RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

pkg: Add cryptocell driver and nrf52 HW features

Browse Source
This commit is contained in:
Lena Boeckmann 2023-08-29 18:54:57 +02:00
parent d4c73d6a30
commit c01d689769
40 changed files with 2241 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cpu/nrf52/Kconfig
View File

@ -69,6 +69,15 @@ config CPU_MODEL_NRF52840XXAA
select HAS_BLE_PHY_CODED select HAS_BLE_PHY_CODED
select HAS_RADIO_NRF802154 select HAS_RADIO_NRF802154
select HAS_PERIPH_UART_NONBLOCKING select HAS_PERIPH_UART_NONBLOCKING
select HAS_PERIPH_HASH_SHA_1
select HAS_PERIPH_HASH_SHA_224
select HAS_PERIPH_HASH_SHA_256
select HAS_PERIPH_HASH_SHA_512
select HAS_PERIPH_HMAC_SHA_256
select HAS_PERIPH_CIPHER_AES_128_CBC
select HAS_PERIPH_ECC_P192R1
select HAS_PERIPH_ECC_P256R1
select HAS_PERIPH_CRYPTOCELL_310
## CPU common symbols ## CPU common symbols
config CPU_FAM config CPU_FAM

1
cpu/nrf52/Makefile.dep
View File

@ -36,5 +36,6 @@ ifneq (,$(filter periph_spi,$(USEMODULE)))
USEMODULE += periph_spi_gpio_mode USEMODULE += periph_spi_gpio_mode
endif endif
include $(RIOTCPU)/nrf52/periph/Makefile.dep
include $(RIOTCPU)/nrf5x_common/Makefile.dep include $(RIOTCPU)/nrf5x_common/Makefile.dep
include $(RIOTCPU)/cortexm_common/Makefile.dep include $(RIOTCPU)/cortexm_common/Makefile.dep

16
cpu/nrf52/Makefile.features
View File

@ -10,6 +10,18 @@ ifneq (,$(filter nrf52811xxaa nrf52820xxaa nrf52833xxaa nrf52840xxaa,$(CPU_MODEL
FEATURES_PROVIDED += radio_nrf802154 FEATURES_PROVIDED += radio_nrf802154
endif endif
# crypto features
ifneq (,$(filter nrf52840xxaa,$(CPU_MODEL)))
FEATURES_PROVIDED += periph_hash_sha_1
FEATURES_PROVIDED += periph_hash_sha_224
FEATURES_PROVIDED += periph_hash_sha_256
FEATURES_PROVIDED += periph_hash_sha_512
FEATURES_PROVIDED += periph_hmac_sha_256
FEATURES_PROVIDED += periph_cipher_aes_128_cbc
FEATURES_PROVIDED += periph_ecc_p192r1
FEATURES_PROVIDED += periph_ecc_p256r1
endif
ifeq (,$(filter nrf52832%,$(CPU_MODEL))) ifeq (,$(filter nrf52832%,$(CPU_MODEL)))
FEATURES_PROVIDED += periph_uart_nonblocking FEATURES_PROVIDED += periph_uart_nonblocking
endif endif
@ -33,6 +45,10 @@ ifneq (,$(filter nrf52811% nrf52820% nrf52833% nrf52840%,$(CPU_MODEL)))
FEATURES_PROVIDED += ble_phy_coded FEATURES_PROVIDED += ble_phy_coded
endif endif
ifneq (,$(filter nrf52840%,$(CPU_MODEL)))
FEATURES_PROVIDED += periph_cryptocell_310
endif
FEATURES_PROVIDED += ble_adv_ext FEATURES_PROVIDED += ble_adv_ext
include $(RIOTCPU)/nrf5x_common/Makefile.features include $(RIOTCPU)/nrf5x_common/Makefile.features

55
cpu/nrf52/periph/Kconfig
View File

@ -12,6 +12,61 @@ config MODULE_SAUL_NRF_VDDH
depends on HAS_PERIPH_ADC depends on HAS_PERIPH_ADC
select MODULE_PERIPH_ADC select MODULE_PERIPH_ADC
config MODULE_PERIPH_CRYPTOCELL_310
bool
depends on HAS_PERIPH_CRYPTOCELL_310
select PACKAGE_DRIVER_CRYPTOCELL_310
# Asymmetric Crypto Peripheral
config MODULE_PERIPH_ECC_P192R1
bool
depends on HAS_PERIPH_ECC_P192R1
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_ECC_P192
config MODULE_PERIPH_ECC_P256R1
bool
depends on HAS_PERIPH_ECC_P256R1
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_ECC_P256
# Hash Related Symbols
config MODULE_PERIPH_HASH_SHA_1
bool
depends on HAS_PERIPH_HASH_SHA_1
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA1
config MODULE_PERIPH_HASH_SHA_224
bool
depends on HAS_PERIPH_HASH_SHA_224
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA224
config MODULE_PERIPH_HASH_SHA_256
bool
depends on HAS_PERIPH_HASH_SHA_256
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA256
config MODULE_PERIPH_HASH_SHA_512
bool
depends on HAS_PERIPH_HASH_SHA_512
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA512
config MODULE_PERIPH_CIPHER_AES_128_CBC
bool
depends on HAS_PERIPH_CIPHER_AES_128_CBC
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_AES_CBC
config MODULE_PERIPH_HMAC_SHA_256
bool
depends on HAS_PERIPH_HMAC_SHA_256
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HMAC
endif # TEST_KCONFIG endif # TEST_KCONFIG
config HAVE_SAUL_NRF_VDDH config HAVE_SAUL_NRF_VDDH

39
cpu/nrf52/periph/Makefile.dep Normal file
View File

@ -0,0 +1,39 @@
ifneq (,$(filter periph_ecc_p192r1,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_ecc_p192
endif
ifneq (,$(filter periph_ecc_p256r1,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_ecc_p256
endif
ifneq (,$(filter periph_hash_sha_1,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hashes_sha1
endif
ifneq (,$(filter periph_hash_sha_224,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hashes_sha224
endif
ifneq (,$(filter periph_hash_sha_256,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hashes_sha256
endif
ifneq (,$(filter periph_hash_sha_512,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hashes_sha512
endif
ifneq (,$(filter periph_cipher_aes_128_cbc,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_aes_cbc
endif
ifneq (,$(filter periph_hmac_sha_256,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hmac
endif

50
kconfigs/Kconfig.features
View File

@ -134,6 +134,11 @@ config HAS_CPU_CHECK_ADDRESS
help help
Indicates that address validity check is supported. Indicates that address validity check is supported.
config HAS_PERIPH_CRYPTOCELL_310
bool
help
Indicates that a cryptocell peripheral is present.
config HAS_DBGPIN config HAS_DBGPIN
bool bool
help help
@ -188,6 +193,11 @@ config HAS_PERIPH_CAN
help help
Indicates that a CAN peripheral is present. Indicates that a CAN peripheral is present.
config HAS_PERIPH_CIPHER_AES_128_CBC
bool
help
Indicates that there is AES 128 CBC hardware acceleration present
config HAS_PERIPH_CORETIMER config HAS_PERIPH_CORETIMER
bool bool
help help
@ -208,6 +218,16 @@ config HAS_PERIPH_DMA
help help
Indicates that a DMA peripheral is present. Indicates that a DMA peripheral is present.
config HAS_PERIPH_ECC_P192R1
bool
help
Indicates that there is ECC P192R1 hardware acceleration peripheral present.
config HAS_PERIPH_ECC_P256R1
bool
help
Indicates that there is ECC P256R1 hardware acceleration peripheral present.
config HAS_PERIPH_EEPROM config HAS_PERIPH_EEPROM
bool bool
help help
@ -285,6 +305,36 @@ config HAS_PERIPH_GPIO_LL_IRQ_UNMASK
Indicates that the GPIO peripheral supports unmasking interrupts without Indicates that the GPIO peripheral supports unmasking interrupts without
clearing pending IRQs that came in while masked. clearing pending IRQs that came in while masked.
config HAS_PERIPH_HASH_MD5
bool
help
Indicates that there is MD5 hardware acceleration present.
config HAS_PERIPH_HASH_SHA_1
bool
help
Indicates that there is SHA-1 hardware acceleration present.
config HAS_PERIPH_HASH_SHA_224
bool
help
Indicates that there is SHA-224 hardware acceleration present.
config HAS_PERIPH_HASH_SHA_256
bool
help
Indicates that there is SHA-256 hardware acceleration present.
config HAS_PERIPH_HASH_SHA_512
bool
help
Indicates that there is SHA-512 hardware acceleration present.
config HAS_PERIPH_HMAC_SHA_256
bool
help
Indicates that there is HMAC SHA-256 hardware acceleration present.
config HAS_PERIPH_HWRNG config HAS_PERIPH_HWRNG
bool bool
help help

9
makefiles/features_modules.inc.mk
View File

@ -11,9 +11,13 @@ USEMODULE += $(PERIPH_FEATURES)
# Add all USED periph_% init modules unless they are blacklisted # Add all USED periph_% init modules unless they are blacklisted
PERIPH_IGNORE_MODULES := \ PERIPH_IGNORE_MODULES := \
periph_cipher_aes_128_cbc \
periph_clic \ periph_clic \
periph_common \ periph_common \
periph_coretimer \ periph_coretimer \
periph_cryptocell_310 \
periph_ecc_p192r1 \
periph_ecc_p256r1 \
periph_eth \ periph_eth \
periph_eth_common \ periph_eth_common \
periph_flash \ periph_flash \
@ -25,6 +29,11 @@ PERIPH_IGNORE_MODULES := \
periph_gpio_ll_irq_level_triggered_low \ periph_gpio_ll_irq_level_triggered_low \
periph_gpio_ll_irq_unmask \ periph_gpio_ll_irq_unmask \
periph_gpio_mux \ periph_gpio_mux \
periph_hash_sha_1 \
periph_hash_sha_224 \
periph_hash_sha_256 \
periph_hash_sha_512 \
periph_hmac_sha_256 \
periph_i2c_hw \ periph_i2c_hw \
periph_i2c_sw \ periph_i2c_sw \
periph_init% \ periph_init% \

1
pkg/Kconfig
View File

@ -17,6 +17,7 @@ rsource "corejson/Kconfig"
rsource "cryptoauthlib/Kconfig" rsource "cryptoauthlib/Kconfig"
rsource "driver_atwinc15x0/Kconfig" rsource "driver_atwinc15x0/Kconfig"
rsource "driver_bme680/Kconfig" rsource "driver_bme680/Kconfig"
rsource "driver_cryptocell_310/Kconfig"
rsource "driver_sx126x/Kconfig" rsource "driver_sx126x/Kconfig"
rsource "elk/Kconfig" rsource "elk/Kconfig"
rsource "emlearn/Kconfig" rsource "emlearn/Kconfig"

19
pkg/driver_cryptocell_310/Kconfig Normal file
View File

@ -0,0 +1,19 @@
# Copyright (c) 2020 HAW Hamburg
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.
#
config PACKAGE_DRIVER_CRYPTOCELL_310
bool
depends on CPU_MODEL_NRF52840XXAA
depends on TEST_KCONFIG
depends on HAS_PERIPH_CRYPTOCELL_310
depends on MODULE_PERIPH_CRYPTOCELL_310
select MODULE_DRIVER_CRYPTOCELL_310_CONTRIB
config MODULE_DRIVER_CRYPTOCELL_310_CONTRIB
bool
rsource "psa_cryptocell_310/Kconfig"

36
pkg/driver_cryptocell_310/Makefile Normal file
View File

@ -0,0 +1,36 @@
PKG_NAME=driver_cryptocell_310
PKG_URL=https://www.nordicsemi.com/-/media/Software-and-other-downloads/SDKs/nRF5/Binaries
PKG_VERSION=17.1.0
PKG_EXT=zip
PKG_DIR_NAME=nRF5_SDK_17.1.0_ddde560
PKG_LICENSE=ARM Object Code and Header Files License
PKG_SOURCE_DIR ?= $(PKGDIRBASE)/$(PKG_NAME)
NRF_CC310_PATH = $(PKG_DIR_NAME)/external/nrf_cc310
PKG_ZIPFILE = $(PKG_DIR_NAME).$(PKG_EXT)
ifneq ($(RIOTBASE),)
include $(RIOTBASE)/Makefile.base
endif
.PHONY: all clean distclean prepare
prepare: $(PKG_PREPARED)
@:
all: $(PKGDIRBASE)/$(PKG_ZIPFILE)
$(Q)$(UNZIP_HERE) -D -n -d $(PKGDIRBASE) $(PKGDIRBASE)/$(PKG_ZIPFILE)
$(Q) mkdir -p $(PKG_SOURCE_DIR)/include
$(Q)cp $(PKGDIRBASE)/$(NRF_CC310_PATH)/include/* $(PKG_SOURCE_DIR)/include
$(Q)cp $(PKGDIRBASE)/$(NRF_CC310_PATH)/lib/cortex-m4/hard-float/libnrf_cc310_0.9.13.a $(PKG_SOURCE_DIR)
$(Q)rm -rf $(PKGDIRBASE)/$(PKG_DIR_NAME)
$(PKGDIRBASE)/$(PKG_ZIPFILE):
$(QQ)mkdir -p $(PKGDIRBASE)
$(Q)$(DOWNLOAD_TO_FILE) $(PKGDIRBASE)/$(PKG_ZIPFILE) $(PKG_URL)/$(PKG_ZIPFILE)
clean::
rm -rf $(PKG_SOURCE_DIR)
distclean::
rm -rf $(PKG_SOURCE_DIR) $(PKGDIRBASE)/$(PKG_ZIPFILE)

6
pkg/driver_cryptocell_310/Makefile.dep Normal file
View File

@ -0,0 +1,6 @@
USEMODULE += driver_cryptocell_310_contrib
FEATURES_REQUIRED += periph_cryptocell_310
ifneq (,$(filter psa_cryptocell_310_%,$(USEMODULE)))
include $(RIOTPKG)/driver_cryptocell_310/psa_cryptocell_310/Makefile.dep
endif

25
pkg/driver_cryptocell_310/Makefile.include Normal file
View File

@ -0,0 +1,25 @@
INCLUDES += -I$(PKGDIRBASE)/driver_cryptocell_310/include
INCLUDES += -I$(RIOTPKG)/driver_cryptocell_310/include
DIRS += $(RIOTPKG)/driver_cryptocell_310/contrib
ARCHIVES += $(PKGDIRBASE)/driver_cryptocell_310/libnrf_cc310_0.9.13.a
ifneq (,$(filter psa_cryptocell_310_%, $(USEMODULE)))
DIRS += $(RIOTPKG)/driver_cryptocell_310/psa_cryptocell_310
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
endif
CFLAGS += -Wno-cast-align
PSEUDOMODULES += psa_cryptocell_310_aes_cbc
PSEUDOMODULES += psa_cryptocell_310_aes_common
PSEUDOMODULES += psa_cryptocell_310_ecc_common
PSEUDOMODULES += psa_cryptocell_310_ecc_p192
PSEUDOMODULES += psa_cryptocell_310_ecc_p256
PSEUDOMODULES += psa_cryptocell_310_error_conversion
PSEUDOMODULES += psa_cryptocell_310_hashes_common
PSEUDOMODULES += psa_cryptocell_310_hashes_sha1
PSEUDOMODULES += psa_cryptocell_310_hashes_sha224
PSEUDOMODULES += psa_cryptocell_310_hashes_sha256
PSEUDOMODULES += psa_cryptocell_310_hashes_sha512
PSEUDOMODULES += psa_cryptocell_310_hmac

3
pkg/driver_cryptocell_310/contrib/Makefile Normal file
View File

@ -0,0 +1,3 @@
MODULE = driver_cryptocell_310_contrib
include $(RIOTBASE)/Makefile.base

83
pkg/driver_cryptocell_310/contrib/cryptocell_util.c Normal file
View File

@ -0,0 +1,83 @@
/*
* Copyright (C) 2020 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Setup function necessary to enable ARM CryptoCell module
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*/
#include "vendor/nrf52840.h"
#include "sns_silib.h"
#include "kernel_defines.h"
#define ENABLE_DEBUG 0
#include "debug.h"
CRYS_RND_WorkBuff_t *rndWorkBuff_ptr;
CRYS_RND_State_t *rndState_ptr;
CRYS_RND_State_t rndState = { 0 };
CRYS_RND_WorkBuff_t rndWorkBuff = { 0 };
/* Defined by the CryptoCell Library */
extern void CRYPTOCELL_IRQHandler(void);
/* This function must be defined to use the CryptoCell module on the NRF52840 board */
void isr_cryptocell(void)
{
CRYPTOCELL_IRQHandler();
}
void cryptocell_310_enable(void)
{
NRF_CRYPTOCELL->ENABLE = 1;
NVIC_EnableIRQ(CRYPTOCELL_IRQn);
}
void cryptocell_310_disable(void)
{
NRF_CRYPTOCELL->ENABLE = 0;
NVIC_DisableIRQ(CRYPTOCELL_IRQn);
}
void driver_cryptocell_310_setup(void)
{
int ret = 0;
rndState_ptr = &rndState;
rndWorkBuff_ptr = &rndWorkBuff;
cryptocell_310_enable();
ret = SaSi_LibInit();
if (ret != SA_SILIB_RET_OK) {
DEBUG("SaSi_LibInit failed: 0x%x\n", ret);
}
ret = CRYS_RndInit(rndState_ptr, rndWorkBuff_ptr);
if (ret != SA_SILIB_RET_OK) {
DEBUG("CRYS_RndInit failed: 0x%x\n", ret);
}
}
void driver_cryptocell_310_terminate(void)
{
int ret = 0;
SaSi_LibFini();
ret = CRYS_RND_UnInstantiation(rndState_ptr);
if (ret != SA_SILIB_RET_OK) {
DEBUG("CRYS_RND_UnInstatiation failed: 0x%x\n", ret);
}
}

10
pkg/driver_cryptocell_310/doc.txt Normal file
View File

@ -0,0 +1,10 @@
/**
* @defgroup pkg_driver_cryptocell_310 ARM CryptoCell 310 Driver
* @ingroup pkg drivers_misc
* @brief Provides the driver for the ARM CryptoCell 310 hardware accelerator
* @see https://infocenter.nordicsemi.com/topic/sdk_nrf5_v17.1.0/group__cryptocell__api.html
*
* @note The source of this package is not a git repository, but a zip file downloaded
* from the Nordic Semiconductor software center. It is quite large and takes a
* while to download.
*/

3
pkg/driver_cryptocell_310/driver_cryptocell_310.mk Normal file
View File

@ -0,0 +1,3 @@
MODULE = driver_cryptocell_310
include $(RIOTBASE)/Makefile.base

61
pkg/driver_cryptocell_310/include/cryptocell_310_util.h Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Utility functions to setup and terminate the CryptoCell 310 driver
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef CRYPTOCELL_310_UTIL_H
#define CRYPTOCELL_310_UTIL_H
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Enable CryptoCell module and IRQs.
*
* Must be called before using crypto functions.
* CryptoCell peripheral will be enabled after this call.
*/
void cryptocell_310_enable(void);
/**
* @brief Disable CryptoCell module and IRQs.
*
* Should be called after using crypto functions.
* CryptoCell peripheral will be disabled after this call.
*/
void cryptocell_310_disable(void);
/**
* @brief Enables CryptoCell module, IRQs and crypto libraries on nrf52840.
*
* Must be called once before using the CryptoCell lib.
*/
void driver_cryptocell_310_setup(void);
/**
* @brief Finishes the use of the CryptoCell library.
*
* Should be called after using the CryptoCell lib.
*/
void driver_cryptocell_310_terminate(void);
#ifdef __cplusplus
}
#endif
#endif /* CRYPTOCELL_310_UTIL_H */
/** @} */

73
pkg/driver_cryptocell_310/include/psa_cryptocell_310_aes_common.h Normal file
View File

@ -0,0 +1,73 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Common AES functions used by all PSA Crypto wrappers
* for the CryptoCell 310 AES APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_CRYPTOCELL_310_AES_COMMON_H
#define PSA_CRYPTOCELL_310_AES_COMMON_H
#ifdef __cplusplus
extern "C" {
#endif
#include "psa/crypto.h"
/**
* @brief Common setup function for AES operations
*
* @param ctx Driver specific AES context of the type @c SaSiAesUserContext_t
* @param direction Encrypt or decrypt direction of type @c SaSiAesEncryptMode_t
* @param mode Operation mode (e.g. CBC, CCM) of type @c SaSiAesOperationMode_t
* @param padding Operation padding type of type @c SaSiAesPaddingType_t
* @param iv Constant buffer containing the IV for the operation
* @param key_buffer Constant buffer containing an AES key
* @param key_size Size of AES key in use.
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx,
SaSiAesEncryptMode_t direction,
SaSiAesOperationMode_t mode,
SaSiAesPaddingType_t padding,
const uint8_t *iv,
const uint8_t *key_buffer,
size_t key_size);
/**
* @brief Common function for an AES encryption
*
* @param ctx AES context of the type @c SaSiAesUserContext_t
* @param input Constant input buffer of plain text to encrypt
* @param input_length Length of the input buffer
* @param output Output buffer to write the cipher
* @param output_buffer_size Size of the output buffer. Must be at least @c input_length
* @param output_length Pointer to output length. Will contain actual length of cipher
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_buffer_size,
size_t *output_length);
#ifdef __cplusplus
}
#endif
#endif /* PSA_CRYPTOCELL_310_AES_COMMON_H */
/** @} */

115
pkg/driver_cryptocell_310/include/psa_cryptocell_310_ecc_common.h Normal file
View File

@ -0,0 +1,115 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Common ECC functions used by all PSA Crypto wrappers
* for the CryptoCell 310 ECC APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_CRYPTOCELL_310_ECC_COMMON_H
#define PSA_CRYPTOCELL_310_ECC_COMMON_H
#ifdef __cplusplus
extern "C" {
#endif
#include "psa/crypto.h"
#include "sns_silib.h"
#include "crys_ecpki_build.h"
#include "crys_ecpki_ecdsa.h"
#include "crys_ecpki_kg.h"
#include "crys_ecpki_domain.h"
/**
* @brief Map PSA hash encodings to CryptoCell specific hash encodings
*
* @param hash psa_algorithm_t
*/
#define MAP_PSA_HASH_TO_CRYS_HASH(hash) \
((hash == PSA_ALG_SHA_1) ? CRYS_ECPKI_AFTER_HASH_SHA1_mode : \
(hash == PSA_ALG_SHA_224) ? CRYS_ECPKI_AFTER_HASH_SHA224_mode : \
(hash == PSA_ALG_SHA_256) ? CRYS_ECPKI_AFTER_HASH_SHA256_mode : \
(hash == PSA_ALG_SHA_384) ? CRYS_ECPKI_AFTER_HASH_SHA384_mode : \
(hash == PSA_ALG_SHA_512) ? CRYS_ECPKI_AFTER_HASH_SHA512_mode : \
0)
/**
* @brief Common ECC key generation function
*
* @param priv_key_buffer Output buffer to write ECC private key
* @param pub_key_buffer Output buffer to write ECC public key
* @param priv_key_buffer_length Output pointer to write private key length
* @param pub_key_buffer_length Output pointer to write public key length
* @param domain ECC domain of type @c CRYS_ECPKI_DomainID_t
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_ecc_generate_key_pair(uint8_t *priv_key_buffer,
uint8_t *pub_key_buffer,
uint32_t *priv_key_buffer_length,
uint32_t *pub_key_buffer_length,
CRYS_ECPKI_DomainID_t domain);
/**
* @brief Common ECC hash signature function
*
* @param priv_key Pointer to ECC private key
* @param priv_key_size Size of private key
* @param hash Hash of the message to sign
* @param hash_length Length of the message hash
* @param signature Output buffer to write the generated signature
* @param signature_length Pointer to store the actual length of the signature
* @param hash_mode Mode used to hash the message of type @c CRYS_ECPKI_HASH_OpMode_t
* @param domain ECC domain of type @c CRYS_ECPKI_DomainID_t
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_ecc_sign_hash(const uint8_t *priv_key,
uint32_t priv_key_size,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t *signature_length,
CRYS_ECPKI_HASH_OpMode_t hash_mode,
CRYS_ECPKI_DomainID_t domain);
/**
* @brief Common ECC hash verification function
*
* @param pub_key Pointer to ECC public key
* @param pub_key_size Size of public key
* @param hash Hash of the message to sign
* @param hash_length Length of the message hash
* @param signature Buffer containing the signature to be verified
* @param signature_length Actual length of the signature
* @param hash_mode Mode used to hash the message of type
* @c CRYS_ECPKI_HASH_OpMode_t
* @param domain ECC domain of type @c CRYS_ECPKI_DomainID_t
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_ecc_verify_hash(const uint8_t *pub_key,
size_t pub_key_size,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length,
CRYS_ECPKI_HASH_OpMode_t hash_mode,
CRYS_ECPKI_DomainID_t domain);
#ifdef __cplusplus
}
#endif
#endif /* PSA_CRYPTOCELL_310_ECC_COMMON_H */
/** @} */

71
pkg/driver_cryptocell_310/include/psa_cryptocell_310_hashes_common.h Normal file
View File

@ -0,0 +1,71 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Common hash functions used by all PSA Crypto wrappers
* for the CryptoCell 310 hash APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_CRYPTOCELL_310_HASHES_COMMON_H
#define PSA_CRYPTOCELL_310_HASHES_COMMON_H
#ifdef __cplusplus
extern "C" {
#endif
#include "psa/crypto.h"
#include "crys_hash.h"
/**
* @brief Common hash setup function
*
* @param ctx Driver specific hash context of type @c CRYS_HASHUserContext_t
* @param mode Hash mode of type @c CRYS_HASH_OperationMode_t
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_hash_setup(CRYS_HASHUserContext_t *ctx,
CRYS_HASH_OperationMode_t mode);
/**
* @brief Common hash update function
*
* @param ctx Driver specific hash context of type @c CRYS_HASHUserContext_t
* @param input Input that is going to be hashed
* @param input_length Length of @p input
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx,
const uint8_t *input,
size_t input_length);
/**
* @brief Common hash finish function
*
* @param ctx Driver specific hash context of type @c CRYS_HASHUserContext_t
* @param hash Output buffer to write the computated hash
* @param hash_size Size of @p hash
* @param hash_length Pointer where the actual length of the hash will be stored
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_hash_finish(CRYS_HASHUserContext_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
#ifdef __cplusplus
}
#endif
#endif /* PSA_CRYPTOCELL_310_HASHES_COMMON_H */
/** @} */

60
pkg/driver_cryptocell_310/include/psa_error.h Normal file
View File

@ -0,0 +1,60 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_ERROR_H
#define PSA_ERROR_H
#ifdef __cplusplus
extern "C" {
#endif
#include "psa/crypto.h"
#include "crys_ecpki_error.h"
#include "crys_hash_error.h"
#include "ssi_aes_error.h"
/**
* @brief Convert CryptoCell CRYS errors to PSA status values
*
* @param error Error value of type @c CRYSError_t
* @return @ref psa_status_t
*/
psa_status_t CRYS_to_psa_error(CRYSError_t error);
/**
* @brief Convert CryptoCell SaSi errors to PSA status values
*
* @param error Error value of type @c SaSiStatus
* @return @ref psa_status_t
*/
psa_status_t SaSi_to_psa_error(SaSiStatus error);
/**
* @brief Function to print CryptoCell Error values in clear text.
*
* @param status Error value of type @c SaSiStatus or @c CRYSError_t
* @return const char*
*/
const char *cryptocell310_status_to_humanly_readable(uint32_t status);
#ifdef __cplusplus
}
#endif
#endif /* PSA_ERROR_H */
/** @} */

41
pkg/driver_cryptocell_310/include/psa_periph_aes_ctx.h Normal file
View File

@ -0,0 +1,41 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief CryptoCell 310 driver specific AES contexts
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_PERIPH_AES_CTX_H
#define PSA_PERIPH_AES_CTX_H
#ifdef __cplusplus
extern "C" {
#endif
#include "ssi_aes.h"
#include "kernel_defines.h"
#if IS_USED(MODULE_PERIPH_CIPHER_AES_128_CBC) || DOXYGEN
/**
* @brief Map driver specific AES context to PSA context
*/
typedef SaSiAesUserContext_t psa_cipher_aes_128_ctx_t;
#endif
#ifdef __cplusplus
}
#endif
#endif /* PSA_PERIPH_AES_CTX_H */
/** @} */

64
pkg/driver_cryptocell_310/include/psa_periph_hashes_ctx.h Normal file
View File

@ -0,0 +1,64 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief CryptoCell 310 driver specific hash contexts
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_PERIPH_HASHES_CTX_H
#define PSA_PERIPH_HASHES_CTX_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdlib.h>
#include "kernel_defines.h"
#include "crys_hash.h"
#if IS_USED(MODULE_PERIPH_HASH_SHA_1) || DOXYGEN
/**
* @brief Map driver specific SHA1 context to PSA context
*/
typedef CRYS_HASHUserContext_t psa_hashes_sha1_ctx_t;
#endif
#if IS_USED(MODULE_PERIPH_HASH_SHA_224) || DOXYGEN
/**
* @brief Map driver specific SHA224 context to PSA context
*/
typedef CRYS_HASHUserContext_t psa_hashes_sha224_ctx_t;
#endif
#if IS_USED(MODULE_PERIPH_HASH_SHA_256) || DOXYGEN
/**
* @brief Map driver specific SHA256 context to PSA context
*/
typedef CRYS_HASHUserContext_t psa_hashes_sha256_ctx_t;
#endif
#if IS_USED(MODULE_PERIPH_HASH_SHA_512) || DOXYGEN
/**
* @brief Map driver specific SHA512 context to PSA context
*/
typedef CRYS_HASHUserContext_t psa_hashes_sha512_ctx_t;
#endif
#ifdef __cplusplus
}
#endif
#endif /* PSA_PERIPH_HASHES_CTX_H */
/** @} */

77
pkg/driver_cryptocell_310/psa_cryptocell_310/Kconfig Normal file
View File

@ -0,0 +1,77 @@
# Copyright (c) 2021 HAW Hamburg
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.
#
# Hashes
config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA1
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA224
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA256
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA512
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
# MAC
config MODULE_PSA_CRYPTOCELL_310_HMAC
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
# AES
config MODULE_PSA_CRYPTOCELL_310_AES_CBC
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_AES_COMMON
# ECC
config MODULE_PSA_CRYPTOCELL_310_ECC_P192
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_ECC_COMMON
config MODULE_PSA_CRYPTOCELL_310_ECC_P256
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_ECC_COMMON
config MODULE_PSA_CRYPTOCELL_310
bool "PSA CryptoCell Wrapper"
select MODULE_PSA_CRYPTOCELL_310_ERROR_CONVERSION
config MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
bool
config MODULE_PSA_CRYPTOCELL_310_ECC_COMMON
bool
config MODULE_PSA_CRYPTOCELL_310_AES_COMMON
bool
config MODULE_PSA_CRYPTOCELL_310_ERROR_CONVERSION
bool

4
pkg/driver_cryptocell_310/psa_cryptocell_310/Makefile Normal file
View File

@ -0,0 +1,4 @@
BASE_MODULE := psa_cryptocell_310
SUBMODULES := 1
include $(RIOTBASE)/Makefile.base

30
pkg/driver_cryptocell_310/psa_cryptocell_310/Makefile.dep Normal file
View File

@ -0,0 +1,30 @@
USEMODULE += psa_cryptocell_310
USEMODULE += psa_cryptocell_310_error_conversion
ifneq (,$(filter psa_cryptocell_310_hashes_sha1,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_hashes_common
endif
ifneq (,$(filter psa_cryptocell_310_hashes_sha224,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_hashes_common
endif
ifneq (,$(filter psa_cryptocell_310_hashes_sha256,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_hashes_common
endif
ifneq (,$(filter psa_cryptocell_310_hashes_sha512,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_hashes_common
endif
ifneq (,$(filter psa_cryptocell_310_aes_cbc,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_aes_common
endif
ifneq (,$(filter psa_cryptocell_310_ecc_p192,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_ecc_common
endif
ifneq (,$(filter psa_cryptocell_310_ecc_p256,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_ecc_common
endif

131
pkg/driver_cryptocell_310/psa_cryptocell_310/aes_cbc.c Normal file
View File

@ -0,0 +1,131 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 AES 128 CBC APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_error.h"
#include "psa_cryptocell_310_aes_common.h"
#include "ssi_aes.h"
#define ENABLE_DEBUG 0
#include "debug.h"
psa_status_t psa_cipher_cbc_aes_128_encrypt(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
if ((alg != PSA_ALG_CBC_PKCS7) && (alg != PSA_ALG_CBC_NO_PADDING)) {
DEBUG("%s : Invalid CBC padding type\n", __FILE__);
return PSA_ERROR_INVALID_ARGUMENT;
}
if (key_buffer_size < PSA_BITS_TO_BYTES(attributes->bits)) {
DEBUG("%s : Key buffer too small\n", __FILE__);
return PSA_ERROR_BUFFER_TOO_SMALL;
}
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t iv_length = 0;
size_t key_size = PSA_BITS_TO_BYTES(attributes->bits);
psa_cipher_operation_t operation = psa_cipher_operation_init();
operation.iv_required = 1;
operation.default_iv_length = PSA_CIPHER_IV_LENGTH(attributes->type, alg);
SaSiAesPaddingType_t padding =
(alg == PSA_ALG_CBC_PKCS7) ? SASI_AES_PADDING_PKCS7 : SASI_AES_PADDING_NONE;
status = psa_cipher_generate_iv(&operation, output, operation.default_iv_length, &iv_length);
if (status != PSA_SUCCESS) {
return status;
}
status = cryptocell_310_common_aes_setup((SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128,
SASI_AES_ENCRYPT, SASI_AES_MODE_CBC, padding, output, key_buffer,
key_size);
if (status != PSA_SUCCESS) {
return status;
}
status = cryptocell_310_common_aes_encrypt_decrypt(
(SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128,
input, input_length, output + iv_length, output_size - iv_length,
output_length);
if (status != PSA_SUCCESS) {
return status;
}
*output_length = output_size;
return PSA_SUCCESS;
}
psa_status_t psa_cipher_cbc_aes_128_decrypt(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
if ((alg != PSA_ALG_CBC_PKCS7) && (alg != PSA_ALG_CBC_NO_PADDING)) {
DEBUG("%s : Invalid CBC padding type\n", __FILE__);
return PSA_ERROR_INVALID_ARGUMENT;
}
if (key_buffer_size < PSA_BITS_TO_BYTES(attributes->bits)) {
DEBUG("%s : Key buffer too small\n", __FILE__);
return PSA_ERROR_BUFFER_TOO_SMALL;
}
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t key_size = PSA_BITS_TO_BYTES(attributes->bits);
psa_cipher_operation_t operation = psa_cipher_operation_init();
operation.iv_required = 1;
operation.default_iv_length = PSA_CIPHER_IV_LENGTH(attributes->type, alg);
SaSiAesPaddingType_t padding =
(alg == PSA_ALG_CBC_PKCS7) ? SASI_AES_PADDING_PKCS7 : SASI_AES_PADDING_NONE;
status = cryptocell_310_common_aes_setup((SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128,
SASI_AES_DECRYPT, SASI_AES_MODE_CBC, padding, input, key_buffer,
key_size);
if (status != PSA_SUCCESS) {
return status;
}
status = cryptocell_310_common_aes_encrypt_decrypt(
(SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128,
input + operation.default_iv_length, input_length - operation.
default_iv_length, output, output_size, output_length);
if (status != PSA_SUCCESS) {
return status;
}
*output_length = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(attributes->type, alg, input_length);
return PSA_SUCCESS;
}

112
pkg/driver_cryptocell_310/psa_cryptocell_310/aes_common.c Normal file
View File

@ -0,0 +1,112 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Common AES functions used by all PSA Crypto wrappers
* for the CryptoCell 310 AES APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa/crypto.h"
#include "vendor/nrf52840.h"
#include "ssi_aes.h"
#include "sns_silib.h"
#include "psa_error.h"
#include "cryptocell_310_util.h"
#define ENABLE_DEBUG 0
#include "debug.h"
#define CC310_MAX_AES_INPUT_BLOCK (0xFFF0)
psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx,
SaSiAesEncryptMode_t direction,
SaSiAesOperationMode_t mode,
SaSiAesPaddingType_t padding,
const uint8_t *iv,
const uint8_t *key_buffer,
size_t key_size)
{
SaSiAesUserKeyData_t key;
SaSiStatus ret = SaSi_AesInit(ctx, direction, mode, padding);
if (ret != SASI_OK) {
DEBUG("SaSi_AesInit failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
key.keySize = key_size;
key.pKey = (uint8_t *)key_buffer;
ret = SaSi_AesSetKey(ctx, SASI_AES_USER_KEY, &key, sizeof(key));
if (ret != SASI_OK) {
DEBUG("SaSi_AesSetKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
ret = SaSi_AesSetIv(ctx, (uint8_t *)iv);
if (ret != SASI_OK) {
DEBUG("SaSi_AesSetIv failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
SaSiStatus ret = 0;
size_t offset = 0;
size_t size;
size_t length = input_length;
*output_length = output_size;
do {
if (length > CC310_MAX_AES_INPUT_BLOCK) {
size = CC310_MAX_AES_INPUT_BLOCK;
length -= CC310_MAX_AES_INPUT_BLOCK;
}
else {
size = length;
length = 0;
}
cryptocell_310_enable();
ret = SaSi_AesBlock(ctx, (uint8_t *)(input + offset), size, output + offset);
cryptocell_310_disable();
if (ret != SASI_OK) {
DEBUG("SaSi_AesBlock failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
offset += size;
} while ((length > 0) && (ret == SASI_OK));
cryptocell_310_enable();
ret = SaSi_AesFinish(ctx, length, (uint8_t *)(input + offset), input_length, output,
output_length);
cryptocell_310_disable();
if (ret != SASI_OK) {
DEBUG("SaSi_AesFinish failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
return PSA_SUCCESS;
}

143
pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_common.c Normal file
View File

@ -0,0 +1,143 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Common ECC functions used by all PSA Crypto wrappers
* for the CryptoCell 310 ECC APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_error.h"
#include "psa_cryptocell_310_ecc_common.h"
#include "cryptocell_310_util.h"
#define ENABLE_DEBUG 0
#include "debug.h"
extern CRYS_RND_State_t *rndState_ptr;
CRYS_ECPKI_Domain_t *pDomain;
SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc;
psa_status_t cryptocell_310_common_ecc_generate_key_pair(uint8_t *priv_key_buffer,
uint8_t *pub_key_buffer,
uint32_t *priv_key_buffer_length,
uint32_t *pub_key_buffer_length,
CRYS_ECPKI_DomainID_t domain)
{
CRYS_ECPKI_UserPrivKey_t priv_key;
CRYS_ECPKI_UserPublKey_t pub_key;
CRYS_ECPKI_KG_FipsContext_t FipsBuff;
CRYS_ECPKI_KG_TempData_t TempECCKGBuff;
CRYSError_t ret;
rndGenerateVectFunc = CRYS_RND_GenerateVector;
pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
cryptocell_310_enable();
ret = CRYS_ECPKI_GenKeyPair(rndState_ptr, rndGenerateVectFunc, pDomain, &priv_key, &pub_key,
&TempECCKGBuff, &FipsBuff);
cryptocell_310_disable();
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_GenKeyPair failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
ret = CRYS_ECPKI_ExportPrivKey(&priv_key, priv_key_buffer, priv_key_buffer_length);
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_ExportPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
ret = CRYS_ECPKI_ExportPublKey(&pub_key, CRYS_EC_PointUncompressed, pub_key_buffer,
pub_key_buffer_length);
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_ExportPubKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_ecc_sign_hash(const uint8_t *priv_key,
uint32_t priv_key_size,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t *signature_length,
CRYS_ECPKI_HASH_OpMode_t hash_mode,
CRYS_ECPKI_DomainID_t domain)
{
CRYS_ECDSA_SignUserContext_t SignUserContext;
CRYS_ECPKI_UserPrivKey_t user_priv_key;
CRYSError_t ret = 0;
rndGenerateVectFunc = CRYS_RND_GenerateVector;
pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
ret = CRYS_ECPKI_BuildPrivKey(pDomain, priv_key, priv_key_size, &user_priv_key);
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_BuildPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
cryptocell_310_enable();
ret = CRYS_ECDSA_Sign(rndState_ptr, rndGenerateVectFunc,
&SignUserContext, &user_priv_key, hash_mode, (uint8_t *)hash, hash_length,
signature, (uint32_t *)signature_length);
cryptocell_310_disable();
if (ret != CRYS_OK) {
DEBUG("CRYS_ECDSA_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_ecc_verify_hash(const uint8_t *pub_key,
size_t pub_key_size,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length,
CRYS_ECPKI_HASH_OpMode_t hash_mode,
CRYS_ECPKI_DomainID_t domain)
{
CRYS_ECDSA_VerifyUserContext_t VerifyUserContext;
CRYS_ECPKI_UserPublKey_t user_pub_key;
CRYSError_t ret = 0;
pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
/**
* For more security, use CRYS_ECPKI_BuildPublKeyPartlyCheck or
* CRYS_ECPKI_BuildPublKeyFullCheck -> Those take longer and use more memory space
* */
ret = CRYS_ECPKI_BuildPublKey(pDomain, (uint8_t *)pub_key, pub_key_size, &user_pub_key);
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_BuildPublKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
cryptocell_310_enable();
ret = CRYS_ECDSA_Verify(&VerifyUserContext, &user_pub_key, hash_mode, (uint8_t *)signature,
signature_length, (uint8_t *)hash, hash_length);
cryptocell_310_disable();
if (ret != CRYS_OK) {
DEBUG("CRYS_ECDSA_Verify failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}

76
pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_p192.c Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 ECC P192 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_cryptocell_310_ecc_common.h"
psa_status_t psa_generate_ecc_p192r1_key_pair(const psa_key_attributes_t *attributes,
uint8_t *priv_key_buffer,
uint8_t *pub_key_buffer,
size_t *priv_key_buffer_length,
size_t *pub_key_buffer_length)
{
*priv_key_buffer_length = PSA_BITS_TO_BYTES(attributes->bits);
*pub_key_buffer_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(attributes->type, attributes->bits);
return cryptocell_310_common_ecc_generate_key_pair(priv_key_buffer, pub_key_buffer,
(uint32_t *)priv_key_buffer_length,
(uint32_t *)pub_key_buffer_length,
CRYS_ECPKI_DomainID_secp192r1);
}
psa_status_t psa_ecc_p192r1_sign_hash( const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length)
{
CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg));
(void)signature_size;
(void)key_buffer_size;
return cryptocell_310_common_ecc_sign_hash(key_buffer,
PSA_BITS_TO_BYTES(attributes->bits),
hash, hash_length, signature,
signature_length, hash_mode,
CRYS_ECPKI_DomainID_secp192r1);
}
psa_status_t psa_ecc_p192r1_verify_hash(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length)
{
CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg));
(void)attributes;
return cryptocell_310_common_ecc_verify_hash(key_buffer, key_buffer_size,
hash, hash_length, signature,
signature_length, hash_mode,
CRYS_ECPKI_DomainID_secp192r1);
}

74
pkg/driver_cryptocell_310/psa_cryptocell_310/ecc_p256.c Normal file
View File

@ -0,0 +1,74 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 ECC P256 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_cryptocell_310_ecc_common.h"
psa_status_t psa_generate_ecc_p256r1_key_pair( const psa_key_attributes_t *attributes,
uint8_t *priv_key_buffer,
uint8_t *pub_key_buffer,
size_t *priv_key_buffer_length,
size_t *pub_key_buffer_length)
{
*priv_key_buffer_length = PSA_BITS_TO_BYTES(attributes->bits);
*pub_key_buffer_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(attributes->type, attributes->bits);
return cryptocell_310_common_ecc_generate_key_pair(priv_key_buffer, pub_key_buffer,
(uint32_t *)priv_key_buffer_length,
(uint32_t *)pub_key_buffer_length,
CRYS_ECPKI_DomainID_secp256r1);
}
psa_status_t psa_ecc_p256r1_sign_hash( const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length)
{
(void)key_buffer_size;
CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg));
*signature_length = signature_size;
return cryptocell_310_common_ecc_sign_hash(key_buffer,
PSA_BITS_TO_BYTES(attributes->bits),
hash, hash_length, signature,
signature_length, hash_mode,
CRYS_ECPKI_DomainID_secp256r1);
}
psa_status_t psa_ecc_p256r1_verify_hash(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length)
{
CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg));
(void)attributes;
return cryptocell_310_common_ecc_verify_hash(key_buffer, key_buffer_size,
hash, hash_length, signature,
signature_length, hash_mode,
CRYS_ECPKI_DomainID_secp256r1);
}

413
pkg/driver_cryptocell_310/psa_cryptocell_310/error_conversion.c Normal file
View File

@ -0,0 +1,413 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_error.h"
psa_status_t CRYS_to_psa_error(CRYSError_t error)
{
switch (error) {
case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR:
case CRYS_HASH_IS_NOT_SUPPORTED:
return PSA_ERROR_NOT_SUPPORTED;
case CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR:
return PSA_ERROR_CORRUPTION_DETECTED;
case CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR:
case CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR:
case CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR:
case CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR:
case CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR:
case CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR:
case CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR:
case CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR:
case CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR:
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR:
case CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR:
case CRYS_ECC_ILLEGAL_HASH_MODE_ERROR:
case CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR:
case CRYS_ECPKI_DOMAIN_PTR_ERROR:
case CRYS_ECPKI_RND_CONTEXT_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR:
case CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_EXTERN_PRIV_KEY_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_ILLEGAL_VALIDATION_TAG_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_DATA_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR:
case CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR:
case CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR:
case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR:
case CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR:
case CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR:
case CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR:
case CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR:
case CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR:
case CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR:
case CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR:
case CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR:
case CRYS_HASH_DATA_SIZE_ILLEGAL:
case CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR:
case CRYS_HASH_ILLEGAL_PARAMS_ERROR:
case CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR:
case CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR:
case CRYS_HASH_CTX_SIZES_ERROR:
return PSA_ERROR_INVALID_ARGUMENT;
default:
return PSA_ERROR_GENERIC_ERROR;
}
}
psa_status_t SaSi_to_psa_error(SaSiStatus error)
{
switch (error) {
case SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR:
case SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR:
case SASI_AES_ILLEGAL_OPERATION_MODE_ERROR:
case SASI_AES_ILLEGAL_KEY_SIZE_ERROR:
case SASI_AES_INVALID_KEY_POINTER_ERROR:
case SASI_AES_INVALID_ENCRYPT_MODE_ERROR:
case SASI_AES_DATA_IN_POINTER_INVALID_ERROR:
case SASI_AES_DATA_OUT_POINTER_INVALID_ERROR:
case SASI_AES_DATA_IN_SIZE_ILLEGAL:
case SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR:
case SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR:
case SASI_AES_CTX_SIZES_ERROR:
case SASI_AES_ILLEGAL_PARAMS_ERROR:
case SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR:
case SASI_AES_CTR_ILLEGAL_COUNTER_ERROR:
return PSA_ERROR_INVALID_ARGUMENT;
case SASI_AES_DATA_IN_BUFFER_SIZE_ERROR:
case SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR:
return PSA_ERROR_BUFFER_TOO_SMALL;
case SASI_AES_ILLEGAL_PADDING_TYPE_ERROR:
case SASI_AES_INCORRECT_PADDING_ERROR:
return PSA_ERROR_INVALID_PADDING;
case SASI_AES_CORRUPTED_OUTPUT_ERROR:
case SASI_AES_USER_CONTEXT_CORRUPTED_ERROR:
return PSA_ERROR_CORRUPTION_DETECTED;
case SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE:
case SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR:
return PSA_ERROR_NOT_PERMITTED;
case SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR:
case SASI_AES_IS_NOT_SUPPORTED:
return PSA_ERROR_NOT_SUPPORTED;
case SASI_OUT_OF_RESOURCE_ERROR:
return PSA_ERROR_INSUFFICIENT_MEMORY;
default:
return PSA_ERROR_GENERIC_ERROR;
}
}
const char *cryptocell310_status_to_humanly_readable(uint32_t status)
{
switch(status) {
case CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR:
return "CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR";
case CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR";
case CRYS_ECDSA_SIGN_SIGNING_ERROR:
return "CRYS_ECDSA_SIGN_SIGNING_ERROR";
case CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR:
return "CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR";
case CRYS_ECPKI_PKI_INTERNAL_ERROR:
return "CRYS_ECPKI_PKI_INTERNAL_ERROR";
case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR:
return "CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR";
case CRYS_HASH_IS_NOT_SUPPORTED:
return "CRYS_HASH_IS_NOT_SUPPORTED";
case CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR:
return "CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR";
case CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR:
return "CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR";
case CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR:
return "CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR";
case CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR:
return "CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR";
case CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR:
return "CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR";
case CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR:
return "CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR";
case CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR:
return "CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR";
case CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR";
case CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR";
case CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR:
return "CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR";
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR";
case CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR:
return "CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR";
case CRYS_ECC_ILLEGAL_HASH_MODE_ERROR:
return "CRYS_ECC_ILLEGAL_HASH_MODE_ERROR";
case CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR:
return "CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR";
case CRYS_ECPKI_DOMAIN_PTR_ERROR:
return "CRYS_ECPKI_DOMAIN_PTR_ERROR";
case CRYS_ECPKI_RND_CONTEXT_PTR_ERROR:
return "CRYS_ECPKI_RND_CONTEXT_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR";
case CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR:
return "CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_EXTERN_PRIV_KEY_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_EXTERN_PRIV_KEY_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_ILLEGAL_VALIDATION_TAG_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_ILLEGAL_VALIDATION_TAG_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_DATA_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_DATA_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR";
case CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR:
return "CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR:
return "CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR:
return "CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR";
case CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR:
return "CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR";
case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR:
return "CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR";
case CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR:
return "CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR";
case CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR:
return "CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR";
case CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR:
return "CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR";
case CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR:
return "CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR";
case CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR:
return "CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR";
case CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR:
return "CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR";
case CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR:
return "CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR";
case CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR:
return "CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR";
case CRYS_HASH_DATA_SIZE_ILLEGAL:
return "CRYS_HASH_DATA_SIZE_ILLEGAL";
case CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR:
return "CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR";
case CRYS_HASH_ILLEGAL_PARAMS_ERROR:
return "CRYS_HASH_ILLEGAL_PARAMS_ERROR";
case CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR:
return "CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR";
case CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR:
return "CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR";
case CRYS_HASH_CTX_SIZES_ERROR:
return "CRYS_HASH_CTX_SIZES_ERROR";
case SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR:
return "SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR";
case SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR:
return "SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR";
case SASI_AES_ILLEGAL_OPERATION_MODE_ERROR:
return "SASI_AES_ILLEGAL_OPERATION_MODE_ERROR";
case SASI_AES_ILLEGAL_KEY_SIZE_ERROR:
return "SASI_AES_ILLEGAL_KEY_SIZE_ERROR";
case SASI_AES_INVALID_KEY_POINTER_ERROR:
return "SASI_AES_INVALID_KEY_POINTER_ERROR";
case SASI_AES_INVALID_ENCRYPT_MODE_ERROR:
return "SASI_AES_INVALID_ENCRYPT_MODE_ERROR";
case SASI_AES_DATA_IN_POINTER_INVALID_ERROR:
return "SASI_AES_DATA_IN_POINTER_INVALID_ERROR";
case SASI_AES_DATA_OUT_POINTER_INVALID_ERROR:
return "SASI_AES_DATA_OUT_POINTER_INVALID_ERROR";
case SASI_AES_DATA_IN_SIZE_ILLEGAL:
return "SASI_AES_DATA_IN_SIZE_ILLEGAL";
case SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR:
return "SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR";
case SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR:
return "SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR";
case SASI_AES_CTX_SIZES_ERROR:
return "SASI_AES_CTX_SIZES_ERROR";
case SASI_AES_ILLEGAL_PARAMS_ERROR:
return "SASI_AES_ILLEGAL_PARAMS_ERROR";
case SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR:
return "SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR";
case SASI_AES_CTR_ILLEGAL_COUNTER_ERROR:
return "SASI_AES_CTR_ILLEGAL_COUNTER_ERROR";
case SASI_AES_DATA_IN_BUFFER_SIZE_ERROR:
return "SASI_AES_DATA_IN_BUFFER_SIZE_ERROR";
case SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR:
return "SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR";
case SASI_AES_ILLEGAL_PADDING_TYPE_ERROR:
return "SASI_AES_ILLEGAL_PADDING_TYPE_ERROR";
case SASI_AES_INCORRECT_PADDING_ERROR:
return "SASI_AES_INCORRECT_PADDING_ERROR";
case SASI_AES_CORRUPTED_OUTPUT_ERROR:
return "SASI_AES_CORRUPTED_OUTPUT_ERROR";
case SASI_AES_USER_CONTEXT_CORRUPTED_ERROR:
return "SASI_AES_USER_CONTEXT_CORRUPTED_ERROR";
case SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE:
return "SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE";
case SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR:
return "SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR";
case SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR:
return "SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR";
case SASI_AES_IS_NOT_SUPPORTED:
return "SASI_AES_IS_NOT_SUPPORTED";
case SASI_OUT_OF_RESOURCE_ERROR:
return "SASI_OUT_OF_RESOURCE_ERROR";
default:
return "Error value not recognized";
}
}

87
pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_common.c Normal file
View File

@ -0,0 +1,87 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Common hash functions used by all PSA Crypto wrappers
* for the CryptoCell 310 hash APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa/crypto.h"
#include "psa_error.h"
#include "cryptocell_310_util.h"
#include "crys_hash.h"
#define ENABLE_DEBUG 0
#include "debug.h"
#define CC310_MAX_HASH_INPUT_BLOCK (0xFFF0)
psa_status_t cryptocell_310_common_hash_setup(CRYS_HASHUserContext_t *ctx,
CRYS_HASH_OperationMode_t mode)
{
CRYSError_t ret = CRYS_HASH_Init(ctx, mode);
if (ret != CRYS_OK) {
DEBUG("CRYS_HASH_Init failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx,
const uint8_t *input,
size_t input_length)
{
CRYSError_t ret = 0;
size_t offset = 0;
size_t size;
do {
if (input_length > CC310_MAX_HASH_INPUT_BLOCK) {
size = CC310_MAX_HASH_INPUT_BLOCK;
input_length -= CC310_MAX_HASH_INPUT_BLOCK;
}
else {
size = input_length;
input_length = 0;
}
cryptocell_310_enable();
ret = CRYS_HASH_Update(ctx, (uint8_t *)(input + offset), size);
cryptocell_310_disable();
offset += size;
} while ((input_length > 0) && (ret == CRYS_OK));
if (ret != CRYS_OK) {
DEBUG("CRYS_HASH_Update failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_hash_finish(CRYS_HASHUserContext_t *ctx, uint8_t *hash, size_t hash_size,
size_t *hash_length)
{
cryptocell_310_enable();
CRYSError_t ret = CRYS_HASH_Finish(ctx, (uint32_t *)hash);
cryptocell_310_disable();
if (ret != CRYS_OK) {
DEBUG("CRYS_HASH_Finish failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
*hash_length = hash_size;
return PSA_SUCCESS;
}

43
pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha1.c Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA1 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include <stdio.h>
#include "kernel_defines.h"
#include "psa_periph_hashes_ctx.h"
#include "psa_cryptocell_310_hashes_common.h"
psa_status_t psa_hashes_sha1_setup(psa_hashes_sha1_ctx_t *ctx)
{
return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA1_mode);
}
psa_status_t psa_hashes_sha1_update(psa_hashes_sha1_ctx_t *ctx,
const uint8_t *input,
size_t input_length)
{
return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length);
}
psa_status_t psa_hashes_sha1_finish(psa_hashes_sha1_ctx_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length);
}

43
pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha224.c Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA224 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include <stdio.h>
#include "kernel_defines.h"
#include "psa_periph_hashes_ctx.h"
#include "psa_cryptocell_310_hashes_common.h"
psa_status_t psa_hashes_sha224_setup(psa_hashes_sha224_ctx_t *ctx)
{
return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA224_mode);
}
psa_status_t psa_hashes_sha224_update(psa_hashes_sha224_ctx_t *ctx,
const uint8_t *input,
size_t input_length)
{
return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length);
}
psa_status_t psa_hashes_sha224_finish(psa_hashes_sha224_ctx_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length);
}

42
pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha256.c Normal file
View File

@ -0,0 +1,42 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA256 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "kernel_defines.h"
#include "psa_periph_hashes_ctx.h"
#include "psa_cryptocell_310_hashes_common.h"
psa_status_t psa_hashes_sha256_setup(psa_hashes_sha256_ctx_t *ctx)
{
return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA256_mode);
}
psa_status_t psa_hashes_sha256_update(psa_hashes_sha256_ctx_t *ctx,
const uint8_t *input,
size_t input_length)
{
return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length);
}
psa_status_t psa_hashes_sha256_finish(psa_hashes_sha256_ctx_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length);
}

43
pkg/driver_cryptocell_310/psa_cryptocell_310/hashes_sha512.c Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA512 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include <stdio.h>
#include "kernel_defines.h"
#include "psa_periph_hashes_ctx.h"
#include "psa_cryptocell_310_hashes_common.h"
psa_status_t psa_hashes_sha512_setup(psa_hashes_sha512_ctx_t *ctx)
{
return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA512_mode);
}
psa_status_t psa_hashes_sha512_update(psa_hashes_sha512_ctx_t *ctx,
const uint8_t *input,
size_t input_length)
{
return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length);
}
psa_status_t psa_hashes_sha512_finish( psa_hashes_sha512_ctx_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length);
}

58
pkg/driver_cryptocell_310/psa_cryptocell_310/hmac.c Normal file
View File

@ -0,0 +1,58 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "kernel_defines.h"
#include "psa/crypto.h"
#include "psa_error.h"
#include "crys_hmac.h"
#include "crys_hmac_error.h"
#define ENABLE_DEBUG 0
#include "debug.h"
psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
CRYSError_t ret;
size_t required_mac_length =
PSA_MAC_LENGTH(attributes->type, attributes->bits, PSA_ALG_SHA_256);
if (mac_size < required_mac_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
ret = CRYS_HMAC(CRYS_HASH_SHA256_mode, (uint8_t *)key_buffer, key_buffer_size, (uint8_t *)input,
input_length, (uint32_t *)mac);
if (ret != CRYS_OK) {
DEBUG("CRYS_HMAC failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
*mac_length = required_mac_length;
(void)mac_size;
return PSA_SUCCESS;
}

11
sys/auto_init/auto_init.c
View File

@ -278,11 +278,14 @@ AUTO_INIT(auto_init_mbedtls,
AUTO_INIT_PRIO_MOD_MBEDTLS); AUTO_INIT_PRIO_MOD_MBEDTLS);
#endif #endif
#if IS_USED(MODULE_AUTO_INIT_SECURITY) #if IS_USED(MODULE_AUTO_INIT_SECURITY)
#if IS_USED(MODULE_CRYPTOAUTHLIB) extern void auto_init_security(void);
extern void auto_init_atca(void); AUTO_INIT(auto_init_security,
AUTO_INIT(auto_init_atca, AUTO_INIT_PRIO_MOD_SECURITY);
AUTO_INIT_PRIO_MOD_CRYPTOAUTHLIB);
#endif #endif
#if IS_USED(MODULE_DRIVER_CRYPTOCELL_310)
extern void driver_cryptocell_310_setup(void);
AUTO_INIT(driver_cryptocell_310_setup,
AUTO_INIT_PRIO_MOD_DRIVER_CRYPTOCELL_310);
#endif #endif
#if IS_USED(MODULE_TEST_UTILS_INTERACTIVE_SYNC) && !IS_USED(MODULE_SHELL) #if IS_USED(MODULE_TEST_UTILS_INTERACTIVE_SYNC) && !IS_USED(MODULE_SHELL)
extern void test_utils_interactive_sync(void); extern void test_utils_interactive_sync(void);

10
sys/auto_init/include/auto_init_priorities.h
View File

@ -317,11 +317,11 @@ extern "C" {
*/ */
#define AUTO_INIT_PRIO_MOD_MBEDTLS 1440 #define AUTO_INIT_PRIO_MOD_MBEDTLS 1440
#endif #endif
#ifndef AUTO_INIT_PRIO_MOD_CRYPTOAUTHLIB #ifndef AUTO_INIT_PRIO_MOD_SECURITY
/** /**
* @brief CryptoAuthLib priority * @brief CryptoAuthLib priority
*/ */
#define AUTO_INIT_PRIO_MOD_CRYPTOAUTHLIB 1450 #define AUTO_INIT_PRIO_MOD_SECURITY 1450
#endif #endif
#ifndef AUTO_INIT_PRIO_MOD_TEST_UTILS_INTERACTIVE_SYNC #ifndef AUTO_INIT_PRIO_MOD_TEST_UTILS_INTERACTIVE_SYNC
/** /**
@ -389,6 +389,12 @@ extern "C" {
*/ */
#define AUTO_INIT_PRIO_MOD_GNRC_IPV6_STATIC_ADDR 1560 #define AUTO_INIT_PRIO_MOD_GNRC_IPV6_STATIC_ADDR 1560
#endif #endif
#ifndef AUTO_INIT_PRIO_MOD_DRIVER_CRYPTOCELL_310
/**
* @brief CryptoCell Driver Priority
*/
#define AUTO_INIT_PRIO_MOD_DRIVER_CRYPTOCELL_310 1570
#endif
#ifdef __cplusplus #ifdef __cplusplus
} }