stm32f4xx_crypto_cipher.c
Go to the documentation of this file.
1 /**
2  * @file stm32f4xx_crypto_cipher.c
3  * @brief STM32F4 cipher hardware accelerator
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "stm32f4xx.h"
36 #include "stm32f4xx_hal.h"
37 #include "core/crypto.h"
42 #include "aead/aead_algorithms.h"
43 #include "debug.h"
44 
45 //Check crypto library configuration
46 #if (STM32F4XX_CRYPTO_CIPHER_SUPPORT == ENABLED)
47 
48 
49 /**
50  * @brief CRYP module initialization
51  * @return Error code
52  **/
53 
55 {
56  //Enable CRYP peripheral clock
57  __HAL_RCC_CRYP_CLK_ENABLE();
58 
59  //Successful processing
60  return NO_ERROR;
61 }
62 
63 
64 #if (DES_SUPPORT == ENABLED)
65 
66 /**
67  * @brief Perform DES encryption or decryption
68  * @param[in] context DES algorithm context
69  * @param[in,out] iv Initialization vector
70  * @param[in] input Data to be encrypted/decrypted
71  * @param[out] output Data resulting from the encryption/decryption process
72  * @param[in] length Total number of data bytes to be processed
73  * @param[in] mode Operation mode
74  **/
75 
76 void desProcessData(DesContext *context, uint8_t *iv, const uint8_t *input,
77  uint8_t *output, size_t length, uint32_t mode)
78 {
79  uint32_t temp;
80 
81  //Acquire exclusive access to the CRYP module
83 
84  //Configure the data type
85  CRYP->CR = CRYP_CR_DATATYPE_8B;
86  //Configure the algorithm and chaining mode
87  CRYP->CR |= mode;
88 
89  //Set encryption key
90  CRYP->K1LR = context->ks[0];
91  CRYP->K1RR = context->ks[1];
92 
93  //Valid initialization vector?
94  if(iv != NULL)
95  {
96  //Set initialization vector
97  CRYP->IV0LR = LOAD32BE(iv);
98  CRYP->IV0RR = LOAD32BE(iv + 4);
99  }
100 
101  //Flush the input and output FIFOs
102  CRYP->CR |= CRYP_CR_FFLUSH;
103  //Enable the cryptographic processor
104  CRYP->CR |= CRYP_CR_CRYPEN;
105 
106  //Process data
107  while(length >= DES_BLOCK_SIZE)
108  {
109  //Wait for the input FIFO to be ready to accept data
110  while((CRYP->SR & CRYP_SR_IFNF) == 0)
111  {
112  }
113 
114  //Write the input FIFO
115  CRYP->DIN = __UNALIGNED_UINT32_READ(input);
116  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 4);
117 
118  //Wait for the output to be ready
119  while((CRYP->SR & CRYP_SR_OFNE) == 0)
120  {
121  }
122 
123  //Read the output FIFO
124  temp = CRYP->DOUT;
125  __UNALIGNED_UINT32_WRITE(output, temp);
126  temp = CRYP->DOUT;
127  __UNALIGNED_UINT32_WRITE(output + 4, temp);
128 
129  //Next block
130  input += DES_BLOCK_SIZE;
131  output += DES_BLOCK_SIZE;
133  }
134 
135  //Valid initialization vector?
136  if(iv != NULL)
137  {
138  //Update the value of the initialization vector
139  temp = CRYP->IV0LR;
140  STORE32BE(temp, iv);
141  temp = CRYP->IV0RR;
142  STORE32BE(temp, iv + 4);
143  }
144 
145  //Disable the cryptographic processor by clearing the CRYPEN bit
146  CRYP->CR = 0;
147 
148  //Release exclusive access to the CRYP module
150 }
151 
152 
153 /**
154  * @brief Initialize a DES context using the supplied key
155  * @param[in] context Pointer to the DES context to initialize
156  * @param[in] key Pointer to the key
157  * @param[in] keyLen Length of the key (must be set to 8)
158  * @return Error code
159  **/
160 
161 error_t desInit(DesContext *context, const uint8_t *key, size_t keyLen)
162 {
163  //Check parameters
164  if(context == NULL || key == NULL)
166 
167  //Invalid key length?
168  if(keyLen != 8)
170 
171  //Copy the 64-bit key
172  context->ks[0] = LOAD32BE(key + 0);
173  context->ks[1] = LOAD32BE(key + 4);
174 
175  //No error to report
176  return NO_ERROR;
177 }
178 
179 
180 /**
181  * @brief Encrypt a 8-byte block using DES algorithm
182  * @param[in] context Pointer to the DES context
183  * @param[in] input Plaintext block to encrypt
184  * @param[out] output Ciphertext block resulting from encryption
185  **/
186 
187 void desEncryptBlock(DesContext *context, const uint8_t *input, uint8_t *output)
188 {
189  //Perform DES encryption
190  desProcessData(context, NULL, input, output, DES_BLOCK_SIZE,
191  CRYP_CR_ALGOMODE_DES_ECB);
192 }
193 
194 
195 /**
196  * @brief Decrypt a 8-byte block using DES algorithm
197  * @param[in] context Pointer to the DES context
198  * @param[in] input Ciphertext block to decrypt
199  * @param[out] output Plaintext block resulting from decryption
200  **/
201 
202 void desDecryptBlock(DesContext *context, const uint8_t *input, uint8_t *output)
203 {
204  //Perform DES decryption
205  desProcessData(context, NULL, input, output, DES_BLOCK_SIZE,
206  CRYP_CR_ALGOMODE_DES_ECB | CRYP_CR_ALGODIR);
207 }
208 
209 #endif
210 #if (DES3_SUPPORT == ENABLED)
211 
212 /**
213  * @brief Perform Triple DES encryption or decryption
214  * @param[in] context Triple DES algorithm context
215  * @param[in,out] iv Initialization vector
216  * @param[in] input Data to be encrypted/decrypted
217  * @param[out] output Data resulting from the encryption/decryption process
218  * @param[in] length Total number of data bytes to be processed
219  * @param[in] mode Operation mode
220  **/
221 
222 void des3ProcessData(Des3Context *context, uint8_t *iv, const uint8_t *input,
223  uint8_t *output, size_t length, uint32_t mode)
224 {
225  uint32_t temp;
226 
227  //Acquire exclusive access to the CRYP module
229 
230  //Configure the data type
231  CRYP->CR = CRYP_CR_DATATYPE_8B;
232  //Configure the algorithm and chaining mode
233  CRYP->CR |= mode;
234 
235  //Set encryption key
236  CRYP->K1LR = context->k1.ks[0];
237  CRYP->K1RR = context->k1.ks[1];
238  CRYP->K2LR = context->k2.ks[0];
239  CRYP->K2RR = context->k2.ks[1];
240  CRYP->K3LR = context->k3.ks[0];
241  CRYP->K3RR = context->k3.ks[1];
242 
243  //Valid initialization vector?
244  if(iv != NULL)
245  {
246  //Set initialization vector
247  CRYP->IV0LR = LOAD32BE(iv);
248  CRYP->IV0RR = LOAD32BE(iv + 4);
249  }
250 
251  //Flush the input and output FIFOs
252  CRYP->CR |= CRYP_CR_FFLUSH;
253  //Enable the cryptographic processor
254  CRYP->CR |= CRYP_CR_CRYPEN;
255 
256  //Process data
257  while(length >= DES3_BLOCK_SIZE)
258  {
259  //Wait for the input FIFO to be ready to accept data
260  while((CRYP->SR & CRYP_SR_IFNF) == 0)
261  {
262  }
263 
264  //Write the input FIFO
265  CRYP->DIN = __UNALIGNED_UINT32_READ(input);
266  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 4);
267 
268  //Wait for the output to be ready
269  while((CRYP->SR & CRYP_SR_OFNE) == 0)
270  {
271  }
272 
273  //Read the output FIFO
274  temp = CRYP->DOUT;
275  __UNALIGNED_UINT32_WRITE(output, temp);
276  temp = CRYP->DOUT;
277  __UNALIGNED_UINT32_WRITE(output + 4, temp);
278 
279  //Next block
280  input += DES3_BLOCK_SIZE;
281  output += DES3_BLOCK_SIZE;
283  }
284 
285  //Valid initialization vector?
286  if(iv != NULL)
287  {
288  //Update the value of the initialization vector
289  temp = CRYP->IV0LR;
290  STORE32BE(temp, iv);
291  temp = CRYP->IV0RR;
292  STORE32BE(temp, iv + 4);
293  }
294 
295  //Disable the cryptographic processor by clearing the CRYPEN bit
296  CRYP->CR = 0;
297 
298  //Release exclusive access to the CRYP module
300 }
301 
302 
303 /**
304  * @brief Initialize a Triple DES context using the supplied key
305  * @param[in] context Pointer to the Triple DES context to initialize
306  * @param[in] key Pointer to the key
307  * @param[in] keyLen Length of the key
308  * @return Error code
309  **/
310 
311 error_t des3Init(Des3Context *context, const uint8_t *key, size_t keyLen)
312 {
313  //Check parameters
314  if(context == NULL || key == NULL)
316 
317  //Check key length
318  if(keyLen == 8)
319  {
320  //This option provides backward compatibility with DES, because the
321  //first and second DES operations cancel out
322  context->k1.ks[0] = LOAD32BE(key + 0);
323  context->k1.ks[1] = LOAD32BE(key + 4);
324  context->k2.ks[0] = LOAD32BE(key + 0);
325  context->k2.ks[1] = LOAD32BE(key + 4);
326  context->k3.ks[0] = LOAD32BE(key + 0);
327  context->k3.ks[1] = LOAD32BE(key + 4);
328  }
329  else if(keyLen == 16)
330  {
331  //If the key length is 128 bits including parity, the first 8 bytes of the
332  //encoding represent the key used for the two outer DES operations, and
333  //the second 8 bytes represent the key used for the inner DES operation
334  context->k1.ks[0] = LOAD32BE(key + 0);
335  context->k1.ks[1] = LOAD32BE(key + 4);
336  context->k2.ks[0] = LOAD32BE(key + 8);
337  context->k2.ks[1] = LOAD32BE(key + 12);
338  context->k3.ks[0] = LOAD32BE(key + 0);
339  context->k3.ks[1] = LOAD32BE(key + 4);
340  }
341  else if(keyLen == 24)
342  {
343  //If the key length is 192 bits including parity, then 3 independent DES
344  //keys are represented, in the order in which they are used for encryption
345  context->k1.ks[0] = LOAD32BE(key + 0);
346  context->k1.ks[1] = LOAD32BE(key + 4);
347  context->k2.ks[0] = LOAD32BE(key + 8);
348  context->k2.ks[1] = LOAD32BE(key + 12);
349  context->k3.ks[0] = LOAD32BE(key + 16);
350  context->k3.ks[1] = LOAD32BE(key + 20);
351  }
352  else
353  {
354  //The length of the key is not valid
356  }
357 
358  //No error to report
359  return NO_ERROR;
360 }
361 
362 
363 /**
364  * @brief Encrypt a 8-byte block using Triple DES algorithm
365  * @param[in] context Pointer to the Triple DES context
366  * @param[in] input Plaintext block to encrypt
367  * @param[out] output Ciphertext block resulting from encryption
368  **/
369 
370 void des3EncryptBlock(Des3Context *context, const uint8_t *input, uint8_t *output)
371 {
372  //Perform Triple DES encryption
373  des3ProcessData(context, NULL, input, output, DES3_BLOCK_SIZE,
374  CRYP_CR_ALGOMODE_TDES_ECB);
375 }
376 
377 
378 /**
379  * @brief Decrypt a 8-byte block using Triple DES algorithm
380  * @param[in] context Pointer to the Triple DES context
381  * @param[in] input Ciphertext block to decrypt
382  * @param[out] output Plaintext block resulting from decryption
383  **/
384 
385 void des3DecryptBlock(Des3Context *context, const uint8_t *input, uint8_t *output)
386 {
387  //Perform Triple DES decryption
388  des3ProcessData(context, NULL, input, output, DES3_BLOCK_SIZE,
389  CRYP_CR_ALGOMODE_TDES_ECB | CRYP_CR_ALGODIR);
390 }
391 
392 #endif
393 #if (AES_SUPPORT == ENABLED)
394 
395 /**
396  * @brief Load AES key
397  * @param[in] context AES algorithm context
398  **/
399 
400 void aesLoadKey(AesContext *context)
401 {
402  uint32_t temp;
403 
404  //Read control register
405  temp = CRYP->CR & ~CRYP_CR_KEYSIZE;
406 
407  //Check the length of the key
408  if(context->nr == 10)
409  {
410  //10 rounds are required for 128-bit key
411  CRYP->CR = temp | CRYP_CR_KEYSIZE_128B;
412 
413  //Set the 128-bit encryption key
414  CRYP->K2LR = context->ek[0];
415  CRYP->K2RR = context->ek[1];
416  CRYP->K3LR = context->ek[2];
417  CRYP->K3RR = context->ek[3];
418  }
419  else if(context->nr == 12)
420  {
421  //12 rounds are required for 192-bit key
422  CRYP->CR = temp | CRYP_CR_KEYSIZE_192B;
423 
424  //Set the 192-bit encryption key
425  CRYP->K1LR = context->ek[0];
426  CRYP->K1RR = context->ek[1];
427  CRYP->K2LR = context->ek[2];
428  CRYP->K2RR = context->ek[3];
429  CRYP->K3LR = context->ek[4];
430  CRYP->K3RR = context->ek[5];
431  }
432  else
433  {
434  //14 rounds are required for 256-bit key
435  CRYP->CR = temp | CRYP_CR_KEYSIZE_256B;
436 
437  //Set the 256-bit encryption key
438  CRYP->K0LR = context->ek[0];
439  CRYP->K0RR = context->ek[1];
440  CRYP->K1LR = context->ek[2];
441  CRYP->K1RR = context->ek[3];
442  CRYP->K2LR = context->ek[4];
443  CRYP->K2RR = context->ek[5];
444  CRYP->K3LR = context->ek[6];
445  CRYP->K3RR = context->ek[7];
446  }
447 }
448 
449 
450 /**
451  * @brief Perform AES encryption or decryption
452  * @param[in] context AES algorithm context
453  * @param[in,out] iv Initialization vector
454  * @param[in] input Data to be encrypted/decrypted
455  * @param[out] output Data resulting from the encryption/decryption process
456  * @param[in] length Total number of data bytes to be processed
457  * @param[in] mode Operation mode
458  **/
459 
460 void aesProcessData(AesContext *context, uint8_t *iv, const uint8_t *input,
461  uint8_t *output, size_t length, uint32_t mode)
462 {
463  uint32_t temp;
464 
465  //Acquire exclusive access to the CRYP module
467 
468  //Configure the data type
469  CRYP->CR = CRYP_CR_DATATYPE_8B;
470 
471  //AES-ECB or AES-CBC decryption?
472  if((mode & CRYP_CR_ALGODIR) != 0)
473  {
474  //Configure the key preparation mode by setting the ALGOMODE bits to '111'
475  CRYP->CR |= CRYP_CR_ALGOMODE_AES_KEY;
476  //Set encryption key
477  aesLoadKey(context);
478  //Write the CRYPEN bit to 1
479  CRYP->CR |= CRYP_CR_CRYPEN;
480 
481  //Wait until BUSY returns to 0
482  while((CRYP->SR & CRYP_SR_BUSY) != 0)
483  {
484  }
485 
486  //The algorithm must be configured once the key has been prepared
487  temp = CRYP->CR & ~CRYP_CR_ALGOMODE;
488  CRYP->CR = temp | mode;
489  }
490  else
491  {
492  //Configure the algorithm and chaining mode
493  CRYP->CR |= mode;
494  //Set encryption key
495  aesLoadKey(context);
496  }
497 
498  //Valid initialization vector?
499  if(iv != NULL)
500  {
501  //Set initialization vector
502  CRYP->IV0LR = LOAD32BE(iv);
503  CRYP->IV0RR = LOAD32BE(iv + 4);
504  CRYP->IV1LR = LOAD32BE(iv + 8);
505  CRYP->IV1RR = LOAD32BE(iv + 12);
506  }
507 
508  //Flush the input and output FIFOs
509  CRYP->CR |= CRYP_CR_FFLUSH;
510  //Enable the cryptographic processor
511  CRYP->CR |= CRYP_CR_CRYPEN;
512 
513  //Process data
514  while(length >= AES_BLOCK_SIZE)
515  {
516  //Wait for the input FIFO to be ready to accept data
517  while((CRYP->SR & CRYP_SR_IFNF) == 0)
518  {
519  }
520 
521  //Write the input FIFO
522  CRYP->DIN = __UNALIGNED_UINT32_READ(input);
523  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 4);
524  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 8);
525  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 12);
526 
527  //Wait for the output to be ready
528  while((CRYP->SR & CRYP_SR_OFNE) == 0)
529  {
530  }
531 
532  //Read the output FIFO
533  temp = CRYP->DOUT;
534  __UNALIGNED_UINT32_WRITE(output, temp);
535  temp = CRYP->DOUT;
536  __UNALIGNED_UINT32_WRITE(output + 4, temp);
537  temp = CRYP->DOUT;
538  __UNALIGNED_UINT32_WRITE(output + 8, temp);
539  temp = CRYP->DOUT;
540  __UNALIGNED_UINT32_WRITE(output + 12, temp);
541 
542  //Next block
543  input += AES_BLOCK_SIZE;
544  output += AES_BLOCK_SIZE;
546  }
547 
548  //Process final block of data
549  if(length > 0)
550  {
551  uint32_t buffer[4];
552 
553  //Copy partial block
554  osMemset(buffer, 0, AES_BLOCK_SIZE);
555  osMemcpy(buffer, input, length);
556 
557  //Wait for the input FIFO to be ready to accept data
558  while((CRYP->SR & CRYP_SR_IFNF) == 0)
559  {
560  }
561 
562  //Write input block
563  CRYP->DIN = buffer[0];
564  CRYP->DIN = buffer[1];
565  CRYP->DIN = buffer[2];
566  CRYP->DIN = buffer[3];
567 
568  //Wait for the output to be ready
569  while((CRYP->SR & CRYP_SR_OFNE) == 0)
570  {
571  }
572 
573  //Read output block
574  buffer[0] = CRYP->DOUT;
575  buffer[1] = CRYP->DOUT;
576  buffer[2] = CRYP->DOUT;
577  buffer[3] = CRYP->DOUT;
578 
579  //Copy partial block
580  osMemcpy(output, buffer, length);
581  }
582 
583  //Valid initialization vector?
584  if(iv != NULL)
585  {
586  //Update the value of the initialization vector
587  temp = CRYP->IV0LR;
588  STORE32BE(temp, iv);
589  temp = CRYP->IV0RR;
590  STORE32BE(temp, iv + 4);
591  temp = CRYP->IV1LR;
592  STORE32BE(temp, iv + 8);
593  temp = CRYP->IV1RR;
594  STORE32BE(temp, iv + 12);
595  }
596 
597  //Disable the cryptographic processor by clearing the CRYPEN bit
598  CRYP->CR = 0;
599 
600  //Release exclusive access to the CRYP module
602 }
603 
604 
605 /**
606  * @brief Key expansion
607  * @param[in] context Pointer to the AES context to initialize
608  * @param[in] key Pointer to the key
609  * @param[in] keyLen Length of the key
610  * @return Error code
611  **/
612 
613 error_t aesInit(AesContext *context, const uint8_t *key, size_t keyLen)
614 {
615  size_t i;
616 
617  //Check parameters
618  if(context == NULL || key == NULL)
620 
621  //Check the length of the key
622  if(keyLen == 16)
623  {
624  //10 rounds are required for 128-bit key
625  context->nr = 10;
626  }
627  else if(keyLen == 24)
628  {
629  //12 rounds are required for 192-bit key
630  context->nr = 12;
631  }
632  else if(keyLen == 32)
633  {
634  //14 rounds are required for 256-bit key
635  context->nr = 14;
636  }
637  else
638  {
639  //Report an error
641  }
642 
643  //Determine the number of 32-bit words in the key
644  keyLen /= 4;
645 
646  //Copy the original key
647  for(i = 0; i < keyLen; i++)
648  {
649  context->ek[i] = LOAD32BE(key + (i * 4));
650  }
651 
652  //No error to report
653  return NO_ERROR;
654 }
655 
656 
657 /**
658  * @brief Encrypt a 16-byte block using AES algorithm
659  * @param[in] context Pointer to the AES context
660  * @param[in] input Plaintext block to encrypt
661  * @param[out] output Ciphertext block resulting from encryption
662  **/
663 
664 void aesEncryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
665 {
666  //Perform AES encryption
667  aesProcessData(context, NULL, input, output, AES_BLOCK_SIZE,
668  CRYP_CR_ALGOMODE_AES_ECB);
669 }
670 
671 
672 /**
673  * @brief Decrypt a 16-byte block using AES algorithm
674  * @param[in] context Pointer to the AES context
675  * @param[in] input Ciphertext block to decrypt
676  * @param[out] output Plaintext block resulting from decryption
677  **/
678 
679 void aesDecryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
680 {
681  //Perform AES decryption
682  aesProcessData(context, NULL, input, output, AES_BLOCK_SIZE,
683  CRYP_CR_ALGOMODE_AES_ECB | CRYP_CR_ALGODIR);
684 }
685 
686 #endif
687 #if (ECB_SUPPORT == ENABLED)
688 
689 /**
690  * @brief ECB encryption
691  * @param[in] cipher Cipher algorithm
692  * @param[in] context Cipher algorithm context
693  * @param[in] p Plaintext to be encrypted
694  * @param[out] c Ciphertext resulting from the encryption
695  * @param[in] length Total number of data bytes to be encrypted
696  * @return Error code
697  **/
698 
699 error_t ecbEncrypt(const CipherAlgo *cipher, void *context,
700  const uint8_t *p, uint8_t *c, size_t length)
701 {
702  error_t error;
703 
704  //Initialize status code
705  error = NO_ERROR;
706 
707 #if (DES_SUPPORT == ENABLED)
708  //DES cipher algorithm?
709  if(cipher == DES_CIPHER_ALGO)
710  {
711  //Check the length of the payload
712  if(length == 0)
713  {
714  //No data to process
715  }
716  else if((length % DES_BLOCK_SIZE) == 0)
717  {
718  //Encrypt payload data
719  desProcessData(context, NULL, p, c, length, CRYP_CR_ALGOMODE_DES_ECB);
720  }
721  else
722  {
723  //The length of the payload must be a multiple of the block size
724  error = ERROR_INVALID_LENGTH;
725  }
726  }
727  else
728 #endif
729 #if (DES3_SUPPORT == ENABLED)
730  //Triple DES cipher algorithm?
731  if(cipher == DES3_CIPHER_ALGO)
732  {
733  //Check the length of the payload
734  if(length == 0)
735  {
736  //No data to process
737  }
738  else if((length % DES3_BLOCK_SIZE) == 0)
739  {
740  //Encrypt payload data
741  des3ProcessData(context, NULL, p, c, length, CRYP_CR_ALGOMODE_TDES_ECB);
742  }
743  else
744  {
745  //The length of the payload must be a multiple of the block size
746  error = ERROR_INVALID_LENGTH;
747  }
748  }
749  else
750 #endif
751 #if (AES_SUPPORT == ENABLED)
752  //AES cipher algorithm?
753  if(cipher == AES_CIPHER_ALGO)
754  {
755  //Check the length of the payload
756  if(length == 0)
757  {
758  //No data to process
759  }
760  else if((length % AES_BLOCK_SIZE) == 0)
761  {
762  //Encrypt payload data
763  aesProcessData(context, NULL, p, c, length, CRYP_CR_ALGOMODE_AES_ECB);
764  }
765  else
766  {
767  //The length of the payload must be a multiple of the block size
768  error = ERROR_INVALID_LENGTH;
769  }
770  }
771  else
772 #endif
773  //Unknown cipher algorithm?
774  {
775  //ECB mode operates in a block-by-block fashion
776  while(length >= cipher->blockSize)
777  {
778  //Encrypt current block
779  cipher->encryptBlock(context, p, c);
780 
781  //Next block
782  p += cipher->blockSize;
783  c += cipher->blockSize;
784  length -= cipher->blockSize;
785  }
786 
787  //The length of the payload must be a multiple of the block size
788  if(length != 0)
789  {
790  error = ERROR_INVALID_LENGTH;
791  }
792  }
793 
794  //Return status code
795  return error;
796 }
797 
798 
799 /**
800  * @brief ECB decryption
801  * @param[in] cipher Cipher algorithm
802  * @param[in] context Cipher algorithm context
803  * @param[in] c Ciphertext to be decrypted
804  * @param[out] p Plaintext resulting from the decryption
805  * @param[in] length Total number of data bytes to be decrypted
806  * @return Error code
807  **/
808 
809 error_t ecbDecrypt(const CipherAlgo *cipher, void *context,
810  const uint8_t *c, uint8_t *p, size_t length)
811 {
812  error_t error;
813 
814  //Initialize status code
815  error = NO_ERROR;
816 
817 #if (DES_SUPPORT == ENABLED)
818  //DES cipher algorithm?
819  if(cipher == DES_CIPHER_ALGO)
820  {
821  //Check the length of the payload
822  if(length == 0)
823  {
824  //No data to process
825  }
826  else if((length % DES_BLOCK_SIZE) == 0)
827  {
828  //Decrypt payload data
829  desProcessData(context, NULL, c, p, length, CRYP_CR_ALGOMODE_DES_ECB |
830  CRYP_CR_ALGODIR);
831  }
832  else
833  {
834  //The length of the payload must be a multiple of the block size
835  error = ERROR_INVALID_LENGTH;
836  }
837  }
838  else
839 #endif
840 #if (DES3_SUPPORT == ENABLED)
841  //Triple DES cipher algorithm?
842  if(cipher == DES3_CIPHER_ALGO)
843  {
844  //Check the length of the payload
845  if(length == 0)
846  {
847  //No data to process
848  }
849  else if((length % DES3_BLOCK_SIZE) == 0)
850  {
851  //Decrypt payload data
852  des3ProcessData(context, NULL, c, p, length, CRYP_CR_ALGOMODE_TDES_ECB |
853  CRYP_CR_ALGODIR);
854  }
855  else
856  {
857  //The length of the payload must be a multiple of the block size
858  error = ERROR_INVALID_LENGTH;
859  }
860  }
861  else
862 #endif
863 #if (AES_SUPPORT == ENABLED)
864  //AES cipher algorithm?
865  if(cipher == AES_CIPHER_ALGO)
866  {
867  //Check the length of the payload
868  if(length == 0)
869  {
870  //No data to process
871  }
872  else if((length % AES_BLOCK_SIZE) == 0)
873  {
874  //Decrypt payload data
875  aesProcessData(context, NULL, c, p, length, CRYP_CR_ALGOMODE_AES_ECB |
876  CRYP_CR_ALGODIR);
877  }
878  else
879  {
880  //The length of the payload must be a multiple of the block size
881  error = ERROR_INVALID_LENGTH;
882  }
883  }
884  else
885 #endif
886  //Unknown cipher algorithm?
887  {
888  //ECB mode operates in a block-by-block fashion
889  while(length >= cipher->blockSize)
890  {
891  //Decrypt current block
892  cipher->decryptBlock(context, c, p);
893 
894  //Next block
895  c += cipher->blockSize;
896  p += cipher->blockSize;
897  length -= cipher->blockSize;
898  }
899 
900  //The length of the payload must be a multiple of the block size
901  if(length != 0)
902  {
903  error = ERROR_INVALID_LENGTH;
904  }
905  }
906 
907  //Return status code
908  return error;
909 }
910 
911 #endif
912 #if (CBC_SUPPORT == ENABLED)
913 
914 /**
915  * @brief CBC encryption
916  * @param[in] cipher Cipher algorithm
917  * @param[in] context Cipher algorithm context
918  * @param[in,out] iv Initialization vector
919  * @param[in] p Plaintext to be encrypted
920  * @param[out] c Ciphertext resulting from the encryption
921  * @param[in] length Total number of data bytes to be encrypted
922  * @return Error code
923  **/
924 
925 error_t cbcEncrypt(const CipherAlgo *cipher, void *context,
926  uint8_t *iv, const uint8_t *p, uint8_t *c, size_t length)
927 {
928  error_t error;
929 
930  //Initialize status code
931  error = NO_ERROR;
932 
933 #if (DES_SUPPORT == ENABLED)
934  //DES cipher algorithm?
935  if(cipher == DES_CIPHER_ALGO)
936  {
937  //Check the length of the payload
938  if(length == 0)
939  {
940  //No data to process
941  }
942  else if((length % DES_BLOCK_SIZE) == 0)
943  {
944  //Encrypt payload data
945  desProcessData(context, iv, p, c, length, CRYP_CR_ALGOMODE_DES_CBC);
946  }
947  else
948  {
949  //The length of the payload must be a multiple of the block size
950  error = ERROR_INVALID_LENGTH;
951  }
952  }
953  else
954 #endif
955 #if (DES3_SUPPORT == ENABLED)
956  //Triple DES cipher algorithm?
957  if(cipher == DES3_CIPHER_ALGO)
958  {
959  //Check the length of the payload
960  if(length == 0)
961  {
962  //No data to process
963  }
964  else if((length % DES3_BLOCK_SIZE) == 0)
965  {
966  //Encrypt payload data
967  des3ProcessData(context, iv, p, c, length, CRYP_CR_ALGOMODE_TDES_CBC);
968  }
969  else
970  {
971  //The length of the payload must be a multiple of the block size
972  error = ERROR_INVALID_LENGTH;
973  }
974  }
975  else
976 #endif
977 #if (AES_SUPPORT == ENABLED)
978  //AES cipher algorithm?
979  if(cipher == AES_CIPHER_ALGO)
980  {
981  //Check the length of the payload
982  if(length == 0)
983  {
984  //No data to process
985  }
986  else if((length % AES_BLOCK_SIZE) == 0)
987  {
988  //Encrypt payload data
989  aesProcessData(context, iv, p, c, length, CRYP_CR_ALGOMODE_AES_CBC);
990  }
991  else
992  {
993  //The length of the payload must be a multiple of the block size
994  error = ERROR_INVALID_LENGTH;
995  }
996  }
997  else
998 #endif
999  //Unknown cipher algorithm?
1000  {
1001  size_t i;
1002 
1003  //CBC mode operates in a block-by-block fashion
1004  while(length >= cipher->blockSize)
1005  {
1006  //XOR input block with IV contents
1007  for(i = 0; i < cipher->blockSize; i++)
1008  {
1009  c[i] = p[i] ^ iv[i];
1010  }
1011 
1012  //Encrypt the current block based upon the output of the previous
1013  //encryption
1014  cipher->encryptBlock(context, c, c);
1015 
1016  //Update IV with output block contents
1017  osMemcpy(iv, c, cipher->blockSize);
1018 
1019  //Next block
1020  p += cipher->blockSize;
1021  c += cipher->blockSize;
1022  length -= cipher->blockSize;
1023  }
1024 
1025  //The length of the payload must be a multiple of the block size
1026  if(length != 0)
1027  {
1028  error = ERROR_INVALID_LENGTH;
1029  }
1030  }
1031 
1032  //Return status code
1033  return error;
1034 }
1035 
1036 
1037 /**
1038  * @brief CBC decryption
1039  * @param[in] cipher Cipher algorithm
1040  * @param[in] context Cipher algorithm context
1041  * @param[in,out] iv Initialization vector
1042  * @param[in] c Ciphertext to be decrypted
1043  * @param[out] p Plaintext resulting from the decryption
1044  * @param[in] length Total number of data bytes to be decrypted
1045  * @return Error code
1046  **/
1047 
1048 error_t cbcDecrypt(const CipherAlgo *cipher, void *context,
1049  uint8_t *iv, const uint8_t *c, uint8_t *p, size_t length)
1050 {
1051  error_t error;
1052 
1053  //Initialize status code
1054  error = NO_ERROR;
1055 
1056 #if (DES_SUPPORT == ENABLED)
1057  //DES cipher algorithm?
1058  if(cipher == DES_CIPHER_ALGO)
1059  {
1060  //Check the length of the payload
1061  if(length == 0)
1062  {
1063  //No data to process
1064  }
1065  else if((length % DES_BLOCK_SIZE) == 0)
1066  {
1067  //Decrypt payload data
1068  desProcessData(context, iv, c, p, length, CRYP_CR_ALGOMODE_DES_CBC |
1069  CRYP_CR_ALGODIR);
1070  }
1071  else
1072  {
1073  //The length of the payload must be a multiple of the block size
1074  error = ERROR_INVALID_LENGTH;
1075  }
1076  }
1077  else
1078 #endif
1079 #if (DES3_SUPPORT == ENABLED)
1080  //Triple DES cipher algorithm?
1081  if(cipher == DES3_CIPHER_ALGO)
1082  {
1083  //Check the length of the payload
1084  if(length == 0)
1085  {
1086  //No data to process
1087  }
1088  else if((length % DES3_BLOCK_SIZE) == 0)
1089  {
1090  //Decrypt payload data
1091  des3ProcessData(context, iv, c, p, length, CRYP_CR_ALGOMODE_TDES_CBC |
1092  CRYP_CR_ALGODIR);
1093  }
1094  else
1095  {
1096  //The length of the payload must be a multiple of the block size
1097  error = ERROR_INVALID_LENGTH;
1098  }
1099  }
1100  else
1101 #endif
1102 #if (AES_SUPPORT == ENABLED)
1103  //AES cipher algorithm?
1104  if(cipher == AES_CIPHER_ALGO)
1105  {
1106  //Check the length of the payload
1107  if(length == 0)
1108  {
1109  //No data to process
1110  }
1111  else if((length % AES_BLOCK_SIZE) == 0)
1112  {
1113  //Decrypt payload data
1114  aesProcessData(context, iv, c, p, length, CRYP_CR_ALGOMODE_AES_CBC |
1115  CRYP_CR_ALGODIR);
1116  }
1117  else
1118  {
1119  //The length of the payload must be a multiple of the block size
1120  error = ERROR_INVALID_LENGTH;
1121  }
1122  }
1123  else
1124 #endif
1125  //Unknown cipher algorithm?
1126  {
1127  size_t i;
1128  uint8_t t[16];
1129 
1130  //CBC mode operates in a block-by-block fashion
1131  while(length >= cipher->blockSize)
1132  {
1133  //Save input block
1134  osMemcpy(t, c, cipher->blockSize);
1135 
1136  //Decrypt the current block
1137  cipher->decryptBlock(context, c, p);
1138 
1139  //XOR output block with IV contents
1140  for(i = 0; i < cipher->blockSize; i++)
1141  {
1142  p[i] ^= iv[i];
1143  }
1144 
1145  //Update IV with input block contents
1146  osMemcpy(iv, t, cipher->blockSize);
1147 
1148  //Next block
1149  c += cipher->blockSize;
1150  p += cipher->blockSize;
1151  length -= cipher->blockSize;
1152  }
1153 
1154  //The length of the payload must be a multiple of the block size
1155  if(length != 0)
1156  {
1157  error = ERROR_INVALID_LENGTH;
1158  }
1159  }
1160 
1161  //Return status code
1162  return error;
1163 }
1164 
1165 #endif
1166 #if (CTR_SUPPORT == ENABLED && AES_SUPPORT == ENABLED)
1167 
1168 /**
1169  * @brief CTR encryption
1170  * @param[in] cipher Cipher algorithm
1171  * @param[in] context Cipher algorithm context
1172  * @param[in] m Size in bits of the specific part of the block to be incremented
1173  * @param[in,out] t Initial counter block
1174  * @param[in] p Plaintext to be encrypted
1175  * @param[out] c Ciphertext resulting from the encryption
1176  * @param[in] length Total number of data bytes to be encrypted
1177  * @return Error code
1178  **/
1179 
1180 error_t ctrEncrypt(const CipherAlgo *cipher, void *context, uint_t m,
1181  uint8_t *t, const uint8_t *p, uint8_t *c, size_t length)
1182 {
1183  error_t error;
1184 
1185  //Initialize status code
1186  error = NO_ERROR;
1187 
1188  //AES cipher algorithm?
1189  if(cipher == AES_CIPHER_ALGO)
1190  {
1191  //Check the value of the parameter
1192  if(m == (AES_BLOCK_SIZE * 8))
1193  {
1194  //Check the length of the payload
1195  if(length > 0)
1196  {
1197  //Encrypt payload data
1198  aesProcessData(context, t, p, c, length, CRYP_CR_ALGOMODE_AES_CTR);
1199  }
1200  else
1201  {
1202  //No data to process
1203  }
1204  }
1205  else
1206  {
1207  //The value of the parameter is not valid
1208  error = ERROR_INVALID_PARAMETER;
1209  }
1210  }
1211  else
1212  {
1213  //Check the value of the parameter
1214  if((m % 8) == 0 && m <= (cipher->blockSize * 8))
1215  {
1216  size_t i;
1217  size_t n;
1218  uint16_t temp;
1219  uint8_t o[16];
1220 
1221  //Determine the size, in bytes, of the specific part of the block
1222  //to be incremented
1223  m = m / 8;
1224 
1225  //Process plaintext
1226  while(length > 0)
1227  {
1228  //CTR mode operates in a block-by-block fashion
1229  n = MIN(length, cipher->blockSize);
1230 
1231  //Compute O(j) = CIPH(T(j))
1232  cipher->encryptBlock(context, t, o);
1233 
1234  //Compute C(j) = P(j) XOR T(j)
1235  for(i = 0; i < n; i++)
1236  {
1237  c[i] = p[i] ^ o[i];
1238  }
1239 
1240  //Standard incrementing function
1241  for(temp = 1, i = 1; i <= m; i++)
1242  {
1243  //Increment the current byte and propagate the carry
1244  temp += t[cipher->blockSize - i];
1245  t[cipher->blockSize - i] = temp & 0xFF;
1246  temp >>= 8;
1247  }
1248 
1249  //Next block
1250  p += n;
1251  c += n;
1252  length -= n;
1253  }
1254  }
1255  else
1256  {
1257  //The value of the parameter is not valid
1258  error = ERROR_INVALID_PARAMETER;
1259  }
1260  }
1261 
1262  //Return status code
1263  return error;
1264 }
1265 
1266 #endif
1267 #if (GCM_SUPPORT == ENABLED && AES_SUPPORT == ENABLED && defined(CRYP_CR_ALGOMODE_AES_GCM))
1268 
1269 /**
1270  * @brief Perform AES-GCM encryption or decryption
1271  * @param[in] context AES algorithm context
1272  * @param[in] iv Initialization vector
1273  * @param[in] a Additional authenticated data
1274  * @param[in] aLen Length of the additional data
1275  * @param[in] input Data to be encrypted/decrypted
1276  * @param[out] output Data resulting from the encryption/decryption process
1277  * @param[in] length Total number of data bytes to be processed
1278  * @param[out] t Authentication tag
1279  * @param[in] mode Operation mode
1280  **/
1281 
1282 void gcmProcessData(AesContext *context, const uint8_t *iv,
1283  const uint8_t *a, size_t aLen, const uint8_t *input, uint8_t *output,
1284  size_t length, uint8_t *t, uint32_t mode)
1285 {
1286  size_t n;
1287  uint64_t m;
1288  uint32_t temp;
1289  uint32_t h[4];
1290  uint32_t buffer[4];
1291 
1292  //Acquire exclusive access to the CRYP module
1294 
1295  //Configure the data type
1296  CRYP->CR = CRYP_CR_DATATYPE_8B;
1297 
1298  //Select the GCM chaining mode by programming ALGOMODE bits to '01000'
1299  temp = CRYP->CR & ~CRYP_CR_ALGOMODE;
1300  CRYP->CR = temp | CRYP_CR_ALGOMODE_AES_GCM;
1301 
1302  //Configure GCM_CCMPH bits to '00' to start the GCM init phase
1303  temp = CRYP->CR & ~CRYP_CR_GCM_CCMPH;
1304  CRYP->CR = temp | CRYP_CR_GCM_CCMPH_INIT;
1305 
1306  //Set encryption key
1307  aesLoadKey(context);
1308 
1309  //Set initialization vector
1310  CRYP->IV0LR = LOAD32BE(iv);
1311  CRYP->IV0RR = LOAD32BE(iv + 4);
1312  CRYP->IV1LR = LOAD32BE(iv + 8);
1313  CRYP->IV1RR = 2;
1314 
1315  //Set CRYPEN bit to 1 to start the calculation of the HASH key
1316  CRYP->CR |= CRYP_CR_CRYPEN;
1317 
1318  //Wait for the CRYPEN bit to be cleared to 0 before moving on to the
1319  //next phase
1320  while((CRYP->CR & CRYP_CR_CRYPEN) != 0)
1321  {
1322  }
1323 
1324  //Configure GCM_CCMPH bits to '01' to start GCM header phase
1325  temp = CRYP->CR & ~CRYP_CR_GCM_CCMPH;
1326  CRYP->CR = temp | CRYP_CR_GCM_CCMPH_HEADER;
1327 
1328  //Flush the input and output FIFOs
1329  CRYP->CR |= CRYP_CR_FFLUSH;
1330  //Set the CRYPEN bit to 1 to start accepting data
1331  CRYP->CR |= CRYP_CR_CRYPEN;
1332 
1333  //Process additional authenticated data
1334  for(n = aLen; n >= AES_BLOCK_SIZE; n -= AES_BLOCK_SIZE)
1335  {
1336  //Wait for the input FIFO to be ready to accept data
1337  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1338  {
1339  }
1340 
1341  //Write the input FIFO
1342  CRYP->DIN = __UNALIGNED_UINT32_READ(a);
1343  CRYP->DIN = __UNALIGNED_UINT32_READ(a + 4);
1344  CRYP->DIN = __UNALIGNED_UINT32_READ(a + 8);
1345  CRYP->DIN = __UNALIGNED_UINT32_READ(a + 12);
1346 
1347  //Next block
1348  a += AES_BLOCK_SIZE;
1349  }
1350 
1351  //Process final block of additional authenticated data
1352  if(n > 0)
1353  {
1354  //Copy partial block
1355  osMemset(buffer, 0, AES_BLOCK_SIZE);
1356  osMemcpy(buffer, a, n);
1357 
1358  //Wait for the input FIFO to be ready to accept data
1359  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1360  {
1361  }
1362 
1363  //Write the input FIFO
1364  CRYP->DIN = buffer[0];
1365  CRYP->DIN = buffer[1];
1366  CRYP->DIN = buffer[2];
1367  CRYP->DIN = buffer[3];
1368  }
1369 
1370  //Once all header data have been supplied, wait until the BUSY bit is
1371  //cleared
1372  while((CRYP->SR & CRYP_SR_BUSY) != 0)
1373  {
1374  }
1375 
1376  //Set the CRYPEN bit to 0
1377  CRYP->CR &= ~CRYP_CR_CRYPEN;
1378 
1379  //Configure GCM_CCMPH bits to '10' to start GCM payload phase
1380  temp = CRYP->CR & ~CRYP_CR_GCM_CCMPH;
1381  CRYP->CR = temp | CRYP_CR_GCM_CCMPH_PAYLOAD;
1382 
1383  //Select the algorithm direction by using the ALGODIR bit
1384  temp = CRYP->CR & ~CRYP_CR_ALGODIR;
1385  CRYP->CR |= mode;
1386 
1387  //Set the CRYPEN bit to 1 to start accepting data
1388  CRYP->CR |= CRYP_CR_CRYPEN;
1389 
1390  //Process data
1391  for(n = length; n >= AES_BLOCK_SIZE; n -= AES_BLOCK_SIZE)
1392  {
1393  //Wait for the input FIFO to be ready to accept data
1394  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1395  {
1396  }
1397 
1398  //Write the input FIFO
1399  CRYP->DIN = __UNALIGNED_UINT32_READ(input);
1400  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 4);
1401  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 8);
1402  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 12);
1403 
1404  //Wait for the output to be ready
1405  while((CRYP->SR & CRYP_SR_OFNE) == 0)
1406  {
1407  }
1408 
1409  //Read the output FIFO
1410  temp = CRYP->DOUT;
1411  __UNALIGNED_UINT32_WRITE(output, temp);
1412  temp = CRYP->DOUT;
1413  __UNALIGNED_UINT32_WRITE(output + 4, temp);
1414  temp = CRYP->DOUT;
1415  __UNALIGNED_UINT32_WRITE(output + 8, temp);
1416  temp = CRYP->DOUT;
1417  __UNALIGNED_UINT32_WRITE(output + 12, temp);
1418 
1419  //Next block
1420  input += AES_BLOCK_SIZE;
1421  output += AES_BLOCK_SIZE;
1422  }
1423 
1424  //Process final block of data
1425  if(n > 0)
1426  {
1427  //Copy partial block
1428  osMemset(buffer, 0, AES_BLOCK_SIZE);
1429  osMemcpy(buffer, input, n);
1430 
1431  //Workaround for GCM encryption mode
1432  if((mode & CRYP_CR_ALGODIR) == 0)
1433  {
1434  //Wait until the BUSY bit is cleared
1435  while((CRYP->SR & CRYP_SR_BUSY) != 0)
1436  {
1437  }
1438 
1439  //Save the current GHASH value
1440  h[0] = CRYP->CSGCM0R;
1441  h[1] = CRYP->CSGCM1R;
1442  h[2] = CRYP->CSGCM2R;
1443  h[3] = CRYP->CSGCM3R;
1444  }
1445 
1446  //Wait for the input FIFO to be ready to accept data
1447  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1448  {
1449  }
1450 
1451  //Write the input FIFO
1452  CRYP->DIN = buffer[0];
1453  CRYP->DIN = buffer[1];
1454  CRYP->DIN = buffer[2];
1455  CRYP->DIN = buffer[3];
1456 
1457  //Wait for the output to be ready
1458  while((CRYP->SR & CRYP_SR_OFNE) == 0)
1459  {
1460  }
1461 
1462  //Read the output FIFO
1463  buffer[0] = CRYP->DOUT;
1464  buffer[1] = CRYP->DOUT;
1465  buffer[2] = CRYP->DOUT;
1466  buffer[3] = CRYP->DOUT;
1467 
1468  //Copy partial block
1469  osMemcpy(output, buffer, n);
1470 
1471  //Workaround for GCM encryption mode
1472  if((mode & CRYP_CR_ALGODIR) == 0)
1473  {
1474  //Pad the final ciphertext block with zeroes
1475  osMemset((uint8_t *) buffer + n, 0, AES_BLOCK_SIZE - n);
1476 
1477  //Wait until the BUSY bit is cleared
1478  while((CRYP->SR & CRYP_SR_BUSY) != 0)
1479  {
1480  }
1481 
1482  //Switch to decryption mode
1483  CRYP->CR |= CRYP_CR_ALGODIR;
1484 
1485  //Restore the previous GHASH value
1486  CRYP->CSGCM0R = h[0];
1487  CRYP->CSGCM1R = h[1];
1488  CRYP->CSGCM2R = h[2];
1489  CRYP->CSGCM3R = h[3];
1490 
1491  //Wait for the input FIFO to be ready to accept data
1492  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1493  {
1494  }
1495 
1496  //Write the input FIFO
1497  CRYP->DIN = buffer[0];
1498  CRYP->DIN = buffer[1];
1499  CRYP->DIN = buffer[2];
1500  CRYP->DIN = buffer[3];
1501 
1502  //Wait until the OFNE flag is set to 1 in the CRYP_SR register
1503  while((CRYP->SR & CRYP_SR_OFNE) == 0)
1504  {
1505  }
1506 
1507  //Read the output FIFO and discard the data
1508  buffer[0] = CRYP->DOUT;
1509  buffer[1] = CRYP->DOUT;
1510  buffer[2] = CRYP->DOUT;
1511  buffer[3] = CRYP->DOUT;
1512  }
1513  }
1514 
1515  //Once all payload data have been supplied, wait until the BUSY flag is
1516  //cleared
1517  while((CRYP->SR & CRYP_SR_BUSY) != 0)
1518  {
1519  }
1520 
1521  //Configure GCM_CCMPH bits to '11' to start GCM final phase
1522  temp = CRYP->CR & ~CRYP_CR_GCM_CCMPH;
1523  CRYP->CR = temp | CRYP_CR_GCM_CCMPH_FINAL;
1524 
1525  //Write the input into the CRYP_DIN register 4 times. The input must
1526  //contain the number of bits in the header (64 bits) concatenated with
1527  //the number of bits in the payload (64 bits)
1528  m = aLen * 8;
1529  CRYP->DIN = htobe32(m >> 32);
1530  CRYP->DIN = htobe32(m);
1531  m = length * 8;
1532  CRYP->DIN = htobe32(m >> 32);
1533  CRYP->DIN = htobe32(m);
1534 
1535  //Wait until the OFNE flag is set to 1 in the CRYP_SR register
1536  while((CRYP->SR & CRYP_SR_OFNE) == 0)
1537  {
1538  }
1539 
1540  //Read the CRYP_DOUT register 4 times. The output corresponds to the
1541  //authentication tag
1542  temp = CRYP->DOUT;
1543  __UNALIGNED_UINT32_WRITE(t, temp);
1544  temp = CRYP->DOUT;
1545  __UNALIGNED_UINT32_WRITE(t + 4, temp);
1546  temp = CRYP->DOUT;
1547  __UNALIGNED_UINT32_WRITE(t + 8, temp);
1548  temp = CRYP->DOUT;
1549  __UNALIGNED_UINT32_WRITE(t + 12, temp);
1550 
1551  //Disable the cryptographic processor by clearing the CRYPEN bit
1552  CRYP->CR = 0;
1553 
1554  //Release exclusive access to the CRYP module
1556 }
1557 
1558 
1559 /**
1560  * @brief Initialize GCM context
1561  * @param[in] context Pointer to the GCM context
1562  * @param[in] cipherAlgo Cipher algorithm
1563  * @param[in] cipherContext Pointer to the cipher algorithm context
1564  * @return Error code
1565  **/
1566 
1567 error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo,
1568  void *cipherContext)
1569 {
1570  //Check parameters
1571  if(context == NULL || cipherContext == NULL)
1572  return ERROR_INVALID_PARAMETER;
1573 
1574  //The CRYP module only supports AES cipher algorithm
1575  if(cipherAlgo != AES_CIPHER_ALGO)
1576  return ERROR_INVALID_PARAMETER;
1577 
1578  //Save cipher algorithm context
1579  context->cipherAlgo = cipherAlgo;
1580  context->cipherContext = cipherContext;
1581 
1582  //Successful initialization
1583  return NO_ERROR;
1584 }
1585 
1586 
1587 /**
1588  * @brief Authenticated encryption using GCM
1589  * @param[in] context Pointer to the GCM context
1590  * @param[in] iv Initialization vector
1591  * @param[in] ivLen Length of the initialization vector
1592  * @param[in] a Additional authenticated data
1593  * @param[in] aLen Length of the additional data
1594  * @param[in] p Plaintext to be encrypted
1595  * @param[out] c Ciphertext resulting from the encryption
1596  * @param[in] length Total number of data bytes to be encrypted
1597  * @param[out] t Authentication tag
1598  * @param[in] tLen Length of the authentication tag
1599  * @return Error code
1600  **/
1601 
1602 error_t gcmEncrypt(GcmContext *context, const uint8_t *iv,
1603  size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p,
1604  uint8_t *c, size_t length, uint8_t *t, size_t tLen)
1605 {
1606  uint8_t authTag[16];
1607 
1608  //Make sure the GCM context is valid
1609  if(context == NULL)
1610  return ERROR_INVALID_PARAMETER;
1611 
1612  //Check whether the length of the IV is 96 bits
1613  if(ivLen != 12)
1614  return ERROR_INVALID_LENGTH;
1615 
1616  //Check the length of the authentication tag
1617  if(tLen < 4 || tLen > 16)
1618  return ERROR_INVALID_LENGTH;
1619 
1620  //Perform AES-GCM encryption
1621  gcmProcessData(context->cipherContext, iv, a, aLen, p, c, length,
1622  authTag, 0);
1623 
1624  //Copy the resulting authentication tag
1625  osMemcpy(t, authTag, tLen);
1626 
1627  //Successful processing
1628  return NO_ERROR;
1629 }
1630 
1631 
1632 /**
1633  * @brief Authenticated decryption using GCM
1634  * @param[in] context Pointer to the GCM context
1635  * @param[in] iv Initialization vector
1636  * @param[in] ivLen Length of the initialization vector
1637  * @param[in] a Additional authenticated data
1638  * @param[in] aLen Length of the additional data
1639  * @param[in] c Ciphertext to be decrypted
1640  * @param[out] p Plaintext resulting from the decryption
1641  * @param[in] length Total number of data bytes to be decrypted
1642  * @param[in] t Authentication tag
1643  * @param[in] tLen Length of the authentication tag
1644  * @return Error code
1645  **/
1646 
1647 error_t gcmDecrypt(GcmContext *context, const uint8_t *iv,
1648  size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c,
1649  uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
1650 {
1651  size_t i;
1652  uint8_t mask;
1653  uint8_t authTag[16];
1654 
1655  //Make sure the GCM context is valid
1656  if(context == NULL)
1657  return ERROR_INVALID_PARAMETER;
1658 
1659  //Check whether the length of the IV is 96 bits
1660  if(ivLen != 12)
1661  return ERROR_INVALID_LENGTH;
1662 
1663  //Check the length of the authentication tag
1664  if(tLen < 4 || tLen > 16)
1665  return ERROR_INVALID_LENGTH;
1666 
1667  //Perform AES-GCM decryption
1668  gcmProcessData(context->cipherContext, iv, a, aLen, c, p, length,
1669  authTag, CRYP_CR_ALGODIR);
1670 
1671  //The calculated tag is bitwise compared to the received tag
1672  for(mask = 0, i = 0; i < tLen; i++)
1673  {
1674  mask |= authTag[i] ^ t[i];
1675  }
1676 
1677  //The message is authenticated if and only if the tags match
1678  return (mask == 0) ? NO_ERROR : ERROR_FAILURE;
1679 }
1680 
1681 #endif
1682 #if (CCM_SUPPORT == ENABLED && AES_SUPPORT == ENABLED && defined(CRYP_CR_ALGOMODE_AES_CCM))
1683 
1684 /**
1685  * @brief Perform AES-CCM encryption or decryption
1686  * @param[in] context AES algorithm context
1687  * @param[in] b0 Pointer to the B0 block
1688  * @param[in] a Additional authenticated data
1689  * @param[in] aLen Length of the additional data
1690  * @param[in] input Data to be encrypted/decrypted
1691  * @param[out] output Data resulting from the encryption/decryption process
1692  * @param[in] length Total number of data bytes to be processed
1693  * @param[out] t Authentication tag
1694  * @param[in] mode Operation mode
1695  **/
1696 
1697 void ccmProcessData(AesContext *context, const uint8_t *b0, const uint8_t *a,
1698  size_t aLen, const uint8_t *input, uint8_t *output, size_t length,
1699  uint8_t *t, uint32_t mode)
1700 {
1701  size_t n;
1702  size_t qLen;
1703  uint32_t temp;
1704  uint32_t y[4];
1705  uint8_t buffer[16];
1706 
1707  //Acquire exclusive access to the CRYP module
1709 
1710  //Configure the data type
1711  CRYP->CR = CRYP_CR_DATATYPE_8B;
1712 
1713  //Select the CCM chaining mode by programming ALGOMODE bits to '01001'
1714  temp = CRYP->CR & ~CRYP_CR_ALGOMODE;
1715  CRYP->CR = temp | CRYP_CR_ALGOMODE_AES_CCM;
1716 
1717  //Configure GCM_CCMPH bits to '00' to start the CCM init phase
1718  temp = CRYP->CR & ~CRYP_CR_GCM_CCMPH;
1719  CRYP->CR = temp | CRYP_CR_GCM_CCMPH_INIT;
1720 
1721  //Set encryption key
1722  aesLoadKey(context);
1723 
1724  //Retrieve the octet length of Q
1725  qLen = (b0[0] & 0x07) + 1;
1726 
1727  //Format CTR(1)
1728  osMemcpy(buffer, b0, 16 - qLen);
1729  osMemset(buffer + 16 - qLen, 0, qLen);
1730 
1731  //Set the leading octet
1732  buffer[0] = (uint8_t) (qLen - 1);
1733  //Set counter value
1734  buffer[15] = 1;
1735 
1736  //Initialize CRYP_IVRx registers with CTR(1)
1737  CRYP->IV0LR = LOAD32BE(buffer);
1738  CRYP->IV0RR = LOAD32BE(buffer + 4);
1739  CRYP->IV1LR = LOAD32BE(buffer + 8);
1740  CRYP->IV1RR = LOAD32BE(buffer + 12);
1741 
1742  //Set the CRYPEN bit to 1 in CRYP_CR to start accepting data
1743  CRYP->CR |= CRYP_CR_CRYPEN;
1744 
1745  //Write the B0 packet into CRYP_DIN register
1746  CRYP->DIN = __UNALIGNED_UINT32_READ(b0);
1747  CRYP->DIN = __UNALIGNED_UINT32_READ(b0 + 4);
1748  CRYP->DIN = __UNALIGNED_UINT32_READ(b0 + 8);
1749  CRYP->DIN = __UNALIGNED_UINT32_READ(b0 + 12);
1750 
1751  //Wait for the CRYPEN bit to be cleared to 0 by the cryptographic processor
1752  //before moving on to the next phase
1753  while((CRYP->CR & CRYP_CR_CRYPEN) != 0)
1754  {
1755  }
1756 
1757  //Configure GCM_CCMPH bits to '01' to start CCM header phase
1758  temp = CRYP->CR & ~CRYP_CR_GCM_CCMPH;
1759  CRYP->CR = temp | CRYP_CR_GCM_CCMPH_HEADER;
1760 
1761  //Flush the input and output FIFOs
1762  CRYP->CR |= CRYP_CR_FFLUSH;
1763  //Set the CRYPEN bit to 1 to start accepting data
1764  CRYP->CR |= CRYP_CR_CRYPEN;
1765 
1766  //The header phase can be skipped if there is no associated data
1767  if(aLen > 0)
1768  {
1769  //The first block of the associated data (B1) must be formatted by
1770  //software, with the associated data length
1771  osMemset(buffer, 0, 16);
1772 
1773  //Check the length of the associated data string
1774  if(aLen < 0xFF00)
1775  {
1776  //The length is encoded as 2 octets
1777  STORE16BE(aLen, buffer);
1778 
1779  //Number of bytes to copy
1780  n = MIN(aLen, 16 - 2);
1781  //Concatenate the associated data A
1782  osMemcpy(buffer + 2, a, n);
1783  }
1784  else
1785  {
1786  //The length is encoded as 6 octets
1787  buffer[0] = 0xFF;
1788  buffer[1] = 0xFE;
1789 
1790  //MSB is stored first
1791  STORE32BE(aLen, buffer + 2);
1792 
1793  //Number of bytes to copy
1794  n = MIN(aLen, 16 - 6);
1795  //Concatenate the associated data A
1796  osMemcpy(buffer + 6, a, n);
1797  }
1798 
1799  //Wait for the input FIFO to be ready to accept data
1800  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1801  {
1802  }
1803 
1804  //Write the input FIFO
1805  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer);
1806  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 4);
1807  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 8);
1808  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 12);
1809 
1810  //Number of remaining data bytes
1811  aLen -= n;
1812  a += n;
1813  }
1814 
1815  //Process additional authenticated data
1816  while(aLen >= AES_BLOCK_SIZE)
1817  {
1818  //Wait for the input FIFO to be ready to accept data
1819  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1820  {
1821  }
1822 
1823  //Write the input FIFO
1824  CRYP->DIN = __UNALIGNED_UINT32_READ(a);
1825  CRYP->DIN = __UNALIGNED_UINT32_READ(a + 4);
1826  CRYP->DIN = __UNALIGNED_UINT32_READ(a + 8);
1827  CRYP->DIN = __UNALIGNED_UINT32_READ(a + 12);
1828 
1829  //Next block
1830  a += AES_BLOCK_SIZE;
1831  aLen -= AES_BLOCK_SIZE;
1832  }
1833 
1834  //Process final block of additional authenticated data
1835  if(aLen > 0)
1836  {
1837  //If the AAD size in the last block is inferior to 128 bits, pad the
1838  //remainder of the block with zeros
1839  osMemset(buffer, 0, AES_BLOCK_SIZE);
1840  osMemcpy(buffer, a, aLen);
1841 
1842  //Wait for the input FIFO to be ready to accept data
1843  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1844  {
1845  }
1846 
1847  //Write the input FIFO
1848  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer);
1849  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 4);
1850  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 8);
1851  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 12);
1852  }
1853 
1854  //Once all header data have been supplied, wait until the BUSY bit is
1855  //cleared
1856  while((CRYP->SR & CRYP_SR_BUSY) != 0)
1857  {
1858  }
1859 
1860  //Set the CRYPEN bit to 0
1861  CRYP->CR &= ~CRYP_CR_CRYPEN;
1862 
1863  //Configure GCM_CCMPH bits to '10' to start CCM payload phase
1864  temp = CRYP->CR & ~CRYP_CR_GCM_CCMPH;
1865  CRYP->CR = temp | CRYP_CR_GCM_CCMPH_PAYLOAD;
1866 
1867  //Select the algorithm direction by using the ALGODIR bit
1868  temp = CRYP->CR & ~CRYP_CR_ALGODIR;
1869  CRYP->CR |= mode;
1870 
1871  //Set the CRYPEN bit to 1 to start accepting data
1872  CRYP->CR |= CRYP_CR_CRYPEN;
1873 
1874  //Process data
1875  while(length >= AES_BLOCK_SIZE)
1876  {
1877  //Wait for the input FIFO to be ready to accept data
1878  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1879  {
1880  }
1881 
1882  //Write the input FIFO
1883  CRYP->DIN = __UNALIGNED_UINT32_READ(input);
1884  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 4);
1885  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 8);
1886  CRYP->DIN = __UNALIGNED_UINT32_READ(input + 12);
1887 
1888  //Wait for the output to be ready
1889  while((CRYP->SR & CRYP_SR_OFNE) == 0)
1890  {
1891  }
1892 
1893  //Read the output FIFO
1894  temp = CRYP->DOUT;
1895  __UNALIGNED_UINT32_WRITE(output, temp);
1896  temp = CRYP->DOUT;
1897  __UNALIGNED_UINT32_WRITE(output + 4, temp);
1898  temp = CRYP->DOUT;
1899  __UNALIGNED_UINT32_WRITE(output + 8, temp);
1900  temp = CRYP->DOUT;
1901  __UNALIGNED_UINT32_WRITE(output + 12, temp);
1902 
1903  //Next block
1904  input += AES_BLOCK_SIZE;
1905  output += AES_BLOCK_SIZE;
1907  }
1908 
1909  //Process final block of data
1910  if(length > 0)
1911  {
1912  //If it is the last block and the plaintext (encryption) or ciphertext
1913  //(decryption) size in the block is inferior to 128 bits, pad the
1914  //remainder of the block with zeros
1915  osMemset(buffer, 0, AES_BLOCK_SIZE);
1916  osMemcpy(buffer, input, length);
1917 
1918  //Workaround for CCM decryption mode
1919  if((mode & CRYP_CR_ALGODIR) != 0)
1920  {
1921  //Wait until the BUSY bit is cleared
1922  while((CRYP->SR & CRYP_SR_BUSY) != 0)
1923  {
1924  }
1925 
1926  //Save the current value of Y
1927  y[0] = CRYP->CSGCMCCM0R;
1928  y[1] = CRYP->CSGCMCCM1R;
1929  y[2] = CRYP->CSGCMCCM2R;
1930  y[3] = CRYP->CSGCMCCM3R;
1931  }
1932 
1933  //Wait for the input FIFO to be ready to accept data
1934  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1935  {
1936  }
1937 
1938  //Write the input FIFO
1939  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer);
1940  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 4);
1941  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 8);
1942  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 12);
1943 
1944  //Wait for the output to be ready
1945  while((CRYP->SR & CRYP_SR_OFNE) == 0)
1946  {
1947  }
1948 
1949  //Read the output FIFO
1950  temp = CRYP->DOUT;
1951  __UNALIGNED_UINT32_WRITE(buffer, temp);
1952  temp = CRYP->DOUT;
1953  __UNALIGNED_UINT32_WRITE(buffer + 4, temp);
1954  temp = CRYP->DOUT;
1955  __UNALIGNED_UINT32_WRITE(buffer + 8, temp);
1956  temp = CRYP->DOUT;
1957  __UNALIGNED_UINT32_WRITE(buffer + 12, temp);
1958 
1959  //Discard the bits that are not part of the payload when the last block
1960  //size is less than 16 bytes
1961  osMemcpy(output, buffer, length);
1962 
1963  //Workaround for CCM decryption mode
1964  if((mode & CRYP_CR_ALGODIR) != 0)
1965  {
1966  //Pad the final plaintext block with zeroes
1967  osMemset(buffer + length, 0, AES_BLOCK_SIZE - length);
1968 
1969  //Wait until the BUSY bit is cleared
1970  while((CRYP->SR & CRYP_SR_BUSY) != 0)
1971  {
1972  }
1973 
1974  //Switch to encryption mode
1975  CRYP->CR &= ~CRYP_CR_ALGODIR;
1976 
1977  //Restore the previous value of Y
1978  CRYP->CSGCMCCM0R = y[0];
1979  CRYP->CSGCMCCM1R = y[1];
1980  CRYP->CSGCMCCM2R = y[2];
1981  CRYP->CSGCMCCM3R = y[3];
1982 
1983  //Wait for the input FIFO to be ready to accept data
1984  while((CRYP->SR & CRYP_SR_IFNF) == 0)
1985  {
1986  }
1987 
1988  //Write the input FIFO
1989  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer);
1990  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 4);
1991  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 8);
1992  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 12);
1993 
1994  //Wait for the output to be ready
1995  while((CRYP->SR & CRYP_SR_OFNE) == 0)
1996  {
1997  }
1998 
1999  //Read the output FIFO and discard the data
2000  temp = CRYP->DOUT;
2001  temp = CRYP->DOUT;
2002  temp = CRYP->DOUT;
2003  temp = CRYP->DOUT;
2004  }
2005  }
2006 
2007  //Once all payload data have been supplied, wait until the BUSY flag is
2008  //cleared
2009  while((CRYP->SR & CRYP_SR_BUSY) != 0)
2010  {
2011  }
2012 
2013  //Configure GCM_CCMPH bits to '11' in CRYP_CR to indicate that the CCM final
2014  //phase is ongoing and set the ALGODIR bit to 0 in the same register
2015  temp = CRYP->CR & ~(CRYP_CR_GCM_CCMPH | CRYP_CR_ALGODIR);
2016  CRYP->CR = temp | CRYP_CR_GCM_CCMPH_FINAL;
2017 
2018  //Format CTR(0)
2019  osMemcpy(buffer, b0, 16 - qLen);
2020  osMemset(buffer + 16 - qLen, 0, qLen);
2021 
2022  //Set the leading octet
2023  buffer[0] = (uint8_t) (qLen - 1);
2024 
2025  //Load in CRYP_DIN the CTR(0) information
2026  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer);
2027  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 4);
2028  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 8);
2029  CRYP->DIN = __UNALIGNED_UINT32_READ(buffer + 12);
2030 
2031  //Wait until the OFNE flag is set to 1 in the CRYP_SR register
2032  while((CRYP->SR & CRYP_SR_OFNE) == 0)
2033  {
2034  }
2035 
2036  //Read the CRYP_DOUT register 4 times. The output corresponds to the
2037  //authentication tag
2038  temp = CRYP->DOUT;
2039  __UNALIGNED_UINT32_WRITE(t, temp);
2040  temp = CRYP->DOUT;
2041  __UNALIGNED_UINT32_WRITE(t + 4, temp);
2042  temp = CRYP->DOUT;
2043  __UNALIGNED_UINT32_WRITE(t + 8, temp);
2044  temp = CRYP->DOUT;
2045  __UNALIGNED_UINT32_WRITE(t + 12, temp);
2046 
2047  //Disable the cryptographic processor by clearing the CRYPEN bit
2048  CRYP->CR = 0;
2049 
2050  //Release exclusive access to the CRYP module
2052 }
2053 
2054 
2055 /**
2056  * @brief Authenticated encryption using CCM
2057  * @param[in] cipher Cipher algorithm
2058  * @param[in] context Cipher algorithm context
2059  * @param[in] n Nonce
2060  * @param[in] nLen Length of the nonce
2061  * @param[in] a Additional authenticated data
2062  * @param[in] aLen Length of the additional data
2063  * @param[in] p Plaintext to be encrypted
2064  * @param[out] c Ciphertext resulting from the encryption
2065  * @param[in] length Total number of data bytes to be encrypted
2066  * @param[out] t MAC resulting from the encryption process
2067  * @param[in] tLen Length of the MAC
2068  * @return Error code
2069  **/
2070 
2071 error_t ccmEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *n,
2072  size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c,
2073  size_t length, uint8_t *t, size_t tLen)
2074 {
2075  error_t error;
2076  uint8_t b0[16];
2077  uint8_t authTag[16];
2078 
2079  //The CRYP module only supports AES cipher algorithm
2080  if(cipher != AES_CIPHER_ALGO)
2081  return ERROR_INVALID_PARAMETER;
2082 
2083  //Make sure the cipher context is valid
2084  if(context == NULL)
2085  return ERROR_INVALID_PARAMETER;
2086 
2087  //Format first block B(0)
2088  error = ccmFormatBlock0(length, n, nLen, aLen, tLen, b0);
2089  //Invalid parameters?
2090  if(error)
2091  return error;
2092 
2093  //Perform AES-CCM encryption
2094  ccmProcessData(context, b0, a, aLen, p, c, length, authTag, 0);
2095 
2096  //Copy the resulting authentication tag
2097  osMemcpy(t, authTag, tLen);
2098 
2099  //Successful processing
2100  return NO_ERROR;
2101 }
2102 
2103 
2104 /**
2105  * @brief Authenticated decryption using CCM
2106  * @param[in] cipher Cipher algorithm
2107  * @param[in] context Cipher algorithm context
2108  * @param[in] n Nonce
2109  * @param[in] nLen Length of the nonce
2110  * @param[in] a Additional authenticated data
2111  * @param[in] aLen Length of the additional data
2112  * @param[in] c Ciphertext to be decrypted
2113  * @param[out] p Plaintext resulting from the decryption
2114  * @param[in] length Total number of data bytes to be decrypted
2115  * @param[in] t MAC to be verified
2116  * @param[in] tLen Length of the MAC
2117  * @return Error code
2118  **/
2119 
2120 error_t ccmDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *n,
2121  size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p,
2122  size_t length, const uint8_t *t, size_t tLen)
2123 {
2124  error_t error;
2125  size_t i;
2126  uint8_t mask;
2127  uint8_t b0[16];
2128  uint8_t authTag[16];
2129 
2130  //The CRYP module only supports AES cipher algorithm
2131  if(cipher != AES_CIPHER_ALGO)
2132  return ERROR_INVALID_PARAMETER;
2133 
2134  //Make sure the cipher context is valid
2135  if(context == NULL)
2136  return ERROR_INVALID_PARAMETER;
2137 
2138  //Format first block B(0)
2139  error = ccmFormatBlock0(length, n, nLen, aLen, tLen, b0);
2140  //Invalid parameters?
2141  if(error)
2142  return error;
2143 
2144  //Perform AES-CCM decryption
2145  ccmProcessData(context, b0, a, aLen, c, p, length, authTag, CRYP_CR_ALGODIR);
2146 
2147  //The calculated tag is bitwise compared to the received tag
2148  for(mask = 0, i = 0; i < tLen; i++)
2149  {
2150  mask |= authTag[i] ^ t[i];
2151  }
2152 
2153  //The message is authenticated if and only if the tags match
2154  return (mask == 0) ? NO_ERROR : ERROR_FAILURE;
2155 }
2156 
2157 #endif
2158 #endif
#define AES_CIPHER_ALGO
Definition: aes.h:45
#define AES_BLOCK_SIZE
Definition: aes.h:43
error_t ccmFormatBlock0(size_t q, const uint8_t *n, size_t nLen, size_t aLen, size_t tLen, uint8_t *b)
Format first block B(0)
Definition: ccm.c:353
__weak_func error_t ccmDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *n, size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
Authenticated decryption using CCM.
Definition: ccm.c:208
__weak_func error_t ccmEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *n, size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using CCM.
Definition: ccm.c:67
Collection of AEAD algorithms.
Block cipher modes of operation.
unsigned int uint_t
Definition: compiler_port.h:50
#define LOAD32BE(p)
Definition: cpu_endian.h:210
#define STORE32BE(a, p)
Definition: cpu_endian.h:286
#define STORE16BE(a, p)
Definition: cpu_endian.h:262
#define htobe32(value)
Definition: cpu_endian.h:446
General definitions for cryptographic algorithms.
Debugging facilities.
#define DES3_CIPHER_ALGO
Definition: des3.h:46
#define DES3_BLOCK_SIZE
Definition: des3.h:44
#define DES_BLOCK_SIZE
Definition: des.h:43
#define DES_CIPHER_ALGO
Definition: des.h:45
uint8_t n
uint8_t o
error_t
Error codes.
Definition: error.h:43
@ ERROR_INVALID_KEY_LENGTH
Definition: error.h:107
@ NO_ERROR
Success.
Definition: error.h:44
@ ERROR_INVALID_LENGTH
Definition: error.h:111
@ ERROR_FAILURE
Generic error code.
Definition: error.h:45
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
__weak_func error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo, void *cipherContext)
Initialize GCM context.
Definition: gcm.c:99
__weak_func error_t gcmDecrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
Authenticated decryption using GCM.
Definition: gcm.c:361
__weak_func error_t gcmEncrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using GCM.
Definition: gcm.c:214
uint8_t iv[]
Definition: ike.h:1502
uint8_t t
Definition: lldp_ext_med.h:212
void gcmProcessData(AesContext *context, const uint8_t *iv, const uint8_t *a, size_t aLen, const uint8_t *input, uint8_t *output, size_t length, uint8_t *t, uint32_t mode)
Perform AES-GCM encryption or decryption.
uint8_t h
Definition: ndp.h:302
uint8_t c
Definition: ndp.h:514
uint8_t p
Definition: ndp.h:300
uint8_t m
Definition: ndp.h:304
uint8_t a
Definition: ndp.h:411
#define osMemset(p, value, length)
Definition: os_port.h:135
#define osMemcpy(dest, src, length)
Definition: os_port.h:141
#define MIN(a, b)
Definition: os_port.h:63
void osAcquireMutex(OsMutex *mutex)
Acquire ownership of the specified mutex object.
void osReleaseMutex(OsMutex *mutex)
Release ownership of the specified mutex object.
#define CRYP_CR_KEYSIZE_192B
#define CRYP_CR_KEYSIZE_128B
#define CRYP_CR_DATATYPE_8B
#define CRYP_CR_KEYSIZE_256B
OsMutex stm32f4xxCryptoMutex
STM32F4 hardware cryptographic accelerator.
void des3ProcessData(Des3Context *context, uint8_t *iv, const uint8_t *input, uint8_t *output, size_t length, uint32_t mode)
Perform Triple DES encryption or decryption.
void des3DecryptBlock(Des3Context *context, const uint8_t *input, uint8_t *output)
Decrypt a 8-byte block using Triple DES algorithm.
error_t aesInit(AesContext *context, const uint8_t *key, size_t keyLen)
Key expansion.
void aesLoadKey(AesContext *context)
Load AES key.
void desDecryptBlock(DesContext *context, const uint8_t *input, uint8_t *output)
Decrypt a 8-byte block using DES algorithm.
error_t ctrEncrypt(const CipherAlgo *cipher, void *context, uint_t m, uint8_t *t, const uint8_t *p, uint8_t *c, size_t length)
CTR encryption.
void aesProcessData(AesContext *context, uint8_t *iv, const uint8_t *input, uint8_t *output, size_t length, uint32_t mode)
Perform AES encryption or decryption.
error_t cbcEncrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *p, uint8_t *c, size_t length)
CBC encryption.
error_t des3Init(Des3Context *context, const uint8_t *key, size_t keyLen)
Initialize a Triple DES context using the supplied key.
void des3EncryptBlock(Des3Context *context, const uint8_t *input, uint8_t *output)
Encrypt a 8-byte block using Triple DES algorithm.
error_t crypInit(void)
CRYP module initialization.
error_t cbcDecrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *c, uint8_t *p, size_t length)
CBC decryption.
void aesDecryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
Decrypt a 16-byte block using AES algorithm.
void aesEncryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
Encrypt a 16-byte block using AES algorithm.
void desEncryptBlock(DesContext *context, const uint8_t *input, uint8_t *output)
Encrypt a 8-byte block using DES algorithm.
error_t ecbEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *p, uint8_t *c, size_t length)
ECB encryption.
void desProcessData(DesContext *context, uint8_t *iv, const uint8_t *input, uint8_t *output, size_t length, uint32_t mode)
Perform DES encryption or decryption.
error_t desInit(DesContext *context, const uint8_t *key, size_t keyLen)
Initialize a DES context using the supplied key.
error_t ecbDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *c, uint8_t *p, size_t length)
ECB decryption.
STM32F4 cipher hardware accelerator.
#define CRYP_CR_GCM_CCMPH_FINAL
#define CRYP_CR_GCM_CCMPH_INIT
#define CRYP_CR_GCM_CCMPH_PAYLOAD
#define CRYP_CR_GCM_CCMPH_HEADER
void ccmProcessData(AesContext *context, const uint8_t *b0, const uint8_t *a, size_t aLen, const uint8_t *input, uint8_t *output, size_t length, uint8_t *t, uint32_t mode)
Perform AES-CCM encryption or decryption.
AES algorithm context.
Definition: aes.h:58
uint_t nr
Definition: aes.h:59
uint32_t ek[60]
Definition: aes.h:60
Common interface for encryption algorithms.
Definition: crypto.h:1036
CipherAlgoEncryptBlock encryptBlock
Definition: crypto.h:1044
CipherAlgoDecryptBlock decryptBlock
Definition: crypto.h:1045
size_t blockSize
Definition: crypto.h:1040
Triple DES algorithm context.
Definition: des3.h:59
DesContext k2
Definition: des3.h:61
DesContext k3
Definition: des3.h:62
DesContext k1
Definition: des3.h:60
DES algorithm context.
Definition: des.h:58
uint32_t ks[32]
Definition: des.h:59
GCM context.
Definition: gcm.h:64
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: gcm.h:65
void * cipherContext
Cipher algorithm context.
Definition: gcm.h:66
uint8_t length
Definition: tcp.h:368
uint8_t mask
Definition: web_socket.h:319