From 7454fa6ad5597582688495252c801c8daeeaf07e Mon Sep 17 00:00:00 2001 From: areviu Date: Sat, 19 May 2018 13:15:06 +0000 Subject: added SAMA HMAC + fixed TRNG 128 bit generation git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@12042 110e8d01-0319-4d1e-a829-52ad28d1bb01 --- os/hal/ports/SAMA/LLD/CRYPTOv1/sama_sha_lld.c | 70 ++++-- os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c | 295 +++++++++++++++++++++++++- os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h | 47 +++- 3 files changed, 387 insertions(+), 25 deletions(-) (limited to 'os/hal') diff --git a/os/hal/ports/SAMA/LLD/CRYPTOv1/sama_sha_lld.c b/os/hal/ports/SAMA/LLD/CRYPTOv1/sama_sha_lld.c index a2c925cd5..b88386366 100644 --- a/os/hal/ports/SAMA/LLD/CRYPTOv1/sama_sha_lld.c +++ b/os/hal/ports/SAMA/LLD/CRYPTOv1/sama_sha_lld.c @@ -179,6 +179,21 @@ cryerror_t sama_sha_lld_init(CRYDriver *cryp, struct sha_data *sha) algoregval = SHA_MR_ALGO_SHA512; break; #endif + case CRY_HMACSHA_1: + algoregval = SHA_MR_ALGO_HMAC_SHA1; + break; + case CRY_HMACSHA_224: + algoregval = SHA_MR_ALGO_HMAC_SHA224; + break; + case CRY_HMACSHA_256: + algoregval = SHA_MR_ALGO_HMAC_SHA256; + break; + case CRY_HMACSHA_384: + algoregval = SHA_MR_ALGO_HMAC_SHA384; + break; + case CRY_HMACSHA_512: + algoregval = SHA_MR_ALGO_HMAC_SHA512; + break; default: osalMutexUnlock(&cryp->mutex); return CRY_ERR_INV_ALGO; @@ -232,14 +247,19 @@ static uint32_t shaOutputSize(shadalgo_t algo) { switch (algo) { case CRY_SHA_1: + case CRY_HMACSHA_1: return 20; case CRY_SHA_224: + case CRY_HMACSHA_224: return 28; case CRY_SHA_256: + case CRY_HMACSHA_256: return 32; case CRY_SHA_384: + case CRY_HMACSHA_384: return 48; case CRY_SHA_512: + case CRY_HMACSHA_512: return 64; default: return 0; @@ -248,28 +268,42 @@ static uint32_t shaOutputSize(shadalgo_t algo) static uint32_t shadPaddedMessSize(uint8_t mode, uint32_t len) { - uint32_t k; - - switch (mode) { - case CRY_SHA_1: - case CRY_SHA_224: - case CRY_SHA_256: - k = (512 + 448 - (((len * 8) % 512) + 1)) % 512; - len += (k - 7) / 8 + 9; - break; - case CRY_SHA_384: - case CRY_SHA_512: - k = (1024 + 896 - (((len * 8) % 1024) + 1)) % 1024; - len += (k - 7) / 8 + 17; - break; - } - return len; + uint32_t k; + + switch (mode) { + case CRY_SHA_1: + case CRY_SHA_224: + case CRY_SHA_256: + case CRY_HMACSHA_1: + case CRY_HMACSHA_224: + case CRY_HMACSHA_256: + k = (512 + 448 - (((len * 8) % 512) + 1)) % 512; + len += (k - 7) / 8 + 9; + break; + case CRY_SHA_384: + case CRY_SHA_512: + case CRY_HMACSHA_384: + case CRY_HMACSHA_512: + k = (1024 + 896 - (((len * 8) % 1024) + 1)) % 1024; + len += (k - 7) / 8 + 17; + break; + } + return len; } uint8_t shaBlockSize(shadalgo_t algo) { - if ( (algo == CRY_SHA_384) || (algo == CRY_SHA_512) ) { - return 128; + + switch(algo) + { + case CRY_SHA_384: + case CRY_HMACSHA_384: + case CRY_SHA_512: + case CRY_HMACSHA_512: + return 128; + + default: + break; } return 64; diff --git a/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c b/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c index 01209bc6e..b62e4654c 100644 --- a/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c +++ b/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.c @@ -786,9 +786,6 @@ cryerror_t cry_lld_decrypt_AES_CTR(CRYDriver *cryp, * * @notapi */ - -uint8_t gcmbuff[32*2]; - cryerror_t cry_lld_encrypt_AES_GCM(CRYDriver *cryp, crykey_t key_id, size_t size, @@ -1457,6 +1454,10 @@ cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp, */ cryerror_t cry_lld_TRNG(CRYDriver *cryp, uint8_t *out) { + size_t i=0; + + osalMutexLock(&cryp->mutex); + if (!(cryp->enabledPer & TRNG_PER)) { cryp->enabledPer |= TRNG_PER; pmcEnableTRNG(); @@ -1464,14 +1465,298 @@ cryerror_t cry_lld_TRNG(CRYDriver *cryp, uint8_t *out) { //start trng TRNG->TRNG_CR = TRNG_CR_ENABLE | TRNG_CR_KEY_PASSWD; } + while (i<4) { + while (!(TRNG->TRNG_ISR & TRNG_ISR_DATRDY)); - while (!(TRNG->TRNG_ISR & TRNG_ISR_DATRDY)); + ((uint32_t*) out)[i] = TRNG->TRNG_ODATA; + i++; + } - *((uint32_t*) out) = TRNG->TRNG_ODATA; + osalMutexUnlock(&cryp->mutex); return (cryerror_t)CRY_NOERROR; } + +/** + * @brief Hash initialization using HMAC_SHA256. + * @note Use of this algorithm is not recommended because proven weak. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[out] hmacsha256ctxp pointer to a HMAC_SHA256 context to be + * initialized + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * + * @notapi + */ +cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp, + HMACSHA256Context *hmacsha256ctxp) { + + hmacsha256ctxp->kipad = 0; + + if (cryp->key0_size > HAL_CRY_MAX_KEY_SIZE) + return CRY_ERR_INV_KEY_SIZE; + + if (cryp->key0_size > 64) //this implementation doesn't hash the key + return CRY_ERR_INV_KEY_TYPE; + + return cry_lld_SHA256_init(cryp,&hmacsha256ctxp->shacontext); + +} + +/** + * @brief Hash update using HMAC. + * @note Use of this algorithm is not recommended because proven weak. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context + * @param[in] size size of input buffer + * @param[in] in buffer containing the input text + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * + * @notapi + */ +cryerror_t cry_lld_HMACSHA256_update(CRYDriver *cryp, + HMACSHA256Context *hmacsha256ctxp, + size_t size, + const uint8_t *in) { + uint8_t i; + cryerror_t res; + uint32_t buffer[16]; + + if (hmacsha256ctxp->kipad == 0) + { + memset(buffer,0,64); + memcpy(buffer,cryp->key0_buffer,cryp->key0_size); + + memset((uint8_t *)buffer + cryp->key0_size, 0, 64 - cryp->key0_size); + + for (i = 0; i < 16; ++i) { + buffer[i] ^= 0x36363636; + } + + + res = cry_lld_SHA256_update(cryp,&hmacsha256ctxp->shacontext,64,(const uint8_t *)buffer); + + hmacsha256ctxp->kipad = 1; + } + + if (res!= CRY_NOERROR) + return res; + + return cry_lld_SHA256_update(cryp,&hmacsha256ctxp->shacontext,size,in); + + +} + +/** + * @brief Hash finalization using HMAC. + * @note Use of this algorithm is not recommended because proven weak. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] hmacsha256ctxp pointer to a HMAC_SHA256 context + * @param[out] out 256 bits output buffer + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * + * @notapi + */ + +cryerror_t cry_lld_HMACSHA256_final(CRYDriver *cryp, + HMACSHA256Context *hmacsha256ctxp, + uint8_t *out) { + + uint8_t i; + cryerror_t res; + uint32_t buffer[16]; //max block size for sha256 + uint8_t digest[32]; + + //H( k1pad || m ) + + res = cry_lld_SHA256_final(cryp, &hmacsha256ctxp->shacontext,digest); + + if (res!= CRY_NOERROR) + return res; + + res = cry_lld_SHA256_init(cryp,&hmacsha256ctxp->shacontext); + + if (res!= CRY_NOERROR) + return res; + + memset(buffer,0,64); + memcpy(buffer,cryp->key0_buffer,cryp->key0_size); + + memset((uint8_t *)buffer + cryp->key0_size, 0, 64 - cryp->key0_size); + + for (i = 0; i < 16; ++i) { + buffer[i] ^= 0x5C5C5C5C; + } + + + // k+opad || H( k+ipad || m ) + res = cry_lld_SHA256_update(cryp,&hmacsha256ctxp->shacontext,64,(const uint8_t *)buffer); + + if (res!= CRY_NOERROR) + return res; + + res = cry_lld_SHA256_update(cryp,&hmacsha256ctxp->shacontext,32,digest); + + if (res!= CRY_NOERROR) + return res; + + hmacsha256ctxp->shacontext.sha.out = out; + + return cry_lld_SHA256_final(cryp, &hmacsha256ctxp->shacontext,out); +} + +/** + * @brief Hash initialization using HMAC_SHA512. + * @note Use of this algorithm is not recommended because proven weak. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[out] hmacsha512ctxp pointer to a HMAC_SHA512 context to be + * initialized + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * + * @notapi + */ +cryerror_t cry_lld_HMACSHA512_init(CRYDriver *cryp, + HMACSHA512Context *hmacsha512ctxp) { + + hmacsha512ctxp->kipad = 0; + + if (cryp->key0_size > HAL_CRY_MAX_KEY_SIZE) + return CRY_ERR_INV_KEY_SIZE; + + if (cryp->key0_size > 128) //this implementation doesn't hash the key + return CRY_ERR_INV_KEY_TYPE; + + + return cry_lld_SHA512_init(cryp,&hmacsha512ctxp->shacontext); +} + +/** + * @brief Hash update using HMAC. + * @note Use of this algorithm is not recommended because proven weak. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context + * @param[in] size size of input buffer + * @param[in] in buffer containing the input text + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * + * @notapi + */ +cryerror_t cry_lld_HMACSHA512_update(CRYDriver *cryp, + HMACSHA512Context *hmacsha512ctxp, + size_t size, + const uint8_t *in) { + + cryerror_t res; + uint8_t i; + uint32_t buffer[32]; + + if (hmacsha512ctxp->kipad == 0) + { + memset(buffer,0,128); + memcpy(buffer,cryp->key0_buffer,cryp->key0_size); + + + memset((uint8_t *)buffer + cryp->key0_size, 0, 128 - cryp->key0_size); + + for (i = 0; i < 32; ++i) { + buffer[i] ^= 0x36363636; + } + + + res = cry_lld_SHA512_update(cryp,&hmacsha512ctxp->shacontext,128,(const uint8_t *)buffer); + + if (res!= CRY_NOERROR) + return res; + + hmacsha512ctxp->kipad = 1; + } + + return cry_lld_SHA512_update(cryp,&hmacsha512ctxp->shacontext,size,in); +} + +/** + * @brief Hash finalization using HMAC. + * @note Use of this algorithm is not recommended because proven weak. + * + * @param[in] cryp pointer to the @p CRYDriver object + * @param[in] hmacsha512ctxp pointer to a HMAC_SHA512 context + * @param[out] out 512 bits output buffer + * @return The operation status. + * @retval CRY_NOERROR if the operation succeeded. + * @retval CRY_ERR_INV_ALGO if the operation is unsupported on this + * device instance. + * + * @notapi + */ +cryerror_t cry_lld_HMACSHA512_final(CRYDriver *cryp, + HMACSHA512Context *hmacsha512ctxp, + uint8_t *out) { + + uint8_t i; + cryerror_t res; + uint32_t buffer[32]; //max block size for sha256 + uint8_t digest[64]; + + //H( k1pad || m ) + + res = cry_lld_SHA512_final(cryp, &hmacsha512ctxp->shacontext,digest); + + if (res!= CRY_NOERROR) + return res; + + res = cry_lld_SHA512_init(cryp,&hmacsha512ctxp->shacontext); + + if (res!= CRY_NOERROR) + return res; + + + memset(buffer,0,128); + memcpy(buffer,cryp->key0_buffer,cryp->key0_size); + + memset((uint8_t *)buffer + cryp->key0_size, 0, 128 - cryp->key0_size); + + for (i = 0; i < 32; ++i) { + buffer[i] ^= 0x5C5C5C5C; + } + + + // k+opad || H( k+ipad || m ) + res = cry_lld_SHA512_update(cryp,&hmacsha512ctxp->shacontext,128,(const uint8_t *)buffer); + + if (res!= CRY_NOERROR) + return res; + + res = cry_lld_SHA512_update(cryp,&hmacsha512ctxp->shacontext,64,digest); + + if (res!= CRY_NOERROR) + return res; + + hmacsha512ctxp->shacontext.sha.out = out; + + return cry_lld_SHA512_final(cryp, &hmacsha512ctxp->shacontext,out); +} + + #endif /* HAL_USE_CRY */ /** @} */ diff --git a/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h b/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h index e6c08ca68..1bacbc80b 100644 --- a/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h +++ b/os/hal/ports/SAMA/SAMA5D2x/hal_crypto_lld.h @@ -15,7 +15,7 @@ */ /** - * @file hal_cry_lld.h + * @file hal_crypto_lld.h * @brief PLATFORM cryptographic subsystem low level driver header. * * @addtogroup CRYPTO @@ -47,6 +47,8 @@ #define CRY_LLD_SUPPORTS_SHA1 TRUE #define CRY_LLD_SUPPORTS_SHA256 TRUE #define CRY_LLD_SUPPORTS_SHA512 TRUE +#define CRY_LLD_SUPPORTS_HMAC_SHA256 TRUE +#define CRY_LLD_SUPPORTS_HMAC_SHA512 TRUE #define CRY_LLD_SUPPORTS_TRNG TRUE /** @{ */ @@ -118,7 +120,13 @@ typedef enum { CRY_SHA_224, CRY_SHA_256, CRY_SHA_384, - CRY_SHA_512 + CRY_SHA_512, + + CRY_HMACSHA_1, + CRY_HMACSHA_224, + CRY_HMACSHA_256, + CRY_HMACSHA_384, + CRY_HMACSHA_512, }shadalgo_t; @@ -241,6 +249,25 @@ typedef struct { struct sha_data sha; } SHA512Context; #endif +#if (CRY_LLD_SUPPORTS_HMAC_SHA256 == TRUE) || defined(__DOXYGEN__) +/** + * @brief Type of a HMAC_SHA256 context. + */ +typedef struct { + SHA256Context shacontext; + uint8_t kipad; +} HMACSHA256Context; +#endif + +#if (CRY_LLD_SUPPORTS_HMAC_SHA512 == TRUE) || defined(__DOXYGEN__) +/** + * @brief Type of a HMAC_SHA512 context. + */ +typedef struct { + SHA512Context shacontext; + uint8_t kipad; +} HMACSHA512Context; +#endif /*===========================================================================*/ /* Driver macros. */ @@ -381,6 +408,22 @@ extern "C" { size_t size, const uint8_t *in); cryerror_t cry_lld_SHA512_final(CRYDriver *cryp, SHA512Context *sha512ctxp, uint8_t *out); + cryerror_t cry_lld_HMACSHA256_init(CRYDriver *cryp, + HMACSHA256Context *hmacsha256ctxp); + cryerror_t cry_lld_HMACSHA256_update(CRYDriver *cryp, + HMACSHA256Context *hmacsha256ctxp, + size_t size, const uint8_t *in); + cryerror_t cry_lld_HMACSHA256_final(CRYDriver *cryp, + HMACSHA256Context *hmacsha256ctxp, + uint8_t *out); + cryerror_t cry_lld_HMACSHA512_init(CRYDriver *cryp, + HMACSHA512Context *hmacsha512ctxp); + cryerror_t cry_lld_HMACSHA512_update(CRYDriver *cryp, + HMACSHA512Context *hmacsha512ctxp, + size_t size, const uint8_t *in); + cryerror_t cry_lld_HMACSHA512_final(CRYDriver *cryp, + HMACSHA512Context *hmacsha512ctxp, + uint8_t *out); cryerror_t cry_lld_TRNG(CRYDriver *cryp, uint8_t *out); #ifdef __cplusplus } -- cgit v1.2.3