diff options
Diffstat (limited to 'thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.c')
-rw-r--r-- | thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.c | 1213 |
1 files changed, 1213 insertions, 0 deletions
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.c new file mode 100644 index 0000000..9433471 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.c @@ -0,0 +1,1213 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +/*lint -save -e????*/ +#include "mbedtls/md.h" +#include "mbedtls/aes.h" +#include "mbedtls/cipher.h" +/*lint -restore*/ +#include "nrf_crypto_error.h" +#include "mbedtls_backend_aes.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_MBEDTLS_AES) + +/* macro changing bits to bytes */ +#define BITS_TO_BYTES(bits) ((bits)>>3) +#define BACKEND_ERROR_CHECK(error) \ + do { \ + if ((error) != 0) \ + { \ + return result_get((error)); \ + } \ + } while (0); + +/**@internal @brief Type declarations of templates matching all possible context sizes + * for this backend. + */ +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + nrf_crypto_backend_aes_ctx_t backend; /**< Backend-specific internal context. */ + uint32_t context[1]; /**< AES context internal to mbed TLS. */ +} nrf_crypto_backend_mbedtls_aes_any_context_t; + +/**@internal @brief Type declarations of templates matching all possible context sizes + * for this backend. + */ +typedef union +{ + nrf_crypto_backend_mbedtls_aes_any_context_t any; /**< Common for all contexts. */ + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + nrf_crypto_backend_aes_ecb_context_t ecb; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + nrf_crypto_backend_aes_cbc_context_t cbc; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + nrf_crypto_backend_aes_ctr_context_t ctr; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + nrf_crypto_backend_aes_cfb_context_t cfb; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + nrf_crypto_backend_aes_cbc_mac_context_t cbc_mac; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + nrf_crypto_backend_aes_cmac_context_t cmac; +#endif +} nrf_crypto_backend_mbedtls_aes_context_t; + + +static ret_code_t result_get(int error) +{ + ret_code_t ret_val; + switch (error) + { + case 0: + ret_val = NRF_SUCCESS; + break; + + case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case MBEDTLS_ERR_CIPHER_ALLOC_FAILED: + ret_val = NRF_ERROR_CRYPTO_ALLOC_FAILED; + break; + + case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + case MBEDTLS_ERR_MD_BAD_INPUT_DATA: + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + break; + + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) +static ret_code_t backend_cmac_init(nrf_crypto_backend_aes_cmac_context_t * const p_cmac_ctx) +{ + int error; + + mbedtls_cipher_type_t cipher_type; + mbedtls_cipher_info_t const * p_cipher_info; + + mbedtls_cipher_init(&p_cmac_ctx->context); + + switch (p_cmac_ctx->header.p_info->key_size) + { + case NRF_CRYPTO_KEY_SIZE_128: + cipher_type = MBEDTLS_CIPHER_AES_128_ECB; + break; + + case NRF_CRYPTO_KEY_SIZE_192: + cipher_type = MBEDTLS_CIPHER_AES_192_ECB; + break; + + case NRF_CRYPTO_KEY_SIZE_256: + cipher_type = MBEDTLS_CIPHER_AES_256_ECB; + break; + + default: + return NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED; + } + + p_cipher_info = mbedtls_cipher_info_from_type(cipher_type); + + if (p_cipher_info == NULL) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + error = mbedtls_cipher_setup(&p_cmac_ctx->context, p_cipher_info); + BACKEND_ERROR_CHECK(error); + + return NRF_SUCCESS; +} +#endif + +static ret_code_t backend_mbedtls_init(void * const p_context, nrf_crypto_operation_t operation) +{ + ret_code_t ret_val = NRF_SUCCESS; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + switch (p_ctx->any.header.p_info->key_size) + { + case NRF_CRYPTO_KEY_SIZE_128: + case NRF_CRYPTO_KEY_SIZE_192: + case NRF_CRYPTO_KEY_SIZE_256: + break; + + default: + return NRF_ERROR_CRYPTO_KEY_SIZE; + } + + switch (p_ctx->any.header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + case NRF_CRYPTO_AES_MODE_CBC: + case NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7: + VERIFY_FALSE(((operation != NRF_CRYPTO_ENCRYPT) && (operation != NRF_CRYPTO_DECRYPT)), + NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->cbc.backend, 0, sizeof(p_ctx->cbc.backend)); + + mbedtls_aes_init(&p_ctx->cbc.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + case NRF_CRYPTO_AES_MODE_CTR: + VERIFY_FALSE(((operation != NRF_CRYPTO_ENCRYPT) && (operation != NRF_CRYPTO_DECRYPT)), + NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->ctr.backend, 0, sizeof(p_ctx->ctr.backend)); + + mbedtls_aes_init(&p_ctx->ctr.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + case NRF_CRYPTO_AES_MODE_CFB: + VERIFY_FALSE(((operation != NRF_CRYPTO_ENCRYPT) && (operation != NRF_CRYPTO_DECRYPT)), + NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->cfb.backend, 0, sizeof(p_ctx->cfb.backend)); + + mbedtls_aes_init(&p_ctx->cfb.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + case NRF_CRYPTO_AES_MODE_ECB: + case NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7: + VERIFY_FALSE(((operation != NRF_CRYPTO_ENCRYPT) && (operation != NRF_CRYPTO_DECRYPT)), + NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->ecb.backend, 0, sizeof(p_ctx->ecb.backend)); + + mbedtls_aes_init(&p_ctx->ecb.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + case NRF_CRYPTO_AES_MODE_CBC_MAC: + case NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7: + VERIFY_TRUE((operation == NRF_CRYPTO_MAC_CALCULATE), NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->cbc_mac.backend, 0, sizeof(p_ctx->cbc_mac.backend)); + + mbedtls_aes_init(&p_ctx->cbc_mac.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + case NRF_CRYPTO_AES_MODE_CMAC: + VERIFY_TRUE((operation == NRF_CRYPTO_MAC_CALCULATE), NRF_ERROR_CRYPTO_INVALID_PARAM); + + ret_val = backend_cmac_init(&p_ctx->cmac); + break; +#endif + default: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + } + + p_ctx->any.backend.operation = operation; + + return ret_val; +} + +static ret_code_t backend_mbedtls_uninit(void * const p_context) +{ + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + switch (p_ctx->any.header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + case NRF_CRYPTO_AES_MODE_CBC: + case NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7: + mbedtls_aes_free(&p_ctx->cbc.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + case NRF_CRYPTO_AES_MODE_CTR: + mbedtls_aes_free(&p_ctx->ctr.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + case NRF_CRYPTO_AES_MODE_CFB: + mbedtls_aes_free(&p_ctx->cfb.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + case NRF_CRYPTO_AES_MODE_ECB: + case NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7: + mbedtls_aes_free(&p_ctx->ecb.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + case NRF_CRYPTO_AES_MODE_CBC_MAC: + case NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7: + mbedtls_aes_free(&p_ctx->cbc_mac.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + case NRF_CRYPTO_AES_MODE_CMAC: + mbedtls_cipher_free(&p_ctx->cmac.context); + break; +#endif + + default: + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + } + + return NRF_SUCCESS; +} + +static ret_code_t backend_mbedtls_key_set(void * const p_context, uint8_t * p_key) +{ + int error; + ret_code_t ret_val; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + switch (p_ctx->any.header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + case NRF_CRYPTO_AES_MODE_CBC: + case NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7: + if (p_ctx->cbc.backend.operation == NRF_CRYPTO_ENCRYPT) + { + error = mbedtls_aes_setkey_enc(&p_ctx->cbc.context, + (uint8_t const *)p_key, + p_ctx->cbc.header.p_info->key_size); + } + else + { + error = mbedtls_aes_setkey_dec(&p_ctx->cbc.context, + (uint8_t const *)p_key, + p_ctx->cbc.header.p_info->key_size); + } + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + case NRF_CRYPTO_AES_MODE_CTR: + /* Due to the nature of CFB / CTR, you should use the same key schedule for both + encryption and decryption.*/ + error = mbedtls_aes_setkey_enc(&p_ctx->ctr.context, + (uint8_t const *)p_key, + p_ctx->ctr.header.p_info->key_size); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + case NRF_CRYPTO_AES_MODE_CFB: + /* Due to the nature of CFB / CTR, you should use the same key schedule for both + encryption and decryption.*/ + error = mbedtls_aes_setkey_enc(&p_ctx->cfb.context, + (uint8_t const *)p_key, + p_ctx->cfb.header.p_info->key_size); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + case NRF_CRYPTO_AES_MODE_ECB: + case NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7: + if (p_ctx->ecb.backend.operation == NRF_CRYPTO_ENCRYPT) + { + error = mbedtls_aes_setkey_enc(&p_ctx->ecb.context, + (uint8_t const *)p_key, + p_ctx->ecb.header.p_info->key_size); + } + else + { + error = mbedtls_aes_setkey_dec(&p_ctx->ecb.context, + (uint8_t const *)p_key, + p_ctx->ecb.header.p_info->key_size); + } + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + case NRF_CRYPTO_AES_MODE_CBC_MAC: + case NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7: + error = mbedtls_aes_setkey_enc(&p_ctx->cbc_mac.context, + (uint8_t const *)p_key, + p_ctx->cbc_mac.header.p_info->key_size); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + case NRF_CRYPTO_AES_MODE_CMAC: + error = mbedtls_cipher_cmac_starts(&p_ctx->cmac.context, + p_key, + p_ctx->cmac.header.p_info->key_size); + break; +#endif + + default: + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + } + + ret_val = result_get(error); + + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) +static ret_code_t backend_mbedtls_iv_set(void * const p_context, uint8_t * p_iv) +{ + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + memcpy(&p_ctx->any.backend.iv[0], p_iv, sizeof(p_ctx->any.backend.iv)); + + return NRF_SUCCESS; +} + +static ret_code_t backend_mbedtls_iv_get(void * const p_context, uint8_t * p_iv) +{ + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + memcpy(p_iv, p_ctx->any.backend.iv, sizeof(p_ctx->any.backend.iv)); + + return NRF_SUCCESS; +} +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) +/* Function extending mbedtls_aes_crypt_ecb functionality. It allows to process more than 1 + data block. It is returning MBEDTLS error type. */ +static int backend_mbedtls_ecb_crypt(nrf_crypto_backend_aes_ecb_context_t * const p_ctx, + uint8_t * p_text_in, + uint8_t * p_text_out, + size_t text_size) +{ + int error = 0; + size_t crypted_text = 0; + + if ((text_size & 0x0F) != 0) + { + return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; + } + + while (crypted_text < text_size) + { + error = mbedtls_aes_crypt_ecb(&p_ctx->context, + (int)p_ctx->backend.operation, + p_text_in + crypted_text, + p_text_out + crypted_text); + if (error != 0) + { + break; + } + crypted_text += NRF_CRYPTO_AES_BLOCK_SIZE; + } + + return error; +} +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) +static int backend_mbedtls_cbc_mac_update(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out) +{ + int error = 0; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + for (size_t i = 0; i < data_size; i += NRF_CRYPTO_AES_BLOCK_SIZE) + { + error = mbedtls_aes_crypt_cbc(&p_ctx->cbc_mac.context, + MBEDTLS_AES_ENCRYPT, + NRF_CRYPTO_AES_BLOCK_SIZE, + p_ctx->cbc_mac.backend.iv, + (uint8_t const *)p_data_in + i, + p_data_out); + if (error != 0) + { + return error; + } + } + + return error; +} + +static ret_code_t backend_mbedtls_cbc_mac_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + int error; + + if (*p_data_out_size < NRF_CRYPTO_AES_BLOCK_SIZE) + { + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + /* this function does not support padding */ + if ((data_size & 0xF) != 0) + { + return NRF_ERROR_CRYPTO_INPUT_LENGTH; + } + + error = backend_mbedtls_cbc_mac_update(p_context, p_data_in, data_size, p_data_out); + BACKEND_ERROR_CHECK(error); + + *p_data_out_size = NRF_CRYPTO_AES_BLOCK_SIZE; + + return NRF_SUCCESS; +} + +static ret_code_t backend_mbedtls_cbc_mac_padding_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + ret_code_t ret_val; + uint8_t padding_buffer[NRF_CRYPTO_AES_BLOCK_SIZE] = {0}; + uint8_t msg_ending = (uint8_t)(data_size & (size_t)0x0F); + + if (*p_data_out_size < NRF_CRYPTO_AES_BLOCK_SIZE) + { + /* output buffer too small */ + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + data_size -= msg_ending; + + if (data_size > 0) + { + ret_val = backend_mbedtls_cbc_mac_update(p_context, + p_data_in, + data_size, + p_data_out); + VERIFY_SUCCESS(ret_val); + } + + ret_val = padding_pkcs7_add(&padding_buffer[0], + p_data_in + data_size, + msg_ending); + VERIFY_SUCCESS(ret_val); + + ret_val = backend_mbedtls_cbc_mac_finalize(p_context, + &padding_buffer[0], + NRF_CRYPTO_AES_BLOCK_SIZE, + p_data_out, + p_data_out_size); + VERIFY_SUCCESS(ret_val); + + return ret_val; +} +#endif + +static ret_code_t backend_mbedtls_update(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out) +{ + int error; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + switch (p_ctx->any.header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + case NRF_CRYPTO_AES_MODE_CBC: + case NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7: + error = mbedtls_aes_crypt_cbc(&p_ctx->cbc.context, + (int)p_ctx->cbc.backend.operation, + data_size, + p_ctx->cbc.backend.iv, + (uint8_t const *)p_data_in, + p_data_out); + break; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + case NRF_CRYPTO_AES_MODE_CTR: + { + size_t nc_off = 0; + uint8_t stream_block[NRF_CRYPTO_AES_BLOCK_SIZE]; + + error = mbedtls_aes_crypt_ctr(&p_ctx->ctr.context, + data_size, + &nc_off, + p_ctx->ctr.backend.iv, + stream_block, + (uint8_t const *)p_data_in, + p_data_out); + break; + } +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + case NRF_CRYPTO_AES_MODE_CFB: + error = mbedtls_aes_crypt_cfb8(&p_ctx->cfb.context, + (int)p_ctx->cfb.backend.operation, + data_size, + p_ctx->cfb.backend.iv, + (uint8_t const *)p_data_in, + p_data_out); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + case NRF_CRYPTO_AES_MODE_ECB: + case NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7: + error = backend_mbedtls_ecb_crypt(&p_ctx->ecb, p_data_in, p_data_out, data_size); + break; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + case NRF_CRYPTO_AES_MODE_CBC_MAC: + case NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7: + error = backend_mbedtls_cbc_mac_update(p_context, p_data_in, data_size, p_data_out); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + case NRF_CRYPTO_AES_MODE_CMAC: + error = mbedtls_cipher_cmac_update(&p_ctx->cmac.context, + p_data_in, + data_size); + break; +#endif + + default: + return NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED; + } + BACKEND_ERROR_CHECK(error); + + return NRF_SUCCESS; +} + +static ret_code_t backend_mbedtls_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + ret_code_t ret_val; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + if (*p_data_out_size < data_size) + { + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + /* data is not multiple of 16 bytes */ + if ((data_size & 0x0F) != 0) + { + if ((p_ctx->any.header.p_info->mode != NRF_CRYPTO_AES_MODE_CTR) && + (p_ctx->any.header.p_info->mode != NRF_CRYPTO_AES_MODE_CFB)) + { + /* There are separate handlers for AES modes with padding and for MAC modes. */ + return NRF_ERROR_CRYPTO_INPUT_LENGTH; + } + } + + ret_val = backend_mbedtls_update(p_context, p_data_in, data_size, p_data_out); + VERIFY_SUCCESS(ret_val); + + *p_data_out_size = data_size; + + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) +static ret_code_t backend_mbedtls_cmac_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + int error; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + if (*p_data_out_size < NRF_CRYPTO_AES_BLOCK_SIZE) + { + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + error = mbedtls_cipher_cmac_update(&p_ctx->cmac.context, p_data_in, data_size); + BACKEND_ERROR_CHECK(error); + + error = mbedtls_cipher_cmac_finish(&p_ctx->cmac.context, p_data_out); + BACKEND_ERROR_CHECK(error); + + *p_data_out_size = NRF_CRYPTO_AES_BLOCK_SIZE; + + return NRF_SUCCESS; +} +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) +static ret_code_t backend_mbedtls_padding_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + ret_code_t ret_val; + size_t buff_out_size; + uint8_t padding_buffer[NRF_CRYPTO_AES_BLOCK_SIZE] = {0}; + uint8_t msg_ending = (uint8_t)(data_size & (size_t)0x0F); + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + if (p_ctx->any.backend.operation == NRF_CRYPTO_DECRYPT) + { + ret_val = backend_mbedtls_finalize(p_context, + p_data_in, + data_size, + p_data_out, + p_data_out_size); + VERIFY_SUCCESS(ret_val); + + ret_val = padding_pkcs7_remove(p_data_out, + p_data_out_size); + return ret_val; + } + + /* -------------- ENCRYPTION --------------*/ + data_size -= msg_ending; + + if (*p_data_out_size < (data_size + NRF_CRYPTO_AES_BLOCK_SIZE)) + { + /* no space for padding */ + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + if (data_size > 0) + { + /* Encrypt 16 byte blocks */ + ret_val = backend_mbedtls_update(p_context, + p_data_in, + data_size, + p_data_out); + VERIFY_SUCCESS(ret_val); + } + + ret_val = padding_pkcs7_add(&padding_buffer[0], + p_data_in + data_size, + msg_ending); + VERIFY_SUCCESS(ret_val); + + buff_out_size = *p_data_out_size - data_size; + + ret_val = backend_mbedtls_finalize(p_context, + &padding_buffer[0], + NRF_CRYPTO_AES_BLOCK_SIZE, + p_data_out + data_size, + &buff_out_size); + VERIFY_SUCCESS(ret_val); + + *p_data_out_size = buff_out_size + data_size; + + return ret_val; +} +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_128_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_192_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_256_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ctr_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CTR, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_ctr_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ctr_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CTR, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_ctr_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ctr_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CTR, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_ctr_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; +#endif + +// CFB +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cfb_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CFB, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cfb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cfb_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CFB, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cfb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cfb_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CFB, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cfb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_128_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_192_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_256_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; +#endif + + +// CBC MAC +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_128_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_192_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_256_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_padding_finalize +}; + +#endif + +// CMAC +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cmac_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CMAC, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cmac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cmac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cmac_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CMAC, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cmac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cmac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cmac_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CMAC, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cmac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cmac_finalize +}; +#endif + +#endif // #if NRF_MODULE_ENABLED(NRF_CRYPTO_MBEDTLS_AES) +#endif // MODULE_ENABLED(NRF_CRYPTO) + |