From c29cb727918744eb0ea1a287e2c042b00bf35a9b Mon Sep 17 00:00:00 2001 From: Giovanni Di Sirio Date: Sun, 29 Oct 2017 13:58:48 +0000 Subject: Added (T)DES support to the crypto driver. git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@10904 35acf78f-673a-0410-8e92-d51de3d6d3f4 --- os/hal/include/hal_crypto.h | 55 ++- os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c | 319 +++++++++++++++++- os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h | 42 +++ os/hal/src/hal_crypto.c | 444 +++++++++++++++++++++++-- os/hal/templates/hal_crypto_lld.c | 321 +++++++++++++++++- os/hal/templates/hal_crypto_lld.h | 44 ++- 6 files changed, 1169 insertions(+), 56 deletions(-) (limited to 'os') diff --git a/os/hal/include/hal_crypto.h b/os/hal/include/hal_crypto.h index 8836dafd5..91de0576d 100644 --- a/os/hal/include/hal_crypto.h +++ b/os/hal/include/hal_crypto.h @@ -104,9 +104,8 @@ typedef enum { */ typedef enum { cry_algo_none = 0, - cry_algo_aes, - cry_algo_des, - cry_algo_tripledes + cry_algo_aes, /**< AES 128, 192, 256 bits. */ + cry_algo_des /**< DES 56, TDES 112, 168 bits.*/ } cryalgorithm_t; #if HAL_CRY_ENFORCE_FALLBACK == FALSE @@ -115,11 +114,15 @@ typedef enum { #else /* No LLD at all, using the standalone mode.*/ +#define CRY_LLD_SUPPORTS_AES FALSE #define CRY_LLD_SUPPORTS_AES_ECB FALSE #define CRY_LLD_SUPPORTS_AES_CBC FALSE #define CRY_LLD_SUPPORTS_AES_CFB FALSE #define CRY_LLD_SUPPORTS_AES_CTR FALSE #define CRY_LLD_SUPPORTS_AES_GCM FALSE +#define CRY_LLD_SUPPORTS_DES FALSE +#define CRY_LLD_SUPPORTS_DES_ECB FALSE +#define CRY_LLD_SUPPORTS_DES_CBC FALSE typedef uint_fast8_t crykey_t; @@ -138,11 +141,15 @@ struct CRYDriver { }; #endif -#if !defined(CRY_LLD_SUPPORTS_AES_ECB) || \ +#if !defined(CRY_LLD_SUPPORTS_AES) || \ + !defined(CRY_LLD_SUPPORTS_AES_ECB) || \ !defined(CRY_LLD_SUPPORTS_AES_CBC) || \ !defined(CRY_LLD_SUPPORTS_AES_CFB) || \ !defined(CRY_LLD_SUPPORTS_AES_CTR) || \ - !defined(CRY_LLD_SUPPORTS_AES_GCM) + !defined(CRY_LLD_SUPPORTS_AES_GCM) || \ + !defined(CRY_LLD_SUPPORTS_DES) || \ + !defined(CRY_LLD_SUPPORTS_DES_ECB) || \ + !defined(CRY_LLD_SUPPORTS_DES_CBC) #error "CRYPTO LLD does not export the required switches" #endif @@ -171,6 +178,14 @@ extern "C" { cryalgorithm_t algorithm, size_t size, const uint8_t *keyp); + cryerror_t cryEncryptAES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); + cryerror_t cryDecryptAES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); cryerror_t cryEncryptAES_ECB(CRYDriver *cryp, crykey_t key_id, size_t size, @@ -235,6 +250,36 @@ extern "C" { size_t aadsize, const uint8_t *aad, uint8_t *authtag); + cryerror_t cryEncryptDES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); + cryerror_t cryDecryptDES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); + cryerror_t cryEncryptDES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out); + cryerror_t cryDecryptDES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out); + cryerror_t cryEncryptDES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); + cryerror_t cryDecryptDES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); #ifdef __cplusplus } #endif diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c index 00a4478c7..7d305968a 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.c @@ -118,6 +118,74 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp, return CRY_NOERROR; } +/** + * @brief Encryption of a single block using AES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_encrypt_AES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Decryption of a single block using AES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_decrypt_AES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + /** * @brief Encryption operation using AES-ECB. * @note The function operates on data buffers whose lenght is a multiple @@ -138,7 +206,7 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -177,7 +245,7 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -217,7 +285,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -259,7 +327,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -301,7 +369,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -343,7 +411,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -386,7 +454,7 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -429,7 +497,7 @@ cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -476,7 +544,7 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -529,7 +597,7 @@ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -556,6 +624,237 @@ cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp, return CRY_ERR_INV_ALGO; } +/** + * @brief Encryption of a single block using (T)DES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_encrypt_DES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Decryption of a single block using (T)DES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_decrypt_DES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Encryption operation using (T)DES-ECB. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_encrypt_DES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Decryption operation using (T)DES-ECB. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_decrypt_DES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Encryption operation using (T)DES-CBC. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @param[in] iv 64 bits input vector + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_encrypt_DES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv) { + + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + (void)iv; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Decryption operation using (T)DES-CBC. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @param[in] iv 64 bits input vector + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_decrypt_DES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv) { + + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + (void)iv; + + return CRY_ERR_INV_ALGO; +} + #endif /* HAL_USE_CRY == TRUE */ /** @} */ diff --git a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h index 977e25438..3ae153943 100644 --- a/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h +++ b/os/hal/ports/STM32/LLD/CRYPv1/hal_crypto_lld.h @@ -35,11 +35,15 @@ * @name Driver capability switches * @{ */ +#define CRY_LLD_SUPPORTS_AES TRUE #define CRY_LLD_SUPPORTS_AES_ECB TRUE #define CRY_LLD_SUPPORTS_AES_CBC TRUE #define CRY_LLD_SUPPORTS_AES_CFB FALSE #define CRY_LLD_SUPPORTS_AES_CTR TRUE #define CRY_LLD_SUPPORTS_AES_GCM TRUE +#define CRY_LLD_SUPPORTS_DES TRUE +#define CRY_LLD_SUPPORTS_DES_ECB TRUE +#define CRY_LLD_SUPPORTS_DES_CBC TRUE /** @{ */ /*===========================================================================*/ @@ -140,6 +144,14 @@ extern "C" { cryalgorithm_t algorithm, size_t size, const uint8_t *keyp); + cryerror_t cry_lld_encrypt_AES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_decrypt_AES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, crykey_t key_id, size_t size, @@ -204,6 +216,36 @@ extern "C" { size_t aadsize, const uint8_t *aad, uint8_t *authtag); + cryerror_t cry_lld_encrypt_DES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_decrypt_DES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_encrypt_DES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_decrypt_DES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_encrypt_DES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); + cryerror_t cry_lld_decrypt_DES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); #ifdef __cplusplus } #endif diff --git a/os/hal/src/hal_crypto.c b/os/hal/src/hal_crypto.c index 31bee80db..c099335bf 100644 --- a/os/hal/src/hal_crypto.c +++ b/os/hal/src/hal_crypto.c @@ -127,6 +127,8 @@ void cryStop(CRYDriver *cryp) { /** * @brief Initializes the transient key for a specific algorithm. + * @note It is the underlying implementation to decide which combinations + * of algorithm and key size are allowable. * * @param[in] cryp pointer to the @p CRYDriver object * @param[in] algorithm the algorithm identifier @@ -136,7 +138,8 @@ void cryStop(CRYDriver *cryp) { * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the specified algorithm is unknown or * unsupported. - * @retval CRY_ERR_INV_KEY_SIZE if the specified key size is invalid. + * @retval CRY_ERR_INV_KEY_SIZE if the specified key size is invalid for + * the specified algorithm. * * @api */ @@ -172,9 +175,97 @@ cryerror_t cryLoadTransientKey(CRYDriver *cryp, return err; } +/** + * @brief Encryption of a single block using AES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @special + */ +cryerror_t cryEncryptAES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL)); + + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + +#if CRY_LLD_SUPPORTS_AES == TRUE + return cry_lld_encrypt_AES(cryp, key_id, in, out); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_encrypt_AES(cryp, key_id, in, out); +#else + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +#endif +} + +/** + * @brief Decryption of a single block using AES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @special + */ +cryerror_t cryDecryptAES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL)); + + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + +#if CRY_LLD_SUPPORTS_AES == TRUE + return cry_lld_decrypt_AES(cryp, key_id, in, out); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_decrypt_AES(cryp, key_id, in, out); +#else + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +#endif +} + /** * @brief Encryption operation using AES-ECB. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -192,7 +283,7 @@ cryerror_t cryLoadTransientKey(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -224,7 +315,7 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp, /** * @brief Decryption operation using AES-ECB. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -242,7 +333,7 @@ cryerror_t cryEncryptAES_ECB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -274,7 +365,7 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp, /** * @brief Encryption operation using AES-CBC. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -286,14 +377,14 @@ cryerror_t cryDecryptAES_ECB(CRYDriver *cryp, * multiple of 16 * @param[in] in buffer containing the input plaintext * @param[out] out buffer for the output cyphertext - * @param[in] iv 128 bits initial vector + * @param[in] iv 128 bits input vector * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -327,7 +418,7 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp, /** * @brief Decryption operation using AES-CBC. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -339,14 +430,14 @@ cryerror_t cryEncryptAES_CBC(CRYDriver *cryp, * multiple of 16 * @param[in] in buffer containing the input cyphertext * @param[out] out buffer for the output plaintext - * @param[in] iv 128 bits initial vector + * @param[in] iv 128 bits input vector * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -380,7 +471,7 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp, /** * @brief Encryption operation using AES-CFB. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -392,14 +483,14 @@ cryerror_t cryDecryptAES_CBC(CRYDriver *cryp, * multiple of 16 * @param[in] in buffer containing the input plaintext * @param[out] out buffer for the output cyphertext - * @param[in] iv 128 bits initial vector + * @param[in] iv 128 bits input vector * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -433,7 +524,7 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp, /** * @brief Decryption operation using AES-CFB. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -445,14 +536,14 @@ cryerror_t cryEncryptAES_CFB(CRYDriver *cryp, * multiple of 16 * @param[in] in buffer containing the input cyphertext * @param[out] out buffer for the output plaintext - * @param[in] iv 128 bits initial vector + * @param[in] iv 128 bits input vector * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -486,7 +577,7 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp, /** * @brief Encryption operation using AES-CTR. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -498,7 +589,7 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp, * multiple of 16 * @param[in] in buffer containing the input plaintext * @param[out] out buffer for the output cyphertext - * @param[in] iv 128 bits initial vector + counter, it contains + * @param[in] iv 128 bits input vector + counter, it contains * a 96 bits IV and a 32 bits counter * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. @@ -506,7 +597,7 @@ cryerror_t cryDecryptAES_CFB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -541,7 +632,7 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, /** * @brief Decryption operation using AES-CTR. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -553,7 +644,7 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, * multiple of 16 * @param[in] in buffer containing the input cyphertext * @param[out] out buffer for the output plaintext - * @param[in] iv 128 bits initial vector + counter, it contains + * @param[in] iv 128 bits input vector + counter, it contains * a 96 bits IV and a 32 bits counter * @return The operation status. * @retval CRY_NOERROR if the operation succeeded. @@ -561,7 +652,7 @@ cryerror_t cryEncryptAES_CTR(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -596,7 +687,7 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, /** * @brief Encryption operation using AES-GCM. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -608,7 +699,7 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, * multiple of 16 * @param[in] in buffer containing the input plaintext * @param[out] out buffer for the output cyphertext - * @param[in] iv 128 bits initial vector + counter, it contains + * @param[in] iv 128 bits input vector + counter, it contains * a 96 bits IV and a 32 bits counter * @param[in] aadsize size of the authentication data, this number must be a * multiple of 16 @@ -620,7 +711,7 @@ cryerror_t cryDecryptAES_CTR(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -664,7 +755,7 @@ cryerror_t cryEncryptAES_GCM(CRYDriver *cryp, /** * @brief Decryption operation using AES-GCM. - * @note The function operates on data buffers whose lenght is a multiple + * @note The function operates on data buffers whose length is a multiple * of an AES block, this means that padding must be done by the * caller. * @@ -676,7 +767,7 @@ cryerror_t cryEncryptAES_GCM(CRYDriver *cryp, * multiple of 16 * @param[in] in buffer for the output cyphertext * @param[out] out buffer containing the input plaintext - * @param[in] iv 128 bits initial vector + counter, it contains + * @param[in] iv 128 bits input vector + counter, it contains * a 96 bits IV and a 32 bits counter * @param[in] aadsize size of the authentication data, this number must be a * multiple of 16 @@ -688,7 +779,7 @@ cryerror_t cryEncryptAES_GCM(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @api */ @@ -730,6 +821,301 @@ cryerror_t cryDecryptAES_GCM(CRYDriver *cryp, #endif } +/** + * @brief Encryption of a single block using (T)DES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @special + */ +cryerror_t cryEncryptDES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL)); + + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + +#if CRY_LLD_SUPPORTS_DES == TRUE + return cry_lld_encrypt_DES(cryp, key_id, in, out); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_encrypt_DES(cryp, key_id, in, out); +#else + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +#endif +} + +/** + * @brief Decryption of a single block using (T)DES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @special + */ +cryerror_t cryDecryptDES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL)); + + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + +#if CRY_LLD_SUPPORTS_DES == TRUE + return cry_lld_decrypt_DES(cryp, key_id, in, out); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_decrypt_DES(cryp, key_id, in, out); +#else + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +#endif +} + +/** + * @brief Encryption operation using (T)DES-ECB. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @api + */ +cryerror_t cryEncryptDES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out) { + + osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) && + ((size & (size_t)7) == (size_t)0)); + + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + +#if CRY_LLD_SUPPORTS_DES_ECB == TRUE + return cry_lld_encrypt_DES_ECB(cryp, key_id, size, in, out); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_encrypt_DES_ECB(cryp, key_id, size, in, out); +#else + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +#endif +} + +/** + * @brief Decryption operation using (T)DES-ECB. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @api + */ +cryerror_t cryDecryptDES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out) { + + osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) && + ((size & (size_t)7) == (size_t)0)); + + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + +#if CRY_LLD_SUPPORTS_DES_ECB == TRUE + return cry_lld_decrypt_DES_ECB(cryp, key_id, size, in, out); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_decrypt_DES_ECB(cryp, key_id, size, in, out); +#else + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +#endif +} + +/** + * @brief Encryption operation using (T)DES-CBC. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @param[in] iv 64 bits input vector + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @api + */ +cryerror_t cryEncryptDES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv) { + + osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) && + (iv != NULL) && ((size & (size_t)7) == (size_t)0)); + + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + +#if CRY_LLD_SUPPORTS_DES_CBC == TRUE + return cry_lld_encrypt_DES_CBC(cryp, key_id, size, in, out, iv); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_encrypt_DES_CBC(cryp, key_id, size, in, out, iv); +#else + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + (void)iv; + + return CRY_ERR_INV_ALGO; +#endif +} + +/** + * @brief Decryption operation using (T)DES-CBC. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @param[in] iv 64 bits input vector + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @api + */ +cryerror_t cryDecryptDES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv) { + + osalDbgCheck((cryp != NULL) && (in != NULL) && (out != NULL) && + (iv != NULL) && ((size & (size_t)7) == (size_t)0)); + + osalDbgAssert(cryp->state == CRY_READY, "not ready"); + +#if CRY_LLD_SUPPORTS_DES_CBC == TRUE + return cry_lld_decrypt_DES_CBC(cryp, key_id, size, in, out, iv); +#elif HAL_CRY_USE_FALLBACK == TRUE + return cry_fallback_decrypt_DES_CBC(cryp, key_id, size, in, out, iv); +#else + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + (void)iv; + + return CRY_ERR_INV_ALGO; +#endif +} + #endif /* HAL_USE_CRY == TRUE */ /** @} */ diff --git a/os/hal/templates/hal_crypto_lld.c b/os/hal/templates/hal_crypto_lld.c index 1aa90d2af..2d8a18ef1 100644 --- a/os/hal/templates/hal_crypto_lld.c +++ b/os/hal/templates/hal_crypto_lld.c @@ -35,7 +35,7 @@ /*===========================================================================*/ /** @brief CRY1 driver identifier.*/ -#if PLATFORM_CRY_USE_CRY1 || defined(__DOXYGEN__) +#if STM32_CRY_USE_CRYP1 || defined(__DOXYGEN__) CRYDriver CRYD1; #endif @@ -118,6 +118,74 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp, return CRY_NOERROR; } +/** + * @brief Encryption of a single block using AES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_encrypt_AES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Decryption of a single block using AES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_decrypt_AES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + /** * @brief Encryption operation using AES-ECB. * @note The function operates on data buffers whose lenght is a multiple @@ -138,7 +206,7 @@ cryerror_t cry_lld_loadkey(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -177,7 +245,7 @@ cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -217,7 +285,7 @@ cryerror_t cry_lld_decrypt_AES_ECB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -259,7 +327,7 @@ cryerror_t cry_lld_encrypt_AES_CBC(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -301,7 +369,7 @@ cryerror_t cry_lld_decrypt_AES_CBC(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -343,7 +411,7 @@ cryerror_t cry_lld_encrypt_AES_CFB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -386,7 +454,7 @@ cryerror_t cry_lld_decrypt_AES_CFB(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -429,7 +497,7 @@ cryerror_t cry_lld_encrypt_AES_CTR(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -476,7 +544,7 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -529,7 +597,7 @@ cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, * device instance. * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid - * or refers and empty key slot. + * or refers to an empty key slot. * * @notapi */ @@ -556,6 +624,237 @@ cryerror_t cry_lld_decrypt_AES_GCM(CRYDriver *cryp, return CRY_ERR_INV_ALGO; } +/** + * @brief Encryption of a single block using (T)DES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_encrypt_DES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Decryption of a single block using (T)DES. + * @note The implementation of this function must guarantee that it can + * be called from any context. + * + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_decrypt_DES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Encryption operation using (T)DES-ECB. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_encrypt_DES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Decryption operation using (T)DES-ECB. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_decrypt_DES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out) { + + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Encryption operation using (T)DES-CBC. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input plaintext + * @param[out] out buffer for the output cyphertext + * @param[in] iv 64 bits input vector + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_encrypt_DES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv) { + + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + (void)iv; + + return CRY_ERR_INV_ALGO; +} + +/** + * @brief Decryption operation using (T)DES-CBC. + * @note The function operates on data buffers whose length is a multiple + * of an DES block, this means that padding must be done by the + * caller. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] key_id the key to be used for the operation, zero is the + * transient key, other values are keys stored in an + * unspecified way + * @param[in] size size of the plaintext buffer, this number must be a + * multiple of 8 + * @param[in] in buffer containing the input cyphertext + * @param[out] out buffer for the output plaintext + * @param[in] iv 64 bits input vector + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * @retval CRY_ERR_INV_KEY_TYPE the selected key is invalid for this operation. + * @retval CRY_ERR_INV_KEY_ID if the specified key identifier is invalid + * or refers to an empty key slot. + * + * @notapi + */ +cryerror_t cry_lld_decrypt_DES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv) { + + (void)cryp; + (void)key_id; + (void)size; + (void)in; + (void)out; + (void)iv; + + return CRY_ERR_INV_ALGO; +} + #endif /* HAL_USE_CRY == TRUE */ /** @} */ diff --git a/os/hal/templates/hal_crypto_lld.h b/os/hal/templates/hal_crypto_lld.h index eb139e4aa..3900b5b64 100644 --- a/os/hal/templates/hal_crypto_lld.h +++ b/os/hal/templates/hal_crypto_lld.h @@ -35,11 +35,15 @@ * @name Driver capability switches * @{ */ +#define CRY_LLD_SUPPORTS_AES TRUE #define CRY_LLD_SUPPORTS_AES_ECB TRUE #define CRY_LLD_SUPPORTS_AES_CBC TRUE -#define CRY_LLD_SUPPORTS_AES_CFB TRUE +#define CRY_LLD_SUPPORTS_AES_CFB FALSE #define CRY_LLD_SUPPORTS_AES_CTR TRUE #define CRY_LLD_SUPPORTS_AES_GCM TRUE +#define CRY_LLD_SUPPORTS_DES TRUE +#define CRY_LLD_SUPPORTS_DES_ECB TRUE +#define CRY_LLD_SUPPORTS_DES_CBC TRUE /** @{ */ /*===========================================================================*/ @@ -140,6 +144,14 @@ extern "C" { cryalgorithm_t algorithm, size_t size, const uint8_t *keyp); + cryerror_t cry_lld_encrypt_AES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_decrypt_AES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); cryerror_t cry_lld_encrypt_AES_ECB(CRYDriver *cryp, crykey_t key_id, size_t size, @@ -204,6 +216,36 @@ extern "C" { size_t aadsize, const uint8_t *aad, uint8_t *authtag); + cryerror_t cry_lld_encrypt_DES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_decrypt_DES(CRYDriver *cryp, + crykey_t key_id, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_encrypt_DES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_decrypt_DES_ECB(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out); + cryerror_t cry_lld_encrypt_DES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); + cryerror_t cry_lld_decrypt_DES_CBC(CRYDriver *cryp, + crykey_t key_id, + size_t size, + const uint8_t *in, + uint8_t *out, + const uint8_t *iv); #ifdef __cplusplus } #endif -- cgit v1.2.3