ra8_crypto_cipher.c
Go to the documentation of this file.
1 /**
2  * @file ra8_crypto_cipher.c
3  * @brief RA8 cipher hardware accelerator
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2026 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.6.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "hw_sce_private.h"
36 #include "hw_sce_ra_private.h"
37 #include "hw_sce_aes_private.h"
38 #include "core/crypto.h"
39 #include "hardware/ra8/ra8_crypto.h"
40 #include "hardware/ra8/ra8_crypto_cipher.h"
41 #include "cipher/cipher_algorithms.h"
42 #include "cipher_modes/cipher_modes.h"
43 #include "aead/aead_algorithms.h"
44 #include "debug.h"
45 
46 //Check crypto library configuration
47 #if (RA8_CRYPTO_CIPHER_SUPPORT == ENABLED && AES_SUPPORT == ENABLED)
48 
49 
50 /**
51  * @brief Perform AES encryption or decryption
52  * @param[in] context AES algorithm context
53  * @param[in,out] iv Initialization vector
54  * @param[in] input Data to be encrypted/decrypted
55  * @param[out] output Data resulting from the encryption/decryption process
56  * @param[in] length Total number of data bytes to be processed
57  * @param[in] command Operation mode
58  * @return Status code
59  **/
60 
61 error_t aesProcessData(AesContext *context, uint8_t *iv, const uint8_t *input,
62  uint8_t *output, size_t length, uint32_t command)
63 {
64  fsp_err_t status;
65  size_t n;
66  uint32_t keyType;
67  uint32_t dummy;
68  uint32_t block[AES_BLOCK_SIZE / 4];
69 
70  //Set key type
71  keyType = 0;
72  //Set operation mode
73  command = htobe32(command);
74  //Dummy parameter
75  dummy = 0;
76 
77  //Acquire exclusive access to the RSIP module
78  osAcquireMutex(&ra8CryptoMutex);
79 
80  //Initialize encryption or decryption operation
81  if(context->nr == 10)
82  {
83  status = HW_SCE_Aes128EncryptDecryptInitSub(&keyType, &command,
84  context->ek, &dummy, (const uint32_t *) iv);
85  }
86  else if(context->nr == 12)
87  {
88  status = HW_SCE_Aes192EncryptDecryptInitSub(&keyType, &command,
89  context->ek, &dummy, (const uint32_t *) iv);
90  }
91  else if(context->nr == 14)
92  {
93  status = HW_SCE_Aes256EncryptDecryptInitSub(&keyType, &command,
94  context->ek, &dummy, (const uint32_t *) iv);
95  }
96  else
97  {
98  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
99  }
100 
101  //Check status code
102  if(status == FSP_SUCCESS)
103  {
104  //Get the number of bytes in the last block
105  n = length % AES_BLOCK_SIZE;
106 
107  //Process complete blocks only
108  if(context->nr == 10)
109  {
110  HW_SCE_Aes128EncryptDecryptUpdateSub((const uint32_t *) input,
111  (uint32_t *) output, (length - n) / 4);
112  }
113  else if(context->nr == 12)
114  {
115  HW_SCE_Aes192EncryptDecryptUpdateSub((const uint32_t *) input,
116  (uint32_t *) output, (length - n) / 4);
117  }
118  else
119  {
120  HW_SCE_Aes256EncryptDecryptUpdateSub((const uint32_t *) input,
121  (uint32_t *) output, (length - n) / 4);
122  }
123 
124  //The final block requires special processing
125  if(n > 0)
126  {
127  //Copy the input data
128  osMemset(block, 0, AES_BLOCK_SIZE);
129  osMemcpy(block, input + length - n, n);
130 
131  //Process the final block
132  if(context->nr == 10)
133  {
134  HW_SCE_Aes128EncryptDecryptUpdateSub(block, block,
135  AES_BLOCK_SIZE / 4);
136  }
137  else if(context->nr == 12)
138  {
139  HW_SCE_Aes192EncryptDecryptUpdateSub(block, block,
140  AES_BLOCK_SIZE / 4);
141  }
142  else
143  {
144  HW_SCE_Aes256EncryptDecryptUpdateSub(block, block,
145  AES_BLOCK_SIZE / 4);
146  }
147 
148  //Copy the resulting ciphertext
149  osMemcpy(output + length - n, block, n);
150  }
151  }
152 
153  //Check status code
154  if(status == FSP_SUCCESS)
155  {
156  //Finalize encryption or decryption operation
157  if(context->nr == 10)
158  {
159  status = HW_SCE_Aes128EncryptDecryptFinalSub();
160  }
161  else if(context->nr == 12)
162  {
163  status = HW_SCE_Aes192EncryptDecryptFinalSub();
164  }
165  else if(context->nr == 14)
166  {
167  status = HW_SCE_Aes256EncryptDecryptFinalSub();
168  }
169  else
170  {
171  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
172  }
173  }
174 
175  //Check status code
176  if(status != FSP_SUCCESS)
177  {
178  osMemset(output, 0, length);
179  }
180 
181  //Release exclusive access to the RSIP module
182  osReleaseMutex(&ra8CryptoMutex);
183 
184  //Return status code
185  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
186 }
187 
188 
189 /**
190  * @brief Key expansion
191  * @param[in] context Pointer to the AES context to initialize
192  * @param[in] key Pointer to the key
193  * @param[in] keyLen Length of the key
194  * @return Error code
195  **/
196 
197 error_t aesInit(AesContext *context, const uint8_t *key, size_t keyLen)
198 {
199  fsp_err_t status;
200 
201  //Check parameters
202  if(context == NULL || key == NULL)
203  return ERROR_INVALID_PARAMETER;
204 
205  //Acquire exclusive access to the RSIP module
206  osAcquireMutex(&ra8CryptoMutex);
207 
208  //Check the length of the key
209  if(keyLen == 16)
210  {
211  //10 rounds are required for 128-bit key
212  context->nr = 10;
213 
214  //Install the plaintext key and get the wrapped key
215  status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
216  SCE_OEM_CMD_AES128, NULL, NULL, key, context->ek);
217  }
218  else if(keyLen == 24)
219  {
220  //12 rounds are required for 192-bit key
221  context->nr = 12;
222 
223  //Install the plaintext key and get the wrapped key
224  status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
225  SCE_OEM_CMD_AES192, NULL, NULL, key, context->ek);
226  }
227  else if(keyLen == 32)
228  {
229  //14 rounds are required for 256-bit key
230  context->nr = 14;
231 
232  //Install the plaintext key and get the wrapped key
233  status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
234  SCE_OEM_CMD_AES256, NULL, NULL, key, context->ek);
235  }
236  else
237  {
238  //Invalid key length
239  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
240  }
241 
242  //Release exclusive access to the RSIP module
243  osReleaseMutex(&ra8CryptoMutex);
244 
245  //Return status code
246  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
247 }
248 
249 
250 /**
251  * @brief Encrypt a 16-byte block using AES algorithm
252  * @param[in] context Pointer to the AES context
253  * @param[in] input Plaintext block to encrypt
254  * @param[out] output Ciphertext block resulting from encryption
255  **/
256 
257 void aesEncryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
258 {
259  //Perform AES encryption
260  aesProcessData(context, NULL, input, output, AES_BLOCK_SIZE,
261  SCE_AES_IN_DATA_CMD_ECB_ENCRYPTION);
262 }
263 
264 
265 /**
266  * @brief Decrypt a 16-byte block using AES algorithm
267  * @param[in] context Pointer to the AES context
268  * @param[in] input Ciphertext block to decrypt
269  * @param[out] output Plaintext block resulting from decryption
270  **/
271 
272 void aesDecryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
273 {
274  //Perform AES decryption
275  aesProcessData(context, NULL, input, output, AES_BLOCK_SIZE,
276  SCE_AES_IN_DATA_CMD_ECB_DECRYPTION);
277 }
278 
279 
280 #if (ECB_SUPPORT == ENABLED)
281 
282 /**
283  * @brief ECB encryption
284  * @param[in] cipher Cipher algorithm
285  * @param[in] context Cipher algorithm context
286  * @param[in] p Plaintext to be encrypted
287  * @param[out] c Ciphertext resulting from the encryption
288  * @param[in] length Total number of data bytes to be encrypted
289  * @return Error code
290  **/
291 
292 error_t ecbEncrypt(const CipherAlgo *cipher, void *context,
293  const uint8_t *p, uint8_t *c, size_t length)
294 {
295  error_t error;
296 
297  //Initialize status code
298  error = NO_ERROR;
299 
300  //AES cipher algorithm?
301  if(cipher == AES_CIPHER_ALGO)
302  {
303  //Check the length of the payload
304  if(length == 0)
305  {
306  //No data to process
307  }
308  else if((length % AES_BLOCK_SIZE) == 0)
309  {
310  //Encrypt payload data
311  error = aesProcessData(context, NULL, p, c, length,
312  SCE_AES_IN_DATA_CMD_ECB_ENCRYPTION);
313  }
314  else
315  {
316  //The length of the payload must be a multiple of the block size
317  error = ERROR_INVALID_LENGTH;
318  }
319  }
320  else
321  {
322  //ECB mode operates in a block-by-block fashion
323  while(length >= cipher->blockSize)
324  {
325  //Encrypt current block
326  cipher->encryptBlock(context, p, c);
327 
328  //Next block
329  p += cipher->blockSize;
330  c += cipher->blockSize;
331  length -= cipher->blockSize;
332  }
333 
334  //The length of the payload must be a multiple of the block size
335  if(length != 0)
336  {
337  error = ERROR_INVALID_LENGTH;
338  }
339  }
340 
341  //Return status code
342  return error;
343 }
344 
345 
346 /**
347  * @brief ECB decryption
348  * @param[in] cipher Cipher algorithm
349  * @param[in] context Cipher algorithm context
350  * @param[in] c Ciphertext to be decrypted
351  * @param[out] p Plaintext resulting from the decryption
352  * @param[in] length Total number of data bytes to be decrypted
353  * @return Error code
354  **/
355 
356 error_t ecbDecrypt(const CipherAlgo *cipher, void *context,
357  const uint8_t *c, uint8_t *p, size_t length)
358 {
359  error_t error;
360 
361  //Initialize status code
362  error = NO_ERROR;
363 
364  //AES cipher algorithm?
365  if(cipher == AES_CIPHER_ALGO)
366  {
367  //Check the length of the payload
368  if(length == 0)
369  {
370  //No data to process
371  }
372  else if((length % AES_BLOCK_SIZE) == 0)
373  {
374  //Decrypt payload data
375  error = aesProcessData(context, NULL, c, p, length,
376  SCE_AES_IN_DATA_CMD_ECB_DECRYPTION);
377  }
378  else
379  {
380  //The length of the payload must be a multiple of the block size
381  error = ERROR_INVALID_LENGTH;
382  }
383  }
384  else
385  {
386  //ECB mode operates in a block-by-block fashion
387  while(length >= cipher->blockSize)
388  {
389  //Decrypt current block
390  cipher->decryptBlock(context, c, p);
391 
392  //Next block
393  c += cipher->blockSize;
394  p += cipher->blockSize;
395  length -= cipher->blockSize;
396  }
397 
398  //The length of the payload must be a multiple of the block size
399  if(length != 0)
400  {
401  error = ERROR_INVALID_LENGTH;
402  }
403  }
404 
405  //Return status code
406  return error;
407 }
408 
409 #endif
410 #if (CBC_SUPPORT == ENABLED)
411 
412 /**
413  * @brief CBC encryption
414  * @param[in] cipher Cipher algorithm
415  * @param[in] context Cipher algorithm context
416  * @param[in,out] iv Initialization vector
417  * @param[in] p Plaintext to be encrypted
418  * @param[out] c Ciphertext resulting from the encryption
419  * @param[in] length Total number of data bytes to be encrypted
420  * @return Error code
421  **/
422 
423 error_t cbcEncrypt(const CipherAlgo *cipher, void *context,
424  uint8_t *iv, const uint8_t *p, uint8_t *c, size_t length)
425 {
426  error_t error;
427 
428  //Initialize status code
429  error = NO_ERROR;
430 
431  //AES cipher algorithm?
432  if(cipher == AES_CIPHER_ALGO)
433  {
434  //Check the length of the payload
435  if(length == 0)
436  {
437  //No data to process
438  }
439  else if((length % AES_BLOCK_SIZE) == 0)
440  {
441  //Encrypt payload data
442  error = aesProcessData(context, iv, p, c, length,
443  SCE_AES_IN_DATA_CMD_CBC_ENCRYPTION);
444 
445  //Check status code
446  if(!error)
447  {
448  //Update the value of the initialization vector
449  osMemcpy(iv, c + length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
450  }
451  }
452  else
453  {
454  //The length of the payload must be a multiple of the block size
455  error = ERROR_INVALID_LENGTH;
456  }
457  }
458  else
459  {
460  size_t i;
461 
462  //CBC mode operates in a block-by-block fashion
463  while(length >= cipher->blockSize)
464  {
465  //XOR input block with IV contents
466  for(i = 0; i < cipher->blockSize; i++)
467  {
468  c[i] = p[i] ^ iv[i];
469  }
470 
471  //Encrypt the current block based upon the output of the previous
472  //encryption
473  cipher->encryptBlock(context, c, c);
474 
475  //Update IV with output block contents
476  osMemcpy(iv, c, cipher->blockSize);
477 
478  //Next block
479  p += cipher->blockSize;
480  c += cipher->blockSize;
481  length -= cipher->blockSize;
482  }
483 
484  //The length of the payload must be a multiple of the block size
485  if(length != 0)
486  {
487  error = ERROR_INVALID_LENGTH;
488  }
489  }
490 
491  //Return status code
492  return error;
493 }
494 
495 
496 /**
497  * @brief CBC decryption
498  * @param[in] cipher Cipher algorithm
499  * @param[in] context Cipher algorithm context
500  * @param[in,out] iv Initialization vector
501  * @param[in] c Ciphertext to be decrypted
502  * @param[out] p Plaintext resulting from the decryption
503  * @param[in] length Total number of data bytes to be decrypted
504  * @return Error code
505  **/
506 
507 error_t cbcDecrypt(const CipherAlgo *cipher, void *context,
508  uint8_t *iv, const uint8_t *c, uint8_t *p, size_t length)
509 {
510  error_t error;
511 
512  //Initialize status code
513  error = NO_ERROR;
514 
515  //AES cipher algorithm?
516  if(cipher == AES_CIPHER_ALGO)
517  {
518  //Check the length of the payload
519  if(length == 0)
520  {
521  //No data to process
522  }
523  else if((length % AES_BLOCK_SIZE) == 0)
524  {
525  uint8_t block[AES_BLOCK_SIZE];
526 
527  //Save the last input block
528  osMemcpy(block, c + length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
529 
530  //Decrypt payload data
531  error = aesProcessData(context, iv, c, p, length,
532  SCE_AES_IN_DATA_CMD_CBC_DECRYPTION);
533 
534  //Check status code
535  if(!error)
536  {
537  //Update the value of the initialization vector
538  osMemcpy(iv, block, AES_BLOCK_SIZE);
539  }
540  }
541  else
542  {
543  //The length of the payload must be a multiple of the block size
544  error = ERROR_INVALID_LENGTH;
545  }
546  }
547  else
548  {
549  size_t i;
550  uint8_t t[16];
551 
552  //CBC mode operates in a block-by-block fashion
553  while(length >= cipher->blockSize)
554  {
555  //Save input block
556  osMemcpy(t, c, cipher->blockSize);
557 
558  //Decrypt the current block
559  cipher->decryptBlock(context, c, p);
560 
561  //XOR output block with IV contents
562  for(i = 0; i < cipher->blockSize; i++)
563  {
564  p[i] ^= iv[i];
565  }
566 
567  //Update IV with input block contents
568  osMemcpy(iv, t, cipher->blockSize);
569 
570  //Next block
571  c += cipher->blockSize;
572  p += cipher->blockSize;
573  length -= cipher->blockSize;
574  }
575 
576  //The length of the payload must be a multiple of the block size
577  if(length != 0)
578  {
579  error = ERROR_INVALID_LENGTH;
580  }
581  }
582 
583  //Return status code
584  return error;
585 }
586 
587 #endif
588 #if (CTR_SUPPORT == ENABLED)
589 
590 /**
591  * @brief CTR encryption
592  * @param[in] cipher Cipher algorithm
593  * @param[in] context Cipher algorithm context
594  * @param[in] m Size in bits of the specific part of the block to be incremented
595  * @param[in,out] t Initial counter block
596  * @param[in] p Plaintext to be encrypted
597  * @param[out] c Ciphertext resulting from the encryption
598  * @param[in] length Total number of data bytes to be encrypted
599  * @return Error code
600  **/
601 
602 error_t ctrEncrypt(const CipherAlgo *cipher, void *context, uint_t m,
603  uint8_t *t, const uint8_t *p, uint8_t *c, size_t length)
604 {
605  error_t error;
606 
607  //Initialize status code
608  error = NO_ERROR;
609 
610  //Check the value of the parameter
611  if((m % 8) == 0 && m <= (cipher->blockSize * 8))
612  {
613  //Determine the size, in bytes, of the specific part of the block to be
614  //incremented
615  m = m / 8;
616 
617  //AES cipher algorithm?
618  if(cipher == AES_CIPHER_ALGO)
619  {
620  size_t k;
621  size_t n;
622 
623  //Process plaintext
624  while(length > 0 && !error)
625  {
626  //Limit the number of blocks to process at a time
627  k = 256 - t[AES_BLOCK_SIZE - 1];
628  n = MIN(length, k * AES_BLOCK_SIZE);
629  k = (n + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE;
630 
631  //Encrypt payload data
632  error = aesProcessData(context, t, p, c, n,
633  SCE_AES_IN_DATA_CMD_CTR_ENCRYPTION_DECRYPTION);
634 
635  //Standard incrementing function
636  ctrIncBlock(t, k, AES_BLOCK_SIZE, m);
637 
638  //Next block
639  p += n;
640  c += n;
641  length -= n;
642  }
643  }
644  else
645  {
646  size_t i;
647  size_t n;
648  uint8_t o[16];
649 
650  //Process plaintext
651  while(length > 0)
652  {
653  //CTR mode operates in a block-by-block fashion
654  n = MIN(length, cipher->blockSize);
655 
656  //Compute O(j) = CIPH(T(j))
657  cipher->encryptBlock(context, t, o);
658 
659  //Compute C(j) = P(j) XOR T(j)
660  for(i = 0; i < n; i++)
661  {
662  c[i] = p[i] ^ o[i];
663  }
664 
665  //Standard incrementing function
666  ctrIncBlock(t, 1, cipher->blockSize, m);
667 
668  //Next block
669  p += n;
670  c += n;
671  length -= n;
672  }
673  }
674  }
675  else
676  {
677  //The value of the parameter is not valid
678  error = ERROR_INVALID_PARAMETER;
679  }
680 
681  //Return status code
682  return error;
683 }
684 
685 #endif
686 #if (GCM_SUPPORT == ENABLED)
687 
688 /**
689  * @brief Initialize GCM context
690  * @param[in] context Pointer to the GCM context
691  * @param[in] cipherAlgo Cipher algorithm
692  * @param[in] cipherContext Pointer to the cipher algorithm context
693  * @return Error code
694  **/
695 
696 error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo,
697  void *cipherContext)
698 {
699  //Check parameters
700  if(context == NULL || cipherContext == NULL)
701  return ERROR_INVALID_PARAMETER;
702 
703  //The RSIP module only supports AES cipher algorithm
704  if(cipherAlgo != AES_CIPHER_ALGO)
705  return ERROR_INVALID_PARAMETER;
706 
707  //Save cipher algorithm context
708  context->cipherAlgo = cipherAlgo;
709  context->cipherContext = cipherContext;
710 
711  //Successful initialization
712  return NO_ERROR;
713 }
714 
715 
716 /**
717  * @brief Authenticated encryption using GCM
718  * @param[in] context Pointer to the GCM context
719  * @param[in] iv Initialization vector
720  * @param[in] ivLen Length of the initialization vector
721  * @param[in] a Additional authenticated data
722  * @param[in] aLen Length of the additional data
723  * @param[in] p Plaintext to be encrypted
724  * @param[out] c Ciphertext resulting from the encryption
725  * @param[in] length Total number of data bytes to be encrypted
726  * @param[out] t Authentication tag
727  * @param[in] tLen Length of the authentication tag
728  * @return Error code
729  **/
730 
731 error_t gcmEncrypt(GcmContext *context, const uint8_t *iv,
732  size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p,
733  uint8_t *c, size_t length, uint8_t *t, size_t tLen)
734 {
735  fsp_err_t status;
736  size_t i;
737  size_t n;
738  uint64_t m;
739  uint32_t keyType;
740  uint32_t dummy;
741  uint32_t temp[4];
742  uint32_t block[4];
743  uint32_t authTag[4];
744  AesContext *aesContext;
745 
746  //Make sure the GCM context is valid
747  if(context == NULL)
748  return ERROR_INVALID_PARAMETER;
749 
750  //Check whether the length of the IV is 96 bits
751  if(ivLen != 12)
752  return ERROR_INVALID_LENGTH;
753 
754  //Check the length of the authentication tag
755  if(tLen < 4 || tLen > 16)
756  return ERROR_INVALID_LENGTH;
757 
758  //Point to the AES context
759  aesContext = (AesContext *) context->cipherContext;
760 
761  //Set key type
762  keyType = 0;
763  //Dummy parameter
764  dummy = 0;
765 
766  //When the length of the IV is 96 bits, the padding string is appended to
767  //the IV to form the pre-counter block
768  temp[0] = LOAD32LE(iv);
769  temp[1] = LOAD32LE(iv + 4);
770  temp[2] = LOAD32LE(iv + 8);
771  temp[3] = BETOH32(1);
772 
773  //Acquire exclusive access to the RSIP module
774  osAcquireMutex(&ra8CryptoMutex);
775 
776  //Initialize GCM encryption
777  if(aesContext->nr == 10)
778  {
779  status = HW_SCE_Aes128GcmEncryptInitSub(&keyType, aesContext->ek, &dummy,
780  temp);
781  }
782  else if(aesContext->nr == 12)
783  {
784  status = HW_SCE_Aes192GcmEncryptInitSub(&keyType, aesContext->ek, &dummy,
785  temp);
786  }
787  else if(aesContext->nr == 14)
788  {
789  status = HW_SCE_Aes256GcmEncryptInitSub(&keyType, aesContext->ek, &dummy,
790  temp);
791  }
792  else
793  {
794  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
795  }
796 
797  //Check status code
798  if(status == FSP_SUCCESS)
799  {
800  //Point to the beginning of the additional authenticated data
801  i = 0;
802 
803  //Process additional authenticated data
804  if(aLen >= AES_BLOCK_SIZE)
805  {
806  //Process complete blocks only
807  n = aLen - (aLen % AES_BLOCK_SIZE);
808 
809  //Write complete blocks
810  if(aesContext->nr == 10)
811  {
812  HW_SCE_Aes128GcmEncryptUpdateAADSub((uint32_t *) a, n / 4);
813  }
814  else if(aesContext->nr == 12)
815  {
816  HW_SCE_Aes192GcmEncryptUpdateAADSub((uint32_t *) a, n / 4);
817  }
818  else
819  {
820  HW_SCE_Aes256GcmEncryptUpdateAADSub((uint32_t *) a, n / 4);
821  }
822 
823  //Advance data pointer
824  i += n;
825  }
826 
827  //Process final block of additional authenticated data
828  if(i < aLen)
829  {
830  //Copy the partial block
831  osMemset(block, 0, AES_BLOCK_SIZE);
832  osMemcpy(block, a + i, aLen - i);
833 
834  //Write block
835  if(aesContext->nr == 10)
836  {
837  HW_SCE_Aes128GcmEncryptUpdateAADSub(block, 1);
838  }
839  else if(aesContext->nr == 12)
840  {
841  HW_SCE_Aes192GcmEncryptUpdateAADSub(block, 1);
842  }
843  else
844  {
845  HW_SCE_Aes256GcmEncryptUpdateAADSub(block, 1);
846  }
847  }
848 
849  //Transition to from AAD phase to data phase
850  if(aesContext->nr == 10)
851  {
852  HW_SCE_Aes128GcmEncryptUpdateTransitionSub();
853  }
854  else if(aesContext->nr == 12)
855  {
856  HW_SCE_Aes192GcmEncryptUpdateTransitionSub();
857  }
858  else
859  {
860  HW_SCE_Aes256GcmEncryptUpdateTransitionSub();
861  }
862 
863  //Point to the beginning of the payload data
864  i = 0;
865 
866  //Process payload data
867  if(length >= AES_BLOCK_SIZE)
868  {
869  //Process complete blocks only
870  n = length - (length % AES_BLOCK_SIZE);
871 
872  //Encrypt complete blocks
873  if(aesContext->nr == 10)
874  {
875  HW_SCE_Aes128GcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
876  n / 4);
877  }
878  else if(aesContext->nr == 12)
879  {
880  HW_SCE_Aes192GcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
881  n / 4);
882  }
883  else
884  {
885  HW_SCE_Aes256GcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
886  n / 4);
887  }
888 
889  //Advance data pointer
890  i += n;
891  }
892 
893  //Process final block of payload data
894  if(i < length)
895  {
896  //Copy the partial input block
897  osMemset(block, 0, AES_BLOCK_SIZE);
898  osMemcpy(block, p + i, length - i);
899  }
900 
901  //64-bit representation of the length of the payload data
902  m = length * 8;
903  temp[0] = htobe32(m >> 32);
904  temp[1] = htobe32(m);
905 
906  //64-bit representation of the length of the additional data
907  m = aLen * 8;
908  temp[2] = htobe32(m >> 32);
909  temp[3] = htobe32(m);
910 
911  //Generate authentication tag
912  if(aesContext->nr == 10)
913  {
914  status = HW_SCE_Aes128GcmEncryptFinalSub(block, temp, temp + 2,
915  block, authTag);
916  }
917  else if(aesContext->nr == 12)
918  {
919  status = HW_SCE_Aes192GcmEncryptFinalSub(block, temp, temp + 2,
920  block, authTag);
921  }
922  else if(aesContext->nr == 14)
923  {
924  status = HW_SCE_Aes256GcmEncryptFinalSub(block, temp, temp + 2,
925  block, authTag);
926  }
927  else
928  {
929  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
930  }
931  }
932 
933  //Check status code
934  if(status == FSP_SUCCESS)
935  {
936  //Copy the partial output block
937  osMemcpy(c + i, block, length - i);
938  //Copy the resulting authentication tag
939  osMemcpy(t, authTag, tLen);
940  }
941 
942  //Release exclusive access to the RSIP module
943  osReleaseMutex(&ra8CryptoMutex);
944 
945  //Return status code
946  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
947 }
948 
949 
950 /**
951  * @brief Authenticated decryption using GCM
952  * @param[in] context Pointer to the GCM context
953  * @param[in] iv Initialization vector
954  * @param[in] ivLen Length of the initialization vector
955  * @param[in] a Additional authenticated data
956  * @param[in] aLen Length of the additional data
957  * @param[in] c Ciphertext to be decrypted
958  * @param[out] p Plaintext resulting from the decryption
959  * @param[in] length Total number of data bytes to be decrypted
960  * @param[in] t Authentication tag
961  * @param[in] tLen Length of the authentication tag
962  * @return Error code
963  **/
964 
965 error_t gcmDecrypt(GcmContext *context, const uint8_t *iv,
966  size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c,
967  uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
968 {
969  fsp_err_t status;
970  size_t i;
971  size_t n;
972  uint64_t m;
973  uint32_t keyType;
974  uint32_t dummy;
975  uint32_t temp[5];
976  uint32_t block[4];
977  uint32_t authTag[4];
978  AesContext *aesContext;
979 
980  //Make sure the GCM context is valid
981  if(context == NULL)
982  return ERROR_INVALID_PARAMETER;
983 
984  //Check whether the length of the IV is 96 bits
985  if(ivLen != 12)
986  return ERROR_INVALID_LENGTH;
987 
988  //Check the length of the authentication tag
989  if(tLen < 4 || tLen > 16)
990  return ERROR_INVALID_LENGTH;
991 
992  //Point to the AES context
993  aesContext = (AesContext *) context->cipherContext;
994 
995  //Set key type
996  keyType = 0;
997  //Dummy parameter
998  dummy = 0;
999 
1000  //When the length of the IV is 96 bits, the padding string is appended to
1001  //the IV to form the pre-counter block
1002  temp[0] = LOAD32LE(iv);
1003  temp[1] = LOAD32LE(iv + 4);
1004  temp[2] = LOAD32LE(iv + 8);
1005  temp[3] = BETOH32(1);
1006 
1007  //Acquire exclusive access to the RSIP module
1008  osAcquireMutex(&ra8CryptoMutex);
1009 
1010  //Initialize GCM decryption
1011  if(aesContext->nr == 10)
1012  {
1013  status = HW_SCE_Aes128GcmDecryptInitSub(&keyType, aesContext->ek, &dummy,
1014  temp);
1015  }
1016  else if(aesContext->nr == 12)
1017  {
1018  status = HW_SCE_Aes192GcmDecryptInitSub(&keyType, aesContext->ek, &dummy,
1019  temp);
1020  }
1021  else if(aesContext->nr == 14)
1022  {
1023  status = HW_SCE_Aes256GcmDecryptInitSub(&keyType, aesContext->ek, &dummy,
1024  temp);
1025  }
1026  else
1027  {
1028  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1029  }
1030 
1031  //Check status code
1032  if(status == FSP_SUCCESS)
1033  {
1034  //Point to the beginning of the additional authenticated data
1035  i = 0;
1036 
1037  //Process additional authenticated data
1038  if(aLen >= AES_BLOCK_SIZE)
1039  {
1040  //Process complete blocks only
1041  n = aLen - (aLen % AES_BLOCK_SIZE);
1042 
1043  //Write complete blocks
1044  if(aesContext->nr == 10)
1045  {
1046  HW_SCE_Aes128GcmDecryptUpdateAADSub((uint32_t *) a, n / 4);
1047  }
1048  else if(aesContext->nr == 12)
1049  {
1050  HW_SCE_Aes192GcmDecryptUpdateAADSub((uint32_t *) a, n / 4);
1051  }
1052  else
1053  {
1054  HW_SCE_Aes256GcmDecryptUpdateAADSub((uint32_t *) a, n / 4);
1055  }
1056 
1057  //Advance data pointer
1058  i += n;
1059  }
1060 
1061  //Process final block of additional authenticated data
1062  if(i < aLen)
1063  {
1064  //Copy the partial block
1065  osMemset(block, 0, AES_BLOCK_SIZE);
1066  osMemcpy(block, a + i, aLen - i);
1067 
1068  //Write block
1069  if(aesContext->nr == 10)
1070  {
1071  HW_SCE_Aes128GcmDecryptUpdateAADSub(block, 1);
1072  }
1073  else if(aesContext->nr == 12)
1074  {
1075  HW_SCE_Aes192GcmDecryptUpdateAADSub(block, 1);
1076  }
1077  else
1078  {
1079  HW_SCE_Aes256GcmDecryptUpdateAADSub(block, 1);
1080  }
1081  }
1082 
1083  //Transition to from AAD phase to data phase
1084  if(aesContext->nr == 10)
1085  {
1086  HW_SCE_Aes128GcmDecryptUpdateTransitionSub();
1087  }
1088  else if(aesContext->nr == 12)
1089  {
1090  HW_SCE_Aes192GcmDecryptUpdateTransitionSub();
1091  }
1092  else
1093  {
1094  HW_SCE_Aes256GcmDecryptUpdateTransitionSub();
1095  }
1096 
1097  //Point to the beginning of the payload data
1098  i = 0;
1099 
1100  //Process payload data
1101  if(length >= AES_BLOCK_SIZE)
1102  {
1103  //Process complete blocks only
1104  n = length - (length % AES_BLOCK_SIZE);
1105 
1106  //Decrypt complete blocks
1107  if(aesContext->nr == 10)
1108  {
1109  HW_SCE_Aes128GcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1110  n / 4);
1111  }
1112  else if(aesContext->nr == 12)
1113  {
1114  HW_SCE_Aes192GcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1115  n / 4);
1116  }
1117  else
1118  {
1119  HW_SCE_Aes256GcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1120  n / 4);
1121  }
1122 
1123  //Advance data pointer
1124  i += n;
1125  }
1126 
1127  //Process final block of payload data
1128  if(i < length)
1129  {
1130  //Copy the partial input block
1131  osMemset(block, 0, AES_BLOCK_SIZE);
1132  osMemcpy(block, c + i, length - i);
1133  }
1134 
1135  //64-bit representation of the length of the payload data
1136  m = length * 8;
1137  temp[0] = htobe32(m >> 32);
1138  temp[1] = htobe32(m);
1139 
1140  //64-bit representation of the length of the additional data
1141  m = aLen * 8;
1142  temp[2] = htobe32(m >> 32);
1143  temp[3] = htobe32(m);
1144 
1145  //32-bit representation of the length of the authentication tag
1146  temp[4] = htobe32(tLen);
1147 
1148  //Pad the authentication tag
1149  osMemset(authTag, 0, sizeof(authTag));
1150  osMemcpy(authTag, t, tLen);
1151 
1152  //Verify authentication tag
1153  if(aesContext->nr == 10)
1154  {
1155  status = HW_SCE_Aes128GcmDecryptFinalSub(block, temp, temp + 2,
1156  authTag, temp + 4, block);
1157  }
1158  else if(aesContext->nr == 12)
1159  {
1160  status = HW_SCE_Aes192GcmDecryptFinalSub(block, temp, temp + 2,
1161  authTag, temp + 4, block);
1162  }
1163  else if(aesContext->nr == 14)
1164  {
1165  status = HW_SCE_Aes256GcmDecryptFinalSub(block, temp, temp + 2,
1166  authTag, temp + 4, block);
1167  }
1168  else
1169  {
1170  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1171  }
1172  }
1173 
1174  //Check status code
1175  if(status == FSP_SUCCESS)
1176  {
1177  //Copy the partial output block
1178  osMemcpy(p + i, block, length - i);
1179  }
1180 
1181  //Release exclusive access to the RSIP module
1182  osReleaseMutex(&ra8CryptoMutex);
1183 
1184  //Return status code
1185  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
1186 }
1187 
1188 #endif
1189 #if (CCM_SUPPORT == ENABLED)
1190 
1191 /**
1192  * @brief Authenticated encryption using CCM
1193  * @param[in] cipher Cipher algorithm
1194  * @param[in] context Cipher algorithm context
1195  * @param[in] n Nonce
1196  * @param[in] nLen Length of the nonce
1197  * @param[in] a Additional authenticated data
1198  * @param[in] aLen Length of the additional data
1199  * @param[in] p Plaintext to be encrypted
1200  * @param[out] c Ciphertext resulting from the encryption
1201  * @param[in] length Total number of data bytes to be encrypted
1202  * @param[out] t MAC resulting from the encryption process
1203  * @param[in] tLen Length of the MAC
1204  * @return Error code
1205  **/
1206 
1207 error_t ccmEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *n,
1208  size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c,
1209  size_t length, uint8_t *t, size_t tLen)
1210 {
1211  error_t error;
1212  fsp_err_t status;
1213  size_t m;
1214  uint32_t keyType;
1215  uint32_t dataType;
1216  uint32_t command;
1217  uint32_t textLen;
1218  uint32_t headerLen;
1219  uint32_t seqNum;
1220  uint32_t block[4];
1221  uint32_t authTag[4];
1222  uint8_t header[64];
1223  AesContext *aesContext;
1224 
1225  //The RSIP module only supports AES cipher algorithm
1226  if(cipher != AES_CIPHER_ALGO)
1227  return ERROR_INVALID_PARAMETER;
1228 
1229  //Make sure the cipher context is valid
1230  if(context == NULL)
1231  return ERROR_INVALID_PARAMETER;
1232 
1233  //Check the length of the additional data
1234  if(aLen > (sizeof(header) - 18))
1235  return ERROR_INVALID_LENGTH;
1236 
1237  //Point to the AES context
1238  aesContext = (AesContext *) context;
1239 
1240  //Initialize parameters
1241  keyType = 0;
1242  dataType = 0;
1243  command = 0;
1244  textLen = htobe32(length);
1245  seqNum = 0;
1246 
1247  //Clear header
1248  osMemset(header, 0, sizeof(header));
1249 
1250  //Format first block B(0)
1251  error = ccmFormatBlock0(length, n, nLen, aLen, tLen, header);
1252  //Invalid parameters?
1253  if(error)
1254  return error;
1255 
1256  //Size of the first block (B0)
1257  headerLen = AES_BLOCK_SIZE;
1258 
1259  //Any additional data?
1260  if(aLen > 0)
1261  {
1262  //The length is encoded as 2 octets
1263  STORE16BE(aLen, header + headerLen);
1264  //Concatenate the associated data A
1265  osMemcpy(header + headerLen + 2, a, aLen);
1266  //Adjust the size of the header
1267  headerLen += 2 + aLen;
1268  }
1269 
1270  //Format initial counter value CTR(0)
1271  ccmFormatCounter0(n, nLen, (uint8_t *) block);
1272 
1273  //Acquire exclusive access to the RSIP module
1274  osAcquireMutex(&ra8CryptoMutex);
1275 
1276  //Initialize CCM encryption
1277  if(aesContext->nr == 10)
1278  {
1279  status = HW_SCE_Aes128CcmEncryptInitSubGeneral(&keyType, &dataType,
1280  &command, &textLen, aesContext->ek, block, (uint32_t *) header,
1281  &seqNum, (headerLen + 3) / 4);
1282  }
1283  else if(aesContext->nr == 12)
1284  {
1285  status = HW_SCE_Aes192CcmEncryptInitSubGeneral(&keyType, &dataType,
1286  &command, &textLen, aesContext->ek, block, (uint32_t *) header,
1287  &seqNum, (headerLen + 3) / 4);
1288  }
1289  else if(aesContext->nr == 14)
1290  {
1291  status = HW_SCE_Aes256CcmEncryptInitSubGeneral(&keyType, &dataType,
1292  &command, &textLen, aesContext->ek, block, (uint32_t *) header,
1293  &seqNum, (headerLen + 3) / 4);
1294  }
1295  else
1296  {
1297  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1298  }
1299 
1300  //Check status code
1301  if(status == FSP_SUCCESS)
1302  {
1303  //Process payload data
1304  if(length >= AES_BLOCK_SIZE)
1305  {
1306  //Process complete blocks only
1307  m = length - (length % AES_BLOCK_SIZE);
1308 
1309  //Encrypt complete blocks
1310  if(aesContext->nr == 10)
1311  {
1312  HW_SCE_Aes128CcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
1313  m / 4);
1314  }
1315  else if(aesContext->nr == 12)
1316  {
1317  HW_SCE_Aes192CcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
1318  m / 4);
1319  }
1320  else
1321  {
1322  HW_SCE_Aes256CcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
1323  m / 4);
1324  }
1325 
1326  //Advance data pointer
1327  length -= m;
1328  p += m;
1329  c += m;
1330  }
1331 
1332  //Process final block of payload data
1333  if(length > 0)
1334  {
1335  //Copy the partial input block
1336  osMemset(block, 0, AES_BLOCK_SIZE);
1337  osMemcpy(block, p, length);
1338  }
1339 
1340  //Generate authentication tag
1341  if(aesContext->nr == 10)
1342  {
1343  status = HW_SCE_Aes128CcmEncryptFinalSubGeneral(block, &textLen,
1344  block, authTag);
1345  }
1346  else if(aesContext->nr == 12)
1347  {
1348  status = HW_SCE_Aes192CcmEncryptFinalSub(block, &textLen, block,
1349  authTag);
1350  }
1351  else if(aesContext->nr == 14)
1352  {
1353  status = HW_SCE_Aes256CcmEncryptFinalSub(block, &textLen, block,
1354  authTag);
1355  }
1356  else
1357  {
1358  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1359  }
1360  }
1361 
1362  //Check status code
1363  if(status == FSP_SUCCESS)
1364  {
1365  //Copy the partial output block
1366  osMemcpy(c, block, length);
1367  //Copy the resulting authentication tag
1368  osMemcpy(t, authTag, tLen);
1369  }
1370 
1371  //Release exclusive access to the RSIP module
1372  osReleaseMutex(&ra8CryptoMutex);
1373 
1374  //Return status code
1375  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
1376 }
1377 
1378 
1379 /**
1380  * @brief Authenticated decryption using CCM
1381  * @param[in] cipher Cipher algorithm
1382  * @param[in] context Cipher algorithm context
1383  * @param[in] n Nonce
1384  * @param[in] nLen Length of the nonce
1385  * @param[in] a Additional authenticated data
1386  * @param[in] aLen Length of the additional data
1387  * @param[in] c Ciphertext to be decrypted
1388  * @param[out] p Plaintext resulting from the decryption
1389  * @param[in] length Total number of data bytes to be decrypted
1390  * @param[in] t MAC to be verified
1391  * @param[in] tLen Length of the MAC
1392  * @return Error code
1393  **/
1394 
1395 error_t ccmDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *n,
1396  size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p,
1397  size_t length, const uint8_t *t, size_t tLen)
1398 {
1399  error_t error;
1400  fsp_err_t status;
1401  size_t m;
1402  uint32_t keyType;
1403  uint32_t dataType;
1404  uint32_t command;
1405  uint32_t textLen;
1406  uint32_t authTagLen;
1407  uint32_t headerLen;
1408  uint32_t seqNum;
1409  uint32_t block[4];
1410  uint32_t authTag[4];
1411  uint8_t header[64];
1412  AesContext *aesContext;
1413 
1414  //The RSIP module only supports AES cipher algorithm
1415  if(cipher != AES_CIPHER_ALGO)
1416  return ERROR_INVALID_PARAMETER;
1417 
1418  //Make sure the cipher context is valid
1419  if(context == NULL)
1420  return ERROR_INVALID_PARAMETER;
1421 
1422  //Check the length of the additional data
1423  if(aLen > (sizeof(header) - 18))
1424  return ERROR_INVALID_LENGTH;
1425 
1426  //Point to the AES context
1427  aesContext = (AesContext *) context;
1428 
1429  //Initialize parameters
1430  keyType = 0;
1431  dataType = 0;
1432  command = 0;
1433  textLen = htobe32(length);
1434  authTagLen = htobe32(tLen);
1435  seqNum = 0;
1436 
1437  //Clear header
1438  osMemset(header, 0, sizeof(header));
1439 
1440  //Format first block B(0)
1441  error = ccmFormatBlock0(length, n, nLen, aLen, tLen, header);
1442  //Invalid parameters?
1443  if(error)
1444  return error;
1445 
1446  //Size of the first block (B0)
1447  headerLen = AES_BLOCK_SIZE;
1448 
1449  //Any additional data?
1450  if(aLen > 0)
1451  {
1452  //The length is encoded as 2 octets
1453  STORE16BE(aLen, header + headerLen);
1454  //Concatenate the associated data A
1455  osMemcpy(header + headerLen + 2, a, aLen);
1456  //Adjust the size of the header
1457  headerLen += 2 + aLen;
1458  }
1459 
1460  //Format initial counter value CTR(0)
1461  ccmFormatCounter0(n, nLen, (uint8_t *) block);
1462 
1463  //Acquire exclusive access to the RSIP module
1464  osAcquireMutex(&ra8CryptoMutex);
1465 
1466  //Initialize CCM decryption
1467  if(aesContext->nr == 10)
1468  {
1469  status = HW_SCE_Aes128CcmDecryptInitSubGeneral(&keyType, &dataType,
1470  &command, &textLen, &authTagLen, aesContext->ek, block,
1471  (uint32_t *) header, &seqNum, (headerLen + 3) / 4);
1472  }
1473  else if(aesContext->nr == 12)
1474  {
1475  status = HW_SCE_Aes192CcmDecryptInitSubGeneral(&keyType, &dataType,
1476  &command, &textLen, &authTagLen, aesContext->ek, block,
1477  (uint32_t *) header, &seqNum, (headerLen + 3) / 4);
1478  }
1479  else if(aesContext->nr == 14)
1480  {
1481  status = HW_SCE_Aes256CcmDecryptInitSubGeneral(&keyType, &dataType,
1482  &command, &textLen, &authTagLen, aesContext->ek, block,
1483  (uint32_t *) header, &seqNum, (headerLen + 3) / 4);
1484  }
1485  else
1486  {
1487  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1488  }
1489 
1490  //Check status code
1491  if(status == FSP_SUCCESS)
1492  {
1493  //Process payload data
1494  if(length >= AES_BLOCK_SIZE)
1495  {
1496  //Process complete blocks only
1497  m = length - (length % AES_BLOCK_SIZE);
1498 
1499  //Decrypt complete blocks
1500  if(aesContext->nr == 10)
1501  {
1502  HW_SCE_Aes128CcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1503  m / 4);
1504  }
1505  else if(aesContext->nr == 12)
1506  {
1507  HW_SCE_Aes192CcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1508  m / 4);
1509  }
1510  else
1511  {
1512  HW_SCE_Aes256CcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1513  m / 4);
1514  }
1515 
1516  //Advance data pointer
1517  length -= m;
1518  c += m;
1519  p += m;
1520  }
1521 
1522  //Process final block of payload data
1523  if(length > 0)
1524  {
1525  //Copy the partial input block
1526  osMemset(block, 0, AES_BLOCK_SIZE);
1527  osMemcpy(block, c, length);
1528  }
1529 
1530  //Pad the authentication tag
1531  osMemset(authTag, 0, sizeof(authTag));
1532  osMemcpy(authTag, t, tLen);
1533 
1534  //Verify authentication tag
1535  if(aesContext->nr == 10)
1536  {
1537  status = HW_SCE_Aes128CcmDecryptFinalSubGeneral(block, &textLen,
1538  authTag, &authTagLen, block);
1539  }
1540  else if(aesContext->nr == 12)
1541  {
1542  status = HW_SCE_Aes192CcmDecryptFinalSub(block, &textLen,
1543  authTag, &authTagLen, block);
1544  }
1545  else if(aesContext->nr == 14)
1546  {
1547  status = HW_SCE_Aes256CcmDecryptFinalSub(block, &textLen,
1548  authTag, &authTagLen, block);
1549  }
1550  else
1551  {
1552  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1553  }
1554  }
1555 
1556  //Check status code
1557  if(status == FSP_SUCCESS)
1558  {
1559  //Copy the partial output block
1560  osMemcpy(p, block, length);
1561  }
1562 
1563  //Release exclusive access to the RSIP module
1564  osReleaseMutex(&ra8CryptoMutex);
1565 
1566  //Return status code
1567  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
1568 }
1569 
1570 #endif
1571 #endif
ecbEncrypt
error_t ecbEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *p, uint8_t *c, size_t length)
ECB encryption.
Definition: ra8_crypto_cipher.c:292
block
uint16_t block
Definition: tftp_common.h:115
a
uint8_t a
Definition: ndp.h:411
CipherAlgo::decryptBlock
CipherAlgoDecryptBlock decryptBlock
Definition: crypto.h:1200
p
uint8_t p
Definition: ndp.h:300
t
uint8_t t
Definition: lldp_ext_med.h:212
o
uint8_t o
Definition: dhcpv6_common.h:415
cipher_algorithms.h
Collection of AEAD algorithms.
aesDecryptBlock
void aesDecryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
Decrypt a 16-byte block using AES algorithm.
Definition: ra8_crypto_cipher.c:272
CipherAlgo::blockSize
size_t blockSize
Definition: crypto.h:1195
ra8CryptoMutex
OsMutex ra8CryptoMutex
Definition: ra8_crypto.c:41
ra8_crypto_cipher.h
RA8 cipher hardware accelerator.
BETOH32
#define BETOH32(value)
Definition: cpu_endian.h:451
ccmFormatCounter0
void ccmFormatCounter0(const uint8_t *n, size_t nLen, uint8_t *ctr)
Format initial counter value CTR(0)
Definition: ccm.c:418
CipherAlgo::encryptBlock
CipherAlgoEncryptBlock encryptBlock
Definition: crypto.h:1199
gcmDecrypt
error_t gcmDecrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
Authenticated decryption using GCM.
Definition: ra8_crypto_cipher.c:965
AesContext
AES algorithm context.
Definition: aes.h:58
AES_BLOCK_SIZE
#define AES_BLOCK_SIZE
Definition: aes.h:43
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:144
error_t
error_t
Error codes.
Definition: error.h:43
seqNum
uint32_t seqNum
Definition: tcp.h:348
ERROR_FAILURE
@ ERROR_FAILURE
Generic error code.
Definition: error.h:45
STORE16BE
#define STORE16BE(a, p)
Definition: cpu_endian.h:262
ccmFormatBlock0
error_t ccmFormatBlock0(size_t q, const uint8_t *n, size_t nLen, size_t aLen, size_t tLen, uint8_t *b)
Format first block B(0)
Definition: ccm.c:353
ERROR_INVALID_LENGTH
@ ERROR_INVALID_LENGTH
Definition: error.h:111
cbcDecrypt
error_t cbcDecrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *c, uint8_t *p, size_t length)
CBC decryption.
Definition: ra8_crypto_cipher.c:507
crypto.h
General definitions for cryptographic algorithms.
iv
uint8_t iv[]
Definition: ike.h:1659
ctrEncrypt
error_t ctrEncrypt(const CipherAlgo *cipher, void *context, uint_t m, uint8_t *t, const uint8_t *p, uint8_t *c, size_t length)
CTR encryption.
Definition: ra8_crypto_cipher.c:602
cipher_modes.h
Block cipher modes of operation.
GcmContext::cipherAlgo
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: gcm.h:65
ccmEncrypt
error_t ccmEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *n, size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using CCM.
Definition: ra8_crypto_cipher.c:1207
length
uint8_t length
Definition: tcp.h:375
MIN
#define MIN(a, b)
Definition: os_port.h:63
AesContext::nr
uint_t nr
Definition: aes.h:59
htobe32
#define htobe32(value)
Definition: cpu_endian.h:446
aesProcessData
error_t aesProcessData(AesContext *context, uint8_t *iv, const uint8_t *input, uint8_t *output, size_t length, uint32_t command)
Perform AES encryption or decryption.
Definition: ra8_crypto_cipher.c:61
aead_algorithms.h
aesInit
error_t aesInit(AesContext *context, const uint8_t *key, size_t keyLen)
Key expansion.
Definition: ra8_crypto_cipher.c:197
GcmContext
GCM context.
Definition: gcm.h:64
ccmDecrypt
error_t ccmDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *n, size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
Authenticated decryption using CCM.
Definition: ra8_crypto_cipher.c:1395
gcmInit
error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo, void *cipherContext)
Initialize GCM context.
Definition: ra8_crypto_cipher.c:696
m
uint8_t m
Definition: ndp.h:304
n
uint8_t n
Definition: dhcpv6_common.h:416
osAcquireMutex
void osAcquireMutex(OsMutex *mutex)
Acquire ownership of the specified mutex object.
Definition: os_port_chibios.c:396
osReleaseMutex
void osReleaseMutex(OsMutex *mutex)
Release ownership of the specified mutex object.
Definition: os_port_chibios.c:408
aesEncryptBlock
void aesEncryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
Encrypt a 16-byte block using AES algorithm.
Definition: ra8_crypto_cipher.c:257
gcmEncrypt
error_t gcmEncrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using GCM.
Definition: ra8_crypto_cipher.c:731
cbcEncrypt
error_t cbcEncrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *p, uint8_t *c, size_t length)
CBC encryption.
Definition: ra8_crypto_cipher.c:423
CipherAlgo
Common interface for encryption algorithms.
Definition: crypto.h:1191
AES_CIPHER_ALGO
#define AES_CIPHER_ALGO
Definition: aes.h:45
LOAD32LE
#define LOAD32LE(p)
Definition: cpu_endian.h:203
ra8_crypto.h
RA8 hardware cryptographic accelerator (RSIP)
AesContext::ek
uint32_t ek[60]
Definition: aes.h:60
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
osMemset
#define osMemset(p, value, length)
Definition: os_port.h:138
GcmContext::cipherContext
void * cipherContext
Cipher algorithm context.
Definition: gcm.h:66
ctrIncBlock
void ctrIncBlock(uint8_t *ctr, uint32_t inc, size_t blockSize, size_t m)
Increment counter block.
Definition: ctr.c:138
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
c
uint8_t c
Definition: ndp.h:514
debug.h
Debugging facilities.
ecbDecrypt
error_t ecbDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *c, uint8_t *p, size_t length)
ECB decryption.
Definition: ra8_crypto_cipher.c:356