diff --git a/cpu/nrf52/Kconfig b/cpu/nrf52/Kconfig index ae38d8121e..06fc1501be 100644 --- a/cpu/nrf52/Kconfig +++ b/cpu/nrf52/Kconfig @@ -69,6 +69,15 @@ config CPU_MODEL_NRF52840XXAA select HAS_BLE_PHY_CODED select HAS_RADIO_NRF802154 select HAS_PERIPH_UART_NONBLOCKING + select HAS_PERIPH_HASH_SHA_1 + select HAS_PERIPH_HASH_SHA_224 + select HAS_PERIPH_HASH_SHA_256 + select HAS_PERIPH_HASH_SHA_512 + select HAS_PERIPH_HMAC_SHA_256 + select HAS_PERIPH_CIPHER_AES_128_CBC + select HAS_PERIPH_ECC_P192R1 + select HAS_PERIPH_ECC_P256R1 + select HAS_PERIPH_CRYPTOCELL_310 ## CPU common symbols config CPU_FAM diff --git a/cpu/nrf52/Makefile.dep b/cpu/nrf52/Makefile.dep index 6064e77544..9503c70377 100644 --- a/cpu/nrf52/Makefile.dep +++ b/cpu/nrf52/Makefile.dep @@ -36,5 +36,6 @@ ifneq (,$(filter periph_spi,$(USEMODULE))) USEMODULE += periph_spi_gpio_mode endif +include $(RIOTCPU)/nrf52/periph/Makefile.dep include $(RIOTCPU)/nrf5x_common/Makefile.dep include $(RIOTCPU)/cortexm_common/Makefile.dep diff --git a/cpu/nrf52/Makefile.features b/cpu/nrf52/Makefile.features index 52fd4ec7c0..7b8a3755fc 100644 --- a/cpu/nrf52/Makefile.features +++ b/cpu/nrf52/Makefile.features @@ -10,6 +10,18 @@ ifneq (,$(filter nrf52811xxaa nrf52820xxaa nrf52833xxaa nrf52840xxaa,$(CPU_MODEL FEATURES_PROVIDED += radio_nrf802154 endif +# crypto features +ifneq (,$(filter nrf52840xxaa,$(CPU_MODEL))) + FEATURES_PROVIDED += periph_hash_sha_1 + FEATURES_PROVIDED += periph_hash_sha_224 + FEATURES_PROVIDED += periph_hash_sha_256 + FEATURES_PROVIDED += periph_hash_sha_512 + FEATURES_PROVIDED += periph_hmac_sha_256 + FEATURES_PROVIDED += periph_cipher_aes_128_cbc + FEATURES_PROVIDED += periph_ecc_p192r1 + FEATURES_PROVIDED += periph_ecc_p256r1 +endif + ifeq (,$(filter nrf52832%,$(CPU_MODEL))) FEATURES_PROVIDED += periph_uart_nonblocking endif @@ -33,6 +45,10 @@ ifneq (,$(filter nrf52811% nrf52820% nrf52833% nrf52840%,$(CPU_MODEL))) FEATURES_PROVIDED += ble_phy_coded endif +ifneq (,$(filter nrf52840%,$(CPU_MODEL))) + FEATURES_PROVIDED += periph_cryptocell_310 +endif + FEATURES_PROVIDED += ble_adv_ext include $(RIOTCPU)/nrf5x_common/Makefile.features diff --git a/cpu/nrf52/periph/Kconfig b/cpu/nrf52/periph/Kconfig index eed36b152b..ef2100bdf8 100644 --- a/cpu/nrf52/periph/Kconfig +++ b/cpu/nrf52/periph/Kconfig @@ -12,6 +12,61 @@ config MODULE_SAUL_NRF_VDDH depends on HAS_PERIPH_ADC select MODULE_PERIPH_ADC +config MODULE_PERIPH_CRYPTOCELL_310 + bool + depends on HAS_PERIPH_CRYPTOCELL_310 + select PACKAGE_DRIVER_CRYPTOCELL_310 + +# Asymmetric Crypto Peripheral +config MODULE_PERIPH_ECC_P192R1 + bool + depends on HAS_PERIPH_ECC_P192R1 + select MODULE_PERIPH_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_ECC_P192 + +config MODULE_PERIPH_ECC_P256R1 + bool + depends on HAS_PERIPH_ECC_P256R1 + select MODULE_PERIPH_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_ECC_P256 + +# Hash Related Symbols +config MODULE_PERIPH_HASH_SHA_1 + bool + depends on HAS_PERIPH_HASH_SHA_1 + select MODULE_PERIPH_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA1 + +config MODULE_PERIPH_HASH_SHA_224 + bool + depends on HAS_PERIPH_HASH_SHA_224 + select MODULE_PERIPH_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA224 + +config MODULE_PERIPH_HASH_SHA_256 + bool + depends on HAS_PERIPH_HASH_SHA_256 + select MODULE_PERIPH_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA256 + +config MODULE_PERIPH_HASH_SHA_512 + bool + depends on HAS_PERIPH_HASH_SHA_512 + select MODULE_PERIPH_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA512 + +config MODULE_PERIPH_CIPHER_AES_128_CBC + bool + depends on HAS_PERIPH_CIPHER_AES_128_CBC + select MODULE_PERIPH_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_AES_CBC + +config MODULE_PERIPH_HMAC_SHA_256 + bool + depends on HAS_PERIPH_HMAC_SHA_256 + select MODULE_PERIPH_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_HMAC + endif # TEST_KCONFIG config HAVE_SAUL_NRF_VDDH diff --git a/cpu/nrf52/periph/Makefile.dep b/cpu/nrf52/periph/Makefile.dep new file mode 100644 index 0000000000..28f2d30fb3 --- /dev/null +++ b/cpu/nrf52/periph/Makefile.dep @@ -0,0 +1,39 @@ +ifneq (,$(filter periph_ecc_p192r1,$(USEMODULE))) + USEPKG += driver_cryptocell_310 + USEMODULE += psa_cryptocell_310_ecc_p192 +endif + +ifneq (,$(filter periph_ecc_p256r1,$(USEMODULE))) + USEPKG += driver_cryptocell_310 + USEMODULE += psa_cryptocell_310_ecc_p256 +endif + +ifneq (,$(filter periph_hash_sha_1,$(USEMODULE))) + USEPKG += driver_cryptocell_310 + USEMODULE += psa_cryptocell_310_hashes_sha1 +endif + +ifneq (,$(filter periph_hash_sha_224,$(USEMODULE))) + USEPKG += driver_cryptocell_310 + USEMODULE += psa_cryptocell_310_hashes_sha224 +endif + +ifneq (,$(filter periph_hash_sha_256,$(USEMODULE))) + USEPKG += driver_cryptocell_310 + USEMODULE += psa_cryptocell_310_hashes_sha256 +endif + +ifneq (,$(filter periph_hash_sha_512,$(USEMODULE))) + USEPKG += driver_cryptocell_310 + USEMODULE += psa_cryptocell_310_hashes_sha512 +endif + +ifneq (,$(filter periph_cipher_aes_128_cbc,$(USEMODULE))) + USEPKG += driver_cryptocell_310 + USEMODULE += psa_cryptocell_310_aes_cbc +endif + +ifneq (,$(filter periph_hmac_sha_256,$(USEMODULE))) + USEPKG += driver_cryptocell_310 + USEMODULE += psa_cryptocell_310_hmac +endif diff --git a/kconfigs/Kconfig.features b/kconfigs/Kconfig.features index d45aa29074..b2314d914e 100644 --- a/kconfigs/Kconfig.features +++ b/kconfigs/Kconfig.features @@ -134,6 +134,11 @@ config HAS_CPU_CHECK_ADDRESS help Indicates that address validity check is supported. +config HAS_PERIPH_CRYPTOCELL_310 + bool + help + Indicates that a cryptocell peripheral is present. + config HAS_DBGPIN bool help @@ -188,6 +193,11 @@ config HAS_PERIPH_CAN help Indicates that a CAN peripheral is present. +config HAS_PERIPH_CIPHER_AES_128_CBC + bool + help + Indicates that there is AES 128 CBC hardware acceleration present + config HAS_PERIPH_CORETIMER bool help @@ -208,6 +218,16 @@ config HAS_PERIPH_DMA help Indicates that a DMA peripheral is present. +config HAS_PERIPH_ECC_P192R1 + bool + help + Indicates that there is ECC P192R1 hardware acceleration peripheral present. + +config HAS_PERIPH_ECC_P256R1 + bool + help + Indicates that there is ECC P256R1 hardware acceleration peripheral present. + config HAS_PERIPH_EEPROM bool help @@ -285,6 +305,36 @@ config HAS_PERIPH_GPIO_LL_IRQ_UNMASK Indicates that the GPIO peripheral supports unmasking interrupts without clearing pending IRQs that came in while masked. +config HAS_PERIPH_HASH_MD5 + bool + help + Indicates that there is MD5 hardware acceleration present. + +config HAS_PERIPH_HASH_SHA_1 + bool + help + Indicates that there is SHA-1 hardware acceleration present. + +config HAS_PERIPH_HASH_SHA_224 + bool + help + Indicates that there is SHA-224 hardware acceleration present. + +config HAS_PERIPH_HASH_SHA_256 + bool + help + Indicates that there is SHA-256 hardware acceleration present. + +config HAS_PERIPH_HASH_SHA_512 + bool + help + Indicates that there is SHA-512 hardware acceleration present. + +config HAS_PERIPH_HMAC_SHA_256 + bool + help + Indicates that there is HMAC SHA-256 hardware acceleration present. + config HAS_PERIPH_HWRNG bool help diff --git a/makefiles/features_modules.inc.mk b/makefiles/features_modules.inc.mk index 2586c4682a..a45e4cbf88 100644 --- a/makefiles/features_modules.inc.mk +++ b/makefiles/features_modules.inc.mk @@ -11,9 +11,13 @@ USEMODULE += $(PERIPH_FEATURES) # Add all USED periph_% init modules unless they are blacklisted PERIPH_IGNORE_MODULES := \ + periph_cipher_aes_128_cbc \ periph_clic \ periph_common \ periph_coretimer \ + periph_cryptocell_310 \ + periph_ecc_p192r1 \ + periph_ecc_p256r1 \ periph_eth \ periph_eth_common \ periph_flash \ @@ -25,6 +29,11 @@ PERIPH_IGNORE_MODULES := \ periph_gpio_ll_irq_level_triggered_low \ periph_gpio_ll_irq_unmask \ periph_gpio_mux \ + periph_hash_sha_1 \ + periph_hash_sha_224 \ + periph_hash_sha_256 \ + periph_hash_sha_512 \ + periph_hmac_sha_256 \ periph_i2c_hw \ periph_i2c_sw \ periph_init% \ diff --git a/pkg/Kconfig b/pkg/Kconfig index c2d0e8d7ef..537594aa57 100644 --- a/pkg/Kconfig +++ b/pkg/Kconfig @@ -17,6 +17,7 @@ rsource "corejson/Kconfig" rsource "cryptoauthlib/Kconfig" rsource "driver_atwinc15x0/Kconfig" rsource "driver_bme680/Kconfig" +rsource "driver_cryptocell_310/Kconfig" rsource "driver_sx126x/Kconfig" rsource "elk/Kconfig" rsource "emlearn/Kconfig" diff --git a/pkg/driver_cryptocell_310/Kconfig b/pkg/driver_cryptocell_310/Kconfig new file mode 100644 index 0000000000..411982bfc4 --- /dev/null +++ b/pkg/driver_cryptocell_310/Kconfig @@ -0,0 +1,19 @@ +# Copyright (c) 2020 HAW Hamburg +# +# This file is subject to the terms and conditions of the GNU Lesser +# General Public License v2.1. See the file LICENSE in the top level +# directory for more details. +# + +config PACKAGE_DRIVER_CRYPTOCELL_310 + bool + depends on CPU_MODEL_NRF52840XXAA + depends on TEST_KCONFIG + depends on HAS_PERIPH_CRYPTOCELL_310 + depends on MODULE_PERIPH_CRYPTOCELL_310 + select MODULE_DRIVER_CRYPTOCELL_310_CONTRIB + +config MODULE_DRIVER_CRYPTOCELL_310_CONTRIB + bool + +rsource "psa_cryptocell_310/Kconfig" diff --git a/pkg/driver_cryptocell_310/Makefile b/pkg/driver_cryptocell_310/Makefile new file mode 100644 index 0000000000..43f5d2338e --- /dev/null +++ b/pkg/driver_cryptocell_310/Makefile @@ -0,0 +1,36 @@ +PKG_NAME=driver_cryptocell_310 +PKG_URL=https://www.nordicsemi.com/-/media/Software-and-other-downloads/SDKs/nRF5/Binaries +PKG_VERSION=17.1.0 +PKG_EXT=zip +PKG_DIR_NAME=nRF5_SDK_17.1.0_ddde560 +PKG_LICENSE=ARM Object Code and Header Files License + +PKG_SOURCE_DIR ?= $(PKGDIRBASE)/$(PKG_NAME) +NRF_CC310_PATH = $(PKG_DIR_NAME)/external/nrf_cc310 +PKG_ZIPFILE = $(PKG_DIR_NAME).$(PKG_EXT) + +ifneq ($(RIOTBASE),) +include $(RIOTBASE)/Makefile.base +endif + +.PHONY: all clean distclean prepare + +prepare: $(PKG_PREPARED) + @: + +all: $(PKGDIRBASE)/$(PKG_ZIPFILE) + $(Q)$(UNZIP_HERE) -D -n -d $(PKGDIRBASE) $(PKGDIRBASE)/$(PKG_ZIPFILE) + $(Q) mkdir -p $(PKG_SOURCE_DIR)/include + $(Q)cp $(PKGDIRBASE)/$(NRF_CC310_PATH)/include/* $(PKG_SOURCE_DIR)/include + $(Q)cp $(PKGDIRBASE)/$(NRF_CC310_PATH)/lib/cortex-m4/hard-float/libnrf_cc310_0.9.13.a $(PKG_SOURCE_DIR) + $(Q)rm -rf $(PKGDIRBASE)/$(PKG_DIR_NAME) + +$(PKGDIRBASE)/$(PKG_ZIPFILE): + $(QQ)mkdir -p $(PKGDIRBASE) + $(Q)$(DOWNLOAD_TO_FILE) $(PKGDIRBASE)/$(PKG_ZIPFILE) $(PKG_URL)/$(PKG_ZIPFILE) + +clean:: + rm -rf $(PKG_SOURCE_DIR) + +distclean:: + rm -rf $(PKG_SOURCE_DIR) $(PKGDIRBASE)/$(PKG_ZIPFILE) diff --git a/pkg/driver_cryptocell_310/Makefile.dep b/pkg/driver_cryptocell_310/Makefile.dep new file mode 100644 index 0000000000..71b6dec28b --- /dev/null +++ b/pkg/driver_cryptocell_310/Makefile.dep @@ -0,0 +1,6 @@ +USEMODULE += driver_cryptocell_310_contrib +FEATURES_REQUIRED += periph_cryptocell_310 + +ifneq (,$(filter psa_cryptocell_310_%,$(USEMODULE))) + include $(RIOTPKG)/driver_cryptocell_310/psa_cryptocell_310/Makefile.dep +endif diff --git a/pkg/driver_cryptocell_310/Makefile.include b/pkg/driver_cryptocell_310/Makefile.include new file mode 100644 index 0000000000..dfcc0d2767 --- /dev/null +++ b/pkg/driver_cryptocell_310/Makefile.include @@ -0,0 +1,25 @@ +INCLUDES += -I$(PKGDIRBASE)/driver_cryptocell_310/include +INCLUDES += -I$(RIOTPKG)/driver_cryptocell_310/include +DIRS += $(RIOTPKG)/driver_cryptocell_310/contrib + +ARCHIVES += $(PKGDIRBASE)/driver_cryptocell_310/libnrf_cc310_0.9.13.a + +ifneq (,$(filter psa_cryptocell_310_%, $(USEMODULE))) + DIRS += $(RIOTPKG)/driver_cryptocell_310/psa_cryptocell_310 + INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include +endif + +CFLAGS += -Wno-cast-align + +PSEUDOMODULES += psa_cryptocell_310_aes_cbc +PSEUDOMODULES += psa_cryptocell_310_aes_common +PSEUDOMODULES += psa_cryptocell_310_ecc_common +PSEUDOMODULES += psa_cryptocell_310_ecc_p192 +PSEUDOMODULES += psa_cryptocell_310_ecc_p256 +PSEUDOMODULES += psa_cryptocell_310_error_conversion +PSEUDOMODULES += psa_cryptocell_310_hashes_common +PSEUDOMODULES += psa_cryptocell_310_hashes_sha1 +PSEUDOMODULES += psa_cryptocell_310_hashes_sha224 +PSEUDOMODULES += psa_cryptocell_310_hashes_sha256 +PSEUDOMODULES += psa_cryptocell_310_hashes_sha512 +PSEUDOMODULES += psa_cryptocell_310_hmac diff --git a/pkg/driver_cryptocell_310/contrib/Makefile b/pkg/driver_cryptocell_310/contrib/Makefile new file mode 100644 index 0000000000..337ea09f1b --- /dev/null +++ b/pkg/driver_cryptocell_310/contrib/Makefile @@ -0,0 +1,3 @@ +MODULE = driver_cryptocell_310_contrib + +include $(RIOTBASE)/Makefile.base diff --git a/pkg/driver_cryptocell_310/contrib/cryptocell_util.c b/pkg/driver_cryptocell_310/contrib/cryptocell_util.c new file mode 100644 index 0000000000..2a20241db3 --- /dev/null +++ b/pkg/driver_cryptocell_310/contrib/cryptocell_util.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2020 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief Setup function necessary to enable ARM CryptoCell module + * + * @author Lena Boeckmann + */ + +#include "vendor/nrf52840.h" +#include "sns_silib.h" +#include "kernel_defines.h" + +#define ENABLE_DEBUG 0 +#include "debug.h" + +CRYS_RND_WorkBuff_t *rndWorkBuff_ptr; +CRYS_RND_State_t *rndState_ptr; + +CRYS_RND_State_t rndState = { 0 }; +CRYS_RND_WorkBuff_t rndWorkBuff = { 0 }; + +/* Defined by the CryptoCell Library */ +extern void CRYPTOCELL_IRQHandler(void); + +/* This function must be defined to use the CryptoCell module on the NRF52840 board */ +void isr_cryptocell(void) +{ + CRYPTOCELL_IRQHandler(); +} + +void cryptocell_310_enable(void) +{ + NRF_CRYPTOCELL->ENABLE = 1; + NVIC_EnableIRQ(CRYPTOCELL_IRQn); +} + +void cryptocell_310_disable(void) +{ + NRF_CRYPTOCELL->ENABLE = 0; + NVIC_DisableIRQ(CRYPTOCELL_IRQn); +} + +void driver_cryptocell_310_setup(void) +{ + int ret = 0; + + rndState_ptr = &rndState; + rndWorkBuff_ptr = &rndWorkBuff; + + cryptocell_310_enable(); + + ret = SaSi_LibInit(); + if (ret != SA_SILIB_RET_OK) { + DEBUG("SaSi_LibInit failed: 0x%x\n", ret); + } + + ret = CRYS_RndInit(rndState_ptr, rndWorkBuff_ptr); + if (ret != SA_SILIB_RET_OK) { + DEBUG("CRYS_RndInit failed: 0x%x\n", ret); + } +} + +void driver_cryptocell_310_terminate(void) +{ + int ret = 0; + + SaSi_LibFini(); + + ret = CRYS_RND_UnInstantiation(rndState_ptr); + if (ret != SA_SILIB_RET_OK) { + DEBUG("CRYS_RND_UnInstatiation failed: 0x%x\n", ret); + } +} diff --git a/pkg/driver_cryptocell_310/doc.txt b/pkg/driver_cryptocell_310/doc.txt new file mode 100644 index 0000000000..71a8804ef9 --- /dev/null +++ b/pkg/driver_cryptocell_310/doc.txt @@ -0,0 +1,10 @@ +/** + * @defgroup pkg_driver_cryptocell_310 ARM CryptoCell 310 Driver + * @ingroup pkg drivers_misc + * @brief Provides the driver for the ARM CryptoCell 310 hardware accelerator + * @see https://infocenter.nordicsemi.com/topic/sdk_nrf5_v17.1.0/group__cryptocell__api.html + * + * @note The source of this package is not a git repository, but a zip file downloaded + * from the Nordic Semiconductor software center. It is quite large and takes a + * while to download. + */ diff --git a/pkg/driver_cryptocell_310/driver_cryptocell_310.mk b/pkg/driver_cryptocell_310/driver_cryptocell_310.mk new file mode 100644 index 0000000000..5836b5137f --- /dev/null +++ b/pkg/driver_cryptocell_310/driver_cryptocell_310.mk @@ -0,0 +1,3 @@ +MODULE = driver_cryptocell_310 + +include $(RIOTBASE)/Makefile.base diff --git a/pkg/driver_cryptocell_310/include/cryptocell_310_util.h b/pkg/driver_cryptocell_310/include/cryptocell_310_util.h new file mode 100644 index 0000000000..4040eb8f13 --- /dev/null +++ b/pkg/driver_cryptocell_310/include/cryptocell_310_util.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief Utility functions to setup and terminate the CryptoCell 310 driver + * + * @author Lena Boeckmann + * + */ +#ifndef CRYPTOCELL_310_UTIL_H +#define CRYPTOCELL_310_UTIL_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Enable CryptoCell module and IRQs. + * + * Must be called before using crypto functions. + * CryptoCell peripheral will be enabled after this call. + */ +void cryptocell_310_enable(void); + +/** + * @brief Disable CryptoCell module and IRQs. + * + * Should be called after using crypto functions. + * CryptoCell peripheral will be disabled after this call. + */ +void cryptocell_310_disable(void); + +/** + * @brief Enables CryptoCell module, IRQs and crypto libraries on nrf52840. + * + * Must be called once before using the CryptoCell lib. + */ +void driver_cryptocell_310_setup(void); + +/** + * @brief Finishes the use of the CryptoCell library. + * + * Should be called after using the CryptoCell lib. + */ +void driver_cryptocell_310_terminate(void); + +#ifdef __cplusplus +} +#endif + +#endif /* CRYPTOCELL_310_UTIL_H */ +/** @} */ diff --git a/pkg/driver_cryptocell_310/include/psa_cryptocell_310_aes_common.h b/pkg/driver_cryptocell_310/include/psa_cryptocell_310_aes_common.h new file mode 100644 index 0000000000..400e90d4b4 --- /dev/null +++ b/pkg/driver_cryptocell_310/include/psa_cryptocell_310_aes_common.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief Common AES functions used by all PSA Crypto wrappers + * for the CryptoCell 310 AES APIs. + * + * @author Lena Boeckmann + * + */ + +#ifndef PSA_CRYPTOCELL_310_AES_COMMON_H +#define PSA_CRYPTOCELL_310_AES_COMMON_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "psa/crypto.h" + +/** + * @brief Common setup function for AES operations + * + * @param ctx Driver specific AES context of the type @c SaSiAesUserContext_t + * @param direction Encrypt or decrypt direction of type @c SaSiAesEncryptMode_t + * @param mode Operation mode (e.g. CBC, CCM) of type @c SaSiAesOperationMode_t + * @param padding Operation padding type of type @c SaSiAesPaddingType_t + * @param iv Constant buffer containing the IV for the operation + * @param key_buffer Constant buffer containing an AES key + * @param key_size Size of AES key in use. + * @return psa_status_t + */ +psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx, + SaSiAesEncryptMode_t direction, + SaSiAesOperationMode_t mode, + SaSiAesPaddingType_t padding, + const uint8_t *iv, + const uint8_t *key_buffer, + size_t key_size); + +/** + * @brief Common function for an AES encryption + * + * @param ctx AES context of the type @c SaSiAesUserContext_t + * @param input Constant input buffer of plain text to encrypt + * @param input_length Length of the input buffer + * @param output Output buffer to write the cipher + * @param output_buffer_size Size of the output buffer. Must be at least @c input_length + * @param output_length Pointer to output length. Will contain actual length of cipher + * @return psa_status_t + */ +psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_buffer_size, + size_t *output_length); + +#ifdef __cplusplus +} +#endif + +#endif /* PSA_CRYPTOCELL_310_AES_COMMON_H */ +/** @} */ diff --git a/pkg/driver_cryptocell_310/include/psa_cryptocell_310_ecc_common.h b/pkg/driver_cryptocell_310/include/psa_cryptocell_310_ecc_common.h new file mode 100644 index 0000000000..d3e1cc6478 --- /dev/null +++ b/pkg/driver_cryptocell_310/include/psa_cryptocell_310_ecc_common.h @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief Common ECC functions used by all PSA Crypto wrappers + * for the CryptoCell 310 ECC APIs. + * + * @author Lena Boeckmann + * + */ + +#ifndef PSA_CRYPTOCELL_310_ECC_COMMON_H +#define PSA_CRYPTOCELL_310_ECC_COMMON_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "psa/crypto.h" + +#include "sns_silib.h" +#include "crys_ecpki_build.h" +#include "crys_ecpki_ecdsa.h" +#include "crys_ecpki_kg.h" +#include "crys_ecpki_domain.h" + +/** + * @brief Map PSA hash encodings to CryptoCell specific hash encodings + * + * @param hash psa_algorithm_t + */ +#define MAP_PSA_HASH_TO_CRYS_HASH(hash) \ + ((hash == PSA_ALG_SHA_1) ? CRYS_ECPKI_AFTER_HASH_SHA1_mode : \ + (hash == PSA_ALG_SHA_224) ? CRYS_ECPKI_AFTER_HASH_SHA224_mode : \ + (hash == PSA_ALG_SHA_256) ? CRYS_ECPKI_AFTER_HASH_SHA256_mode : \ + (hash == PSA_ALG_SHA_384) ? CRYS_ECPKI_AFTER_HASH_SHA384_mode : \ + (hash == PSA_ALG_SHA_512) ? CRYS_ECPKI_AFTER_HASH_SHA512_mode : \ + 0) + +/** + * @brief Common ECC key generation function + * + * @param priv_key_buffer Output buffer to write ECC private key + * @param pub_key_buffer Output buffer to write ECC public key + * @param priv_key_buffer_length Output pointer to write private key length + * @param pub_key_buffer_length Output pointer to write public key length + * @param domain ECC domain of type @c CRYS_ECPKI_DomainID_t + * @return psa_status_t + */ +psa_status_t cryptocell_310_common_ecc_generate_key_pair(uint8_t *priv_key_buffer, + uint8_t *pub_key_buffer, + uint32_t *priv_key_buffer_length, + uint32_t *pub_key_buffer_length, + CRYS_ECPKI_DomainID_t domain); + +/** + * @brief Common ECC hash signature function + * + * @param priv_key Pointer to ECC private key + * @param priv_key_size Size of private key + * @param hash Hash of the message to sign + * @param hash_length Length of the message hash + * @param signature Output buffer to write the generated signature + * @param signature_length Pointer to store the actual length of the signature + * @param hash_mode Mode used to hash the message of type @c CRYS_ECPKI_HASH_OpMode_t + * @param domain ECC domain of type @c CRYS_ECPKI_DomainID_t + * @return psa_status_t + */ +psa_status_t cryptocell_310_common_ecc_sign_hash(const uint8_t *priv_key, + uint32_t priv_key_size, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t *signature_length, + CRYS_ECPKI_HASH_OpMode_t hash_mode, + CRYS_ECPKI_DomainID_t domain); + +/** + * @brief Common ECC hash verification function + * + * @param pub_key Pointer to ECC public key + * @param pub_key_size Size of public key + * @param hash Hash of the message to sign + * @param hash_length Length of the message hash + * @param signature Buffer containing the signature to be verified + * @param signature_length Actual length of the signature + * @param hash_mode Mode used to hash the message of type + * @c CRYS_ECPKI_HASH_OpMode_t + * @param domain ECC domain of type @c CRYS_ECPKI_DomainID_t + * @return psa_status_t + */ +psa_status_t cryptocell_310_common_ecc_verify_hash(const uint8_t *pub_key, + size_t pub_key_size, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length, + CRYS_ECPKI_HASH_OpMode_t hash_mode, + CRYS_ECPKI_DomainID_t domain); + +#ifdef __cplusplus +} +#endif + +#endif /* PSA_CRYPTOCELL_310_ECC_COMMON_H */ +/** @} */ diff --git a/pkg/driver_cryptocell_310/include/psa_cryptocell_310_hashes_common.h b/pkg/driver_cryptocell_310/include/psa_cryptocell_310_hashes_common.h new file mode 100644 index 0000000000..aeb3a25443 --- /dev/null +++ b/pkg/driver_cryptocell_310/include/psa_cryptocell_310_hashes_common.h @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief Common hash functions used by all PSA Crypto wrappers + * for the CryptoCell 310 hash APIs. + * + * @author Lena Boeckmann + * + */ +#ifndef PSA_CRYPTOCELL_310_HASHES_COMMON_H +#define PSA_CRYPTOCELL_310_HASHES_COMMON_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "psa/crypto.h" +#include "crys_hash.h" + +/** + * @brief Common hash setup function + * + * @param ctx Driver specific hash context of type @c CRYS_HASHUserContext_t + * @param mode Hash mode of type @c CRYS_HASH_OperationMode_t + * @return psa_status_t + */ +psa_status_t cryptocell_310_common_hash_setup(CRYS_HASHUserContext_t *ctx, + CRYS_HASH_OperationMode_t mode); + +/** + * @brief Common hash update function + * + * @param ctx Driver specific hash context of type @c CRYS_HASHUserContext_t + * @param input Input that is going to be hashed + * @param input_length Length of @p input + * @return psa_status_t + */ +psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx, + const uint8_t *input, + size_t input_length); + +/** + * @brief Common hash finish function + * + * @param ctx Driver specific hash context of type @c CRYS_HASHUserContext_t + * @param hash Output buffer to write the computated hash + * @param hash_size Size of @p hash + * @param hash_length Pointer where the actual length of the hash will be stored + * @return psa_status_t + */ +psa_status_t cryptocell_310_common_hash_finish(CRYS_HASHUserContext_t *ctx, + uint8_t *hash, + size_t hash_size, + size_t *hash_length); + +#ifdef __cplusplus +} +#endif + +#endif /* PSA_CRYPTOCELL_310_HASHES_COMMON_H */ +/** @} */ diff --git a/pkg/driver_cryptocell_310/include/psa_error.h b/pkg/driver_cryptocell_310/include/psa_error.h new file mode 100644 index 0000000000..31fa7e361d --- /dev/null +++ b/pkg/driver_cryptocell_310/include/psa_error.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs + * + * @author Lena Boeckmann + * + */ +#ifndef PSA_ERROR_H +#define PSA_ERROR_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "psa/crypto.h" +#include "crys_ecpki_error.h" +#include "crys_hash_error.h" +#include "ssi_aes_error.h" + +/** + * @brief Convert CryptoCell CRYS errors to PSA status values + * + * @param error Error value of type @c CRYSError_t + * @return @ref psa_status_t + */ +psa_status_t CRYS_to_psa_error(CRYSError_t error); + +/** + * @brief Convert CryptoCell SaSi errors to PSA status values + * + * @param error Error value of type @c SaSiStatus + * @return @ref psa_status_t + */ +psa_status_t SaSi_to_psa_error(SaSiStatus error); + +/** + * @brief Function to print CryptoCell Error values in clear text. + * + * @param status Error value of type @c SaSiStatus or @c CRYSError_t + * @return const char* + */ +const char *cryptocell310_status_to_humanly_readable(uint32_t status); + +#ifdef __cplusplus +} +#endif + +#endif /* PSA_ERROR_H */ +/** @} */ diff --git a/pkg/driver_cryptocell_310/include/psa_periph_aes_ctx.h b/pkg/driver_cryptocell_310/include/psa_periph_aes_ctx.h new file mode 100644 index 0000000000..ce0f7360c6 --- /dev/null +++ b/pkg/driver_cryptocell_310/include/psa_periph_aes_ctx.h @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief CryptoCell 310 driver specific AES contexts + * + * @author Lena Boeckmann + * + */ +#ifndef PSA_PERIPH_AES_CTX_H +#define PSA_PERIPH_AES_CTX_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include "ssi_aes.h" +#include "kernel_defines.h" + +#if IS_USED(MODULE_PERIPH_CIPHER_AES_128_CBC) || DOXYGEN +/** + * @brief Map driver specific AES context to PSA context + */ +typedef SaSiAesUserContext_t psa_cipher_aes_128_ctx_t; +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* PSA_PERIPH_AES_CTX_H */ +/** @} */ diff --git a/pkg/driver_cryptocell_310/include/psa_periph_hashes_ctx.h b/pkg/driver_cryptocell_310/include/psa_periph_hashes_ctx.h new file mode 100644 index 0000000000..c4e5f74b6e --- /dev/null +++ b/pkg/driver_cryptocell_310/include/psa_periph_hashes_ctx.h @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief CryptoCell 310 driver specific hash contexts + * + * @author Lena Boeckmann + * + */ + +#ifndef PSA_PERIPH_HASHES_CTX_H +#define PSA_PERIPH_HASHES_CTX_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include "kernel_defines.h" +#include "crys_hash.h" + +#if IS_USED(MODULE_PERIPH_HASH_SHA_1) || DOXYGEN +/** + * @brief Map driver specific SHA1 context to PSA context + */ +typedef CRYS_HASHUserContext_t psa_hashes_sha1_ctx_t; +#endif + +#if IS_USED(MODULE_PERIPH_HASH_SHA_224) || DOXYGEN +/** + * @brief Map driver specific SHA224 context to PSA context + */ +typedef CRYS_HASHUserContext_t psa_hashes_sha224_ctx_t; +#endif + +#if IS_USED(MODULE_PERIPH_HASH_SHA_256) || DOXYGEN +/** + * @brief Map driver specific SHA256 context to PSA context + */ +typedef CRYS_HASHUserContext_t psa_hashes_sha256_ctx_t; +#endif + +#if IS_USED(MODULE_PERIPH_HASH_SHA_512) || DOXYGEN +/** + * @brief Map driver specific SHA512 context to PSA context + */ +typedef CRYS_HASHUserContext_t psa_hashes_sha512_ctx_t; +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* PSA_PERIPH_HASHES_CTX_H */ +/** @} */ diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/Kconfig b/pkg/driver_cryptocell_310/psa_cryptocell_310/Kconfig new file mode 100644 index 0000000000..f3d167dca0 --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/Kconfig @@ -0,0 +1,77 @@ +# Copyright (c) 2021 HAW Hamburg +# +# This file is subject to the terms and conditions of the GNU Lesser +# General Public License v2.1. See the file LICENSE in the top level +# directory for more details. +# + +# Hashes + +config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA1 + bool + depends on MODULE_PSA_CRYPTO + select MODULE_PSA_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON + +config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA224 + bool + depends on MODULE_PSA_CRYPTO + select MODULE_PSA_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON + +config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA256 + bool + depends on MODULE_PSA_CRYPTO + select MODULE_PSA_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON + +config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA512 + bool + depends on MODULE_PSA_CRYPTO + select MODULE_PSA_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON + +# MAC + +config MODULE_PSA_CRYPTOCELL_310_HMAC + bool + depends on MODULE_PSA_CRYPTO + select MODULE_PSA_CRYPTOCELL_310 + +# AES + +config MODULE_PSA_CRYPTOCELL_310_AES_CBC + bool + depends on MODULE_PSA_CRYPTO + select MODULE_PSA_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_AES_COMMON + +# ECC + +config MODULE_PSA_CRYPTOCELL_310_ECC_P192 + bool + depends on MODULE_PSA_CRYPTO + select MODULE_PSA_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_ECC_COMMON + +config MODULE_PSA_CRYPTOCELL_310_ECC_P256 + bool + depends on MODULE_PSA_CRYPTO + select MODULE_PSA_CRYPTOCELL_310 + select MODULE_PSA_CRYPTOCELL_310_ECC_COMMON + +config MODULE_PSA_CRYPTOCELL_310 + bool "PSA CryptoCell Wrapper" + select MODULE_PSA_CRYPTOCELL_310_ERROR_CONVERSION + +config MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON + bool + +config MODULE_PSA_CRYPTOCELL_310_ECC_COMMON + bool + +config MODULE_PSA_CRYPTOCELL_310_AES_COMMON + bool + +config MODULE_PSA_CRYPTOCELL_310_ERROR_CONVERSION + bool diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/Makefile b/pkg/driver_cryptocell_310/psa_cryptocell_310/Makefile new file mode 100644 index 0000000000..427f531eff --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/Makefile @@ -0,0 +1,4 @@ +BASE_MODULE := psa_cryptocell_310 +SUBMODULES := 1 + +include $(RIOTBASE)/Makefile.base diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/Makefile.dep b/pkg/driver_cryptocell_310/psa_cryptocell_310/Makefile.dep new file mode 100644 index 0000000000..fd18dfb6bd --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/Makefile.dep @@ -0,0 +1,30 @@ +USEMODULE += psa_cryptocell_310 +USEMODULE += psa_cryptocell_310_error_conversion + +ifneq (,$(filter psa_cryptocell_310_hashes_sha1,$(USEMODULE))) + USEMODULE += psa_cryptocell_310_hashes_common +endif + +ifneq (,$(filter psa_cryptocell_310_hashes_sha224,$(USEMODULE))) + USEMODULE += psa_cryptocell_310_hashes_common +endif + +ifneq (,$(filter psa_cryptocell_310_hashes_sha256,$(USEMODULE))) + USEMODULE += psa_cryptocell_310_hashes_common +endif + +ifneq (,$(filter psa_cryptocell_310_hashes_sha512,$(USEMODULE))) + USEMODULE += psa_cryptocell_310_hashes_common +endif + +ifneq (,$(filter psa_cryptocell_310_aes_cbc,$(USEMODULE))) + USEMODULE += psa_cryptocell_310_aes_common +endif + +ifneq (,$(filter psa_cryptocell_310_ecc_p192,$(USEMODULE))) + USEMODULE += psa_cryptocell_310_ecc_common +endif + +ifneq (,$(filter psa_cryptocell_310_ecc_p256,$(USEMODULE))) + USEMODULE += psa_cryptocell_310_ecc_common +endif diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_cbc.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_cbc.c new file mode 100644 index 0000000000..233e2a47e8 --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_cbc.c @@ -0,0 +1,131 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 AES 128 CBC APIs + * + * @author Lena Boeckmann + * + * @} + */ + +#include "psa_error.h" +#include "psa_cryptocell_310_aes_common.h" +#include "ssi_aes.h" + +#define ENABLE_DEBUG 0 +#include "debug.h" + +psa_status_t psa_cipher_cbc_aes_128_encrypt(const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + if ((alg != PSA_ALG_CBC_PKCS7) && (alg != PSA_ALG_CBC_NO_PADDING)) { + DEBUG("%s : Invalid CBC padding type\n", __FILE__); + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (key_buffer_size < PSA_BITS_TO_BYTES(attributes->bits)) { + DEBUG("%s : Key buffer too small\n", __FILE__); + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t iv_length = 0; + size_t key_size = PSA_BITS_TO_BYTES(attributes->bits); + + psa_cipher_operation_t operation = psa_cipher_operation_init(); + operation.iv_required = 1; + operation.default_iv_length = PSA_CIPHER_IV_LENGTH(attributes->type, alg); + + SaSiAesPaddingType_t padding = + (alg == PSA_ALG_CBC_PKCS7) ? SASI_AES_PADDING_PKCS7 : SASI_AES_PADDING_NONE; + + status = psa_cipher_generate_iv(&operation, output, operation.default_iv_length, &iv_length); + if (status != PSA_SUCCESS) { + return status; + } + + status = cryptocell_310_common_aes_setup((SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128, + SASI_AES_ENCRYPT, SASI_AES_MODE_CBC, padding, output, key_buffer, + key_size); + if (status != PSA_SUCCESS) { + return status; + } + + status = cryptocell_310_common_aes_encrypt_decrypt( + (SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128, + input, input_length, output + iv_length, output_size - iv_length, + output_length); + if (status != PSA_SUCCESS) { + return status; + } + + *output_length = output_size; + + return PSA_SUCCESS; +} + +psa_status_t psa_cipher_cbc_aes_128_decrypt(const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + if ((alg != PSA_ALG_CBC_PKCS7) && (alg != PSA_ALG_CBC_NO_PADDING)) { + DEBUG("%s : Invalid CBC padding type\n", __FILE__); + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (key_buffer_size < PSA_BITS_TO_BYTES(attributes->bits)) { + DEBUG("%s : Key buffer too small\n", __FILE__); + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t key_size = PSA_BITS_TO_BYTES(attributes->bits); + + psa_cipher_operation_t operation = psa_cipher_operation_init(); + operation.iv_required = 1; + operation.default_iv_length = PSA_CIPHER_IV_LENGTH(attributes->type, alg); + + SaSiAesPaddingType_t padding = + (alg == PSA_ALG_CBC_PKCS7) ? SASI_AES_PADDING_PKCS7 : SASI_AES_PADDING_NONE; + + status = cryptocell_310_common_aes_setup((SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128, + SASI_AES_DECRYPT, SASI_AES_MODE_CBC, padding, input, key_buffer, + key_size); + if (status != PSA_SUCCESS) { + return status; + } + + status = cryptocell_310_common_aes_encrypt_decrypt( + (SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128, + input + operation.default_iv_length, input_length - operation. + default_iv_length, output, output_size, output_length); + if (status != PSA_SUCCESS) { + return status; + } + + *output_length = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(attributes->type, alg, input_length); + + return PSA_SUCCESS; +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c new file mode 100644 index 0000000000..c782cf09b7 --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c @@ -0,0 +1,112 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @brief Common AES functions used by all PSA Crypto wrappers + * for the CryptoCell 310 AES APIs. + * + * @author Lena Boeckmann + * + * @} + */ + +#include "psa/crypto.h" +#include "vendor/nrf52840.h" +#include "ssi_aes.h" +#include "sns_silib.h" +#include "psa_error.h" +#include "cryptocell_310_util.h" + +#define ENABLE_DEBUG 0 +#include "debug.h" + +#define CC310_MAX_AES_INPUT_BLOCK (0xFFF0) + +psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx, + SaSiAesEncryptMode_t direction, + SaSiAesOperationMode_t mode, + SaSiAesPaddingType_t padding, + const uint8_t *iv, + const uint8_t *key_buffer, + size_t key_size) +{ + SaSiAesUserKeyData_t key; + + SaSiStatus ret = SaSi_AesInit(ctx, direction, mode, padding); + if (ret != SASI_OK) { + DEBUG("SaSi_AesInit failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return SaSi_to_psa_error(ret); + } + + key.keySize = key_size; + key.pKey = (uint8_t *)key_buffer; + + ret = SaSi_AesSetKey(ctx, SASI_AES_USER_KEY, &key, sizeof(key)); + if (ret != SASI_OK) { + DEBUG("SaSi_AesSetKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return SaSi_to_psa_error(ret); + } + + ret = SaSi_AesSetIv(ctx, (uint8_t *)iv); + if (ret != SASI_OK) { + DEBUG("SaSi_AesSetIv failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return SaSi_to_psa_error(ret); + } + + return PSA_SUCCESS; +} + +psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + SaSiStatus ret = 0; + size_t offset = 0; + size_t size; + size_t length = input_length; + *output_length = output_size; + + do { + if (length > CC310_MAX_AES_INPUT_BLOCK) { + size = CC310_MAX_AES_INPUT_BLOCK; + length -= CC310_MAX_AES_INPUT_BLOCK; + } + else { + size = length; + length = 0; + } + + cryptocell_310_enable(); + ret = SaSi_AesBlock(ctx, (uint8_t *)(input + offset), size, output + offset); + cryptocell_310_disable(); + if (ret != SASI_OK) { + DEBUG("SaSi_AesBlock failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return SaSi_to_psa_error(ret); + } + + offset += size; + } while ((length > 0) && (ret == SASI_OK)); + + cryptocell_310_enable(); + ret = SaSi_AesFinish(ctx, length, (uint8_t *)(input + offset), input_length, output, + output_length); + cryptocell_310_disable(); + + if (ret != SASI_OK) { + DEBUG("SaSi_AesFinish failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return SaSi_to_psa_error(ret); + } + + return PSA_SUCCESS; +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c new file mode 100644 index 0000000000..5ac6bd3c2f --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c @@ -0,0 +1,143 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @brief Common ECC functions used by all PSA Crypto wrappers + * for the CryptoCell 310 ECC APIs. + * + * @author Lena Boeckmann + * + * @} + */ + +#include "psa_error.h" +#include "psa_cryptocell_310_ecc_common.h" +#include "cryptocell_310_util.h" + +#define ENABLE_DEBUG 0 +#include "debug.h" + +extern CRYS_RND_State_t *rndState_ptr; + +CRYS_ECPKI_Domain_t *pDomain; +SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc; + +psa_status_t cryptocell_310_common_ecc_generate_key_pair(uint8_t *priv_key_buffer, + uint8_t *pub_key_buffer, + uint32_t *priv_key_buffer_length, + uint32_t *pub_key_buffer_length, + CRYS_ECPKI_DomainID_t domain) +{ + CRYS_ECPKI_UserPrivKey_t priv_key; + CRYS_ECPKI_UserPublKey_t pub_key; + CRYS_ECPKI_KG_FipsContext_t FipsBuff; + CRYS_ECPKI_KG_TempData_t TempECCKGBuff; + CRYSError_t ret; + + rndGenerateVectFunc = CRYS_RND_GenerateVector; + pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain); + + cryptocell_310_enable(); + ret = CRYS_ECPKI_GenKeyPair(rndState_ptr, rndGenerateVectFunc, pDomain, &priv_key, &pub_key, + &TempECCKGBuff, &FipsBuff); + cryptocell_310_disable(); + if (ret != CRYS_OK) { + DEBUG("CRYS_ECPKI_GenKeyPair failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + + ret = CRYS_ECPKI_ExportPrivKey(&priv_key, priv_key_buffer, priv_key_buffer_length); + if (ret != CRYS_OK) { + DEBUG("CRYS_ECPKI_ExportPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + + ret = CRYS_ECPKI_ExportPublKey(&pub_key, CRYS_EC_PointUncompressed, pub_key_buffer, + pub_key_buffer_length); + if (ret != CRYS_OK) { + DEBUG("CRYS_ECPKI_ExportPubKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + + return PSA_SUCCESS; +} + +psa_status_t cryptocell_310_common_ecc_sign_hash(const uint8_t *priv_key, + uint32_t priv_key_size, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t *signature_length, + CRYS_ECPKI_HASH_OpMode_t hash_mode, + CRYS_ECPKI_DomainID_t domain) +{ + CRYS_ECDSA_SignUserContext_t SignUserContext; + CRYS_ECPKI_UserPrivKey_t user_priv_key; + CRYSError_t ret = 0; + + rndGenerateVectFunc = CRYS_RND_GenerateVector; + pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain); + + ret = CRYS_ECPKI_BuildPrivKey(pDomain, priv_key, priv_key_size, &user_priv_key); + if (ret != CRYS_OK) { + DEBUG("CRYS_ECPKI_BuildPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + + cryptocell_310_enable(); + ret = CRYS_ECDSA_Sign(rndState_ptr, rndGenerateVectFunc, + &SignUserContext, &user_priv_key, hash_mode, (uint8_t *)hash, hash_length, + signature, (uint32_t *)signature_length); + cryptocell_310_disable(); + if (ret != CRYS_OK) { + DEBUG("CRYS_ECDSA_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + + return PSA_SUCCESS; +} + +psa_status_t cryptocell_310_common_ecc_verify_hash(const uint8_t *pub_key, + size_t pub_key_size, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length, + CRYS_ECPKI_HASH_OpMode_t hash_mode, + CRYS_ECPKI_DomainID_t domain) +{ + CRYS_ECDSA_VerifyUserContext_t VerifyUserContext; + CRYS_ECPKI_UserPublKey_t user_pub_key; + CRYSError_t ret = 0; + + pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain); + + /** + * For more security, use CRYS_ECPKI_BuildPublKeyPartlyCheck or + * CRYS_ECPKI_BuildPublKeyFullCheck -> Those take longer and use more memory space + * */ + ret = CRYS_ECPKI_BuildPublKey(pDomain, (uint8_t *)pub_key, pub_key_size, &user_pub_key); + if (ret != CRYS_OK) { + DEBUG("CRYS_ECPKI_BuildPublKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + + cryptocell_310_enable(); + ret = CRYS_ECDSA_Verify(&VerifyUserContext, &user_pub_key, hash_mode, (uint8_t *)signature, + signature_length, (uint8_t *)hash, hash_length); + cryptocell_310_disable(); + + if (ret != CRYS_OK) { + DEBUG("CRYS_ECDSA_Verify failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + return PSA_SUCCESS; +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_p192.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_p192.c new file mode 100644 index 0000000000..955e38a46c --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_p192.c @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 ECC P192 APIs + * + * @author Lena Boeckmann + * + * @} + */ + +#include "psa_cryptocell_310_ecc_common.h" + +psa_status_t psa_generate_ecc_p192r1_key_pair(const psa_key_attributes_t *attributes, + uint8_t *priv_key_buffer, + uint8_t *pub_key_buffer, + size_t *priv_key_buffer_length, + size_t *pub_key_buffer_length) +{ + *priv_key_buffer_length = PSA_BITS_TO_BYTES(attributes->bits); + *pub_key_buffer_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(attributes->type, attributes->bits); + + return cryptocell_310_common_ecc_generate_key_pair(priv_key_buffer, pub_key_buffer, + (uint32_t *)priv_key_buffer_length, + (uint32_t *)pub_key_buffer_length, + CRYS_ECPKI_DomainID_secp192r1); +} + +psa_status_t psa_ecc_p192r1_sign_hash( const psa_key_attributes_t *attributes, + psa_algorithm_t alg, + const uint8_t *key_buffer, + size_t key_buffer_size, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length) +{ + CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg)); + + (void)signature_size; + (void)key_buffer_size; + + return cryptocell_310_common_ecc_sign_hash(key_buffer, + PSA_BITS_TO_BYTES(attributes->bits), + hash, hash_length, signature, + signature_length, hash_mode, + CRYS_ECPKI_DomainID_secp192r1); +} + +psa_status_t psa_ecc_p192r1_verify_hash(const psa_key_attributes_t *attributes, + psa_algorithm_t alg, + const uint8_t *key_buffer, + size_t key_buffer_size, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length) +{ + CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg)); + + (void)attributes; + return cryptocell_310_common_ecc_verify_hash(key_buffer, key_buffer_size, + hash, hash_length, signature, + signature_length, hash_mode, + CRYS_ECPKI_DomainID_secp192r1); +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_p256.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_p256.c new file mode 100644 index 0000000000..41d5296425 --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_p256.c @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 ECC P256 APIs + * + * @author Lena Boeckmann + * + * @} + */ + +#include "psa_cryptocell_310_ecc_common.h" + +psa_status_t psa_generate_ecc_p256r1_key_pair( const psa_key_attributes_t *attributes, + uint8_t *priv_key_buffer, + uint8_t *pub_key_buffer, + size_t *priv_key_buffer_length, + size_t *pub_key_buffer_length) +{ + *priv_key_buffer_length = PSA_BITS_TO_BYTES(attributes->bits); + *pub_key_buffer_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(attributes->type, attributes->bits); + + return cryptocell_310_common_ecc_generate_key_pair(priv_key_buffer, pub_key_buffer, + (uint32_t *)priv_key_buffer_length, + (uint32_t *)pub_key_buffer_length, + CRYS_ECPKI_DomainID_secp256r1); +} + +psa_status_t psa_ecc_p256r1_sign_hash( const psa_key_attributes_t *attributes, + psa_algorithm_t alg, + const uint8_t *key_buffer, + size_t key_buffer_size, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length) +{ + (void)key_buffer_size; + CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg)); + *signature_length = signature_size; + return cryptocell_310_common_ecc_sign_hash(key_buffer, + PSA_BITS_TO_BYTES(attributes->bits), + hash, hash_length, signature, + signature_length, hash_mode, + CRYS_ECPKI_DomainID_secp256r1); +} + +psa_status_t psa_ecc_p256r1_verify_hash(const psa_key_attributes_t *attributes, + psa_algorithm_t alg, + const uint8_t *key_buffer, + size_t key_buffer_size, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length) +{ + CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg)); + + (void)attributes; + return cryptocell_310_common_ecc_verify_hash(key_buffer, key_buffer_size, + hash, hash_length, signature, + signature_length, hash_mode, + CRYS_ECPKI_DomainID_secp256r1); +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/error_conversion.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/error_conversion.c new file mode 100644 index 0000000000..437f2cd997 --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/error_conversion.c @@ -0,0 +1,413 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @file + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs + * + * @author Lena Boeckmann + * + * @} + */ + +#include "psa_error.h" + +psa_status_t CRYS_to_psa_error(CRYSError_t error) +{ + switch (error) { + case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR: + case CRYS_HASH_IS_NOT_SUPPORTED: + return PSA_ERROR_NOT_SUPPORTED; + case CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR: + return PSA_ERROR_CORRUPTION_DETECTED; + case CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR: + case CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR: + case CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR: + case CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR: + case CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR: + case CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR: + case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR: + case CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR: + case CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR: + case CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR: + case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR: + case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR: + case CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR: + case CRYS_ECC_ILLEGAL_HASH_MODE_ERROR: + case CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR: + case CRYS_ECPKI_DOMAIN_PTR_ERROR: + case CRYS_ECPKI_RND_CONTEXT_PTR_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR: + case CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR: + case CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR: + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR: + case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR: + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR: + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR: + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR: + case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR: + case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR: + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR: + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR: + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_EXTERN_PRIV_KEY_PTR_ERROR: + case CRYS_ECPKI_EXPORT_PRIV_KEY_ILLEGAL_VALIDATION_TAG_ERROR: + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_PTR_ERROR: + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_ERROR: + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_DATA_ERROR: + case CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR: + case CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR: + case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR: + case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR: + case CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR: + case CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR: + case CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR: + case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR: + case CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR: + case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR: + case CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR: + case CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR: + case CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR: + case CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR: + case CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR: + case CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR: + case CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR: + case CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR: + case CRYS_HASH_DATA_SIZE_ILLEGAL: + case CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR: + case CRYS_HASH_ILLEGAL_PARAMS_ERROR: + case CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR: + case CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR: + case CRYS_HASH_CTX_SIZES_ERROR: + return PSA_ERROR_INVALID_ARGUMENT; + default: + return PSA_ERROR_GENERIC_ERROR; + } +} + +psa_status_t SaSi_to_psa_error(SaSiStatus error) +{ + switch (error) { + case SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR: + case SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR: + case SASI_AES_ILLEGAL_OPERATION_MODE_ERROR: + case SASI_AES_ILLEGAL_KEY_SIZE_ERROR: + case SASI_AES_INVALID_KEY_POINTER_ERROR: + case SASI_AES_INVALID_ENCRYPT_MODE_ERROR: + case SASI_AES_DATA_IN_POINTER_INVALID_ERROR: + case SASI_AES_DATA_OUT_POINTER_INVALID_ERROR: + case SASI_AES_DATA_IN_SIZE_ILLEGAL: + case SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR: + case SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR: + case SASI_AES_CTX_SIZES_ERROR: + case SASI_AES_ILLEGAL_PARAMS_ERROR: + case SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR: + case SASI_AES_CTR_ILLEGAL_COUNTER_ERROR: + return PSA_ERROR_INVALID_ARGUMENT; + case SASI_AES_DATA_IN_BUFFER_SIZE_ERROR: + case SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR: + return PSA_ERROR_BUFFER_TOO_SMALL; + case SASI_AES_ILLEGAL_PADDING_TYPE_ERROR: + case SASI_AES_INCORRECT_PADDING_ERROR: + return PSA_ERROR_INVALID_PADDING; + case SASI_AES_CORRUPTED_OUTPUT_ERROR: + case SASI_AES_USER_CONTEXT_CORRUPTED_ERROR: + return PSA_ERROR_CORRUPTION_DETECTED; + case SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE: + case SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR: + return PSA_ERROR_NOT_PERMITTED; + case SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR: + case SASI_AES_IS_NOT_SUPPORTED: + return PSA_ERROR_NOT_SUPPORTED; + case SASI_OUT_OF_RESOURCE_ERROR: + return PSA_ERROR_INSUFFICIENT_MEMORY; + default: + return PSA_ERROR_GENERIC_ERROR; + } +} + +const char *cryptocell310_status_to_humanly_readable(uint32_t status) +{ + switch(status) { + case CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR: + return "CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR"; + case CRYS_ECDSA_SIGN_SIGNING_ERROR: + return "CRYS_ECDSA_SIGN_SIGNING_ERROR"; + case CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR: + return "CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR"; + case CRYS_ECPKI_PKI_INTERNAL_ERROR: + return "CRYS_ECPKI_PKI_INTERNAL_ERROR"; + case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR: + return "CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR"; + case CRYS_HASH_IS_NOT_SUPPORTED: + return "CRYS_HASH_IS_NOT_SUPPORTED"; + case CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR: + return "CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR"; + case CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR: + return "CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR"; + case CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR: + return "CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR"; + case CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR: + return "CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR"; + case CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR: + return "CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR"; + case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR: + return "CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR"; + case CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR: + return "CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR"; + case CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR: + return "CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR"; + case CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR: + return "CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR"; + case CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR: + return "CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR"; + case CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR: + return "CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR"; + case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR: + return "CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR"; + case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR: + return "CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR"; + case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR: + return "CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR"; + case CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR: + return "CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR"; + case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR: + return "CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR"; + case CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR: + return "CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR"; + case CRYS_ECC_ILLEGAL_HASH_MODE_ERROR: + return "CRYS_ECC_ILLEGAL_HASH_MODE_ERROR"; + case CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR: + return "CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR"; + case CRYS_ECPKI_DOMAIN_PTR_ERROR: + return "CRYS_ECPKI_DOMAIN_PTR_ERROR"; + case CRYS_ECPKI_RND_CONTEXT_PTR_ERROR: + return "CRYS_ECPKI_RND_CONTEXT_PTR_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR"; + case CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR: + return "CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR"; + case CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR: + return "CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR"; + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR: + return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR"; + case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR: + return "CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR"; + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR: + return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR"; + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR: + return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR"; + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR: + return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR"; + case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR: + return "CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR"; + case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR: + return "CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR"; + case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR: + return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR"; + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR: + return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR"; + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_EXTERN_PRIV_KEY_PTR_ERROR: + return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_EXTERN_PRIV_KEY_PTR_ERROR"; + case CRYS_ECPKI_EXPORT_PRIV_KEY_ILLEGAL_VALIDATION_TAG_ERROR: + return "CRYS_ECPKI_EXPORT_PRIV_KEY_ILLEGAL_VALIDATION_TAG_ERROR"; + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_PTR_ERROR: + return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_PTR_ERROR"; + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_ERROR: + return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_ERROR"; + case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_DATA_ERROR: + return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_DATA_ERROR"; + case CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR: + return "CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR"; + case CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR: + return "CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR"; + case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR: + return "CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR"; + case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR: + return "CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR"; + case CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR: + return "CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR"; + case CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR: + return "CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR"; + case CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR: + return "CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR"; + case CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR: + return "CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR"; + case CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR: + return "CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR"; + case CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR: + return "CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR"; + case CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR: + return "CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR"; + case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR: + return "CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR"; + case CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR: + return "CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR"; + case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR: + return "CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR"; + case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR: + return "CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR"; + case CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR: + return "CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR"; + case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR: + return "CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR"; + case CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR: + return "CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR"; + case CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR: + return "CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR"; + case CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR: + return "CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR"; + case CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR: + return "CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR"; + case CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR: + return "CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR"; + case CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR: + return "CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR"; + case CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR: + return "CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR"; + case CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR: + return "CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR"; + case CRYS_HASH_DATA_SIZE_ILLEGAL: + return "CRYS_HASH_DATA_SIZE_ILLEGAL"; + case CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR: + return "CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR"; + case CRYS_HASH_ILLEGAL_PARAMS_ERROR: + return "CRYS_HASH_ILLEGAL_PARAMS_ERROR"; + case CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR: + return "CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR"; + case CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR: + return "CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR"; + case CRYS_HASH_CTX_SIZES_ERROR: + return "CRYS_HASH_CTX_SIZES_ERROR"; + case SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR: + return "SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR"; + case SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR: + return "SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR"; + case SASI_AES_ILLEGAL_OPERATION_MODE_ERROR: + return "SASI_AES_ILLEGAL_OPERATION_MODE_ERROR"; + case SASI_AES_ILLEGAL_KEY_SIZE_ERROR: + return "SASI_AES_ILLEGAL_KEY_SIZE_ERROR"; + case SASI_AES_INVALID_KEY_POINTER_ERROR: + return "SASI_AES_INVALID_KEY_POINTER_ERROR"; + case SASI_AES_INVALID_ENCRYPT_MODE_ERROR: + return "SASI_AES_INVALID_ENCRYPT_MODE_ERROR"; + case SASI_AES_DATA_IN_POINTER_INVALID_ERROR: + return "SASI_AES_DATA_IN_POINTER_INVALID_ERROR"; + case SASI_AES_DATA_OUT_POINTER_INVALID_ERROR: + return "SASI_AES_DATA_OUT_POINTER_INVALID_ERROR"; + case SASI_AES_DATA_IN_SIZE_ILLEGAL: + return "SASI_AES_DATA_IN_SIZE_ILLEGAL"; + case SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR: + return "SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR"; + case SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR: + return "SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR"; + case SASI_AES_CTX_SIZES_ERROR: + return "SASI_AES_CTX_SIZES_ERROR"; + case SASI_AES_ILLEGAL_PARAMS_ERROR: + return "SASI_AES_ILLEGAL_PARAMS_ERROR"; + case SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR: + return "SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR"; + case SASI_AES_CTR_ILLEGAL_COUNTER_ERROR: + return "SASI_AES_CTR_ILLEGAL_COUNTER_ERROR"; + case SASI_AES_DATA_IN_BUFFER_SIZE_ERROR: + return "SASI_AES_DATA_IN_BUFFER_SIZE_ERROR"; + case SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR: + return "SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR"; + case SASI_AES_ILLEGAL_PADDING_TYPE_ERROR: + return "SASI_AES_ILLEGAL_PADDING_TYPE_ERROR"; + case SASI_AES_INCORRECT_PADDING_ERROR: + return "SASI_AES_INCORRECT_PADDING_ERROR"; + case SASI_AES_CORRUPTED_OUTPUT_ERROR: + return "SASI_AES_CORRUPTED_OUTPUT_ERROR"; + case SASI_AES_USER_CONTEXT_CORRUPTED_ERROR: + return "SASI_AES_USER_CONTEXT_CORRUPTED_ERROR"; + case SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE: + return "SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE"; + case SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR: + return "SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR"; + case SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR: + return "SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR"; + case SASI_AES_IS_NOT_SUPPORTED: + return "SASI_AES_IS_NOT_SUPPORTED"; + case SASI_OUT_OF_RESOURCE_ERROR: + return "SASI_OUT_OF_RESOURCE_ERROR"; + default: + return "Error value not recognized"; + } +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c new file mode 100644 index 0000000000..e999ee011f --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @brief Common hash functions used by all PSA Crypto wrappers + * for the CryptoCell 310 hash APIs. + * + * @author Lena Boeckmann + * + * @} + */ + +#include "psa/crypto.h" +#include "psa_error.h" +#include "cryptocell_310_util.h" +#include "crys_hash.h" + +#define ENABLE_DEBUG 0 +#include "debug.h" + +#define CC310_MAX_HASH_INPUT_BLOCK (0xFFF0) + +psa_status_t cryptocell_310_common_hash_setup(CRYS_HASHUserContext_t *ctx, + CRYS_HASH_OperationMode_t mode) +{ + CRYSError_t ret = CRYS_HASH_Init(ctx, mode); + + if (ret != CRYS_OK) { + DEBUG("CRYS_HASH_Init failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + return PSA_SUCCESS; +} + +psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx, + const uint8_t *input, + size_t input_length) +{ + CRYSError_t ret = 0; + size_t offset = 0; + size_t size; + + do { + if (input_length > CC310_MAX_HASH_INPUT_BLOCK) { + size = CC310_MAX_HASH_INPUT_BLOCK; + input_length -= CC310_MAX_HASH_INPUT_BLOCK; + } + else { + size = input_length; + input_length = 0; + } + + cryptocell_310_enable(); + ret = CRYS_HASH_Update(ctx, (uint8_t *)(input + offset), size); + cryptocell_310_disable(); + + offset += size; + } while ((input_length > 0) && (ret == CRYS_OK)); + + if (ret != CRYS_OK) { + DEBUG("CRYS_HASH_Update failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + return PSA_SUCCESS; +} + +psa_status_t cryptocell_310_common_hash_finish(CRYS_HASHUserContext_t *ctx, uint8_t *hash, size_t hash_size, + size_t *hash_length) +{ + cryptocell_310_enable(); + CRYSError_t ret = CRYS_HASH_Finish(ctx, (uint32_t *)hash); + cryptocell_310_disable(); + if (ret != CRYS_OK) { + DEBUG("CRYS_HASH_Finish failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + *hash_length = hash_size; + return PSA_SUCCESS; +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha1.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha1.c new file mode 100644 index 0000000000..45832369d1 --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha1.c @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA1 APIs + * + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "kernel_defines.h" +#include "psa_periph_hashes_ctx.h" +#include "psa_cryptocell_310_hashes_common.h" + +psa_status_t psa_hashes_sha1_setup(psa_hashes_sha1_ctx_t *ctx) +{ + return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA1_mode); +} + +psa_status_t psa_hashes_sha1_update(psa_hashes_sha1_ctx_t *ctx, + const uint8_t *input, + size_t input_length) +{ + return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length); +} + +psa_status_t psa_hashes_sha1_finish(psa_hashes_sha1_ctx_t *ctx, + uint8_t *hash, + size_t hash_size, + size_t *hash_length) +{ + return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length); +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha224.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha224.c new file mode 100644 index 0000000000..f5a07e5a8d --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha224.c @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA224 APIs + * + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "kernel_defines.h" +#include "psa_periph_hashes_ctx.h" +#include "psa_cryptocell_310_hashes_common.h" + +psa_status_t psa_hashes_sha224_setup(psa_hashes_sha224_ctx_t *ctx) +{ + return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA224_mode); +} + +psa_status_t psa_hashes_sha224_update(psa_hashes_sha224_ctx_t *ctx, + const uint8_t *input, + size_t input_length) +{ + return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length); +} + +psa_status_t psa_hashes_sha224_finish(psa_hashes_sha224_ctx_t *ctx, + uint8_t *hash, + size_t hash_size, + size_t *hash_length) +{ + return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length); +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha256.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha256.c new file mode 100644 index 0000000000..9aa04021f5 --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha256.c @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA256 APIs + * + * @author Lena Boeckmann + * + * @} + */ + +#include "kernel_defines.h" +#include "psa_periph_hashes_ctx.h" +#include "psa_cryptocell_310_hashes_common.h" + +psa_status_t psa_hashes_sha256_setup(psa_hashes_sha256_ctx_t *ctx) +{ + return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA256_mode); +} + +psa_status_t psa_hashes_sha256_update(psa_hashes_sha256_ctx_t *ctx, + const uint8_t *input, + size_t input_length) +{ + return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length); +} + +psa_status_t psa_hashes_sha256_finish(psa_hashes_sha256_ctx_t *ctx, + uint8_t *hash, + size_t hash_size, + size_t *hash_length) +{ + return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length); +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha512.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha512.c new file mode 100644 index 0000000000..906ba9f55c --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha512.c @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA512 APIs + * + * @author Lena Boeckmann + * + * @} + */ + +#include +#include "kernel_defines.h" +#include "psa_periph_hashes_ctx.h" +#include "psa_cryptocell_310_hashes_common.h" + +psa_status_t psa_hashes_sha512_setup(psa_hashes_sha512_ctx_t *ctx) +{ + return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA512_mode); +} + +psa_status_t psa_hashes_sha512_update(psa_hashes_sha512_ctx_t *ctx, + const uint8_t *input, + size_t input_length) +{ + return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length); +} + +psa_status_t psa_hashes_sha512_finish( psa_hashes_sha512_ctx_t *ctx, + uint8_t *hash, + size_t hash_size, + size_t *hash_length) +{ + return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length); +} diff --git a/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c b/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c new file mode 100644 index 0000000000..4bb691666f --- /dev/null +++ b/pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2021 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +/** + * @ingroup pkg_driver_cryptocell_310 + * @{ + * + * @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs + * + * @author Lena Boeckmann + * + * @} + */ + +#include "kernel_defines.h" +#include "psa/crypto.h" +#include "psa_error.h" + +#include "crys_hmac.h" +#include "crys_hmac_error.h" + +#define ENABLE_DEBUG 0 +#include "debug.h" + +psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length) +{ + CRYSError_t ret; + size_t required_mac_length = + PSA_MAC_LENGTH(attributes->type, attributes->bits, PSA_ALG_SHA_256); + + if (mac_size < required_mac_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + ret = CRYS_HMAC(CRYS_HASH_SHA256_mode, (uint8_t *)key_buffer, key_buffer_size, (uint8_t *)input, + input_length, (uint32_t *)mac); + if (ret != CRYS_OK) { + DEBUG("CRYS_HMAC failed with %s\n", cryptocell310_status_to_humanly_readable(ret)); + return CRYS_to_psa_error(ret); + } + + *mac_length = required_mac_length; + + (void)mac_size; + return PSA_SUCCESS; +} diff --git a/sys/auto_init/auto_init.c b/sys/auto_init/auto_init.c index 4d92bf2d87..8f2212c336 100644 --- a/sys/auto_init/auto_init.c +++ b/sys/auto_init/auto_init.c @@ -278,11 +278,14 @@ AUTO_INIT(auto_init_mbedtls, AUTO_INIT_PRIO_MOD_MBEDTLS); #endif #if IS_USED(MODULE_AUTO_INIT_SECURITY) -#if IS_USED(MODULE_CRYPTOAUTHLIB) -extern void auto_init_atca(void); -AUTO_INIT(auto_init_atca, - AUTO_INIT_PRIO_MOD_CRYPTOAUTHLIB); +extern void auto_init_security(void); +AUTO_INIT(auto_init_security, + AUTO_INIT_PRIO_MOD_SECURITY); #endif +#if IS_USED(MODULE_DRIVER_CRYPTOCELL_310) +extern void driver_cryptocell_310_setup(void); +AUTO_INIT(driver_cryptocell_310_setup, + AUTO_INIT_PRIO_MOD_DRIVER_CRYPTOCELL_310); #endif #if IS_USED(MODULE_TEST_UTILS_INTERACTIVE_SYNC) && !IS_USED(MODULE_SHELL) extern void test_utils_interactive_sync(void); diff --git a/sys/auto_init/include/auto_init_priorities.h b/sys/auto_init/include/auto_init_priorities.h index beb87e6f05..d87d43cdcb 100644 --- a/sys/auto_init/include/auto_init_priorities.h +++ b/sys/auto_init/include/auto_init_priorities.h @@ -317,11 +317,11 @@ extern "C" { */ #define AUTO_INIT_PRIO_MOD_MBEDTLS 1440 #endif -#ifndef AUTO_INIT_PRIO_MOD_CRYPTOAUTHLIB +#ifndef AUTO_INIT_PRIO_MOD_SECURITY /** * @brief CryptoAuthLib priority */ -#define AUTO_INIT_PRIO_MOD_CRYPTOAUTHLIB 1450 +#define AUTO_INIT_PRIO_MOD_SECURITY 1450 #endif #ifndef AUTO_INIT_PRIO_MOD_TEST_UTILS_INTERACTIVE_SYNC /** @@ -389,6 +389,12 @@ extern "C" { */ #define AUTO_INIT_PRIO_MOD_GNRC_IPV6_STATIC_ADDR 1560 #endif +#ifndef AUTO_INIT_PRIO_MOD_DRIVER_CRYPTOCELL_310 +/** + * @brief CryptoCell Driver Priority + */ +#define AUTO_INIT_PRIO_MOD_DRIVER_CRYPTOCELL_310 1570 +#endif #ifdef __cplusplus }