beslan/mbed-os-hardfp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import Mbed OS hard-float snapshot

Browse Source
This commit is contained in:
Beslan
2026-06-01 20:15:04 +03:00
commit d3738e2f89
16278 changed files with 10628036 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

342
connectivity/nanostack/sal-stack-nanostack/source/Service_Libs/CCM_lib/ccm_security.c Normal file
View File

@@ -0,0 +1,342 @@
/*
* Copyright (c) 2014-2015, 2017-2018, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
*
* \file ccm_security.c
* \brief CCM Library API.
*
* \section ccm-api CCM Library API:
* - ccm_sec_init(), A function to init CCM library.
* - ccm_process_run(), A function to run configured CCM process
*
* \section ccm-inctuction CCM process sequency:
* 1. Init CCM library by , ccm key, ccm_sec_init()
* - security level
* - 128-bit ccm key
* - mode: AES_CCM_ENCRYPT or AES_CCM_DECRYPT
* - CCM L parameter: 2 or 3 depends nonce legth (802.15.4 use 2 and TLS security use 3)
* 2. Define ADATA pointer and length, if returned global structure mic_len field is > 0
* 3. Set Data pointer and length
* 4. Do configured CCM process ccm_process_run()
* 5. Check Return value:
* -If 0 Process ok
* -< 0 MIC fail or parameter fail
*/
#include <stdint.h>
#include <string.h>
#include "ccmLIB.h"
#include "platform/arm_hal_aes.h"
static void ccm_generate_A0(uint8_t *ptr, ccm_globals_t *ccm_pramters);
static void ccm_auth_generate_B0(uint8_t *ptr, ccm_globals_t *ccm_params);
static void ccm_auth_calc_Xi(void *aes_context, uint8_t X[static 16], uint8_t Blen, const uint8_t B[static Blen]);
static uint8_t ccm_mic_len_calc(uint8_t sec_level);
static void ccm_encode(ccm_globals_t *ccm_params);
static int8_t ccm_calc_auth_MIC(ccm_globals_t *ccm_params);
/**
* \brief A function to init CCM library.
* \param sec_level Used CCM security level (0-7).
* \param ccm_key pointer to 128-key.
* \param mode AES_CCM_ENCRYPT or AES_CCM_DECRYPT
* \param ccm_l cuold be 2 or 3. 2 when NONCE length is 13 and 3 when length is 12. (NONCE Len= (15-ccm_l))
*
* \return Pointer to Global CCM paramameter buffer.
* \return 0 When parameter fail or CCM is Busy.
*/
bool ccm_sec_init(ccm_globals_t *ccm_context, uint8_t sec_level, const uint8_t *ccm_key, uint8_t mode, uint8_t ccm_l)
{
memset(ccm_context, 0, sizeof(ccm_globals_t));
if ((ccm_l == 2 || ccm_l == 3) && (sec_level < 8)) {
void *aes_context = arm_aes_start(ccm_key);
if (!aes_context) {
return false;
}
ccm_context->aes_context = aes_context;
ccm_context->ccm_encode_mode = mode;
ccm_context->ccm_sec_level = sec_level;
ccm_context->ccm_l_param = ccm_l;
ccm_context->key_ptr = ccm_key;
ccm_context->mic_len = ccm_mic_len_calc(sec_level);
return true;
}
return false;
}
/**
* \brief A function to init CCM library.
* \param sec_level Used CCM security level (0-7).
* \param ccm_key pointer to 128-key.
* \param mode AES_CCM_ENCRYPT or AES_CCM_DECRYPT
* \param ccm_l cuold be 2 or 3. 2 when NONCE length is 13 and 3 when length is 12. (NONCE Len= (15-ccm_l))
*
* \return 0 CCM process OK and when AES_CCM_DECRYPT mode was selectected also MIC was correct.
* \return -1 Init have not called or data or adata pointers or lengths are zero.
* \return -2 Null pointer given to function
*/
int8_t ccm_process_run(ccm_globals_t *ccm_params)
{
int8_t ret_val = -1;
if (ccm_params == NULL) {
ret_val = -2;
goto END;
}
if (ccm_params->mic_len) {
/* data length >= 0xff00 would require different encoding */
if (ccm_params->adata_len == 0 || ccm_params->adata_len >= 0xff00 || ccm_params->adata_ptr == NULL) {
goto END;
} else if (ccm_params->mic == NULL) {
ret_val = -2;
goto END;
}
}
if (ccm_params->data_len != 0 && ccm_params->data_ptr == NULL) {
ret_val = -2;
goto END;
}
if (ccm_params->ccm_encode_mode == AES_CCM_ENCRYPT) {
if (ccm_params->mic_len) {
//Calc
if (ccm_calc_auth_MIC(ccm_params)) {
goto END;
}
}
if (ccm_params->data_len) {
ccm_encode(ccm_params);
}
ret_val = 0;
} else {
if (ccm_params->data_len) {
ccm_encode(ccm_params);
}
if (ccm_params->mic_len) {
if (ccm_calc_auth_MIC(ccm_params) == 0) {
ret_val = 0;
}
} else {
ret_val = 0;
}
}
END:
ccm_free(ccm_params);
return ret_val;
}
void ccm_free(ccm_globals_t *ccm_params)
{
if (ccm_params && ccm_params->aes_context) {
arm_aes_finish(ccm_params->aes_context);
}
}
/* Counter-mode encryption/decryption
* Ci := E(Key, Ai) ^ Mi
*/
static void ccm_encode(ccm_globals_t *ccm_params)
{
if (!ccm_params->key_ptr || ccm_params->ccm_sec_level < AES_SECURITY_LEVEL_ENC) {
return;
}
uint16_t len = ccm_params->data_len;
uint8_t *ptr = ccm_params->data_ptr;
uint8_t Ai[16], Si[16];
//first, generate A0
ccm_generate_A0(Ai, ccm_params);
while (len) {
//increment counter in Ai - 16-bit increment enough; len is 16-bit
if (++Ai[15] == 0) {
++Ai[14];
}
// Si := E(Key, Ai)
arm_aes_encrypt(ccm_params->aes_context, Ai, Si);
// output := Si ^ input
for (int_fast8_t i = 0; i < 16 && len; i++, len--) {
*ptr++ ^= Si[i];
}
}
}
static int8_t ccm_calc_auth_MIC(ccm_globals_t *ccm_params)
{
const uint8_t *data_ptr = ccm_params->data_ptr;
uint16_t data_len = ccm_params->data_len;
const uint8_t *adata_ptr = ccm_params->adata_ptr;
uint16_t adata_len = ccm_params->adata_len;
uint8_t Xi[16];
// As a convenience, treat "data" as "adata", reflecting that "Private
// Payload" is part of "a data" not "m data" for unencrypted modes.
// The distinction matters because there's an "align to block" between
// "a" and "m", which we don't do when it's all in "a".
if (ccm_params->ccm_sec_level < AES_SECURITY_LEVEL_ENC && data_len != 0) {
// This trick only works if data follows adata
if (data_ptr == adata_ptr + adata_len) {
adata_len += data_len;
data_len = 0;
} else {
return -1;
}
}
ccm_auth_generate_B0(Xi, ccm_params); //Set B0
// Calculate X1: E(key, B0)
// [Could use ccm_auth_calc_Xi - it's formally X1 := E(key, B0 ^ X0), where X0 = 0]
arm_aes_encrypt(ccm_params->aes_context, Xi, Xi);
//First authentication block has 2-byte length field concatenated
if (adata_len) {
uint8_t B1[16];
uint_fast8_t t_len = adata_len > 14 ? 14 : adata_len;
B1[0] = adata_len >> 8;
B1[1] = adata_len;
memcpy(&B1[2], adata_ptr, t_len);
ccm_auth_calc_Xi(ccm_params->aes_context, Xi, 2 + t_len, B1);
adata_ptr += t_len;
adata_len -= t_len;
}
while (adata_len) {
uint_fast8_t t_len = adata_len > 16 ? 16 : adata_len;
ccm_auth_calc_Xi(ccm_params->aes_context, Xi, t_len, adata_ptr);
adata_ptr += t_len;
adata_len -= t_len;
}
while (data_len) {
uint_fast8_t t_len = data_len > 16 ? 16 : data_len;
ccm_auth_calc_Xi(ccm_params->aes_context, Xi, t_len, data_ptr);
data_ptr += t_len;
data_len -= t_len;
}
// Authentication tag T is leftmost M octets of X[t+1]
// Encryption block S0 is E(Key, A0)
uint8_t S0[16];
ccm_generate_A0(S0, ccm_params);
arm_aes_encrypt(ccm_params->aes_context, S0, S0);
// Encrypted authentication tag U is S0^T (leftmost M octets)
if (ccm_params->ccm_encode_mode == AES_CCM_ENCRYPT) {
for (uint_fast8_t i = 0; i < ccm_params->mic_len; i++) {
ccm_params->mic[i] = Xi[i] ^ S0[i];
}
} else {
for (uint_fast8_t i = 0; i < ccm_params->mic_len; i++)
if (ccm_params->mic[i] != (Xi[i] ^ S0[i])) {
return -1;
}
}
return 0;
}
/**
* \brief This function is used to create A0 which is actual init vector to be used to encrypt full rf message.
* Ai = 8-bit FLAGS | nonce | 16/24-bit counter.
* Si = E[key,Ai]
*
* \return none.
*/
static void ccm_generate_A0(uint8_t *ptr, ccm_globals_t *ccm_pramters)
{
uint8_t n_len, flags;
flags = ccm_pramters->ccm_l_param - 1;
n_len = 15 - ccm_pramters->ccm_l_param;
//FLAGS = L' = L - 1;
*ptr++ = flags;
memcpy(ptr, ccm_pramters->exp_nonce, n_len);
ptr += n_len;
memset(ptr, 0, ccm_pramters->ccm_l_param);
}
/* Calculate X[i+1]: X[i+1] := E(Key, X[i] ^ B[i]) */
/* Blen is <= 16; this handles zero-padding B when it is < 16 */
static void ccm_auth_calc_Xi(void *aes_context, uint8_t X[static 16], uint8_t Blen, const uint8_t B[static Blen])
{
for (uint_fast8_t i = 0; i < Blen; i++) {
X[i] ^= B[i];
}
arm_aes_encrypt(aes_context, X, X);
}
/* flags = reserved(1) || Adata(1) || M (3) || L (3)
* where M = 0 or (ccm_mic_len-2)/2
* L = CCM_L_PARAM - 1
*/
/* B0 := flags(1)|| Nonce(15-L) || length of message(L) */
static void ccm_auth_generate_B0(uint8_t *ptr, ccm_globals_t *ccm_params)
{
uint8_t flags = 0;
uint8_t n_len;
n_len = 15 - ccm_params->ccm_l_param;
if (ccm_params->mic_len) {
flags = ccm_params->mic_len - 2;
flags <<= 2;
}
flags |= 0x40;
flags |= (ccm_params->ccm_l_param - 1);
*ptr++ = flags;
memcpy(ptr, ccm_params->exp_nonce, n_len);
ptr += n_len;
if (ccm_params->ccm_l_param == 3) {
*ptr++ = 0;
}
*ptr++ = ccm_params->data_len >> 8;
*ptr = ccm_params->data_len;
}
static uint8_t ccm_mic_len_calc(uint8_t sec_level)
{
switch (sec_level) {
case AES_SECURITY_LEVEL_ENC_MIC32:
case AES_SECURITY_LEVEL_MIC32:
return 4;
case AES_SECURITY_LEVEL_ENC_MIC64:
case AES_SECURITY_LEVEL_MIC64:
return 8;
case AES_SECURITY_LEVEL_ENC_MIC128:
case AES_SECURITY_LEVEL_MIC128:
return 16;
default:
return 0;
}
}

363
connectivity/nanostack/sal-stack-nanostack/source/Service_Libs/CCM_lib/mbedOS/aes_mbedtls.c Normal file
View File

@@ -0,0 +1,363 @@
/*
* Copyright (c) 2006-2018, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* FIPS-197 compliant AES implementation
*
* This file is derived from aes.c in mbed TLS 1.3.10, stripped down to
* only support 128-bit encryption.
*
* Subsequently search-and-replaced to match later naming change.
*
* It is not intended to be used directly; it is conditionally included by
* aes_common.c, so everything in the file is marked static.
*/
#include <stdint.h>
#include <string.h>
#define MBEDTLS_AES_ENCRYPT 1
#define MBEDTLS_AES_DECRYPT 0
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
#define MBEDTLS_ERR_AES_UNSUPPORTED -0x0023 /**< Operation not supported . */
/**
* \brief AES context structure
*/
typedef struct {
int nr; /*!< number of rounds */
uint32_t *rk; /*!< AES round keys */
uint32_t buf[44]; /*!< unaligned data */
}
mbedtls_aes_context;
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize(void *v, size_t n)
{
volatile unsigned char *p = v;
while (n--) {
*p++ = 0;
}
}
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_UINT32_LE
#define GET_UINT32_LE(n,b,i) \
{ \
(n) = ( (uint32_t) (b)[(i) ] ) \
| ( (uint32_t) (b)[(i) + 1] << 8 ) \
| ( (uint32_t) (b)[(i) + 2] << 16 ) \
| ( (uint32_t) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_UINT32_LE
#define PUT_UINT32_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \
(b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \
(b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \
(b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \
}
#endif
/*
* Forward S-box
*/
static const unsigned char FSb[256] = {
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
};
/*
* Forward tables
*/
#define FT \
\
V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
#define V(a,b,c,d) 0x##a##b##c##d
static const uint32_t FT0[256] = { FT };
#undef V
#define V(a,b,c,d) 0x##b##c##d##a
static const uint32_t FT1[256] = { FT };
#undef V
#define V(a,b,c,d) 0x##c##d##a##b
static const uint32_t FT2[256] = { FT };
#undef V
#define V(a,b,c,d) 0x##d##a##b##c
static const uint32_t FT3[256] = { FT };
#undef V
#undef FT
/*
* Round constants
*/
static const uint32_t RCON[10] = {
0x00000001, 0x00000002, 0x00000004, 0x00000008,
0x00000010, 0x00000020, 0x00000040, 0x00000080,
0x0000001B, 0x00000036
};
static void mbedtls_aes_init(mbedtls_aes_context *ctx)
{
memset(ctx, 0, sizeof(mbedtls_aes_context));
}
static void mbedtls_aes_free(mbedtls_aes_context *ctx)
{
if (ctx == NULL) {
return;
}
mbedtls_zeroize(ctx, sizeof(mbedtls_aes_context));
}
/*
* AES key schedule (encryption)
*/
static int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keysize)
{
unsigned int i;
uint32_t *RK;
switch (keysize) {
case 128:
ctx->nr = 10;
break;
default :
return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH);
}
ctx->rk = RK = ctx->buf;
for (i = 0; i < (keysize >> 5); i++) {
GET_UINT32_LE(RK[i], key, i << 2);
}
switch (ctx->nr) {
case 10:
for (i = 0; i < 10; i++, RK += 4) {
RK[4] = RK[0] ^ RCON[i] ^
((uint32_t) FSb[(RK[3] >> 8) & 0xFF ]) ^
((uint32_t) FSb[(RK[3] >> 16) & 0xFF ] << 8) ^
((uint32_t) FSb[(RK[3] >> 24) & 0xFF ] << 16) ^
((uint32_t) FSb[(RK[3]) & 0xFF ] << 24);
RK[5] = RK[1] ^ RK[4];
RK[6] = RK[2] ^ RK[5];
RK[7] = RK[3] ^ RK[6];
}
break;
}
return (0);
}
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
{ \
X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
FT3[ ( Y3 >> 24 ) & 0xFF ]; \
\
X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
FT3[ ( Y0 >> 24 ) & 0xFF ]; \
\
X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
FT3[ ( Y1 >> 24 ) & 0xFF ]; \
\
X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
FT3[ ( Y2 >> 24 ) & 0xFF ]; \
}
/*
* AES-ECB block encryption/decryption
*/
static int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16])
{
int i;
uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
RK = ctx->rk;
GET_UINT32_LE(X0, input, 0);
X0 ^= *RK++;
GET_UINT32_LE(X1, input, 4);
X1 ^= *RK++;
GET_UINT32_LE(X2, input, 8);
X2 ^= *RK++;
GET_UINT32_LE(X3, input, 12);
X3 ^= *RK++;
if (mode == MBEDTLS_AES_DECRYPT) {
return (MBEDTLS_ERR_AES_UNSUPPORTED);
} else { /* MBEDTLS_AES_ENCRYPT */
for (i = (ctx->nr >> 1) - 1; i > 0; i--) {
AES_FROUND(Y0, Y1, Y2, Y3, X0, X1, X2, X3);
AES_FROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3);
}
AES_FROUND(Y0, Y1, Y2, Y3, X0, X1, X2, X3);
X0 = *RK++ ^ \
((uint32_t) FSb[(Y0) & 0xFF ]) ^
((uint32_t) FSb[(Y1 >> 8) & 0xFF ] << 8) ^
((uint32_t) FSb[(Y2 >> 16) & 0xFF ] << 16) ^
((uint32_t) FSb[(Y3 >> 24) & 0xFF ] << 24);
X1 = *RK++ ^ \
((uint32_t) FSb[(Y1) & 0xFF ]) ^
((uint32_t) FSb[(Y2 >> 8) & 0xFF ] << 8) ^
((uint32_t) FSb[(Y3 >> 16) & 0xFF ] << 16) ^
((uint32_t) FSb[(Y0 >> 24) & 0xFF ] << 24);
X2 = *RK++ ^ \
((uint32_t) FSb[(Y2) & 0xFF ]) ^
((uint32_t) FSb[(Y3 >> 8) & 0xFF ] << 8) ^
((uint32_t) FSb[(Y0 >> 16) & 0xFF ] << 16) ^
((uint32_t) FSb[(Y1 >> 24) & 0xFF ] << 24);
X3 = *RK++ ^ \
((uint32_t) FSb[(Y3) & 0xFF ]) ^
((uint32_t) FSb[(Y0 >> 8) & 0xFF ] << 8) ^
((uint32_t) FSb[(Y1 >> 16) & 0xFF ] << 16) ^
((uint32_t) FSb[(Y2 >> 24) & 0xFF ] << 24);
}
PUT_UINT32_LE(X0, output, 0);
PUT_UINT32_LE(X1, output, 4);
PUT_UINT32_LE(X2, output, 8);
PUT_UINT32_LE(X3, output, 12);
return (0);
}

104
connectivity/nanostack/sal-stack-nanostack/source/Service_Libs/CCM_lib/mbedOS/aes_mbedtls_adapter.c Normal file
View File

@@ -0,0 +1,104 @@
/*
* Copyright (c) 2015-2019, Arm Limited and affiliates.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Implementation of platform/arm_hal_aes.h using mbed TLS.
*
* Possible scenarios:
*
* 1) Platform with no hardware AES assist, mbed TLS not in use:
* Use this source file, and let it pull in the minimal mbed TLS code
* contained in aes_mbedtls.c to implement software AES.
*
* 2) Platform with hardware AES assist, mbed TLS not in use:
* Do not use this source file - implement arm_hal_aes.h yourself using
* your AES hardware. Note that you must be able to provide
* ARM_AES_MBEDTLS_CONTEXT_MIN contexts. This may or may not be 1, depending
* on Nanostack config.
*
* 3) Platform without hardware assist, already using (or wanting to use) mbed TLS:
* Use this source file, and define NS_USE_EXTERNAL_MBED_TLS so that
* it uses the external mbed TLS library. That library must be built with
* MBEDTLS_AES_C enabled, and it must be on the include path.
*
* 4) Platform with context-capable hardware assist, already using mbed TLS:
* Use this source file, and define NS_USE_EXTERNAL_MBED_TLS so that
* it uses the external mbed TLS library. That library must be built with
* MBEDTLS_AES_C enabled. Attach your hardware-accelerated AES to mbed TLS
* by defining MBEDTLS_AES_ALT; it will then be used both by users
* of arm_hal_aes.h, and other users of mbed TLS.
*/
/* Get the API we are implementing from libService */
#include "platform/arm_hal_aes.h"
#include "platform/arm_hal_interrupt.h"
/* Either pull in the external mbed TLS header for its AES functions, or
* pull in our own local cut-down copy of the mbed TLS code.
*/
#ifdef NS_USE_EXTERNAL_MBED_TLS
#include "mbedtls/aes.h"
#else
#include "aes_mbedtls.c"
#endif /* NS_USE_EXTERNAL_MBED_TLS */
struct arm_aes_context {
mbedtls_aes_context ctx;
bool reserved;
};
static arm_aes_context_t context_list[ARM_AES_MBEDTLS_CONTEXT_MIN];
static arm_aes_context_t *mbed_tls_context_get(void)
{
platform_enter_critical();
for (int i = 0; i < ARM_AES_MBEDTLS_CONTEXT_MIN; i++) {
if (!context_list[i].reserved) {
//Reserve context
context_list[i].reserved = true;
platform_exit_critical();
return &context_list[i];
}
}
platform_exit_critical();
return NULL;
}
arm_aes_context_t *arm_aes_start(const uint8_t key[static 16])
{
arm_aes_context_t *context = mbed_tls_context_get();
if (context) {
mbedtls_aes_init(&context->ctx);
if (0 != mbedtls_aes_setkey_enc(&context->ctx, key, 128)) {
return NULL;
}
}
return context;
}
void arm_aes_encrypt(arm_aes_context_t *aes_context, const uint8_t src[static 16], uint8_t dst[static 16])
{
mbedtls_aes_crypt_ecb(&aes_context->ctx, MBEDTLS_AES_ENCRYPT, src, dst);
}
void arm_aes_finish(arm_aes_context_t *aes_context)
{
mbedtls_aes_free(&aes_context->ctx);
platform_enter_critical();
aes_context->reserved = false;
platform_exit_critical();
}