ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

STM32F4 V1.19.0 -> V1.25.0 : MBEDTLS adaptation

pull/12626/head
jeromecoutant 2020-03-16 18:14:08 +01:00
parent 33fc5000a9
commit 4b9a7fa86a
2 changed files with 176 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.c
View File

@ -23,20 +23,66 @@
#if defined(MBEDTLS_AES_ALT) #if defined(MBEDTLS_AES_ALT)
#if MBED_CONF_MBED_TRACE_ENABLE
#define TLSPRINT 1
#endif
static uint32_t swap(uint32_t in)
{
uint32_t in1, in2, in3, in4, out;
in1 = ((in & 0xff000000) >> 24);
in2 = ((in & 0x00FF0000) >> 8);
in3 = ((in & 0x0000FF00) << 8);
in4 = ((in & 0xFF) << 24);
out = in1 | in2 | in3 | in4;
return out;
}
static int aes_set_key(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) static int aes_set_key(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits)
{ {
#if TLSPRINT
mbedtls_printf(" ****** aes_set_key *******\n");
mbedtls_printf("keybits = %d\n", keybits);
#endif
switch (keybits) { switch (keybits) {
case 128: case 128:
ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_128B; ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_128B;
memcpy(ctx->aes_key, key, 16); memcpy(ctx->aes_key, key, 16);
ctx->aes_key[0] = swap(ctx->aes_key[0]);
ctx->aes_key[1] = swap(ctx->aes_key[1]);
ctx->aes_key[2] = swap(ctx->aes_key[2]);
ctx->aes_key[3] = swap(ctx->aes_key[3]);
break; break;
case 192: case 192:
ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_192B; ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_192B;
memcpy(ctx->aes_key, key, 24); memcpy(ctx->aes_key, key, 24);
ctx->aes_key[0] = swap(ctx->aes_key[0]);
ctx->aes_key[1] = swap(ctx->aes_key[1]);
ctx->aes_key[2] = swap(ctx->aes_key[2]);
ctx->aes_key[3] = swap(ctx->aes_key[3]);
ctx->aes_key[4] = swap(ctx->aes_key[4]);
ctx->aes_key[5] = swap(ctx->aes_key[5]);
break; break;
case 256: case 256:
ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_256B; ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_256B;
memcpy(ctx->aes_key, key, 32); memcpy(ctx->aes_key, key, 32);
ctx->aes_key[0] = swap(ctx->aes_key[0]);
ctx->aes_key[1] = swap(ctx->aes_key[1]);
ctx->aes_key[2] = swap(ctx->aes_key[2]);
ctx->aes_key[3] = swap(ctx->aes_key[3]);
ctx->aes_key[4] = swap(ctx->aes_key[4]);
ctx->aes_key[5] = swap(ctx->aes_key[5]);
ctx->aes_key[6] = swap(ctx->aes_key[6]);
ctx->aes_key[7] = swap(ctx->aes_key[7]);
break; break;
default : default :
return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH);
@ -67,6 +113,10 @@ static int aes_set_key(mbedtls_aes_context *ctx, const unsigned char *key, unsig
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize(void *v, size_t n) static void mbedtls_zeroize(void *v, size_t n)
{ {
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_zeroize *******\n");
#endif
volatile unsigned char *p = (unsigned char *)v; volatile unsigned char *p = (unsigned char *)v;
while (n--) { while (n--) {
*p++ = 0; *p++ = 0;
@ -76,13 +126,20 @@ static void mbedtls_zeroize(void *v, size_t n)
void mbedtls_aes_init(mbedtls_aes_context *ctx) void mbedtls_aes_init(mbedtls_aes_context *ctx)
{ {
memset(ctx, 0, sizeof(mbedtls_aes_context)); #if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_init *******\n");
#endif
memset(ctx, 0, sizeof(mbedtls_aes_context));
} }
void mbedtls_aes_free(mbedtls_aes_context *ctx) void mbedtls_aes_free(mbedtls_aes_context *ctx)
{ {
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_free *******\n");
#endif
if (ctx == NULL) { if (ctx == NULL) {
return; return;
} }
@ -108,6 +165,19 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits) unsigned int keybits)
{ {
int ret_val = 0; int ret_val = 0;
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_setkey_enc *******\n");
mbedtls_printf("enc keybits : %d\n", keybits);
mbedtls_printf("enc key :\n");
for (int i = 1; i <= keybits / 8; i++) {
mbedtls_printf("%x\t", key[i - 1]);
if ((i % 8) == 0) {
mbedtls_printf("\n");
}
}
#endif
ret_val = aes_set_key(ctx, key, keybits); ret_val = aes_set_key(ctx, key, keybits);
return (ret_val); return (ret_val);
} }
@ -116,6 +186,19 @@ int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits) unsigned int keybits)
{ {
int ret_val = 0; int ret_val = 0;
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_setkey_dec *******\n");
mbedtls_printf("dec keybits : %d\n", keybits);
mbedtls_printf("enc key:\n");
for (int i = 1; i <= keybits / 8; i++) {
mbedtls_printf("%x\t", key[i - 1]);
if ((i % 8) == 0) {
mbedtls_printf("\n");
}
}
#endif
ret_val = aes_set_key(ctx, key, keybits); ret_val = aes_set_key(ctx, key, keybits);
return (ret_val); return (ret_val);
} }
@ -126,20 +209,65 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16]) unsigned char output[16])
{ {
int ret;
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_crypt_ecb (%s)*******\n", mode == MBEDTLS_AES_DECRYPT ? "decrypt" : "encrypt");
mbedtls_printf("input:\n");
for (int i = 1; i <= 16; i++) {
mbedtls_printf("%x\t", input[i - 1]);
if ((i % 8) == 0) {
mbedtls_printf("\n");
}
}
#endif
/* allow multi-instance of CRYP use: restore context for CRYP hw module */ /* allow multi-instance of CRYP use: restore context for CRYP hw module */
ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr; ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr;
ctx->hcryp_aes.Phase = HAL_CRYP_PHASE_READY;
ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B;
ctx->hcryp_aes.Init.pKey = ctx->aes_key; ctx->hcryp_aes.Init.pKey = ctx->aes_key;
/* Set the Algo if not configured till now */
if (CRYP_AES_ECB != (ctx->hcryp_aes.Instance->CR & CRYP_AES_ECB)) {
ctx->hcryp_aes.Init.Algorithm = CRYP_AES_ECB;
/* Configure the CRYP */
HAL_CRYP_SetConfig(&ctx->hcryp_aes, &ctx->hcryp_aes.Init);
#if TLSPRINT
mbedtls_printf(" ****** AES ECB algo configuration set : %ld *******\n", CRYP_AES_ECB);
#endif
}
if (mode == MBEDTLS_AES_DECRYPT) { /* AES decryption */ if (mode == MBEDTLS_AES_DECRYPT) { /* AES decryption */
if (mbedtls_internal_aes_decrypt(ctx, input, output)) { ret = mbedtls_internal_aes_decrypt(ctx, input, output);
if (ret) {
return ST_ERR_AES_BUSY; return ST_ERR_AES_BUSY;
} else {
#if TLSPRINT
mbedtls_printf("dec output :\n");
for (int j = 1; j <= 16; j++) {
mbedtls_printf("%x\t", output[j - 1]);
if ((j % 8) == 0) {
mbedtls_printf("\n");
}
}
#endif
} }
} else { /* AES encryption */ } else { /* AES encryption */
if (mbedtls_internal_aes_encrypt(ctx, input, output)) { ret = mbedtls_internal_aes_encrypt(ctx, input, output);
if (ret) {
return ST_ERR_AES_BUSY; return ST_ERR_AES_BUSY;
} else {
#if TLSPRINT
mbedtls_printf("enc output :\n");
for (int k = 1; k <= 16; k++) {
mbedtls_printf("%x\t", output[k - 1]);
if ((k % 8) == 0) {
mbedtls_printf("\n");
}
}
#endif
} }
} }
/* allow multi-instance of CRYP use: save context for CRYP HW module CR */ /* allow multi-instance of CRYP use: save context for CRYP HW module CR */
@ -151,6 +279,9 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
#if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_CIPHER_MODE_CBC)
static int st_cbc_restore_context(mbedtls_aes_context *ctx) static int st_cbc_restore_context(mbedtls_aes_context *ctx)
{ {
#if TLSPRINT
mbedtls_printf(" ****** st_cbc_restore_context *******\n");
#endif
/* allow multi-instance of CRYP use: restore context for CRYP hw module */ /* allow multi-instance of CRYP use: restore context for CRYP hw module */
ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr; ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr;
/* Re-initialize AES processor with proper parameters /* Re-initialize AES processor with proper parameters
@ -173,16 +304,29 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
{ {
uint32_t tickstart; uint32_t tickstart;
uint32_t *iv_ptr = (uint32_t *)&iv[0]; uint32_t *iv_ptr = (uint32_t *)&iv[0];
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_crypt_cbc *******\n");
#endif
if (length % 16) { if (length % 16) {
return (MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH); return (MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH);
} }
ctx->hcryp_aes.Init.pInitVect = &iv[0]; ctx->hcryp_aes.Init.pInitVect = (uint32_t *)&iv[0];
if (st_cbc_restore_context(ctx) != 0) { if (st_cbc_restore_context(ctx) != 0) {
return (ST_ERR_AES_BUSY); return (ST_ERR_AES_BUSY);
} }
/* Set the Algo if not configured till now */
if (CRYP_AES_CBC != (ctx->hcryp_aes.Instance->CR & CRYP_AES_CBC)) {
ctx->hcryp_aes.Init.Algorithm = CRYP_AES_CBC;
/* Configure the CRYP */
HAL_CRYP_SetConfig(&ctx->hcryp_aes, &ctx->hcryp_aes.Init);
}
if (mode == MBEDTLS_AES_DECRYPT) { if (mode == MBEDTLS_AES_DECRYPT) {
if (HAL_CRYP_AESCBC_Decrypt(&ctx->hcryp_aes, (uint8_t *)input, length, (uint8_t *)output, 10) != HAL_OK) { if (HAL_CRYP_Decrypt(&ctx->hcryp_aes, (uint32_t *)input, length / 4, (uint32_t *)output, 10) != HAL_OK) {
return ST_ERR_AES_BUSY; return ST_ERR_AES_BUSY;
} }
/* Save the internal IV vector for multi context purpose */ /* Save the internal IV vector for multi context purpose */
@ -199,7 +343,7 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
*iv_ptr++ = ctx->hcryp_aes.Instance->IV1LR; *iv_ptr++ = ctx->hcryp_aes.Instance->IV1LR;
*iv_ptr++ = ctx->hcryp_aes.Instance->IV1RR; *iv_ptr++ = ctx->hcryp_aes.Instance->IV1RR;
} else { } else {
if (HAL_CRYP_AESCBC_Encrypt(&ctx->hcryp_aes, (uint8_t *)input, length, (uint8_t *)output, 10) != HAL_OK) { if (HAL_CRYP_Encrypt(&ctx->hcryp_aes, (uint32_t *)input, length / 4, (uint32_t *)output, 10) != HAL_OK) {
return ST_ERR_AES_BUSY; return ST_ERR_AES_BUSY;
} }
memcpy(iv, output, 16); /* current output is the IV vector for the next call */ memcpy(iv, output, 16); /* current output is the IV vector for the next call */
@ -222,6 +366,10 @@ int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
int c; int c;
size_t n = *iv_off; size_t n = *iv_off;
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_crypt_cfb128 *******\n");
#endif
if (mode == MBEDTLS_AES_DECRYPT) { if (mode == MBEDTLS_AES_DECRYPT) {
while (length--) { while (length--) {
if (n == 0) if (n == 0)
@ -264,6 +412,10 @@ int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
unsigned char c; unsigned char c;
unsigned char ov[17]; unsigned char ov[17];
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_crypt_cfb8 *******\n");
#endif
while (length--) { while (length--) {
memcpy(ov, iv, 16); memcpy(ov, iv, 16);
if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv) != 0) { if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv) != 0) {
@ -327,7 +479,11 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16]) unsigned char output[16])
{ {
if (HAL_CRYP_AESECB_Encrypt(&ctx->hcryp_aes, (uint8_t *)input, 16, (uint8_t *)output, 10) != HAL_OK) { #if TLSPRINT
mbedtls_printf(" ****** mbedtls_internal_aes_encrypt *******\n");
#endif
if (HAL_CRYP_Encrypt(&ctx->hcryp_aes, (uint32_t *)input, 4, (uint32_t *)output, 10) != HAL_OK) {
// error found // error found
return ST_ERR_AES_BUSY; return ST_ERR_AES_BUSY;
} }
@ -339,7 +495,11 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16]) unsigned char output[16])
{ {
if (HAL_CRYP_AESECB_Decrypt(&ctx->hcryp_aes, (uint8_t *)input, 16, (uint8_t *)output, 10) != HAL_OK) { #if TLSPRINT
mbedtls_printf(" ****** mbedtls_internal_aes_decrypt *******\n");
#endif
if (HAL_CRYP_Decrypt(&ctx->hcryp_aes, (uint32_t *)input, 4, (uint32_t *)output, 10) != HAL_OK) {
// error found // error found
return ST_ERR_AES_BUSY; return ST_ERR_AES_BUSY;
} }
@ -351,6 +511,9 @@ void mbedtls_aes_encrypt(mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16]) unsigned char output[16])
{ {
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_encrypt *******\n");
#endif
mbedtls_internal_aes_encrypt(ctx, input, output); mbedtls_internal_aes_encrypt(ctx, input, output);
} }
@ -358,6 +521,9 @@ void mbedtls_aes_decrypt(mbedtls_aes_context *ctx,
const unsigned char input[16], const unsigned char input[16],
unsigned char output[16]) unsigned char output[16])
{ {
#if TLSPRINT
mbedtls_printf(" ****** mbedtls_aes_decrypt *******\n");
#endif
mbedtls_internal_aes_decrypt(ctx, input, output); mbedtls_internal_aes_decrypt(ctx, input, output);
} }
#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_DEPRECATED_REMOVED */

2
features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.h
View File

@ -42,7 +42,7 @@ extern "C" {
* generating an extra round key * generating an extra round key
*/ */
typedef struct { typedef struct {
unsigned char aes_key[32]; /* Decryption key */ uint32_t aes_key[8]; /* Decryption key */
CRYP_HandleTypeDef hcryp_aes; CRYP_HandleTypeDef hcryp_aes;
uint32_t ctx_save_cr; /* save context for multi-instance */ uint32_t ctx_save_cr; /* save context for multi-instance */
} }