This is an automated email from the ASF dual-hosted git repository. xiaoxiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nuttx-apps.git
commit 96b220659d5f83b6cd3339c5527b8a769e6c3456 Author: makejian <[email protected]> AuthorDate: Tue Jul 9 21:08:55 2024 +0800 apps/mbedtls-alt: support cmac Signed-off-by: makejian <[email protected]> --- crypto/mbedtls/CMakeLists.txt | 4 + crypto/mbedtls/Kconfig | 5 + crypto/mbedtls/Makefile | 4 + crypto/mbedtls/include/cmac_alt.h | 40 ++++ crypto/mbedtls/include/mbedtls/mbedtls_config.h | 7 +- crypto/mbedtls/source/cmac_alt.c | 247 ++++++++++++++++++++++++ 6 files changed, 305 insertions(+), 2 deletions(-) diff --git a/crypto/mbedtls/CMakeLists.txt b/crypto/mbedtls/CMakeLists.txt index b6b66084b..bc063afa3 100644 --- a/crypto/mbedtls/CMakeLists.txt +++ b/crypto/mbedtls/CMakeLists.txt @@ -77,6 +77,10 @@ if(CONFIG_CRYPTO_MBEDTLS) list(APPEND CSRCS ${CMAKE_CURRENT_LIST_DIR}/source/aes_alt.c) endif() + if(CONFIG_MBEDTLS_CMAC_ALT) + list(APPEND CSRCS ${CMAKE_CURRENT_LIST_DIR}/source/cmac_alt.c) + endif() + if(CONFIG_MBEDTLS_MD5_ALT) list(APPEND CSRCS ${CMAKE_CURRENT_LIST_DIR}/source/md5_alt.c) endif() diff --git a/crypto/mbedtls/Kconfig b/crypto/mbedtls/Kconfig index d61e6b3f5..39bffa85a 100644 --- a/crypto/mbedtls/Kconfig +++ b/crypto/mbedtls/Kconfig @@ -562,6 +562,11 @@ config MBEDTLS_AES_ALT select MBEDTLS_ALT default n +config MBEDTLS_CMAC_ALT + bool "Enable Mbedt TLS CMAC module alted by nuttx crypto" + select MBEDTLS_ALT + default n + config MBEDTLS_MD5_ALT bool "Enable Mbedt TLS MD5 module alted by nuttx crypto" select MBEDTLS_ALT diff --git a/crypto/mbedtls/Makefile b/crypto/mbedtls/Makefile index bb79154c3..b21b6adef 100644 --- a/crypto/mbedtls/Makefile +++ b/crypto/mbedtls/Makefile @@ -119,6 +119,10 @@ ifeq ($(CONFIG_MBEDTLS_AES_ALT),y) CSRCS += $(APPDIR)/crypto/mbedtls/source/aes_alt.c endif +ifeq ($(CONFIG_MBEDTLS_CMAC_ALT),y) +CSRCS += $(APPDIR)/crypto/mbedtls/source/cmac_alt.c +endif + ifeq ($(CONFIG_MBEDTLS_MD5_ALT),y) CSRCS += $(APPDIR)/crypto/mbedtls/source/md5_alt.c endif diff --git a/crypto/mbedtls/include/cmac_alt.h b/crypto/mbedtls/include/cmac_alt.h new file mode 100644 index 000000000..4d3d73b67 --- /dev/null +++ b/crypto/mbedtls/include/cmac_alt.h @@ -0,0 +1,40 @@ +/**************************************************************************** + * apps/crypto/mbedtls/include/cmac_alt.h + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + ****************************************************************************/ + +#ifndef __APPS_CRYPTO_MBEDTLS_INCLUDE_CMAC_ALT_H +#define __APPS_CRYPTO_MBEDTLS_INCLUDE_CMAC_ALT_H + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include "dev_alt.h" + +#define CMAC_KEY_MAX_SIZE 32 + +struct mbedtls_cmac_context_t +{ + cryptodev_context_t dev; + unsigned char key[CMAC_KEY_MAX_SIZE]; + uint32_t keybits; + uint32_t cipher_type; + uint32_t mac_type; +}; + +#endif /* __APPS_CRYPTO_MBEDTLS_INCLUDE_CMAC_ALT_H */ diff --git a/crypto/mbedtls/include/mbedtls/mbedtls_config.h b/crypto/mbedtls/include/mbedtls/mbedtls_config.h index 9f7c3bb5f..1bca23800 100644 --- a/crypto/mbedtls/include/mbedtls/mbedtls_config.h +++ b/crypto/mbedtls/include/mbedtls/mbedtls_config.h @@ -359,8 +359,11 @@ * #define MBEDTLS_CCM_ALT * #define MBEDTLS_CHACHA20_ALT * #define MBEDTLS_CHACHAPOLY_ALT - * #define MBEDTLS_CMAC_ALT - * #define MBEDTLS_DES_ALT + */ +#ifdef CONFIG_MBEDTLS_CMAC_ALT +#define MBEDTLS_CMAC_ALT +#endif +/* #define MBEDTLS_DES_ALT * #define MBEDTLS_DHM_ALT * #define MBEDTLS_ECJPAKE_ALT * #define MBEDTLS_GCM_ALT diff --git a/crypto/mbedtls/source/cmac_alt.c b/crypto/mbedtls/source/cmac_alt.c new file mode 100644 index 000000000..965f9e0d0 --- /dev/null +++ b/crypto/mbedtls/source/cmac_alt.c @@ -0,0 +1,247 @@ +/**************************************************************************** + * apps/crypto/mbedtls/source/cmac_alt.c + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. The + * ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the + * License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + ****************************************************************************/ + +/**************************************************************************** + * Included Files + ****************************************************************************/ + +#include "mbedtls/cmac.h" +#include "mbedtls/platform_util.h" +#include "mbedtls/error.h" +#include "mbedtls/platform.h" + +#include <string.h> + +/**************************************************************************** + * Public Functions + ****************************************************************************/ + +int mbedtls_cipher_cmac_starts(FAR mbedtls_cipher_context_t *ctx, + FAR const unsigned char *key, + size_t keybits) +{ + FAR mbedtls_cmac_context_t *cmac_ctx; + uint32_t cipher_type; + uint32_t mac_type; + int retval; + + if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) + { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + switch (ctx->cipher_info->type) + { + case MBEDTLS_CIPHER_AES_128_ECB: + cipher_type = CRYPTO_AES_CMAC; + mac_type = CRYPTO_AES_128_CMAC; + break; + default: + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t)); + if (cmac_ctx == NULL) + { + return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; + } + + retval = cryptodev_init(&cmac_ctx->dev); + if (retval != 0) + { + mbedtls_free(cmac_ctx); + return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; + } + + cmac_ctx->cipher_type = cipher_type; + cmac_ctx->mac_type = mac_type; + cmac_ctx->keybits = keybits; + memcpy(cmac_ctx->key, key, keybits / 8); + cmac_ctx->dev.session.cipher = cipher_type; + cmac_ctx->dev.session.key = (caddr_t)cmac_ctx->key; + cmac_ctx->dev.session.keylen = keybits / 8; + cmac_ctx->dev.session.mac = mac_type; + cmac_ctx->dev.session.mackey = (caddr_t)cmac_ctx->key; + cmac_ctx->dev.session.mackeylen = keybits / 8; + + retval = cryptodev_get_session(&cmac_ctx->dev); + if (retval != 0) + { + cryptodev_free(&cmac_ctx->dev); + mbedtls_free(cmac_ctx); + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + ctx->cmac_ctx = cmac_ctx; + return retval; +} + +int mbedtls_cipher_cmac_update(FAR mbedtls_cipher_context_t *ctx, + FAR const unsigned char *input, + size_t ilen) +{ + if (ctx == NULL || ctx->cmac_ctx == NULL || input == NULL || ilen < 0) + { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + ctx->cmac_ctx->dev.crypt.op = COP_ENCRYPT; + ctx->cmac_ctx->dev.crypt.flags |= COP_FLAG_UPDATE; + ctx->cmac_ctx->dev.crypt.src = (caddr_t)input; + ctx->cmac_ctx->dev.crypt.len = ilen; + return cryptodev_crypt(&ctx->cmac_ctx->dev); +} + +int mbedtls_cipher_cmac_finish(FAR mbedtls_cipher_context_t *ctx, + FAR unsigned char *output) +{ + int ret; + + if (ctx == NULL || ctx->cmac_ctx == NULL || output == NULL) + { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + ctx->cmac_ctx->dev.crypt.flags = 0; + ctx->cmac_ctx->dev.crypt.mac = (caddr_t)output; + ret = cryptodev_crypt(&ctx->cmac_ctx->dev); + cryptodev_free_session(&ctx->cmac_ctx->dev); + cryptodev_free(&ctx->cmac_ctx->dev); + return ret; +} + +int mbedtls_cipher_cmac_reset(FAR mbedtls_cipher_context_t *ctx) +{ + FAR mbedtls_cmac_context_t *cmac_ctx; + int ret; + + if (ctx == NULL || ctx->cmac_ctx == NULL) + { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + cmac_ctx = ctx->cmac_ctx; + ret = cryptodev_init(&cmac_ctx->dev); + if (ret != 0) + { + return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; + } + + cmac_ctx->dev.session.cipher = cmac_ctx->cipher_type; + cmac_ctx->dev.session.key = (caddr_t)cmac_ctx->key; + cmac_ctx->dev.session.keylen = cmac_ctx->keybits / 8; + cmac_ctx->dev.session.mac = cmac_ctx->mac_type; + cmac_ctx->dev.session.mackey = (caddr_t)cmac_ctx->key; + cmac_ctx->dev.session.mackeylen = cmac_ctx->keybits / 8; + + ret = cryptodev_get_session(&cmac_ctx->dev); + if (ret != 0) + { + cryptodev_free(cmac_ctx->dev); + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + return ret; +} + +int mbedtls_cipher_cmac(FAR const mbedtls_cipher_info_t *cipher_info, + FAR const unsigned char *key, size_t keylen, + FAR const unsigned char *input, size_t ilen, + FAR unsigned char *output) +{ + FAR mbedtls_cipher_context_t ctx; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (cipher_info == NULL || key == NULL || input == NULL || output == NULL) + { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + mbedtls_cipher_init(&ctx); + + if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) + { + goto exit; + } + + ret = mbedtls_cipher_cmac_starts(&ctx, key, keylen); + if (ret != 0) + { + goto exit; + } + + ret = mbedtls_cipher_cmac_update(&ctx, input, ilen); + if (ret != 0) + { + goto exit; + } + + ret = mbedtls_cipher_cmac_finish(&ctx, output); + +exit: + mbedtls_cipher_free(&ctx); + return ret; +} + +#if defined(MBEDTLS_AES_C) +int mbedtls_aes_cmac_prf_128(FAR const unsigned char *key, size_t key_length, + FAR const unsigned char *input, size_t in_len, + unsigned char output[16]) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + FAR const mbedtls_cipher_info_t *cipher_info; + unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE]; + unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE]; + + if (key == NULL || input == NULL || output == NULL) + { + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } + + cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); + if (cipher_info == NULL) + { + ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + goto exit; + } + + if (key_length == MBEDTLS_AES_BLOCK_SIZE) + { + memcpy(int_key, key, MBEDTLS_AES_BLOCK_SIZE); + } + else + { + memset(zero_key, 0, MBEDTLS_AES_BLOCK_SIZE); + + ret = mbedtls_cipher_cmac(cipher_info, zero_key, 128, key, + key_length, int_key); + if (ret != 0) + { + goto exit; + } + } + + ret = mbedtls_cipher_cmac(cipher_info, int_key, 128, input, in_len, + output); + +exit: + mbedtls_platform_zeroize(int_key, sizeof(int_key)); + return ret; +} +#endif /* MBEDTLS_AES_C */
