mimxrt1160_crypto_cipher.c
Go to the documentation of this file.
1 /**
2  * @file mimxrt1160_crypto_cipher.c
3  * @brief i.MX RT1160 cipher hardware accelerator
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "fsl_device_registers.h"
36 #include "fsl_caam.h"
37 #include "core/crypto.h"
38 #include "hardware/mimxrt1160/mimxrt1160_crypto.h"
39 #include "hardware/mimxrt1160/mimxrt1160_crypto_cipher.h"
40 #include "cipher/cipher_algorithms.h"
41 #include "cipher_modes/cipher_modes.h"
42 #include "aead/aead_algorithms.h"
43 #include "debug.h"
44 
45 //Check crypto library configuration
46 #if (MIMXRT1160_CRYPTO_CIPHER_SUPPORT == ENABLED)
47 
48 //IAR EWARM compiler?
49 #if defined(__ICCARM__)
50 
51 //CAAM input buffer
52 #pragma data_alignment = 16
53 uint8_t caamBufferIn[MIMXRT1160_CAAM_BUFFER_SIZE];
54 
55 //CAAM output buffer
56 #pragma data_alignment = 16
57 uint8_t caamBufferOut[MIMXRT1160_CAAM_BUFFER_SIZE];
58 
59 //CAAM initialization vector
60 #pragma data_alignment = 16
61 uint8_t caamInitVector[16];
62 
63 //ARM or GCC compiler?
64 #else
65 
66 //CAAM input buffer
67 uint8_t caamBufferIn[MIMXRT1160_CAAM_BUFFER_SIZE]
68  __attribute__((aligned(16)));
69 
70 //CAAM output buffer
71 uint8_t caamBufferOut[MIMXRT1160_CAAM_BUFFER_SIZE]
72  __attribute__((aligned(16)));
73 
74 //CAAM initialization vector
75 uint8_t caamInitVector[16]
76  __attribute__((aligned(16)));
77 
78 #endif
79 
80 #if (DES_SUPPORT == ENABLED)
81 
82 /**
83  * @brief Initialize a DES context using the supplied key
84  * @param[in] context Pointer to the DES context to initialize
85  * @param[in] key Pointer to the key
86  * @param[in] keyLen Length of the key (must be set to 8)
87  * @return Error code
88  **/
89 
90 error_t desInit(DesContext *context, const uint8_t *key, size_t keyLen)
91 {
92  //Check parameters
93  if(context == NULL || key == NULL)
94  return ERROR_INVALID_PARAMETER;
95 
96  //Invalid key length?
97  if(keyLen != 8)
98  return ERROR_INVALID_KEY_LENGTH;
99 
100  //Copy the 64-bit key
101  context->ks[0] = LOAD32LE(key);
102  context->ks[1] = LOAD32LE(key + 4);
103 
104  //No error to report
105  return NO_ERROR;
106 }
107 
108 
109 /**
110  * @brief Encrypt a 8-byte block using DES algorithm
111  * @param[in] context Pointer to the DES context
112  * @param[in] input Plaintext block to encrypt
113  * @param[out] output Ciphertext block resulting from encryption
114  **/
115 
116 void desEncryptBlock(DesContext *context, const uint8_t *input, uint8_t *output)
117 {
118  caam_handle_t caamHandle;
119 
120  //Set CAAM job ring
121  caamHandle.jobRing = kCAAM_JobRing0;
122  //Copy the plaintext to the buffer
123  osMemcpy(caamBufferIn, input, DES_BLOCK_SIZE);
124 
125  //Acquire exclusive access to the CAAM module
126  osAcquireMutex(&mimxrt1160CryptoMutex);
127 
128  //Perform DES encryption
129  CAAM_DES_EncryptEcb(CAAM, &caamHandle, caamBufferIn, caamBufferOut,
130  DES_BLOCK_SIZE, (const uint8_t *) context->ks);
131 
132  //Copy the resulting ciphertext
133  osMemcpy(output, caamBufferOut, DES_BLOCK_SIZE);
134 
135  //Release exclusive access to the CAAM module
136  osReleaseMutex(&mimxrt1160CryptoMutex);
137 }
138 
139 
140 /**
141  * @brief Decrypt a 8-byte block using DES algorithm
142  * @param[in] context Pointer to the DES context
143  * @param[in] input Ciphertext block to decrypt
144  * @param[out] output Plaintext block resulting from decryption
145  **/
146 
147 void desDecryptBlock(DesContext *context, const uint8_t *input, uint8_t *output)
148 {
149  caam_handle_t caamHandle;
150 
151  //Set CAAM job ring
152  caamHandle.jobRing = kCAAM_JobRing0;
153  //Copy the plaintext to the buffer
154  osMemcpy(caamBufferIn, input, DES_BLOCK_SIZE);
155 
156  //Acquire exclusive access to the CAAM module
157  osAcquireMutex(&mimxrt1160CryptoMutex);
158 
159  //Perform DES decryption
160  CAAM_DES_DecryptEcb(CAAM, &caamHandle, caamBufferIn, caamBufferOut,
161  DES_BLOCK_SIZE, (const uint8_t *) context->ks);
162 
163  //Copy the resulting ciphertext
164  osMemcpy(output, caamBufferOut, DES_BLOCK_SIZE);
165 
166  //Release exclusive access to the CAAM module
167  osReleaseMutex(&mimxrt1160CryptoMutex);
168 }
169 
170 #endif
171 #if (DES3_SUPPORT == ENABLED)
172 
173 /**
174  * @brief Encrypt a 8-byte block using Triple DES algorithm
175  * @param[in] context Pointer to the Triple DES context
176  * @param[in] input Plaintext block to encrypt
177  * @param[out] output Ciphertext block resulting from encryption
178  **/
179 
180 void des3EncryptBlock(Des3Context *context, const uint8_t *input, uint8_t *output)
181 {
182  caam_handle_t caamHandle;
183 
184  //Set CAAM job ring
185  caamHandle.jobRing = kCAAM_JobRing0;
186  //Copy the plaintext to the buffer
187  osMemcpy(caamBufferIn, input, DES3_BLOCK_SIZE);
188 
189  //Acquire exclusive access to the CAAM module
190  osAcquireMutex(&mimxrt1160CryptoMutex);
191 
192  //Perform Triple DES encryption
193  CAAM_DES3_EncryptEcb(CAAM, &caamHandle, caamBufferIn, caamBufferOut,
194  DES3_BLOCK_SIZE, (const uint8_t *) context->k1.ks,
195  (const uint8_t *) context->k2.ks,
196  (const uint8_t *) context->k3.ks);
197 
198  //Copy the resulting ciphertext
199  osMemcpy(output, caamBufferOut, DES3_BLOCK_SIZE);
200 
201  //Release exclusive access to the CAAM module
202  osReleaseMutex(&mimxrt1160CryptoMutex);
203 }
204 
205 
206 /**
207  * @brief Decrypt a 8-byte block using Triple DES algorithm
208  * @param[in] context Pointer to the Triple DES context
209  * @param[in] input Ciphertext block to decrypt
210  * @param[out] output Plaintext block resulting from decryption
211  **/
212 
213 void des3DecryptBlock(Des3Context *context, const uint8_t *input, uint8_t *output)
214 {
215  caam_handle_t caamHandle;
216 
217  //Set CAAM job ring
218  caamHandle.jobRing = kCAAM_JobRing0;
219  //Copy the plaintext to the buffer
220  osMemcpy(caamBufferIn, input, DES3_BLOCK_SIZE);
221 
222  //Acquire exclusive access to the CAAM module
223  osAcquireMutex(&mimxrt1160CryptoMutex);
224 
225  //Perform Triple DES decryption
226  CAAM_DES3_DecryptEcb(CAAM, &caamHandle, caamBufferIn, caamBufferOut,
227  DES3_BLOCK_SIZE, (const uint8_t *) context->k1.ks,
228  (const uint8_t *) context->k2.ks,
229  (const uint8_t *) context->k3.ks);
230 
231  //Copy the resulting ciphertext
232  osMemcpy(output, caamBufferOut, DES3_BLOCK_SIZE);
233 
234  //Release exclusive access to the CAAM module
235  osReleaseMutex(&mimxrt1160CryptoMutex);
236 }
237 
238 #endif
239 #if (ECB_SUPPORT == ENABLED)
240 
241 /**
242  * @brief ECB encryption
243  * @param[in] cipher Cipher algorithm
244  * @param[in] context Cipher algorithm context
245  * @param[in] p Plaintext to be encrypted
246  * @param[out] c Ciphertext resulting from the encryption
247  * @param[in] length Total number of data bytes to be encrypted
248  * @return Error code
249  **/
250 
251 error_t ecbEncrypt(const CipherAlgo *cipher, void *context,
252  const uint8_t *p, uint8_t *c, size_t length)
253 {
254  status_t status;
255 
256  //Initialize status code
257  status = kStatus_Success;
258 
259 #if (DES_SUPPORT == ENABLED)
260  //DES cipher algorithm?
261  if(cipher == DES_CIPHER_ALGO)
262  {
263  //Check the length of the payload
264  if(length == 0)
265  {
266  //No data to process
267  }
268  else if((length % DES_BLOCK_SIZE) == 0)
269  {
270  size_t i;
271  size_t n;
272  DesContext *desContext;
273  caam_handle_t caamHandle;
274 
275  //Point to the DES context
276  desContext = (DesContext *) context;
277 
278  //Set CAAM job ring
279  caamHandle.jobRing = kCAAM_JobRing0;
280 
281  //Acquire exclusive access to the CAAM module
282  osAcquireMutex(&mimxrt1160CryptoMutex);
283 
284  //Perform DES-ECB encryption
285  for(i = 0; i < length && status == kStatus_Success; i += n)
286  {
287  //Limit the number of data to process at a time
288  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
289  //Copy the plaintext to the buffer
290  osMemcpy(caamBufferIn, p + i, n);
291 
292  //Encrypt data
293  status = CAAM_DES_EncryptEcb(CAAM, &caamHandle, caamBufferIn,
294  caamBufferOut, n, (const uint8_t *) desContext->ks);
295 
296  //Check status code
297  if(status == kStatus_Success)
298  {
299  //Copy the resulting ciphertext
300  osMemcpy(c + i, caamBufferOut, n);
301  }
302  }
303 
304  //Release exclusive access to the CAAM module
305  osReleaseMutex(&mimxrt1160CryptoMutex);
306  }
307  else
308  {
309  //The length of the payload must be a multiple of the block size
310  status = kStatus_InvalidArgument;
311  }
312  }
313  else
314 #endif
315 #if (DES3_SUPPORT == ENABLED)
316  //Triple DES cipher algorithm?
317  if(cipher == DES3_CIPHER_ALGO)
318  {
319  //Check the length of the payload
320  if(length == 0)
321  {
322  //No data to process
323  }
324  else if((length % DES3_BLOCK_SIZE) == 0)
325  {
326  size_t i;
327  size_t n;
328  Des3Context *des3Context;
329  caam_handle_t caamHandle;
330 
331  //Point to the Triple DES context
332  des3Context = (Des3Context *) context;
333 
334  //Set CAAM job ring
335  caamHandle.jobRing = kCAAM_JobRing0;
336 
337  //Acquire exclusive access to the CAAM module
338  osAcquireMutex(&mimxrt1160CryptoMutex);
339 
340  //Perform 3DES-CBC encryption
341  for(i = 0; i < length && status == kStatus_Success; i += n)
342  {
343  //Limit the number of data to process at a time
344  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
345  //Copy the plaintext to the buffer
346  osMemcpy(caamBufferIn, p + i, n);
347 
348  //Encrypt data
349  status = CAAM_DES3_EncryptEcb(CAAM, &caamHandle, caamBufferIn,
350  caamBufferOut, n, (const uint8_t *) des3Context->k1.ks,
351  (const uint8_t *) des3Context->k2.ks,
352  (const uint8_t *) des3Context->k3.ks);
353 
354  //Check status code
355  if(status == kStatus_Success)
356  {
357  //Copy the resulting ciphertext
358  osMemcpy(c + i, caamBufferOut, n);
359  }
360  }
361 
362  //Release exclusive access to the CAAM module
363  osReleaseMutex(&mimxrt1160CryptoMutex);
364  }
365  else
366  {
367  //The length of the payload must be a multiple of the block size
368  status = kStatus_InvalidArgument;
369  }
370  }
371  else
372 #endif
373 #if (AES_SUPPORT == ENABLED)
374  //AES cipher algorithm?
375  if(cipher == AES_CIPHER_ALGO)
376  {
377  //Check the length of the payload
378  if(length == 0)
379  {
380  //No data to process
381  }
382  else if((length % AES_BLOCK_SIZE) == 0)
383  {
384  size_t i;
385  size_t n;
386  size_t keySize;
387  AesContext *aesContext;
388  caam_handle_t caamHandle;
389 
390  //Point to the AES context
391  aesContext = (AesContext *) context;
392 
393  //Retrieve the length of the key
394  if(aesContext->nr == 10)
395  {
396  //10 rounds are required for 128-bit key
397  keySize = 16;
398  }
399  else if(aesContext->nr == 12)
400  {
401  //12 rounds are required for 192-bit key
402  keySize = 24;
403  }
404  else if(aesContext->nr == 14)
405  {
406  //14 rounds are required for 256-bit key
407  keySize = 32;
408  }
409  else
410  {
411  //Invalid key length
412  status = kStatus_Fail;
413  }
414 
415  //Check status code
416  if(status == kStatus_Success)
417  {
418  //Set CAAM job ring
419  caamHandle.jobRing = kCAAM_JobRing0;
420 
421  //Acquire exclusive access to the CAAM module
422  osAcquireMutex(&mimxrt1160CryptoMutex);
423 
424  //Perform AES-ECB encryption
425  for(i = 0; i < length && status == kStatus_Success; i += n)
426  {
427  //Limit the number of data to process at a time
428  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
429  //Copy the plaintext to the buffer
430  osMemcpy(caamBufferIn, p + i, n);
431 
432  //Encrypt data
433  status = CAAM_AES_EncryptEcb(CAAM, &caamHandle, caamBufferIn,
434  caamBufferOut, n, (const uint8_t *) aesContext->ek, keySize);
435 
436  //Check status code
437  if(status == kStatus_Success)
438  {
439  //Copy the resulting ciphertext
440  osMemcpy(c + i, caamBufferOut, n);
441  }
442  }
443 
444  //Release exclusive access to the CAAM module
445  osReleaseMutex(&mimxrt1160CryptoMutex);
446  }
447  }
448  else
449  {
450  //The length of the payload must be a multiple of the block size
451  status = kStatus_InvalidArgument;
452  }
453  }
454  else
455 #endif
456  //Unknown cipher algorithm?
457  {
458  //ECB mode operates in a block-by-block fashion
459  while(length >= cipher->blockSize)
460  {
461  //Encrypt current block
462  cipher->encryptBlock(context, p, c);
463 
464  //Next block
465  p += cipher->blockSize;
466  c += cipher->blockSize;
467  length -= cipher->blockSize;
468  }
469 
470  //The length of the payload must be a multiple of the block size
471  if(length != 0)
472  {
473  status = kStatus_InvalidArgument;
474  }
475  }
476 
477  //Return status code
478  return (status == kStatus_Success) ? NO_ERROR : ERROR_FAILURE;
479 }
480 
481 
482 /**
483  * @brief ECB decryption
484  * @param[in] cipher Cipher algorithm
485  * @param[in] context Cipher algorithm context
486  * @param[in] c Ciphertext to be decrypted
487  * @param[out] p Plaintext resulting from the decryption
488  * @param[in] length Total number of data bytes to be decrypted
489  * @return Error code
490  **/
491 
492 error_t ecbDecrypt(const CipherAlgo *cipher, void *context,
493  const uint8_t *c, uint8_t *p, size_t length)
494 {
495  status_t status;
496 
497  //Initialize status code
498  status = kStatus_Success;
499 
500 #if (DES_SUPPORT == ENABLED)
501  //DES cipher algorithm?
502  if(cipher == DES_CIPHER_ALGO)
503  {
504  //Check the length of the payload
505  if(length == 0)
506  {
507  //No data to process
508  }
509  else if((length % DES_BLOCK_SIZE) == 0)
510  {
511  size_t i;
512  size_t n;
513  DesContext *desContext;
514  caam_handle_t caamHandle;
515 
516  //Point to the DES context
517  desContext = (DesContext *) context;
518 
519  //Set CAAM job ring
520  caamHandle.jobRing = kCAAM_JobRing0;
521 
522  //Acquire exclusive access to the CAAM module
523  osAcquireMutex(&mimxrt1160CryptoMutex);
524 
525  //Perform DES-ECB decryption
526  for(i = 0; i < length && status == kStatus_Success; i += n)
527  {
528  //Limit the number of data to process at a time
529  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
530  //Copy the ciphertext to the buffer
531  osMemcpy(caamBufferIn, c + i, n);
532 
533  //Decrypt data
534  status = CAAM_DES_DecryptEcb(CAAM, &caamHandle, caamBufferIn,
535  caamBufferOut, n, (const uint8_t *) desContext->ks);
536 
537  //Check status code
538  if(status == kStatus_Success)
539  {
540  //Copy the resulting plaintext
541  osMemcpy(p + i, caamBufferOut, n);
542  }
543  }
544 
545  //Release exclusive access to the CAAM module
546  osReleaseMutex(&mimxrt1160CryptoMutex);
547  }
548  else
549  {
550  //The length of the payload must be a multiple of the block size
551  status = kStatus_InvalidArgument;
552  }
553  }
554  else
555 #endif
556 #if (DES3_SUPPORT == ENABLED)
557  //Triple DES cipher algorithm?
558  if(cipher == DES3_CIPHER_ALGO)
559  {
560  //Check the length of the payload
561  if(length == 0)
562  {
563  //No data to process
564  }
565  else if((length % DES3_BLOCK_SIZE) == 0)
566  {
567  size_t i;
568  size_t n;
569  Des3Context *des3Context;
570  caam_handle_t caamHandle;
571 
572  //Point to the Triple DES context
573  des3Context = (Des3Context *) context;
574 
575  //Set CAAM job ring
576  caamHandle.jobRing = kCAAM_JobRing0;
577 
578  //Acquire exclusive access to the CAAM module
579  osAcquireMutex(&mimxrt1160CryptoMutex);
580 
581  //Perform 3DES-ECB decryption
582  for(i = 0; i < length && status == kStatus_Success; i += n)
583  {
584  //Limit the number of data to process at a time
585  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
586  //Copy the ciphertext to the buffer
587  osMemcpy(caamBufferIn, c + i, n);
588 
589  //Decrypt data
590  status = CAAM_DES3_DecryptEcb(CAAM, &caamHandle, caamBufferIn,
591  caamBufferOut, n, (const uint8_t *) des3Context->k1.ks,
592  (const uint8_t *) des3Context->k2.ks,
593  (const uint8_t *) des3Context->k3.ks);
594 
595  //Check status code
596  if(status == kStatus_Success)
597  {
598  //Copy the resulting plaintext
599  osMemcpy(p + i, caamBufferOut, n);
600  }
601  }
602 
603  //Release exclusive access to the CAAM module
604  osReleaseMutex(&mimxrt1160CryptoMutex);
605  }
606  else
607  {
608  //The length of the payload must be a multiple of the block size
609  status = kStatus_InvalidArgument;
610  }
611  }
612  else
613 #endif
614 #if (AES_SUPPORT == ENABLED)
615  //AES cipher algorithm?
616  if(cipher == AES_CIPHER_ALGO)
617  {
618  //Check the length of the payload
619  if(length == 0)
620  {
621  //No data to process
622  }
623  else if((length % AES_BLOCK_SIZE) == 0)
624  {
625  size_t i;
626  size_t n;
627  size_t keySize;
628  AesContext *aesContext;
629  caam_handle_t caamHandle;
630 
631  //Point to the AES context
632  aesContext = (AesContext *) context;
633 
634  //Retrieve the length of the key
635  if(aesContext->nr == 10)
636  {
637  //10 rounds are required for 128-bit key
638  keySize = 16;
639  }
640  else if(aesContext->nr == 12)
641  {
642  //12 rounds are required for 192-bit key
643  keySize = 24;
644  }
645  else if(aesContext->nr == 14)
646  {
647  //14 rounds are required for 256-bit key
648  keySize = 32;
649  }
650  else
651  {
652  //Invalid key length
653  status = kStatus_Fail;
654  }
655 
656  //Check status code
657  if(status == kStatus_Success)
658  {
659  //Set CAAM job ring
660  caamHandle.jobRing = kCAAM_JobRing0;
661 
662  //Acquire exclusive access to the CAAM module
663  osAcquireMutex(&mimxrt1160CryptoMutex);
664 
665  //Perform AES-ECB decryption
666  for(i = 0; i < length && status == kStatus_Success; i += n)
667  {
668  //Limit the number of data to process at a time
669  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
670  //Copy the ciphertext to the buffer
671  osMemcpy(caamBufferIn, c + i, n);
672 
673  //Decrypt data
674  status = CAAM_AES_DecryptEcb(CAAM, &caamHandle, caamBufferIn,
675  caamBufferOut, n, (const uint8_t *) aesContext->ek, keySize);
676 
677  //Check status code
678  if(status == kStatus_Success)
679  {
680  //Copy the resulting plaintext
681  osMemcpy(p + i, caamBufferOut, n);
682  }
683  }
684  }
685 
686  //Release exclusive access to the CAAM module
687  osReleaseMutex(&mimxrt1160CryptoMutex);
688  }
689  else
690  {
691  //The length of the payload must be a multiple of the block size
692  status = kStatus_InvalidArgument;
693  }
694  }
695  else
696 #endif
697  //Unknown cipher algorithm?
698  {
699  //ECB mode operates in a block-by-block fashion
700  while(length >= cipher->blockSize)
701  {
702  //Decrypt current block
703  cipher->decryptBlock(context, c, p);
704 
705  //Next block
706  c += cipher->blockSize;
707  p += cipher->blockSize;
708  length -= cipher->blockSize;
709  }
710 
711  //The length of the payload must be a multiple of the block size
712  if(length != 0)
713  {
714  status = kStatus_InvalidArgument;
715  }
716  }
717 
718  //Return status code
719  return (status == kStatus_Success) ? NO_ERROR : ERROR_FAILURE;
720 }
721 
722 #endif
723 #if (CBC_SUPPORT == ENABLED)
724 
725 /**
726  * @brief CBC encryption
727  * @param[in] cipher Cipher algorithm
728  * @param[in] context Cipher algorithm context
729  * @param[in,out] iv Initialization vector
730  * @param[in] p Plaintext to be encrypted
731  * @param[out] c Ciphertext resulting from the encryption
732  * @param[in] length Total number of data bytes to be encrypted
733  * @return Error code
734  **/
735 
736 error_t cbcEncrypt(const CipherAlgo *cipher, void *context,
737  uint8_t *iv, const uint8_t *p, uint8_t *c, size_t length)
738 {
739  status_t status;
740 
741  //Initialize status code
742  status = kStatus_Success;
743 
744 #if (DES_SUPPORT == ENABLED)
745  //DES cipher algorithm?
746  if(cipher == DES_CIPHER_ALGO)
747  {
748  //Check the length of the payload
749  if(length == 0)
750  {
751  //No data to process
752  }
753  else if((length % DES_BLOCK_SIZE) == 0)
754  {
755  size_t i;
756  size_t n;
757  DesContext *desContext;
758  caam_handle_t caamHandle;
759 
760  //Point to the DES context
761  desContext = (DesContext *) context;
762 
763  //Set CAAM job ring
764  caamHandle.jobRing = kCAAM_JobRing0;
765 
766  //Acquire exclusive access to the CAAM module
767  osAcquireMutex(&mimxrt1160CryptoMutex);
768 
769  //Perform DES-CBC encryption
770  for(i = 0; i < length && status == kStatus_Success; i += n)
771  {
772  //Limit the number of data to process at a time
773  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
774  //Copy the plaintext to the buffer
775  osMemcpy(caamBufferIn, p + i, n);
776 
777  //Encrypt data
778  status = CAAM_DES_EncryptCbc(CAAM, &caamHandle, caamBufferIn,
779  caamBufferOut, n, iv, (const uint8_t *) desContext->ks);
780 
781  //Check status code
782  if(status == kStatus_Success)
783  {
784  //Copy the resulting ciphertext
785  osMemcpy(c + i, caamBufferOut, n);
786  //Update the value of the initialization vector
787  osMemcpy(iv, caamBufferOut + n - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
788  }
789  }
790 
791  //Release exclusive access to the CAAM module
792  osReleaseMutex(&mimxrt1160CryptoMutex);
793  }
794  else
795  {
796  //The length of the payload must be a multiple of the block size
797  status = kStatus_InvalidArgument;
798  }
799  }
800  else
801 #endif
802 #if (DES3_SUPPORT == ENABLED)
803  //Triple DES cipher algorithm?
804  if(cipher == DES3_CIPHER_ALGO)
805  {
806  //Check the length of the payload
807  if(length == 0)
808  {
809  //No data to process
810  }
811  else if((length % DES3_BLOCK_SIZE) == 0)
812  {
813  size_t i;
814  size_t n;
815  Des3Context *des3Context;
816  caam_handle_t caamHandle;
817 
818  //Point to the Triple DES context
819  des3Context = (Des3Context *) context;
820 
821  //Set CAAM job ring
822  caamHandle.jobRing = kCAAM_JobRing0;
823 
824  //Acquire exclusive access to the CAAM module
825  osAcquireMutex(&mimxrt1160CryptoMutex);
826 
827  //Perform 3DES-CBC encryption
828  for(i = 0; i < length && status == kStatus_Success; i += n)
829  {
830  //Limit the number of data to process at a time
831  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
832  //Copy the plaintext to the buffer
833  osMemcpy(caamBufferIn, p + i, n);
834 
835  //Encrypt data
836  status = CAAM_DES3_EncryptCbc(CAAM, &caamHandle, caamBufferIn,
837  caamBufferOut, n, iv, (const uint8_t *) des3Context->k1.ks,
838  (const uint8_t *) des3Context->k2.ks,
839  (const uint8_t *) des3Context->k3.ks);
840 
841  //Check status code
842  if(status == kStatus_Success)
843  {
844  //Copy the resulting ciphertext
845  osMemcpy(c + i, caamBufferOut, n);
846  //Update the value of the initialization vector
847  osMemcpy(iv, caamBufferOut + n - DES3_BLOCK_SIZE, DES3_BLOCK_SIZE);
848  }
849  }
850 
851  //Release exclusive access to the CAAM module
852  osReleaseMutex(&mimxrt1160CryptoMutex);
853  }
854  else
855  {
856  //The length of the payload must be a multiple of the block size
857  status = kStatus_InvalidArgument;
858  }
859  }
860  else
861 #endif
862 #if (AES_SUPPORT == ENABLED)
863  //AES cipher algorithm?
864  if(cipher == AES_CIPHER_ALGO)
865  {
866  //Check the length of the payload
867  if(length == 0)
868  {
869  //No data to process
870  }
871  else if((length % AES_BLOCK_SIZE) == 0)
872  {
873  size_t i;
874  size_t n;
875  size_t keySize;
876  AesContext *aesContext;
877  caam_handle_t caamHandle;
878 
879  //Point to the AES context
880  aesContext = (AesContext *) context;
881 
882  //Retrieve the length of the key
883  if(aesContext->nr == 10)
884  {
885  //10 rounds are required for 128-bit key
886  keySize = 16;
887  }
888  else if(aesContext->nr == 12)
889  {
890  //12 rounds are required for 192-bit key
891  keySize = 24;
892  }
893  else if(aesContext->nr == 14)
894  {
895  //14 rounds are required for 256-bit key
896  keySize = 32;
897  }
898  else
899  {
900  //Invalid key length
901  status = kStatus_Fail;
902  }
903 
904  //Check status code
905  if(status == kStatus_Success)
906  {
907  //Set CAAM job ring
908  caamHandle.jobRing = kCAAM_JobRing0;
909 
910  //Acquire exclusive access to the CAAM module
911  osAcquireMutex(&mimxrt1160CryptoMutex);
912 
913  //Perform AES-CBC encryption
914  for(i = 0; i < length && status == kStatus_Success; i += n)
915  {
916  //Limit the number of data to process at a time
917  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
918  //Copy the plaintext to the buffer
919  osMemcpy(caamBufferIn, p + i, n);
920 
921  //Encrypt data
922  status = CAAM_AES_EncryptCbc(CAAM, &caamHandle, caamBufferIn,
923  caamBufferOut, n, iv, (const uint8_t *) aesContext->ek, keySize);
924 
925  //Check status code
926  if(status == kStatus_Success)
927  {
928  //Copy the resulting ciphertext
929  osMemcpy(c + i, caamBufferOut, n);
930  //Update the value of the initialization vector
931  osMemcpy(iv, caamBufferOut + n - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
932  }
933  }
934  }
935 
936  //Release exclusive access to the CAAM module
937  osReleaseMutex(&mimxrt1160CryptoMutex);
938  }
939  else
940  {
941  //The length of the payload must be a multiple of the block size
942  status = kStatus_InvalidArgument;
943  }
944  }
945  else
946 #endif
947  //Unknown cipher algorithm?
948  {
949  size_t i;
950 
951  //CBC mode operates in a block-by-block fashion
952  while(length >= cipher->blockSize)
953  {
954  //XOR input block with IV contents
955  for(i = 0; i < cipher->blockSize; i++)
956  {
957  c[i] = p[i] ^ iv[i];
958  }
959 
960  //Encrypt the current block based upon the output of the previous
961  //encryption
962  cipher->encryptBlock(context, c, c);
963 
964  //Update IV with output block contents
965  osMemcpy(iv, c, cipher->blockSize);
966 
967  //Next block
968  p += cipher->blockSize;
969  c += cipher->blockSize;
970  length -= cipher->blockSize;
971  }
972 
973  //The length of the payload must be a multiple of the block size
974  if(length != 0)
975  {
976  status = kStatus_InvalidArgument;
977  }
978  }
979 
980  //Return status code
981  return (status == kStatus_Success) ? NO_ERROR : ERROR_FAILURE;
982 }
983 
984 
985 /**
986  * @brief CBC decryption
987  * @param[in] cipher Cipher algorithm
988  * @param[in] context Cipher algorithm context
989  * @param[in,out] iv Initialization vector
990  * @param[in] c Ciphertext to be decrypted
991  * @param[out] p Plaintext resulting from the decryption
992  * @param[in] length Total number of data bytes to be decrypted
993  * @return Error code
994  **/
995 
996 error_t cbcDecrypt(const CipherAlgo *cipher, void *context,
997  uint8_t *iv, const uint8_t *c, uint8_t *p, size_t length)
998 {
999  status_t status;
1000 
1001  //Initialize status code
1002  status = kStatus_Success;
1003 
1004 #if (DES_SUPPORT == ENABLED)
1005  //DES cipher algorithm?
1006  if(cipher == DES_CIPHER_ALGO)
1007  {
1008  //Check the length of the payload
1009  if(length == 0)
1010  {
1011  //No data to process
1012  }
1013  else if((length % DES_BLOCK_SIZE) == 0)
1014  {
1015  size_t i;
1016  size_t n;
1017  DesContext *desContext;
1018  caam_handle_t caamHandle;
1019  uint8_t block[DES_BLOCK_SIZE];
1020 
1021  //Point to the DES context
1022  desContext = (DesContext *) context;
1023 
1024  //Set CAAM job ring
1025  caamHandle.jobRing = kCAAM_JobRing0;
1026 
1027  //Acquire exclusive access to the CAAM module
1028  osAcquireMutex(&mimxrt1160CryptoMutex);
1029 
1030  //Perform 3DES-CBC decryption
1031  for(i = 0; i < length && status == kStatus_Success; i += n)
1032  {
1033  //Limit the number of data to process at a time
1034  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
1035  //Copy the ciphertext to the buffer
1036  osMemcpy(caamBufferIn, c + i, n);
1037  //Save the last input block
1038  osMemcpy(block, caamBufferIn + n - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
1039 
1040  //Decrypt data
1041  status = CAAM_DES_DecryptCbc(CAAM, &caamHandle, caamBufferIn,
1042  caamBufferOut, n, iv, (const uint8_t *) desContext->ks);
1043 
1044  //Check status code
1045  if(status == kStatus_Success)
1046  {
1047  //Copy the resulting plaintext
1048  osMemcpy(p + i, caamBufferOut, n);
1049  //Update the value of the initialization vector
1050  osMemcpy(iv, block, DES_BLOCK_SIZE);
1051  }
1052  }
1053 
1054  //Release exclusive access to the CAAM module
1055  osReleaseMutex(&mimxrt1160CryptoMutex);
1056  }
1057  else
1058  {
1059  //The length of the payload must be a multiple of the block size
1060  status = kStatus_InvalidArgument;
1061  }
1062  }
1063  else
1064 #endif
1065 #if (DES3_SUPPORT == ENABLED)
1066  //Triple DES cipher algorithm?
1067  if(cipher == DES3_CIPHER_ALGO)
1068  {
1069  //Check the length of the payload
1070  if(length == 0)
1071  {
1072  //No data to process
1073  }
1074  else if((length % DES3_BLOCK_SIZE) == 0)
1075  {
1076  size_t i;
1077  size_t n;
1078  Des3Context *des3Context;
1079  caam_handle_t caamHandle;
1080  uint8_t block[DES3_BLOCK_SIZE];
1081 
1082  //Point to the Triple DES context
1083  des3Context = (Des3Context *) context;
1084 
1085  //Set CAAM job ring
1086  caamHandle.jobRing = kCAAM_JobRing0;
1087 
1088  //Acquire exclusive access to the CAAM module
1089  osAcquireMutex(&mimxrt1160CryptoMutex);
1090 
1091  //Perform 3DES-CBC decryption
1092  for(i = 0; i < length && status == kStatus_Success; i += n)
1093  {
1094  //Limit the number of data to process at a time
1095  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
1096  //Copy the ciphertext to the buffer
1097  osMemcpy(caamBufferIn, c + i, n);
1098  //Save the last input block
1099  osMemcpy(block, caamBufferIn + n - DES3_BLOCK_SIZE, DES3_BLOCK_SIZE);
1100 
1101  //Decrypt data
1102  status = CAAM_DES3_DecryptCbc(CAAM, &caamHandle, caamBufferIn,
1103  caamBufferOut, n, iv, (const uint8_t *) des3Context->k1.ks,
1104  (const uint8_t *) des3Context->k2.ks,
1105  (const uint8_t *) des3Context->k3.ks);
1106 
1107  //Check status code
1108  if(status == kStatus_Success)
1109  {
1110  //Copy the resulting plaintext
1111  osMemcpy(p + i, caamBufferOut, n);
1112  //Update the value of the initialization vector
1113  osMemcpy(iv, block, DES3_BLOCK_SIZE);
1114  }
1115  }
1116 
1117  //Release exclusive access to the CAAM module
1118  osReleaseMutex(&mimxrt1160CryptoMutex);
1119  }
1120  else
1121  {
1122  //The length of the payload must be a multiple of the block size
1123  status = kStatus_InvalidArgument;
1124  }
1125  }
1126  else
1127 #endif
1128 #if (AES_SUPPORT == ENABLED)
1129  //AES cipher algorithm?
1130  if(cipher == AES_CIPHER_ALGO)
1131  {
1132  //Check the length of the payload
1133  if(length == 0)
1134  {
1135  //No data to process
1136  }
1137  else if((length % AES_BLOCK_SIZE) == 0)
1138  {
1139  size_t i;
1140  size_t n;
1141  size_t keySize;
1142  AesContext *aesContext;
1143  caam_handle_t caamHandle;
1144  uint8_t block[AES_BLOCK_SIZE];
1145 
1146  //Point to the AES context
1147  aesContext = (AesContext *) context;
1148 
1149  //Retrieve the length of the key
1150  if(aesContext->nr == 10)
1151  {
1152  //10 rounds are required for 128-bit key
1153  keySize = 16;
1154  }
1155  else if(aesContext->nr == 12)
1156  {
1157  //12 rounds are required for 192-bit key
1158  keySize = 24;
1159  }
1160  else if(aesContext->nr == 14)
1161  {
1162  //14 rounds are required for 256-bit key
1163  keySize = 32;
1164  }
1165  else
1166  {
1167  //Invalid key length
1168  status = kStatus_Fail;
1169  }
1170 
1171  //Check status code
1172  if(status == kStatus_Success)
1173  {
1174  //Set CAAM job ring
1175  caamHandle.jobRing = kCAAM_JobRing0;
1176 
1177  //Acquire exclusive access to the CAAM module
1178  osAcquireMutex(&mimxrt1160CryptoMutex);
1179 
1180  //Perform AES-CBC decryption
1181  for(i = 0; i < length && status == kStatus_Success; i += n)
1182  {
1183  //Limit the number of data to process at a time
1184  n = MIN(length - i, MIMXRT1160_CAAM_BUFFER_SIZE);
1185  //Copy the ciphertext to the buffer
1186  osMemcpy(caamBufferIn, c + i, n);
1187  //Save the last input block
1188  osMemcpy(block, caamBufferIn + n - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
1189 
1190  //Decrypt data
1191  status = CAAM_AES_DecryptCbc(CAAM, &caamHandle, caamBufferIn,
1192  caamBufferOut, n, iv, (const uint8_t *) aesContext->ek, keySize);
1193 
1194  //Check status code
1195  if(status == kStatus_Success)
1196  {
1197  //Copy the resulting plaintext
1198  osMemcpy(p + i, caamBufferOut, n);
1199  //Update the value of the initialization vector
1200  osMemcpy(iv, block, AES_BLOCK_SIZE);
1201  }
1202  }
1203  }
1204 
1205  //Release exclusive access to the CAAM module
1206  osReleaseMutex(&mimxrt1160CryptoMutex);
1207  }
1208  else
1209  {
1210  //The length of the payload must be a multiple of the block size
1211  status = kStatus_InvalidArgument;
1212  }
1213  }
1214  else
1215 #endif
1216  //Unknown cipher algorithm?
1217  {
1218  size_t i;
1219  uint8_t t[16];
1220 
1221  //CBC mode operates in a block-by-block fashion
1222  while(length >= cipher->blockSize)
1223  {
1224  //Save input block
1225  osMemcpy(t, c, cipher->blockSize);
1226 
1227  //Decrypt the current block
1228  cipher->decryptBlock(context, c, p);
1229 
1230  //XOR output block with IV contents
1231  for(i = 0; i < cipher->blockSize; i++)
1232  {
1233  p[i] ^= iv[i];
1234  }
1235 
1236  //Update IV with input block contents
1237  osMemcpy(iv, t, cipher->blockSize);
1238 
1239  //Next block
1240  c += cipher->blockSize;
1241  p += cipher->blockSize;
1242  length -= cipher->blockSize;
1243  }
1244 
1245  //The length of the payload must be a multiple of the block size
1246  if(length != 0)
1247  {
1248  status = kStatus_InvalidArgument;
1249  }
1250  }
1251 
1252  //Return status code
1253  return (status == kStatus_Success) ? NO_ERROR : ERROR_FAILURE;
1254 }
1255 
1256 #endif
1257 #if (CTR_SUPPORT == ENABLED)
1258 
1259 /**
1260  * @brief CTR encryption
1261  * @param[in] cipher Cipher algorithm
1262  * @param[in] context Cipher algorithm context
1263  * @param[in] m Size in bits of the specific part of the block to be incremented
1264  * @param[in,out] t Initial counter block
1265  * @param[in] p Plaintext to be encrypted
1266  * @param[out] c Ciphertext resulting from the encryption
1267  * @param[in] length Total number of data bytes to be encrypted
1268  * @return Error code
1269  **/
1270 
1271 error_t ctrEncrypt(const CipherAlgo *cipher, void *context, uint_t m,
1272  uint8_t *t, const uint8_t *p, uint8_t *c, size_t length)
1273 {
1274  status_t status;
1275 
1276  //Initialize status code
1277  status = kStatus_Success;
1278 
1279  //Check the value of the parameter
1280  if((m % 8) == 0 && m <= (cipher->blockSize * 8))
1281  {
1282  //Determine the size, in bytes, of the specific part of the block to be
1283  //incremented
1284  m = m / 8;
1285 
1286 #if (AES_SUPPORT == ENABLED)
1287  //AES cipher algorithm?
1288  if(cipher == AES_CIPHER_ALGO)
1289  {
1290  size_t i;
1291  size_t k;
1292  size_t n;
1293  size_t keySize;
1294  AesContext *aesContext;
1295  caam_handle_t caamHandle;
1296 
1297  //Point to the AES context
1298  aesContext = (AesContext *) context;
1299 
1300  //Retrieve the length of the key
1301  if(aesContext->nr == 10)
1302  {
1303  //10 rounds are required for 128-bit key
1304  keySize = 16;
1305  }
1306  else if(aesContext->nr == 12)
1307  {
1308  //12 rounds are required for 192-bit key
1309  keySize = 24;
1310  }
1311  else if(aesContext->nr == 14)
1312  {
1313  //14 rounds are required for 256-bit key
1314  keySize = 32;
1315  }
1316  else
1317  {
1318  //Invalid key length
1319  status = kStatus_Fail;
1320  }
1321 
1322  //Check status code
1323  if(status == kStatus_Success)
1324  {
1325  //Set CAAM job ring
1326  caamHandle.jobRing = kCAAM_JobRing0;
1327 
1328  //Acquire exclusive access to the CAAM module
1329  osAcquireMutex(&mimxrt1160CryptoMutex);
1330 
1331  //Perform AES-CTR encryption
1332  for(i = 0; i < length && status == kStatus_Success; i += n)
1333  {
1334  //Limit the number of data to process at a time
1335  k = 256 - t[AES_BLOCK_SIZE - 1];
1336  n = k * AES_BLOCK_SIZE;
1337  n = MIN(n, length - i);
1338  n = MIN(n, MIMXRT1160_CAAM_BUFFER_SIZE);
1339  k = (n + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE;
1340 
1341  //Copy the plaintext to the buffer
1342  osMemcpy(caamBufferIn, p + i, n);
1343  //Copy the counter block
1344  osMemcpy(caamInitVector, t, AES_BLOCK_SIZE);
1345 
1346  //Encrypt data
1347  status = CAAM_AES_CryptCtr(CAAM, &caamHandle,
1348  caamBufferIn, caamBufferOut, k * AES_BLOCK_SIZE,
1349  caamInitVector, (const uint8_t *) aesContext->ek, keySize,
1350  NULL, NULL);
1351 
1352  //Check status code
1353  if(status == kStatus_Success)
1354  {
1355  //Copy the resulting ciphertext
1356  osMemcpy(c + i, caamBufferOut, n);
1357  //Update the value of the counter block
1358  ctrIncBlock(t, k, AES_BLOCK_SIZE, m);
1359  }
1360  }
1361  }
1362 
1363  //Release exclusive access to the CAAM module
1364  osReleaseMutex(&mimxrt1160CryptoMutex);
1365  }
1366  else
1367 #endif
1368  //Unknown cipher algorithm?
1369  {
1370  size_t i;
1371  size_t n;
1372  uint8_t o[16];
1373 
1374  //Process plaintext
1375  while(length > 0)
1376  {
1377  //CTR mode operates in a block-by-block fashion
1378  n = MIN(length, cipher->blockSize);
1379 
1380  //Compute O(j) = CIPH(T(j))
1381  cipher->encryptBlock(context, t, o);
1382 
1383  //Compute C(j) = P(j) XOR T(j)
1384  for(i = 0; i < n; i++)
1385  {
1386  c[i] = p[i] ^ o[i];
1387  }
1388 
1389  //Standard incrementing function
1390  ctrIncBlock(t, 1, cipher->blockSize, m);
1391 
1392  //Next block
1393  p += n;
1394  c += n;
1395  length -= n;
1396  }
1397  }
1398  }
1399  else
1400  {
1401  //The value of the parameter is not valid
1402  status = kStatus_InvalidArgument;
1403  }
1404 
1405  //Return status code
1406  return (status == kStatus_Success) ? NO_ERROR : ERROR_FAILURE;
1407 }
1408 
1409 #endif
1410 #if (GCM_SUPPORT == ENABLED && AES_SUPPORT == ENABLED)
1411 
1412 /**
1413  * @brief Initialize GCM context
1414  * @param[in] context Pointer to the GCM context
1415  * @param[in] cipherAlgo Cipher algorithm
1416  * @param[in] cipherContext Pointer to the cipher algorithm context
1417  * @return Error code
1418  **/
1419 
1420 error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo,
1421  void *cipherContext)
1422 {
1423  //Check parameters
1424  if(context == NULL || cipherContext == NULL)
1425  return ERROR_INVALID_PARAMETER;
1426 
1427  //The CRYP module only supports AES cipher algorithm
1428  if(cipherAlgo != AES_CIPHER_ALGO)
1429  return ERROR_INVALID_PARAMETER;
1430 
1431  //Save cipher algorithm context
1432  context->cipherAlgo = cipherAlgo;
1433  context->cipherContext = cipherContext;
1434 
1435  //Successful initialization
1436  return NO_ERROR;
1437 }
1438 
1439 
1440 /**
1441  * @brief Authenticated encryption using GCM
1442  * @param[in] context Pointer to the GCM context
1443  * @param[in] iv Initialization vector
1444  * @param[in] ivLen Length of the initialization vector
1445  * @param[in] a Additional authenticated data
1446  * @param[in] aLen Length of the additional data
1447  * @param[in] p Plaintext to be encrypted
1448  * @param[out] c Ciphertext resulting from the encryption
1449  * @param[in] length Total number of data bytes to be encrypted
1450  * @param[out] t Authentication tag
1451  * @param[in] tLen Length of the authentication tag
1452  * @return Error code
1453  **/
1454 
1455 error_t gcmEncrypt(GcmContext *context, const uint8_t *iv,
1456  size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p,
1457  uint8_t *c, size_t length, uint8_t *t, size_t tLen)
1458 {
1459  status_t status;
1460  size_t keySize;
1461  caam_handle_t caamHandle;
1462  AesContext *aesContext;
1463 
1464  //Make sure the GCM context is valid
1465  if(context == NULL)
1466  return ERROR_INVALID_PARAMETER;
1467 
1468  //Check the length of the authentication tag
1469  if(tLen < 4 || tLen > 16)
1470  return ERROR_INVALID_LENGTH;
1471 
1472  //Initialize status code
1473  status = kStatus_Success;
1474 
1475  //Point to the AES context
1476  aesContext = (AesContext *) context->cipherContext;
1477 
1478  //Retrieve the length of the key
1479  if(aesContext->nr == 10)
1480  {
1481  //10 rounds are required for 128-bit key
1482  keySize = 16;
1483  }
1484  else if(aesContext->nr == 12)
1485  {
1486  //12 rounds are required for 192-bit key
1487  keySize = 24;
1488  }
1489  else if(aesContext->nr == 14)
1490  {
1491  //14 rounds are required for 256-bit key
1492  keySize = 32;
1493  }
1494  else
1495  {
1496  //Invalid key length
1497  status = kStatus_Fail;
1498  }
1499 
1500  //Check status code
1501  if(status == kStatus_Success)
1502  {
1503  //Set CAAM job ring
1504  caamHandle.jobRing = kCAAM_JobRing0;
1505 
1506  //Acquire exclusive access to the CAAM module
1507  osAcquireMutex(&mimxrt1160CryptoMutex);
1508 
1509  //Perform AES-GCM encryption
1510  status = CAAM_AES_EncryptTagGcm(CAAM, &caamHandle, p, c, length, iv,
1511  ivLen, a, aLen, (const uint8_t *) aesContext->ek, keySize, t, tLen);
1512 
1513  //Release exclusive access to the CAAM module
1514  osReleaseMutex(&mimxrt1160CryptoMutex);
1515  }
1516 
1517  //Return status code
1518  return (status == kStatus_Success) ? NO_ERROR : ERROR_FAILURE;
1519 }
1520 
1521 
1522 /**
1523  * @brief Authenticated decryption using GCM
1524  * @param[in] context Pointer to the GCM context
1525  * @param[in] iv Initialization vector
1526  * @param[in] ivLen Length of the initialization vector
1527  * @param[in] a Additional authenticated data
1528  * @param[in] aLen Length of the additional data
1529  * @param[in] c Ciphertext to be decrypted
1530  * @param[out] p Plaintext resulting from the decryption
1531  * @param[in] length Total number of data bytes to be decrypted
1532  * @param[in] t Authentication tag
1533  * @param[in] tLen Length of the authentication tag
1534  * @return Error code
1535  **/
1536 
1537 error_t gcmDecrypt(GcmContext *context, const uint8_t *iv,
1538  size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c,
1539  uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
1540 {
1541  status_t status;
1542  size_t keySize;
1543  caam_handle_t caamHandle;
1544  AesContext *aesContext;
1545 
1546  //Make sure the GCM context is valid
1547  if(context == NULL)
1548  return ERROR_INVALID_PARAMETER;
1549 
1550  //Check the length of the authentication tag
1551  if(tLen < 4 || tLen > 16)
1552  return ERROR_INVALID_LENGTH;
1553 
1554  //Initialize status code
1555  status = kStatus_Success;
1556 
1557  //Point to the AES context
1558  aesContext = (AesContext *) context->cipherContext;
1559 
1560  //Retrieve the length of the key
1561  if(aesContext->nr == 10)
1562  {
1563  //10 rounds are required for 128-bit key
1564  keySize = 16;
1565  }
1566  else if(aesContext->nr == 12)
1567  {
1568  //12 rounds are required for 192-bit key
1569  keySize = 24;
1570  }
1571  else if(aesContext->nr == 14)
1572  {
1573  //14 rounds are required for 256-bit key
1574  keySize = 32;
1575  }
1576  else
1577  {
1578  //Invalid key length
1579  status = kStatus_Fail;
1580  }
1581 
1582  //Check status code
1583  if(status == kStatus_Success)
1584  {
1585  //Set CAAM job ring
1586  caamHandle.jobRing = kCAAM_JobRing0;
1587 
1588  //Acquire exclusive access to the CAAM module
1589  osAcquireMutex(&mimxrt1160CryptoMutex);
1590 
1591  //Perform AES-GCM decryption
1592  status = CAAM_AES_DecryptTagGcm(CAAM, &caamHandle, c, p, length, iv,
1593  ivLen, a, aLen, (const uint8_t *) aesContext->ek, keySize, t, tLen);
1594 
1595  //Release exclusive access to the CAAM module
1596  osReleaseMutex(&mimxrt1160CryptoMutex);
1597  }
1598 
1599  //Return status code
1600  return (status == kStatus_Success) ? NO_ERROR : ERROR_FAILURE;
1601 }
1602 
1603 #endif
1604 #endif
block
uint16_t block
Definition: tftp_common.h:115
gcmInit
error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo, void *cipherContext)
Initialize GCM context.
Definition: mimxrt1160_crypto_cipher.c:1420
desInit
error_t desInit(DesContext *context, const uint8_t *key, size_t keyLen)
Initialize a DES context using the supplied key.
Definition: mimxrt1160_crypto_cipher.c:90
a
uint8_t a
Definition: ndp.h:411
CipherAlgo::decryptBlock
CipherAlgoDecryptBlock decryptBlock
Definition: crypto.h:1077
p
uint8_t p
Definition: ndp.h:300
t
uint8_t t
Definition: lldp_ext_med.h:212
o
uint8_t o
Definition: dhcpv6_common.h:415
cipher_algorithms.h
Collection of AEAD algorithms.
cbcEncrypt
error_t cbcEncrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *p, uint8_t *c, size_t length)
CBC encryption.
Definition: mimxrt1160_crypto_cipher.c:736
mimxrt1160_crypto.h
i.MX RT1160 hardware cryptographic accelerator (CAAM)
CipherAlgo::blockSize
size_t blockSize
Definition: crypto.h:1072
__attribute__
uint8_t caamBufferIn[MIMXRT1160_CAAM_BUFFER_SIZE] __attribute__((aligned(16)))
desDecryptBlock
void desDecryptBlock(DesContext *context, const uint8_t *input, uint8_t *output)
Decrypt a 8-byte block using DES algorithm.
Definition: mimxrt1160_crypto_cipher.c:147
Des3Context::k1
DesContext k1
Definition: des3.h:60
CipherAlgo::encryptBlock
CipherAlgoEncryptBlock encryptBlock
Definition: crypto.h:1076
DES3_BLOCK_SIZE
#define DES3_BLOCK_SIZE
Definition: des3.h:44
AesContext
AES algorithm context.
Definition: aes.h:58
gcmDecrypt
error_t gcmDecrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
Authenticated decryption using GCM.
Definition: mimxrt1160_crypto_cipher.c:1537
AES_BLOCK_SIZE
#define AES_BLOCK_SIZE
Definition: aes.h:43
DesContext
DES algorithm context.
Definition: des.h:58
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:141
error_t
error_t
Error codes.
Definition: error.h:43
ERROR_FAILURE
@ ERROR_FAILURE
Generic error code.
Definition: error.h:45
ERROR_INVALID_KEY_LENGTH
@ ERROR_INVALID_KEY_LENGTH
Definition: error.h:107
ERROR_INVALID_LENGTH
@ ERROR_INVALID_LENGTH
Definition: error.h:111
crypto.h
General definitions for cryptographic algorithms.
des3EncryptBlock
void des3EncryptBlock(Des3Context *context, const uint8_t *input, uint8_t *output)
Encrypt a 8-byte block using Triple DES algorithm.
Definition: mimxrt1160_crypto_cipher.c:180
ctrEncrypt
error_t ctrEncrypt(const CipherAlgo *cipher, void *context, uint_t m, uint8_t *t, const uint8_t *p, uint8_t *c, size_t length)
CTR encryption.
Definition: mimxrt1160_crypto_cipher.c:1271
iv
uint8_t iv[]
Definition: ike.h:1502
cipher_modes.h
Block cipher modes of operation.
DES_CIPHER_ALGO
#define DES_CIPHER_ALGO
Definition: des.h:45
GcmContext::cipherAlgo
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: gcm.h:65
length
uint8_t length
Definition: tcp.h:368
MIMXRT1160_CAAM_BUFFER_SIZE
#define MIMXRT1160_CAAM_BUFFER_SIZE
Definition: mimxrt1160_crypto.h:39
MIN
#define MIN(a, b)
Definition: os_port.h:63
Des3Context::k3
DesContext k3
Definition: des3.h:62
AesContext::nr
uint_t nr
Definition: aes.h:59
mimxrt1160_crypto_cipher.h
i.MX RT1160 cipher hardware accelerator
cbcDecrypt
error_t cbcDecrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *c, uint8_t *p, size_t length)
CBC decryption.
Definition: mimxrt1160_crypto_cipher.c:996
aead_algorithms.h
GcmContext
GCM context.
Definition: gcm.h:64
Des3Context
Triple DES algorithm context.
Definition: des3.h:59
ecbDecrypt
error_t ecbDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *c, uint8_t *p, size_t length)
ECB decryption.
Definition: mimxrt1160_crypto_cipher.c:492
desEncryptBlock
void desEncryptBlock(DesContext *context, const uint8_t *input, uint8_t *output)
Encrypt a 8-byte block using DES algorithm.
Definition: mimxrt1160_crypto_cipher.c:116
m
uint8_t m
Definition: ndp.h:304
n
uint8_t n
Definition: dhcpv6_common.h:416
osAcquireMutex
void osAcquireMutex(OsMutex *mutex)
Acquire ownership of the specified mutex object.
Definition: os_port_chibios.c:396
osReleaseMutex
void osReleaseMutex(OsMutex *mutex)
Release ownership of the specified mutex object.
Definition: os_port_chibios.c:408
DES_BLOCK_SIZE
#define DES_BLOCK_SIZE
Definition: des.h:43
CipherAlgo
Common interface for encryption algorithms.
Definition: crypto.h:1068
Des3Context::k2
DesContext k2
Definition: des3.h:61
AES_CIPHER_ALGO
#define AES_CIPHER_ALGO
Definition: aes.h:45
des3DecryptBlock
void des3DecryptBlock(Des3Context *context, const uint8_t *input, uint8_t *output)
Decrypt a 8-byte block using Triple DES algorithm.
Definition: mimxrt1160_crypto_cipher.c:213
mimxrt1160CryptoMutex
OsMutex mimxrt1160CryptoMutex
Definition: mimxrt1160_crypto.c:42
DES3_CIPHER_ALGO
#define DES3_CIPHER_ALGO
Definition: des3.h:46
LOAD32LE
#define LOAD32LE(p)
Definition: cpu_endian.h:203
AesContext::ek
uint32_t ek[60]
Definition: aes.h:60
uint_t
unsigned int uint_t
Definition: compiler_port.h:50
GcmContext::cipherContext
void * cipherContext
Cipher algorithm context.
Definition: gcm.h:66
ecbEncrypt
error_t ecbEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *p, uint8_t *c, size_t length)
ECB encryption.
Definition: mimxrt1160_crypto_cipher.c:251
DesContext::ks
uint32_t ks[32]
Definition: des.h:59
ctrIncBlock
void ctrIncBlock(uint8_t *ctr, uint32_t inc, size_t blockSize, size_t m)
Increment counter block.
Definition: ctr.c:138
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
c
uint8_t c
Definition: ndp.h:514
debug.h
Debugging facilities.
gcmEncrypt
error_t gcmEncrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using GCM.
Definition: mimxrt1160_crypto_cipher.c:1455