mbed library sources. Supersedes mbed-src.
Fork of mbed-dev by
targets/TARGET_NUVOTON/TARGET_NUC472/crypto/aes/aes_alt.c
- Committer:
- <>
- Date:
- 2016-10-28
- Revision:
- 149:156823d33999
File content as of revision 149:156823d33999:
/* mbed Microcontroller Library * Copyright (c) 2015-2016 Nuvoton * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. * * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else #include MBEDTLS_CONFIG_FILE #endif #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_AES_ALT) #include <string.h> #include "mbedtls/aes.h" #include "NUC472_442.h" #include "toolchain.h" #include "mbed_assert.h" //static int aes_init_done = 0; #define mbedtls_trace(...) //printf(__VA_ARGS__) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } static uint32_t au32MyAESIV[4] = { 0x00000000, 0x00000000, 0x00000000, 0x00000000 }; extern volatile int g_AES_done; // Must be a multiple of 16 bytes block size #define MAX_DMA_CHAIN_SIZE (16*6) static uint8_t au8OutputData[MAX_DMA_CHAIN_SIZE] MBED_ALIGN(4); static uint8_t au8InputData[MAX_DMA_CHAIN_SIZE] MBED_ALIGN(4); static void dumpHex(const unsigned char au8Data[], int len) { int j; for (j = 0; j < len; j++) mbedtls_trace("%02x ", au8Data[j]); mbedtls_trace("\r\n"); } static void swapInitVector(unsigned char iv[16]) { unsigned int* piv; int i; // iv SWAP piv = (unsigned int*)iv; for( i=0; i< 4; i++) { *piv = (((*piv) & 0x000000FF) << 24) | (((*piv) & 0x0000FF00) << 8) | (((*piv) & 0x00FF0000) >> 8) | (((*piv) & 0xFF000000) >> 24); piv++; } } //volatile void CRYPTO_IRQHandler() //{ // if (AES_GET_INT_FLAG()) { // g_AES_done = 1; // AES_CLR_INT_FLAG(); // } //} // AES available channel 0~3 static unsigned char channel_flag[4]={0x00,0x00,0x00,0x00}; // 0: idle, 1: busy static int channel_alloc() { int i; for(i=0; i< (int)sizeof(channel_flag); i++) { if( channel_flag[i] == 0x00 ) { channel_flag[i] = 0x01; return i; } } return(-1); } static void channel_free(int i) { if( i >=0 && i < (int)sizeof(channel_flag) ) channel_flag[i] = 0x00; } void mbedtls_aes_init( mbedtls_aes_context *ctx ) { int i =-1; // sw_mbedtls_aes_init(ctx); // return; mbedtls_trace("=== %s \r\n", __FUNCTION__); memset( ctx, 0, sizeof( mbedtls_aes_context ) ); ctx->swapType = AES_IN_OUT_SWAP; while( (i = channel_alloc()) < 0 ) { mbed_assert_internal("No available AES channel", __FILE__, __LINE__); //osDelay(300); } ctx->channel = i; ctx->iv = au32MyAESIV; /* Unlock protected registers */ SYS_UnlockReg(); CLK_EnableModuleClock(CRPT_MODULE); /* Lock protected registers */ SYS_LockReg(); NVIC_EnableIRQ(CRPT_IRQn); AES_ENABLE_INT(); mbedtls_trace("=== %s channel[%d]\r\n", __FUNCTION__, (int)ctx->channel); } void mbedtls_aes_free( mbedtls_aes_context *ctx ) { mbedtls_trace("=== %s channel[%d]\r\n", __FUNCTION__,(int)ctx->channel); if( ctx == NULL ) return; /* Unlock protected registers */ // SYS_UnlockReg(); // CLK_DisableModuleClock(CRPT_MODULE); /* Lock protected registers */ // SYS_LockReg(); // NVIC_DisableIRQ(CRPT_IRQn); // AES_DISABLE_INT(); channel_free(ctx->channel); mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) ); } /* * AES key schedule (encryption) */ #if defined(MBEDTLS_AES_SETKEY_ENC_ALT) int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ) { unsigned int i; mbedtls_trace("=== %s keybits[%d]\r\n", __FUNCTION__, keybits); dumpHex(key,keybits/8); switch( keybits ) { case 128: ctx->keySize = AES_KEY_SIZE_128; break; case 192: ctx->keySize = AES_KEY_SIZE_192; break; case 256: ctx->keySize = AES_KEY_SIZE_256; break; default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); } // key swap for( i = 0; i < ( keybits >> 5 ); i++ ) { ctx->buf[i] = (*(key+i*4) << 24) | (*(key+1+i*4) << 16) | (*(key+2+i*4) << 8) | (*(key+3+i*4) ); } AES_SetKey(ctx->channel, ctx->buf, ctx->keySize); return( 0 ); } #endif /* MBEDTLS_AES_SETKEY_ENC_ALT */ /* * AES key schedule (decryption) */ #if defined(MBEDTLS_AES_SETKEY_DEC_ALT) int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ) { int ret; mbedtls_trace("=== %s keybits[%d]\r\n", __FUNCTION__, keybits); dumpHex((uint8_t *)key,keybits/8); /* Also checks keybits */ if( ( ret = mbedtls_aes_setkey_enc( ctx, key, keybits ) ) != 0 ) goto exit; exit: return( ret ); } #endif /* MBEDTLS_AES_SETKEY_DEC_ALT */ static void __nvt_aes_crypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16], int dataSize) { unsigned char* pIn; unsigned char* pOut; // mbedtls_trace("=== %s \r\n", __FUNCTION__); dumpHex(input,16); AES_Open(ctx->channel, ctx->encDec, ctx->opMode, ctx->keySize, ctx->swapType); AES_SetInitVect(ctx->channel, ctx->iv); if( ((uint32_t)input) & 0x03 ) { memcpy(au8InputData, input, dataSize); pIn = au8InputData; }else{ pIn = (unsigned char*)input; } if( (((uint32_t)output) & 0x03) || (dataSize%4)) // HW CFB output byte count must be multiple of word { pOut = au8OutputData; } else { pOut = output; } AES_SetDMATransfer(ctx->channel, (uint32_t)pIn, (uint32_t)pOut, dataSize); g_AES_done = 0; AES_Start(ctx->channel, CRYPTO_DMA_ONE_SHOT); while (!g_AES_done); if( pOut != output ) memcpy(output, au8OutputData, dataSize); dumpHex(output,16); } /* * AES-ECB block encryption */ #if defined(MBEDTLS_AES_ENCRYPT_ALT) void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { mbedtls_trace("=== %s \r\n", __FUNCTION__); ctx->encDec = 1; __nvt_aes_crypt(ctx, input, output, 16); } #endif /* MBEDTLS_AES_ENCRYPT_ALT */ /* * AES-ECB block decryption */ #if defined(MBEDTLS_AES_DECRYPT_ALT) void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) { mbedtls_trace("=== %s \r\n", __FUNCTION__); ctx->encDec = 0; __nvt_aes_crypt(ctx, input, output, 16); } #endif /* MBEDTLS_AES_DECRYPT_ALT */ /* * AES-ECB block encryption/decryption */ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] ) { mbedtls_trace("=== %s \r\n", __FUNCTION__); ctx->opMode = AES_MODE_ECB; if( mode == MBEDTLS_AES_ENCRYPT ) mbedtls_aes_encrypt( ctx, input, output ); else mbedtls_aes_decrypt( ctx, input, output ); return( 0 ); } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * AES-CBC buffer encryption/decryption */ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, int mode, size_t len, unsigned char iv[16], const unsigned char *input, unsigned char *output ) { unsigned char temp[16]; int length = len; int blockChainLen; mbedtls_trace("=== %s [0x%x]\r\n", __FUNCTION__,length); if( length % 16 ) return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); if( (((uint32_t)input) & 0x03) || (((uint32_t)output) & 0x03) ) { blockChainLen = (( length > MAX_DMA_CHAIN_SIZE ) ? MAX_DMA_CHAIN_SIZE : length ); } else { blockChainLen = length; } while( length > 0 ) { ctx->opMode = AES_MODE_CBC; swapInitVector(iv); // iv SWAP ctx->iv = (uint32_t *)iv; if( mode == MBEDTLS_AES_ENCRYPT ) { ctx->encDec = 1; __nvt_aes_crypt(ctx, input, output, blockChainLen); // if( blockChainLen == length ) break; // finish last block chain but still need to prepare next iv for mbedtls_aes_self_test() memcpy( iv, output+blockChainLen-16, 16 ); }else{ memcpy( temp, input+blockChainLen-16, 16 ); ctx->encDec = 0; __nvt_aes_crypt(ctx, input, output, blockChainLen); // if( blockChainLen == length ) break; // finish last block chain but still need to prepare next iv for mbedtls_aes_self_test() memcpy( iv, temp, 16 ); } length -= blockChainLen; input += blockChainLen; output += blockChainLen; if(length < MAX_DMA_CHAIN_SIZE ) blockChainLen = length; // For last remainder block chain } return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) /* * AES-CFB128 buffer encryption/decryption */ /* Support partial block encryption/decryption */ static int __nvt_aes_crypt_partial_block_cfb128( mbedtls_aes_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output ) { int c; size_t n = *iv_off; unsigned char iv_tmp[16]; mbedtls_trace("=== %s \r\n", __FUNCTION__); if( mode == MBEDTLS_AES_DECRYPT ) { while( length-- ) { if( n == 0) mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); else if( ctx->opMode == AES_MODE_CFB) // For previous cryption is CFB mode { memcpy(iv_tmp, iv, n); mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, ctx->prv_iv, iv ); memcpy(iv, iv_tmp, n); } c = *input++; *output++ = (unsigned char)( c ^ iv[n] ); iv[n] = (unsigned char) c; n = ( n + 1 ) & 0x0F; } } else { while( length-- ) { if( n == 0 ) mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); else if( ctx->opMode == AES_MODE_CFB) // For previous cryption is CFB mode { memcpy(iv_tmp, iv, n); mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, ctx->prv_iv, iv ); memcpy(iv, iv_tmp, n); } iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); n = ( n + 1 ) & 0x0F; } } *iv_off = n; return( 0 ); } int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, int mode, size_t len, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output ) { size_t n = *iv_off; unsigned char temp[16]; int length=len; int blockChainLen; int remLen=0; int ivLen; mbedtls_trace("=== %s \r\n", __FUNCTION__); // proceed: start with partial block by ECB mode first if( n !=0 ) { __nvt_aes_crypt_partial_block_cfb128(ctx, mode, 16 - n , iv_off, iv, input, output); input += (16 - n); output += (16 - n); length -= (16 - n); } // For address or byte count non-word alignment, go through reserved DMA buffer. if( (((uint32_t)input) & 0x03) || (((uint32_t)output) & 0x03) ) // Must reserved DMA buffer for each block { blockChainLen = (( length > MAX_DMA_CHAIN_SIZE ) ? MAX_DMA_CHAIN_SIZE : length ); } else if(length%4) { // Need reserved DMA buffer once for last chain blockChainLen = (( length > MAX_DMA_CHAIN_SIZE ) ? (length - length%16) : length ); } else { // Not need reserved DMA buffer blockChainLen = length; } // proceed: start with block alignment while( length > 0 ) { ctx->opMode = AES_MODE_CFB; swapInitVector(iv); // iv SWAP ctx->iv = (uint32_t *)iv; remLen = blockChainLen%16; ivLen = (( remLen > 0) ? remLen: 16 ); if( mode == MBEDTLS_AES_DECRYPT ) { memcpy(temp, input+blockChainLen - ivLen, ivLen); if(blockChainLen >= 16) memcpy(ctx->prv_iv, input+blockChainLen-remLen-16 , 16); ctx->encDec = 0; __nvt_aes_crypt(ctx, input, output, blockChainLen); memcpy(iv,temp, ivLen); } else { ctx->encDec = 1; __nvt_aes_crypt(ctx, input, output, blockChainLen); if(blockChainLen >= 16) memcpy(ctx->prv_iv, output+blockChainLen-remLen-16 , 16); memcpy(iv,output+blockChainLen-ivLen,ivLen); } length -= blockChainLen; input += blockChainLen; output += blockChainLen; if(length < MAX_DMA_CHAIN_SIZE ) blockChainLen = length; // For last remainder block chain } *iv_off = remLen; return( 0 ); } /* * AES-CFB8 buffer encryption/decryption */ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output ) { unsigned char c; unsigned char ov[17]; mbedtls_trace("=== %s \r\n", __FUNCTION__); while( length-- ) { memcpy( ov, iv, 16 ); mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); if( mode == MBEDTLS_AES_DECRYPT ) ov[16] = *input; c = *output++ = (unsigned char)( iv[0] ^ *input++ ); if( mode == MBEDTLS_AES_ENCRYPT ) ov[16] = c; memcpy( iv, ov + 1, 16 ); } return( 0 ); } #endif /*MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) /* * AES-CTR buffer encryption/decryption */ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output ) { int c, i; size_t n = *nc_off; mbedtls_trace("=== %s \r\n", __FUNCTION__); while( length-- ) { if( n == 0 ) { mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block ); for( i = 16; i > 0; i-- ) if( ++nonce_counter[i - 1] != 0 ) break; } c = *input++; *output++ = (unsigned char)( c ^ stream_block[n] ); n = ( n + 1 ) & 0x0F; } *nc_off = n; return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #endif /* MBEDTLS_AES_ALT */ #endif /* MBEDTLS_AES_C */