(cryp, key_id, size, in, out, iv, - aadsize, aad, authtag); + return cry_fallback_decrypt_AES_GCM(cryp, key_id, auth_size, auth_in, + text_size, text_in, text_out, iv, + tag_size, tag_in); #else (void)cryp; (void)key_id; - (void)size; - (void)in; - (void)out; + (void)auth_size; + (void)auth_in; + (void)text_size; + (void)text_in; + (void)text_out; (void)iv; - (void)aadsize; - (void)aad; - (void)authtag; + (void)tag_size; + (void)tag_in; return CRY_ERR_INV_ALGO; #endif diff --git a/os/hal/templates/hal_crypto_lld.c b/os/hal/templates/hal_crypto_lld.c index 3c2cb43c6..656561a7c 100644 --- a/os/hal/templates/hal_crypto_lld.c +++ b/os/hal/templates/hal_crypto_lld.c @@ -560,17 +560,16 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, * @param[in] key_id the key to be used for the operation, zero is * the transient key, other values are keys stored * in an unspecified way - * @param[in] size size of the text buffers, this number must be a + * @param[in] auth_size size of the data buffer to be authenticated + * @param[in] auth_in buffer containing the data to be authenticated + * @param[in] text_size size of the text buffer, this number must be a * multiple of 16 - * @param[in] in buffer containing the input plaintext - * @param[out] out buffer for the output cyphertext - * @param[in] iv 128 bits initial vector + counter, it contains - * a 96 bits IV and a 32 bits counter - * @param[in] aadsize size of the authentication data, this number - * must be a multiple of 16 - * @param[in] aad buffer containing the authentication data - * @param[in] authtag 128 bits buffer for the generated authentication - * tag + * @param[in] text_in buffer containing the input plaintext + * @param[out] text_out buffer for the output cyphertext + * @param[in] iv 128 bits input vector + * @param[in] tag_size size of the authentication tag, this number + * must be between 1 and 16 + * @param[out] tag_out buffer for the generated authentication tag * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this @@ -585,23 +584,25 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, */ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag) { + size_t tag_size, + uint8_t *tag_out) { (void)cryp; (void)key_id; - (void)size; - (void)in; - (void)out; + (void)auth_size; + (void)auth_in; + (void)text_size; + (void)text_in; + (void)text_out; (void)iv; - (void)aadsize; - (void)aad; - (void)authtag; + (void)tag_size; + (void)tag_out; return CRY_ERR_INV_ALGO; } @@ -616,17 +617,16 @@ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, * @param[in] key_id the key to be used for the operation, zero is * the transient key, other values are keys stored * in an unspecified way - * @param[in] size size of the text buffers, this number must be a + * @param[in] auth_size size of the data buffer to be authenticated + * @param[in] auth_in buffer containing the data to be authenticated + * @param[in] text_size size of the text buffer, this number must be a * multiple of 16 - * @param[in] in buffer for the output cyphertext - * @param[out] out buffer containing the input plaintext - * @param[in] iv 128 bits initial vector + counter, it contains - * a 96 bits IV and a 32 bits counter - * @param[in] aadsize size of the authentication data, this number - * must be a multiple of 16 - * @param[in] aad buffer containing the authentication data - * @param[in] authtag 128 bits buffer for the generated authentication - * tag + * @param[in] text_in buffer containing the input plaintext + * @param[out] text_out buffer for the output cyphertext + * @param[in] iv 128 bits input vector + * @param[in] tag_size size of the authentication tag, this number + * must be between 1 and 16 + * @param[in] tag_in buffer for the generated authentication tag * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this @@ -634,6 +634,7 @@ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid * or refers to an empty key slot. + * @retval CRY_ERR_AUTH_FAILED authentication failed * @retval CRY_ERR_OP_FAILURE if the operation failed, implementation * dependent. * @@ -641,23 +642,25 @@ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, */ cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag) { + size_t tag_size, + const uint8_t *tag_in) { (void)cryp; (void)key_id; - (void)size; - (void)in; - (void)out; + (void)auth_size; + (void)auth_in; + (void)text_size; + (void)text_in; + (void)text_out; (void)iv; - (void)aadsize; - (void)aad; - (void)authtag; + (void)tag_size; + (void)tag_in; return CRY_ERR_INV_ALGO; } diff --git a/os/hal/templates/hal_crypto_lld.h b/os/hal/templates/hal_crypto_lld.h index 6020eeff0..4edde5fe2 100644 --- a/os/hal/templates/hal_crypto_lld.h +++ b/os/hal/templates/hal_crypto_lld.h @@ -254,22 +254,24 @@ extern "C" { #if (CRY_LLD_SUPPORTS_AES_GCM == TRUE) || defined(__DOXYGEN__) cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag); + size_t tag_size, + uint8_t *tag_out); cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp, crykey_t key_id, - size_t size, - const uint8_t *in, - uint8_t *out, + size_t auth_size, + const uint8_t *auth_in, + size_t text_size, + const uint8_t *text_in, + uint8_t *text_out, const uint8_t *iv, - size_t aadsize, - const uint8_t *aad, - uint8_t *authtag); + size_t tag_size, + const uint8_t *tag_in); #endif #if (CRY_LLD_SUPPORTS_DES == TRUE) || \ (CRY_LLD_SUPPORTS_DES_ECB == TRUE) || \ diff --git a/readme.txt b/readme.txt index c1f58f535..0841cebe9 100644 --- a/readme.txt +++ b/readme.txt @@ -74,6 +74,7 @@ ***************************************************************************** *** 19.1.2 *** +- NEW: Modified AES GCM function signatures. - NEW: updates to MFS from trunk code. - NEW: updates to test library from trunk code. - HAL: Added H753 to all H7 mcuconf.h files. -- cgit v1.2.3