1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00

pkg: Add cryptocell driver and nrf52 HW features

This commit is contained in:
Lena Boeckmann 2023-08-29 18:54:57 +02:00
parent d4c73d6a30
commit c01d689769
40 changed files with 2241 additions and 6 deletions

View File

@ -69,6 +69,15 @@ config CPU_MODEL_NRF52840XXAA
select HAS_BLE_PHY_CODED
select HAS_RADIO_NRF802154
select HAS_PERIPH_UART_NONBLOCKING
select HAS_PERIPH_HASH_SHA_1
select HAS_PERIPH_HASH_SHA_224
select HAS_PERIPH_HASH_SHA_256
select HAS_PERIPH_HASH_SHA_512
select HAS_PERIPH_HMAC_SHA_256
select HAS_PERIPH_CIPHER_AES_128_CBC
select HAS_PERIPH_ECC_P192R1
select HAS_PERIPH_ECC_P256R1
select HAS_PERIPH_CRYPTOCELL_310
## CPU common symbols
config CPU_FAM

View File

@ -36,5 +36,6 @@ ifneq (,$(filter periph_spi,$(USEMODULE)))
USEMODULE += periph_spi_gpio_mode
endif
include $(RIOTCPU)/nrf52/periph/Makefile.dep
include $(RIOTCPU)/nrf5x_common/Makefile.dep
include $(RIOTCPU)/cortexm_common/Makefile.dep

View File

@ -10,6 +10,18 @@ ifneq (,$(filter nrf52811xxaa nrf52820xxaa nrf52833xxaa nrf52840xxaa,$(CPU_MODEL
FEATURES_PROVIDED += radio_nrf802154
endif
# crypto features
ifneq (,$(filter nrf52840xxaa,$(CPU_MODEL)))
FEATURES_PROVIDED += periph_hash_sha_1
FEATURES_PROVIDED += periph_hash_sha_224
FEATURES_PROVIDED += periph_hash_sha_256
FEATURES_PROVIDED += periph_hash_sha_512
FEATURES_PROVIDED += periph_hmac_sha_256
FEATURES_PROVIDED += periph_cipher_aes_128_cbc
FEATURES_PROVIDED += periph_ecc_p192r1
FEATURES_PROVIDED += periph_ecc_p256r1
endif
ifeq (,$(filter nrf52832%,$(CPU_MODEL)))
FEATURES_PROVIDED += periph_uart_nonblocking
endif
@ -33,6 +45,10 @@ ifneq (,$(filter nrf52811% nrf52820% nrf52833% nrf52840%,$(CPU_MODEL)))
FEATURES_PROVIDED += ble_phy_coded
endif
ifneq (,$(filter nrf52840%,$(CPU_MODEL)))
FEATURES_PROVIDED += periph_cryptocell_310
endif
FEATURES_PROVIDED += ble_adv_ext
include $(RIOTCPU)/nrf5x_common/Makefile.features

View File

@ -12,6 +12,61 @@ config MODULE_SAUL_NRF_VDDH
depends on HAS_PERIPH_ADC
select MODULE_PERIPH_ADC
config MODULE_PERIPH_CRYPTOCELL_310
bool
depends on HAS_PERIPH_CRYPTOCELL_310
select PACKAGE_DRIVER_CRYPTOCELL_310
# Asymmetric Crypto Peripheral
config MODULE_PERIPH_ECC_P192R1
bool
depends on HAS_PERIPH_ECC_P192R1
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_ECC_P192
config MODULE_PERIPH_ECC_P256R1
bool
depends on HAS_PERIPH_ECC_P256R1
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_ECC_P256
# Hash Related Symbols
config MODULE_PERIPH_HASH_SHA_1
bool
depends on HAS_PERIPH_HASH_SHA_1
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA1
config MODULE_PERIPH_HASH_SHA_224
bool
depends on HAS_PERIPH_HASH_SHA_224
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA224
config MODULE_PERIPH_HASH_SHA_256
bool
depends on HAS_PERIPH_HASH_SHA_256
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA256
config MODULE_PERIPH_HASH_SHA_512
bool
depends on HAS_PERIPH_HASH_SHA_512
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_SHA512
config MODULE_PERIPH_CIPHER_AES_128_CBC
bool
depends on HAS_PERIPH_CIPHER_AES_128_CBC
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_AES_CBC
config MODULE_PERIPH_HMAC_SHA_256
bool
depends on HAS_PERIPH_HMAC_SHA_256
select MODULE_PERIPH_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HMAC
endif # TEST_KCONFIG
config HAVE_SAUL_NRF_VDDH

View File

@ -0,0 +1,39 @@
ifneq (,$(filter periph_ecc_p192r1,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_ecc_p192
endif
ifneq (,$(filter periph_ecc_p256r1,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_ecc_p256
endif
ifneq (,$(filter periph_hash_sha_1,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hashes_sha1
endif
ifneq (,$(filter periph_hash_sha_224,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hashes_sha224
endif
ifneq (,$(filter periph_hash_sha_256,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hashes_sha256
endif
ifneq (,$(filter periph_hash_sha_512,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hashes_sha512
endif
ifneq (,$(filter periph_cipher_aes_128_cbc,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_aes_cbc
endif
ifneq (,$(filter periph_hmac_sha_256,$(USEMODULE)))
USEPKG += driver_cryptocell_310
USEMODULE += psa_cryptocell_310_hmac
endif

View File

@ -134,6 +134,11 @@ config HAS_CPU_CHECK_ADDRESS
help
Indicates that address validity check is supported.
config HAS_PERIPH_CRYPTOCELL_310
bool
help
Indicates that a cryptocell peripheral is present.
config HAS_DBGPIN
bool
help
@ -188,6 +193,11 @@ config HAS_PERIPH_CAN
help
Indicates that a CAN peripheral is present.
config HAS_PERIPH_CIPHER_AES_128_CBC
bool
help
Indicates that there is AES 128 CBC hardware acceleration present
config HAS_PERIPH_CORETIMER
bool
help
@ -208,6 +218,16 @@ config HAS_PERIPH_DMA
help
Indicates that a DMA peripheral is present.
config HAS_PERIPH_ECC_P192R1
bool
help
Indicates that there is ECC P192R1 hardware acceleration peripheral present.
config HAS_PERIPH_ECC_P256R1
bool
help
Indicates that there is ECC P256R1 hardware acceleration peripheral present.
config HAS_PERIPH_EEPROM
bool
help
@ -285,6 +305,36 @@ config HAS_PERIPH_GPIO_LL_IRQ_UNMASK
Indicates that the GPIO peripheral supports unmasking interrupts without
clearing pending IRQs that came in while masked.
config HAS_PERIPH_HASH_MD5
bool
help
Indicates that there is MD5 hardware acceleration present.
config HAS_PERIPH_HASH_SHA_1
bool
help
Indicates that there is SHA-1 hardware acceleration present.
config HAS_PERIPH_HASH_SHA_224
bool
help
Indicates that there is SHA-224 hardware acceleration present.
config HAS_PERIPH_HASH_SHA_256
bool
help
Indicates that there is SHA-256 hardware acceleration present.
config HAS_PERIPH_HASH_SHA_512
bool
help
Indicates that there is SHA-512 hardware acceleration present.
config HAS_PERIPH_HMAC_SHA_256
bool
help
Indicates that there is HMAC SHA-256 hardware acceleration present.
config HAS_PERIPH_HWRNG
bool
help

View File

@ -11,9 +11,13 @@ USEMODULE += $(PERIPH_FEATURES)
# Add all USED periph_% init modules unless they are blacklisted
PERIPH_IGNORE_MODULES := \
periph_cipher_aes_128_cbc \
periph_clic \
periph_common \
periph_coretimer \
periph_cryptocell_310 \
periph_ecc_p192r1 \
periph_ecc_p256r1 \
periph_eth \
periph_eth_common \
periph_flash \
@ -25,6 +29,11 @@ PERIPH_IGNORE_MODULES := \
periph_gpio_ll_irq_level_triggered_low \
periph_gpio_ll_irq_unmask \
periph_gpio_mux \
periph_hash_sha_1 \
periph_hash_sha_224 \
periph_hash_sha_256 \
periph_hash_sha_512 \
periph_hmac_sha_256 \
periph_i2c_hw \
periph_i2c_sw \
periph_init% \

View File

@ -17,6 +17,7 @@ rsource "corejson/Kconfig"
rsource "cryptoauthlib/Kconfig"
rsource "driver_atwinc15x0/Kconfig"
rsource "driver_bme680/Kconfig"
rsource "driver_cryptocell_310/Kconfig"
rsource "driver_sx126x/Kconfig"
rsource "elk/Kconfig"
rsource "emlearn/Kconfig"

View File

@ -0,0 +1,19 @@
# Copyright (c) 2020 HAW Hamburg
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.
#
config PACKAGE_DRIVER_CRYPTOCELL_310
bool
depends on CPU_MODEL_NRF52840XXAA
depends on TEST_KCONFIG
depends on HAS_PERIPH_CRYPTOCELL_310
depends on MODULE_PERIPH_CRYPTOCELL_310
select MODULE_DRIVER_CRYPTOCELL_310_CONTRIB
config MODULE_DRIVER_CRYPTOCELL_310_CONTRIB
bool
rsource "psa_cryptocell_310/Kconfig"

View File

@ -0,0 +1,36 @@
PKG_NAME=driver_cryptocell_310
PKG_URL=https://www.nordicsemi.com/-/media/Software-and-other-downloads/SDKs/nRF5/Binaries
PKG_VERSION=17.1.0
PKG_EXT=zip
PKG_DIR_NAME=nRF5_SDK_17.1.0_ddde560
PKG_LICENSE=ARM Object Code and Header Files License
PKG_SOURCE_DIR ?= $(PKGDIRBASE)/$(PKG_NAME)
NRF_CC310_PATH = $(PKG_DIR_NAME)/external/nrf_cc310
PKG_ZIPFILE = $(PKG_DIR_NAME).$(PKG_EXT)
ifneq ($(RIOTBASE),)
include $(RIOTBASE)/Makefile.base
endif
.PHONY: all clean distclean prepare
prepare: $(PKG_PREPARED)
@:
all: $(PKGDIRBASE)/$(PKG_ZIPFILE)
$(Q)$(UNZIP_HERE) -D -n -d $(PKGDIRBASE) $(PKGDIRBASE)/$(PKG_ZIPFILE)
$(Q) mkdir -p $(PKG_SOURCE_DIR)/include
$(Q)cp $(PKGDIRBASE)/$(NRF_CC310_PATH)/include/* $(PKG_SOURCE_DIR)/include
$(Q)cp $(PKGDIRBASE)/$(NRF_CC310_PATH)/lib/cortex-m4/hard-float/libnrf_cc310_0.9.13.a $(PKG_SOURCE_DIR)
$(Q)rm -rf $(PKGDIRBASE)/$(PKG_DIR_NAME)
$(PKGDIRBASE)/$(PKG_ZIPFILE):
$(QQ)mkdir -p $(PKGDIRBASE)
$(Q)$(DOWNLOAD_TO_FILE) $(PKGDIRBASE)/$(PKG_ZIPFILE) $(PKG_URL)/$(PKG_ZIPFILE)
clean::
rm -rf $(PKG_SOURCE_DIR)
distclean::
rm -rf $(PKG_SOURCE_DIR) $(PKGDIRBASE)/$(PKG_ZIPFILE)

View File

@ -0,0 +1,6 @@
USEMODULE += driver_cryptocell_310_contrib
FEATURES_REQUIRED += periph_cryptocell_310
ifneq (,$(filter psa_cryptocell_310_%,$(USEMODULE)))
include $(RIOTPKG)/driver_cryptocell_310/psa_cryptocell_310/Makefile.dep
endif

View File

@ -0,0 +1,25 @@
INCLUDES += -I$(PKGDIRBASE)/driver_cryptocell_310/include
INCLUDES += -I$(RIOTPKG)/driver_cryptocell_310/include
DIRS += $(RIOTPKG)/driver_cryptocell_310/contrib
ARCHIVES += $(PKGDIRBASE)/driver_cryptocell_310/libnrf_cc310_0.9.13.a
ifneq (,$(filter psa_cryptocell_310_%, $(USEMODULE)))
DIRS += $(RIOTPKG)/driver_cryptocell_310/psa_cryptocell_310
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
endif
CFLAGS += -Wno-cast-align
PSEUDOMODULES += psa_cryptocell_310_aes_cbc
PSEUDOMODULES += psa_cryptocell_310_aes_common
PSEUDOMODULES += psa_cryptocell_310_ecc_common
PSEUDOMODULES += psa_cryptocell_310_ecc_p192
PSEUDOMODULES += psa_cryptocell_310_ecc_p256
PSEUDOMODULES += psa_cryptocell_310_error_conversion
PSEUDOMODULES += psa_cryptocell_310_hashes_common
PSEUDOMODULES += psa_cryptocell_310_hashes_sha1
PSEUDOMODULES += psa_cryptocell_310_hashes_sha224
PSEUDOMODULES += psa_cryptocell_310_hashes_sha256
PSEUDOMODULES += psa_cryptocell_310_hashes_sha512
PSEUDOMODULES += psa_cryptocell_310_hmac

View File

@ -0,0 +1,3 @@
MODULE = driver_cryptocell_310_contrib
include $(RIOTBASE)/Makefile.base

View File

@ -0,0 +1,83 @@
/*
* Copyright (C) 2020 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Setup function necessary to enable ARM CryptoCell module
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*/
#include "vendor/nrf52840.h"
#include "sns_silib.h"
#include "kernel_defines.h"
#define ENABLE_DEBUG 0
#include "debug.h"
CRYS_RND_WorkBuff_t *rndWorkBuff_ptr;
CRYS_RND_State_t *rndState_ptr;
CRYS_RND_State_t rndState = { 0 };
CRYS_RND_WorkBuff_t rndWorkBuff = { 0 };
/* Defined by the CryptoCell Library */
extern void CRYPTOCELL_IRQHandler(void);
/* This function must be defined to use the CryptoCell module on the NRF52840 board */
void isr_cryptocell(void)
{
CRYPTOCELL_IRQHandler();
}
void cryptocell_310_enable(void)
{
NRF_CRYPTOCELL->ENABLE = 1;
NVIC_EnableIRQ(CRYPTOCELL_IRQn);
}
void cryptocell_310_disable(void)
{
NRF_CRYPTOCELL->ENABLE = 0;
NVIC_DisableIRQ(CRYPTOCELL_IRQn);
}
void driver_cryptocell_310_setup(void)
{
int ret = 0;
rndState_ptr = &rndState;
rndWorkBuff_ptr = &rndWorkBuff;
cryptocell_310_enable();
ret = SaSi_LibInit();
if (ret != SA_SILIB_RET_OK) {
DEBUG("SaSi_LibInit failed: 0x%x\n", ret);
}
ret = CRYS_RndInit(rndState_ptr, rndWorkBuff_ptr);
if (ret != SA_SILIB_RET_OK) {
DEBUG("CRYS_RndInit failed: 0x%x\n", ret);
}
}
void driver_cryptocell_310_terminate(void)
{
int ret = 0;
SaSi_LibFini();
ret = CRYS_RND_UnInstantiation(rndState_ptr);
if (ret != SA_SILIB_RET_OK) {
DEBUG("CRYS_RND_UnInstatiation failed: 0x%x\n", ret);
}
}

View File

@ -0,0 +1,10 @@
/**
* @defgroup pkg_driver_cryptocell_310 ARM CryptoCell 310 Driver
* @ingroup pkg drivers_misc
* @brief Provides the driver for the ARM CryptoCell 310 hardware accelerator
* @see https://infocenter.nordicsemi.com/topic/sdk_nrf5_v17.1.0/group__cryptocell__api.html
*
* @note The source of this package is not a git repository, but a zip file downloaded
* from the Nordic Semiconductor software center. It is quite large and takes a
* while to download.
*/

View File

@ -0,0 +1,3 @@
MODULE = driver_cryptocell_310
include $(RIOTBASE)/Makefile.base

View File

@ -0,0 +1,61 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Utility functions to setup and terminate the CryptoCell 310 driver
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef CRYPTOCELL_310_UTIL_H
#define CRYPTOCELL_310_UTIL_H
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Enable CryptoCell module and IRQs.
*
* Must be called before using crypto functions.
* CryptoCell peripheral will be enabled after this call.
*/
void cryptocell_310_enable(void);
/**
* @brief Disable CryptoCell module and IRQs.
*
* Should be called after using crypto functions.
* CryptoCell peripheral will be disabled after this call.
*/
void cryptocell_310_disable(void);
/**
* @brief Enables CryptoCell module, IRQs and crypto libraries on nrf52840.
*
* Must be called once before using the CryptoCell lib.
*/
void driver_cryptocell_310_setup(void);
/**
* @brief Finishes the use of the CryptoCell library.
*
* Should be called after using the CryptoCell lib.
*/
void driver_cryptocell_310_terminate(void);
#ifdef __cplusplus
}
#endif
#endif /* CRYPTOCELL_310_UTIL_H */
/** @} */

View File

@ -0,0 +1,73 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Common AES functions used by all PSA Crypto wrappers
* for the CryptoCell 310 AES APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_CRYPTOCELL_310_AES_COMMON_H
#define PSA_CRYPTOCELL_310_AES_COMMON_H
#ifdef __cplusplus
extern "C" {
#endif
#include "psa/crypto.h"
/**
* @brief Common setup function for AES operations
*
* @param ctx Driver specific AES context of the type @c SaSiAesUserContext_t
* @param direction Encrypt or decrypt direction of type @c SaSiAesEncryptMode_t
* @param mode Operation mode (e.g. CBC, CCM) of type @c SaSiAesOperationMode_t
* @param padding Operation padding type of type @c SaSiAesPaddingType_t
* @param iv Constant buffer containing the IV for the operation
* @param key_buffer Constant buffer containing an AES key
* @param key_size Size of AES key in use.
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx,
SaSiAesEncryptMode_t direction,
SaSiAesOperationMode_t mode,
SaSiAesPaddingType_t padding,
const uint8_t *iv,
const uint8_t *key_buffer,
size_t key_size);
/**
* @brief Common function for an AES encryption
*
* @param ctx AES context of the type @c SaSiAesUserContext_t
* @param input Constant input buffer of plain text to encrypt
* @param input_length Length of the input buffer
* @param output Output buffer to write the cipher
* @param output_buffer_size Size of the output buffer. Must be at least @c input_length
* @param output_length Pointer to output length. Will contain actual length of cipher
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_buffer_size,
size_t *output_length);
#ifdef __cplusplus
}
#endif
#endif /* PSA_CRYPTOCELL_310_AES_COMMON_H */
/** @} */

View File

@ -0,0 +1,115 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Common ECC functions used by all PSA Crypto wrappers
* for the CryptoCell 310 ECC APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_CRYPTOCELL_310_ECC_COMMON_H
#define PSA_CRYPTOCELL_310_ECC_COMMON_H
#ifdef __cplusplus
extern "C" {
#endif
#include "psa/crypto.h"
#include "sns_silib.h"
#include "crys_ecpki_build.h"
#include "crys_ecpki_ecdsa.h"
#include "crys_ecpki_kg.h"
#include "crys_ecpki_domain.h"
/**
* @brief Map PSA hash encodings to CryptoCell specific hash encodings
*
* @param hash psa_algorithm_t
*/
#define MAP_PSA_HASH_TO_CRYS_HASH(hash) \
((hash == PSA_ALG_SHA_1) ? CRYS_ECPKI_AFTER_HASH_SHA1_mode : \
(hash == PSA_ALG_SHA_224) ? CRYS_ECPKI_AFTER_HASH_SHA224_mode : \
(hash == PSA_ALG_SHA_256) ? CRYS_ECPKI_AFTER_HASH_SHA256_mode : \
(hash == PSA_ALG_SHA_384) ? CRYS_ECPKI_AFTER_HASH_SHA384_mode : \
(hash == PSA_ALG_SHA_512) ? CRYS_ECPKI_AFTER_HASH_SHA512_mode : \
0)
/**
* @brief Common ECC key generation function
*
* @param priv_key_buffer Output buffer to write ECC private key
* @param pub_key_buffer Output buffer to write ECC public key
* @param priv_key_buffer_length Output pointer to write private key length
* @param pub_key_buffer_length Output pointer to write public key length
* @param domain ECC domain of type @c CRYS_ECPKI_DomainID_t
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_ecc_generate_key_pair(uint8_t *priv_key_buffer,
uint8_t *pub_key_buffer,
uint32_t *priv_key_buffer_length,
uint32_t *pub_key_buffer_length,
CRYS_ECPKI_DomainID_t domain);
/**
* @brief Common ECC hash signature function
*
* @param priv_key Pointer to ECC private key
* @param priv_key_size Size of private key
* @param hash Hash of the message to sign
* @param hash_length Length of the message hash
* @param signature Output buffer to write the generated signature
* @param signature_length Pointer to store the actual length of the signature
* @param hash_mode Mode used to hash the message of type @c CRYS_ECPKI_HASH_OpMode_t
* @param domain ECC domain of type @c CRYS_ECPKI_DomainID_t
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_ecc_sign_hash(const uint8_t *priv_key,
uint32_t priv_key_size,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t *signature_length,
CRYS_ECPKI_HASH_OpMode_t hash_mode,
CRYS_ECPKI_DomainID_t domain);
/**
* @brief Common ECC hash verification function
*
* @param pub_key Pointer to ECC public key
* @param pub_key_size Size of public key
* @param hash Hash of the message to sign
* @param hash_length Length of the message hash
* @param signature Buffer containing the signature to be verified
* @param signature_length Actual length of the signature
* @param hash_mode Mode used to hash the message of type
* @c CRYS_ECPKI_HASH_OpMode_t
* @param domain ECC domain of type @c CRYS_ECPKI_DomainID_t
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_ecc_verify_hash(const uint8_t *pub_key,
size_t pub_key_size,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length,
CRYS_ECPKI_HASH_OpMode_t hash_mode,
CRYS_ECPKI_DomainID_t domain);
#ifdef __cplusplus
}
#endif
#endif /* PSA_CRYPTOCELL_310_ECC_COMMON_H */
/** @} */

View File

@ -0,0 +1,71 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Common hash functions used by all PSA Crypto wrappers
* for the CryptoCell 310 hash APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_CRYPTOCELL_310_HASHES_COMMON_H
#define PSA_CRYPTOCELL_310_HASHES_COMMON_H
#ifdef __cplusplus
extern "C" {
#endif
#include "psa/crypto.h"
#include "crys_hash.h"
/**
* @brief Common hash setup function
*
* @param ctx Driver specific hash context of type @c CRYS_HASHUserContext_t
* @param mode Hash mode of type @c CRYS_HASH_OperationMode_t
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_hash_setup(CRYS_HASHUserContext_t *ctx,
CRYS_HASH_OperationMode_t mode);
/**
* @brief Common hash update function
*
* @param ctx Driver specific hash context of type @c CRYS_HASHUserContext_t
* @param input Input that is going to be hashed
* @param input_length Length of @p input
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx,
const uint8_t *input,
size_t input_length);
/**
* @brief Common hash finish function
*
* @param ctx Driver specific hash context of type @c CRYS_HASHUserContext_t
* @param hash Output buffer to write the computated hash
* @param hash_size Size of @p hash
* @param hash_length Pointer where the actual length of the hash will be stored
* @return psa_status_t
*/
psa_status_t cryptocell_310_common_hash_finish(CRYS_HASHUserContext_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
#ifdef __cplusplus
}
#endif
#endif /* PSA_CRYPTOCELL_310_HASHES_COMMON_H */
/** @} */

View File

@ -0,0 +1,60 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_ERROR_H
#define PSA_ERROR_H
#ifdef __cplusplus
extern "C" {
#endif
#include "psa/crypto.h"
#include "crys_ecpki_error.h"
#include "crys_hash_error.h"
#include "ssi_aes_error.h"
/**
* @brief Convert CryptoCell CRYS errors to PSA status values
*
* @param error Error value of type @c CRYSError_t
* @return @ref psa_status_t
*/
psa_status_t CRYS_to_psa_error(CRYSError_t error);
/**
* @brief Convert CryptoCell SaSi errors to PSA status values
*
* @param error Error value of type @c SaSiStatus
* @return @ref psa_status_t
*/
psa_status_t SaSi_to_psa_error(SaSiStatus error);
/**
* @brief Function to print CryptoCell Error values in clear text.
*
* @param status Error value of type @c SaSiStatus or @c CRYSError_t
* @return const char*
*/
const char *cryptocell310_status_to_humanly_readable(uint32_t status);
#ifdef __cplusplus
}
#endif
#endif /* PSA_ERROR_H */
/** @} */

View File

@ -0,0 +1,41 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief CryptoCell 310 driver specific AES contexts
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_PERIPH_AES_CTX_H
#define PSA_PERIPH_AES_CTX_H
#ifdef __cplusplus
extern "C" {
#endif
#include "ssi_aes.h"
#include "kernel_defines.h"
#if IS_USED(MODULE_PERIPH_CIPHER_AES_128_CBC) || DOXYGEN
/**
* @brief Map driver specific AES context to PSA context
*/
typedef SaSiAesUserContext_t psa_cipher_aes_128_ctx_t;
#endif
#ifdef __cplusplus
}
#endif
#endif /* PSA_PERIPH_AES_CTX_H */
/** @} */

View File

@ -0,0 +1,64 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief CryptoCell 310 driver specific hash contexts
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
*/
#ifndef PSA_PERIPH_HASHES_CTX_H
#define PSA_PERIPH_HASHES_CTX_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdlib.h>
#include "kernel_defines.h"
#include "crys_hash.h"
#if IS_USED(MODULE_PERIPH_HASH_SHA_1) || DOXYGEN
/**
* @brief Map driver specific SHA1 context to PSA context
*/
typedef CRYS_HASHUserContext_t psa_hashes_sha1_ctx_t;
#endif
#if IS_USED(MODULE_PERIPH_HASH_SHA_224) || DOXYGEN
/**
* @brief Map driver specific SHA224 context to PSA context
*/
typedef CRYS_HASHUserContext_t psa_hashes_sha224_ctx_t;
#endif
#if IS_USED(MODULE_PERIPH_HASH_SHA_256) || DOXYGEN
/**
* @brief Map driver specific SHA256 context to PSA context
*/
typedef CRYS_HASHUserContext_t psa_hashes_sha256_ctx_t;
#endif
#if IS_USED(MODULE_PERIPH_HASH_SHA_512) || DOXYGEN
/**
* @brief Map driver specific SHA512 context to PSA context
*/
typedef CRYS_HASHUserContext_t psa_hashes_sha512_ctx_t;
#endif
#ifdef __cplusplus
}
#endif
#endif /* PSA_PERIPH_HASHES_CTX_H */
/** @} */

View File

@ -0,0 +1,77 @@
# Copyright (c) 2021 HAW Hamburg
#
# This file is subject to the terms and conditions of the GNU Lesser
# General Public License v2.1. See the file LICENSE in the top level
# directory for more details.
#
# Hashes
config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA1
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA224
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA256
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
config MODULE_PSA_CRYPTOCELL_310_HASHES_SHA512
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
# MAC
config MODULE_PSA_CRYPTOCELL_310_HMAC
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
# AES
config MODULE_PSA_CRYPTOCELL_310_AES_CBC
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_AES_COMMON
# ECC
config MODULE_PSA_CRYPTOCELL_310_ECC_P192
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_ECC_COMMON
config MODULE_PSA_CRYPTOCELL_310_ECC_P256
bool
depends on MODULE_PSA_CRYPTO
select MODULE_PSA_CRYPTOCELL_310
select MODULE_PSA_CRYPTOCELL_310_ECC_COMMON
config MODULE_PSA_CRYPTOCELL_310
bool "PSA CryptoCell Wrapper"
select MODULE_PSA_CRYPTOCELL_310_ERROR_CONVERSION
config MODULE_PSA_CRYPTOCELL_310_HASHES_COMMON
bool
config MODULE_PSA_CRYPTOCELL_310_ECC_COMMON
bool
config MODULE_PSA_CRYPTOCELL_310_AES_COMMON
bool
config MODULE_PSA_CRYPTOCELL_310_ERROR_CONVERSION
bool

View File

@ -0,0 +1,4 @@
BASE_MODULE := psa_cryptocell_310
SUBMODULES := 1
include $(RIOTBASE)/Makefile.base

View File

@ -0,0 +1,30 @@
USEMODULE += psa_cryptocell_310
USEMODULE += psa_cryptocell_310_error_conversion
ifneq (,$(filter psa_cryptocell_310_hashes_sha1,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_hashes_common
endif
ifneq (,$(filter psa_cryptocell_310_hashes_sha224,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_hashes_common
endif
ifneq (,$(filter psa_cryptocell_310_hashes_sha256,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_hashes_common
endif
ifneq (,$(filter psa_cryptocell_310_hashes_sha512,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_hashes_common
endif
ifneq (,$(filter psa_cryptocell_310_aes_cbc,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_aes_common
endif
ifneq (,$(filter psa_cryptocell_310_ecc_p192,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_ecc_common
endif
ifneq (,$(filter psa_cryptocell_310_ecc_p256,$(USEMODULE)))
USEMODULE += psa_cryptocell_310_ecc_common
endif

View File

@ -0,0 +1,131 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 AES 128 CBC APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_error.h"
#include "psa_cryptocell_310_aes_common.h"
#include "ssi_aes.h"
#define ENABLE_DEBUG 0
#include "debug.h"
psa_status_t psa_cipher_cbc_aes_128_encrypt(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
if ((alg != PSA_ALG_CBC_PKCS7) && (alg != PSA_ALG_CBC_NO_PADDING)) {
DEBUG("%s : Invalid CBC padding type\n", __FILE__);
return PSA_ERROR_INVALID_ARGUMENT;
}
if (key_buffer_size < PSA_BITS_TO_BYTES(attributes->bits)) {
DEBUG("%s : Key buffer too small\n", __FILE__);
return PSA_ERROR_BUFFER_TOO_SMALL;
}
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t iv_length = 0;
size_t key_size = PSA_BITS_TO_BYTES(attributes->bits);
psa_cipher_operation_t operation = psa_cipher_operation_init();
operation.iv_required = 1;
operation.default_iv_length = PSA_CIPHER_IV_LENGTH(attributes->type, alg);
SaSiAesPaddingType_t padding =
(alg == PSA_ALG_CBC_PKCS7) ? SASI_AES_PADDING_PKCS7 : SASI_AES_PADDING_NONE;
status = psa_cipher_generate_iv(&operation, output, operation.default_iv_length, &iv_length);
if (status != PSA_SUCCESS) {
return status;
}
status = cryptocell_310_common_aes_setup((SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128,
SASI_AES_ENCRYPT, SASI_AES_MODE_CBC, padding, output, key_buffer,
key_size);
if (status != PSA_SUCCESS) {
return status;
}
status = cryptocell_310_common_aes_encrypt_decrypt(
(SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128,
input, input_length, output + iv_length, output_size - iv_length,
output_length);
if (status != PSA_SUCCESS) {
return status;
}
*output_length = output_size;
return PSA_SUCCESS;
}
psa_status_t psa_cipher_cbc_aes_128_decrypt(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
if ((alg != PSA_ALG_CBC_PKCS7) && (alg != PSA_ALG_CBC_NO_PADDING)) {
DEBUG("%s : Invalid CBC padding type\n", __FILE__);
return PSA_ERROR_INVALID_ARGUMENT;
}
if (key_buffer_size < PSA_BITS_TO_BYTES(attributes->bits)) {
DEBUG("%s : Key buffer too small\n", __FILE__);
return PSA_ERROR_BUFFER_TOO_SMALL;
}
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t key_size = PSA_BITS_TO_BYTES(attributes->bits);
psa_cipher_operation_t operation = psa_cipher_operation_init();
operation.iv_required = 1;
operation.default_iv_length = PSA_CIPHER_IV_LENGTH(attributes->type, alg);
SaSiAesPaddingType_t padding =
(alg == PSA_ALG_CBC_PKCS7) ? SASI_AES_PADDING_PKCS7 : SASI_AES_PADDING_NONE;
status = cryptocell_310_common_aes_setup((SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128,
SASI_AES_DECRYPT, SASI_AES_MODE_CBC, padding, input, key_buffer,
key_size);
if (status != PSA_SUCCESS) {
return status;
}
status = cryptocell_310_common_aes_encrypt_decrypt(
(SaSiAesUserContext_t *)&operation.backend_ctx.cipher_ctx.aes_128,
input + operation.default_iv_length, input_length - operation.
default_iv_length, output, output_size, output_length);
if (status != PSA_SUCCESS) {
return status;
}
*output_length = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(attributes->type, alg, input_length);
return PSA_SUCCESS;
}

View File

@ -0,0 +1,112 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Common AES functions used by all PSA Crypto wrappers
* for the CryptoCell 310 AES APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa/crypto.h"
#include "vendor/nrf52840.h"
#include "ssi_aes.h"
#include "sns_silib.h"
#include "psa_error.h"
#include "cryptocell_310_util.h"
#define ENABLE_DEBUG 0
#include "debug.h"
#define CC310_MAX_AES_INPUT_BLOCK (0xFFF0)
psa_status_t cryptocell_310_common_aes_setup(SaSiAesUserContext_t *ctx,
SaSiAesEncryptMode_t direction,
SaSiAesOperationMode_t mode,
SaSiAesPaddingType_t padding,
const uint8_t *iv,
const uint8_t *key_buffer,
size_t key_size)
{
SaSiAesUserKeyData_t key;
SaSiStatus ret = SaSi_AesInit(ctx, direction, mode, padding);
if (ret != SASI_OK) {
DEBUG("SaSi_AesInit failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
key.keySize = key_size;
key.pKey = (uint8_t *)key_buffer;
ret = SaSi_AesSetKey(ctx, SASI_AES_USER_KEY, &key, sizeof(key));
if (ret != SASI_OK) {
DEBUG("SaSi_AesSetKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
ret = SaSi_AesSetIv(ctx, (uint8_t *)iv);
if (ret != SASI_OK) {
DEBUG("SaSi_AesSetIv failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_aes_encrypt_decrypt(SaSiAesUserContext_t *ctx,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
SaSiStatus ret = 0;
size_t offset = 0;
size_t size;
size_t length = input_length;
*output_length = output_size;
do {
if (length > CC310_MAX_AES_INPUT_BLOCK) {
size = CC310_MAX_AES_INPUT_BLOCK;
length -= CC310_MAX_AES_INPUT_BLOCK;
}
else {
size = length;
length = 0;
}
cryptocell_310_enable();
ret = SaSi_AesBlock(ctx, (uint8_t *)(input + offset), size, output + offset);
cryptocell_310_disable();
if (ret != SASI_OK) {
DEBUG("SaSi_AesBlock failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
offset += size;
} while ((length > 0) && (ret == SASI_OK));
cryptocell_310_enable();
ret = SaSi_AesFinish(ctx, length, (uint8_t *)(input + offset), input_length, output,
output_length);
cryptocell_310_disable();
if (ret != SASI_OK) {
DEBUG("SaSi_AesFinish failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return SaSi_to_psa_error(ret);
}
return PSA_SUCCESS;
}

View File

@ -0,0 +1,143 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Common ECC functions used by all PSA Crypto wrappers
* for the CryptoCell 310 ECC APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_error.h"
#include "psa_cryptocell_310_ecc_common.h"
#include "cryptocell_310_util.h"
#define ENABLE_DEBUG 0
#include "debug.h"
extern CRYS_RND_State_t *rndState_ptr;
CRYS_ECPKI_Domain_t *pDomain;
SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc;
psa_status_t cryptocell_310_common_ecc_generate_key_pair(uint8_t *priv_key_buffer,
uint8_t *pub_key_buffer,
uint32_t *priv_key_buffer_length,
uint32_t *pub_key_buffer_length,
CRYS_ECPKI_DomainID_t domain)
{
CRYS_ECPKI_UserPrivKey_t priv_key;
CRYS_ECPKI_UserPublKey_t pub_key;
CRYS_ECPKI_KG_FipsContext_t FipsBuff;
CRYS_ECPKI_KG_TempData_t TempECCKGBuff;
CRYSError_t ret;
rndGenerateVectFunc = CRYS_RND_GenerateVector;
pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
cryptocell_310_enable();
ret = CRYS_ECPKI_GenKeyPair(rndState_ptr, rndGenerateVectFunc, pDomain, &priv_key, &pub_key,
&TempECCKGBuff, &FipsBuff);
cryptocell_310_disable();
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_GenKeyPair failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
ret = CRYS_ECPKI_ExportPrivKey(&priv_key, priv_key_buffer, priv_key_buffer_length);
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_ExportPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
ret = CRYS_ECPKI_ExportPublKey(&pub_key, CRYS_EC_PointUncompressed, pub_key_buffer,
pub_key_buffer_length);
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_ExportPubKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_ecc_sign_hash(const uint8_t *priv_key,
uint32_t priv_key_size,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t *signature_length,
CRYS_ECPKI_HASH_OpMode_t hash_mode,
CRYS_ECPKI_DomainID_t domain)
{
CRYS_ECDSA_SignUserContext_t SignUserContext;
CRYS_ECPKI_UserPrivKey_t user_priv_key;
CRYSError_t ret = 0;
rndGenerateVectFunc = CRYS_RND_GenerateVector;
pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
ret = CRYS_ECPKI_BuildPrivKey(pDomain, priv_key, priv_key_size, &user_priv_key);
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_BuildPrivKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
cryptocell_310_enable();
ret = CRYS_ECDSA_Sign(rndState_ptr, rndGenerateVectFunc,
&SignUserContext, &user_priv_key, hash_mode, (uint8_t *)hash, hash_length,
signature, (uint32_t *)signature_length);
cryptocell_310_disable();
if (ret != CRYS_OK) {
DEBUG("CRYS_ECDSA_Sign failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_ecc_verify_hash(const uint8_t *pub_key,
size_t pub_key_size,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length,
CRYS_ECPKI_HASH_OpMode_t hash_mode,
CRYS_ECPKI_DomainID_t domain)
{
CRYS_ECDSA_VerifyUserContext_t VerifyUserContext;
CRYS_ECPKI_UserPublKey_t user_pub_key;
CRYSError_t ret = 0;
pDomain = (CRYS_ECPKI_Domain_t *)CRYS_ECPKI_GetEcDomain(domain);
/**
* For more security, use CRYS_ECPKI_BuildPublKeyPartlyCheck or
* CRYS_ECPKI_BuildPublKeyFullCheck -> Those take longer and use more memory space
* */
ret = CRYS_ECPKI_BuildPublKey(pDomain, (uint8_t *)pub_key, pub_key_size, &user_pub_key);
if (ret != CRYS_OK) {
DEBUG("CRYS_ECPKI_BuildPublKey failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
cryptocell_310_enable();
ret = CRYS_ECDSA_Verify(&VerifyUserContext, &user_pub_key, hash_mode, (uint8_t *)signature,
signature_length, (uint8_t *)hash, hash_length);
cryptocell_310_disable();
if (ret != CRYS_OK) {
DEBUG("CRYS_ECDSA_Verify failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}

View File

@ -0,0 +1,76 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 ECC P192 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_cryptocell_310_ecc_common.h"
psa_status_t psa_generate_ecc_p192r1_key_pair(const psa_key_attributes_t *attributes,
uint8_t *priv_key_buffer,
uint8_t *pub_key_buffer,
size_t *priv_key_buffer_length,
size_t *pub_key_buffer_length)
{
*priv_key_buffer_length = PSA_BITS_TO_BYTES(attributes->bits);
*pub_key_buffer_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(attributes->type, attributes->bits);
return cryptocell_310_common_ecc_generate_key_pair(priv_key_buffer, pub_key_buffer,
(uint32_t *)priv_key_buffer_length,
(uint32_t *)pub_key_buffer_length,
CRYS_ECPKI_DomainID_secp192r1);
}
psa_status_t psa_ecc_p192r1_sign_hash( const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length)
{
CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg));
(void)signature_size;
(void)key_buffer_size;
return cryptocell_310_common_ecc_sign_hash(key_buffer,
PSA_BITS_TO_BYTES(attributes->bits),
hash, hash_length, signature,
signature_length, hash_mode,
CRYS_ECPKI_DomainID_secp192r1);
}
psa_status_t psa_ecc_p192r1_verify_hash(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length)
{
CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg));
(void)attributes;
return cryptocell_310_common_ecc_verify_hash(key_buffer, key_buffer_size,
hash, hash_length, signature,
signature_length, hash_mode,
CRYS_ECPKI_DomainID_secp192r1);
}

View File

@ -0,0 +1,74 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 ECC P256 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_cryptocell_310_ecc_common.h"
psa_status_t psa_generate_ecc_p256r1_key_pair( const psa_key_attributes_t *attributes,
uint8_t *priv_key_buffer,
uint8_t *pub_key_buffer,
size_t *priv_key_buffer_length,
size_t *pub_key_buffer_length)
{
*priv_key_buffer_length = PSA_BITS_TO_BYTES(attributes->bits);
*pub_key_buffer_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(attributes->type, attributes->bits);
return cryptocell_310_common_ecc_generate_key_pair(priv_key_buffer, pub_key_buffer,
(uint32_t *)priv_key_buffer_length,
(uint32_t *)pub_key_buffer_length,
CRYS_ECPKI_DomainID_secp256r1);
}
psa_status_t psa_ecc_p256r1_sign_hash( const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length)
{
(void)key_buffer_size;
CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg));
*signature_length = signature_size;
return cryptocell_310_common_ecc_sign_hash(key_buffer,
PSA_BITS_TO_BYTES(attributes->bits),
hash, hash_length, signature,
signature_length, hash_mode,
CRYS_ECPKI_DomainID_secp256r1);
}
psa_status_t psa_ecc_p256r1_verify_hash(const psa_key_attributes_t *attributes,
psa_algorithm_t alg,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length)
{
CRYS_ECPKI_HASH_OpMode_t hash_mode = MAP_PSA_HASH_TO_CRYS_HASH(PSA_ALG_GET_HASH(alg));
(void)attributes;
return cryptocell_310_common_ecc_verify_hash(key_buffer, key_buffer_size,
hash, hash_length, signature,
signature_length, hash_mode,
CRYS_ECPKI_DomainID_secp256r1);
}

View File

@ -0,0 +1,413 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @file
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa_error.h"
psa_status_t CRYS_to_psa_error(CRYSError_t error)
{
switch (error) {
case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR:
case CRYS_HASH_IS_NOT_SUPPORTED:
return PSA_ERROR_NOT_SUPPORTED;
case CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR:
return PSA_ERROR_CORRUPTION_DETECTED;
case CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR:
case CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR:
case CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR:
case CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR:
case CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR:
case CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR:
case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR:
case CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR:
case CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR:
case CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR:
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR:
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR:
case CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR:
case CRYS_ECC_ILLEGAL_HASH_MODE_ERROR:
case CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR:
case CRYS_ECPKI_DOMAIN_PTR_ERROR:
case CRYS_ECPKI_RND_CONTEXT_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR:
case CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR:
case CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR:
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_EXTERN_PRIV_KEY_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_ILLEGAL_VALIDATION_TAG_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_PTR_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_ERROR:
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_DATA_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR:
case CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR:
case CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR:
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR:
case CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR:
case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR:
case CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR:
case CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR:
case CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR:
case CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR:
case CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR:
case CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR:
case CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR:
case CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR:
case CRYS_HASH_DATA_SIZE_ILLEGAL:
case CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR:
case CRYS_HASH_ILLEGAL_PARAMS_ERROR:
case CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR:
case CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR:
case CRYS_HASH_CTX_SIZES_ERROR:
return PSA_ERROR_INVALID_ARGUMENT;
default:
return PSA_ERROR_GENERIC_ERROR;
}
}
psa_status_t SaSi_to_psa_error(SaSiStatus error)
{
switch (error) {
case SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR:
case SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR:
case SASI_AES_ILLEGAL_OPERATION_MODE_ERROR:
case SASI_AES_ILLEGAL_KEY_SIZE_ERROR:
case SASI_AES_INVALID_KEY_POINTER_ERROR:
case SASI_AES_INVALID_ENCRYPT_MODE_ERROR:
case SASI_AES_DATA_IN_POINTER_INVALID_ERROR:
case SASI_AES_DATA_OUT_POINTER_INVALID_ERROR:
case SASI_AES_DATA_IN_SIZE_ILLEGAL:
case SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR:
case SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR:
case SASI_AES_CTX_SIZES_ERROR:
case SASI_AES_ILLEGAL_PARAMS_ERROR:
case SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR:
case SASI_AES_CTR_ILLEGAL_COUNTER_ERROR:
return PSA_ERROR_INVALID_ARGUMENT;
case SASI_AES_DATA_IN_BUFFER_SIZE_ERROR:
case SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR:
return PSA_ERROR_BUFFER_TOO_SMALL;
case SASI_AES_ILLEGAL_PADDING_TYPE_ERROR:
case SASI_AES_INCORRECT_PADDING_ERROR:
return PSA_ERROR_INVALID_PADDING;
case SASI_AES_CORRUPTED_OUTPUT_ERROR:
case SASI_AES_USER_CONTEXT_CORRUPTED_ERROR:
return PSA_ERROR_CORRUPTION_DETECTED;
case SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE:
case SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR:
return PSA_ERROR_NOT_PERMITTED;
case SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR:
case SASI_AES_IS_NOT_SUPPORTED:
return PSA_ERROR_NOT_SUPPORTED;
case SASI_OUT_OF_RESOURCE_ERROR:
return PSA_ERROR_INSUFFICIENT_MEMORY;
default:
return PSA_ERROR_GENERIC_ERROR;
}
}
const char *cryptocell310_status_to_humanly_readable(uint32_t status)
{
switch(status) {
case CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR:
return "CRYS_ECDH_SVDP_DH_NOT_CONCENT_PUBL_AND_PRIV_DOMAIN_ID_ERROR";
case CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_IS_EPHEMER_KEY_INTERNAL_ERROR";
case CRYS_ECDSA_SIGN_SIGNING_ERROR:
return "CRYS_ECDSA_SIGN_SIGNING_ERROR";
case CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR:
return "CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR";
case CRYS_ECPKI_PKI_INTERNAL_ERROR:
return "CRYS_ECPKI_PKI_INTERNAL_ERROR";
case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR:
return "CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR";
case CRYS_HASH_IS_NOT_SUPPORTED:
return "CRYS_HASH_IS_NOT_SUPPORTED";
case CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR:
return "CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR";
case CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR:
return "CRYS_ECDSA_SIGN_USER_CONTEXT_VALIDATION_TAG_ERROR";
case CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR:
return "CRYS_ECDSA_SIGN_USER_PRIV_KEY_VALIDATION_TAG_ERROR";
case CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR:
return "CRYS_ECDSA_VERIFY_USER_CONTEXT_VALIDATION_TAG_ERROR";
case CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR:
return "CRYS_ECDSA_VERIFY_SIGNER_PUBL_KEY_VALIDATION_TAG_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_IN_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_MESSAGE_DATA_IN_SIZE_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_DOMAIN_ID_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_USER_CONTEXT_PTR_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_SIGNER_PUBL_KEY_PTR_ERROR";
case CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR:
return "CRYS_ECDSA_VERIFY_ILLEGAL_HASH_OP_MODE_ERROR";
case CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR:
return "CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_SIGNATURE_SIZE_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_PTR_ERROR";
case CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR:
return "CRYS_ECDSA_VERIFY_INVALID_MESSAGE_DATA_IN_SIZE_ERROR";
case CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_EPHEMERAL_KEY_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_RND_CONTEXT_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_RND_FUNCTION_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_DOMAIN_ID_ERROR";
case CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_USER_CONTEXT_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_USER_PRIV_KEY_PTR_ERROR";
case CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR:
return "CRYS_ECDSA_SIGN_ILLEGAL_HASH_OP_MODE_ERROR";
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_PTR_ERROR";
case CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR:
return "CRYS_ECDSA_SIGN_INVALID_SIGNATURE_OUT_SIZE_ERROR";
case CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR:
return "CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR";
case CRYS_ECC_ILLEGAL_HASH_MODE_ERROR:
return "CRYS_ECC_ILLEGAL_HASH_MODE_ERROR";
case CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR:
return "CRYS_ECPKI_ILLEGAL_DOMAIN_ID_ERROR";
case CRYS_ECPKI_DOMAIN_PTR_ERROR:
return "CRYS_ECPKI_DOMAIN_PTR_ERROR";
case CRYS_ECPKI_RND_CONTEXT_PTR_ERROR:
return "CRYS_ECPKI_RND_CONTEXT_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR";
case CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR:
return "CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_DATA_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR";
case CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR:
return "CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_VALIDATION_TAG_ERROR";
case CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR:
return "CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_DATA_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_EXTERN_PRIV_KEY_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_EXTERN_PRIV_KEY_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_ILLEGAL_VALIDATION_TAG_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_ILLEGAL_VALIDATION_TAG_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_PTR_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_PTR_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_SIZE_ERROR";
case CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_DATA_ERROR:
return "CRYS_ECPKI_EXPORT_PRIV_KEY_INVALID_PRIV_KEY_DATA_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_ID_IS_NOT_VALID_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_DOMAIN_PTR_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_PTR_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_EC_PARAMETR_SIZE_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_COFACTOR_PARAMS_ERROR";
case CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR:
return "CRYS_ECPKI_BUILD_DOMAIN_SECURITY_STRENGTH_ERROR";
case CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR:
return "CRYS_ECPKI_BUILD_SCA_RESIST_ILLEGAL_MODE_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_PARTNER_PUBL_KEY_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR:
return "CRYS_ECDH_SVDP_DH_PARTNER_PUBL_KEY_VALID_TAG_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_USER_PRIV_KEY_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR:
return "CRYS_ECDH_SVDP_DH_USER_PRIV_KEY_VALID_TAG_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_TEMP_DATA_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_PTR_ERROR";
case CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR:
return "CRYS_ECDH_SVDP_DH_INVALID_SHARED_SECRET_VALUE_SIZE_ERROR";
case CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR:
return "CRYS_ECDH_SVDP_DH_ILLEGAL_DOMAIN_ID_ERROR";
case CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR:
return "CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR";
case CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR:
return "CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR";
case CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR:
return "CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR";
case CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR:
return "CRYS_ECPKI_INVALID_RND_FUNC_PTR_ERROR";
case CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR:
return "CRYS_ECPKI_INVALID_RND_CTX_PTR_ERROR";
case CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR:
return "CRYS_ECPKI_INVALID_DOMAIN_ID_ERROR";
case CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR:
return "CRYS_ECPKI_INVALID_PRIV_KEY_TAG_ERROR";
case CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR:
return "CRYS_ECPKI_INVALID_PUBL_KEY_TAG_ERROR";
case CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR:
return "CRYS_ECPKI_INVALID_DATA_IN_PASSED_STRUCT_ERROR";
case CRYS_HASH_DATA_SIZE_ILLEGAL:
return "CRYS_HASH_DATA_SIZE_ILLEGAL";
case CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR:
return "CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR";
case CRYS_HASH_ILLEGAL_PARAMS_ERROR:
return "CRYS_HASH_ILLEGAL_PARAMS_ERROR";
case CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR:
return "CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR";
case CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR:
return "CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR";
case CRYS_HASH_CTX_SIZES_ERROR:
return "CRYS_HASH_CTX_SIZES_ERROR";
case SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR:
return "SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR";
case SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR:
return "SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR";
case SASI_AES_ILLEGAL_OPERATION_MODE_ERROR:
return "SASI_AES_ILLEGAL_OPERATION_MODE_ERROR";
case SASI_AES_ILLEGAL_KEY_SIZE_ERROR:
return "SASI_AES_ILLEGAL_KEY_SIZE_ERROR";
case SASI_AES_INVALID_KEY_POINTER_ERROR:
return "SASI_AES_INVALID_KEY_POINTER_ERROR";
case SASI_AES_INVALID_ENCRYPT_MODE_ERROR:
return "SASI_AES_INVALID_ENCRYPT_MODE_ERROR";
case SASI_AES_DATA_IN_POINTER_INVALID_ERROR:
return "SASI_AES_DATA_IN_POINTER_INVALID_ERROR";
case SASI_AES_DATA_OUT_POINTER_INVALID_ERROR:
return "SASI_AES_DATA_OUT_POINTER_INVALID_ERROR";
case SASI_AES_DATA_IN_SIZE_ILLEGAL:
return "SASI_AES_DATA_IN_SIZE_ILLEGAL";
case SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR:
return "SASI_AES_DATA_OUT_DATA_IN_OVERLAP_ERROR";
case SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR:
return "SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR";
case SASI_AES_CTX_SIZES_ERROR:
return "SASI_AES_CTX_SIZES_ERROR";
case SASI_AES_ILLEGAL_PARAMS_ERROR:
return "SASI_AES_ILLEGAL_PARAMS_ERROR";
case SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR:
return "SASI_AES_CTR_ILLEGAL_BLOCK_OFFSET_ERROR";
case SASI_AES_CTR_ILLEGAL_COUNTER_ERROR:
return "SASI_AES_CTR_ILLEGAL_COUNTER_ERROR";
case SASI_AES_DATA_IN_BUFFER_SIZE_ERROR:
return "SASI_AES_DATA_IN_BUFFER_SIZE_ERROR";
case SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR:
return "SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR";
case SASI_AES_ILLEGAL_PADDING_TYPE_ERROR:
return "SASI_AES_ILLEGAL_PADDING_TYPE_ERROR";
case SASI_AES_INCORRECT_PADDING_ERROR:
return "SASI_AES_INCORRECT_PADDING_ERROR";
case SASI_AES_CORRUPTED_OUTPUT_ERROR:
return "SASI_AES_CORRUPTED_OUTPUT_ERROR";
case SASI_AES_USER_CONTEXT_CORRUPTED_ERROR:
return "SASI_AES_USER_CONTEXT_CORRUPTED_ERROR";
case SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE:
return "SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE";
case SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR:
return "SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR";
case SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR:
return "SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR";
case SASI_AES_IS_NOT_SUPPORTED:
return "SASI_AES_IS_NOT_SUPPORTED";
case SASI_OUT_OF_RESOURCE_ERROR:
return "SASI_OUT_OF_RESOURCE_ERROR";
default:
return "Error value not recognized";
}
}

View File

@ -0,0 +1,87 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Common hash functions used by all PSA Crypto wrappers
* for the CryptoCell 310 hash APIs.
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "psa/crypto.h"
#include "psa_error.h"
#include "cryptocell_310_util.h"
#include "crys_hash.h"
#define ENABLE_DEBUG 0
#include "debug.h"
#define CC310_MAX_HASH_INPUT_BLOCK (0xFFF0)
psa_status_t cryptocell_310_common_hash_setup(CRYS_HASHUserContext_t *ctx,
CRYS_HASH_OperationMode_t mode)
{
CRYSError_t ret = CRYS_HASH_Init(ctx, mode);
if (ret != CRYS_OK) {
DEBUG("CRYS_HASH_Init failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_hash_update(CRYS_HASHUserContext_t *ctx,
const uint8_t *input,
size_t input_length)
{
CRYSError_t ret = 0;
size_t offset = 0;
size_t size;
do {
if (input_length > CC310_MAX_HASH_INPUT_BLOCK) {
size = CC310_MAX_HASH_INPUT_BLOCK;
input_length -= CC310_MAX_HASH_INPUT_BLOCK;
}
else {
size = input_length;
input_length = 0;
}
cryptocell_310_enable();
ret = CRYS_HASH_Update(ctx, (uint8_t *)(input + offset), size);
cryptocell_310_disable();
offset += size;
} while ((input_length > 0) && (ret == CRYS_OK));
if (ret != CRYS_OK) {
DEBUG("CRYS_HASH_Update failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
return PSA_SUCCESS;
}
psa_status_t cryptocell_310_common_hash_finish(CRYS_HASHUserContext_t *ctx, uint8_t *hash, size_t hash_size,
size_t *hash_length)
{
cryptocell_310_enable();
CRYSError_t ret = CRYS_HASH_Finish(ctx, (uint32_t *)hash);
cryptocell_310_disable();
if (ret != CRYS_OK) {
DEBUG("CRYS_HASH_Finish failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
*hash_length = hash_size;
return PSA_SUCCESS;
}

View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA1 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include <stdio.h>
#include "kernel_defines.h"
#include "psa_periph_hashes_ctx.h"
#include "psa_cryptocell_310_hashes_common.h"
psa_status_t psa_hashes_sha1_setup(psa_hashes_sha1_ctx_t *ctx)
{
return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA1_mode);
}
psa_status_t psa_hashes_sha1_update(psa_hashes_sha1_ctx_t *ctx,
const uint8_t *input,
size_t input_length)
{
return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length);
}
psa_status_t psa_hashes_sha1_finish(psa_hashes_sha1_ctx_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length);
}

View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA224 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include <stdio.h>
#include "kernel_defines.h"
#include "psa_periph_hashes_ctx.h"
#include "psa_cryptocell_310_hashes_common.h"
psa_status_t psa_hashes_sha224_setup(psa_hashes_sha224_ctx_t *ctx)
{
return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA224_mode);
}
psa_status_t psa_hashes_sha224_update(psa_hashes_sha224_ctx_t *ctx,
const uint8_t *input,
size_t input_length)
{
return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length);
}
psa_status_t psa_hashes_sha224_finish(psa_hashes_sha224_ctx_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length);
}

View File

@ -0,0 +1,42 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA256 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "kernel_defines.h"
#include "psa_periph_hashes_ctx.h"
#include "psa_cryptocell_310_hashes_common.h"
psa_status_t psa_hashes_sha256_setup(psa_hashes_sha256_ctx_t *ctx)
{
return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA256_mode);
}
psa_status_t psa_hashes_sha256_update(psa_hashes_sha256_ctx_t *ctx,
const uint8_t *input,
size_t input_length)
{
return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length);
}
psa_status_t psa_hashes_sha256_finish(psa_hashes_sha256_ctx_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length);
}

View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 SHA512 APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include <stdio.h>
#include "kernel_defines.h"
#include "psa_periph_hashes_ctx.h"
#include "psa_cryptocell_310_hashes_common.h"
psa_status_t psa_hashes_sha512_setup(psa_hashes_sha512_ctx_t *ctx)
{
return cryptocell_310_common_hash_setup((CRYS_HASHUserContext_t *)ctx, CRYS_HASH_SHA512_mode);
}
psa_status_t psa_hashes_sha512_update(psa_hashes_sha512_ctx_t *ctx,
const uint8_t *input,
size_t input_length)
{
return cryptocell_310_common_hash_update((CRYS_HASHUserContext_t *)ctx, input, input_length);
}
psa_status_t psa_hashes_sha512_finish( psa_hashes_sha512_ctx_t *ctx,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
return cryptocell_310_common_hash_finish((CRYS_HASHUserContext_t *)ctx, hash, hash_size, hash_length);
}

View File

@ -0,0 +1,58 @@
/*
* Copyright (C) 2021 HAW Hamburg
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup pkg_driver_cryptocell_310
* @{
*
* @brief Glue code translating between PSA Crypto and the CryptoCell 310 driver APIs
*
* @author Lena Boeckmann <lena.boeckmann@haw-hamburg.de>
*
* @}
*/
#include "kernel_defines.h"
#include "psa/crypto.h"
#include "psa_error.h"
#include "crys_hmac.h"
#include "crys_hmac_error.h"
#define ENABLE_DEBUG 0
#include "debug.h"
psa_status_t psa_mac_compute_hmac_sha256(const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length)
{
CRYSError_t ret;
size_t required_mac_length =
PSA_MAC_LENGTH(attributes->type, attributes->bits, PSA_ALG_SHA_256);
if (mac_size < required_mac_length) {
return PSA_ERROR_BUFFER_TOO_SMALL;
}
ret = CRYS_HMAC(CRYS_HASH_SHA256_mode, (uint8_t *)key_buffer, key_buffer_size, (uint8_t *)input,
input_length, (uint32_t *)mac);
if (ret != CRYS_OK) {
DEBUG("CRYS_HMAC failed with %s\n", cryptocell310_status_to_humanly_readable(ret));
return CRYS_to_psa_error(ret);
}
*mac_length = required_mac_length;
(void)mac_size;
return PSA_SUCCESS;
}

View File

@ -278,11 +278,14 @@ AUTO_INIT(auto_init_mbedtls,
AUTO_INIT_PRIO_MOD_MBEDTLS);
#endif
#if IS_USED(MODULE_AUTO_INIT_SECURITY)
#if IS_USED(MODULE_CRYPTOAUTHLIB)
extern void auto_init_atca(void);
AUTO_INIT(auto_init_atca,
AUTO_INIT_PRIO_MOD_CRYPTOAUTHLIB);
extern void auto_init_security(void);
AUTO_INIT(auto_init_security,
AUTO_INIT_PRIO_MOD_SECURITY);
#endif
#if IS_USED(MODULE_DRIVER_CRYPTOCELL_310)
extern void driver_cryptocell_310_setup(void);
AUTO_INIT(driver_cryptocell_310_setup,
AUTO_INIT_PRIO_MOD_DRIVER_CRYPTOCELL_310);
#endif
#if IS_USED(MODULE_TEST_UTILS_INTERACTIVE_SYNC) && !IS_USED(MODULE_SHELL)
extern void test_utils_interactive_sync(void);

View File

@ -317,11 +317,11 @@ extern "C" {
*/
#define AUTO_INIT_PRIO_MOD_MBEDTLS 1440
#endif
#ifndef AUTO_INIT_PRIO_MOD_CRYPTOAUTHLIB
#ifndef AUTO_INIT_PRIO_MOD_SECURITY
/**
* @brief CryptoAuthLib priority
*/
#define AUTO_INIT_PRIO_MOD_CRYPTOAUTHLIB 1450
#define AUTO_INIT_PRIO_MOD_SECURITY 1450
#endif
#ifndef AUTO_INIT_PRIO_MOD_TEST_UTILS_INTERACTIVE_SYNC
/**
@ -389,6 +389,12 @@ extern "C" {
*/
#define AUTO_INIT_PRIO_MOD_GNRC_IPV6_STATIC_ADDR 1560
#endif
#ifndef AUTO_INIT_PRIO_MOD_DRIVER_CRYPTOCELL_310
/**
* @brief CryptoCell Driver Priority
*/
#define AUTO_INIT_PRIO_MOD_DRIVER_CRYPTOCELL_310 1570
#endif
#ifdef __cplusplus
}