From 282f50256531ffee5f9f5baf8d275fb64464769d Mon Sep 17 00:00:00 2001 From: gdisirio Date: Wed, 19 Dec 2018 11:26:37 +0000 Subject: Crypto driver changes, removed TRNG. git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@12477 110e8d01-0319-4d1e-a829-52ad28d1bb01 --- os/hal/include/hal_crypto.h | 18 +-- os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c | 64 ---------- os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h | 52 ++++----- os/hal/src/hal_crypto.c | 155 ++++++++++++++----------- os/hal/templates/hal_crypto_lld.c | 32 ----- os/hal/templates/hal_crypto_lld.h | 34 ++++-- 6 files changed, 149 insertions(+), 206 deletions(-) (limited to 'os/hal') diff --git a/os/hal/include/hal_crypto.h b/os/hal/include/hal_crypto.h index 4df1a45c3..78ba32b00 100644 --- a/os/hal/include/hal_crypto.h +++ b/os/hal/include/hal_crypto.h @@ -123,8 +123,7 @@ typedef enum { !defined(CRY_LLD_SUPPORTS_SHA256) || \ !defined(CRY_LLD_SUPPORTS_SHA512) || \ !defined(CRY_LLD_SUPPORTS_HMAC_SHA256) || \ - !defined(CRY_LLD_SUPPORTS_HMAC_SHA512) || \ - !defined(CRY_LLD_SUPPORTS_TRNG) + !defined(CRY_LLD_SUPPORTS_HMAC_SHA512) #error "CRYPTO LLD does not export the required switches" #endif @@ -145,7 +144,6 @@ typedef enum { #define CRY_LLD_SUPPORTS_SHA512 FALSE #define CRY_LLD_SUPPORTS_HMAC_SHA256 FALSE #define CRY_LLD_SUPPORTS_HMAC_SHA512 FALSE -#define CRY_LLD_SUPPORTS_TRNG FALSE typedef uint_fast8_t crykey_t; @@ -227,10 +225,9 @@ extern "C" { void cryObjectInit(CRYDriver *cryp); void cryStart(CRYDriver *cryp, const CRYConfig *config); void cryStop(CRYDriver *cryp); - cryerror_t cryLoadTransientKey(CRYDriver *cryp, - cryalgorithm_t algorithm, - size_t size, - const uint8_t *keyp); + cryerror_t cryLoadAESTransientKey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp); cryerror_t cryEncryptAES(CRYDriver *cryp, crykey_t key_id, const uint8_t *in, @@ -303,6 +300,9 @@ extern "C" { size_t aadsize, const uint8_t *aad, uint8_t *authtag); + cryerror_t cryLoadDESTransientKey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp); cryerror_t cryEncryptDES(CRYDriver *cryp, crykey_t key_id, const uint8_t *in, @@ -348,6 +348,9 @@ extern "C" { size_t size, const uint8_t *in); cryerror_t crySHA512Final(CRYDriver *cryp, SHA512Context *sha512ctxp, uint8_t *out); + cryerror_t cryLoadHMACTransientKey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp); cryerror_t cryHMACSHA256Init(CRYDriver *cryp, HMACSHA256Context *hmacsha256ctxp); cryerror_t cryHMACSHA256Update(CRYDriver *cryp, @@ -366,7 +369,6 @@ extern "C" { cryerror_t cryHMACSHA512Final(CRYDriver *cryp, HMACSHA512Context *hmacsha512ctxp, uint8_t *out); - cryerror_t cryTRNG(CRYDriver *cryp, size_t size, uint8_t *out); #ifdef __cplusplus } #endif diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c index 5c02434e3..60a1f88f2 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c @@ -70,9 +70,6 @@ void cry_lld_init(void) { #if STM32_CRY_USE_HASH1 CRYD1.hash = HASH; #endif -#if STM32_CRY_USE_RNG1 - CRYD1.rng = RNG; -#endif #endif } @@ -93,9 +90,6 @@ void cry_lld_start(CRYDriver *cryp) { #endif #if STM32_CRY_USE_HASH1 rccEnableHASH(true); -#endif -#if STM32_CRY_USE_RNG1 - rccEnableRNG(true); #endif } #endif @@ -107,9 +101,6 @@ void cry_lld_start(CRYDriver *cryp) { #if STM32_CRY_USE_HASH1 /* HASH setup and enable.*/ #endif -#if STM32_CRY_USE_RNG1 - /* RNG setup and enable.*/ -#endif } /** @@ -123,29 +114,6 @@ void cry_lld_stop(CRYDriver *cryp) { if (cryp->state == CRY_READY) { -#if STM32_CRY_USE_CRYP1 - /* CRYP disable.*/ -#endif -#if STM32_CRY_USE_HASH1 - /* HASH disable.*/ -#endif -#if STM32_CRY_USE_RNG1 - /* RNG disable.*/ -#endif - -#if STM32_CRY_ENABLED1 - if (&CRYD1 == cryp) { -#if STM32_CRY_USE_CRYP1 - rccDisableCRYP(); -#endif -#if STM32_CRY_USE_HASH1 - rccDisableHASH(); -#endif -#if STM32_CRY_USE_RNG1 - rccDisableRNG(); -#endif - } -#endif } } @@ -1201,7 +1169,6 @@ cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp, #if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__) /** * @brief Hash initialization using HMAC_SHA256. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[out] hmacsha256ctxp pointer to a HMAC_SHA256 context to be @@ -1226,7 +1193,6 @@ cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp, /** * @brief Hash update using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context @@ -1256,7 +1222,6 @@ cryerror_t cry_lld_HMACSHA256_update(CRYDriver *cryp, /** * @brief Hash finalization using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context @@ -1285,7 +1250,6 @@ cryerror_t cry_lld_HMACSHA256_final(CRYDriver *cryp, #if (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || defined(__DOXYGEN__) /** * @brief Hash initialization using HMAC_SHA512. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[out] hmacsha512ctxp pointer to a HMAC_SHA512 context to be @@ -1310,7 +1274,6 @@ cryerror_t cry_lld_HMACSHA512_init(CRYDriver *cryp, /** * @brief Hash update using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context @@ -1340,7 +1303,6 @@ cryerror_t cry_lld_HMACSHA512_update(CRYDriver *cryp, /** * @brief Hash finalization using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context @@ -1366,32 +1328,6 @@ cryerror_t cry_lld_HMACSHA512_final(CRYDriver *cryp, } #endif -#if (CRY_LLD_SUPPORTS_TRNG == TRUE) || defined(__DOXYGEN__) -/** - * @brief True random numbers generator. - * - * @param[in] cryp pointer to the @p CRYDriver object - * @param[in] size size of output buffer - * @param[out] out output buffer - * @return The operation status. - * @retval CRY_NOERROR if the operation succeeded. - * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this - * device instance. - * @retval CRY_ERR_OP_FAILURE if the operation failed, implementation - * dependent. - * - * @notapi - */ -cryerror_t cry_lld_TRNG(CRYDriver *cryp, size_t size, uint8_t *out) { - - (void)cryp; - (void)size; - (void)out; - - return CRY_ERR_INV_ALGO; -} -#endif - #endif /* HAL_USE_CRY == TRUE */ /** @} */ diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h index 60c50e03c..94eae3fd7 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h @@ -56,15 +56,6 @@ #if !defined(STM32_CRY_USE_HASH1) || defined(__DOXYGEN__) #define STM32_CRY_USE_HASH1 FALSE #endif - -/** - * @brief RNG1 driver enable switch. - * @details If set to @p TRUE the support for CRYP1 is included. - * @note The default is @p FALSE. - */ -#if !defined(STM32_CRY_USE_RNG1) || defined(__DOXYGEN__) -#define STM32_CRY_USE_RNG1 FALSE -#endif /** @} */ /*===========================================================================*/ @@ -144,10 +135,6 @@ #define CRY_LLD_SUPPORTS_HMAC_SHA256 FALSE #define CRY_LLD_SUPPORTS_HMAC_SHA512 FALSE #endif -#if STM32_CRY_USE_RNG1 || defined (__DOXYGEN__) -#define CRY_LLD_SUPPORTS_TRNG TRUE -#else -#define CRY_LLD_SUPPORTS_TRNG FALSE #endif /** @} */ @@ -201,12 +188,6 @@ struct CRYDriver { */ HASH_TypeDef *hash; #endif -#if STM32_CRY_USE_RNG1 || defined (__DOXYGEN__) - /** - * @brief Pointer to the RNG registers block. - */ - RNG_TypeDef *rng; -#endif }; #if (CRY_LLD_SUPPORTS_SHA1 == TRUE) || defined(__DOXYGEN__) @@ -272,10 +253,17 @@ extern "C" { void cry_lld_init(void); void cry_lld_start(CRYDriver *cryp); void cry_lld_stop(CRYDriver *cryp); - cryerror_t cry_lld_loadkey(CRYDriver *cryp, - cryalgorithm_t algorithm, - size_t size, - const uint8_t *keyp); +#if (CRY_LLD_SUPPORTS_AES == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_ECB == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_CBC == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_CFB == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_CTR == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_GCM == TRUE) || \ + defined(__DOXYGEN__) + cryerror_t cry_lld_aes_loadkey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp); +#endif #if (CRY_LLD_SUPPORTS_AES == TRUE) || defined(__DOXYGEN__) cryerror_t cry_lld_encrypt_AES(CRYDriver *cryp, crykey_t key_id, @@ -360,6 +348,14 @@ extern "C" { const uint8_t *aad, uint8_t *authtag); #endif +#if (CRY_LLD_SUPPORTS_DES == TRUE) || \ + (CRY_LLD_SUPPORTS_DES_ECB == TRUE) || \ + (CRY_LLD_SUPPORTS_DES_CBC == TRUE) || \ + defined(__DOXYGEN__) + cryerror_t cry_lld_des_loadkey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp); +#endif #if (CRY_LLD_SUPPORTS_DES == TRUE) || defined(__DOXYGEN__) cryerror_t cry_lld_encrypt_DES(CRYDriver *cryp, crykey_t key_id, @@ -417,6 +413,13 @@ extern "C" { cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp, uint8_t *out); #endif +#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || \ + (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || \ + defined(__DOXYGEN__) + cryerror_t cry_lld_hmac_loadkey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp); +#endif #if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__) cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp, HMACSHA256Context *hmacsha256ctxp); @@ -437,9 +440,6 @@ extern "C" { HMACSHA512Context *hmacsha512ctxp, uint8_t *out); #endif -#if (CRY_LLD_SUPPORTS_TRNG == TRUE) || defined(__DOXYGEN__) - cryerror_t cry_lld_TRNG(CRYDriver *cryp, size_t size, uint8_t *out); -#endif #ifdef __cplusplus } #endif diff --git a/os/hal/src/hal_crypto.c b/os/hal/src/hal_crypto.c index a58cc7bec..5609e1ee3 100644 --- a/os/hal/src/hal_crypto.c +++ b/os/hal/src/hal_crypto.c @@ -126,46 +126,39 @@ void cryStop(CRYDriver *cryp) { } /** - * @brief Initializes the transient key for a specific algorithm. - * @note It is the underlying implementation to decide which combinations - * of algorithm and key size are allowable. + * @brief Initializes the AES transient key. + * @note It is the underlying implementation to decide which key sizes are + * allowable. * * @param[in] cryp pointer to the @p CRYDriver object - * @param[in] algorithm the algorithm identifier * @param[in] size key size in bytes * @param[in] keyp pointer to the key data * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. - * @retval CRY_ERR_INV_ALGO if the specified algorithm is unknown or - * unsupported. + * @retval CRY_ERR_INV_ALGO if the algorithm is unsupported. * @retval CRY_ERR_INV_KEY_SIZE if the specified key size is invalid for * the specified algorithm. * * @api */ -cryerror_t cryLoadTransientKey(CRYDriver *cryp, - cryalgorithm_t algorithm, - size_t size, - const uint8_t *keyp) { - cryerror_t err; +cryerror_t cryLoadAESTransientKey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp) { osalDbgCheck((cryp != NULL) && (keyp != NULL)); -#if HAL_CRY_ENFORCE_FALLBACK == FALSE - /* Key setup in the low level driver.*/ - err = cry_lld_loadkey(cryp, algorithm, size, keyp); +#if CRY_LLD_SUPPORTS_AES == TRUE + return cry_lld_aes_loadkey(cryp, size, keyp); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_aes_loadkey(cryp, size, keyp); #else - err = CRY_ERR_INV_ALGO; -#endif + (void)cryp; + (void)size; + (void)keyp; -#if HAL_CRY_USE_FALLBACK == TRUE - if (err == CRY_ERR_INV_ALGO) { - err = cry_fallback_loadkey(cryp, algorithm, size, keyp); - } + return CRY_ERR_INV_ALGO; #endif - - return err; } /** @@ -838,6 +831,42 @@ cryerror_t cryDecryptAES_GCM(CRYDriver *cryp, #endif } +/** + * @brief Initializes the DES transient key. + * @note It is the underlying implementation to decide which key sizes are + * allowable. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] size key size in bytes + * @param[in] keyp pointer to the key data + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the algorithm is unsupported. + * @retval CRY_ERR_INV_KEY_SIZE if the specified key size is invalid for + * the specified algorithm. + * + * @api + */ +cryerror_t cryLoadDESTransientKey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp) { + + osalDbgCheck((cryp != NULL) && (keyp != NULL)); + + +#if CRY_LLD_SUPPORTS_DES == TRUE + return cry_lld_des_loadkey(cryp, size, keyp); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_des_loadkey(cryp, size, keyp); +#else + (void)cryp; + (void)size; + (void)keyp; + + return CRY_ERR_INV_ALGO; +#endif +} + /** * @brief Encryption of a single block using (T)DES. * @note The implementation of this function must guarantee that it can @@ -1253,7 +1282,6 @@ cryerror_t crySHA1Final(CRYDriver *cryp, SHA1Context *sha1ctxp, uint8_t *out) { /** * @brief Hash initialization using SHA256. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[out] sha256ctxp pointer to a SHA256 context to be initialized @@ -1286,7 +1314,6 @@ cryerror_t crySHA256Init(CRYDriver *cryp, SHA256Context *sha256ctxp) { /** * @brief Hash update using SHA256. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] sha256ctxp pointer to a SHA256 context @@ -1324,7 +1351,6 @@ cryerror_t crySHA256Update(CRYDriver *cryp, SHA256Context *sha256ctxp, /** * @brief Hash finalization using SHA256. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] sha256ctxp pointer to a SHA256 context @@ -1360,7 +1386,6 @@ cryerror_t crySHA256Final(CRYDriver *cryp, SHA256Context *sha256ctxp, /** * @brief Hash initialization using SHA512. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[out] sha512ctxp pointer to a SHA512 context to be initialized @@ -1393,7 +1418,6 @@ cryerror_t crySHA512Init(CRYDriver *cryp, SHA512Context *sha512ctxp) { /** * @brief Hash update using SHA512. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] sha512ctxp pointer to a SHA512 context @@ -1431,7 +1455,6 @@ cryerror_t crySHA512Update(CRYDriver *cryp, SHA512Context *sha512ctxp, /** * @brief Hash finalization using SHA512. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] sha512ctxp pointer to a SHA512 context @@ -1465,9 +1488,44 @@ cryerror_t crySHA512Final(CRYDriver *cryp, SHA512Context *sha512ctxp, #endif } +/** + * @brief Initializes the HMAC transient key. + * @note It is the underlying implementation to decide which key sizes are + * allowable. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] size key size in bytes + * @param[in] keyp pointer to the key data + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the algorithm is unsupported. + * @retval CRY_ERR_INV_KEY_SIZE if the specified key size is invalid for + * the specified algorithm. + * + * @api + */ +cryerror_t cryLoadHMACTransientKey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp) { + + osalDbgCheck((cryp != NULL) && (keyp != NULL)); + +#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || \ + (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) + return cry_lld_hmac_loadkey(cryp, size, keyp); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_hmac_loadkey(cryp, size, keyp); +#else + (void)cryp; + (void)size; + (void)keyp; + + return CRY_ERR_INV_ALGO; +#endif +} + /** * @brief Hash initialization using HMAC_SHA256. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[out] hmacsha256ctxp pointer to a HMAC_SHA256 context to be @@ -1502,7 +1560,6 @@ cryerror_t cryHMACSHA256Init(CRYDriver *cryp, /** * @brief Hash update using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context @@ -1542,7 +1599,6 @@ cryerror_t cryHMACSHA256Update(CRYDriver *cryp, /** * @brief Hash finalization using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context @@ -1579,7 +1635,6 @@ cryerror_t cryHMACSHA256Final(CRYDriver *cryp, /** * @brief Hash initialization using HMAC_SHA512. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[out] hmacsha512ctxp pointer to a HMAC_SHA512 context to be @@ -1614,7 +1669,6 @@ cryerror_t cryHMACSHA512Init(CRYDriver *cryp, /** * @brief Hash update using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context @@ -1654,7 +1708,6 @@ cryerror_t cryHMACSHA512Update(CRYDriver *cryp, /** * @brief Hash finalization using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context @@ -1689,40 +1742,6 @@ cryerror_t cryHMACSHA512Final(CRYDriver *cryp, #endif } -/** - * @brief True random numbers generator. - * - * @param[in] cryp pointer to the @p CRYDriver object - * @param[in] size size of output buffer - * @param[out] out output buffer - * @return The operation status. - * @retval CRY_NOERROR if the operation succeeded. - * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this - * device instance. - * @retval CRY_ERR_OP_FAILURE if the operation failed, implementation - * dependent. - * - * @api - */ -cryerror_t cryTRNG(CRYDriver *cryp, size_t size, uint8_t *out) { - - osalDbgCheck((cryp != NULL) && (out != NULL)); - - osalDbgAssert(cryp->state == CRY_READY, "not ready"); - -#if CRY_LLD_SUPPORTS_TRNG == TRUE - return cry_lld_TRNG(cryp, size, out); -#elif HAL_CRY_USE_FALLBACK == TRUE - return cry_fallback_TRNG(cryp, size, out); -#else - (void)cryp; - (void)size; - (void)out; - - return CRY_ERR_INV_ALGO; -#endif -} - #endif /* HAL_USE_CRY == TRUE */ /** @} */ diff --git a/os/hal/templates/hal_crypto_lld.c b/os/hal/templates/hal_crypto_lld.c index 0d1656787..b079bd064 100644 --- a/os/hal/templates/hal_crypto_lld.c +++ b/os/hal/templates/hal_crypto_lld.c @@ -1144,7 +1144,6 @@ cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp, #if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__) /** * @brief Hash initialization using HMAC_SHA256. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[out] hmacsha256ctxp pointer to a HMAC_SHA256 context to be @@ -1169,7 +1168,6 @@ cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp, /** * @brief Hash update using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context @@ -1199,7 +1197,6 @@ cryerror_t cry_lld_HMACSHA256_update(CRYDriver *cryp, /** * @brief Hash finalization using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context @@ -1228,7 +1225,6 @@ cryerror_t cry_lld_HMACSHA256_final(CRYDriver *cryp, #if (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || defined(__DOXYGEN__) /** * @brief Hash initialization using HMAC_SHA512. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[out] hmacsha512ctxp pointer to a HMAC_SHA512 context to be @@ -1253,7 +1249,6 @@ cryerror_t cry_lld_HMACSHA512_init(CRYDriver *cryp, /** * @brief Hash update using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context @@ -1283,7 +1278,6 @@ cryerror_t cry_lld_HMACSHA512_update(CRYDriver *cryp, /** * @brief Hash finalization using HMAC. - * @note Use of this algorithm is not recommended because proven weak. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context @@ -1309,32 +1303,6 @@ cryerror_t cry_lld_HMACSHA512_final(CRYDriver *cryp, } #endif -#if (CRY_LLD_SUPPORTS_TRNG == TRUE) || defined(__DOXYGEN__) -/** - * @brief True random numbers generator. - * - * @param[in] cryp pointer to the @p CRYDriver object - * @param[in] size size of output buffer - * @param[out] out output buffer - * @return The operation status. - * @retval CRY_NOERROR if the operation succeeded. - * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this - * device instance. - * @retval CRY_ERR_OP_FAILURE if the operation failed, implementation - * dependent. - * - * @notapi - */ -cryerror_t cry_lld_TRNG(CRYDriver *cryp, size_t size, uint8_t *out) { - - (void)cryp; - (void)size; - (void)out; - - return CRY_ERR_INV_ALGO; -} -#endif - #endif /* HAL_USE_CRY == TRUE */ /** @} */ diff --git a/os/hal/templates/hal_crypto_lld.h b/os/hal/templates/hal_crypto_lld.h index d3b1f5755..6020eeff0 100644 --- a/os/hal/templates/hal_crypto_lld.h +++ b/os/hal/templates/hal_crypto_lld.h @@ -49,7 +49,6 @@ #define CRY_LLD_SUPPORTS_SHA512 TRUE #define CRY_LLD_SUPPORTS_HMAC_SHA256 TRUE #define CRY_LLD_SUPPORTS_HMAC_SHA512 TRUE -#define CRY_LLD_SUPPORTS_TRNG TRUE /** @} */ /*===========================================================================*/ @@ -177,10 +176,17 @@ extern "C" { void cry_lld_init(void); void cry_lld_start(CRYDriver *cryp); void cry_lld_stop(CRYDriver *cryp); - cryerror_t cry_lld_loadkey(CRYDriver *cryp, - cryalgorithm_t algorithm, - size_t size, - const uint8_t *keyp); +#if (CRY_LLD_SUPPORTS_AES == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_ECB == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_CBC == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_CFB == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_CTR == TRUE) || \ + (CRY_LLD_SUPPORTS_AES_GCM == TRUE) || \ + defined(__DOXYGEN__) + cryerror_t cry_lld_aes_loadkey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp); +#endif #if (CRY_LLD_SUPPORTS_AES == TRUE) || defined(__DOXYGEN__) cryerror_t cry_lld_encrypt_AES(CRYDriver *cryp, crykey_t key_id, @@ -265,6 +271,14 @@ extern "C" { const uint8_t *aad, uint8_t *authtag); #endif +#if (CRY_LLD_SUPPORTS_DES == TRUE) || \ + (CRY_LLD_SUPPORTS_DES_ECB == TRUE) || \ + (CRY_LLD_SUPPORTS_DES_CBC == TRUE) || \ + defined(__DOXYGEN__) + cryerror_t cry_lld_des_loadkey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp); +#endif #if (CRY_LLD_SUPPORTS_DES == TRUE) || defined(__DOXYGEN__) cryerror_t cry_lld_encrypt_DES(CRYDriver *cryp, crykey_t key_id, @@ -322,6 +336,13 @@ extern "C" { cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp, uint8_t *out); #endif +#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || \ + (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || \ + defined(__DOXYGEN__) + cryerror_t cry_lld_hmac_loadkey(CRYDriver *cryp, + size_t size, + const uint8_t *keyp); +#endif #if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__) cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp, HMACSHA256Context *hmacsha256ctxp); @@ -342,9 +363,6 @@ extern "C" { HMACSHA512Context *hmacsha512ctxp, uint8_t *out); #endif -#if (CRY_LLD_SUPPORTS_TRNG == TRUE) || defined(__DOXYGEN__) - cryerror_t cry_lld_TRNG(CRYDriver *cryp, size_t size, uint8_t *out); -#endif #ifdef __cplusplus } #endif -- cgit v1.2.3