From 695dbad0846781728a1c0d95343ea64a39f4eaa3 Mon Sep 17 00:00:00 2001 From: Giovanni Di Sirio Date: Sun, 22 Oct 2017 09:34:37 +0000 Subject: More crypto code, still unfinished. git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@10870 35acf78f-673a-0410-8e92-d51de3d6d3f4 --- os/hal/include/hal_crypto.h | 83 ++++++---------- os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c | 29 +++++- os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h | 66 +++++++++++-- os/hal/src/hal_crypto.c | 126 +++++++++++++++---------- 4 files changed, 189 insertions(+), 115 deletions(-) (limited to 'os/hal') diff --git a/os/hal/include/hal_crypto.h b/os/hal/include/hal_crypto.h index 6e5309e37..091bc0829 100644 --- a/os/hal/include/hal_crypto.h +++ b/os/hal/include/hal_crypto.h @@ -35,27 +35,6 @@ /* Driver pre-compile time settings. */ /*===========================================================================*/ -/** - * @name CRYPTO configuration options - * @{ - */ -/** - * @brief Enables asynchronous APIs. - * @note Disabling this option saves both code and data space. - */ -#if !defined(CRY_USE_CALLBACKS) || defined(__DOXYGEN__) -#define CRY_USE_CALLBACKS TRUE -#endif - -/** - * @brief Enables the @p cryAcquireBus() and @p cryReleaseBus() APIs. - * @note Disabling this option saves both code and data space. - */ -#if !defined(CRY_USE_MUTUAL_EXCLUSION) || defined(__DOXYGEN__) -#define CRY_USE_MUTUAL_EXCLUSION TRUE -#endif -/** @} */ - /*===========================================================================*/ /* Derived constants and error checks. */ /*===========================================================================*/ @@ -70,8 +49,7 @@ typedef enum { CRY_UNINIT = 0, /**< Not initialized. */ CRY_STOP = 1, /**< Stopped. */ - CRY_READY = 2, /**< Ready. */ - CRY_ACTIVE = 3 /**< Operation running. */ + CRY_READY = 2 /**< Ready. */ } crystate_t; /** @@ -85,6 +63,17 @@ typedef enum { CRY_ERR_INV_KEY_ID = 4 /**< Invalid key type. */ } cryerror_t; +/** + * @brief Type of an algorithm identifier. + * @note It is only used to determine the key required for operations. + */ +typedef enum { + cry_algo_none = 0, + cry_algo_aes, + cry_algo_des, + cry_algo_tripledes +} cryalgorithm_t; + #include "hal_crypto_lld.h" #if !defined(CRY_LLD_SUPPORTS_AES_ECB) || \ @@ -94,24 +83,6 @@ typedef enum { #error "CRYPTO LLD does not export required switches" #endif -/** - * @brief Type of an algorithm identifier. - */ -typedef enum { -#if (CRY_LLD_SUPPORTS_AES_ECB == TRUE) || defined(__DOXYGEN__) - cry_algo_aes_ecb, -#endif -#if (CRY_LLD_SUPPORTS_AES_CBC == TRUE) || defined(__DOXYGEN__) - cry_algo_aes_cbc, -#endif -#if (CRY_LLD_SUPPORTS_AES_CFB == TRUE) || defined(__DOXYGEN__) - cry_algo_aes_cfb, -#endif -#if (CRY_LLD_SUPPORTS_AES_CTR == TRUE) || defined(__DOXYGEN__) - cry_algo_aes_ctr, -#endif -} cryalgorithm_t; - /*===========================================================================*/ /* Driver macros. */ /*===========================================================================*/ @@ -133,29 +104,34 @@ extern "C" { void cryObjectInit(CRYDriver *cryp); void cryStart(CRYDriver *cryp, const CRYConfig *config); void cryStop(CRYDriver *cryp); + cryerror_t cryLoadTransientKey(CRYDriver *cryp, cryalgorithm_t algorithm, size_t size, const uint8_t *keyp); #if CRY_LLD_SUPPORTS_AES_ECB == TRUE - cryerror_t cryEncryptAES_ECB(crykey_t key_id, + cryerror_t cryEncryptAES_ECB(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out); - cryerror_t cryDecryptAES_ECB(crykey_t key_id, + cryerror_t cryDecryptAES_ECB(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out); #endif /* CRY_LLD_SUPPORTS_AES_ECB == TRUE */ #if CRY_LLD_SUPPORTS_AES_CBC == TRUE - cryerror_t cryEncryptAES_CBC(crykey_t key_id, + cryerror_t cryEncryptAES_CBC(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, const uint8_t *iv); - cryerror_t cryDecryptAES_CBC(crykey_t key_id, + cryerror_t cryDecryptAES_CBC(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, @@ -163,12 +139,14 @@ extern "C" { #endif /* CRY_LLD_SUPPORTS_AES_CBC == TRUE */ #if CRY_LLD_SUPPORTS_AES_CFB == TRUE - cryerror_t cryEncryptAES_CFB(crykey_t key_id, + cryerror_t cryEncryptAES_CFB(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, const uint8_t *iv); - cryerror_t cryDecryptAES_CFB(crykey_t key_id, + cryerror_t cryDecryptAES_CFB(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, @@ -176,24 +154,21 @@ extern "C" { #endif /* CRY_LLD_SUPPORTS_AES_CFB == TRUE */ #if CRY_LLD_SUPPORTS_AES_CTR == TRUE - cryerror_t cryEncryptAES_CTR(crykey_t key_id, + cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, const uint8_t *nonce, uint8_t *cnt); - cryerror_t cryDecryptAES_CTR(crykey_t key_id, + cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, const uint8_t *nonce, uint8_t *cnt); #endif /* CRY_LLD_SUPPORTS_AES_CTR == TRUE */ - -#if ADC_USE_MUTUAL_EXCLUSION == TRUE - void cryAcquireBus(CRYDriver *cryp); - void cryReleaseBus(CRYDriver *cryp); -#endif #ifdef __cplusplus } #endif diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c index 37cdb2a71..a843ddd44 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c @@ -34,8 +34,8 @@ /* Driver exported variables. */ /*===========================================================================*/ -/** @brief CRYP1 driver identifier.*/ -#if STM32_CRY_USE_CRYP1 || defined(__DOXYGEN__) +/** @brief CRY1 driver identifier.*/ +#if PLATFORM_CRY_USE_CRY1 || defined(__DOXYGEN__) CRYDriver CRYD1; #endif @@ -92,6 +92,31 @@ void cry_lld_stop(CRYDriver *cryp) { } } +/** + * @brief Initializes the transient key for a specific algorithm. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] keyp pointer to the key data + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the specified algorithm is unknown or + * unsupported. + * @retval CRY_ERR_INV_KEY_SIZE if the specified key size is invalid. + * + * @notapi + */ +cryerror_t cry_lld_loadkey(CRYDriver *cryp, + cryalgorithm_t algorithm, + size_t size, + const uint8_t *keyp) { + + (void)cryp; + (void)algorithm; + (void)size; + (void)keyp; + + return CRY_NOERROR; +} #endif /* HAL_USE_CRY */ /** @} */ diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h index e7279728b..2bc94b31d 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h @@ -107,23 +107,21 @@ typedef struct { */ struct CRYDriver { /** - * @brief Driver state. + * @brief Driver state. */ crystate_t state; /** - * @brief Current configuration data. + * @brief Current configuration data. */ const CRYConfig *config; /** - * @brief Waiting thread. + * @brief Algorithm type of transient key. */ - thread_reference_t thread; -#if (CRY_USE_MUTUAL_EXCLUSION == TRUE) || defined(__DOXYGEN__) + cryalgorithm_t key0_type; /** - * @brief Mutex protecting the peripheral. + * @brief Size of transient key. */ - mutex_t mutex; -#endif + size_t key0_size; #if defined(CRY_DRIVER_EXT_FIELDS) CRY_DRIVER_EXT_FIELDS #endif @@ -148,6 +146,58 @@ extern "C" { void cry_lld_init(void); void cry_lld_start(CRYDriver *cryp); void cry_lld_stop(CRYDriver *cryp); + cryerror_t cry_lld_loadkey(CRYDriver *cryp, + cryalgorithm_t algorithm, + size_t size, + const uint8_t *keyp); + cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); + cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); + cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); + cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); + cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *nonce, + uint8_t *cnt); + cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *nonce, + uint8_t *cnt); #ifdef __cplusplus } #endif diff --git a/os/hal/src/hal_crypto.c b/os/hal/src/hal_crypto.c index 0493da872..79a5be9a2 100644 --- a/os/hal/src/hal_crypto.c +++ b/os/hal/src/hal_crypto.c @@ -69,10 +69,6 @@ void cryObjectInit(CRYDriver *cryp) { cryp->state = CRY_STOP; cryp->config = NULL; - cryp->thread = NULL; -#if CRY_USE_MUTUAL_EXCLUSION == TRUE - osalMutexObjectInit(&cryp->mutex); -#endif #if defined(CRY_DRIVER_EXT_INIT_HOOK) CRY_DRIVER_EXT_INIT_HOOK(cryp); #endif @@ -141,12 +137,28 @@ void cryStop(CRYDriver *cryp) { cryerror_t cryLoadTransientKey(CRYDriver *cryp, cryalgorithm_t algorithm, size_t size, - const uint8_t *keyp); + const uint8_t *keyp) { + cryerror_t err; + + /* Storing the transient key metadata.*/ + cryp->key0_type = algorithm; + cryp->key0_size = size; + + /* Key setup in the low level driver.*/ + err = cry_lld_loadkey(cryp, algorithm, size, keyp); + if (err != CRY_NOERROR) { + cryp->key0_type = cry_algo_none; + cryp->key0_size = (size_t)0; + } + + return err; +} #if (CRY_LLD_SUPPORTS_AES_ECB == TRUE) || defined(__DOXYGEN__) /** * @brief Encryption operation using AES-ECB. * + * @param[in] cryp pointer to the @p CRYDriver object * @param[in] key_id the key to be used for the operation, zero is the * transient key, other values are keys stored in an * unspecified way @@ -164,16 +176,21 @@ cryerror_t cryLoadTransientKey(CRYDriver *cryp, * * @api */ -cryerror_t cryEncryptAES_ECB(crykey_t key_id, +cryerror_t cryEncryptAES_ECB(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out) { + osalDbgCheck((in != NULL) && (out != NULL)); + + return cry_lld_encrypt_AES_ECB(cryp, key_id, size, in, out); } /** * @brief Decryption operation using AES-ECB. * + * @param[in] cryp pointer to the @p CRYDriver object * @param[in] key_id the key to be used for the operation, zero is the * transient key, other values are keys stored in an * unspecified way @@ -191,11 +208,16 @@ cryerror_t cryEncryptAES_ECB(crykey_t key_id, * * @api */ -cryerror_t cryDecryptAES_ECB(crykey_t key_id, - size_t blocks, +cryerror_t cryDecryptAES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, const uint8_t *in, uint8_t *out) { + osalDbgCheck((in != NULL) && (out != NULL)); + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + + return cry_lld_decrypt_AES_ECB(cryp, key_id, size, in, out); } #endif /* CRY_LLD_SUPPORTS_AES_ECB == TRUE */ @@ -203,6 +225,7 @@ cryerror_t cryDecryptAES_ECB(crykey_t key_id, /** * @brief Encryption operation using AES-CBC. * + * @param[in] cryp pointer to the @p CRYDriver object * @param[in] key_id the key to be used for the operation, zero is the * transient key, other values are keys stored in an * unspecified way @@ -221,17 +244,23 @@ cryerror_t cryDecryptAES_ECB(crykey_t key_id, * * @api */ -cryerror_t cryEncryptAES_CBC(crykey_t key_id, +cryerror_t cryEncryptAES_CBC(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, - const uint8_t *iv){ + const uint8_t *iv) { + osalDbgCheck((in != NULL) && (out != NULL) && (iv != NULL)); + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + + return cry_lld_encrypt_AES_CBC(cryp, key_id, size, in, out, iv); } /** * @brief Decryption operation using AES-CBC. * + * @param[in] cryp pointer to the @p CRYDriver object * @param[in] key_id the key to be used for the operation, zero is the * transient key, other values are keys stored in an * unspecified way @@ -250,12 +279,17 @@ cryerror_t cryEncryptAES_CBC(crykey_t key_id, * * @api */ -cryerror_t cryDecryptAES_CBC(crykey_t key_id, +cryerror_t cryDecryptAES_CBC(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, const uint8_t *iv) { + osalDbgCheck((in != NULL) && (out != NULL) && (iv != NULL)); + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + + return cry_lld_decrypt_AES_CBC(cryp, key_id, size, in, out, iv); } #endif /* CRY_LLD_SUPPORTS_AES_CBC == TRUE */ @@ -263,6 +297,7 @@ cryerror_t cryDecryptAES_CBC(crykey_t key_id, /** * @brief Encryption operation using AES-CFB. * + * @param[in] cryp pointer to the @p CRYDriver object * @param[in] key_id the key to be used for the operation, zero is the * transient key, other values are keys stored in an * unspecified way @@ -281,17 +316,23 @@ cryerror_t cryDecryptAES_CBC(crykey_t key_id, * * @api */ -cryerror_t cryEncryptAES_CFB(crykey_t key_id, +cryerror_t cryEncryptAES_CFB(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, const uint8_t *iv) { + osalDbgCheck((in != NULL) && (out != NULL) && (iv != NULL)); + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + + return cry_lld_encrypt_AES_CBC(cryp, key_id, size, in, out, iv); } /** * @brief Decryption operation using AES-CFB. * + * @param[in] cryp pointer to the @p CRYDriver object * @param[in] key_id the key to be used for the operation, zero is the * transient key, other values are keys stored in an * unspecified way @@ -310,12 +351,17 @@ cryerror_t cryEncryptAES_CFB(crykey_t key_id, * * @api */ -cryerror_t cryDecryptAES_CFB(crykey_t key_id, +cryerror_t cryDecryptAES_CFB(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, const uint8_t *iv) { + osalDbgCheck((in != NULL) && (out != NULL) && (iv != NULL)); + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + + return cry_lld_decrypt_AES_CBC(cryp, key_id, size, in, out, iv); } #endif /* CRY_LLD_SUPPORTS_AES_CFB == TRUE */ @@ -323,6 +369,7 @@ cryerror_t cryDecryptAES_CFB(crykey_t key_id, /** * @brief Encryption operation using AES-CTR. * + * @param[in] cryp pointer to the @p CRYDriver object * @param[in] key_id the key to be used for the operation, zero is the * transient key, other values are keys stored in an * unspecified way @@ -342,18 +389,25 @@ cryerror_t cryDecryptAES_CFB(crykey_t key_id, * * @api */ -cryerror_t cryEncryptAES_CTR(crykey_t key_id, +cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, const uint8_t *nonce, uint8_t *cnt) { + osalDbgCheck((in != NULL) && (out != NULL) && + (nonce != NULL) && (cnt != NULL)); + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + + return cry_lld_encrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt); } /** * @brief Decryption operation using AES-CTR. * + * @param[in] cryp pointer to the @p CRYDriver object * @param[in] key_id the key to be used for the operation, zero is the * transient key, other values are keys stored in an * unspecified way @@ -373,51 +427,21 @@ cryerror_t cryEncryptAES_CTR(crykey_t key_id, * * @api */ -cryerror_t cryDecryptAES_CTR(crykey_t key_id, +cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, + crykey_t key_id, size_t size, const uint8_t *in, uint8_t *out, const uint8_t *nonce, uint8_t *cnt) { -} -#endif /* CRY_LLD_SUPPORTS_AES_CTR == TRUE */ - -#if (CRY_USE_MUTUAL_EXCLUSION == TRUE) || defined(__DOXYGEN__) -/** - * @brief Gains exclusive access to the CRY peripheral. - * @details This function tries to gain ownership to CRY bus, if the bus - * is already being used then the invoking thread is queued. - * @pre In order to use this function the option - * @p CRY_USE_MUTUAL_EXCLUSION must be enabled. - * - * @param[in] cryp pointer to the @p CRYDriver object - * - * @api - */ -void cryAcquireBus(CRYDriver *cryp) { - - osalDbgCheck(cryp != NULL); - - osalMutexLock(&cryp->mutex); -} + osalDbgCheck((in != NULL) && (out != NULL) && + (nonce != NULL) && (cnt != NULL)); + osalDbgAssert(cryp->state == CRY_READY, "not ready"); -/** - * @brief Releases exclusive access to the CRY peripheral. - * @pre In order to use this function the option - * @p CRY_USE_MUTUAL_EXCLUSION must be enabled. - * - * @param[in] cryp pointer to the @p CRYDriver object - * - * @api - */ -void cryReleaseBus(CRYDriver *cryp) { - - osalDbgCheck(cryp != NULL); - - osalMutexUnlock(&cryp->mutex); + return cry_lld_decrypt_AES_CTR(cryp, key_id, size, in, out, nonce, cnt); } -#endif /* CRY_USE_MUTUAL_EXCLUSION == TRUE */ +#endif /* CRY_LLD_SUPPORTS_AES_CTR == TRUE */ #endif /* HAL_USE_CRY == TRUE */ -- cgit v1.2.3