ra8_crypto_cipher.c
Go to the documentation of this file.
1 /**
2  * @file ra8_crypto_cipher.c
3  * @brief RA8 cipher hardware accelerator
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "hw_sce_private.h"
36 #include "hw_sce_ra_private.h"
37 #include "hw_sce_aes_private.h"
38 #include "core/crypto.h"
39 #include "hardware/ra8/ra8_crypto.h"
40 #include "hardware/ra8/ra8_crypto_cipher.h"
41 #include "cipher/cipher_algorithms.h"
42 #include "cipher_modes/cipher_modes.h"
43 #include "aead/aead_algorithms.h"
44 #include "debug.h"
45 
46 //Check crypto library configuration
47 #if (RA8_CRYPTO_CIPHER_SUPPORT == ENABLED && AES_SUPPORT == ENABLED)
48 
49 
50 /**
51  * @brief Perform AES encryption or decryption
52  * @param[in] context AES algorithm context
53  * @param[in,out] iv Initialization vector
54  * @param[in] input Data to be encrypted/decrypted
55  * @param[out] output Data resulting from the encryption/decryption process
56  * @param[in] length Total number of data bytes to be processed
57  * @param[in] command Operation mode
58  * @return Status code
59  **/
60 
61 error_t aesProcessData(AesContext *context, uint8_t *iv, const uint8_t *input,
62  uint8_t *output, size_t length, uint32_t command)
63 {
64  fsp_err_t status;
65  size_t n;
66  uint32_t keyType;
67  uint32_t block[AES_BLOCK_SIZE / 4];
68 
69  //Set key type
70  keyType = 0;
71  //Set operation mode
72  command = htobe32(command);
73 
74  //Acquire exclusive access to the RSIP7 module
75  osAcquireMutex(&ra8CryptoMutex);
76 
77  //Initialize encryption or decryption operation
78  if(context->nr == 10)
79  {
80  status = HW_SCE_Aes128EncryptDecryptInitSub(&keyType, &command,
81  context->ek, (const uint32_t *) iv);
82  }
83  else if(context->nr == 12)
84  {
85  status = HW_SCE_Aes192EncryptDecryptInitSub(&command,
86  context->ek, (const uint32_t *) iv);
87  }
88  else if(context->nr == 14)
89  {
90  status = HW_SCE_Aes256EncryptDecryptInitSub(&keyType, &command,
91  context->ek, (const uint32_t *) iv);
92  }
93  else
94  {
95  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
96  }
97 
98  //Check status code
99  if(status == FSP_SUCCESS)
100  {
101  //Get the number of bytes in the last block
102  n = length % AES_BLOCK_SIZE;
103 
104  //Process complete blocks only
105  if(context->nr == 10)
106  {
107  HW_SCE_Aes128EncryptDecryptUpdateSub((const uint32_t *) input,
108  (uint32_t *) output, (length - n) / 4);
109  }
110  else if(context->nr == 12)
111  {
112  HW_SCE_Aes192EncryptDecryptUpdateSub((const uint32_t *) input,
113  (uint32_t *) output, (length - n) / 4);
114  }
115  else
116  {
117  HW_SCE_Aes256EncryptDecryptUpdateSub((const uint32_t *) input,
118  (uint32_t *) output, (length - n) / 4);
119  }
120 
121  //The final block requires special processing
122  if(n > 0)
123  {
124  //Copy the input data
125  osMemset(block, 0, AES_BLOCK_SIZE);
126  osMemcpy(block, input + length - n, n);
127 
128  //Process the final block
129  if(context->nr == 10)
130  {
131  HW_SCE_Aes128EncryptDecryptUpdateSub(block, block,
132  AES_BLOCK_SIZE / 4);
133  }
134  else if(context->nr == 12)
135  {
136  HW_SCE_Aes192EncryptDecryptUpdateSub(block, block,
137  AES_BLOCK_SIZE / 4);
138  }
139  else
140  {
141  HW_SCE_Aes256EncryptDecryptUpdateSub(block, block,
142  AES_BLOCK_SIZE / 4);
143  }
144 
145  //Copy the resulting ciphertext
146  osMemcpy(output + length - n, block, n);
147  }
148  }
149 
150  //Check status code
151  if(status == FSP_SUCCESS)
152  {
153  //Finalize encryption or decryption operation
154  if(context->nr == 10)
155  {
156  status = HW_SCE_Aes128EncryptDecryptFinalSub();
157  }
158  else if(context->nr == 12)
159  {
160  status = HW_SCE_Aes192EncryptDecryptFinalSub();
161  }
162  else if(context->nr == 14)
163  {
164  status = HW_SCE_Aes256EncryptDecryptFinalSub();
165  }
166  else
167  {
168  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
169  }
170  }
171 
172  //Check status code
173  if(status != FSP_SUCCESS)
174  {
175  osMemset(output, 0, length);
176  }
177 
178  //Release exclusive access to the RSIP7 module
179  osReleaseMutex(&ra8CryptoMutex);
180 
181  //Return status code
182  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
183 }
184 
185 
186 /**
187  * @brief Key expansion
188  * @param[in] context Pointer to the AES context to initialize
189  * @param[in] key Pointer to the key
190  * @param[in] keyLen Length of the key
191  * @return Error code
192  **/
193 
194 error_t aesInit(AesContext *context, const uint8_t *key, size_t keyLen)
195 {
196  fsp_err_t status;
197 
198  //Check parameters
199  if(context == NULL || key == NULL)
200  return ERROR_INVALID_PARAMETER;
201 
202  //Acquire exclusive access to the RSIP7 module
203  osAcquireMutex(&ra8CryptoMutex);
204 
205  //Check the length of the key
206  if(keyLen == 16)
207  {
208  //10 rounds are required for 128-bit key
209  context->nr = 10;
210 
211  //Install the plaintext key and get the wrapped key
212  status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
213  SCE_OEM_CMD_AES128, NULL, NULL, key, context->ek);
214  }
215  else if(keyLen == 24)
216  {
217  //12 rounds are required for 192-bit key
218  context->nr = 12;
219 
220  //Install the plaintext key and get the wrapped key
221  status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
222  SCE_OEM_CMD_AES192, NULL, NULL, key, context->ek);
223  }
224  else if(keyLen == 32)
225  {
226  //14 rounds are required for 256-bit key
227  context->nr = 14;
228 
229  //Install the plaintext key and get the wrapped key
230  status = HW_SCE_GenerateOemKeyIndexPrivate(SCE_OEM_KEY_TYPE_PLAIN,
231  SCE_OEM_CMD_AES256, NULL, NULL, key, context->ek);
232  }
233  else
234  {
235  //Invalid key length
236  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
237  }
238 
239  //Release exclusive access to the RSIP7 module
240  osReleaseMutex(&ra8CryptoMutex);
241 
242  //Return status code
243  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
244 }
245 
246 
247 /**
248  * @brief Encrypt a 16-byte block using AES algorithm
249  * @param[in] context Pointer to the AES context
250  * @param[in] input Plaintext block to encrypt
251  * @param[out] output Ciphertext block resulting from encryption
252  **/
253 
254 void aesEncryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
255 {
256  //Perform AES encryption
257  aesProcessData(context, NULL, input, output, AES_BLOCK_SIZE,
258  SCE_AES_IN_DATA_CMD_ECB_ENCRYPTION);
259 }
260 
261 
262 /**
263  * @brief Decrypt a 16-byte block using AES algorithm
264  * @param[in] context Pointer to the AES context
265  * @param[in] input Ciphertext block to decrypt
266  * @param[out] output Plaintext block resulting from decryption
267  **/
268 
269 void aesDecryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
270 {
271  //Perform AES decryption
272  aesProcessData(context, NULL, input, output, AES_BLOCK_SIZE,
273  SCE_AES_IN_DATA_CMD_ECB_DECRYPTION);
274 }
275 
276 
277 #if (ECB_SUPPORT == ENABLED)
278 
279 /**
280  * @brief ECB encryption
281  * @param[in] cipher Cipher algorithm
282  * @param[in] context Cipher algorithm context
283  * @param[in] p Plaintext to be encrypted
284  * @param[out] c Ciphertext resulting from the encryption
285  * @param[in] length Total number of data bytes to be encrypted
286  * @return Error code
287  **/
288 
289 error_t ecbEncrypt(const CipherAlgo *cipher, void *context,
290  const uint8_t *p, uint8_t *c, size_t length)
291 {
292  error_t error;
293 
294  //Initialize status code
295  error = NO_ERROR;
296 
297  //AES cipher algorithm?
298  if(cipher == AES_CIPHER_ALGO)
299  {
300  //Check the length of the payload
301  if(length == 0)
302  {
303  //No data to process
304  }
305  else if((length % AES_BLOCK_SIZE) == 0)
306  {
307  //Encrypt payload data
308  error = aesProcessData(context, NULL, p, c, length,
309  SCE_AES_IN_DATA_CMD_ECB_ENCRYPTION);
310  }
311  else
312  {
313  //The length of the payload must be a multiple of the block size
314  error = ERROR_INVALID_LENGTH;
315  }
316  }
317  else
318  {
319  //ECB mode operates in a block-by-block fashion
320  while(length >= cipher->blockSize)
321  {
322  //Encrypt current block
323  cipher->encryptBlock(context, p, c);
324 
325  //Next block
326  p += cipher->blockSize;
327  c += cipher->blockSize;
328  length -= cipher->blockSize;
329  }
330 
331  //The length of the payload must be a multiple of the block size
332  if(length != 0)
333  {
334  error = ERROR_INVALID_LENGTH;
335  }
336  }
337 
338  //Return status code
339  return error;
340 }
341 
342 
343 /**
344  * @brief ECB decryption
345  * @param[in] cipher Cipher algorithm
346  * @param[in] context Cipher algorithm context
347  * @param[in] c Ciphertext to be decrypted
348  * @param[out] p Plaintext resulting from the decryption
349  * @param[in] length Total number of data bytes to be decrypted
350  * @return Error code
351  **/
352 
353 error_t ecbDecrypt(const CipherAlgo *cipher, void *context,
354  const uint8_t *c, uint8_t *p, size_t length)
355 {
356  error_t error;
357 
358  //Initialize status code
359  error = NO_ERROR;
360 
361  //AES cipher algorithm?
362  if(cipher == AES_CIPHER_ALGO)
363  {
364  //Check the length of the payload
365  if(length == 0)
366  {
367  //No data to process
368  }
369  else if((length % AES_BLOCK_SIZE) == 0)
370  {
371  //Decrypt payload data
372  error = aesProcessData(context, NULL, c, p, length,
373  SCE_AES_IN_DATA_CMD_ECB_DECRYPTION);
374  }
375  else
376  {
377  //The length of the payload must be a multiple of the block size
378  error = ERROR_INVALID_LENGTH;
379  }
380  }
381  else
382  {
383  //ECB mode operates in a block-by-block fashion
384  while(length >= cipher->blockSize)
385  {
386  //Decrypt current block
387  cipher->decryptBlock(context, c, p);
388 
389  //Next block
390  c += cipher->blockSize;
391  p += cipher->blockSize;
392  length -= cipher->blockSize;
393  }
394 
395  //The length of the payload must be a multiple of the block size
396  if(length != 0)
397  {
398  error = ERROR_INVALID_LENGTH;
399  }
400  }
401 
402  //Return status code
403  return error;
404 }
405 
406 #endif
407 #if (CBC_SUPPORT == ENABLED)
408 
409 /**
410  * @brief CBC encryption
411  * @param[in] cipher Cipher algorithm
412  * @param[in] context Cipher algorithm context
413  * @param[in,out] iv Initialization vector
414  * @param[in] p Plaintext to be encrypted
415  * @param[out] c Ciphertext resulting from the encryption
416  * @param[in] length Total number of data bytes to be encrypted
417  * @return Error code
418  **/
419 
420 error_t cbcEncrypt(const CipherAlgo *cipher, void *context,
421  uint8_t *iv, const uint8_t *p, uint8_t *c, size_t length)
422 {
423  error_t error;
424 
425  //Initialize status code
426  error = NO_ERROR;
427 
428  //AES cipher algorithm?
429  if(cipher == AES_CIPHER_ALGO)
430  {
431  //Check the length of the payload
432  if(length == 0)
433  {
434  //No data to process
435  }
436  else if((length % AES_BLOCK_SIZE) == 0)
437  {
438  //Encrypt payload data
439  error = aesProcessData(context, iv, p, c, length,
440  SCE_AES_IN_DATA_CMD_CBC_ENCRYPTION);
441 
442  //Check status code
443  if(!error)
444  {
445  //Update the value of the initialization vector
446  osMemcpy(iv, c + length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
447  }
448  }
449  else
450  {
451  //The length of the payload must be a multiple of the block size
452  error = ERROR_INVALID_LENGTH;
453  }
454  }
455  else
456  {
457  size_t i;
458 
459  //CBC mode operates in a block-by-block fashion
460  while(length >= cipher->blockSize)
461  {
462  //XOR input block with IV contents
463  for(i = 0; i < cipher->blockSize; i++)
464  {
465  c[i] = p[i] ^ iv[i];
466  }
467 
468  //Encrypt the current block based upon the output of the previous
469  //encryption
470  cipher->encryptBlock(context, c, c);
471 
472  //Update IV with output block contents
473  osMemcpy(iv, c, cipher->blockSize);
474 
475  //Next block
476  p += cipher->blockSize;
477  c += cipher->blockSize;
478  length -= cipher->blockSize;
479  }
480 
481  //The length of the payload must be a multiple of the block size
482  if(length != 0)
483  {
484  error = ERROR_INVALID_LENGTH;
485  }
486  }
487 
488  //Return status code
489  return error;
490 }
491 
492 
493 /**
494  * @brief CBC decryption
495  * @param[in] cipher Cipher algorithm
496  * @param[in] context Cipher algorithm context
497  * @param[in,out] iv Initialization vector
498  * @param[in] c Ciphertext to be decrypted
499  * @param[out] p Plaintext resulting from the decryption
500  * @param[in] length Total number of data bytes to be decrypted
501  * @return Error code
502  **/
503 
504 error_t cbcDecrypt(const CipherAlgo *cipher, void *context,
505  uint8_t *iv, const uint8_t *c, uint8_t *p, size_t length)
506 {
507  error_t error;
508 
509  //Initialize status code
510  error = NO_ERROR;
511 
512  //AES cipher algorithm?
513  if(cipher == AES_CIPHER_ALGO)
514  {
515  //Check the length of the payload
516  if(length == 0)
517  {
518  //No data to process
519  }
520  else if((length % AES_BLOCK_SIZE) == 0)
521  {
522  uint8_t block[AES_BLOCK_SIZE];
523 
524  //Save the last input block
525  osMemcpy(block, c + length - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
526 
527  //Decrypt payload data
528  error = aesProcessData(context, iv, c, p, length,
529  SCE_AES_IN_DATA_CMD_CBC_DECRYPTION);
530 
531  //Check status code
532  if(!error)
533  {
534  //Update the value of the initialization vector
535  osMemcpy(iv, block, AES_BLOCK_SIZE);
536  }
537  }
538  else
539  {
540  //The length of the payload must be a multiple of the block size
541  error = ERROR_INVALID_LENGTH;
542  }
543  }
544  else
545  {
546  size_t i;
547  uint8_t t[16];
548 
549  //CBC mode operates in a block-by-block fashion
550  while(length >= cipher->blockSize)
551  {
552  //Save input block
553  osMemcpy(t, c, cipher->blockSize);
554 
555  //Decrypt the current block
556  cipher->decryptBlock(context, c, p);
557 
558  //XOR output block with IV contents
559  for(i = 0; i < cipher->blockSize; i++)
560  {
561  p[i] ^= iv[i];
562  }
563 
564  //Update IV with input block contents
565  osMemcpy(iv, t, cipher->blockSize);
566 
567  //Next block
568  c += cipher->blockSize;
569  p += cipher->blockSize;
570  length -= cipher->blockSize;
571  }
572 
573  //The length of the payload must be a multiple of the block size
574  if(length != 0)
575  {
576  error = ERROR_INVALID_LENGTH;
577  }
578  }
579 
580  //Return status code
581  return error;
582 }
583 
584 #endif
585 #if (CTR_SUPPORT == ENABLED)
586 
587 /**
588  * @brief CTR encryption
589  * @param[in] cipher Cipher algorithm
590  * @param[in] context Cipher algorithm context
591  * @param[in] m Size in bits of the specific part of the block to be incremented
592  * @param[in,out] t Initial counter block
593  * @param[in] p Plaintext to be encrypted
594  * @param[out] c Ciphertext resulting from the encryption
595  * @param[in] length Total number of data bytes to be encrypted
596  * @return Error code
597  **/
598 
599 error_t ctrEncrypt(const CipherAlgo *cipher, void *context, uint_t m,
600  uint8_t *t, const uint8_t *p, uint8_t *c, size_t length)
601 {
602  error_t error;
603 
604  //Initialize status code
605  error = NO_ERROR;
606 
607  //Check the value of the parameter
608  if((m % 8) == 0 && m <= (cipher->blockSize * 8))
609  {
610  //Determine the size, in bytes, of the specific part of the block to be
611  //incremented
612  m = m / 8;
613 
614  //AES cipher algorithm?
615  if(cipher == AES_CIPHER_ALGO)
616  {
617  size_t k;
618  size_t n;
619 
620  //Process plaintext
621  while(length > 0 && !error)
622  {
623  //Limit the number of blocks to process at a time
624  k = 256 - t[AES_BLOCK_SIZE - 1];
625  n = MIN(length, k * AES_BLOCK_SIZE);
626  k = (n + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE;
627 
628  //Encrypt payload data
629  error = aesProcessData(context, t, p, c, n,
630  SCE_AES_IN_DATA_CMD_CTR_ENCRYPTION_DECRYPTION);
631 
632  //Standard incrementing function
633  ctrIncBlock(t, k, AES_BLOCK_SIZE, m);
634 
635  //Next block
636  p += n;
637  c += n;
638  length -= n;
639  }
640  }
641  else
642  {
643  size_t i;
644  size_t n;
645  uint8_t o[16];
646 
647  //Process plaintext
648  while(length > 0)
649  {
650  //CTR mode operates in a block-by-block fashion
651  n = MIN(length, cipher->blockSize);
652 
653  //Compute O(j) = CIPH(T(j))
654  cipher->encryptBlock(context, t, o);
655 
656  //Compute C(j) = P(j) XOR T(j)
657  for(i = 0; i < n; i++)
658  {
659  c[i] = p[i] ^ o[i];
660  }
661 
662  //Standard incrementing function
663  ctrIncBlock(t, 1, cipher->blockSize, m);
664 
665  //Next block
666  p += n;
667  c += n;
668  length -= n;
669  }
670  }
671  }
672  else
673  {
674  //The value of the parameter is not valid
675  error = ERROR_INVALID_PARAMETER;
676  }
677 
678  //Return status code
679  return error;
680 }
681 
682 #endif
683 #if (GCM_SUPPORT == ENABLED)
684 
685 /**
686  * @brief Initialize GCM context
687  * @param[in] context Pointer to the GCM context
688  * @param[in] cipherAlgo Cipher algorithm
689  * @param[in] cipherContext Pointer to the cipher algorithm context
690  * @return Error code
691  **/
692 
693 error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo,
694  void *cipherContext)
695 {
696  //Check parameters
697  if(context == NULL || cipherContext == NULL)
698  return ERROR_INVALID_PARAMETER;
699 
700  //The RSIP7 module only supports AES cipher algorithm
701  if(cipherAlgo != AES_CIPHER_ALGO)
702  return ERROR_INVALID_PARAMETER;
703 
704  //Save cipher algorithm context
705  context->cipherAlgo = cipherAlgo;
706  context->cipherContext = cipherContext;
707 
708  //Successful initialization
709  return NO_ERROR;
710 }
711 
712 
713 /**
714  * @brief Authenticated encryption using GCM
715  * @param[in] context Pointer to the GCM context
716  * @param[in] iv Initialization vector
717  * @param[in] ivLen Length of the initialization vector
718  * @param[in] a Additional authenticated data
719  * @param[in] aLen Length of the additional data
720  * @param[in] p Plaintext to be encrypted
721  * @param[out] c Ciphertext resulting from the encryption
722  * @param[in] length Total number of data bytes to be encrypted
723  * @param[out] t Authentication tag
724  * @param[in] tLen Length of the authentication tag
725  * @return Error code
726  **/
727 
728 error_t gcmEncrypt(GcmContext *context, const uint8_t *iv,
729  size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p,
730  uint8_t *c, size_t length, uint8_t *t, size_t tLen)
731 {
732  fsp_err_t status;
733  size_t i;
734  size_t n;
735  uint64_t m;
736  uint32_t keyType;
737  uint32_t dummy;
738  uint32_t temp[4];
739  uint32_t block[4];
740  uint32_t authTag[4];
741  AesContext *aesContext;
742 
743  //Make sure the GCM context is valid
744  if(context == NULL)
745  return ERROR_INVALID_PARAMETER;
746 
747  //Check whether the length of the IV is 96 bits
748  if(ivLen != 12)
749  return ERROR_INVALID_LENGTH;
750 
751  //Check the length of the authentication tag
752  if(tLen < 4 || tLen > 16)
753  return ERROR_INVALID_LENGTH;
754 
755  //Point to the AES context
756  aesContext = (AesContext *) context->cipherContext;
757 
758  //Set key type
759  keyType = 0;
760  //Dummy parameter
761  dummy = 0;
762 
763  //When the length of the IV is 96 bits, the padding string is appended to
764  //the IV to form the pre-counter block
765  temp[0] = LOAD32LE(iv);
766  temp[1] = LOAD32LE(iv + 4);
767  temp[2] = LOAD32LE(iv + 8);
768  temp[3] = BETOH32(1);
769 
770  //Acquire exclusive access to the RSIP7 module
771  osAcquireMutex(&ra8CryptoMutex);
772 
773  //Initialize GCM encryption
774  if(aesContext->nr == 10)
775  {
776  status = HW_SCE_Aes128GcmEncryptInitSub(&keyType, &dummy, &dummy,
777  aesContext->ek, temp, &dummy);
778  }
779  else if(aesContext->nr == 12)
780  {
781  status = HW_SCE_Aes192GcmEncryptInitSub(aesContext->ek, temp);
782  }
783  else if(aesContext->nr == 14)
784  {
785  status = HW_SCE_Aes256GcmEncryptInitSub(&keyType, aesContext->ek, temp);
786  }
787  else
788  {
789  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
790  }
791 
792  //Check status code
793  if(status == FSP_SUCCESS)
794  {
795  //Point to the beginning of the additional authenticated data
796  i = 0;
797 
798  //Process additional authenticated data
799  if(aLen >= AES_BLOCK_SIZE)
800  {
801  //Process complete blocks only
802  n = aLen - (aLen % AES_BLOCK_SIZE);
803 
804  //Write complete blocks
805  if(aesContext->nr == 10)
806  {
807  HW_SCE_Aes128GcmEncryptUpdateAADSub((uint32_t *) a, n / 4);
808  }
809  else if(aesContext->nr == 12)
810  {
811  HW_SCE_Aes192GcmEncryptUpdateAADSub((uint32_t *) a, n / 4);
812  }
813  else
814  {
815  HW_SCE_Aes256GcmEncryptUpdateAADSub((uint32_t *) a, n / 4);
816  }
817 
818  //Advance data pointer
819  i += n;
820  }
821 
822  //Process final block of additional authenticated data
823  if(i < aLen)
824  {
825  //Copy the partial block
826  osMemset(block, 0, AES_BLOCK_SIZE);
827  osMemcpy(block, a + i, aLen - i);
828 
829  //Write block
830  if(aesContext->nr == 10)
831  {
832  HW_SCE_Aes128GcmEncryptUpdateAADSub(block, 1);
833  }
834  else if(aesContext->nr == 12)
835  {
836  HW_SCE_Aes192GcmEncryptUpdateAADSub(block, 1);
837  }
838  else
839  {
840  HW_SCE_Aes256GcmEncryptUpdateAADSub(block, 1);
841  }
842  }
843 
844  //Transition to from AAD phase to data phase
845  if(aesContext->nr == 10)
846  {
847  HW_SCE_Aes128GcmEncryptUpdateTransitionSub();
848  }
849  else if(aesContext->nr == 12)
850  {
851  HW_SCE_Aes192GcmEncryptUpdateTransitionSub();
852  }
853  else
854  {
855  HW_SCE_Aes256GcmEncryptUpdateTransitionSub();
856  }
857 
858  //Point to the beginning of the payload data
859  i = 0;
860 
861  //Process payload data
862  if(length >= AES_BLOCK_SIZE)
863  {
864  //Process complete blocks only
865  n = length - (length % AES_BLOCK_SIZE);
866 
867  //Encrypt complete blocks
868  if(aesContext->nr == 10)
869  {
870  HW_SCE_Aes128GcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
871  n / 4);
872  }
873  else if(aesContext->nr == 12)
874  {
875  HW_SCE_Aes192GcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
876  n / 4);
877  }
878  else
879  {
880  HW_SCE_Aes256GcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
881  n / 4);
882  }
883 
884  //Advance data pointer
885  i += n;
886  }
887 
888  //Process final block of payload data
889  if(i < length)
890  {
891  //Copy the partial input block
892  osMemset(block, 0, AES_BLOCK_SIZE);
893  osMemcpy(block, p + i, length - i);
894  }
895 
896  //64-bit representation of the length of the payload data
897  m = length * 8;
898  temp[0] = htobe32(m >> 32);
899  temp[1] = htobe32(m);
900 
901  //64-bit representation of the length of the additional data
902  m = aLen * 8;
903  temp[2] = htobe32(m >> 32);
904  temp[3] = htobe32(m);
905 
906  //Generate authentication tag
907  if(aesContext->nr == 10)
908  {
909  status = HW_SCE_Aes128GcmEncryptFinalSub(block, temp, temp + 2,
910  block, authTag);
911  }
912  else if(aesContext->nr == 12)
913  {
914  status = HW_SCE_Aes192GcmEncryptFinalSub(block, temp, temp + 2,
915  block, authTag);
916  }
917  else if(aesContext->nr == 14)
918  {
919  status = HW_SCE_Aes256GcmEncryptFinalSub(block, temp, temp + 2,
920  block, authTag);
921  }
922  else
923  {
924  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
925  }
926  }
927 
928  //Check status code
929  if(status == FSP_SUCCESS)
930  {
931  //Copy the partial output block
932  osMemcpy(c + i, block, length - i);
933  //Copy the resulting authentication tag
934  osMemcpy(t, authTag, tLen);
935  }
936 
937  //Release exclusive access to the RSIP7 module
938  osReleaseMutex(&ra8CryptoMutex);
939 
940  //Return status code
941  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
942 }
943 
944 
945 /**
946  * @brief Authenticated decryption using GCM
947  * @param[in] context Pointer to the GCM context
948  * @param[in] iv Initialization vector
949  * @param[in] ivLen Length of the initialization vector
950  * @param[in] a Additional authenticated data
951  * @param[in] aLen Length of the additional data
952  * @param[in] c Ciphertext to be decrypted
953  * @param[out] p Plaintext resulting from the decryption
954  * @param[in] length Total number of data bytes to be decrypted
955  * @param[in] t Authentication tag
956  * @param[in] tLen Length of the authentication tag
957  * @return Error code
958  **/
959 
960 error_t gcmDecrypt(GcmContext *context, const uint8_t *iv,
961  size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c,
962  uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
963 {
964  fsp_err_t status;
965  size_t i;
966  size_t n;
967  uint64_t m;
968  uint32_t keyType;
969  uint32_t dummy;
970  uint32_t temp[5];
971  uint32_t block[4];
972  uint32_t authTag[4];
973  AesContext *aesContext;
974 
975  //Make sure the GCM context is valid
976  if(context == NULL)
977  return ERROR_INVALID_PARAMETER;
978 
979  //Check whether the length of the IV is 96 bits
980  if(ivLen != 12)
981  return ERROR_INVALID_LENGTH;
982 
983  //Check the length of the authentication tag
984  if(tLen < 4 || tLen > 16)
985  return ERROR_INVALID_LENGTH;
986 
987  //Point to the AES context
988  aesContext = (AesContext *) context->cipherContext;
989 
990  //Set key type
991  keyType = 0;
992  //Dummy parameter
993  dummy = 0;
994 
995  //When the length of the IV is 96 bits, the padding string is appended to
996  //the IV to form the pre-counter block
997  temp[0] = LOAD32LE(iv);
998  temp[1] = LOAD32LE(iv + 4);
999  temp[2] = LOAD32LE(iv + 8);
1000  temp[3] = BETOH32(1);
1001 
1002  //Acquire exclusive access to the RSIP7 module
1003  osAcquireMutex(&ra8CryptoMutex);
1004 
1005  //Initialize GCM decryption
1006  if(aesContext->nr == 10)
1007  {
1008  status = HW_SCE_Aes128GcmDecryptInitSub(&keyType, &dummy, &dummy,
1009  aesContext->ek, temp, &dummy);
1010  }
1011  else if(aesContext->nr == 12)
1012  {
1013  status = HW_SCE_Aes192GcmDecryptInitSub(aesContext->ek, temp);
1014  }
1015  else if(aesContext->nr == 14)
1016  {
1017  status = HW_SCE_Aes256GcmDecryptInitSub(&keyType, aesContext->ek, temp);
1018  }
1019  else
1020  {
1021  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1022  }
1023 
1024  //Check status code
1025  if(status == FSP_SUCCESS)
1026  {
1027  //Point to the beginning of the additional authenticated data
1028  i = 0;
1029 
1030  //Process additional authenticated data
1031  if(aLen >= AES_BLOCK_SIZE)
1032  {
1033  //Process complete blocks only
1034  n = aLen - (aLen % AES_BLOCK_SIZE);
1035 
1036  //Write complete blocks
1037  if(aesContext->nr == 10)
1038  {
1039  HW_SCE_Aes128GcmDecryptUpdateAADSub((uint32_t *) a, n / 4);
1040  }
1041  else if(aesContext->nr == 12)
1042  {
1043  HW_SCE_Aes192GcmDecryptUpdateAADSub((uint32_t *) a, n / 4);
1044  }
1045  else
1046  {
1047  HW_SCE_Aes256GcmDecryptUpdateAADSub((uint32_t *) a, n / 4);
1048  }
1049 
1050  //Advance data pointer
1051  i += n;
1052  }
1053 
1054  //Process final block of additional authenticated data
1055  if(i < aLen)
1056  {
1057  //Copy the partial block
1058  osMemset(block, 0, AES_BLOCK_SIZE);
1059  osMemcpy(block, a + i, aLen - i);
1060 
1061  //Write block
1062  if(aesContext->nr == 10)
1063  {
1064  HW_SCE_Aes128GcmDecryptUpdateAADSub(block, 1);
1065  }
1066  else if(aesContext->nr == 12)
1067  {
1068  HW_SCE_Aes192GcmDecryptUpdateAADSub(block, 1);
1069  }
1070  else
1071  {
1072  HW_SCE_Aes256GcmDecryptUpdateAADSub(block, 1);
1073  }
1074  }
1075 
1076  //Transition to from AAD phase to data phase
1077  if(aesContext->nr == 10)
1078  {
1079  HW_SCE_Aes128GcmDecryptUpdateTransitionSub();
1080  }
1081  else if(aesContext->nr == 12)
1082  {
1083  HW_SCE_Aes192GcmDecryptUpdateTransitionSub();
1084  }
1085  else
1086  {
1087  HW_SCE_Aes256GcmDecryptUpdateTransitionSub();
1088  }
1089 
1090  //Point to the beginning of the payload data
1091  i = 0;
1092 
1093  //Process payload data
1094  if(length >= AES_BLOCK_SIZE)
1095  {
1096  //Process complete blocks only
1097  n = length - (length % AES_BLOCK_SIZE);
1098 
1099  //Decrypt complete blocks
1100  if(aesContext->nr == 10)
1101  {
1102  HW_SCE_Aes128GcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1103  n / 4);
1104  }
1105  else if(aesContext->nr == 12)
1106  {
1107  HW_SCE_Aes192GcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1108  n / 4);
1109  }
1110  else
1111  {
1112  HW_SCE_Aes256GcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1113  n / 4);
1114  }
1115 
1116  //Advance data pointer
1117  i += n;
1118  }
1119 
1120  //Process final block of payload data
1121  if(i < length)
1122  {
1123  //Copy the partial input block
1124  osMemset(block, 0, AES_BLOCK_SIZE);
1125  osMemcpy(block, c + i, length - i);
1126  }
1127 
1128  //64-bit representation of the length of the payload data
1129  m = length * 8;
1130  temp[0] = htobe32(m >> 32);
1131  temp[1] = htobe32(m);
1132 
1133  //64-bit representation of the length of the additional data
1134  m = aLen * 8;
1135  temp[2] = htobe32(m >> 32);
1136  temp[3] = htobe32(m);
1137 
1138  //32-bit representation of the length of the authentication tag
1139  temp[4] = htobe32(tLen);
1140 
1141  //Pad the authentication tag
1142  osMemset(authTag, 0, sizeof(authTag));
1143  osMemcpy(authTag, t, tLen);
1144 
1145  //Verify authentication tag
1146  if(aesContext->nr == 10)
1147  {
1148  status = HW_SCE_Aes128GcmDecryptFinalSub(block, temp, temp + 2,
1149  authTag, temp + 4, block);
1150  }
1151  else if(aesContext->nr == 12)
1152  {
1153  status = HW_SCE_Aes192GcmDecryptFinalSub(block, temp, temp + 2,
1154  authTag, temp + 4, block);
1155  }
1156  else if(aesContext->nr == 14)
1157  {
1158  status = HW_SCE_Aes256GcmDecryptFinalSub(block, temp, temp + 2,
1159  authTag, temp + 4, block);
1160  }
1161  else
1162  {
1163  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1164  }
1165  }
1166 
1167  //Check status code
1168  if(status == FSP_SUCCESS)
1169  {
1170  //Copy the partial output block
1171  osMemcpy(p + i, block, length - i);
1172  }
1173 
1174  //Release exclusive access to the RSIP7 module
1175  osReleaseMutex(&ra8CryptoMutex);
1176 
1177  //Return status code
1178  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
1179 }
1180 
1181 #endif
1182 #if (CCM_SUPPORT == ENABLED)
1183 
1184 /**
1185  * @brief Authenticated encryption using CCM
1186  * @param[in] cipher Cipher algorithm
1187  * @param[in] context Cipher algorithm context
1188  * @param[in] n Nonce
1189  * @param[in] nLen Length of the nonce
1190  * @param[in] a Additional authenticated data
1191  * @param[in] aLen Length of the additional data
1192  * @param[in] p Plaintext to be encrypted
1193  * @param[out] c Ciphertext resulting from the encryption
1194  * @param[in] length Total number of data bytes to be encrypted
1195  * @param[out] t MAC resulting from the encryption process
1196  * @param[in] tLen Length of the MAC
1197  * @return Error code
1198  **/
1199 
1200 error_t ccmEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *n,
1201  size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c,
1202  size_t length, uint8_t *t, size_t tLen)
1203 {
1204  error_t error;
1205  fsp_err_t status;
1206  size_t m;
1207  uint32_t keyType;
1208  uint32_t dataType;
1209  uint32_t command;
1210  uint32_t textLen;
1211  uint32_t headerLen;
1212  uint32_t seqNum;
1213  uint32_t block[4];
1214  uint32_t authTag[4];
1215  uint8_t header[64];
1216  AesContext *aesContext;
1217 
1218  //The RSIP7 module only supports AES cipher algorithm
1219  if(cipher != AES_CIPHER_ALGO)
1220  return ERROR_INVALID_PARAMETER;
1221 
1222  //Make sure the cipher context is valid
1223  if(context == NULL)
1224  return ERROR_INVALID_PARAMETER;
1225 
1226  //Check the length of the additional data
1227  if(aLen > (sizeof(header) - 18))
1228  return ERROR_INVALID_LENGTH;
1229 
1230  //Point to the AES context
1231  aesContext = (AesContext *) context;
1232 
1233  //Initialize parameters
1234  keyType = 0;
1235  dataType = 0;
1236  command = 0;
1237  textLen = htobe32(length);
1238  seqNum = 0;
1239 
1240  //Clear header
1241  osMemset(header, 0, sizeof(header));
1242 
1243  //Format first block B(0)
1244  error = ccmFormatBlock0(length, n, nLen, aLen, tLen, header);
1245  //Invalid parameters?
1246  if(error)
1247  return error;
1248 
1249  //Size of the first block (B0)
1250  headerLen = AES_BLOCK_SIZE;
1251 
1252  //Any additional data?
1253  if(aLen > 0)
1254  {
1255  //The length is encoded as 2 octets
1256  STORE16BE(aLen, header + headerLen);
1257  //Concatenate the associated data A
1258  osMemcpy(header + headerLen + 2, a, aLen);
1259  //Adjust the size of the header
1260  headerLen += 2 + aLen;
1261  }
1262 
1263  //Format initial counter value CTR(0)
1264  ccmFormatCounter0(n, nLen, (uint8_t *) block);
1265 
1266  //Acquire exclusive access to the RSIP7 module
1267  osAcquireMutex(&ra8CryptoMutex);
1268 
1269  //Initialize CCM encryption
1270  if(aesContext->nr == 10)
1271  {
1272  status = HW_SCE_Aes128CcmEncryptInitSubGeneral(&keyType, &dataType,
1273  &command, &textLen, aesContext->ek, block, (uint32_t *) header,
1274  &seqNum, (headerLen + 3) / 4);
1275  }
1276  else if(aesContext->nr == 12)
1277  {
1278  status = HW_SCE_Aes192CcmEncryptInitSubGeneral(&keyType, &dataType,
1279  &command, &textLen, aesContext->ek, block, (uint32_t *) header,
1280  &seqNum, (headerLen + 3) / 4);
1281  }
1282  else if(aesContext->nr == 14)
1283  {
1284  status = HW_SCE_Aes256CcmEncryptInitSubGeneral(&keyType, &dataType,
1285  &command, &textLen, aesContext->ek, block, (uint32_t *) header,
1286  &seqNum, (headerLen + 3) / 4);
1287  }
1288  else
1289  {
1290  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1291  }
1292 
1293  //Check status code
1294  if(status == FSP_SUCCESS)
1295  {
1296  //Process payload data
1297  if(length >= AES_BLOCK_SIZE)
1298  {
1299  //Process complete blocks only
1300  m = length - (length % AES_BLOCK_SIZE);
1301 
1302  //Encrypt complete blocks
1303  if(aesContext->nr == 10)
1304  {
1305  HW_SCE_Aes128CcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
1306  m / 4);
1307  }
1308  else if(aesContext->nr == 12)
1309  {
1310  HW_SCE_Aes192CcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
1311  m / 4);
1312  }
1313  else
1314  {
1315  HW_SCE_Aes256CcmEncryptUpdateSub((uint32_t *) p, (uint32_t *) c,
1316  m / 4);
1317  }
1318 
1319  //Advance data pointer
1320  length -= m;
1321  p += m;
1322  c += m;
1323  }
1324 
1325  //Process final block of payload data
1326  if(length > 0)
1327  {
1328  //Copy the partial input block
1329  osMemset(block, 0, AES_BLOCK_SIZE);
1330  osMemcpy(block, p, length);
1331  }
1332 
1333  //Generate authentication tag
1334  if(aesContext->nr == 10)
1335  {
1336  status = HW_SCE_Aes128CcmEncryptFinalSubGeneral(block, &textLen,
1337  block, authTag);
1338  }
1339  else if(aesContext->nr == 12)
1340  {
1341  status = HW_SCE_Aes192CcmEncryptFinalSub(block, &textLen, block,
1342  authTag);
1343  }
1344  else if(aesContext->nr == 14)
1345  {
1346  status = HW_SCE_Aes256CcmEncryptFinalSub(block, &textLen, block,
1347  authTag);
1348  }
1349  else
1350  {
1351  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1352  }
1353  }
1354 
1355  //Check status code
1356  if(status == FSP_SUCCESS)
1357  {
1358  //Copy the partial output block
1359  osMemcpy(c, block, length);
1360  //Copy the resulting authentication tag
1361  osMemcpy(t, authTag, tLen);
1362  }
1363 
1364  //Release exclusive access to the RSIP7 module
1365  osReleaseMutex(&ra8CryptoMutex);
1366 
1367  //Return status code
1368  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
1369 }
1370 
1371 
1372 /**
1373  * @brief Authenticated decryption using CCM
1374  * @param[in] cipher Cipher algorithm
1375  * @param[in] context Cipher algorithm context
1376  * @param[in] n Nonce
1377  * @param[in] nLen Length of the nonce
1378  * @param[in] a Additional authenticated data
1379  * @param[in] aLen Length of the additional data
1380  * @param[in] c Ciphertext to be decrypted
1381  * @param[out] p Plaintext resulting from the decryption
1382  * @param[in] length Total number of data bytes to be decrypted
1383  * @param[in] t MAC to be verified
1384  * @param[in] tLen Length of the MAC
1385  * @return Error code
1386  **/
1387 
1388 error_t ccmDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *n,
1389  size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p,
1390  size_t length, const uint8_t *t, size_t tLen)
1391 {
1392  error_t error;
1393  fsp_err_t status;
1394  size_t m;
1395  uint32_t keyType;
1396  uint32_t dataType;
1397  uint32_t command;
1398  uint32_t textLen;
1399  uint32_t authTagLen;
1400  uint32_t headerLen;
1401  uint32_t seqNum;
1402  uint32_t block[4];
1403  uint32_t authTag[4];
1404  uint8_t header[64];
1405  AesContext *aesContext;
1406 
1407  //The RSIP7 module only supports AES cipher algorithm
1408  if(cipher != AES_CIPHER_ALGO)
1409  return ERROR_INVALID_PARAMETER;
1410 
1411  //Make sure the cipher context is valid
1412  if(context == NULL)
1413  return ERROR_INVALID_PARAMETER;
1414 
1415  //Check the length of the additional data
1416  if(aLen > (sizeof(header) - 18))
1417  return ERROR_INVALID_LENGTH;
1418 
1419  //Point to the AES context
1420  aesContext = (AesContext *) context;
1421 
1422  //Initialize parameters
1423  keyType = 0;
1424  dataType = 0;
1425  command = 0;
1426  textLen = htobe32(length);
1427  authTagLen = htobe32(tLen);
1428  seqNum = 0;
1429 
1430  //Clear header
1431  osMemset(header, 0, sizeof(header));
1432 
1433  //Format first block B(0)
1434  error = ccmFormatBlock0(length, n, nLen, aLen, tLen, header);
1435  //Invalid parameters?
1436  if(error)
1437  return error;
1438 
1439  //Size of the first block (B0)
1440  headerLen = AES_BLOCK_SIZE;
1441 
1442  //Any additional data?
1443  if(aLen > 0)
1444  {
1445  //The length is encoded as 2 octets
1446  STORE16BE(aLen, header + headerLen);
1447  //Concatenate the associated data A
1448  osMemcpy(header + headerLen + 2, a, aLen);
1449  //Adjust the size of the header
1450  headerLen += 2 + aLen;
1451  }
1452 
1453  //Format initial counter value CTR(0)
1454  ccmFormatCounter0(n, nLen, (uint8_t *) block);
1455 
1456  //Acquire exclusive access to the RSIP7 module
1457  osAcquireMutex(&ra8CryptoMutex);
1458 
1459  //Initialize CCM decryption
1460  if(aesContext->nr == 10)
1461  {
1462  status = HW_SCE_Aes128CcmDecryptInitSubGeneral(&keyType, &dataType,
1463  &command, &textLen, &authTagLen, aesContext->ek, block,
1464  (uint32_t *) header, &seqNum, (headerLen + 3) / 4);
1465  }
1466  else if(aesContext->nr == 12)
1467  {
1468  status = HW_SCE_Aes192CcmDecryptInitSubGeneral(&keyType, &dataType,
1469  &command, &textLen, &authTagLen, aesContext->ek, block,
1470  (uint32_t *) header, &seqNum, (headerLen + 3) / 4);
1471  }
1472  else if(aesContext->nr == 14)
1473  {
1474  status = HW_SCE_Aes256CcmDecryptInitSubGeneral(&keyType, &dataType,
1475  &command, &textLen, &authTagLen, aesContext->ek, block,
1476  (uint32_t *) header, &seqNum, (headerLen + 3) / 4);
1477  }
1478  else
1479  {
1480  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1481  }
1482 
1483  //Check status code
1484  if(status == FSP_SUCCESS)
1485  {
1486  //Process payload data
1487  if(length >= AES_BLOCK_SIZE)
1488  {
1489  //Process complete blocks only
1490  m = length - (length % AES_BLOCK_SIZE);
1491 
1492  //Decrypt complete blocks
1493  if(aesContext->nr == 10)
1494  {
1495  HW_SCE_Aes128CcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1496  m / 4);
1497  }
1498  else if(aesContext->nr == 12)
1499  {
1500  HW_SCE_Aes192CcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1501  m / 4);
1502  }
1503  else
1504  {
1505  HW_SCE_Aes256CcmDecryptUpdateSub((uint32_t *) c, (uint32_t *) p,
1506  m / 4);
1507  }
1508 
1509  //Advance data pointer
1510  length -= m;
1511  c += m;
1512  p += m;
1513  }
1514 
1515  //Process final block of payload data
1516  if(length > 0)
1517  {
1518  //Copy the partial input block
1519  osMemset(block, 0, AES_BLOCK_SIZE);
1520  osMemcpy(block, c, length);
1521  }
1522 
1523  //Pad the authentication tag
1524  osMemset(authTag, 0, sizeof(authTag));
1525  osMemcpy(authTag, t, tLen);
1526 
1527  //Verify authentication tag
1528  if(aesContext->nr == 10)
1529  {
1530  status = HW_SCE_Aes128CcmDecryptFinalSubGeneral(block, &textLen,
1531  authTag, &authTagLen, block);
1532  }
1533  else if(aesContext->nr == 12)
1534  {
1535  status = HW_SCE_Aes192CcmDecryptFinalSub(block, &textLen,
1536  authTag, &authTagLen, block);
1537  }
1538  else if(aesContext->nr == 14)
1539  {
1540  status = HW_SCE_Aes256CcmDecryptFinalSub(block, &textLen,
1541  authTag, &authTagLen, block);
1542  }
1543  else
1544  {
1545  status = FSP_ERR_CRYPTO_NOT_IMPLEMENTED;
1546  }
1547  }
1548 
1549  //Check status code
1550  if(status == FSP_SUCCESS)
1551  {
1552  //Copy the partial output block
1553  osMemcpy(p, block, length);
1554  }
1555 
1556  //Release exclusive access to the RSIP7 module
1557  osReleaseMutex(&ra8CryptoMutex);
1558 
1559  //Return status code
1560  return (status == FSP_SUCCESS) ? NO_ERROR : ERROR_FAILURE;
1561 }
1562 
1563 #endif
1564 #endif
ecbEncrypt
error_t ecbEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *p, uint8_t *c, size_t length)
ECB encryption.
Definition: ra8_crypto_cipher.c:289
block
uint16_t block
Definition: tftp_common.h:115
a
uint8_t a
Definition: ndp.h:411
CipherAlgo::decryptBlock
CipherAlgoDecryptBlock decryptBlock
Definition: crypto.h:1077
p
uint8_t p
Definition: ndp.h:300
t
uint8_t t
Definition: lldp_ext_med.h:212
o
uint8_t o
Definition: dhcpv6_common.h:415
cipher_algorithms.h
Collection of AEAD algorithms.
aesDecryptBlock
void aesDecryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
Decrypt a 16-byte block using AES algorithm.
Definition: ra8_crypto_cipher.c:269
CipherAlgo::blockSize
size_t blockSize
Definition: crypto.h:1072
ra8CryptoMutex
OsMutex ra8CryptoMutex
Definition: ra8_crypto.c:41
ra8_crypto_cipher.h
RA8 cipher hardware accelerator.
BETOH32
#define BETOH32(value)
Definition: cpu_endian.h:451
ccmFormatCounter0
void ccmFormatCounter0(const uint8_t *n, size_t nLen, uint8_t *ctr)
Format initial counter value CTR(0)
Definition: ccm.c:418
CipherAlgo::encryptBlock
CipherAlgoEncryptBlock encryptBlock
Definition: crypto.h:1076
gcmDecrypt
error_t gcmDecrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
Authenticated decryption using GCM.
Definition: ra8_crypto_cipher.c:960
AesContext
AES algorithm context.
Definition: aes.h:58
AES_BLOCK_SIZE
#define AES_BLOCK_SIZE
Definition: aes.h:43
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:141
error_t
error_t
Error codes.
Definition: error.h:43
seqNum
uint32_t seqNum
Definition: tcp.h:341
ERROR_FAILURE
@ ERROR_FAILURE
Generic error code.
Definition: error.h:45
STORE16BE
#define STORE16BE(a, p)
Definition: cpu_endian.h:262
ccmFormatBlock0
error_t ccmFormatBlock0(size_t q, const uint8_t *n, size_t nLen, size_t aLen, size_t tLen, uint8_t *b)
Format first block B(0)
Definition: ccm.c:353
ERROR_INVALID_LENGTH
@ ERROR_INVALID_LENGTH
Definition: error.h:111
cbcDecrypt
error_t cbcDecrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *c, uint8_t *p, size_t length)
CBC decryption.
Definition: ra8_crypto_cipher.c:504
crypto.h
General definitions for cryptographic algorithms.
iv
uint8_t iv[]
Definition: ike.h:1502
ctrEncrypt
error_t ctrEncrypt(const CipherAlgo *cipher, void *context, uint_t m, uint8_t *t, const uint8_t *p, uint8_t *c, size_t length)
CTR encryption.
Definition: ra8_crypto_cipher.c:599
cipher_modes.h
Block cipher modes of operation.
GcmContext::cipherAlgo
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: gcm.h:65
ccmEncrypt
error_t ccmEncrypt(const CipherAlgo *cipher, void *context, const uint8_t *n, size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using CCM.
Definition: ra8_crypto_cipher.c:1200
length
uint8_t length
Definition: tcp.h:368
MIN
#define MIN(a, b)
Definition: os_port.h:63
AesContext::nr
uint_t nr
Definition: aes.h:59
htobe32
#define htobe32(value)
Definition: cpu_endian.h:446
aesProcessData
error_t aesProcessData(AesContext *context, uint8_t *iv, const uint8_t *input, uint8_t *output, size_t length, uint32_t command)
Perform AES encryption or decryption.
Definition: ra8_crypto_cipher.c:61
aead_algorithms.h
aesInit
error_t aesInit(AesContext *context, const uint8_t *key, size_t keyLen)
Key expansion.
Definition: ra8_crypto_cipher.c:194
GcmContext
GCM context.
Definition: gcm.h:64
ccmDecrypt
error_t ccmDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *n, size_t nLen, const uint8_t *a, size_t aLen, const uint8_t *c, uint8_t *p, size_t length, const uint8_t *t, size_t tLen)
Authenticated decryption using CCM.
Definition: ra8_crypto_cipher.c:1388
gcmInit
error_t gcmInit(GcmContext *context, const CipherAlgo *cipherAlgo, void *cipherContext)
Initialize GCM context.
Definition: ra8_crypto_cipher.c:693
m
uint8_t m
Definition: ndp.h:304
n
uint8_t n
Definition: dhcpv6_common.h:416
osAcquireMutex
void osAcquireMutex(OsMutex *mutex)
Acquire ownership of the specified mutex object.
Definition: os_port_chibios.c:396
osReleaseMutex
void osReleaseMutex(OsMutex *mutex)
Release ownership of the specified mutex object.
Definition: os_port_chibios.c:408
aesEncryptBlock
void aesEncryptBlock(AesContext *context, const uint8_t *input, uint8_t *output)
Encrypt a 16-byte block using AES algorithm.
Definition: ra8_crypto_cipher.c:254
gcmEncrypt
error_t gcmEncrypt(GcmContext *context, const uint8_t *iv, size_t ivLen, const uint8_t *a, size_t aLen, const uint8_t *p, uint8_t *c, size_t length, uint8_t *t, size_t tLen)
Authenticated encryption using GCM.
Definition: ra8_crypto_cipher.c:728
cbcEncrypt
error_t cbcEncrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *p, uint8_t *c, size_t length)
CBC encryption.
Definition: ra8_crypto_cipher.c:420
CipherAlgo
Common interface for encryption algorithms.
Definition: crypto.h:1068
AES_CIPHER_ALGO
#define AES_CIPHER_ALGO
Definition: aes.h:45
LOAD32LE
#define LOAD32LE(p)
Definition: cpu_endian.h:203
ra8_crypto.h
RA8 hardware cryptographic accelerator (RSIP7)
AesContext::ek
uint32_t ek[60]
Definition: aes.h:60
uint_t
unsigned int uint_t
Definition: compiler_port.h:50
osMemset
#define osMemset(p, value, length)
Definition: os_port.h:135
GcmContext::cipherContext
void * cipherContext
Cipher algorithm context.
Definition: gcm.h:66
ctrIncBlock
void ctrIncBlock(uint8_t *ctr, uint32_t inc, size_t blockSize, size_t m)
Increment counter block.
Definition: ctr.c:138
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
c
uint8_t c
Definition: ndp.h:514
debug.h
Debugging facilities.
ecbDecrypt
error_t ecbDecrypt(const CipherAlgo *cipher, void *context, const uint8_t *c, uint8_t *p, size_t length)
ECB decryption.
Definition: ra8_crypto_cipher.c:353