This is an automated email from the ASF dual-hosted git repository. jiuzhudong pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/nuttx.git
commit 17b7c77d3a6c5c5b022cbbbe34c19d6410c21a1f Author: makejian <[email protected]> AuthorDate: Tue Aug 19 22:07:13 2025 +0800 crypto/swkey: support generating AES keys Add support for generating AES keys (128/192/256 bits) using the software key management backend. The generated keys are random numbers produced by the system PRNG. Signed-off-by: makejian <[email protected]> --- crypto/cryptodev.c | 5 ++++- crypto/cryptosoft.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) diff --git a/crypto/cryptodev.c b/crypto/cryptodev.c index b5aabfbe7e5..183c7b59a0b 100644 --- a/crypto/cryptodev.c +++ b/crypto/cryptodev.c @@ -624,7 +624,6 @@ static int cryptodev_key(FAR struct fcrypt *fcr, FAR struct crypt_kop *kop) return -EINVAL; case CRK_VALIDATE_KEYID: case CRK_DELETE_KEY: - case CRK_GENERATE_AES_KEY: case CRK_SAVE_KEY: case CRK_LOAD_KEY: case CRK_UNLOAD_KEY: @@ -641,6 +640,10 @@ static int cryptodev_key(FAR struct fcrypt *fcr, FAR struct crypt_kop *kop) /* inparam: keyid, raw data */ + case CRK_GENERATE_AES_KEY: + + /* inparam: keyid, keylen 16/24/32(128/192/256) */ + if (in == 2 && out == 0) { break; diff --git a/crypto/cryptosoft.c b/crypto/cryptosoft.c index ec2d4116f7e..c592b212bb9 100644 --- a/crypto/cryptosoft.c +++ b/crypto/cryptosoft.c @@ -548,6 +548,48 @@ static int swkey_export(FAR struct swkey_context_s *ctx, return OK; } +/**************************************************************************** + * Name: swkey_gen_aes_key + * + * Description: + * Generate AES key and bound with keyid + * + ****************************************************************************/ + +static int swkey_gen_aes_key(FAR struct swkey_context_s *ctx, uint32_t keyid, + uint32_t keylen) +{ + FAR struct swkey_data_s *data; + int ret = -EINVAL; + char buf[32]; + + if (keyid == 0) + { + return ret; + } + + /* Generate a key sufficient for AES-128/192/256 */ + + arc4random_buf(buf, keylen); + ret = swkey_write(&ctx->file, keyid, buf, keylen, 0); + if (ret < 0) + { + return ret; + } + + if (keylen <= CONFIG_CRYPTO_CRYPTODEV_SOFTWARE_KEYMGMT_BUFSIZE) + { + data = swkey_get_cache_data(ctx, keyid); + data->id = keyid; + data->size = keylen; + data->flags = 0; + memcpy(data->buf, buf, keylen); + swkey_promote_cache_data(ctx, data); + } + + return ret; +} + /**************************************************************************** * Name: swkey_save * @@ -666,6 +708,7 @@ static int swkey_kprocess(FAR struct cryptkop *krp) { FAR struct swkey_context_s *ctx; uint32_t keyid; + uint32_t keylen; /* Sanity check */ @@ -716,6 +759,20 @@ static int swkey_kprocess(FAR struct cryptkop *krp) krp->krp_param[1].crp_p, krp->krp_param[1].crp_nbits / 8); break; + case CRK_GENERATE_AES_KEY: + if (krp->krp_param[1].crp_nbits != sizeof(uint32_t) * 8) + { + return -EINVAL; + } + + keylen = *(uint32_t *)krp->krp_param[1].crp_p; + if (keylen != 16 && keylen != 24 && keylen != 32) + { + return -EINVAL; + } + + krp->krp_status = swkey_gen_aes_key(ctx, keyid, keylen); + break; case CRK_SAVE_KEY: krp->krp_status = swkey_save(ctx, keyid); break; @@ -823,6 +880,7 @@ void swkey_init(void) kalgs[CRK_IMPORT_KEY] = CRYPTO_ALG_FLAG_SUPPORTED; kalgs[CRK_DELETE_KEY] = CRYPTO_ALG_FLAG_SUPPORTED; kalgs[CRK_EXPORT_KEY] = CRYPTO_ALG_FLAG_SUPPORTED; + kalgs[CRK_GENERATE_AES_KEY] = CRYPTO_ALG_FLAG_SUPPORTED; kalgs[CRK_SAVE_KEY] = CRYPTO_ALG_FLAG_SUPPORTED; kalgs[CRK_LOAD_KEY] = CRYPTO_ALG_FLAG_SUPPORTED; kalgs[CRK_UNLOAD_KEY] = CRYPTO_ALG_FLAG_SUPPORTED;
