diff --git a/crypto/mbedtls/Kconfig b/crypto/mbedtls/Kconfig index f7e25b2a0..8c47420ae 100644 --- a/crypto/mbedtls/Kconfig +++ b/crypto/mbedtls/Kconfig @@ -144,6 +144,11 @@ config MBEDTLS_ALT ---help--- Enable Mbed TLS alted by nuttx crypto via /dev/crypto +config MBEDTLS_AES_ALT + bool "Enable Mbedt TLS AES module alted by nuttx crypto" + select MBEDTLS_ALT + default n + config MBEDTLS_SHA1_ALT bool "Enable Mbedt TLS SHA1 module alted by nuttx crypto" select MBEDTLS_ALT diff --git a/crypto/mbedtls/Makefile b/crypto/mbedtls/Makefile index 532a5a399..efa1b9756 100644 --- a/crypto/mbedtls/Makefile +++ b/crypto/mbedtls/Makefile @@ -101,6 +101,10 @@ ifeq ($(CONFIG_MBEDTLS_ALT),y) CSRCS += $(APPDIR)/crypto/mbedtls/source/dev_alt.c +ifeq ($(CONFIG_MBEDTLS_AES_ALT),y) +CSRCS += $(APPDIR)/crypto/mbedtls/source/aes_alt.c +endif + ifeq ($(CONFIG_MBEDTLS_SHA1_ALT),y) CSRCS += $(APPDIR)/crypto/mbedtls/source/sha1_alt.c endif diff --git a/crypto/mbedtls/include/aes_alt.h b/crypto/mbedtls/include/aes_alt.h new file mode 100644 index 000000000..c920b2bd3 --- /dev/null +++ b/crypto/mbedtls/include/aes_alt.h @@ -0,0 +1,44 @@ +/**************************************************************************** + * apps/crypto/mbedtls/include/aes_alt.h + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + ****************************************************************************/ + +#ifndef __APPS_CRYPTO_MBEDTLS_INCLUDE_AES_ALT_H +#define __APPS_CRYPTO_MBEDTLS_INCLUDE_AES_ALT_H + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include "dev_alt.h" + +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +#define MAX_KEY_SIZE 36 + +typedef struct mbedtls_aes_context +{ + cryptodev_context_t dev; + unsigned char key[MAX_KEY_SIZE]; +} +mbedtls_aes_context; + +#define mbedtls_aes_xts_context mbedtls_aes_context + +#endif /* __APPS_CRYPTO_MBEDTLS_INCLUDE_AES_ALT_H */ diff --git a/crypto/mbedtls/include/mbedtls/mbedtls_config.h b/crypto/mbedtls/include/mbedtls/mbedtls_config.h index 7840f7561..77e4d666b 100644 --- a/crypto/mbedtls/include/mbedtls/mbedtls_config.h +++ b/crypto/mbedtls/include/mbedtls/mbedtls_config.h @@ -349,8 +349,10 @@ * */ -/* #define MBEDTLS_AES_ALT - * #define MBEDTLS_ARC4_ALT +#ifdef CONFIG_MBEDTLS_AES_ALT +#define MBEDTLS_AES_ALT +#endif +/* #define MBEDTLS_ARC4_ALT * #define MBEDTLS_ARIA_ALT * #define MBEDTLS_BLOWFISH_ALT * #define MBEDTLS_CAMELLIA_ALT diff --git a/crypto/mbedtls/source/aes_alt.c b/crypto/mbedtls/source/aes_alt.c new file mode 100644 index 000000000..34ec26604 --- /dev/null +++ b/crypto/mbedtls/source/aes_alt.c @@ -0,0 +1,331 @@ +/**************************************************************************** + * apps/crypto/mbedtls/source/aes_alt.c + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + ****************************************************************************/ + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include "mbedtls/aes.h" +#include +#include +#include + +/**************************************************************************** + * Pre-processor Definitions + ****************************************************************************/ + +#define ECB_BLOCK_SIZE 16 +#define NONCE_LENGTH 4 + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +void mbedtls_aes_init(FAR mbedtls_aes_context *ctx) +{ + cryptodev_init(&ctx->dev); +} + +void mbedtls_aes_free(FAR mbedtls_aes_context *ctx) +{ + cryptodev_free(&ctx->dev); +} + +int mbedtls_aes_setkey_enc(FAR mbedtls_aes_context *ctx, + FAR const unsigned char *key, + unsigned int keybits) +{ + memcpy(ctx->key, key, keybits / 8); + ctx->dev.session.key = (caddr_t)ctx->key; + ctx->dev.session.keylen = keybits / 8; + return 0; +} + +int mbedtls_aes_setkey_dec(FAR mbedtls_aes_context *ctx, + FAR const unsigned char *key, + unsigned int keybits) +{ + return mbedtls_aes_setkey_enc(ctx, key, keybits); +} + +/* AES-ECB block encryption/decryption */ + +int mbedtls_aes_crypt_ecb(FAR mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) +{ + int ret; + unsigned char iv[16]; + + ctx->dev.session.cipher = CRYPTO_AES_CBC; + ret = cryptodev_get_session(&ctx->dev); + if (ret != 0) + { + return ret; + } + + memset(iv, 0, 16); + ctx->dev.crypt.ses = ctx->dev.session.ses; + ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ? + COP_ENCRYPT : COP_DECRYPT; + ctx->dev.crypt.len = ECB_BLOCK_SIZE; + ctx->dev.crypt.src = (caddr_t)input; + ctx->dev.crypt.dst = (caddr_t)output; + ctx->dev.crypt.iv = (caddr_t)iv; + ret = cryptodev_crypt(&ctx->dev); + cryptodev_free_session(&ctx->dev); + return ret; +} + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + +/* AES-CBC buffer encryption/decryption */ + +int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) +{ + int ret; + + ctx->dev.session.cipher = CRYPTO_AES_CBC; + ret = cryptodev_get_session(&ctx->dev); + if (ret != 0) + { + return ret; + } + + ctx->dev.crypt.ses = ctx->dev.session.ses; + ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ? + COP_ENCRYPT : COP_DECRYPT; + ctx->dev.crypt.len = length; + ctx->dev.crypt.src = (caddr_t)input; + ctx->dev.crypt.dst = (caddr_t)output; + ctx->dev.crypt.iv = (caddr_t)iv; + ret = cryptodev_crypt(&ctx->dev); + cryptodev_free_session(&ctx->dev); + return ret; +} +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + +#if defined(MBEDTLS_CIPHER_MODE_CTR) + +/* AES-CTR buffer encryption/decryption */ + +int mbedtls_aes_crypt_ctr(FAR mbedtls_aes_context *ctx, + size_t length, + FAR size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + FAR const unsigned char *input, + FAR unsigned char *output) +{ + int ret; + + ctx->dev.session.cipher = CRYPTO_AES_CTR; + memcpy(ctx->key + ctx->dev.session.keylen, + nonce_counter, NONCE_LENGTH); + ctx->dev.session.keylen += NONCE_LENGTH; + ret = cryptodev_get_session(&ctx->dev); + if (ret != 0) + { + return ret; + } + + ctx->dev.crypt.ses = ctx->dev.session.ses; + ctx->dev.crypt.op = COP_ENCRYPT; + ctx->dev.crypt.len = length; + ctx->dev.crypt.src = (caddr_t)input; + ctx->dev.crypt.dst = (caddr_t)output; + ctx->dev.crypt.iv = (caddr_t)nonce_counter + NONCE_LENGTH; + ret = cryptodev_crypt(&ctx->dev); + if (ret == 0) + { + *nc_off = length % ECB_BLOCK_SIZE; + } + + cryptodev_free_session(&ctx->dev); + return ret; +} +#endif /* MBEDTLS_CIPHER_MODE_CTR */ + +#if defined(MBEDTLS_CIPHER_MODE_XTS) +void mbedtls_aes_xts_init(FAR mbedtls_aes_xts_context *ctx) +{ + mbedtls_aes_init(ctx); +} + +void mbedtls_aes_xts_free(FAR mbedtls_aes_xts_context *ctx) +{ + mbedtls_aes_free(ctx); +} + +int mbedtls_aes_xts_setkey_enc(FAR mbedtls_aes_xts_context *ctx, + FAR const unsigned char *key, + unsigned int keybits) +{ + return mbedtls_aes_setkey_enc(ctx, key, keybits); +} + +int mbedtls_aes_xts_setkey_dec(FAR mbedtls_aes_xts_context *ctx, + FAR const unsigned char *key, + unsigned int keybits) +{ + return mbedtls_aes_setkey_dec(ctx, key, keybits); +} + +int mbedtls_aes_crypt_xts(FAR mbedtls_aes_xts_context *ctx, + int mode, + size_t length, + const unsigned char data_unit[16], + FAR const unsigned char *input, + FAR unsigned char *output) +{ + int ret; + unsigned char iv[16]; + + ctx->dev.session.cipher = CRYPTO_AES_XTS; + ret = cryptodev_get_session(&ctx->dev); + if (ret != 0) + { + return ret; + } + + memcpy(iv, data_unit, 16); + ctx->dev.crypt.ses = ctx->dev.session.ses; + ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ? + COP_ENCRYPT : COP_DECRYPT; + ctx->dev.crypt.len = length; + ctx->dev.crypt.src = (caddr_t)input; + ctx->dev.crypt.dst = (caddr_t)output; + ctx->dev.crypt.iv = (caddr_t)iv; + ret = cryptodev_crypt(&ctx->dev); + cryptodev_free_session(&ctx->dev); + return ret; +} +#endif /* MBEDTLS_CIPHER_MODE_XTS */ + +#if defined(MBEDTLS_CIPHER_MODE_CFB) + +/* AES-CFB128 buffer encryption/decryption */ + +int mbedtls_aes_crypt_cfb128(FAR mbedtls_aes_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) +{ + int ret; + + ctx->dev.session.cipher = CRYPTO_AES_CFB_128; + ret = cryptodev_get_session(&ctx->dev); + if (ret != 0) + { + return ret; + } + + ctx->dev.crypt.ses = ctx->dev.session.ses; + ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ? + COP_ENCRYPT : COP_DECRYPT; + ctx->dev.crypt.len = length; + ctx->dev.crypt.src = (caddr_t)input; + ctx->dev.crypt.dst = (caddr_t)output; + ctx->dev.crypt.iv = (caddr_t)iv; + ret = cryptodev_crypt(&ctx->dev); + if (ret == 0) + { + *iv_off = length % ECB_BLOCK_SIZE; + } + + cryptodev_free_session(&ctx->dev); + return ret; +} + +/* AES-CFB8 buffer encryption/decryption */ + +int mbedtls_aes_crypt_cfb8(FAR mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) +{ + int ret; + + ctx->dev.session.cipher = CRYPTO_AES_CFB_8; + ret = cryptodev_get_session(&ctx->dev); + if (ret != 0) + { + return ret; + } + + ctx->dev.crypt.ses = ctx->dev.session.ses; + ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ? + COP_ENCRYPT : COP_DECRYPT; + ctx->dev.crypt.len = length; + ctx->dev.crypt.src = (caddr_t)input; + ctx->dev.crypt.dst = (caddr_t)output; + ctx->dev.crypt.iv = (caddr_t)iv; + ret = cryptodev_crypt(&ctx->dev); + cryptodev_free_session(&ctx->dev); + return ret; +} +#endif /* MBEDTLS_CIPHER_MODE_CFB */ + +#if defined(MBEDTLS_CIPHER_MODE_OFB) + +/* AES-OFB (Output Feedback Mode) buffer encryption/decryption */ + +int mbedtls_aes_crypt_ofb(FAR mbedtls_aes_context *ctx, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) +{ + int ret; + + ctx->dev.session.cipher = CRYPTO_AES_OFB; + ret = cryptodev_get_session(&ctx->dev); + if (ret != 0) + { + return ret; + } + + ctx->dev.crypt.ses = ctx->dev.session.ses; + ctx->dev.crypt.op = COP_ENCRYPT; + ctx->dev.crypt.len = length; + ctx->dev.crypt.src = (caddr_t)input; + ctx->dev.crypt.dst = (caddr_t)output; + ctx->dev.crypt.iv = (caddr_t)iv; + ret = cryptodev_crypt(&ctx->dev); + if (ret == 0) + { + *iv_off = length % ECB_BLOCK_SIZE; + } + + cryptodev_free_session(&ctx->dev); + return ret; +} +#endif /* MBEDTLS_CIPHER_MODE_OFB */