diff options
Diffstat (limited to 'thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend')
76 files changed, 15802 insertions, 0 deletions
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes.c new file mode 100644 index 0000000..66de4bb --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes.c @@ -0,0 +1,887 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#include <drivers/nrfx_common.h> +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +#include <stdbool.h> +#include "ssi_aes_error.h" +#include "cc310_backend_aes.h" +#include "cc310_backend_mutex.h" +#include "cc310_backend_shared.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_CC310_AES) + +/**@internal @brief Type declarations of templates matching all possible context sizes + * for this backend. + */ +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + SaSiAesUserContext_t context; /**< AES context internal to mbed TLS. */ + nrf_crypto_backend_aes_ctx_t backend; /**< Backend-specific internal context. */ +} nrf_crypto_backend_cc310_aes_any_context_t; + +/**@internal @brief Type declarations of templates matching all possible context sizes + * for this backend. + */ +typedef union +{ + nrf_crypto_backend_cc310_aes_any_context_t any; /**< Common for all contexts. */ + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_ECB) + nrf_crypto_backend_aes_ecb_context_t ecb; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC) + nrf_crypto_backend_aes_cbc_context_t cbc; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CTR) + nrf_crypto_backend_aes_ctr_context_t ctr; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC) + nrf_crypto_backend_aes_cbc_mac_context_t cbc_mac; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CMAC) + nrf_crypto_backend_aes_cmac_context_t cmac; +#endif +} nrf_crypto_backend_cc310_aes_context_t; + + +static ret_code_t result_get(SaSiError_t error) +{ + ret_code_t ret_val; + switch (error) + { + case SASI_SUCCESS: + ret_val = NRF_SUCCESS; + break; + + case SASI_AES_INVALID_USER_CONTEXT_POINTER_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NULL; + break; + + case SASI_AES_ILLEGAL_KEY_SIZE_ERROR: + case SASI_AES_DATA_IN_SIZE_ILLEGAL: + case SASI_AES_DATA_IN_BUFFER_SIZE_ERROR: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case SASI_AES_INVALID_IV_OR_TWEAK_PTR_ERROR: + case SASI_AES_INVALID_KEY_POINTER_ERROR: + case SASI_AES_DATA_IN_POINTER_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_INPUT_NULL; + break; + + case SASI_AES_ILLEGAL_OPERATION_MODE_ERROR: + case SASI_AES_KEY_TYPE_NOT_SUPPORTED_ERROR: + case SASI_AES_INVALID_ENCRYPT_MODE_ERROR: + case SASI_AES_ILLEGAL_PADDING_TYPE_ERROR: + case SASI_AES_INCORRECT_PADDING_ERROR: + case SASI_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE: + case SASI_AES_ADDITIONAL_BLOCK_NOT_PERMITTED_ERROR: + case SASI_AES_IS_NOT_SUPPORTED: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + case SASI_AES_DATA_OUT_BUFFER_SIZE_ERROR: + ret_val = NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + break; + + case SASI_AES_DATA_OUT_POINTER_INVALID_ERROR: + case SASI_AES_DATA_OUT_SIZE_POINTER_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_OUTPUT_NULL; + break; + + case SASI_AES_CTX_SIZES_ERROR: + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + return ret_val; +} + +static ret_code_t params_validate(nrf_crypto_backend_cc310_aes_context_t const * const p_ctx, + SaSiAesOperationMode_t * p_mode, + nrf_crypto_operation_t operation) +{ + ret_code_t ret_val = NRF_SUCCESS; + + switch (p_ctx->any.header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_ECB) + case NRF_CRYPTO_AES_MODE_ECB: + case NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7: + *p_mode = SASI_AES_MODE_ECB; + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC) + case NRF_CRYPTO_AES_MODE_CBC: + case NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7: + *p_mode = SASI_AES_MODE_CBC; + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CTR) + case NRF_CRYPTO_AES_MODE_CTR: + *p_mode = SASI_AES_MODE_CTR; + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC) + case NRF_CRYPTO_AES_MODE_CBC_MAC: + case NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7: + *p_mode = SASI_AES_MODE_CBC_MAC; + VERIFY_TRUE((operation == NRF_CRYPTO_MAC_CALCULATE), NRF_ERROR_CRYPTO_INVALID_PARAM); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CMAC) + case NRF_CRYPTO_AES_MODE_CMAC: + *p_mode = SASI_AES_MODE_CMAC; + VERIFY_TRUE((operation == NRF_CRYPTO_MAC_CALCULATE), NRF_ERROR_CRYPTO_INVALID_PARAM); + break; +#endif + + default: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + } + + return ret_val; +} + +static ret_code_t backend_cc310_init(void * const p_context, nrf_crypto_operation_t operation) +{ + SaSiError_t result; + ret_code_t ret_val; + bool mutex_locked; + + SaSiAesOperationMode_t mode; + SaSiAesEncryptMode_t operation_cc310; + + nrf_crypto_backend_cc310_aes_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_context_t *)p_context; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + if (!nrfx_is_in_ram(&p_ctx->any.context)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + if (p_ctx->any.header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_128) + { + ret_val = NRF_ERROR_CRYPTO_KEY_SIZE; + goto exit; + } + + ret_val = params_validate(p_ctx, &mode, operation); + + if (ret_val != NRF_SUCCESS) + { + goto exit; + } + + if (operation == NRF_CRYPTO_DECRYPT) + { + operation_cc310 = SASI_AES_DECRYPT; + } + else if ((operation == NRF_CRYPTO_ENCRYPT) || (operation == NRF_CRYPTO_MAC_CALCULATE)) + { + operation_cc310 = SASI_AES_ENCRYPT; + } + else + { + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + goto exit; + } + p_ctx->any.backend.operation = operation; + + result = SaSi_AesInit(&p_ctx->any.context, + operation_cc310, + mode, + SASI_AES_PADDING_NONE); /* CC310 does not support padding */ + ret_val = result_get(result); + +exit: + cc310_backend_mutex_unlock(); + return ret_val; +} + +static ret_code_t backend_cc310_uninit(void * const p_context) +{ + SaSiError_t result; + ret_code_t ret_val; + + nrf_crypto_backend_cc310_aes_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_context_t *)p_context; + + bool mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + result = SaSi_AesFree(&p_ctx->any.context); + ret_val = result_get(result); + + cc310_backend_mutex_unlock(); + return ret_val; +} + +static ret_code_t backend_cc310_key_set(void * const p_context, uint8_t * p_key) +{ + SaSiError_t result; + ret_code_t ret_val; + bool mutex_locked; + + SaSiAesUserKeyData_t key_data; + + nrf_crypto_backend_cc310_aes_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_context_t *)p_context; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + if (!nrfx_is_in_ram(p_key)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + + key_data.pKey = p_key; + key_data.keySize = (p_ctx->any.header.p_info->key_size) >> 3; // change bits to bytes + + result = SaSi_AesSetKey(&p_ctx->any.context, + SASI_AES_USER_KEY, + &key_data, + sizeof(key_data)); + ret_val = result_get(result); + +exit: + cc310_backend_mutex_unlock(); + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CTR) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC) +static ret_code_t backend_cc310_iv_set(void * const p_context, uint8_t * p_iv) +{ + SaSiError_t result; + ret_code_t ret_val; + bool mutex_locked; + + nrf_crypto_backend_cc310_aes_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_context_t *)p_context; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + if (!nrfx_is_in_ram(p_iv)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + + result = SaSi_AesSetIv(&p_ctx->any.context, p_iv); + ret_val = result_get(result); + +exit: + cc310_backend_mutex_unlock(); + return ret_val; +} + +static ret_code_t backend_cc310_iv_get(void * const p_context, uint8_t * p_iv) +{ + SaSiError_t result; + ret_code_t ret_val = NRF_ERROR_CRYPTO_INTERNAL; + bool mutex_locked; + + nrf_crypto_backend_cc310_aes_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_context_t *)p_context; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + if (!nrfx_is_in_ram(p_iv)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + + result = SaSi_AesGetIv(&p_ctx->any.context, p_iv); + + /* Below code allows to read IV after calling nrf_crypto_aes_finalize */ + if (result == SASI_AES_ILLEGAL_OPERATION_MODE_ERROR) + { + if (p_ctx->any.header.init_value == NRF_CRYPTO_AES_UNINIT_MAGIC_VALUE) + { + memcpy(p_iv, p_ctx->any.backend.iv, NRF_CRYPTO_MBEDTLS_AES_IV_SIZE); + ret_val = NRF_SUCCESS; + } + } + else + { + ret_val = result_get(result); + } + +exit: + cc310_backend_mutex_unlock(); + return ret_val; +} +#endif + +static ret_code_t backend_cc310_update(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out) +{ + SaSiError_t result; + ret_code_t ret_val; + bool mutex_locked; + size_t size; + size_t offset = 0; + + nrf_crypto_backend_cc310_aes_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_context_t *)p_context; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + if (!nrfx_is_in_ram(p_data_in) || !nrfx_is_in_ram(p_data_out)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + + do + { + /* CC310 allows only 64kB blocks, operation must be devided */ + if (data_size > CC310_MAX_LENGTH_DMA_AES_OPERATIONS) + { + size = CC310_MAX_LENGTH_DMA_AES_OPERATIONS; + data_size -= CC310_MAX_LENGTH_DMA_AES_OPERATIONS; + } + else + { + size = data_size; + data_size = 0; + } + + cc310_backend_enable(); + + if (p_ctx->any.backend.operation == NRF_CRYPTO_MAC_CALCULATE) + { + result = SaSi_AesBlock(&p_ctx->any.context, + p_data_in + offset, + size, + p_data_out); + } + else + { + result = SaSi_AesBlock(&p_ctx->any.context, + p_data_in + offset, + size, + p_data_out + offset); + } + + cc310_backend_disable(); + + offset += size; + ret_val = result_get(result); + + } while ((data_size > 0) && (ret_val == NRF_SUCCESS)); + +exit: + cc310_backend_mutex_unlock(); + return ret_val; +} + +static ret_code_t backend_cc310_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + SaSiError_t result; + ret_code_t ret_val; + bool mutex_locked; + size_t size; + size_t offset = 0; + + nrf_crypto_backend_cc310_aes_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_context_t *)p_context; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + if (*p_data_out_size < data_size) + { + ret_val = NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + goto exit; + } + + /* This function does not support padding */ + if (((data_size & 0xF) != 0) && + (p_ctx->any.header.p_info->mode != NRF_CRYPTO_AES_MODE_CTR)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + goto exit; + } + + if (!nrfx_is_in_ram(p_data_in) || !nrfx_is_in_ram(p_data_out)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + + /* CC310 allows only 64kB blocks, operation must be devided */ + while (data_size > CC310_MAX_LENGTH_DMA_AES_OPERATIONS) + { + size = CC310_MAX_LENGTH_DMA_AES_OPERATIONS; + data_size -= CC310_MAX_LENGTH_DMA_AES_OPERATIONS; + + cc310_backend_enable(); + + result = SaSi_AesBlock(&p_ctx->any.context, + p_data_in + offset, + size, + p_data_out + offset); + + cc310_backend_disable(); + + offset += size; + ret_val = result_get(result); + + if (ret_val != NRF_SUCCESS) + { + goto exit; + } + } + + /* Calculate space in the output buffer */ + *p_data_out_size -= offset; + + cc310_backend_enable(); + + result = SaSi_AesFinish(&p_ctx->any.context, + data_size, + p_data_in + offset, + data_size, + p_data_out + offset, + p_data_out_size); + + cc310_backend_disable(); + + ret_val = result_get(result); + + if (ret_val == NRF_SUCCESS) + { + /* update information about size of encrypted data */ + *p_data_out_size += offset; + } + + /* Store IV value in case it will be needed after finalize operation */ + if ((p_ctx->any.header.p_info->mode == NRF_CRYPTO_AES_MODE_CBC) || + (p_ctx->any.header.p_info->mode == NRF_CRYPTO_AES_MODE_CTR)) + { + result = SaSi_AesGetIv(&p_ctx->any.context, &p_ctx->any.backend.iv[0]); + ret_val = result_get(result); + } + +exit: + cc310_backend_mutex_unlock(); + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CMAC) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC) +static ret_code_t backend_cc310_mac_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + SaSiError_t result; + ret_code_t ret_val; + bool mutex_locked; + size_t size; + size_t offset = 0; + + nrf_crypto_backend_cc310_aes_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_context_t *)p_context; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + if (*p_data_out_size < NRF_CRYPTO_AES_BLOCK_SIZE) + { + ret_val = NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + goto exit; + } + + if (!nrfx_is_in_ram(p_data_in) || !nrfx_is_in_ram(p_data_out)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + + /* This function does not support padding for CBC-MAC */ + if (((data_size & 0xF) != 0) && + (NRF_CRYPTO_AES_MODE_CBC_MAC == p_ctx->any.header.p_info->mode)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + goto exit; + } + + /* CC310 allows only 64kB blocks, operation must be devided */ + while (data_size > CC310_MAX_LENGTH_DMA_AES_OPERATIONS) + { + size = CC310_MAX_LENGTH_DMA_AES_OPERATIONS; + data_size -= CC310_MAX_LENGTH_DMA_AES_OPERATIONS; + + cc310_backend_enable(); + + result = SaSi_AesBlock(&p_ctx->any.context, + p_data_in + offset, + size, + p_data_out); + + cc310_backend_disable(); + + offset += size; + ret_val = result_get(result); + + if (ret_val != NRF_SUCCESS) + { + goto exit; + } + } + + cc310_backend_enable(); + + result = SaSi_AesFinish(&p_ctx->any.context, + data_size, + p_data_in + offset, + data_size, + p_data_out, + p_data_out_size); + + cc310_backend_disable(); + + ret_val = result_get(result); + + if (ret_val == NRF_SUCCESS) + { + /* update information about size of encrypted data */ + *p_data_out_size = NRF_CRYPTO_AES_BLOCK_SIZE; + } + + /* Store IV value in case it will be needed after finalize operation */ + if (p_ctx->any.header.p_info->mode == NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7) + { + result = SaSi_AesGetIv(&p_ctx->any.context, &p_ctx->any.backend.iv[0]); + ret_val = result_get(result); + } + +exit: + cc310_backend_mutex_unlock(); + return ret_val; +} +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC) +static ret_code_t backend_cc310_cbc_mac_padding_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + ret_code_t ret_val; + uint8_t padding_buffer[NRF_CRYPTO_AES_BLOCK_SIZE] = {0}; + uint8_t msg_ending = (uint8_t)(data_size & (size_t)0x0F); + + if (*p_data_out_size < NRF_CRYPTO_AES_BLOCK_SIZE) + { + /* output buffer too small */ + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + data_size -= msg_ending; + + if (data_size > 0) + { + ret_val = backend_cc310_update(p_context, + p_data_in, + data_size, + p_data_out); + VERIFY_SUCCESS(ret_val); + } + + ret_val = padding_pkcs7_add(&padding_buffer[0], + p_data_in + data_size, + msg_ending); + VERIFY_SUCCESS(ret_val); + + ret_val = backend_cc310_mac_finalize(p_context, + &padding_buffer[0], + NRF_CRYPTO_AES_BLOCK_SIZE, + p_data_out, + p_data_out_size); + VERIFY_SUCCESS(ret_val); + + return ret_val; +} +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_ECB) +static ret_code_t backend_cc310_padding_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + SaSiError_t result; + ret_code_t ret_val; + uint8_t padding_buffer[NRF_CRYPTO_AES_BLOCK_SIZE] = {0}; + uint8_t msg_ending = (uint8_t)(data_size & (size_t)0x0F); + size_t buff_out_size; + + nrf_crypto_backend_cc310_aes_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_context_t *)p_context; + + if (p_ctx->any.backend.operation == NRF_CRYPTO_DECRYPT) + { + ret_val = backend_cc310_finalize(p_context, + p_data_in, + data_size, + p_data_out, + p_data_out_size); + VERIFY_SUCCESS(ret_val); + + + ret_val = padding_pkcs7_remove(p_data_out, + p_data_out_size); + return ret_val; + } + + /* -------------- ENCRYPTION --------------*/ + data_size -= msg_ending; + + if (*p_data_out_size < (data_size + NRF_CRYPTO_AES_BLOCK_SIZE)) + { + /* no space for padding */ + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + if (data_size > 0) + { + ret_val = backend_cc310_update(p_context, + p_data_in, + data_size, + p_data_out); + VERIFY_SUCCESS(ret_val); + } + + ret_val = padding_pkcs7_add(&padding_buffer[0], + p_data_in + data_size, + msg_ending); + VERIFY_SUCCESS(ret_val); + + buff_out_size = *p_data_out_size - data_size; + + ret_val = backend_cc310_finalize(p_context, + &padding_buffer[0], + NRF_CRYPTO_AES_BLOCK_SIZE, + p_data_out + data_size, + &buff_out_size); + VERIFY_SUCCESS(ret_val); + + *p_data_out_size = buff_out_size + data_size; + + /* Store IV value in case it will be needed after finalize operation */ + if (p_ctx->any.header.p_info->mode == NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7) + { + result = SaSi_AesGetIv(&p_ctx->any.context, &p_ctx->any.backend.iv[0]); + ret_val = result_get(result); + } + + return ret_val; +} +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .key_set_fn = backend_cc310_key_set, + .iv_set_fn = backend_cc310_iv_set, + .iv_get_fn = backend_cc310_iv_get, + .update_fn = backend_cc310_update, + .finalize_fn = backend_cc310_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_128_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .key_set_fn = backend_cc310_key_set, + .iv_set_fn = backend_cc310_iv_set, + .iv_get_fn = backend_cc310_iv_get, + .update_fn = backend_cc310_update, + .finalize_fn = backend_cc310_padding_finalize +}; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CTR) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ctr_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CTR, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_ctr_context_t), + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .key_set_fn = backend_cc310_key_set, + .iv_set_fn = backend_cc310_iv_set, + .iv_get_fn = backend_cc310_iv_get, + .update_fn = backend_cc310_update, + .finalize_fn = backend_cc310_finalize +}; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_ECB) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .key_set_fn = backend_cc310_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_cc310_update, + .finalize_fn = backend_cc310_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_128_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .key_set_fn = backend_cc310_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_cc310_update, + .finalize_fn = backend_cc310_padding_finalize +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .key_set_fn = backend_cc310_key_set, + .iv_set_fn = backend_cc310_iv_set, + .iv_get_fn = backend_cc310_iv_get, + .update_fn = backend_cc310_update, + .finalize_fn = backend_cc310_mac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_128_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .key_set_fn = backend_cc310_key_set, + .iv_set_fn = backend_cc310_iv_set, + .iv_get_fn = backend_cc310_iv_get, + .update_fn = backend_cc310_update, + .finalize_fn = backend_cc310_cbc_mac_padding_finalize +}; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CMAC) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cmac_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CMAC, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cmac_context_t), + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .key_set_fn = backend_cc310_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_cc310_update, + .finalize_fn = backend_cc310_mac_finalize +}; +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_AES_BACKEND_CC310) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes.h new file mode 100644 index 0000000..e7127a3 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes.h @@ -0,0 +1,187 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_AES_H__ +#define CC310_BACKEND_AES_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_backend_aes nrf_crypto CC310 backend AES + * @{ + * @ingroup nrf_crypto_cc310_backend + * + * @brief AES functionality provided by the nrf_crypto CC310 backend. + */ + +#include "sdk_config.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) || defined(__SDK_DOXYGEN__) + +#include "ssi_aes.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_aes_shared.h" + +#ifdef __cplusplus +extern "C" { +#endif + + +/* AES CBC */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CBC) +#error "Duplicate definition of AES CBC mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CBC_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_CC310_AES_ENABLED +#define NRF_CRYPTO_CC310_AES_ENABLED 1 + +/* define for test purposes */ +#define NRF_CRYPTO_AES_CBC_128_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + SaSiAesUserContext_t context; /**< AES context internal to CC310. */ + nrf_crypto_backend_aes_ctx_t backend; +} nrf_crypto_backend_aes_cbc_context_t; +#endif + +/* AES CTR */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CTR) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CTR) +#error "Duplicate definition of AES CTR mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CTR_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_CC310_AES_ENABLED +#define NRF_CRYPTO_CC310_AES_ENABLED 1 + +/* define for test purposes */ +#define NRF_CRYPTO_AES_CTR_128_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + SaSiAesUserContext_t context; /**< AES context internal to CC310. */ + nrf_crypto_backend_aes_ctx_t backend; +} nrf_crypto_backend_aes_ctr_context_t; +#endif + +/* AES ECB */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_ECB) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_ECB) +#error "Duplicate definition of AES ECB mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_ECB_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_CC310_AES_ENABLED +#define NRF_CRYPTO_CC310_AES_ENABLED 1 + +/* define for test purposes */ +#define NRF_CRYPTO_AES_ECB_128_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + SaSiAesUserContext_t context; /**< AES context internal to CC310. */ + nrf_crypto_backend_no_iv_aes_ctx_t backend; +} nrf_crypto_backend_aes_ecb_context_t; +#endif + + +/* AES CBC_MAC */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CBC_MAC) +#error "Duplicate definition of AES CBC_MAC mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CBC_MAC_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_CC310_AES_ENABLED +#define NRF_CRYPTO_CC310_AES_ENABLED 1 + +/* define for test purposes */ +#define NRF_CRYPTO_AES_CBC_MAC_128_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + SaSiAesUserContext_t context; /**< AES context internal to CC310. */ + nrf_crypto_backend_aes_ctx_t backend; +} nrf_crypto_backend_aes_cbc_mac_context_t; +#endif + +/* AES CMAC */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CMAC) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CMAC) +#error "Duplicate definition of AES CMAC mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CMAC_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_CC310_AES_ENABLED +#define NRF_CRYPTO_CC310_AES_ENABLED 1 + +/* define for test purposes */ +#define NRF_CRYPTO_AES_CMAC_128_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + SaSiAesUserContext_t context; /**< AES context internal to CC310. */ + nrf_crypto_backend_no_iv_aes_ctx_t backend; +} nrf_crypto_backend_aes_cmac_context_t; + +#endif + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +/** @} */ + +#endif // CC310_BACKEND_AES_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes_aead.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes_aead.c new file mode 100644 index 0000000..e8e312e --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes_aead.c @@ -0,0 +1,366 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#include <drivers/nrfx_common.h> +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +#include <stdbool.h> +#include "crys_aesccm_error.h" +#include "cc310_backend_aes_aead.h" +#include "cc310_backend_mutex.h" +#include "cc310_backend_shared.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_CC310_AES_AEAD) + +/**@internal @brief Type declaration of a template suiting all possible context sizes + * for this backend. + */ +typedef struct +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ + CRYS_AESCCM_UserContext_t context; + uint8_t key[16]; /**< Only supported key size by CC310 is 128 bit */ +} nrf_crypto_backend_cc310_aes_aead_context_t; + +static ret_code_t result_get(CRYSError_t error) +{ + ret_code_t ret_val; + + switch (error) + { + case CRYS_OK: + ret_val = NRF_SUCCESS; + break; + + case CRYS_AESCCM_INVALID_USER_CONTEXT_POINTER_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NULL; + break; + + case CRYS_AESCCM_ILLEGAL_KEY_SIZE_ERROR: + ret_val = NRF_ERROR_CRYPTO_KEY_SIZE; + break; + + case CRYS_AESCCM_ILLEGAL_TAG_SIZE_ERROR: + ret_val = NRF_ERROR_CRYPTO_AEAD_MAC_SIZE; + break; + + case CRYS_AESCCM_ILLEGAL_NONCE_SIZE_ERROR: + ret_val = NRF_ERROR_CRYPTO_AEAD_NONCE_SIZE; + break; + + case CRYS_AESCCM_ILLEGAL_PARAMETER_SIZE_ERROR: + case CRYS_AESCCM_DATA_IN_SIZE_ILLEGAL: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case CRYS_AESCCM_INVALID_KEY_POINTER_ERROR: + case CRYS_AESCCM_ILLEGAL_PARAMETER_PTR_ERROR: + case CRYS_AESCCM_DATA_IN_POINTER_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_INPUT_NULL; + break; + + case CRYS_AESCCM_IS_NOT_SUPPORTED: + case CRYS_AESCCM_INVALID_ENCRYPT_MODE_ERROR: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + case CRYS_AESCCM_DATA_OUT_SIZE_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + break; + + case CRYS_AESCCM_DATA_OUT_POINTER_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_OUTPUT_NULL; + break; + + case CRYS_AESCCM_ILLEGAL_PARAMETER_ERROR: + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + break; + + case CRYS_AESCCM_CCM_MAC_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_AEAD_INVALID_MAC; + break; + + case CRYS_AESCCM_CTX_SIZES_ERROR: + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + return ret_val; +} + +static ret_code_t backend_cc310_init(void * const p_context, uint8_t * p_key) +{ + ret_code_t ret_val; + + nrf_crypto_backend_cc310_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_aead_context_t *)p_context; + + if (!nrfx_is_in_ram(p_ctx)) + { + return NRF_ERROR_CRYPTO_INPUT_LOCATION; + } + if (p_ctx->header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_128) + { + return NRF_ERROR_CRYPTO_KEY_SIZE; + } + + switch (p_ctx->header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CCM) + case NRF_CRYPTO_AEAD_MODE_AES_CCM: + ret_val = NRF_SUCCESS; + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CCM_STAR) + case NRF_CRYPTO_AEAD_MODE_AES_CCM_STAR: + ret_val = NRF_SUCCESS; + break; +#endif + + default: + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + } + + memcpy(p_ctx->key, p_key, sizeof(p_ctx->key)); + + return ret_val; +} + +static ret_code_t backend_cc310_uninit(void * const p_context) +{ + nrf_crypto_backend_cc310_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_aead_context_t *)p_context; + + memset(&p_ctx->context, 0, sizeof(CRYS_AESCCM_UserContext_t)); + + return NRF_SUCCESS; +} + +static ret_code_t backend_cc310_crypt(void * const p_context, + nrf_crypto_operation_t operation, + uint8_t * p_nonce, + uint8_t nonce_size, + uint8_t * p_adata, + size_t adata_size, + uint8_t * p_data_in, + size_t data_in_size, + uint8_t * p_data_out, + uint8_t * p_mac, + uint8_t mac_size) + +{ + uint32_t mode; + CRYSError_t result; + ret_code_t ret_val; + bool mutex_locked; + + SaSiAesEncryptMode_t operation_cc310; + CRYS_AESCCM_Mac_Res_t mac_buffer; + + nrf_crypto_backend_cc310_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_cc310_aes_aead_context_t *)p_context; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + if (!nrfx_is_in_ram(p_adata) && (adata_size > 0)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + + /* CC310 supports: CCM & CCM*, where nonce_size must be > 0, so p_nonce must always + point to RAM. */ + if (!nrfx_is_in_ram(p_nonce) || + !nrfx_is_in_ram(p_data_in) || + !nrfx_is_in_ram(p_data_out) || + !nrfx_is_in_ram(p_mac)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + + if (operation == NRF_CRYPTO_DECRYPT) + { + operation_cc310 = SASI_AES_DECRYPT; + } + else if (operation == NRF_CRYPTO_ENCRYPT) + { + operation_cc310 = SASI_AES_ENCRYPT; + } + else + { + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + goto exit; + } + + if (p_ctx->header.p_info->mode == NRF_CRYPTO_AEAD_MODE_AES_CCM) + { + mode = CRYS_AESCCM_MODE_CCM; + + /* Allowed MAC size in CCM mode: [4, 6, 8, 10, 12, 14, 16] */ + if ((mac_size < NRF_CRYPTO_AES_CCM_MAC_MIN) || + (mac_size > NRF_CRYPTO_AES_CCM_MAC_MAX) || + ((mac_size & 0x01) != 0)) + { + ret_val = NRF_ERROR_CRYPTO_AEAD_MAC_SIZE; + goto exit; + } + + if ((nonce_size < NRF_CRYPTO_AES_CCM_NONCE_SIZE_MIN) || + (nonce_size > NRF_CRYPTO_AES_CCM_NONCE_SIZE_MAX)) + { + ret_val = NRF_ERROR_CRYPTO_AEAD_NONCE_SIZE; + goto exit; + } + } + else + { + mode = CRYS_AESCCM_MODE_STAR; + + /* Allowed MAC size in CCM* mode: [0, 4, 8, 16] */ + if ((mac_size | NRF_CRYPTO_AES_CCM_STAR_MAC_BITMASK) != NRF_CRYPTO_AES_CCM_STAR_MAC_BITMASK) + { + ret_val = NRF_ERROR_CRYPTO_AEAD_MAC_SIZE; + goto exit; + } + + /* Allowed nonce size in CCM* mode: [13] */ + if (nonce_size != NRF_CRYPTO_AES_CCM_STAR_NONCE_SIZE) + { + ret_val = NRF_ERROR_CRYPTO_AEAD_NONCE_SIZE; + goto exit; + } + } + + cc310_backend_enable(); + + result = CC_AESCCM_Init(&p_ctx->context, + operation_cc310, + p_ctx->key, + CRYS_AES_Key128BitSize, // the only allowed key size for CC310 + (uint32_t)adata_size, + (uint32_t)data_in_size, + p_nonce, + nonce_size, + mac_size, + mode); + + cc310_backend_disable(); + + ret_val = result_get(result); + + if (ret_val != NRF_SUCCESS) + { + goto exit; + } + + if ((adata_size > 0) && (p_adata != NULL)) + { + cc310_backend_enable(); + + result = CRYS_AESCCM_BlockAdata(&p_ctx->context, + p_adata, + (uint32_t)adata_size); + + cc310_backend_disable(); + + ret_val = result_get(result); + + if (ret_val != NRF_SUCCESS) + { + goto exit; + } + } + + /* CC310 backend always needs 16 bytes buffer for MAC calculation. */ + memcpy(mac_buffer, p_mac, mac_size); + + cc310_backend_enable(); + + result = CRYS_AESCCM_Finish(&p_ctx->context, + p_data_in, + (uint32_t)data_in_size, + p_data_out, + mac_buffer, + &mac_size); + + cc310_backend_disable(); + + ret_val = result_get(result); + if (ret_val == NRF_SUCCESS) + { + memcpy(p_mac, mac_buffer, mac_size); + } + +exit: + cc310_backend_mutex_unlock(); + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CCM) +nrf_crypto_aead_info_t const g_nrf_crypto_aes_ccm_128_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .mode = NRF_CRYPTO_AEAD_MODE_AES_CCM, + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .crypt_fn = backend_cc310_crypt +}; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CCM_STAR) +nrf_crypto_aead_info_t const g_nrf_crypto_aes_ccm_star_128_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .mode = NRF_CRYPTO_AEAD_MODE_AES_CCM_STAR, + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .crypt_fn = backend_cc310_crypt +}; +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_CC310_AES_AEAD) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes_aead.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes_aead.h new file mode 100644 index 0000000..34622d9 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_aes_aead.h @@ -0,0 +1,124 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_AES_AEAD_H__ +#define CC310_BACKEND_AES_AEAD_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_backend_aes_aead nrf_crypto CC310 backend AES AEAD + * @{ + * @ingroup nrf_crypto_cc310_backend + * + * @brief AES AEAD functionality provided by the nrf_crypto CC310 backend. + */ + +#include "sdk_config.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include "crys_aesccm.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_aead_shared.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define NRF_CRYPTO_CC310_AES_BACKEND_KEY_SIZE (16) + + +/* AES CCM */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CCM) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CCM) +#error "Duplicate definition of AES CCM mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CCM_ENABLED 1 +#undef NRF_CRYPTO_AEAD_ENABLED +#define NRF_CRYPTO_AEAD_ENABLED 1 // Flag that nrf_crypto_aead frontend can be compiled +#undef NRF_CRYPTO_CC310_AES_AEAD_ENABLED +#define NRF_CRYPTO_CC310_AES_AEAD_ENABLED 1 // aead backend for cc310 can be compiled + +/* define for test purposes */ +#define NRF_CRYPTO_AES_CCM_128_ENABLED 1 + +typedef struct +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ + CRYS_AESCCM_UserContext_t context; /**< AES CCM context internal to CC310. */ + + uint8_t key[NRF_CRYPTO_CC310_AES_BACKEND_KEY_SIZE]; +} nrf_crypto_backend_aes_ccm_context_t; +#endif + +/* AES CCM* (CCM STAR) */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_AES_CCM_STAR) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CCM_STAR) +#error "Duplicate definition of AES CCM* (star) mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CCM_STAR_ENABLED 1 +#undef NRF_CRYPTO_AEAD_ENABLED +#define NRF_CRYPTO_AEAD_ENABLED 1 // Flag that nrf_crypto_aes_aead frontend can be compiled +#undef NRF_CRYPTO_CC310_AES_AEAD_ENABLED +#define NRF_CRYPTO_CC310_AES_AEAD_ENABLED 1 // aead backend for cc310 can be compiled + +/* define for test purposes */ +#define NRF_CRYPTO_AES_CCM_STAR_128_ENABLED 1 + +typedef struct +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ + CRYS_AESCCM_UserContext_t context; /**< AES CCM context internal to CC310. */ + + uint8_t key[NRF_CRYPTO_CC310_AES_BACKEND_KEY_SIZE]; +} nrf_crypto_backend_aes_ccm_star_context_t; +#endif + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +/** @} */ + +#endif // CC310_BACKEND_AES_AEAD_H__ + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_chacha_poly_aead.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_chacha_poly_aead.c new file mode 100644 index 0000000..16ca026 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_chacha_poly_aead.c @@ -0,0 +1,214 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +#include <drivers/nrfx_common.h> +#include <stdbool.h> +#include "cc310_backend_mutex.h" +#include "crys_chacha_poly_error.h" +#include "cc310_backend_chacha_poly_aead.h" +#include "cc310_backend_shared.h" +#include "cc310_backend_shared.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_CC310_CHACHA_POLY_AEAD) + +static ret_code_t result_get(CRYSError_t error) +{ + ret_code_t ret_val; + + switch (error) + { + case CRYS_OK: + ret_val = NRF_SUCCESS; + break; + + /*! Invalid Additional data. */ + case CRYS_CHACHA_POLY_DATA_INVALID_ERROR: + case CRYS_CHACHA_POLY_ADATA_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_INPUT_NULL; + break; + + /*! Illegal encryption mode. */ + case CRYS_CHACHA_POLY_ENC_MODE_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + break; + + /*! Illegal data size. */ + case CRYS_CHACHA_POLY_DATA_SIZE_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + /*! MAC comparison error. */ + case CRYS_CHACHA_POLY_MAC_ERROR: + ret_val = NRF_ERROR_CRYPTO_AEAD_INVALID_MAC; + break; + + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + return ret_val; +} + +static ret_code_t backend_cc310_init(void * const p_context, uint8_t * p_key) +{ + nrf_crypto_backend_chacha_poly_context_t * p_ctx = + (nrf_crypto_backend_chacha_poly_context_t *)p_context; + + if (!nrfx_is_in_ram(p_ctx)) + { + return NRF_ERROR_CRYPTO_INPUT_LOCATION; + } + + if (p_ctx->header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_256) + { + return NRF_ERROR_CRYPTO_KEY_SIZE; + } + + memcpy(p_ctx->key, p_key, sizeof(p_ctx->key)); + return NRF_SUCCESS; +} + +static inline ret_code_t backend_cc310_uninit(void * const p_context) +{ + return NRF_SUCCESS; +} + +static ret_code_t backend_cc310_crypt(void * const p_context, + nrf_crypto_operation_t operation, + uint8_t * p_nonce, + uint8_t nonce_size, + uint8_t * p_adata, + size_t adata_size, + uint8_t * p_data_in, + size_t data_in_size, + uint8_t * p_data_out, + uint8_t * p_mac, + uint8_t mac_size) + +{ + CRYSError_t result; + ret_code_t ret_val; + bool mutex_locked; + + CRYS_CHACHA_EncryptMode_t operation_cc310; + + nrf_crypto_backend_chacha_poly_context_t * p_ctx = + (nrf_crypto_backend_chacha_poly_context_t *)p_context; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + if ((adata_size == 0) || (data_in_size == 0)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + goto exit; + } + + if (mac_size != NRF_CRYPTO_CHACHA_POLY_MAC_SIZE) + { + ret_val = NRF_ERROR_CRYPTO_AEAD_MAC_SIZE; + goto exit; + } + + if (nonce_size != NRF_CRYPTO_CHACHA_POLY_NONCE_SIZE) + { + ret_val = NRF_ERROR_CRYPTO_AEAD_NONCE_SIZE; + goto exit; + } + + if (!nrfx_is_in_ram(p_data_in) || !nrfx_is_in_ram(p_data_out) || + !nrfx_is_in_ram(p_mac) || !nrfx_is_in_ram(p_adata) || + !nrfx_is_in_ram(p_nonce)) + { + ret_val = NRF_ERROR_CRYPTO_INPUT_LOCATION; + goto exit; + } + + if (operation == NRF_CRYPTO_DECRYPT) + { + operation_cc310 = CRYS_CHACHA_Decrypt; + } + else if (operation == NRF_CRYPTO_ENCRYPT) + { + operation_cc310 = CRYS_CHACHA_Encrypt; + } + else + { + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + goto exit; + } + + cc310_backend_enable(); + + result = CRYS_CHACHA_POLY(p_nonce, + p_ctx->key, + operation_cc310, + p_adata, + adata_size, + p_data_in, + data_in_size, + p_data_out, + (uint32_t *)p_mac); + cc310_backend_disable(); + + ret_val = result_get(result); + +exit: + cc310_backend_mutex_unlock(); + return ret_val; +} + +nrf_crypto_aead_info_t const g_nrf_crypto_chacha_poly_256_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .mode = NRF_CRYPTO_AEAD_MODE_CHACHA_POLY, + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .crypt_fn = backend_cc310_crypt +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_CC310_CHACHA_POLY_AEAD) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_chacha_poly_aead.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_chacha_poly_aead.h new file mode 100644 index 0000000..4c1edf9 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_chacha_poly_aead.h @@ -0,0 +1,99 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_CHACHA_POLY_AEAD_H__ +#define CC310_BACKEND_CHACHA_POLY_AEAD_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_backend_chacha_poly_aead nrf_crypto CC310 backend CHACHA_POLY AEAD + * @{ + * @ingroup nrf_crypto_cc310_backend + * + * @brief CHACHA_POLY AEAD functionality provided by the nrf_crypto CC310 backend. + */ + +#include "sdk_config.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include "crys_chacha_poly.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_aead_shared.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define NRF_CRYPTO_CC310_CHACHA_POLY_BACKEND_KEY_SIZE (32) + +/* CHACHA-POLY */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_CHACHA_POLY) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_CHACHA_POLY) +#error "Duplicate definition of CHACHA-POLY mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_CHACHA_POLY_ENABLED 1 +#undef NRF_CRYPTO_AEAD_ENABLED +#define NRF_CRYPTO_AEAD_ENABLED 1 // Flag that nrf_crypto_aead frontend can be compiled +#undef NRF_CRYPTO_CC310_CHACHA_POLY_AEAD_ENABLED +#define NRF_CRYPTO_CC310_CHACHA_POLY_AEAD_ENABLED 1 // aead backend for cc310 can be compiled + +/* defines for test purposes */ +#define NRF_CRYPTO_CHACHA_POLY_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ + + uint8_t key[NRF_CRYPTO_CC310_CHACHA_POLY_BACKEND_KEY_SIZE]; +} nrf_crypto_backend_chacha_poly_context_t; +#endif + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +/** @} */ + +#endif // CC310_BACKEND_CHACHA_POLY_AEAD_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecc.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecc.c new file mode 100644 index 0000000..e93230c --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecc.c @@ -0,0 +1,464 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include <string.h> + +#include "nrf_crypto_mem.h" +#include "nrf_crypto_ecc.h" +#include "cc310_backend_ecc.h" +#include "cc310_backend_shared.h" +#include "cc310_backend_mutex.h" +#include "crys_ecpki_kg.h" +#include "crys_ecpki_domain.h" +#include "crys_ecpki_build.h" +#include "crys_ecpki_error.h" +#include "crys_rnd_error.h" + + +#define CC310_UNCOMPRESSED_PUBLIC_KEY_ID_BYTE 0x04 /**< @brief @internal Byte value used by CC310 library to prefix uncompressed public key. */ + + +ret_code_t nrf_crypto_backend_cc310_ecc_error_convert(uint32_t crys_error) +{ + switch (crys_error) + { + case CRYS_OK: + return NRF_SUCCESS; + + case CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR: + return NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE; + + case CRYS_RND_INSTANTIATION_NOT_DONE_ERROR: + return NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED; + + default: + return NRF_ERROR_CRYPTO_INTERNAL; + } +} + + +/** @internal @brief Returns domain value from @ref CRYS_ECPKI_DomainID_t enum based on + * value from info structure. + * + * @param[in] p_info Curve info. + * @returns Pointer to CC310 domain. + */ +static CRYS_ECPKI_Domain_t const * get_domain(nrf_crypto_ecc_curve_info_t const * p_info) +{ + CRYS_ECPKI_DomainID_t domain_id = (CRYS_ECPKI_DomainID_t)(intptr_t)p_info->p_backend_data; + const CRYS_ECPKI_Domain_t * domain = CRYS_ECPKI_GetEcDomain(domain_id); + return domain; +} + + +ret_code_t nrf_crypto_backend_cc310_ecc_public_key_convert( + nrf_crypto_backend_cc310_ecc_public_key_t * p_pub, + CRYS_ECPKI_BUILD_TempData_t * p_temp_data) +{ + ret_code_t result; + CRYSError_t crys_error; + CRYS_ECPKI_Domain_t const * p_domain; + uint8_t ucompressed_key[NRF_CRYPTO_ECC_RAW_PUBLIC_KEY_MAX_SIZE + 1]; + bool mutex_locked; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + if (p_pub->key_converted) + { + return NRF_SUCCESS; + } + + p_domain = get_domain(p_info); + + // Tell CC310 library that this is raw public key in uncompressed format. + ucompressed_key[0] = CC310_UNCOMPRESSED_PUBLIC_KEY_ID_BYTE; + memcpy(&ucompressed_key[1], p_pub->key.raw_public_key, p_info->raw_public_key_size); + + mutex_locked = cc310_backend_mutex_trylock(); + if (!mutex_locked) + { + return NRF_ERROR_CRYPTO_BUSY; + } + + cc310_backend_enable(); + + crys_error = CRYS_ECPKI_BuildPublKeyFullCheck(p_domain, + ucompressed_key, + p_info->raw_public_key_size + 1, + &p_pub->key.cc310_public_key, + p_temp_data); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + result = nrf_crypto_backend_cc310_ecc_error_convert(crys_error); + if (result == NRF_SUCCESS) + { + p_pub->key_converted = true; + } + else + { + memcpy(p_pub->key.raw_public_key, &ucompressed_key[1], p_info->raw_public_key_size); + } + + return result; +} + + +ret_code_t nrf_crypto_backend_cc310_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key) +{ + ret_code_t result; + CRYSError_t crys_error; + CRYS_ECPKI_Domain_t const * p_domain; + bool mutex_locked; + + nrf_crypto_backend_cc310_key_pair_generate_context_t * p_ctx = + (nrf_crypto_backend_cc310_key_pair_generate_context_t *)p_context; + + nrf_crypto_backend_cc310_ecc_private_key_t * p_prv = + (nrf_crypto_backend_cc310_ecc_private_key_t *)p_private_key; + + nrf_crypto_backend_cc310_ecc_public_key_t * p_pub = + (nrf_crypto_backend_cc310_ecc_public_key_t *)p_public_key; + + p_domain = get_domain(p_prv->header.p_info); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + crys_error = CRYS_ECPKI_GenKeyPair(p_context, + nrf_crypto_backend_cc310_rng, + p_domain, + &p_prv->private_key, + &p_pub->key.cc310_public_key, + &p_ctx->temp_data, + NULL); + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + p_pub->key_converted = true; + + result = nrf_crypto_backend_cc310_ecc_error_convert(crys_error); + return result; +} + + +ret_code_t nrf_crypto_backend_cc310_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data) +{ + ret_code_t result; + CRYSError_t crys_error; + CRYS_ECPKI_Domain_t const * p_domain; + bool mutex_locked; + + nrf_crypto_backend_cc310_ecc_private_key_t * p_prv = + (nrf_crypto_backend_cc310_ecc_private_key_t *)p_private_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + p_domain = get_domain(p_info); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + crys_error = CRYS_ECPKI_BuildPrivKey(p_domain, + p_raw_data, + p_info->raw_private_key_size, + &p_prv->private_key); + + cc310_backend_mutex_unlock(); + + result = nrf_crypto_backend_cc310_ecc_error_convert(crys_error); + return result; +} + + +ret_code_t nrf_crypto_backend_cc310_private_key_to_raw( + void const * p_private_key, + uint8_t * p_raw_data) +{ + ret_code_t result; + CRYSError_t crys_error; + uint32_t key_size; + + nrf_crypto_backend_cc310_ecc_private_key_t * p_prv = + (nrf_crypto_backend_cc310_ecc_private_key_t *)p_private_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + key_size = p_info->raw_private_key_size; + + crys_error = CRYS_ECPKI_ExportPrivKey(&p_prv->private_key, + p_raw_data, + &key_size); + + if (key_size != p_info->raw_private_key_size) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + result = nrf_crypto_backend_cc310_ecc_error_convert(crys_error); + + return result; +} + + +ret_code_t nrf_crypto_backend_cc310_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data) +{ + nrf_crypto_backend_cc310_ecc_public_key_t * p_pub = + (nrf_crypto_backend_cc310_ecc_public_key_t *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + memcpy(p_pub->key.raw_public_key, p_raw_data, p_info->raw_public_key_size); + p_pub->key_converted = false; + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_cc310_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data) +{ + ret_code_t result; + CRYSError_t crys_error; + uint8_t ucompressed_key[NRF_CRYPTO_ECC_RAW_PUBLIC_KEY_MAX_SIZE + 1]; + uint32_t key_size; + bool mutex_locked; + + nrf_crypto_backend_cc310_ecc_public_key_t * p_pub = + (nrf_crypto_backend_cc310_ecc_public_key_t *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + if (!p_pub->key_converted) + { + memcpy(p_raw_data, p_pub->key.raw_public_key, p_info->raw_public_key_size); + return NRF_SUCCESS; + } + + mutex_locked = cc310_backend_mutex_trylock(); + if (!mutex_locked) + { + return NRF_ERROR_CRYPTO_BUSY; + } + + key_size = p_info->raw_public_key_size + 1; + + crys_error = CRYS_ECPKI_ExportPublKey(&p_pub->key.cc310_public_key, + CRYS_EC_PointUncompressed, + ucompressed_key, + &key_size); + + cc310_backend_mutex_unlock(); + + if ((key_size != p_info->raw_public_key_size + 1) + || (ucompressed_key[0] != CC310_UNCOMPRESSED_PUBLIC_KEY_ID_BYTE)) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + memcpy(p_raw_data, &ucompressed_key[1], p_info->raw_public_key_size); + + result = nrf_crypto_backend_cc310_ecc_error_convert(crys_error); + return result; +} + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp160r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP160R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP160R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP160R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp160r1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R2) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp160r2_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP160R2_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP160R2_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP160R2_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp160r2, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp192r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP192R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP192R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP192R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp192r1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp224r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP224R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP224R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp224r1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp256r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP256R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp256r1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP384R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp384r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP384R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP384R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP384R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp384r1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP521R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp521r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP521R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP521R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP521R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp521r1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160K1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp160k1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP160K1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP160K1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP160K1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp160k1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192K1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp192k1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP192K1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP192K1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP192K1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp192k1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224K1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp224k1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP224K1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP224K1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP224K1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp224k1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256K1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp256k1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_cc310_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_cc310_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP256K1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP256K1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP256K1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)CRYS_ECPKI_DomainID_secp256k1, +}; +#endif + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecc.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecc.h new file mode 100644 index 0000000..f9f20e2 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecc.h @@ -0,0 +1,548 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_ECC_H__ +#define CC310_BACKEND_ECC_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include <stdbool.h> +#include "nrf_crypto_ecc_shared.h" +#include "crys_ecpki_kg.h" + + +#ifdef __cplusplus +extern "C" { +#endif + +/** @internal @brief Common structure holding private key for CC310. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + CRYS_ECPKI_UserPrivKey_t private_key; /**< @internal @brief CC310 specific key representation */ +} nrf_crypto_backend_cc310_ecc_private_key_t; + + +/** @internal @brief Common structure holding public key for CC310. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + bool key_converted; /**< @internal @brief True if key was already converted from raw_public_key to cc310_public_key */ + union + { + CRYS_ECPKI_UserPublKey_t cc310_public_key; /**< @internal @brief CC310 specific key representation */ + uint8_t raw_public_key[132]; /**< @internal @brief raw key representation */ + } key; +} nrf_crypto_backend_cc310_ecc_public_key_t; + + +/** @internal @brief Common structure holding context for key pair generation. + */ +typedef struct +{ + CRYS_ECPKI_KG_TempData_t temp_data; /**< @internal @brief Temporary buffer for CC310 internal storage */ +} nrf_crypto_backend_cc310_key_pair_generate_context_t; + + +/** @internal See @ref nrf_crypto_backend_ecc_key_pair_generate_fn_t. + */ +ret_code_t nrf_crypto_backend_cc310_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key); + + +/** @internal See @ref nrf_crypto_backend_ecc_private_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_cc310_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_private_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_cc310_private_key_to_raw( + void const * p_private_key, + uint8_t * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_cc310_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_cc310_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data); + + +/** @internal @brief Convert error code from CC310 to nrf_crypto error code. + * + * @param[in] crys_error CC310 error code. + * @return nrf_crypto error code. + */ +ret_code_t nrf_crypto_backend_cc310_ecc_error_convert(uint32_t crys_error); + + +/** @internal @brief Converts public key from raw to CC310 representation if not converted already. + * + * Data are read from p_pub->key.raw_public_key to stored into p_pub->cc310_public_key. + * + * @param[in] p_pub Public key to convert. + * @param[in] p_temp_data Buffer for temporary data used by CC310 lib. + * @return nrf_crypto error code. + */ +ret_code_t nrf_crypto_backend_cc310_ecc_public_key_convert( + nrf_crypto_backend_cc310_ecc_public_key_t * p_pub, + CRYS_ECPKI_BUILD_TempData_t * p_temp_data); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP160R1) +#error "More than one backend enabled for secp160r1 (NIST 160-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP160R1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp160r1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp160r1_public_key_calculate NULL +#define nrf_crypto_backend_secp160r1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp160r1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp160r1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp160r1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp160r1_private_key_free NULL +#define nrf_crypto_backend_secp160r1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP160R1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP160R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp160r1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp160r1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp160r1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp160r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R2) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP160R2) +#error "More than one backend enabled for secp160r2 (NIST 160-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP160R2_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp160r2_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp160r2_public_key_calculate NULL +#define nrf_crypto_backend_secp160r2_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp160r2_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp160r2_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp160r2_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp160r2_private_key_free NULL +#define nrf_crypto_backend_secp160r2_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP160R2_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP160R2_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp160r2_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp160r2_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp160r2_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp160r2_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R2) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP192R1) +#error "More than one backend enabled for secp192r1 (NIST 192-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP192R1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp192r1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp192r1_public_key_calculate NULL +#define nrf_crypto_backend_secp192r1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp192r1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp192r1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp192r1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp192r1_private_key_free NULL +#define nrf_crypto_backend_secp192r1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP192R1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP192R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp192r1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp192r1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp192r1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp192r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP224R1) +#error "More than one backend enabled for secp224r1 (NIST 224-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP224R1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp224r1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp224r1_public_key_calculate NULL +#define nrf_crypto_backend_secp224r1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp224r1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp224r1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp224r1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp224r1_private_key_free NULL +#define nrf_crypto_backend_secp224r1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP224R1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP224R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp224r1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp224r1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp224r1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp224r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP256R1) +#error "More than one backend enabled for secp256r1 (NIST 256-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP256R1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp256r1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp256r1_public_key_calculate NULL +#define nrf_crypto_backend_secp256r1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp256r1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp256r1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp256r1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp256r1_private_key_free NULL +#define nrf_crypto_backend_secp256r1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP256R1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP256R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp256r1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp256r1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp256r1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp256r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP384R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP384R1) +#error "More than one backend enabled for secp384r1 (NIST 384-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP384R1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp384r1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp384r1_public_key_calculate NULL +#define nrf_crypto_backend_secp384r1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp384r1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp384r1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp384r1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp384r1_private_key_free NULL +#define nrf_crypto_backend_secp384r1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP384R1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP384R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp384r1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp384r1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp384r1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp384r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP384R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP521R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP521R1) +#error "More than one backend enabled for secp521r1 (NIST 521-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP521R1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp521r1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp521r1_public_key_calculate NULL +#define nrf_crypto_backend_secp521r1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp521r1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp521r1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp521r1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp521r1_private_key_free NULL +#define nrf_crypto_backend_secp521r1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP521R1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP521R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp521r1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp521r1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp521r1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp521r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP521R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160K1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP160K1) +#error "More than one backend enabled for secp160k1 (Koblitz 160-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP160K1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp160k1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp160k1_public_key_calculate NULL +#define nrf_crypto_backend_secp160k1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp160k1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp160k1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp160k1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp160k1_private_key_free NULL +#define nrf_crypto_backend_secp160k1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP160K1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP160K1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp160k1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp160k1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp160k1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp160k1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192K1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP192K1) +#error "More than one backend enabled for secp192k1 (Koblitz 192-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP192K1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp192k1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp192k1_public_key_calculate NULL +#define nrf_crypto_backend_secp192k1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp192k1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp192k1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp192k1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp192k1_private_key_free NULL +#define nrf_crypto_backend_secp192k1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP192K1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP192K1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp192k1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp192k1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp192k1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp192k1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224K1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP224K1) +#error "More than one backend enabled for secp224k1 (Koblitz 224-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP224K1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp224k1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp224k1_public_key_calculate NULL +#define nrf_crypto_backend_secp224k1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp224k1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp224k1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp224k1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp224k1_private_key_free NULL +#define nrf_crypto_backend_secp224k1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP224K1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP224K1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp224k1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp224k1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp224k1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp224k1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256K1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP256K1) +#error "More than one backend enabled for secp256k1 (Koblitz 256-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP256K1_ENABLED 1 + +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp256k1_key_pair_generate nrf_crypto_backend_cc310_key_pair_generate +#define nrf_crypto_backend_secp256k1_public_key_calculate NULL +#define nrf_crypto_backend_secp256k1_private_key_from_raw nrf_crypto_backend_cc310_private_key_from_raw +#define nrf_crypto_backend_secp256k1_private_key_to_raw nrf_crypto_backend_cc310_private_key_to_raw +#define nrf_crypto_backend_secp256k1_public_key_from_raw nrf_crypto_backend_cc310_public_key_from_raw +#define nrf_crypto_backend_secp256k1_public_key_to_raw nrf_crypto_backend_cc310_public_key_to_raw +#define nrf_crypto_backend_secp256k1_private_key_free NULL +#define nrf_crypto_backend_secp256k1_public_key_free NULL + +// Context sizes required by CC310 +#define NRF_CRYPTO_BACKEND_SECP256K1_KEY_PAIR_GENERATE_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_key_pair_generate_context_t) +#define NRF_CRYPTO_BACKEND_SECP256K1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// All CC310 curve types share the same data structures for keys +typedef nrf_crypto_backend_cc310_ecc_private_key_t nrf_crypto_backend_secp256k1_private_key_t; +typedef nrf_crypto_backend_cc310_ecc_public_key_t nrf_crypto_backend_secp256k1_public_key_t; + +// All CC310 curve types share the same data structures for context +typedef nrf_crypto_backend_cc310_key_pair_generate_context_t + nrf_crypto_backend_secp256k1_key_pair_generate_context_t; + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp256k1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256K1) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#endif // CC310_BACKEND_ECC_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdh.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdh.c new file mode 100644 index 0000000..48c2e5c --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdh.c @@ -0,0 +1,131 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include <string.h> + +#include "nrf_crypto_ecc_shared.h" +#include "nrf_crypto_ecdh_shared.h" +#include "nrf_crypto_ecdh.h" +#include "nrf_crypto_mem.h" +#include "cc310_backend_mutex.h" +#include "cc310_backend_shared.h" +#include "cc310_backend_ecdh.h" + + +ret_code_t nrf_crypto_backend_cc310_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret) +{ + ret_code_t result; + CRYSError_t crys_error; + uint32_t shared_secret_size; + uint8_t aligned_buffer[(NRF_CRYPTO_ECDH_SHARED_SECRET_MAX_SIZE + 3) & ~3]; + uint8_t * p_output_buffer; + bool mutex_locked; + + nrf_crypto_backend_cc310_ecdh_compute_context_t * p_ctx = + (nrf_crypto_backend_cc310_ecdh_compute_context_t *)p_context; + + nrf_crypto_backend_cc310_ecc_private_key_t * p_prv = + (nrf_crypto_backend_cc310_ecc_private_key_t *)p_private_key; + + nrf_crypto_backend_cc310_ecc_public_key_t * p_pub = + (nrf_crypto_backend_cc310_ecc_public_key_t *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + result = nrf_crypto_backend_cc310_ecc_public_key_convert(p_pub, &p_ctx->key_build_temp_data); + if (result != NRF_SUCCESS) + { + return result; + } + + shared_secret_size = p_info->raw_private_key_size; + + if ((shared_secret_size & 3) != 0) // Check if shared_secret_size is word aligned + { + shared_secret_size = (shared_secret_size + 3) & ~3; + p_output_buffer = &aligned_buffer[0]; + } + else + { + p_output_buffer = p_shared_secret; + } + + mutex_locked = cc310_backend_mutex_trylock(); + if (!mutex_locked) + { + return NRF_ERROR_CRYPTO_BUSY; + } + + cc310_backend_enable(); + + crys_error = CRYS_ECDH_SVDP_DH(&p_pub->key.cc310_public_key, + &p_prv->private_key, + p_output_buffer, + &shared_secret_size, + &p_ctx->temp_data); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + if (p_output_buffer != p_shared_secret) + { + //lint -save -e645 (Symbol 'aligned_buffer' may not have been initialized) + memcpy(p_shared_secret, + &aligned_buffer[3 - ((p_info->raw_private_key_size + 3) & 3)], // Bytes at the beginning that were added during padding are now skipped + p_info->raw_private_key_size); + //lint -restore + } + + result = nrf_crypto_backend_cc310_ecc_error_convert(crys_error); + return result; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdh.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdh.h new file mode 100644 index 0000000..0fe1dc4 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdh.h @@ -0,0 +1,182 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_ECDH_H__ +#define CC310_BACKEND_ECDH_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_ecdh_shared.h" +#include "crys_ecpki_dh.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +/** @internal @brief Common structure holding context for ECDH. + */ +typedef union +{ + CRYS_ECDH_TempData_t temp_data; /**< @internal @brief Temporary buffer for CC310 internal storage */ + CRYS_ECPKI_BUILD_TempData_t key_build_temp_data; /**< @internal @brief Temporary buffer for CC310 public key build */ +} nrf_crypto_backend_cc310_ecdh_compute_context_t; + + +/** @internal See @ref nrf_crypto_backend_ecdh_compute_fn_t. + */ +ret_code_t nrf_crypto_backend_cc310_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp160r1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP160R1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp160r1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R2) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp160r2_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP160R2_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp160r2_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R2) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192R1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp192r1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP192R1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp192r1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224R1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp224r1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP224R1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp224r1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256R1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp256r1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP256R1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp256r1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP384R1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp384r1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP384R1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp384r1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP384R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP521R1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp521r1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP521R1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp521r1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP521R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160K1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp160k1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP160K1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp160k1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192K1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp192k1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP192K1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp192k1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224K1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp224k1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP224K1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp224k1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256K1) +// Aliases for one common CC310 implementation +#define nrf_crypto_backend_secp256k1_ecdh_compute nrf_crypto_backend_cc310_ecdh_compute +#define NRF_CRYPTO_BACKEND_SECP256K1_ECDH_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_ecdh_compute_context_t) +typedef nrf_crypto_backend_cc310_ecdh_compute_context_t nrf_crypto_backend_secp256k1_ecdh_context_t; +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256K1) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#endif // CC310_BACKEND_ECDH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdsa.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdsa.c new file mode 100644 index 0000000..69a1a86 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdsa.c @@ -0,0 +1,223 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include <string.h> +#include "ssi_pal_types.h" +#include "ssi_pal_mem.h" +#include "sns_silib.h" +#include "crys_rnd.h" +#include "crys_ecpki_ecdsa.h" +#include "crys_ecpki_error.h" +#include "crys_kdf_error.h" +#include "crys_hash_error.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_ecc_shared.h" +#include "nrf_crypto_ecdsa_shared.h" +#include "nrf_crypto_ecdsa.h" +#include "cc310_backend_ecdsa.h" +#include "cc310_backend_shared.h" +#include "cc310_backend_mutex.h" + + +#define CC310_SHA1_DIGEST_SIZE (160 / 8) /**< @internal @brief Digest size of SHA-1 */ +#define CC310_SHA224_DIGEST_SIZE (224 / 8) /**< @internal @brief Digest size of SHA-224 */ +#define CC310_SHA256_DIGEST_SIZE (256 / 8) /**< @internal @brief Digest size of SHA-256 */ +#define CC310_SHA384_DIGEST_SIZE (384 / 8) /**< @internal @brief Digest size of SHA-384 */ +#define CC310_SHA512_DIGEST_SIZE (512 / 8) /**< @internal @brief Digest size of SHA-512 */ + + +/** @internal @brief Returns enum value of @ref CRYS_ECPKI_HASH_OpMode_t based on provided hash size. + * + * @param[in] data_size Hash size + * @return Value from @ref CRYS_ECPKI_HASH_OpMode_t or CRYS_ECPKI_HASH_OpModeLast if + * cannot find implemented hash with provided size. + */ +static CRYS_ECPKI_HASH_OpMode_t hash_mode_from_size(uint32_t data_size) +{ + CRYS_ECPKI_HASH_OpMode_t hash_mode; + + switch (data_size) + { + case CC310_SHA1_DIGEST_SIZE: + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA1_mode; + break; + + case CC310_SHA224_DIGEST_SIZE: + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA224_mode; + break; + + case CC310_SHA256_DIGEST_SIZE: + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA256_mode; + break; + + case CC310_SHA384_DIGEST_SIZE: + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA384_mode; + break; + + case CC310_SHA512_DIGEST_SIZE: + hash_mode = CRYS_ECPKI_AFTER_HASH_SHA512_mode; + break; + + default: + hash_mode = CRYS_ECPKI_HASH_OpModeLast; + break; + } + + return hash_mode; +} + + +ret_code_t nrf_crypto_backend_cc310_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature) +{ + ret_code_t result; + CRYSError_t crys_error; + uint32_t signature_size; + CRYS_ECPKI_HASH_OpMode_t hash_mode = hash_mode_from_size(data_size); + bool mutex_locked; + + nrf_crypto_backend_cc310_sign_context_t * p_ctx = + (nrf_crypto_backend_cc310_sign_context_t *)p_context; + + nrf_crypto_backend_cc310_ecc_private_key_t * p_prv = + (nrf_crypto_backend_cc310_ecc_private_key_t *)p_private_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + if (hash_mode == CRYS_ECPKI_HASH_OpModeLast) + { + return NRF_ERROR_CRYPTO_INPUT_LENGTH; + } + + signature_size = p_info->raw_public_key_size; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + crys_error = CRYS_ECDSA_Sign(p_context, + nrf_crypto_backend_cc310_rng, + &p_ctx->user_context, + &p_prv->private_key, + hash_mode, + (uint8_t *)p_data, + data_size, + p_signature, + &signature_size); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + result = nrf_crypto_backend_cc310_ecc_error_convert(crys_error); + + if (result == NRF_SUCCESS && signature_size != p_info->raw_public_key_size) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + return result; +} + + +ret_code_t nrf_crypto_backend_cc310_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature) +{ + ret_code_t result; + CRYSError_t crys_error; + CRYS_ECPKI_HASH_OpMode_t hash_mode = hash_mode_from_size(data_size); + bool mutex_locked; + + nrf_crypto_backend_cc310_verify_context_t * p_ctx = + (nrf_crypto_backend_cc310_verify_context_t *)p_context; + + nrf_crypto_backend_cc310_ecc_public_key_t * p_pub = + (nrf_crypto_backend_cc310_ecc_public_key_t *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + result = nrf_crypto_backend_cc310_ecc_public_key_convert(p_pub, &p_ctx->key_build_temp_data); + if (result != NRF_SUCCESS) + { + return result; + } + + if (hash_mode == CRYS_ECPKI_HASH_OpModeLast) + { + return NRF_ERROR_CRYPTO_INPUT_LENGTH; + } + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + crys_error = CRYS_ECDSA_Verify(&p_ctx->user_context, + &p_pub->key.cc310_public_key, + hash_mode, + (uint8_t *)p_signature, + p_info->raw_public_key_size, + (uint8_t *)p_data, + data_size); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + result = nrf_crypto_backend_cc310_ecc_error_convert(crys_error); + return result; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdsa.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdsa.h new file mode 100644 index 0000000..b57c18e --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_ecdsa.h @@ -0,0 +1,234 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_ECDSA_H__ +#define CC310_BACKEND_ECDSA_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include "nrf_crypto_ecc_shared.h" +#include "nrf_crypto_ecdsa_shared.h" +#include "crys_ecpki_types.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +/** @internal @brief Common structure holding context for ECDSA sign. + */ +typedef struct +{ + CRYS_ECDSA_SignUserContext_t user_context; /**< @internal @brief Temporary buffer for CC310 internal storage */ +} nrf_crypto_backend_cc310_sign_context_t; + + +/** @internal @brief Common structure holding context for ECDSA verify. + */ +typedef union +{ + CRYS_ECDSA_VerifyUserContext_t user_context; /**< @internal @brief Temporary buffer for CC310 internal storage */ + CRYS_ECPKI_BUILD_TempData_t key_build_temp_data; /**< @internal @brief Temporary buffer for CC310 public key build */ +} nrf_crypto_backend_cc310_verify_context_t; + + +/** @internal See @ref nrf_crypto_backend_ecdsa_sign_fn_t. + */ +ret_code_t nrf_crypto_backend_cc310_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature); + + +/** @internal See @ref nrf_crypto_backend_ecdsa_verify_fn_t. + */ +ret_code_t nrf_crypto_backend_cc310_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R1) +#define NRF_CRYPTO_BACKEND_SECP160R1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP160R1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp160r1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp160r1_verify_context_t; +#define nrf_crypto_backend_secp160r1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp160r1_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R2) +#define NRF_CRYPTO_BACKEND_SECP160R2_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP160R2_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp160r2_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp160r2_verify_context_t; +#define nrf_crypto_backend_secp160r2_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp160r2_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192R1) +#define NRF_CRYPTO_BACKEND_SECP192R1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP192R1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp192r1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp192r1_verify_context_t; +#define nrf_crypto_backend_secp192r1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp192r1_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224R1) +#define NRF_CRYPTO_BACKEND_SECP224R1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP224R1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp224r1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp224r1_verify_context_t; +#define nrf_crypto_backend_secp224r1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp224r1_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256R1) +#define NRF_CRYPTO_BACKEND_SECP256R1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP256R1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp256r1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp256r1_verify_context_t; +#define nrf_crypto_backend_secp256r1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp256r1_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP384R1) +#define NRF_CRYPTO_BACKEND_SECP384R1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP384R1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp384r1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp384r1_verify_context_t; +#define nrf_crypto_backend_secp384r1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp384r1_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP521R1) +#define NRF_CRYPTO_BACKEND_SECP521R1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP521R1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp521r1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp521r1_verify_context_t; +#define nrf_crypto_backend_secp521r1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp521r1_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP160K1) +#define NRF_CRYPTO_BACKEND_SECP160K1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP160K1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp160k1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp160k1_verify_context_t; +#define nrf_crypto_backend_secp160k1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp160k1_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP192K1) +#define NRF_CRYPTO_BACKEND_SECP192K1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP192K1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp192k1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp192k1_verify_context_t; +#define nrf_crypto_backend_secp192k1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp192k1_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP224K1) +#define NRF_CRYPTO_BACKEND_SECP224K1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP224K1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp224k1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp224k1_verify_context_t; +#define nrf_crypto_backend_secp224k1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp224k1_verify nrf_crypto_backend_cc310_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_ECC_SECP256K1) +#define NRF_CRYPTO_BACKEND_SECP256K1_SIGN_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_sign_context_t) +#define NRF_CRYPTO_BACKEND_SECP256K1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_cc310_verify_context_t) +typedef nrf_crypto_backend_cc310_sign_context_t nrf_crypto_backend_secp256k1_sign_context_t; +typedef nrf_crypto_backend_cc310_verify_context_t nrf_crypto_backend_secp256k1_verify_context_t; +#define nrf_crypto_backend_secp256k1_sign nrf_crypto_backend_cc310_sign +#define nrf_crypto_backend_secp256k1_verify nrf_crypto_backend_cc310_verify +#endif + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#endif // CC310_BACKEND_ECDSA_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hash.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hash.c new file mode 100644 index 0000000..b1f91e1 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hash.c @@ -0,0 +1,311 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include "nrf.h" +#include "cc310_backend_hash.h" +#include "crys_hash.h" +#include "crys_hash_error.h" +#include "nrf_crypto_init.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_hash_shared.h" +#include "sdk_macros.h" +#include "nrf_log.h" +#include "nrf_assert.h" +#include "cc310_backend_mutex.h" +#include "cc310_backend_shared.h" +#include <drivers/nrfx_common.h> + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA256) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA512) + +static ret_code_t hash_result_get(CRYSError_t error) +{ + ret_code_t ret_val; + + switch (error) + { + case CRYS_OK: + ret_val = NRF_SUCCESS; + break; + + case CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NULL; + break; + + case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + case CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED; + break; + + // May be added to specialized errors for hash. + case CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + + case CRYS_HASH_IS_NOT_SUPPORTED: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA256) + +static ret_code_t cc310_backend_hash_sha256_init(void * const p_context) +{ + uint32_t ret_val; + CRYSError_t crys_error; + CRYS_HASH_OperationMode_t hash_mode = CRYS_HASH_SHA256_mode; + + // No parameter testing on this level. + // This has been done on upper level. + + CRYS_HASHUserContext_t * const p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + crys_error = CRYS_HASH_Init(p_backend_context, hash_mode); + + ret_val = hash_result_get(crys_error); + + return ret_val; +} + + +static ret_code_t cc310_backend_hash_sha256_update(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + ret_code_t ret_val; + CRYSError_t crys_error; + bool mutex_locked; + size_t cur_len; + size_t len_left = size; + uint8_t const * p_cur = p_data; + + // Limited parameter testing on this level. + // This has been done on upper level. + + CRYS_HASHUserContext_t * const p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + // Data in flash could lead to silently calculating wrong Hash. + VERIFY_TRUE(nrfx_is_in_ram(p_data), NRF_ERROR_CRYPTO_INPUT_LOCATION); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + // If the input is larger than CC310_MAX_LENGTH_DMA_OPERATIONS, split into smaller + do + { + cur_len = (len_left > CC310_MAX_LENGTH_DMA_OPERATIONS) ? + CC310_MAX_LENGTH_DMA_OPERATIONS : len_left; + + crys_error = CRYS_HASH_Update(p_backend_context, (uint8_t *)p_cur, cur_len); + + len_left -= cur_len; + p_cur += cur_len; + + } while (crys_error == CRYS_OK && len_left > 0); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + ret_val = hash_result_get(crys_error); + + + return ret_val; +} + + +static ret_code_t cc310_backend_hash_sha256_finalize(void * const p_context, + uint8_t * p_digest, + size_t * const p_digest_size) +{ + ret_code_t ret_val; + CRYSError_t crys_error; + bool mutex_locked; + CRYS_HASH_Result_t * p_int_digest = (CRYS_HASH_Result_t *)p_digest; + + // Limited parameter testing on this level. + // This has been done on upper level. + + CRYS_HASHUserContext_t * const p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t * )p_context)->context); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + // Do the hash finalize calculation + cc310_backend_enable(); + + crys_error = CRYS_HASH_Finish(p_backend_context, *p_int_digest); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + ret_val = hash_result_get(crys_error); + if (ret_val == NRF_SUCCESS) + { + *p_digest_size = NRF_CRYPTO_HASH_SIZE_SHA256; + } + + return ret_val; +} + + +const nrf_crypto_hash_info_t g_nrf_crypto_hash_sha256_info = +{ + .init_fn = cc310_backend_hash_sha256_init, + .update_fn = cc310_backend_hash_sha256_update, + .finalize_fn = cc310_backend_hash_sha256_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA256, + .context_size = sizeof(nrf_crypto_backend_hash_sha256_context_t), + .hash_mode = NRF_CRYPTO_HASH_MODE_SHA256 +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA256) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA512) + +// SHA-512 does not use CC310 hardware and therefore will not use a mutex lock + +static ret_code_t cc310_backend_hash_sha512_init(void * p_context) +{ + uint32_t ret_val; + CRYSError_t crys_error; + CRYS_HASH_OperationMode_t hash_mode = CRYS_HASH_SHA512_mode; + + // No parameter testing on this level. + // This has been done on upper level. + + CRYS_HASHUserContext_t * const p_backend_context + = &(((nrf_crypto_backend_hash_sha512_context_t * ) p_context)->context); + + crys_error = CRYS_HASH_Init(p_backend_context, hash_mode); + ret_val = hash_result_get(crys_error); + + return ret_val; +} + + +static ret_code_t cc310_backend_hash_sha512_update(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + ret_code_t ret_val; + CRYSError_t crys_error; + + // Limited parameter testing on this level. + // This has been done on upper level. + + CRYS_HASHUserContext_t * const p_backend_context + = &(((nrf_crypto_backend_hash_sha512_context_t *)p_context)->context); + + // Data in flash could lead to silently calculating wrong Hash. + VERIFY_TRUE(nrfx_is_in_ram(p_data), NRF_ERROR_CRYPTO_INPUT_LOCATION); + + crys_error = CRYS_HASH_Update(p_backend_context, (uint8_t *)p_data, size); + + ret_val = hash_result_get(crys_error); + + return ret_val; +} + + +static ret_code_t cc310_backend_hash_sha512_finalize(void * const p_context, + uint8_t * p_digest, + size_t * const p_digest_size) +{ + ret_code_t ret_val; + CRYSError_t crys_error; + CRYS_HASH_Result_t * p_int_digest = (CRYS_HASH_Result_t *)p_digest; + + // Limited parameter testing on this level. + // This has been done on upper level. + + CRYS_HASHUserContext_t * const p_backend_context + = &(((nrf_crypto_backend_hash_sha512_context_t *) p_context)->context); + + crys_error = CRYS_HASH_Finish(p_backend_context, *p_int_digest); + ret_val = hash_result_get(crys_error); + + if (ret_val == NRF_SUCCESS) + { + *p_digest_size = NRF_CRYPTO_HASH_SIZE_SHA512; + } + + return ret_val; +} + + +const nrf_crypto_hash_info_t g_nrf_crypto_hash_sha512_info = +{ + .init_fn = cc310_backend_hash_sha512_init, + .update_fn = cc310_backend_hash_sha512_update, + .finalize_fn = cc310_backend_hash_sha512_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA512, + .context_size = sizeof(nrf_crypto_backend_hash_sha512_context_t), + .hash_mode = NRF_CRYPTO_HASH_MODE_SHA512 +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA512) + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA256) || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA512) + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && #if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hash.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hash.h new file mode 100644 index 0000000..3da4dd3 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hash.h @@ -0,0 +1,122 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_HASH_H__ +#define CC310_BACKEND_HASH_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_backend_hash nrf_crypto CC310 backend hash + * @{ + * @ingroup nrf_crypto_cc310_backend + * + * @brief Hash functionality provided by the nrf_crypto CC310 backend. + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include "sdk_errors.h" +#include "nrf_crypto_hash_shared.h" +#include "crys_hash.h" + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA256) + +// Flag that nrf_crypto_hash frontend can be compiled +#undef NRF_CRYPTO_HASH_ENABLED +#define NRF_CRYPTO_HASH_ENABLED 1 + +// Flag that SHA-256 is enabled in backend +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HASH_SHA256) +#error "Duplicate definition of SHA-256. More than one backend enabled"); +#endif +#define NRF_CRYPTO_HASH_SHA256_ENABLED 1 + + +/**@internal @brief nrf_crypto_hash context for SHA-256 in nrf_crypto CC310 backend. */ +typedef struct +{ + nrf_crypto_hash_internal_context_t header; /**< Common header for context. */ + CRYS_HASHUserContext_t context; /**< Hash context internal to CC310. */ +} nrf_crypto_backend_hash_sha256_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA256) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA512) + +// Flag that nrf_crypto_hash frontend can be compiled +#undef NRF_CRYPTO_HASH_ENABLED +#define NRF_CRYPTO_HASH_ENABLED 1 + +// Duplicate backend enabled test for SHA-512 +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HASH_SHA512) +#error "Duplicate definition of SHA-512. More than one backend enabled"); +#endif + +// Flag that SHA-512 is enabled in backend +#define NRF_CRYPTO_HASH_SHA512_ENABLED 1 + + +/**@internal @brief nrf_crypto_hash context for SHA-512 in nrf_crypto CC310 backend. */ +typedef struct +{ + nrf_crypto_hash_internal_context_t header; /**< Common header for context. */ + CRYS_HASHUserContext_t context; /**< Hash context internal to CC310. */ +} nrf_crypto_backend_hash_sha512_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HASH_SHA512) + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +/**@} */ + +#endif // CC310_BACKEND_HASH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hmac.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hmac.c new file mode 100644 index 0000000..2e909f9 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hmac.c @@ -0,0 +1,273 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include "sdk_common.h" +#include "nrf_log.h" +#include "nrf_crypto_hmac_shared.h" +#include "cc310_backend_hmac.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" +#include <drivers/nrfx_common.h> +#include "crys_hmac.h" +#include "crys_hmac_defs.h" +#include "crys_hmac_error.h" +#include "crys_hash.h" +#include "cc310_backend_mutex.h" +#include "cc310_backend_shared.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512) + +static ret_code_t result_get(CRYSError_t err_code) +{ + ret_code_t ret_val; + + switch (err_code) + { + case CRYS_OK: + ret_val = NRF_SUCCESS; + break; + + case CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NULL; + break; + + case CRYS_HMAC_USER_CONTEXT_CORRUPTED_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED; + break; + + case CRYS_HMAC_DATA_IN_POINTER_INVALID_ERROR: + case CRYS_HMAC_INVALID_KEY_POINTER_ERROR: + ret_val = NRF_ERROR_CRYPTO_INPUT_NULL; + break; + + case CRYS_HMAC_INVALID_RESULT_BUFFER_POINTER_ERROR: + ret_val = NRF_ERROR_CRYPTO_OUTPUT_NULL; + break; + + case CRYS_HMAC_ILLEGAL_PARAMS_ERROR: + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + break; + + case CRYS_HMAC_UNVALID_KEY_SIZE_ERROR: + case CRYS_HMAC_DATA_SIZE_ILLEGAL: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case CRYS_HMAC_ILLEGAL_OPERATION_MODE_ERROR: + case CRYS_HMAC_LAST_BLOCK_ALREADY_PROCESSED_ERROR: + case CRYS_HMAC_IS_NOT_SUPPORTED: + case CRYS_HMAC_CTX_SIZES_ERROR: + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + return ret_val; +} + + +static ret_code_t cc310_backend_hmac_init(void * const p_context, + uint8_t const * p_key, + size_t key_size) +{ + CRYSError_t err_code; + CRYS_HASH_OperationMode_t hash_mode; + ret_code_t ret_val; + bool mutex_locked; + + + nrf_crypto_backend_cc310_hmac_context_t * p_ctx = + (nrf_crypto_backend_cc310_hmac_context_t *)p_context; + + switch (p_ctx->header.p_info->type) + { + case NRF_CRYPTO_HMAC_SHA256_TYPE: + { + hash_mode = CRYS_HASH_SHA256_mode; + } break; + case NRF_CRYPTO_HMAC_SHA512_TYPE: + { + hash_mode = CRYS_HASH_SHA512_mode; + } break; + default: + { + NRF_LOG_ERROR("Hash algorithm not supported by CC310 backend wrapper"); + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + } + } + + // Key in flash could lead to silently calculating wrong HMAC. + VERIFY_TRUE(nrfx_is_in_ram(p_key), NRF_ERROR_CRYPTO_INPUT_LOCATION); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + err_code = CRYS_HMAC_Init(&p_ctx->crys_context, hash_mode, (uint8_t *)p_key, key_size); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + ret_val = result_get(err_code); + + return ret_val; +} + + +static ret_code_t cc310_backend_hmac_update(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + CRYSError_t err_code; + ret_code_t ret_val; + bool mutex_locked; + size_t cur_len; + size_t len_left = size; + uint8_t const * p_cur = p_data; + + nrf_crypto_backend_cc310_hmac_context_t * p_ctx = + (nrf_crypto_backend_cc310_hmac_context_t *)p_context; + + // Data in flash could lead to silently calculating wrong HMAC. + VERIFY_TRUE(nrfx_is_in_ram(p_data), NRF_ERROR_CRYPTO_INPUT_LOCATION); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + // If the input is larger than CC310_MAX_LENGTH_DMA_OPERATIONS, split into smaller + do + { + cur_len = (len_left > CC310_MAX_LENGTH_DMA_OPERATIONS) ? + CC310_MAX_LENGTH_DMA_OPERATIONS : len_left; + + err_code = CRYS_HMAC_Update(&p_ctx->crys_context, (uint8_t *)p_cur, cur_len); + + len_left -= cur_len; + p_cur += cur_len; + + } while (err_code == CRYS_OK && len_left > 0); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + ret_val = result_get(err_code); + + return ret_val; +} + + +static ret_code_t cc310_backend_hmac_finalize(void * const p_context, + uint8_t * p_digest, + size_t * const p_size) +{ + CRYSError_t err_code; + ret_code_t ret_val; + bool mutex_locked; + + nrf_crypto_backend_cc310_hmac_context_t * p_ctx = + (nrf_crypto_backend_cc310_hmac_context_t *)p_context; + + // Set the digest length to 0 so that this is used in case of any error. + *p_size = 0; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + err_code = CRYS_HMAC_Finish(&p_ctx->crys_context, p_ctx->crys_result); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + ret_val = result_get(err_code); + if (err_code != NRF_SUCCESS) + { + return ret_val; + } + + *p_size = p_ctx->header.p_info->digest_size; + + memcpy(p_digest, p_ctx->crys_result, *p_size); + + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256) + +// Information structure for HMAC SHA256 using CC310 backend. +const nrf_crypto_hmac_info_t g_nrf_crypto_hmac_sha256_info = +{ + .init_fn = cc310_backend_hmac_init, + .update_fn = cc310_backend_hmac_update, + .finalize_fn = cc310_backend_hmac_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA256, + .context_size = sizeof(nrf_crypto_backend_hmac_sha256_context_t), + .type = NRF_CRYPTO_HMAC_SHA256_TYPE, +}; + +#endif // NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256_ENABLED + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512) + +// Information structure for HMAC SHA512 using CC310 backend. +const nrf_crypto_hmac_info_t g_nrf_crypto_hmac_sha512_info = +{ + .init_fn = cc310_backend_hmac_init, + .update_fn = cc310_backend_hmac_update, + .finalize_fn = cc310_backend_hmac_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA512, + .context_size = sizeof(nrf_crypto_backend_hmac_sha512_context_t), + .type = NRF_CRYPTO_HMAC_SHA512_TYPE, +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256) || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hmac.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hmac.h new file mode 100644 index 0000000..ea065f1 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_hmac.h @@ -0,0 +1,123 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_HMAC_H__ +#define CC310_BACKEND_HMAC_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_backend_hmac CC310 backend for HMAC + * @{ + * @ingroup nrf_crypto_cc310_backend + * + * @brief Backend wrapper for CryptoCell (CC310). None of these types should be used directly by the + * application. + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) && \ + ( NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512) ) + +#include "nrf_crypto_hmac_shared.h" +#include "crys_hmac.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#undef NRF_CRYPTO_HMAC_ENABLED +#define NRF_CRYPTO_HMAC_ENABLED 1 + + +/** + * @internal @brief Internal context object used by the CC310 backend wrapper. + * + * @details The same type is used for all variants (hash types). + * + * @note This should never be used directly. Use @ref nrf_crypto_backend_hmac_sha256_context_t or + * @ref nrf_crypto_backend_hmac_sha512_context_t instead. + */ +typedef struct +{ + nrf_crypto_hmac_internal_context_t header; //!< Internal nrf_crypto_hmac context header. + CRYS_HMACUserContext_t crys_context; //!< CC310 context object. + CRYS_HASH_Result_t crys_result; //!< Temporary result buffer needed as CC310 always requires a result buffer of 64 bytes, even when actual result is smaller. +} nrf_crypto_backend_cc310_hmac_context_t; + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HMAC_SHA256) +#error "Duplicate definition of HMAC SHA-256. More than one backend enabled" +#endif // NRF_CRYPTO_HMAC_SHA256_ENABLED +#define NRF_CRYPTO_HMAC_SHA256_ENABLED 1 + +/** + * @internal @brief Context for HMAC SHA256 using CC310 backend. + */ +typedef nrf_crypto_backend_cc310_hmac_context_t nrf_crypto_backend_hmac_sha256_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HMAC_SHA512) +#error "Duplicate definition of HMAC SHA-512. More than one backend enabled" +#endif // NRF_CRYPTO_HMAC_SHA512_ENABLED +#define NRF_CRYPTO_HMAC_SHA512_ENABLED 1 + +/** + * @internal @brief Context for HMAC SHA512 using CC310 backend. + */ +typedef nrf_crypto_backend_cc310_hmac_context_t nrf_crypto_backend_hmac_sha512_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256) + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) && ( NRF_MODULE_ENABLED((NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256) || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512) ) + +/**@} */ + +#endif // CC310_BACKEND_HMAC_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_init.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_init.c new file mode 100644 index 0000000..d930436 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_init.c @@ -0,0 +1,151 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include "nrf.h" +#include "nrf_crypto_init.h" +#include "cc310_backend_shared.h" +#include "sns_silib.h" +#include "cc310_backend_mutex.h" +#include "nrf_crypto_rng.h" + +/**@internal @brief Function to enable CC310 (in HW) + */ +void cc310_backend_enable(void); + + +/**@internal @brief Function to disable CC310 (in HW) + */ +void cc310_backend_disable(void); + +static uint32_t init_result_get(uint32_t crys_error) +{ + uint32_t ret_val = NRF_ERROR_INTERNAL; + switch (crys_error) + { + case CRYS_OK: + ret_val = NRF_SUCCESS; + break; + + default: + ret_val = NRF_ERROR_INTERNAL; + break; + } + + return ret_val; +} + +static ret_code_t cc310_backend_init(void) +{ + uint32_t ret_val; + CRYSError_t crys_error; + + cc310_backend_mutex_init(); + + // Enable the CC310 HW. + NRF_CRYPTOCELL->ENABLE = 1; + + // Initialize the CC310 run-time library + crys_error = SaSi_LibInit(); + + // Shut down CC310 after initialization. + NRF_CRYPTOCELL->ENABLE = 0; + + ret_val = init_result_get(crys_error); + VERIFY_SUCCESS(ret_val); + +#if defined(NRF_CRYPTO_RNG_AUTO_INIT_ENABLED) && (NRF_CRYPTO_RNG_AUTO_INIT_ENABLED == 1) + + ret_val = nrf_crypto_rng_init(NULL, NULL); + VERIFY_SUCCESS(ret_val); + +#elif defined(NRF_CRYPTO_RNG_AUTO_INIT_ENABLED) && (NRF_CRYPTO_RNG_AUTO_INIT_ENABLED == 0) + + // Do nothing + +#else + + #warning NRF_CRYPTO_RNG_AUTO_INIT_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?). + +#endif // NRF_CRYPTO_RNG_AUTO_INIT_ENABLED + + return ret_val; +} + + +static ret_code_t cc310_backend_uninit(void) +{ +#if defined(NRF_CRYPTO_RNG_AUTO_INIT_ENABLED) && (NRF_CRYPTO_RNG_AUTO_INIT_ENABLED == 1) + + uint32_t ret_val; + ret_val = nrf_crypto_rng_init(NULL, NULL); + VERIFY_SUCCESS(ret_val); + +#elif defined(NRF_CRYPTO_RNG_AUTO_INIT_ENABLED) && (NRF_CRYPTO_RNG_AUTO_INIT_ENABLED == 0) + + // Do nothing + +#else + + #warning NRF_CRYPTO_RNG_AUTO_INIT_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?). + +#endif // NRF_CRYPTO_RNG_AUTO_INIT_ENABLED + + // Initialize the CC310 HW to do shutdown. + NRF_CRYPTOCELL->ENABLE = 1; + + SaSi_LibFini(); + + // Shut down CC310 after shutdown. + NRF_CRYPTOCELL->ENABLE = 0; + + return NRF_SUCCESS; +} + + +CRYPTO_BACKEND_REGISTER(nrf_crypto_backend_info_t const cc310_backend) = +{ + .init_fn = cc310_backend_init, + .uninit_fn = cc310_backend_uninit, +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_mutex.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_mutex.c new file mode 100644 index 0000000..f383251 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_mutex.c @@ -0,0 +1,53 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#include <drivers/nrfx_common.h> +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +#include <stdbool.h> +#include "cc310_backend_mutex.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +nrf_mtx_t g_cc310_mutex; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_mutex.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_mutex.h new file mode 100644 index 0000000..3cd6241 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_mutex.h @@ -0,0 +1,111 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_MUTEX_H__ +#define CC310_BACKEND_MUTEX_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_backend_mutex nrf_crypto CC310 backend mutex. + * @{ + * @ingroup nrf_crypto_cc310_backend + * + * @brief Mutex control for the nrf_crypto CC310 backend. + */ + +#include "sdk_config.h" +#include "nrf_mtx.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#ifdef __cplusplus +extern "C" { +#endif + +extern nrf_mtx_t g_cc310_mutex; + +__STATIC_INLINE void cc310_backend_mutex_init(void); +__STATIC_INLINE bool cc310_backend_mutex_trylock(void); +__STATIC_INLINE void cc310_backend_mutex_unlock(void); + +#ifndef SUPPRESS_INLINE_IMPLEMENTATION +/**@internal @brief Function initializing CC310 mutex. + * + * This function _must_ be called before other mutex operations. + */ +__STATIC_INLINE void cc310_backend_mutex_init(void) +{ + nrf_mtx_init(&g_cc310_mutex); +} + +/**@internal @brief Function try to lock a CC310 mutex. + * + * @return true if lock was acquired, false if not. + */ +__STATIC_INLINE bool cc310_backend_mutex_trylock(void) +{ + return nrf_mtx_trylock(&g_cc310_mutex); +} + + +/**@internal @brief Unlock a CC310 mutex. + * + * This function _must_ only be called when holding the lock. Unlocking a mutex which you do not + * hold will give undefined behavior. + * + */ +__STATIC_INLINE void cc310_backend_mutex_unlock(void) +{ + nrf_mtx_unlock(&g_cc310_mutex); +} + +#endif // SUPPRESS_INLINE_IMPLEMENTATION + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +/** @} */ + +#endif // CC310_BACKEND_MUTEX_H__ + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_rng.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_rng.c new file mode 100644 index 0000000..25fd96e --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_rng.c @@ -0,0 +1,272 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_RNG) + +#include "nrf_crypto_error.h" +#include "nrf_log.h" +#include "cc310_backend_mutex.h" +#include "cc310_backend_rng.h" +#include "crys_rnd.h" +#include "crys_rnd_error.h" +#include "cc310_backend_shared.h" + +static ret_code_t result_get(CRYSError_t err_code) +{ + ret_code_t ret_val; + + switch (err_code) + { + case CRYS_OK: + ret_val = NRF_SUCCESS; + break; + + case CRYS_RND_ILLEGAL_PARAMETER_ERROR: + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + break; + + case CRYS_RND_INIT_FAILED: + case CRYS_RND_STARTUP_FAILED: + case CRYS_RND_INSTANTIATION_ERROR: + ret_val = NRF_ERROR_CRYPTO_RNG_INIT_FAILED; + break; + + case CRYS_RND_IS_NOT_SUPPORTED: + case CRYS_RND_CAN_NOT_GENERATE_RAND_IN_RANGE: + case CRYS_RND_TRNG_KAT_NOT_SUPPORTED_ERROR: + case CRYS_RND_SRAM_NOT_SUPPORTED_ERROR: + case CRYS_RND_OPERATION_IS_NOT_SUPPORTED_ERROR: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + case CRYS_RND_DATA_OUT_POINTER_INVALID_ERROR: + case CRYS_RND_VECTOR_OUT_PTR_ERROR: + ret_val = NRF_ERROR_CRYPTO_OUTPUT_NULL; + break; + + case CRYS_RND_ADDITIONAL_INPUT_BUFFER_NULL: + case CRYS_RND_WORK_BUFFER_PTR_INVALID_ERROR: + case CRYS_RND_ILLEGAL_DATA_PTR_ERROR: + ret_val = NRF_ERROR_CRYPTO_INPUT_NULL; + break; + + case CRYS_RND_DATA_SIZE_OVERFLOW_ERROR: + case CRYS_RND_ADDITIONAL_INPUT_SIZE_ERROR: + case CRYS_RND_ILLEGAL_DATA_SIZE_ERROR: + case CRYS_RND_MAX_VECTOR_IS_TOO_SMALL_ERROR: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case CRYS_RND_ILLEGAL_AES_KEY_SIZE_ERROR: + case CRYS_RND_VECTOR_OUT_SIZE_ERROR: + case CRYS_RND_VECTOR_SIZE_ERROR: + ret_val = NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + break; + + case CRYS_RND_CONTEXT_PTR_INVALID_ERROR: + case CRYS_RND_STATE_PTR_INVALID_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NULL; + break; + + case CRYS_RND_INSTANTIATION_NOT_DONE_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED; + break; + + case CRYS_RND_RESEED_COUNTER_OVERFLOW_ERROR: + ret_val = NRF_ERROR_CRYPTO_RNG_RESEED_REQUIRED; + break; + + case CRYS_RND_CPRNG_TEST_FAIL_ERROR: + case CRYS_RND_TRNG_LOSS_SAMPLES_ERROR: + case CRYS_RND_TRNG_TIME_EXCEED_ERROR: + case CRYS_RND_TRNG_LOSS_SAMPLES_AND_TIME_EXCEED_ERROR: + case CRYS_RND_IS_KAT_MODE_ERROR: + case CRYS_RND_STATE_VALIDATION_TAG_ERROR: + case CRYS_RND_GEN_VECTOR_FUNC_ERROR: + case CRYS_RND_TRNG_ERRORS_ERROR: + case CRYS_RND_KAT_DATA_PARAMS_ERROR: + case CRYS_RND_AES_ERROR: + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + return ret_val; +} + + +ret_code_t nrf_crypto_rng_backend_init(void * const p_context, + void * const p_temp_buffer) +{ + bool mutex_locked; + CRYSError_t err_code; + ret_code_t ret_val; + CRYS_RND_WorkBuff_t * p_work_buffer = (CRYS_RND_WorkBuff_t *)p_temp_buffer; + nrf_crypto_backend_rng_context_t * p_ctx = (nrf_crypto_backend_rng_context_t *)p_context; + + // Save time by not reinitializing an already valid CC310 RNG context. + // (Useful for example in case the context was stored in retained memory during system OFF.) + if (p_ctx->header.init_value == NRF_CRYPTO_RNG_CONTEXT_INIT_MAGIC_VALUE) + { + return NRF_SUCCESS; + } + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + err_code = CRYS_RndInit(&p_ctx->crys_rnd_state, p_work_buffer); + ret_val = result_get(err_code); + + cc310_backend_disable(); + + cc310_backend_mutex_unlock(); + + return ret_val; +} + + +ret_code_t nrf_crypto_rng_backend_uninit(void * const p_context) +{ + bool mutex_locked; + CRYSError_t err_code; + ret_code_t ret_val; + CRYS_RND_State_t * p_crys_rnd_state = + &((nrf_crypto_backend_rng_context_t *)p_context)->crys_rnd_state; + + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + err_code = CRYS_RND_UnInstantiation(p_crys_rnd_state); + + cc310_backend_disable(); + + ret_val = result_get(err_code); + + cc310_backend_mutex_unlock(); + + return ret_val; +} + + +ret_code_t nrf_crypto_rng_backend_vector_generate(void * const p_context, + uint8_t * const p_target, + size_t size, + bool use_mutex) +{ + bool mutex_locked; + CRYSError_t err_code; + ret_code_t ret_val; + CRYS_RND_State_t * p_crys_rnd_state = + &((nrf_crypto_backend_rng_context_t *)p_context)->crys_rnd_state; + + if (use_mutex) + { + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + } + + cc310_backend_enable(); + + err_code = CRYS_RND_GenerateVector(p_crys_rnd_state, size, p_target); + + cc310_backend_disable(); + + ret_val = result_get(err_code); + + if (use_mutex) + { + cc310_backend_mutex_unlock(); + } + + return ret_val; +} + + +ret_code_t nrf_crypto_rng_backend_reseed(void * const p_context, + void * p_temp_buffer, + uint8_t * p_input_data, + size_t size) +{ + bool mutex_locked; + CRYSError_t err_code; + ret_code_t ret_val = NRF_SUCCESS; + CRYS_RND_WorkBuff_t * p_work_buffer = (CRYS_RND_WorkBuff_t *)p_temp_buffer; + CRYS_RND_State_t * p_crys_rnd_state = + &((nrf_crypto_backend_rng_context_t *)p_context)->crys_rnd_state; + + VERIFY_TRUE(size <= CRYS_RND_ADDITINAL_INPUT_MAX_SIZE_WORDS, NRF_ERROR_CRYPTO_INPUT_LENGTH); + VERIFY_TRUE((size & 0x3) == 0, NRF_ERROR_CRYPTO_INTERNAL); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_backend_enable(); + + if (size > 0) + { + err_code = CRYS_RND_AddAdditionalInput(p_crys_rnd_state, p_input_data, size); + ret_val = result_get(err_code); + if (ret_val != NRF_SUCCESS) + { + goto exit; + } + } + + err_code = CRYS_RND_Reseeding(p_crys_rnd_state, p_work_buffer); + ret_val = result_get(err_code); + +exit: + cc310_backend_disable(); + cc310_backend_mutex_unlock(); + return ret_val; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_RNG) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_rng.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_rng.h new file mode 100644 index 0000000..ab1806a --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_rng.h @@ -0,0 +1,97 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_RNG_H__ +#define CC310_BACKEND_RNG_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_backend_rng nRF Crypto CC310 RNG backend + * @{ + * @ingroup nrf_crypto_cc310_backend + * + * @brief RNG functionality provided by the nrf_crypto CC310 backend. + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_RNG) + +#include "nrf_crypto_rng_shared.h" +#include "crys_rnd.h" + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_RNG) +#error "More than one RNG backend enabled." +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_RNG) +#define NRF_CRYPTO_RNG_ENABLED 1 + + +/** + * @internal @brief Internal context for CC310 RNG. + */ +typedef struct +{ + nrf_crypto_rng_internal_context_t header; //!< Internal common context header. + CRYS_RND_State_t crys_rnd_state; //!< CC310 RNG context +} nrf_crypto_backend_rng_context_t; + + +/** + * @internal @brief Temporary work buffer needed during initialization of the CC310 backend. + */ +typedef CRYS_RND_WorkBuff_t nrf_crypto_backend_rng_temp_buffer_t; + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_RNG) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +/**@} */ + +#endif // CC310_BACKEND_RNG_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_shared.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_shared.c new file mode 100644 index 0000000..d5f2351 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_shared.c @@ -0,0 +1,115 @@ +/** + * Copyright (c) 2017 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) + +#include "nrf.h" +#include "cc310_backend_shared.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_rng.h" +#include "crys_rnd_error.h" +#include "nrf_crypto_shared.h" +#include "cc310_backend_shared.h" + + +static uint32_t m_use_count = 0; + +void cc310_backend_enable(void) +{ + m_use_count++; + + if (m_use_count == 1) + { + // Enable the CryptoCell hardware + NRF_CRYPTOCELL->ENABLE = 1; + + // Enable the CryptoCell IRQ + NVIC_EnableIRQ(CRYPTOCELL_IRQn); + } +} + +void cc310_backend_disable(void) +{ + m_use_count--; + + // If no more users. Disable HW/IRQ + if (m_use_count == 0) + { + // Disable the CryptoCell hardware + NRF_CRYPTOCELL->ENABLE = 0; + + // Disable the CryptoCell IRQ + NVIC_DisableIRQ(CRYPTOCELL_IRQn); + } +} + + +uint32_t nrf_crypto_backend_cc310_rng(void * p_state, uint16_t size, uint8_t * p_data) +{ +#if defined(NRF_CRYPTO_RNG_ENABLED) && (NRF_CRYPTO_RNG_ENABLED == 1) + + ret_code_t result = nrf_crypto_rng_vector_generate_no_mutex(p_data, (size_t)size); + if (result == NRF_SUCCESS) + { + return CRYS_OK; + } + else if (result == NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED) + { + return CRYS_RND_INSTANTIATION_NOT_DONE_ERROR; + } + else + { + return CRYS_RND_IS_NOT_SUPPORTED; + } + +#elif defined(NRF_CRYPTO_RNG_ENABLED) && (NRF_CRYPTO_RNG_ENABLED == 0) + + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + +#else + + #warning NRF_CRYPTO_RNG_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?). + +#endif // NRF_CRYPTO_RNG_ENABLED +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_shared.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_shared.h new file mode 100644 index 0000000..56fae0e --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310/cc310_backend_shared.h @@ -0,0 +1,87 @@ +/** + * Copyright (c) 2017 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BACKEND_SHARED_H__ +#define CC310_BACKEND_SHARED_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_backend_shared nrf_crypto CC310 backend shared + * @{ + * @ingroup nrf_crypto_cc310_backend + * + * @brief Shared functionality for the nrf_crypto CC310 backend. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/**@internal @brief Macro definition for largest possible input data on CC310 DMA. */ +#define CC310_MAX_LENGTH_DMA_OPERATIONS (0xFFFF) +#define CC310_MAX_LENGTH_DMA_AES_OPERATIONS (0xFFF0) + + +/**@internal @brief Function to enable CC310 (in HW) + */ +void cc310_backend_enable(void); + + +/**@internal @brief Function to disable CC310 (in HW) + */ +void cc310_backend_disable(void); + + +/**@internal @brief Function to pass to CC310 library API as random number generator. It uses + * nrf_crypto libary frontend API to generate random number. + * @param[in,out] p_state Unused. Required by CC310 library API. + * @param[in] size Number of bytes in generated vector. + * @param[out] p_data Place where generated bytes will be written. + */ +uint32_t nrf_crypto_backend_cc310_rng(void * p_state, uint16_t size, uint8_t * p_data); + + +#ifdef __cplusplus +} +#endif + +/**@} */ + +#endif // CC310_BACKEND_SHARED_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecc.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecc.c new file mode 100644 index 0000000..cec2ec7 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecc.c @@ -0,0 +1,165 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include <string.h> + +#include "nrf_crypto_mem.h" +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_shared.h" +#include "cc310_bl_backend_ecc.h" + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN) +#define ENDIAN_MEM_COPY nrf_crypto_internal_swap_endian +#else +#define ENDIAN_MEM_COPY memcpy +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + + +ret_code_t nrf_crypto_backend_secp224r1_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data) +{ + nrf_crypto_backend_secp224r1_public_key_t * p_pub = + (nrf_crypto_backend_secp224r1_public_key_t *)p_public_key; + + ENDIAN_MEM_COPY(&p_pub->public_key.x[0], + &p_raw_data[0], + NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + ENDIAN_MEM_COPY(&p_pub->public_key.y[0], + &p_raw_data[NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE], + NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_secp224r1_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data) +{ + nrf_crypto_backend_secp224r1_public_key_t const * p_pub = + (nrf_crypto_backend_secp224r1_public_key_t const *)p_public_key; + + ENDIAN_MEM_COPY(&p_raw_data[0], + &p_pub->public_key.x[0], + NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + ENDIAN_MEM_COPY(&p_raw_data[NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE], + &p_pub->public_key.y[0], + NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + + return NRF_SUCCESS; +} + + +nrf_crypto_ecc_curve_info_t const g_nrf_crypto_ecc_secp224r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_secp224r1_public_key_t), + .private_key_size = 0, + .curve_type = NRF_CRYPTO_ECC_SECP224R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP224R1_RAW_PUBLIC_KEY_SIZE, +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + + +ret_code_t nrf_crypto_backend_secp256r1_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data) +{ + nrf_crypto_backend_secp256r1_public_key_t * p_pub = + (nrf_crypto_backend_secp256r1_public_key_t *)p_public_key; + + ENDIAN_MEM_COPY(&p_pub->public_key.x[0], + &p_raw_data[0], + NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE); + ENDIAN_MEM_COPY(&p_pub->public_key.y[0], + &p_raw_data[NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE], + NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_secp256r1_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data) +{ + nrf_crypto_backend_secp256r1_public_key_t const * p_pub = + (nrf_crypto_backend_secp256r1_public_key_t const *)p_public_key; + + ENDIAN_MEM_COPY(&p_raw_data[0], + &p_pub->public_key.x[0], + NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE); + ENDIAN_MEM_COPY(&p_raw_data[NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE], + &p_pub->public_key.y[0], + NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE); + + return NRF_SUCCESS; +} + + +nrf_crypto_ecc_curve_info_t const g_nrf_crypto_ecc_secp256r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_secp256r1_public_key_t), + .private_key_size = 0, + .curve_type = NRF_CRYPTO_ECC_SECP256R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PUBLIC_KEY_SIZE, +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecc.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecc.h new file mode 100644 index 0000000..381c642 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecc.h @@ -0,0 +1,155 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BL_BACKEND_ECC_H__ +#define CC310_BL_BACKEND_ECC_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include "nrf_crypto_ecc_shared.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) +#include "nrf_cc310_bl_ecdsa_verify_secp224r1.h" +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) +#include "nrf_cc310_bl_ecdsa_verify_secp256r1.h" +#endif + + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP224R1) +#error "More than one backend enabled for secp224r1 (NIST 224-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP224R1_ENABLED 1 + +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + nrf_cc310_bl_ecc_public_key_secp224r1_t public_key; /**< @internal @brief CC310_BL specific key representation */ +} nrf_crypto_backend_secp224r1_public_key_t; + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_secp224r1_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data); + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_secp224r1_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data); + +// Dummy and empty definitions for unused symbols +#define nrf_crypto_backend_secp224r1_key_pair_generate NULL +#define nrf_crypto_backend_secp224r1_public_key_calculate NULL +#define nrf_crypto_backend_secp224r1_private_key_from_raw NULL +#define nrf_crypto_backend_secp224r1_private_key_to_raw NULL +#define nrf_crypto_backend_secp224r1_private_key_free NULL +#define nrf_crypto_backend_secp224r1_public_key_free NULL + +#define NRF_CRYPTO_BACKEND_SECP224R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP224R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +typedef uint32_t nrf_crypto_backend_secp224r1_private_key_t; +typedef uint32_t nrf_crypto_backend_secp224r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp224r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP256R1) +#error "More than one backend enabled for secp256r1 (NIST 256-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP256R1_ENABLED 1 + +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + nrf_cc310_bl_ecc_public_key_secp256r1_t public_key; /**< @internal @brief CC310_BL specific key representation */ +} nrf_crypto_backend_secp256r1_public_key_t; + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_secp256r1_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data); + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_secp256r1_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data); + +// Dummy and empty definitions for unused symbols +#define nrf_crypto_backend_secp256r1_key_pair_generate NULL +#define nrf_crypto_backend_secp256r1_public_key_calculate NULL +#define nrf_crypto_backend_secp256r1_private_key_from_raw NULL +#define nrf_crypto_backend_secp256r1_private_key_to_raw NULL +#define nrf_crypto_backend_secp256r1_private_key_free NULL +#define nrf_crypto_backend_secp256r1_public_key_free NULL + +#define NRF_CRYPTO_BACKEND_SECP256R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +typedef uint32_t nrf_crypto_backend_secp256r1_private_key_t; +typedef uint32_t nrf_crypto_backend_secp256r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp256r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#endif // CC310_BL_BACKEND_ECC_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdh.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdh.h new file mode 100644 index 0000000..ce52194 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdh.h @@ -0,0 +1,75 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BL_BACKEND_ECDH_H__ +#define CC310_BL_BACKEND_ECDH_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_ecdh_shared.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) +#define nrf_crypto_backend_secp224r1_ecdh_compute NULL +typedef uint32_t nrf_crypto_backend_secp224r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP224R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) +#define nrf_crypto_backend_secp256r1_ecdh_compute NULL +typedef uint32_t nrf_crypto_backend_secp256r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP256R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#endif // CC310_BL_BACKEND_ECDH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.c new file mode 100644 index 0000000..5b99a83 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.c @@ -0,0 +1,267 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include <string.h> +#include "app_util.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_mem.h" +#include "nrf_crypto_shared.h" +#include "cc310_bl_backend_ecdsa.h" +#include "cc310_bl_backend_shared.h" +#include "cc310_backend_mutex.h" +#include "crys_ecpki_error.h" + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + +static ret_code_t crys_error_to_ret_code(CRYSError_t crys_error) +{ + switch (crys_error) + { + case CRYS_OK: + return NRF_SUCCESS; + + case CRYS_ECDSA_VERIFY_INCONSISTENT_VERIFY_ERROR: + return NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE; + + default: + break; + } + + return NRF_ERROR_CRYPTO_INTERNAL; +} + +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + +STATIC_ASSERT(offsetof(nrf_cc310_bl_ecc_signature_secp224r1_t, r) == 0, + "Offset of r in nrf_cc310_bl_ecc_signature_secp224r1_t is unexpected"); +STATIC_ASSERT(offsetof(nrf_cc310_bl_ecc_signature_secp224r1_t, s) == + NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE, + "Offset of s in nrf_cc310_bl_ecc_signature_secp224r1_t is unexpected"); + + +ret_code_t nrf_crypto_backend_secp224r1_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature) +{ + ret_code_t result; + CRYSError_t crys_error; + bool mutex_locked; + + nrf_crypto_backend_secp224r1_verify_context_t * p_ctx = + (nrf_crypto_backend_secp224r1_verify_context_t *)p_context; + + nrf_crypto_backend_secp224r1_public_key_t * p_pub = + (nrf_crypto_backend_secp224r1_public_key_t *)p_public_key; + + p_ctx->user_context.init_val = NRF_CC310_BL_ECDSA_CONTEXT_INITIALIZED; + +#if defined(NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED == 1) + + size_t hash_size = MIN(data_size, NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + uint8_t * p_hash_and_sig_le = + NRF_CRYPTO_ALLOC(hash_size + 2 * NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + + if (p_hash_and_sig_le == NULL) + { + return NRF_ERROR_CRYPTO_ALLOC_FAILED; + } + + nrf_crypto_internal_swap_endian(p_hash_and_sig_le, p_data, hash_size); + + nrf_crypto_internal_double_swap_endian(&p_hash_and_sig_le[hash_size], + p_signature, + NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + + crys_error = nrf_cc310_bl_ecdsa_verify_secp224r1( + &p_ctx->user_context, + &p_pub->public_key, + (nrf_cc310_bl_ecc_signature_secp224r1_t const *)&p_hash_and_sig_le[hash_size], + p_hash_and_sig_le, + hash_size); + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + + NRF_CRYPTO_FREE(p_hash_and_sig_le); + +#elif defined(NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED == 0) + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + + crys_error = nrf_cc310_bl_ecdsa_verify_secp224r1( + &p_ctx->user_context, + &p_pub->public_key, + (nrf_cc310_bl_ecc_signature_secp224r1_t const *)p_signature, + p_data, + data_size); + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + +#else + + #error NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED define not found in sdk_config.h Inalid sdk_config.h! + +#endif + + result = crys_error_to_ret_code(crys_error); + + return result; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + + +STATIC_ASSERT(offsetof(nrf_cc310_bl_ecc_signature_secp256r1_t, r) == 0, + "Offset of r in nrf_cc310_bl_ecc_signature_secp256r1_t is unexpected"); + +STATIC_ASSERT(offsetof(nrf_cc310_bl_ecc_signature_secp256r1_t, s) == + NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE, + "Offset of s in nrf_cc310_bl_ecc_signature_secp256r1_t is unexpected"); + + +ret_code_t nrf_crypto_backend_secp256r1_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature) +{ + ret_code_t result; + CRYSError_t crys_error; + bool mutex_locked; + + + nrf_crypto_backend_secp256r1_verify_context_t * p_ctx = + (nrf_crypto_backend_secp256r1_verify_context_t *)p_context; + + nrf_crypto_backend_secp256r1_public_key_t * p_pub = + (nrf_crypto_backend_secp256r1_public_key_t *)p_public_key; + + p_ctx->user_context.init_val = NRF_CC310_BL_ECDSA_CONTEXT_INITIALIZED; + +#if defined(NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED == 1) + + uint8_t hash_le[NRF_CRYPTO_HASH_SIZE_SHA256]; + uint8_t signature_le[NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE * 2]; + size_t hash_size = MIN(data_size, NRF_CRYPTO_HASH_SIZE_SHA256); + + nrf_crypto_internal_swap_endian(hash_le, p_data, hash_size); + + nrf_crypto_internal_double_swap_endian(signature_le, + p_signature, + NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE); + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + + crys_error = nrf_cc310_bl_ecdsa_verify_secp256r1( + &p_ctx->user_context, + &p_pub->public_key, + (nrf_cc310_bl_ecc_signature_secp256r1_t const *)signature_le, + hash_le, + hash_size); + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + +#elif defined(NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED == 0) + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + + crys_error = nrf_cc310_bl_ecdsa_verify_secp256r1( + &p_ctx->user_context, + &p_pub->public_key, + (nrf_cc310_bl_ecc_signature_secp256r1_t const *)p_signature, + p_data, + data_size); + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + +#else + + #error NRF_CRYPTO_BACKEND_CC310_BL_ECC_LITTLE_ENDIAN_ENABLED define not found in sdk_config.h. Invalid sdk_config.file! + +#endif + + result = crys_error_to_ret_code(crys_error); + + return result; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.h new file mode 100644 index 0000000..f75a035 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_ecdsa.h @@ -0,0 +1,124 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BL_BACKEND_ECDSA_H__ +#define CC310_BL_BACKEND_ECDSA_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include "nrf_crypto_ecc_shared.h" +#include "nrf_crypto_ecdsa_shared.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) +#include "nrf_cc310_bl_ecdsa_verify_secp224r1.h" +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) +#include "nrf_cc310_bl_ecdsa_verify_secp256r1.h" +#endif + + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + +/** @internal @brief Common structure holding context for ECDSA verify. + */ +typedef struct +{ + nrf_cc310_bl_ecdsa_verify_context_secp224r1_t user_context; /**< @internal @brief Temporary buffer for CC310_BL internal storage */ +} nrf_crypto_backend_secp224r1_verify_context_t; + +#define NRF_CRYPTO_BACKEND_SECP224R1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_secp224r1_verify_context_t) + +ret_code_t nrf_crypto_backend_secp224r1_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature); + +// Dummy and empty definitions for unused symbols +#define NRF_CRYPTO_BACKEND_SECP224R1_SIGN_CONTEXT_SIZE 0 +typedef uint32_t nrf_crypto_backend_secp224r1_sign_context_t; +#define nrf_crypto_backend_secp224r1_sign NULL + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + +/** @internal @brief Common structure holding context for ECDSA verify. + */ +typedef struct +{ + nrf_cc310_bl_ecdsa_verify_context_secp256r1_t user_context; /**< @internal @brief Temporary buffer for CC310_BL internal storage */ +} nrf_crypto_backend_secp256r1_verify_context_t; + +#define NRF_CRYPTO_BACKEND_SECP256R1_VERIFY_CONTEXT_SIZE \ + sizeof(nrf_crypto_backend_secp256r1_verify_context_t) + +ret_code_t nrf_crypto_backend_secp256r1_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature); + +// Dummy and empty definitions for unused symbols +#define NRF_CRYPTO_BACKEND_SECP256R1_SIGN_CONTEXT_SIZE 0 +typedef uint32_t nrf_crypto_backend_secp256r1_sign_context_t; +#define nrf_crypto_backend_secp256r1_sign NULL + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#endif // CC310_BL_BACKEND_ECDSA_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_hash.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_hash.c new file mode 100644 index 0000000..59010f5 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_hash.c @@ -0,0 +1,281 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include "nrf.h" +#include "cc310_bl_backend_hash.h" +#include "cc310_bl_backend_shared.h" +#include "cc310_backend_mutex.h" +#include "cc310_backend_shared.h" +#include "nrf_cc310_bl_hash_sha256.h" +#include "crys_hash_error.h" +#include "nrf_crypto_init.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_shared.h" +#include "nrf_crypto_hash_shared.h" +#include "sdk_macros.h" +#include "nrf_log.h" +#include "nrf_assert.h" +#include <drivers/nrfx_common.h> + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER) + +__ALIGN(4) static uint8_t m_hash_buffer[NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_SIZE]; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER) + + +static ret_code_t hash_result_get(CRYSError_t error) +{ + ret_code_t ret_val; + + switch (error) + { + case CRYS_OK: + ret_val = NRF_SUCCESS; + break; + + case CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NULL; + break; + + case CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + case CRYS_HASH_USER_CONTEXT_CORRUPTED_ERROR: + ret_val = NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED; + break; + + // May be added to specialized errors for hash. + case CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + + case CRYS_HASH_IS_NOT_SUPPORTED: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + + return ret_val; +} + + +static ret_code_t cc310_bl_backend_hash_sha256_init(void * const p_context) +{ + uint32_t ret_val; + CRYSError_t crys_error; + + // Limited parameter testing on this level. + // This has been done on upper level. + + nrf_cc310_bl_hash_context_sha256_t * const p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + crys_error = nrf_cc310_bl_hash_sha256_init(p_backend_context); + + ret_val = hash_result_get(crys_error); + + return ret_val; +} + + +static uint32_t cc310_bl_backend_hash_sha256_update(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + ret_code_t ret_val; + CRYSError_t crys_error; + uint32_t cur_size; + uint32_t size_left; + uint8_t * p_cur; + bool mutex_locked; + + // Limited parameter testing on this level. + // This has been done on upper level. + + nrf_cc310_bl_hash_context_sha256_t * const p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + p_cur = (uint8_t *)p_data; + size_left = size; + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + +#if defined (NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_ENABLED == 1) + + do + { + // Copy a block from FLASH to RAM for use in CC310 + cur_size = (size_left > NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_SIZE) ? + NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_SIZE : size_left; + + // Copy from FLASH to ram + memcpy(m_hash_buffer, p_cur, cur_size); + + // Update the hash with current input. + crys_error = nrf_cc310_bl_hash_sha256_update(p_backend_context, m_hash_buffer, cur_size); + + size_left -= cur_size; + p_cur += cur_size; + + } while(crys_error == SASI_OK && size_left > 0); + +#elif defined(NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_ENABLED == 0) + + // Verify that the data is in RAM (required for CC310 hashing) + VERIFY_TRUE(nrfx_is_in_ram(p_data), NRF_ERROR_CRYPTO_INPUT_LOCATION); + + do + { + // Get the largest block that can sent to the CC310 through DMA + cur_size = (size_left > CC310_MAX_LENGTH_DMA_OPERATIONS) ? + CC310_MAX_LENGTH_DMA_OPERATIONS : size_left; + + crys_error = nrf_cc310_bl_hash_sha256_update(p_backend_context, p_cur, cur_size); + + size_left -= cur_size; + p_cur += cur_size; + } while(crys_error == SASI_OK && size_left > 0); + +#else + + UNUSED_PARAMETER(p_backend_context); + UNUSED_PARAMETER(cur_size); + UNUSED_PARAMETER(size_left); + UNUSED_PARAMETER(p_cur); + + #warning NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?). + +#endif + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + + ret_val = hash_result_get(crys_error); + + return ret_val; +} + + +static uint32_t cc310_bl_backend_hash_sha256_finalize(void * const p_context, + uint8_t * p_digest, + size_t * const p_digest_size) +{ + ret_code_t ret_val; + CRYSError_t crys_error; + bool mutex_locked; + + // Limited parameter testing on this level. + // This has been done on upper level. + + nrf_cc310_bl_hash_context_sha256_t * const p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t * )p_context)->context); + + nrf_cc310_bl_hash_digest_sha256_t * p_int_digest + = (nrf_cc310_bl_hash_digest_sha256_t *)p_digest; + + if (NRF_CRYPTO_HASH_SIZE_SHA256 > *p_digest_size) + { + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + mutex_locked = cc310_backend_mutex_trylock(); + VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY); + + cc310_bl_backend_enable(); + + // Do the hash finalize calculation + crys_error = nrf_cc310_bl_hash_sha256_finalize(p_backend_context, p_int_digest); + + cc310_bl_backend_disable(); + + cc310_backend_mutex_unlock(); + + ret_val = hash_result_get(crys_error); + + if (ret_val == NRF_SUCCESS) + { + *p_digest_size = NRF_CRYPTO_HASH_SIZE_SHA256; + } + +#if defined(NRF_CRYPTO_BACKEND_CC310_BL_HASH_LITTLE_ENDIAN_DIGEST_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_HASH_LITTLE_ENDIAN_DIGEST_ENABLED == 1) + + nrf_crypto_internal_swap_endian_in_place(p_digest, NRF_CRYPTO_HASH_SIZE_SHA256); + +#elif defined(NRF_CRYPTO_BACKEND_CC310_BL_HASH_LITTLE_ENDIAN_DIGEST_ENABLED) && (NRF_CRYPTO_BACKEND_CC310_BL_HASH_LITTLE_ENDIAN_DIGEST_ENABLED == 0) + + // Do nothing + +#else + + #warning NRF_CRYPTO_BACKEND_CC310_BL_HASH_LITTLE_ENDIAN_DIGEST_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?). + +#endif + + return ret_val; +} + +const nrf_crypto_hash_info_t g_nrf_crypto_hash_sha256_info = +{ + .init_fn = cc310_bl_backend_hash_sha256_init, + .update_fn = cc310_bl_backend_hash_sha256_update, + .finalize_fn = cc310_bl_backend_hash_sha256_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA256, + .hash_mode = NRF_CRYPTO_HASH_MODE_SHA256 +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256) + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && #if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_hash.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_hash.h new file mode 100644 index 0000000..6882c04 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_hash.h @@ -0,0 +1,97 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BL_BACKEND_HASH_H__ +#define CC310_BL_BACKEND_HASH_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_bl_backend_hash nrf_crypto CC310_BL backend hash + * @{ + * @ingroup nrf_crypto_cc310_bl_backend + * + * @brief Hash functionality provided by the nrf_crypto CC310_BL backend. + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include "sdk_errors.h" +#include "nrf_crypto_hash_shared.h" +#include "nrf_cc310_bl_hash_sha256.h" + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256) + +// Flag that nrf_crypto_hash frontend can be compiled +#undef NRF_CRYPTO_HASH_ENABLED +#define NRF_CRYPTO_HASH_ENABLED 1 + +// Flag that SHA-256 is enabled in backend +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HASH_SHA256) +#error "Duplicate definition of SHA-256. More than one backend enabled"); +#endif +#define NRF_CRYPTO_HASH_SHA256_ENABLED 1 + + +/**@internal @brief nrf_crypto_hash context for SHA-256 in nrf_crypto CC310_BL backend. */ +typedef struct +{ + nrf_crypto_hash_internal_context_t header; /**< Common header for context. */ + nrf_cc310_bl_hash_context_sha256_t context; /**< Hash context internal to CC310_BL. */ +} nrf_crypto_backend_hash_sha256_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256) + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +/**@} */ + +#endif // CC310_BL_BACKEND_HASH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_init.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_init.c new file mode 100644 index 0000000..38f440c --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_init.c @@ -0,0 +1,115 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include "nrf.h" +#include "nrf_crypto_init.h" +#include "nrf_crypto_error.h" + +#include "cc310_bl_backend_shared.h" +#include "cc310_backend_mutex.h" +#include "sns_silib.h" +#include "nrf_cc310_bl_init.h" + +/**@brief Mutex to ensure single access to nrf_cc310_bl resources */ +nrf_mtx_t g_cc310_mutex; + +static uint32_t init_result_get(uint32_t crys_error) +{ + uint32_t ret_val = NRF_ERROR_INTERNAL; + switch (crys_error) + { + case SA_SILIB_RET_OK: + ret_val = NRF_SUCCESS; + break; + + case SA_SILIB_RET_EINVAL_HW_VERSION: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + default: + ret_val = NRF_ERROR_INTERNAL; + break; + } + + return ret_val; +} + + +static ret_code_t cc310_bl_backend_init(void) +{ + uint32_t ret_val; + CRYSError_t crys_error; + + cc310_backend_mutex_init(); + + // Enable the CC310 HW. + NRF_CRYPTOCELL->ENABLE = 1; + + // Initialize the CC310_BL run-time library + crys_error = nrf_cc310_bl_init(); + + // Disable the CC310 HW after initialization. + NRF_CRYPTOCELL->ENABLE = 0; + + ret_val = init_result_get(crys_error); + + return ret_val; +} + + +static ret_code_t cc310_bl_backend_uninit(void) +{ + // Disable the CC310 HW. + NRF_CRYPTOCELL->ENABLE = 0; + + return NRF_SUCCESS; +} + + +CRYPTO_BACKEND_REGISTER(nrf_crypto_backend_info_t const cc310_bl_backend) = +{ + .init_fn = cc310_bl_backend_init, + .uninit_fn = cc310_bl_backend_uninit +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_shared.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_shared.c new file mode 100644 index 0000000..520a116 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_shared.c @@ -0,0 +1,68 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include "nrf.h" +#include "cc310_bl_backend_shared.h" +#include "nrf_crypto_error.h" + + +void cc310_bl_backend_enable(void) +{ + // Enable the cryptocell hardware + NRF_CRYPTOCELL->ENABLE = 1; + + // Enable the CryptoCell IRQ + NVIC_EnableIRQ(CRYPTOCELL_IRQn); +} + + +void cc310_bl_backend_disable(void) +{ + // Enable the cryptocell hardware + NRF_CRYPTOCELL->ENABLE = 0; + + // Disable the CryptoCell IRQ + NVIC_DisableIRQ(CRYPTOCELL_IRQn); +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_shared.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_shared.h new file mode 100644 index 0000000..db7c933 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cc310_bl/cc310_bl_backend_shared.h @@ -0,0 +1,83 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CC310_BL_BACKEND_SHARED_H__ +#define CC310_BL_BACKEND_SHARED_H__ + +/** @file + * + * @defgroup nrf_crypto_cc310_bl_backend_shared nrf_crypto CC310_BL backend shared + * @{ + * @ingroup nrf_crypto_cc310_bl_backend + * + * @brief Shared functionality for the nrf_crypto CC310_BL backend. + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +#include "sdk_errors.h" +#include "nrf_crypto_hash_shared.h" + +#ifdef __cplusplus +extern "C" { +#endif + + +/**@internal @brief Function to enable CC310 (in HW) + */ +void cc310_bl_backend_enable(void); + + +/**@internal @brief Function to disable CC310 (in HW) + */ +void cc310_bl_backend_disable(void); + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CC310_BL) + +/**@} */ + +#endif // CC310_BL_BACKEND_SHARED_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cifra/cifra_backend_aes_aead.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cifra/cifra_backend_aes_aead.c new file mode 100644 index 0000000..23b3cb6 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cifra/cifra_backend_aes_aead.c @@ -0,0 +1,205 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +#include <stdbool.h> +#include "cifra_backend_aes_aead.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_CIFRA_AES_AEAD) + +/**@internal @brief Type declaration of a template matching all possible context sizes + * for this backend. + */ +typedef struct +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ + cf_aes_context context; +} nrf_crypto_backend_cifra_aes_aead_context_t; + + +static ret_code_t result_get(int error) +{ + switch (error) + { + case 0: + return NRF_SUCCESS; + + case 1: + return NRF_ERROR_CRYPTO_AEAD_INVALID_MAC; + + default: + return NRF_ERROR_CRYPTO_INTERNAL; + } +} + +static ret_code_t backend_cifra_init(void * const p_context, uint8_t * p_key) +{ + nrf_crypto_backend_cifra_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_cifra_aes_aead_context_t *)p_context; + + if ((p_ctx->header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_128) && + (p_ctx->header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_192) && + (p_ctx->header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_256)) + { + return NRF_ERROR_CRYPTO_KEY_SIZE; + } + + VERIFY_TRUE((p_ctx->header.p_info->mode == NRF_CRYPTO_AEAD_MODE_AES_EAX), + NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE); + + cf_aes_init(&p_ctx->context, + p_key, + (p_ctx->header.p_info->key_size)>>3); // >>3: changes bits to bytes + + return NRF_SUCCESS; +} + + +static ret_code_t backend_cifra_uninit(void * const p_context) +{ + nrf_crypto_backend_cifra_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_cifra_aes_aead_context_t *)p_context; + + cf_aes_finish(&p_ctx->context); + + return NRF_SUCCESS; +} + +static ret_code_t backend_cifra_crypt(void * const p_context, + nrf_crypto_operation_t operation, + uint8_t * p_nonce, + uint8_t nonce_size, + uint8_t * p_adata, + size_t adata_size, + uint8_t * p_data_in, + size_t data_in_size, + uint8_t * p_data_out, + uint8_t * p_mac, + uint8_t mac_size) +{ + + int result; + ret_code_t ret_val; + + nrf_crypto_backend_cifra_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_cifra_aes_aead_context_t *)p_context; + + ret_val = NRF_SUCCESS; + + /* EAX mode allows following mac size: [1 ... 16] */ + if ((mac_size < 1) || (mac_size > NRF_CRYPTO_AES_BLOCK_SIZE)) + { + return NRF_ERROR_CRYPTO_AEAD_MAC_SIZE; + } + + if (operation == NRF_CRYPTO_ENCRYPT) + { + cf_eax_encrypt(&cf_aes, + &p_ctx->context, + p_data_in, + data_in_size, + p_adata, + adata_size, + p_nonce, + (size_t)nonce_size, + p_data_out, + p_mac, + mac_size); + } + else if (operation == NRF_CRYPTO_DECRYPT) + { + result = cf_eax_decrypt(&cf_aes, + &p_ctx->context, + p_data_in, + data_in_size, + p_adata, + adata_size, + p_nonce, + (size_t)nonce_size, + p_mac, + mac_size, + p_data_out); + ret_val = result_get(result); + } + else + { + return NRF_ERROR_CRYPTO_INVALID_PARAM; + } + + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CIFRA_AES_EAX) +nrf_crypto_aead_info_t const g_nrf_crypto_aes_eax_128_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .mode = NRF_CRYPTO_AEAD_MODE_AES_EAX, + + .init_fn = backend_cifra_init, + .uninit_fn = backend_cifra_uninit, + .crypt_fn = backend_cifra_crypt +}; + +nrf_crypto_aead_info_t const g_nrf_crypto_aes_eax_192_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .mode = NRF_CRYPTO_AEAD_MODE_AES_EAX, + + .init_fn = backend_cifra_init, + .uninit_fn = backend_cifra_uninit, + .crypt_fn = backend_cifra_crypt +}; + +nrf_crypto_aead_info_t const g_nrf_crypto_aes_eax_256_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .mode = NRF_CRYPTO_AEAD_MODE_AES_EAX, + + .init_fn = backend_cifra_init, + .uninit_fn = backend_cifra_uninit, + .crypt_fn = backend_cifra_crypt +}; +#endif + +#endif // MODULE_ENABLED(NRF_CRYPTO_AES_CCM_BACKEND_MBEDTLS) +#endif // MODULE_ENABLED(NRF_CRYPTO) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cifra/cifra_backend_aes_aead.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cifra/cifra_backend_aes_aead.h new file mode 100644 index 0000000..d0575ac --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/cifra/cifra_backend_aes_aead.h @@ -0,0 +1,98 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CIFRA_BACKEND_AES_AEAD_H__ +#define CIFRA_BACKEND_AES_AEAD_H__ + +/** @file + * + * @defgroup nrf_crypto_cifra_backend_aes_aead nrf_crypto Cifra backend AES AEAD + * @{ + * @ingroup nrf_crypto_cifra_backend + * + * @brief AES AEAD functionality provided by the nrf_crypto Cifra backend. + */ + +#include "sdk_config.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CIFRA) + +#include "modes.h" +#include "cifra_eax_aes.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_aead_shared.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* AES EAX */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CIFRA_AES_EAX) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_EAX) +#error "Duplicate definition of AES EAX mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_EAX_ENABLED 1 +#undef NRF_CRYPTO_AEAD_ENABLED +#define NRF_CRYPTO_AEAD_ENABLED 1 // Flag that nrf_crypto_aes_aead frontend can be compiled +#undef NRF_CRYPTO_CIFRA_AES_AEAD_ENABLED +#define NRF_CRYPTO_CIFRA_AES_AEAD_ENABLED 1 // aes_aead backend cifra can be compiled + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_EAX_128_ENABLED 1 +#define NRF_CRYPTO_AES_EAX_192_ENABLED 1 +#define NRF_CRYPTO_AES_EAX_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ + cf_aes_context context; /**< AES EAX context internal to Cifra. */ +} nrf_crypto_backend_aes_eax_context_t; +#endif + +#ifdef __cplusplus +} +#endif +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_CIFRA) + +/** @} */ + +#endif // CIFRA_BACKEND_AES_AEAD_H__ + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.c new file mode 100644 index 0000000..9433471 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.c @@ -0,0 +1,1213 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +/*lint -save -e????*/ +#include "mbedtls/md.h" +#include "mbedtls/aes.h" +#include "mbedtls/cipher.h" +/*lint -restore*/ +#include "nrf_crypto_error.h" +#include "mbedtls_backend_aes.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_MBEDTLS_AES) + +/* macro changing bits to bytes */ +#define BITS_TO_BYTES(bits) ((bits)>>3) +#define BACKEND_ERROR_CHECK(error) \ + do { \ + if ((error) != 0) \ + { \ + return result_get((error)); \ + } \ + } while (0); + +/**@internal @brief Type declarations of templates matching all possible context sizes + * for this backend. + */ +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + nrf_crypto_backend_aes_ctx_t backend; /**< Backend-specific internal context. */ + uint32_t context[1]; /**< AES context internal to mbed TLS. */ +} nrf_crypto_backend_mbedtls_aes_any_context_t; + +/**@internal @brief Type declarations of templates matching all possible context sizes + * for this backend. + */ +typedef union +{ + nrf_crypto_backend_mbedtls_aes_any_context_t any; /**< Common for all contexts. */ + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + nrf_crypto_backend_aes_ecb_context_t ecb; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + nrf_crypto_backend_aes_cbc_context_t cbc; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + nrf_crypto_backend_aes_ctr_context_t ctr; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + nrf_crypto_backend_aes_cfb_context_t cfb; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + nrf_crypto_backend_aes_cbc_mac_context_t cbc_mac; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + nrf_crypto_backend_aes_cmac_context_t cmac; +#endif +} nrf_crypto_backend_mbedtls_aes_context_t; + + +static ret_code_t result_get(int error) +{ + ret_code_t ret_val; + switch (error) + { + case 0: + ret_val = NRF_SUCCESS; + break; + + case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case MBEDTLS_ERR_CIPHER_ALLOC_FAILED: + ret_val = NRF_ERROR_CRYPTO_ALLOC_FAILED; + break; + + case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + + case MBEDTLS_ERR_MD_BAD_INPUT_DATA: + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + break; + + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) +static ret_code_t backend_cmac_init(nrf_crypto_backend_aes_cmac_context_t * const p_cmac_ctx) +{ + int error; + + mbedtls_cipher_type_t cipher_type; + mbedtls_cipher_info_t const * p_cipher_info; + + mbedtls_cipher_init(&p_cmac_ctx->context); + + switch (p_cmac_ctx->header.p_info->key_size) + { + case NRF_CRYPTO_KEY_SIZE_128: + cipher_type = MBEDTLS_CIPHER_AES_128_ECB; + break; + + case NRF_CRYPTO_KEY_SIZE_192: + cipher_type = MBEDTLS_CIPHER_AES_192_ECB; + break; + + case NRF_CRYPTO_KEY_SIZE_256: + cipher_type = MBEDTLS_CIPHER_AES_256_ECB; + break; + + default: + return NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED; + } + + p_cipher_info = mbedtls_cipher_info_from_type(cipher_type); + + if (p_cipher_info == NULL) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + error = mbedtls_cipher_setup(&p_cmac_ctx->context, p_cipher_info); + BACKEND_ERROR_CHECK(error); + + return NRF_SUCCESS; +} +#endif + +static ret_code_t backend_mbedtls_init(void * const p_context, nrf_crypto_operation_t operation) +{ + ret_code_t ret_val = NRF_SUCCESS; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + switch (p_ctx->any.header.p_info->key_size) + { + case NRF_CRYPTO_KEY_SIZE_128: + case NRF_CRYPTO_KEY_SIZE_192: + case NRF_CRYPTO_KEY_SIZE_256: + break; + + default: + return NRF_ERROR_CRYPTO_KEY_SIZE; + } + + switch (p_ctx->any.header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + case NRF_CRYPTO_AES_MODE_CBC: + case NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7: + VERIFY_FALSE(((operation != NRF_CRYPTO_ENCRYPT) && (operation != NRF_CRYPTO_DECRYPT)), + NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->cbc.backend, 0, sizeof(p_ctx->cbc.backend)); + + mbedtls_aes_init(&p_ctx->cbc.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + case NRF_CRYPTO_AES_MODE_CTR: + VERIFY_FALSE(((operation != NRF_CRYPTO_ENCRYPT) && (operation != NRF_CRYPTO_DECRYPT)), + NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->ctr.backend, 0, sizeof(p_ctx->ctr.backend)); + + mbedtls_aes_init(&p_ctx->ctr.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + case NRF_CRYPTO_AES_MODE_CFB: + VERIFY_FALSE(((operation != NRF_CRYPTO_ENCRYPT) && (operation != NRF_CRYPTO_DECRYPT)), + NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->cfb.backend, 0, sizeof(p_ctx->cfb.backend)); + + mbedtls_aes_init(&p_ctx->cfb.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + case NRF_CRYPTO_AES_MODE_ECB: + case NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7: + VERIFY_FALSE(((operation != NRF_CRYPTO_ENCRYPT) && (operation != NRF_CRYPTO_DECRYPT)), + NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->ecb.backend, 0, sizeof(p_ctx->ecb.backend)); + + mbedtls_aes_init(&p_ctx->ecb.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + case NRF_CRYPTO_AES_MODE_CBC_MAC: + case NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7: + VERIFY_TRUE((operation == NRF_CRYPTO_MAC_CALCULATE), NRF_ERROR_CRYPTO_INVALID_PARAM); + memset(&p_ctx->cbc_mac.backend, 0, sizeof(p_ctx->cbc_mac.backend)); + + mbedtls_aes_init(&p_ctx->cbc_mac.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + case NRF_CRYPTO_AES_MODE_CMAC: + VERIFY_TRUE((operation == NRF_CRYPTO_MAC_CALCULATE), NRF_ERROR_CRYPTO_INVALID_PARAM); + + ret_val = backend_cmac_init(&p_ctx->cmac); + break; +#endif + default: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + } + + p_ctx->any.backend.operation = operation; + + return ret_val; +} + +static ret_code_t backend_mbedtls_uninit(void * const p_context) +{ + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + switch (p_ctx->any.header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + case NRF_CRYPTO_AES_MODE_CBC: + case NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7: + mbedtls_aes_free(&p_ctx->cbc.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + case NRF_CRYPTO_AES_MODE_CTR: + mbedtls_aes_free(&p_ctx->ctr.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + case NRF_CRYPTO_AES_MODE_CFB: + mbedtls_aes_free(&p_ctx->cfb.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + case NRF_CRYPTO_AES_MODE_ECB: + case NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7: + mbedtls_aes_free(&p_ctx->ecb.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + case NRF_CRYPTO_AES_MODE_CBC_MAC: + case NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7: + mbedtls_aes_free(&p_ctx->cbc_mac.context); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + case NRF_CRYPTO_AES_MODE_CMAC: + mbedtls_cipher_free(&p_ctx->cmac.context); + break; +#endif + + default: + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + } + + return NRF_SUCCESS; +} + +static ret_code_t backend_mbedtls_key_set(void * const p_context, uint8_t * p_key) +{ + int error; + ret_code_t ret_val; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + switch (p_ctx->any.header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + case NRF_CRYPTO_AES_MODE_CBC: + case NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7: + if (p_ctx->cbc.backend.operation == NRF_CRYPTO_ENCRYPT) + { + error = mbedtls_aes_setkey_enc(&p_ctx->cbc.context, + (uint8_t const *)p_key, + p_ctx->cbc.header.p_info->key_size); + } + else + { + error = mbedtls_aes_setkey_dec(&p_ctx->cbc.context, + (uint8_t const *)p_key, + p_ctx->cbc.header.p_info->key_size); + } + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + case NRF_CRYPTO_AES_MODE_CTR: + /* Due to the nature of CFB / CTR, you should use the same key schedule for both + encryption and decryption.*/ + error = mbedtls_aes_setkey_enc(&p_ctx->ctr.context, + (uint8_t const *)p_key, + p_ctx->ctr.header.p_info->key_size); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + case NRF_CRYPTO_AES_MODE_CFB: + /* Due to the nature of CFB / CTR, you should use the same key schedule for both + encryption and decryption.*/ + error = mbedtls_aes_setkey_enc(&p_ctx->cfb.context, + (uint8_t const *)p_key, + p_ctx->cfb.header.p_info->key_size); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + case NRF_CRYPTO_AES_MODE_ECB: + case NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7: + if (p_ctx->ecb.backend.operation == NRF_CRYPTO_ENCRYPT) + { + error = mbedtls_aes_setkey_enc(&p_ctx->ecb.context, + (uint8_t const *)p_key, + p_ctx->ecb.header.p_info->key_size); + } + else + { + error = mbedtls_aes_setkey_dec(&p_ctx->ecb.context, + (uint8_t const *)p_key, + p_ctx->ecb.header.p_info->key_size); + } + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + case NRF_CRYPTO_AES_MODE_CBC_MAC: + case NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7: + error = mbedtls_aes_setkey_enc(&p_ctx->cbc_mac.context, + (uint8_t const *)p_key, + p_ctx->cbc_mac.header.p_info->key_size); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + case NRF_CRYPTO_AES_MODE_CMAC: + error = mbedtls_cipher_cmac_starts(&p_ctx->cmac.context, + p_key, + p_ctx->cmac.header.p_info->key_size); + break; +#endif + + default: + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + } + + ret_val = result_get(error); + + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) +static ret_code_t backend_mbedtls_iv_set(void * const p_context, uint8_t * p_iv) +{ + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + memcpy(&p_ctx->any.backend.iv[0], p_iv, sizeof(p_ctx->any.backend.iv)); + + return NRF_SUCCESS; +} + +static ret_code_t backend_mbedtls_iv_get(void * const p_context, uint8_t * p_iv) +{ + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + memcpy(p_iv, p_ctx->any.backend.iv, sizeof(p_ctx->any.backend.iv)); + + return NRF_SUCCESS; +} +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) +/* Function extending mbedtls_aes_crypt_ecb functionality. It allows to process more than 1 + data block. It is returning MBEDTLS error type. */ +static int backend_mbedtls_ecb_crypt(nrf_crypto_backend_aes_ecb_context_t * const p_ctx, + uint8_t * p_text_in, + uint8_t * p_text_out, + size_t text_size) +{ + int error = 0; + size_t crypted_text = 0; + + if ((text_size & 0x0F) != 0) + { + return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; + } + + while (crypted_text < text_size) + { + error = mbedtls_aes_crypt_ecb(&p_ctx->context, + (int)p_ctx->backend.operation, + p_text_in + crypted_text, + p_text_out + crypted_text); + if (error != 0) + { + break; + } + crypted_text += NRF_CRYPTO_AES_BLOCK_SIZE; + } + + return error; +} +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) +static int backend_mbedtls_cbc_mac_update(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out) +{ + int error = 0; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + for (size_t i = 0; i < data_size; i += NRF_CRYPTO_AES_BLOCK_SIZE) + { + error = mbedtls_aes_crypt_cbc(&p_ctx->cbc_mac.context, + MBEDTLS_AES_ENCRYPT, + NRF_CRYPTO_AES_BLOCK_SIZE, + p_ctx->cbc_mac.backend.iv, + (uint8_t const *)p_data_in + i, + p_data_out); + if (error != 0) + { + return error; + } + } + + return error; +} + +static ret_code_t backend_mbedtls_cbc_mac_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + int error; + + if (*p_data_out_size < NRF_CRYPTO_AES_BLOCK_SIZE) + { + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + /* this function does not support padding */ + if ((data_size & 0xF) != 0) + { + return NRF_ERROR_CRYPTO_INPUT_LENGTH; + } + + error = backend_mbedtls_cbc_mac_update(p_context, p_data_in, data_size, p_data_out); + BACKEND_ERROR_CHECK(error); + + *p_data_out_size = NRF_CRYPTO_AES_BLOCK_SIZE; + + return NRF_SUCCESS; +} + +static ret_code_t backend_mbedtls_cbc_mac_padding_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + ret_code_t ret_val; + uint8_t padding_buffer[NRF_CRYPTO_AES_BLOCK_SIZE] = {0}; + uint8_t msg_ending = (uint8_t)(data_size & (size_t)0x0F); + + if (*p_data_out_size < NRF_CRYPTO_AES_BLOCK_SIZE) + { + /* output buffer too small */ + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + data_size -= msg_ending; + + if (data_size > 0) + { + ret_val = backend_mbedtls_cbc_mac_update(p_context, + p_data_in, + data_size, + p_data_out); + VERIFY_SUCCESS(ret_val); + } + + ret_val = padding_pkcs7_add(&padding_buffer[0], + p_data_in + data_size, + msg_ending); + VERIFY_SUCCESS(ret_val); + + ret_val = backend_mbedtls_cbc_mac_finalize(p_context, + &padding_buffer[0], + NRF_CRYPTO_AES_BLOCK_SIZE, + p_data_out, + p_data_out_size); + VERIFY_SUCCESS(ret_val); + + return ret_val; +} +#endif + +static ret_code_t backend_mbedtls_update(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out) +{ + int error; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + switch (p_ctx->any.header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) + case NRF_CRYPTO_AES_MODE_CBC: + case NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7: + error = mbedtls_aes_crypt_cbc(&p_ctx->cbc.context, + (int)p_ctx->cbc.backend.operation, + data_size, + p_ctx->cbc.backend.iv, + (uint8_t const *)p_data_in, + p_data_out); + break; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) + case NRF_CRYPTO_AES_MODE_CTR: + { + size_t nc_off = 0; + uint8_t stream_block[NRF_CRYPTO_AES_BLOCK_SIZE]; + + error = mbedtls_aes_crypt_ctr(&p_ctx->ctr.context, + data_size, + &nc_off, + p_ctx->ctr.backend.iv, + stream_block, + (uint8_t const *)p_data_in, + p_data_out); + break; + } +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) + case NRF_CRYPTO_AES_MODE_CFB: + error = mbedtls_aes_crypt_cfb8(&p_ctx->cfb.context, + (int)p_ctx->cfb.backend.operation, + data_size, + p_ctx->cfb.backend.iv, + (uint8_t const *)p_data_in, + p_data_out); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) + case NRF_CRYPTO_AES_MODE_ECB: + case NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7: + error = backend_mbedtls_ecb_crypt(&p_ctx->ecb, p_data_in, p_data_out, data_size); + break; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) + case NRF_CRYPTO_AES_MODE_CBC_MAC: + case NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7: + error = backend_mbedtls_cbc_mac_update(p_context, p_data_in, data_size, p_data_out); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) + case NRF_CRYPTO_AES_MODE_CMAC: + error = mbedtls_cipher_cmac_update(&p_ctx->cmac.context, + p_data_in, + data_size); + break; +#endif + + default: + return NRF_ERROR_CRYPTO_CONTEXT_NOT_INITIALIZED; + } + BACKEND_ERROR_CHECK(error); + + return NRF_SUCCESS; +} + +static ret_code_t backend_mbedtls_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + ret_code_t ret_val; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + if (*p_data_out_size < data_size) + { + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + /* data is not multiple of 16 bytes */ + if ((data_size & 0x0F) != 0) + { + if ((p_ctx->any.header.p_info->mode != NRF_CRYPTO_AES_MODE_CTR) && + (p_ctx->any.header.p_info->mode != NRF_CRYPTO_AES_MODE_CFB)) + { + /* There are separate handlers for AES modes with padding and for MAC modes. */ + return NRF_ERROR_CRYPTO_INPUT_LENGTH; + } + } + + ret_val = backend_mbedtls_update(p_context, p_data_in, data_size, p_data_out); + VERIFY_SUCCESS(ret_val); + + *p_data_out_size = data_size; + + return ret_val; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) +static ret_code_t backend_mbedtls_cmac_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + int error; + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + if (*p_data_out_size < NRF_CRYPTO_AES_BLOCK_SIZE) + { + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + error = mbedtls_cipher_cmac_update(&p_ctx->cmac.context, p_data_in, data_size); + BACKEND_ERROR_CHECK(error); + + error = mbedtls_cipher_cmac_finish(&p_ctx->cmac.context, p_data_out); + BACKEND_ERROR_CHECK(error); + + *p_data_out_size = NRF_CRYPTO_AES_BLOCK_SIZE; + + return NRF_SUCCESS; +} +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) +static ret_code_t backend_mbedtls_padding_finalize(void * const p_context, + uint8_t * p_data_in, + size_t data_size, + uint8_t * p_data_out, + size_t * p_data_out_size) +{ + ret_code_t ret_val; + size_t buff_out_size; + uint8_t padding_buffer[NRF_CRYPTO_AES_BLOCK_SIZE] = {0}; + uint8_t msg_ending = (uint8_t)(data_size & (size_t)0x0F); + + nrf_crypto_backend_mbedtls_aes_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_context_t *)p_context; + + if (p_ctx->any.backend.operation == NRF_CRYPTO_DECRYPT) + { + ret_val = backend_mbedtls_finalize(p_context, + p_data_in, + data_size, + p_data_out, + p_data_out_size); + VERIFY_SUCCESS(ret_val); + + ret_val = padding_pkcs7_remove(p_data_out, + p_data_out_size); + return ret_val; + } + + /* -------------- ENCRYPTION --------------*/ + data_size -= msg_ending; + + if (*p_data_out_size < (data_size + NRF_CRYPTO_AES_BLOCK_SIZE)) + { + /* no space for padding */ + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + if (data_size > 0) + { + /* Encrypt 16 byte blocks */ + ret_val = backend_mbedtls_update(p_context, + p_data_in, + data_size, + p_data_out); + VERIFY_SUCCESS(ret_val); + } + + ret_val = padding_pkcs7_add(&padding_buffer[0], + p_data_in + data_size, + msg_ending); + VERIFY_SUCCESS(ret_val); + + buff_out_size = *p_data_out_size - data_size; + + ret_val = backend_mbedtls_finalize(p_context, + &padding_buffer[0], + NRF_CRYPTO_AES_BLOCK_SIZE, + p_data_out + data_size, + &buff_out_size); + VERIFY_SUCCESS(ret_val); + + *p_data_out_size = buff_out_size + data_size; + + return ret_val; +} +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_128_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_192_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_256_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ctr_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CTR, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_ctr_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ctr_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CTR, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_ctr_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ctr_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CTR, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_ctr_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; +#endif + +// CFB +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cfb_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CFB, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cfb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cfb_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CFB, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cfb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cfb_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CFB, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cfb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_128_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_192_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_ecb_256_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_ECB_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_ecb_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_padding_finalize +}; +#endif + + +// CBC MAC +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_128_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_192_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_padding_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cbc_mac_256_pad_pkcs7_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CBC_MAC_PAD_PCKS7, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cbc_mac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = backend_mbedtls_iv_set, + .iv_get_fn = backend_mbedtls_iv_get, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cbc_mac_padding_finalize +}; + +#endif + +// CMAC +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cmac_128_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CMAC, + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .context_size = sizeof(nrf_crypto_backend_aes_cmac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cmac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cmac_192_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CMAC, + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .context_size = sizeof(nrf_crypto_backend_aes_cmac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cmac_finalize +}; + +nrf_crypto_aes_info_t const g_nrf_crypto_aes_cmac_256_info = +{ + .mode = NRF_CRYPTO_AES_MODE_CMAC, + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .context_size = sizeof(nrf_crypto_backend_aes_cmac_context_t), + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .key_set_fn = backend_mbedtls_key_set, + .iv_set_fn = NULL, + .iv_get_fn = NULL, + .update_fn = backend_mbedtls_update, + .finalize_fn = backend_mbedtls_cmac_finalize +}; +#endif + +#endif // #if NRF_MODULE_ENABLED(NRF_CRYPTO_MBEDTLS_AES) +#endif // MODULE_ENABLED(NRF_CRYPTO) + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.h new file mode 100644 index 0000000..3813eb3 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes.h @@ -0,0 +1,227 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MBEDTLS_BACKEND_AES_H__ +#define MBEDTLS_BACKEND_AES_H__ + +/** @file + * + * @defgroup nrf_crypto_mbedtls_backend_aes nrf_crypto mbed TLS backend AES + * @{ + * @ingroup nrf_crypto_mbedtls_backend + * + * @brief AES functionality provided by the nrf_crypto mbed TLS backend. + */ + +#include "sdk_config.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +/*lint -save -e????*/ +#include "mbedtls/aes.h" +#include "mbedtls/cmac.h" +#include "mbedtls/platform.h" +/*lint -restore*/ +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_aes_shared.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* AES CBC */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CBC) +#error "Duplicate definition of AES CBC mode. More than one backend enabled"); +#endif +/* Flag that AES CBC is enabled in backend */ +#define NRF_CRYPTO_AES_CBC_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_MBEDTLS_AES_ENABLED +#define NRF_CRYPTO_MBEDTLS_AES_ENABLED 1 + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_CBC_128_ENABLED 1 +#define NRF_CRYPTO_AES_CBC_192_ENABLED 1 +#define NRF_CRYPTO_AES_CBC_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + nrf_crypto_backend_aes_ctx_t backend; /**< Backend-specific internal context. */ + mbedtls_aes_context context; /**< AES context internal to mbed TLS. */ +} nrf_crypto_backend_aes_cbc_context_t; +#endif + + +/* AES CTR */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CTR) +#error "Duplicate definition of AES CTR mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CTR_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_MBEDTLS_AES_ENABLED +#define NRF_CRYPTO_MBEDTLS_AES_ENABLED 1 + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_CTR_128_ENABLED 1 +#define NRF_CRYPTO_AES_CTR_192_ENABLED 1 +#define NRF_CRYPTO_AES_CTR_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + nrf_crypto_backend_aes_ctx_t backend; /**< Backend-specific internal context. */ + mbedtls_aes_context context; /**< AES context internal to mbed TLS. */ +} nrf_crypto_backend_aes_ctr_context_t; +#endif + +/* AES CFB */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CFB) +#error "Duplicate definition of AES CFB mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CFB_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_MBEDTLS_AES_ENABLED +#define NRF_CRYPTO_MBEDTLS_AES_ENABLED 1 + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_CFB_128_ENABLED 1 +#define NRF_CRYPTO_AES_CFB_192_ENABLED 1 +#define NRF_CRYPTO_AES_CFB_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + nrf_crypto_backend_aes_ctx_t backend; /**< Backend-specific internal context. */ + mbedtls_aes_context context; /**< AES context internal to mbed TLS. */ +} nrf_crypto_backend_aes_cfb_context_t; +#endif + +/* AES ECB */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_ECB) +#error "Duplicate definition of AES ECB mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_ECB_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 +#undef NRF_CRYPTO_MBEDTLS_AES_ENABLED +#define NRF_CRYPTO_MBEDTLS_AES_ENABLED 1 + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_ECB_128_ENABLED 1 +#define NRF_CRYPTO_AES_ECB_192_ENABLED 1 +#define NRF_CRYPTO_AES_ECB_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + nrf_crypto_backend_no_iv_aes_ctx_t backend; /**< Backend-specific internal context. */ + mbedtls_aes_context context; /**< AES context internal to mbed TLS. */ +} nrf_crypto_backend_aes_ecb_context_t; +#endif + + +/* AES CBC MAC */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CBC_MAC) +#error "Duplicate definition of AES CBC MAC mode. More than one backend enabled"); +#endif +/* Flag that AES CBC MAC is enabled in backend */ +#define NRF_CRYPTO_AES_CBC_MAC_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_MBEDTLS_AES_ENABLED +#define NRF_CRYPTO_MBEDTLS_AES_ENABLED 1 + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_CBC_MAC_128_ENABLED 1 +#define NRF_CRYPTO_AES_CBC_MAC_192_ENABLED 1 +#define NRF_CRYPTO_AES_CBC_MAC_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + nrf_crypto_backend_aes_ctx_t backend; /**< Backend-specific internal context. */ + mbedtls_aes_context context; /**< AES context internal to mbed TLS. */ +} nrf_crypto_backend_aes_cbc_mac_context_t; +#endif + + +/* AES CMAC */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CMAC) +#error "Duplicate definition of AES CMAC mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CMAC_ENABLED 1 +#undef NRF_CRYPTO_AES_ENABLED +#define NRF_CRYPTO_AES_ENABLED 1 // Flag that nrf_crypto_aes frontend can be compiled +#undef NRF_CRYPTO_MBEDTLS_AES_ENABLED +#define NRF_CRYPTO_MBEDTLS_AES_ENABLED 1 + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_CMAC_128_ENABLED 1 +#define NRF_CRYPTO_AES_CMAC_192_ENABLED 1 +#define NRF_CRYPTO_AES_CMAC_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aes_internal_context_t header; /**< Common header for context. */ + nrf_crypto_backend_no_iv_aes_ctx_t backend; /**< Backend-specific internal context. */ + mbedtls_cipher_context_t context; /**< AES context internal to mbedtls. */ +} nrf_crypto_backend_aes_cmac_context_t; +#endif + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +/** @} */ + +#endif // MBEDTLS_BACKEND_AES_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes_aead.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes_aead.c new file mode 100644 index 0000000..eb0319e --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes_aead.c @@ -0,0 +1,384 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#include <drivers/nrfx_common.h> +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +#include "nrf_crypto_error.h" +#include "mbedtls_backend_aes_aead.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_MBEDTLS_AES_AEAD) + +/**@internal @brief Type declaration of a template suiting all possible context sizes + * for this backend. + */ +typedef union +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM) + nrf_crypto_backend_aes_ccm_context_t ccm; +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM) + nrf_crypto_backend_aes_gcm_context_t gcm; +#endif +} nrf_crypto_backend_mbedtls_aes_aead_context_t; + + +static ret_code_t result_get(int error) +{ + ret_code_t ret_val; + + switch (error) + { + case 0: + ret_val = NRF_SUCCESS; + break; + + case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case MBEDTLS_ERR_CIPHER_ALLOC_FAILED: + ret_val = NRF_ERROR_CRYPTO_ALLOC_FAILED; + break; + + case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: + ret_val = NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + break; + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM) + case MBEDTLS_ERR_CCM_BAD_INPUT: + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + break; + + case MBEDTLS_ERR_CCM_AUTH_FAILED: + ret_val = NRF_ERROR_CRYPTO_AEAD_INVALID_MAC; + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM) + case MBEDTLS_ERR_GCM_BAD_INPUT: + ret_val = NRF_ERROR_CRYPTO_INVALID_PARAM; + break; + + case MBEDTLS_ERR_GCM_AUTH_FAILED: + ret_val = NRF_ERROR_CRYPTO_AEAD_INVALID_MAC; + break; +#endif + + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + return ret_val; +} + +static ret_code_t backend_mbedtls_init(void * const p_context, uint8_t * p_key) +{ + int result; + ret_code_t ret_val; + + nrf_crypto_backend_mbedtls_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_aead_context_t *)p_context; + + if ((p_ctx->header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_128) && + (p_ctx->header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_192) && + (p_ctx->header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_256)) + { + return NRF_ERROR_CRYPTO_KEY_SIZE; + } + + switch (p_ctx->header.p_info->mode) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM) + case NRF_CRYPTO_AEAD_MODE_AES_CCM: + mbedtls_ccm_init(&p_ctx->ccm.context); + + result = mbedtls_ccm_setkey(&p_ctx->ccm.context, + MBEDTLS_CIPHER_ID_AES, + p_key, + p_ctx->header.p_info->key_size); + break; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM) + case NRF_CRYPTO_AEAD_MODE_AES_GCM: + mbedtls_gcm_init(&p_ctx->gcm.context); + + result = mbedtls_gcm_setkey(&p_ctx->gcm.context, + MBEDTLS_CIPHER_ID_AES, + p_key, + p_ctx->header.p_info->key_size); + break; +#endif + + default: + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + } + + if (result != 0) + { + ret_val = result_get(result); + return ret_val; + } + + return NRF_SUCCESS; +} + +static ret_code_t backend_mbedtls_uninit(void * const p_context) +{ + nrf_crypto_backend_mbedtls_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_aead_context_t *)p_context; + + if (p_ctx->header.p_info->mode == NRF_CRYPTO_AEAD_MODE_AES_CCM) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM) + mbedtls_ccm_free(&p_ctx->ccm.context); +#endif + } + else + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM) + mbedtls_gcm_free(&p_ctx->gcm.context); +#endif + } + + return NRF_SUCCESS; +} + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM) +static ret_code_t backend_mbedtls_ccm_crypt(void * const p_context, + nrf_crypto_operation_t operation, + uint8_t * p_nonce, + uint8_t nonce_size, + uint8_t * p_adata, + size_t adata_size, + uint8_t * p_data_in, + size_t data_in_size, + uint8_t * p_data_out, + uint8_t * p_mac, + uint8_t mac_size) +{ + int result; + ret_code_t ret_val; + + nrf_crypto_backend_mbedtls_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_aead_context_t *)p_context; + + /* CCM mode allows following MAC sizes: [4, 6, 8, 10, 12, 14, 16] */ + if ((mac_size < NRF_CRYPTO_AES_CCM_MAC_MIN) || (mac_size > NRF_CRYPTO_AES_CCM_MAC_MAX) || + ((mac_size & 0x01) != 0)) + { + return NRF_ERROR_CRYPTO_AEAD_MAC_SIZE; + } + + if ((nonce_size < NRF_CRYPTO_AES_CCM_NONCE_SIZE_MIN) || + (nonce_size > NRF_CRYPTO_AES_CCM_NONCE_SIZE_MAX)) + { + return NRF_ERROR_CRYPTO_AEAD_NONCE_SIZE; + } + + if (operation == NRF_CRYPTO_ENCRYPT) + { + result = mbedtls_ccm_encrypt_and_tag(&p_ctx->ccm.context, + data_in_size, + p_nonce, + nonce_size, + p_adata, + adata_size, + p_data_in, + p_data_out, + p_mac, + (size_t)mac_size); + } + else if (operation == NRF_CRYPTO_DECRYPT) + { + result = mbedtls_ccm_auth_decrypt(&p_ctx->ccm.context, + data_in_size, + p_nonce, + nonce_size, + p_adata, + adata_size, + p_data_in, + p_data_out, + p_mac, + (size_t)mac_size); + } + else + { + return NRF_ERROR_CRYPTO_INVALID_PARAM; + } + + ret_val = result_get(result); + + return ret_val; +} +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM) +static ret_code_t backend_mbedtls_gcm_crypt(void * const p_context, + nrf_crypto_operation_t operation, + uint8_t * p_nonce, + uint8_t nonce_size, + uint8_t * p_adata, + size_t adata_size, + uint8_t * p_data_in, + size_t data_in_size, + uint8_t * p_data_out, + uint8_t * p_mac, + uint8_t mac_size) +{ + int result; + ret_code_t ret_val; + + nrf_crypto_backend_mbedtls_aes_aead_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_aes_aead_context_t *)p_context; + + /* GCM allows following MAC size: [4 ... 16] */ + if ((mac_size < NRF_CRYPTO_AES_GCM_MAC_MIN) || (mac_size > NRF_CRYPTO_AES_GCM_MAC_MAX)) + { + return NRF_ERROR_CRYPTO_AEAD_MAC_SIZE; + } + + if (operation == NRF_CRYPTO_ENCRYPT) + { + result = mbedtls_gcm_crypt_and_tag(&p_ctx->gcm.context, + MBEDTLS_GCM_ENCRYPT, + data_in_size, + p_nonce, + nonce_size, + p_adata, + adata_size, + p_data_in, + p_data_out, + (size_t)mac_size, + p_mac); + ret_val = result_get(result); + } + else if (operation == NRF_CRYPTO_DECRYPT) + { + result = mbedtls_gcm_auth_decrypt(&p_ctx->gcm.context, + data_in_size, + p_nonce, + nonce_size, + p_adata, + adata_size, + p_mac, + (size_t)mac_size, + p_data_in, + p_data_out); + ret_val = result_get(result); + } + else + { + return NRF_ERROR_CRYPTO_INVALID_PARAM; + } + + return ret_val; +} +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM) +nrf_crypto_aead_info_t const g_nrf_crypto_aes_ccm_128_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .mode = NRF_CRYPTO_AEAD_MODE_AES_CCM, + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .crypt_fn = backend_mbedtls_ccm_crypt +}; + +nrf_crypto_aead_info_t const g_nrf_crypto_aes_ccm_192_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .mode = NRF_CRYPTO_AEAD_MODE_AES_CCM, + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .crypt_fn = backend_mbedtls_ccm_crypt +}; + +nrf_crypto_aead_info_t const g_nrf_crypto_aes_ccm_256_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .mode = NRF_CRYPTO_AEAD_MODE_AES_CCM, + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .crypt_fn = backend_mbedtls_ccm_crypt +}; +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM) +nrf_crypto_aead_info_t const g_nrf_crypto_aes_gcm_128_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_128, + .mode = NRF_CRYPTO_AEAD_MODE_AES_GCM, + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .crypt_fn = backend_mbedtls_gcm_crypt +}; + +nrf_crypto_aead_info_t const g_nrf_crypto_aes_gcm_192_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_192, + .mode = NRF_CRYPTO_AEAD_MODE_AES_GCM, + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .crypt_fn = backend_mbedtls_gcm_crypt +}; + +nrf_crypto_aead_info_t const g_nrf_crypto_aes_gcm_256_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .mode = NRF_CRYPTO_AEAD_MODE_AES_GCM, + + .init_fn = backend_mbedtls_init, + .uninit_fn = backend_mbedtls_uninit, + .crypt_fn = backend_mbedtls_gcm_crypt +}; +#endif + +#endif // MODULE_ENABLED(NRF_CRYPTO_MBEDTLS_AES_AEAD) +#endif // MODULE_ENABLED(NRF_CRYPTO) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes_aead.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes_aead.h new file mode 100644 index 0000000..05f24f5 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_aes_aead.h @@ -0,0 +1,123 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MBEDTLS_BACKEND_AES_AEAD_H__ +#define MBEDTLS_BACKEND_AES_AEAD_H__ + +/** @file + * + * @defgroup nrf_crypto_mbedtls_backend_aes_aead nrf_crypto mbed TLS backend AES AEAD + * @{ + * @ingroup nrf_crypto_mbedtls_backend + * + * @brief AES AEAD functionality provided by the nrf_crypto mbed TLS backend. + */ + +#include "sdk_config.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) +/*lint -save -e????*/ +#include "mbedtls/ccm.h" +#include "mbedtls/gcm.h" +#include "mbedtls/platform.h" +/*lint -restore*/ +#include "nrf_crypto_error.h" +#include "nrf_crypto_aead_shared.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* AES CCM */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_CCM) +#error "Duplicate definition of AES CCM mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_CCM_ENABLED 1 +#undef NRF_CRYPTO_AEAD_ENABLED +#define NRF_CRYPTO_AEAD_ENABLED 1 +#undef NRF_CRYPTO_MBEDTLS_AES_AEAD_ENABLED +#define NRF_CRYPTO_MBEDTLS_AES_AEAD_ENABLED 1 + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_CCM_128_ENABLED 1 +#define NRF_CRYPTO_AES_CCM_192_ENABLED 1 +#define NRF_CRYPTO_AES_CCM_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ + mbedtls_ccm_context context; /**< AES CCM context internal to mbed TLS. */ +} nrf_crypto_backend_aes_ccm_context_t; +#endif + +/* AES GCM */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_AES_GCM) +#error "Duplicate definition of AES GCM mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_AES_GCM_ENABLED 1 +#undef NRF_CRYPTO_AEAD_ENABLED +#define NRF_CRYPTO_AEAD_ENABLED 1 +#undef NRF_CRYPTO_MBEDTLS_AES_AEAD_ENABLED +#define NRF_CRYPTO_MBEDTLS_AES_AEAD_ENABLED 1 + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_GCM_128_ENABLED 1 +#define NRF_CRYPTO_AES_GCM_192_ENABLED 1 +#define NRF_CRYPTO_AES_GCM_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ + mbedtls_gcm_context context; /**< AES GCM context internal to mbed TLS. */ +} nrf_crypto_backend_aes_gcm_context_t; +#endif + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +/** @} */ + +#endif // MBEDTLS_BACKEND_AES_AEAD_H__ + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecc.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecc.c new file mode 100644 index 0000000..a69ab7c --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecc.c @@ -0,0 +1,531 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include <stdbool.h> +#include <string.h> + +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_ecdh.h" +#include "nrf_crypto_mem.h" +#include "nrf_crypto_rng.h" +#include "nrf_assert.h" +#include "mbedtls_backend_ecc.h" + +/*lint -save -e????*/ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif +#include "mbedtls/ecp.h" +#include "mbedtls/bignum.h" +/*lint -restore*/ + + +bool nrf_crypto_backend_mbedtls_ecc_group_load( + mbedtls_ecp_group * p_group, + struct nrf_crypto_ecc_curve_info_s const * p_info) +{ + int result; + + mbedtls_ecp_group_init(p_group); + result = mbedtls_ecp_group_load(p_group, + (mbedtls_ecp_group_id)(intptr_t)p_info->p_backend_data); + + if (result != 0) + { + return false; + } + return true; +} + + +int nrf_crypto_backend_mbedtls_ecc_mbedtls_rng(void * p_param, unsigned char * p_data, size_t size) +{ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_RNG) + + ret_code_t result; + + result = nrf_crypto_rng_vector_generate(p_data, size); + + if (result != NRF_SUCCESS) + { + return MBEDTLS_ERR_ECP_RANDOM_FAILED; + } + return 0; + +#else + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; +#endif +} + + +ret_code_t nrf_crypto_backend_mbedtls_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key) +{ + int result; + mbedtls_ecp_group group; + + nrf_crypto_backend_mbedtls_ecc_private_key_t * p_prv = + (nrf_crypto_backend_mbedtls_ecc_private_key_t *)p_private_key; + + nrf_crypto_backend_mbedtls_ecc_public_key_t * p_pub = + (nrf_crypto_backend_mbedtls_ecc_public_key_t *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + if (!nrf_crypto_backend_mbedtls_ecc_group_load(&group, p_info)) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + mbedtls_ecp_point_init(&p_pub->key); + mbedtls_mpi_init(&p_prv->key); + result = mbedtls_ecp_gen_keypair(&group, + &p_prv->key, + &p_pub->key, + nrf_crypto_backend_mbedtls_ecc_mbedtls_rng, + NULL); + + mbedtls_ecp_group_free(&group); + + if (result != 0) + { + mbedtls_mpi_free(&p_prv->key); + mbedtls_ecp_point_free(&p_pub->key); + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_mbedtls_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key) +{ + int result; + mbedtls_ecp_group group; + + nrf_crypto_backend_mbedtls_ecc_private_key_t const * p_prv = + (nrf_crypto_backend_mbedtls_ecc_private_key_t const *)p_private_key; + + nrf_crypto_backend_mbedtls_ecc_public_key_t * p_pub = + (nrf_crypto_backend_mbedtls_ecc_public_key_t *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + if (!nrf_crypto_backend_mbedtls_ecc_group_load(&group, p_info)) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + mbedtls_ecp_point_init(&p_pub->key); + result = mbedtls_ecp_mul(&group, + &p_pub->key, + &p_prv->key, + &group.G, + nrf_crypto_backend_mbedtls_ecc_mbedtls_rng, + NULL); + + mbedtls_ecp_group_free(&group); + + if (result != 0) + { + mbedtls_ecp_point_free(&p_pub->key); + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_mbedtls_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data) +{ + int result; + mbedtls_ecp_group group; + + nrf_crypto_backend_mbedtls_ecc_private_key_t * p_prv = + (nrf_crypto_backend_mbedtls_ecc_private_key_t *)p_private_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + if (!nrf_crypto_backend_mbedtls_ecc_group_load(&group, p_info)) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + mbedtls_mpi_init(&p_prv->key); + result = mbedtls_mpi_read_binary(&p_prv->key, p_raw_data, p_info->raw_private_key_size); + + if (result == 0) + { +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519) + // Update bits in Curve25519 private key + if (p_prv->header.p_info->curve_type == NRF_CRYPTO_ECC_CURVE25519_CURVE_TYPE) + { + result = mbedtls_mpi_set_bit(&p_prv->key, 0, 0); + ASSERT(result == 0); + result = mbedtls_mpi_set_bit(&p_prv->key, 1, 0); + ASSERT(result == 0); + result = mbedtls_mpi_set_bit(&p_prv->key, 2, 0); + ASSERT(result == 0); + result = mbedtls_mpi_set_bit(&p_prv->key, 254, 1); + ASSERT(result == 0); + result = mbedtls_mpi_set_bit(&p_prv->key, 255, 0); + ASSERT(result == 0); + } +#endif + if (mbedtls_ecp_check_privkey(&group, &p_prv->key) != 0) + { + result = MBEDTLS_ERR_ECP_INVALID_KEY; + } + } + + mbedtls_ecp_group_free(&group); + + if (result != 0) + { + mbedtls_mpi_free(&p_prv->key); + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_mbedtls_private_key_to_raw( + void const * p_private_key, + uint8_t * p_raw_data) +{ + int result; + + nrf_crypto_backend_mbedtls_ecc_private_key_t const * p_prv = + (nrf_crypto_backend_mbedtls_ecc_private_key_t const *)p_private_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + result = mbedtls_mpi_write_binary(&p_prv->key, p_raw_data, p_info->raw_private_key_size); + + if (result != 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_mbedtls_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data) +{ + int result; + mbedtls_ecp_group group; + + nrf_crypto_backend_mbedtls_ecc_public_key_t * p_pub = + (nrf_crypto_backend_mbedtls_ecc_public_key_t *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + mbedtls_ecp_point_init(&p_pub->key); + + result = mbedtls_mpi_read_binary(&p_pub->key.X, + p_raw_data, + p_info->raw_private_key_size); + if (result != 0) + { + goto error_exit; + } + + if (p_info->raw_public_key_size > p_info->raw_private_key_size) + { + result = mbedtls_mpi_read_binary(&p_pub->key.Y, + &p_raw_data[p_info->raw_private_key_size], + p_info->raw_private_key_size); + } + + if (result != 0) + { + goto error_exit; + } + + result = mbedtls_mpi_lset(&p_pub->key.Z, 1); + + if (result == 0) + { + if (!nrf_crypto_backend_mbedtls_ecc_group_load(&group, p_info)) + { + goto error_exit; + } + result = mbedtls_ecp_check_pubkey(&group, &p_pub->key); + mbedtls_ecp_group_free(&group); + } + + if (result != 0) + { + goto error_exit; + } + return NRF_SUCCESS; + +error_exit: + mbedtls_ecp_point_free(&p_pub->key); + return NRF_ERROR_CRYPTO_INTERNAL; +} + + +ret_code_t nrf_crypto_backend_mbedtls_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data) +{ + int result; + + nrf_crypto_backend_mbedtls_ecc_public_key_t const * p_pub = + (nrf_crypto_backend_mbedtls_ecc_public_key_t const *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + result = mbedtls_mpi_write_binary(&p_pub->key.X, + p_raw_data, + p_info->raw_private_key_size); + if (result != 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + if (p_info->raw_public_key_size > p_info->raw_private_key_size) + { + result = mbedtls_mpi_write_binary(&p_pub->key.Y, + &p_raw_data[p_info->raw_private_key_size], + p_info->raw_private_key_size); + } + + if (result != 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_mbedtls_private_key_free( + void * p_private_key) +{ + nrf_crypto_backend_mbedtls_ecc_private_key_t * p_prv = + (nrf_crypto_backend_mbedtls_ecc_private_key_t *)p_private_key; + + mbedtls_mpi_free(&p_prv->key); + return NRF_SUCCESS; +} + +ret_code_t nrf_crypto_backend_mbedtls_public_key_free( + void * p_public_key) +{ + nrf_crypto_backend_mbedtls_ecc_public_key_t * p_pub = + (nrf_crypto_backend_mbedtls_ecc_public_key_t *)p_public_key; + + mbedtls_ecp_point_free(&p_pub->key); + return NRF_SUCCESS; +} + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp192r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP192R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP192R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP192R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_SECP192R1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp224r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP224R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP224R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_SECP224R1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp256r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP256R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_SECP256R1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP384R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp384r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP384R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP384R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP384R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_SECP384R1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP521R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp521r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP521R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP521R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP521R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_SECP521R1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192K1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp192k1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP192K1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP192K1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP192K1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_SECP192K1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224K1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp224k1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP224K1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP224K1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP224K1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_SECP224K1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256K1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp256k1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP256K1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP256K1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP256K1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_SECP256K1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP256R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_bp256r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_BP256R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_BP256R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_BP256R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_BP256R1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP384R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_bp384r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_BP384R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_BP384R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_BP384R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_BP384R1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP512R1) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_bp512r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_BP512R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_BP512R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_BP512R1_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_BP512R1, +}; +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519) +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_curve25519_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_mbedtls_ecc_private_key_t), + .curve_type = NRF_CRYPTO_ECC_CURVE25519_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_CURVE25519_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_CURVE25519_RAW_PUBLIC_KEY_SIZE, + .p_backend_data = (void *)MBEDTLS_ECP_DP_CURVE25519, +}; +#endif + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecc.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecc.h new file mode 100644 index 0000000..288c39c --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecc.h @@ -0,0 +1,519 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MBEDTLS_BACKEND_ECC_H__ +#define MBEDTLS_BACKEND_ECC_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include <stdint.h> +#include <stdbool.h> +#include "nrf_crypto_ecc_shared.h" + +/*lint -save -e????*/ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif +#include "mbedtls/ecp.h" +/*lint -restore*/ + + +#ifdef __cplusplus +extern "C" { +#endif + + +/** @internal @brief Common structure holding private key for mbed TLS. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + mbedtls_mpi key; /**< @internal @brief mbed TLS specific key representation */ +} nrf_crypto_backend_mbedtls_ecc_private_key_t; + + +/** @internal @brief Common structure holding public key for mbed TLS. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + mbedtls_ecp_point key; /**< @internal @brief mbed TLS specific key representation */ +} nrf_crypto_backend_mbedtls_ecc_public_key_t; + + +/** @internal See @ref nrf_crypto_backend_ecc_key_pair_generate_fn_t. + */ +ret_code_t nrf_crypto_backend_mbedtls_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_calculate_fn_t. +*/ +ret_code_t nrf_crypto_backend_mbedtls_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key); + + +/** @internal See @ref nrf_crypto_backend_ecc_private_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_mbedtls_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_private_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_mbedtls_private_key_to_raw( + void const * p_private_key, + uint8_t * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_mbedtls_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_mbedtls_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_key_free_fn_t. +*/ +ret_code_t nrf_crypto_backend_mbedtls_private_key_free( + void * p_private_key); + + +/** @internal See @ref nrf_crypto_backend_ecc_key_free_fn_t. +*/ +ret_code_t nrf_crypto_backend_mbedtls_public_key_free( + void * p_public_key); + + +/** @internal @brief Loads mbed TLS ECC group of specified curve type. + * + * @param[out] p_group Pointer to place where to load a group. Data have to be later deallocated. + * @param[in] curve_type ECC curve type from enum @ref nrf_crypto_ecc_curve_type_t. + * @returns true on success, false if curve is not supported or no found in mbed TLS. + */ +bool nrf_crypto_backend_mbedtls_ecc_group_load( + mbedtls_ecp_group * p_group, + struct nrf_crypto_ecc_curve_info_s const * p_info); + + +/** @internal @brief Function that can be used as a parameter to mbed TLS functions requiring random + * number generator. + * + * It uses RNG from libary front end to generate random numbers. + * + * @param[in] p_param Opaque pointer passed by mbed TLS. Unused by this implementation. + * @param[out] p_data Pointer where to put random number. + * @returns 0 on success, mbed TLS error code on error. + */ +int nrf_crypto_backend_mbedtls_ecc_mbedtls_rng(void * p_param, unsigned char * p_data, size_t size); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP192R1) +#error "More than one backend enabled for secp192r1 (NIST 192-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP192R1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp192r1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_secp192r1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_secp192r1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_secp192r1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_secp192r1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_secp192r1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_secp192r1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_secp192r1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_SECP192R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP192R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_secp192r1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_secp192r1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp192r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp192r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP224R1) +#error "More than one backend enabled for secp224r1 (NIST 224-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP224R1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp224r1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_secp224r1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_secp224r1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_secp224r1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_secp224r1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_secp224r1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_secp224r1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_secp224r1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_SECP224R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP224R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_secp224r1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_secp224r1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp224r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp224r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP256R1) +#error "More than one backend enabled for secp256r1 (NIST 256-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP256R1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp256r1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_secp256r1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_secp256r1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_secp256r1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_secp256r1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_secp256r1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_secp256r1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_secp256r1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_SECP256R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_secp256r1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_secp256r1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp256r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp256r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP384R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP384R1) +#error "More than one backend enabled for secp384r1 (NIST 384-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP384R1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp384r1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_secp384r1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_secp384r1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_secp384r1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_secp384r1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_secp384r1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_secp384r1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_secp384r1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_SECP384R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP384R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_secp384r1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_secp384r1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp384r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp384r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP384R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP521R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP521R1) +#error "More than one backend enabled for secp521r1 (NIST 521-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP521R1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp521r1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_secp521r1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_secp521r1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_secp521r1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_secp521r1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_secp521r1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_secp521r1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_secp521r1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_SECP521R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP521R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_secp521r1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_secp521r1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp521r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp521r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP521R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192K1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP192K1) +#error "More than one backend enabled for secp192k1 (Koblitz 192-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP192K1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp192k1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_secp192k1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_secp192k1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_secp192k1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_secp192k1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_secp192k1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_secp192k1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_secp192k1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_SECP192K1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP192K1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_secp192k1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_secp192k1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp192k1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp192k1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224K1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP224K1) +#error "More than one backend enabled for secp224k1 (Koblitz 224-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP224K1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp224k1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_secp224k1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_secp224k1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_secp224k1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_secp224k1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_secp224k1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_secp224k1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_secp224k1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_SECP224K1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP224K1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_secp224k1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_secp224k1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp224k1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp224k1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256K1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP256K1) +#error "More than one backend enabled for secp256k1 (Koblitz 256-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP256K1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp256k1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_secp256k1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_secp256k1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_secp256k1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_secp256k1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_secp256k1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_secp256k1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_secp256k1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_SECP256K1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256K1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_secp256k1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_secp256k1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp256k1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp256k1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP256R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_BP256R1) +#error "More than one backend enabled for bp256r1 (Brainpool 256-bit)."); +#endif +#define NRF_CRYPTO_ECC_BP256R1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_bp256r1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_bp256r1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_bp256r1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_bp256r1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_bp256r1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_bp256r1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_bp256r1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_bp256r1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_BP256R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_BP256R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_bp256r1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_bp256r1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_bp256r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_bp256r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP384R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_BP384R1) +#error "More than one backend enabled for bp384r1 (Brainpool 384-bit)."); +#endif +#define NRF_CRYPTO_ECC_BP384R1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_bp384r1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_bp384r1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_bp384r1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_bp384r1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_bp384r1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_bp384r1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_bp384r1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_bp384r1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_BP384R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_BP384R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_bp384r1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_bp384r1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_bp384r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_bp384r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP384R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP512R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_BP512R1) +#error "More than one backend enabled for bp512r1 (Brainpool 512-bit)."); +#endif +#define NRF_CRYPTO_ECC_BP512R1_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_bp512r1_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_bp512r1_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_bp512r1_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_bp512r1_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_bp512r1_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_bp512r1_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_bp512r1_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_bp512r1_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_BP512R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_BP512R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_bp512r1_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_bp512r1_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_bp512r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_bp512r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP512R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_CURVE25519) +#error "More than one backend enabled for Curve25519."); +#endif +#define NRF_CRYPTO_ECC_CURVE25519_ENABLED 1 + +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_curve25519_key_pair_generate nrf_crypto_backend_mbedtls_key_pair_generate +#define nrf_crypto_backend_curve25519_public_key_calculate nrf_crypto_backend_mbedtls_public_key_calculate +#define nrf_crypto_backend_curve25519_private_key_from_raw nrf_crypto_backend_mbedtls_private_key_from_raw +#define nrf_crypto_backend_curve25519_private_key_to_raw nrf_crypto_backend_mbedtls_private_key_to_raw +#define nrf_crypto_backend_curve25519_public_key_from_raw nrf_crypto_backend_mbedtls_public_key_from_raw +#define nrf_crypto_backend_curve25519_public_key_to_raw nrf_crypto_backend_mbedtls_public_key_to_raw +#define nrf_crypto_backend_curve25519_private_key_free nrf_crypto_backend_mbedtls_private_key_free +#define nrf_crypto_backend_curve25519_public_key_free nrf_crypto_backend_mbedtls_public_key_free +// mbed TLS does not require context, so its size is 0. +#define NRF_CRYPTO_BACKEND_CURVE25519_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_CURVE25519_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 +// All MBEDTLS curve types share the same data structures +typedef nrf_crypto_backend_mbedtls_ecc_private_key_t nrf_crypto_backend_curve25519_private_key_t; +typedef nrf_crypto_backend_mbedtls_ecc_public_key_t nrf_crypto_backend_curve25519_public_key_t; +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_curve25519_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_curve25519_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#endif // MBEDTLS_BACKEND_ECC_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdh.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdh.c new file mode 100644 index 0000000..02de8d7 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdh.c @@ -0,0 +1,113 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include <string.h> + +#include "nrf_crypto_ecc_shared.h" +#include "nrf_crypto_ecdh_shared.h" +#include "nrf_crypto_ecdh.h" + +/*lint -save -e????*/ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif +#include "mbedtls/ecp.h" +#include "mbedtls/ecdh.h" +/*lint -restore*/ + + +ret_code_t nrf_crypto_backend_mbedtls_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret) +{ + int result; + mbedtls_mpi shared_secret_mpi; + mbedtls_ecp_group group; + + nrf_crypto_backend_mbedtls_ecc_private_key_t const * p_prv = + (nrf_crypto_backend_mbedtls_ecc_private_key_t const *)p_private_key; + + nrf_crypto_backend_mbedtls_ecc_public_key_t const * p_pub = + (nrf_crypto_backend_mbedtls_ecc_public_key_t const *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + if (!nrf_crypto_backend_mbedtls_ecc_group_load(&group, p_info)) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + mbedtls_mpi_init(&shared_secret_mpi); + result = mbedtls_ecdh_compute_shared(&group, + &shared_secret_mpi, + &p_pub->key, + &p_prv->key, + nrf_crypto_backend_mbedtls_ecc_mbedtls_rng, + NULL); + + if (result == 0) + { + result = mbedtls_mpi_write_binary(&shared_secret_mpi, + p_shared_secret, + p_info->raw_private_key_size); + } + + mbedtls_mpi_free(&shared_secret_mpi); + mbedtls_ecp_group_free(&group); + + if (result != 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdh.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdh.h new file mode 100644 index 0000000..fac0e83 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdh.h @@ -0,0 +1,169 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MBEDTLS_BACKEND_ECDH_H__ +#define MBEDTLS_BACKEND_ECDH_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_ecdh_shared.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +/** @internal See @ref nrf_crypto_backend_ecdh_compute_fn_t. + */ +ret_code_t nrf_crypto_backend_mbedtls_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192R1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp192r1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp192r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP192R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224R1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp224r1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp224r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP224R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp256r1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp256r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP256R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP384R1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp384r1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp384r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP384R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP384R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP521R1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp521r1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp521r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP521R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP521R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192K1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp192k1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp192k1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP192K1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224K1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp224k1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp224k1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP224K1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256K1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_secp256k1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp256k1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP256K1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256K1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP256R1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_bp256r1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_bp256r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_BP256R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP384R1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_bp384r1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_bp384r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_BP384R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP384R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP512R1) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_bp512r1_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_bp512r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_BP512R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP512R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519) +// Aliases for one common MBEDTLS implementation +#define nrf_crypto_backend_curve25519_ecdh_compute nrf_crypto_backend_mbedtls_ecdh_compute +typedef uint32_t nrf_crypto_backend_curve25519_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_CURVE25519_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#endif // MBEDTLS_BACKEND_ECDH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdsa.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdsa.c new file mode 100644 index 0000000..04a5a90 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdsa.c @@ -0,0 +1,176 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include <stdint.h> +#include <stdbool.h> +#include <string.h> + +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_ecdsa.h" + +/*lint -save -e????*/ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif +#include "mbedtls/ecp.h" +#include "mbedtls/ecdsa.h" +#include "mbedtls/sha256.h" +#include "mbedtls/sha512.h" +/*lint -restore*/ + + +ret_code_t nrf_crypto_backend_mbedtls_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature) +{ + int result; + mbedtls_mpi r_mpi; + mbedtls_mpi s_mpi; + mbedtls_ecp_group group; + + nrf_crypto_backend_mbedtls_ecc_private_key_t const * p_prv = + (nrf_crypto_backend_mbedtls_ecc_private_key_t const *)p_private_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + if (!nrf_crypto_backend_mbedtls_ecc_group_load(&group, p_info)) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + mbedtls_mpi_init(&r_mpi); + mbedtls_mpi_init(&s_mpi); + result = mbedtls_ecdsa_sign(&group, + &r_mpi, + &s_mpi, + &p_prv->key, + p_data, + data_size, + nrf_crypto_backend_mbedtls_ecc_mbedtls_rng, + NULL); + + mbedtls_ecp_group_free(&group); + + if (result == 0) + { + result = mbedtls_mpi_write_binary(&r_mpi, p_signature, p_info->raw_private_key_size); + if (result == 0) + { + result = mbedtls_mpi_write_binary(&s_mpi, + &p_signature[p_info->raw_private_key_size], + p_info->raw_private_key_size); + } + } + + mbedtls_mpi_free(&r_mpi); + mbedtls_mpi_free(&s_mpi); + + if (result != 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_mbedtls_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature) +{ + int result; + mbedtls_mpi r_mpi; + mbedtls_mpi s_mpi; + mbedtls_ecp_group group; + + nrf_crypto_backend_mbedtls_ecc_public_key_t const * p_pub = + (nrf_crypto_backend_mbedtls_ecc_public_key_t const *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + if (!nrf_crypto_backend_mbedtls_ecc_group_load(&group, p_info)) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + + mbedtls_mpi_init(&r_mpi); + mbedtls_mpi_init(&s_mpi); + + result = mbedtls_mpi_read_binary(&r_mpi, p_signature, p_info->raw_private_key_size); + if (result == 0) + { + result = mbedtls_mpi_read_binary(&s_mpi, + &p_signature[p_info->raw_private_key_size], + p_info->raw_private_key_size); + if (result == 0) + { + result = mbedtls_ecdsa_verify(&group, p_data, data_size, &p_pub->key, &r_mpi, &s_mpi); + } + } + + mbedtls_ecp_group_free(&group); + mbedtls_mpi_free(&r_mpi); + mbedtls_mpi_free(&s_mpi); + + if (result == MBEDTLS_ERR_ECP_VERIFY_FAILED) + { + return NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE; + } + else if (result != 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdsa.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdsa.h new file mode 100644 index 0000000..7ad85a9 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_ecdsa.h @@ -0,0 +1,240 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MBEDTLS_BACKEND_ECDSA_H__ +#define MBEDTLS_BACKEND_ECDSA_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include "nrf_crypto_ecc_shared.h" +#include "nrf_crypto_ecdsa_shared.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +/** @internal See @ref nrf_crypto_backend_ecdsa_sign_fn_t. + */ +ret_code_t nrf_crypto_backend_mbedtls_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature); + + +/** @internal See @ref nrf_crypto_backend_ecdsa_verify_fn_t. + */ +ret_code_t nrf_crypto_backend_mbedtls_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192R1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_SECP192R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP192R1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_secp192r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp192r1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_secp192r1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_secp192r1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224R1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_SECP224R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP224R1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_secp224r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp224r1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_secp224r1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_secp224r1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_SECP256R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256R1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_secp256r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp256r1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_secp256r1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_secp256r1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP384R1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_SECP384R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP384R1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_secp384r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp384r1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_secp384r1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_secp384r1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP521R1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_SECP521R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP521R1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_secp521r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp521r1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_secp521r1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_secp521r1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192K1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_SECP192K1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP192K1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_secp192k1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp192k1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_secp192k1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_secp192k1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224K1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_SECP224K1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP224K1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_secp224k1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp224k1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_secp224k1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_secp224k1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256K1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_SECP256K1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256K1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_secp256k1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp256k1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_secp256k1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_secp256k1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP256R1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_BP256R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_BP256R1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_bp256r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_bp256r1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_bp256r1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_bp256r1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP384R1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_BP384R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_BP384R1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_bp384r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_bp384r1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_bp384r1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_bp384r1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP512R1) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_BP512R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_BP512R1_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_bp512r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_bp512r1_verify_context_t; +// Alias for common mbed TLS +#define nrf_crypto_backend_bp512r1_sign nrf_crypto_backend_mbedtls_sign +#define nrf_crypto_backend_bp512r1_verify nrf_crypto_backend_mbedtls_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519) +// Context is not used by mbed TLS, so its size is 0 +#define NRF_CRYPTO_BACKEND_CURVE25519_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_CURVE25519_VERIFY_CONTEXT_SIZE 0 +// Dummy typedefs for unused contexts +typedef uint32_t nrf_crypto_backend_curve25519_sign_context_t; +typedef uint32_t nrf_crypto_backend_curve25519_verify_context_t; +// No ECDSA implementation for Curve25519 +#define nrf_crypto_backend_curve25519_sign NULL +#define nrf_crypto_backend_curve25519_verify NULL +#endif + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#endif // MBEDTLS_BACKEND_ECDSA_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hash.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hash.c new file mode 100644 index 0000000..b244e0a --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hash.c @@ -0,0 +1,196 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include "mbedtls_backend_hash.h" +#include "nrf_crypto_init.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_hash_shared.h" +#include "sdk_macros.h" +#include "nrf_log.h" +#include "nrf_assert.h" + +/*lint -save -e????*/ +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "mbedtls/md.h" +#include "mbedtls/sha256.h" +#include "mbedtls/sha512.h" +/*lint -restore*/ + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA256) + +static ret_code_t mbedtls_backend_hash_sha256_init(void * const p_context) +{ + // No parameter testing on this level. + // This has been done on upper level. + + mbedtls_sha256_context * p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + mbedtls_sha256_init(p_backend_context); + + mbedtls_sha256_starts(p_backend_context, 0); + + return NRF_SUCCESS; +} + +static uint32_t mbedtls_backend_hash_sha256_update(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + // Limited parameter testing on this level. + // This has been done on upper level. + + mbedtls_sha256_context * p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + mbedtls_sha256_update(p_backend_context, p_data, size); + + return NRF_SUCCESS; +} + + +static uint32_t mbedtls_backend_hash_sha256_finalize(void * const p_context, + uint8_t * p_digest, + size_t * const p_digest_size) +{ + // Limited parameter testing on this level. + // This has been done on upper level. + + mbedtls_sha256_context * p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + mbedtls_sha256_finish(p_backend_context, p_digest); + + *p_digest_size = NRF_CRYPTO_HASH_SIZE_SHA256; + + return NRF_SUCCESS; +} + + +const nrf_crypto_hash_info_t g_nrf_crypto_hash_sha256_info = +{ + .init_fn = mbedtls_backend_hash_sha256_init, + .update_fn = mbedtls_backend_hash_sha256_update, + .finalize_fn = mbedtls_backend_hash_sha256_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA256, + .context_size = sizeof(nrf_crypto_backend_hash_sha256_context_t), + .hash_mode = NRF_CRYPTO_HASH_MODE_SHA256 +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA256) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA512) + + +static ret_code_t mbedtls_backend_hash_sha512_init(void * p_context) +{ + // No parameter testing on this level. + // This has been done on upper level. + + mbedtls_sha512_context * p_backend_context + = &(((nrf_crypto_backend_hash_sha512_context_t *)p_context)->context); + + mbedtls_sha512_init(p_backend_context); + + mbedtls_sha512_starts(p_backend_context, 0); + + return NRF_SUCCESS; +} + + +static ret_code_t mbedtls_backend_hash_sha512_update(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + // Limited parameter testing on this level. + // This has been done on upper level. + + mbedtls_sha512_context * p_backend_context + = &(((nrf_crypto_backend_hash_sha512_context_t *)p_context)->context); + + mbedtls_sha512_update(p_backend_context, p_data, size); + + return NRF_SUCCESS; +} + + +static ret_code_t mbedtls_backend_hash_sha512_finalize(void * const p_context, + uint8_t * p_digest, + size_t * const p_digest_size) +{ + // Limited parameter testing on this level. + // This has been done on upper level. + + mbedtls_sha512_context * p_backend_context + = &(((nrf_crypto_backend_hash_sha512_context_t *)p_context)->context); + + mbedtls_sha512_finish(p_backend_context, p_digest); + + *p_digest_size = NRF_CRYPTO_HASH_SIZE_SHA512; + + return NRF_SUCCESS; +} + + +const nrf_crypto_hash_info_t g_nrf_crypto_hash_sha512_info = +{ + .init_fn = mbedtls_backend_hash_sha512_init, + .update_fn = mbedtls_backend_hash_sha512_update, + .finalize_fn = mbedtls_backend_hash_sha512_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA512, + .context_size = sizeof(nrf_crypto_backend_hash_sha512_context_t), + .hash_mode = NRF_CRYPTO_HASH_MODE_SHA512 +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA512) + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hash.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hash.h new file mode 100644 index 0000000..f69be9b --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hash.h @@ -0,0 +1,128 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MBEDTLS_BACKEND_HASH_H__ +#define MBEDTLS_BACKEND_HASH_H__ + +/** @file + * + * @defgroup nrf_crypto_mbedtls_backend_hash nrf_crypto mbedtls backend hash + * @{ + * @ingroup nrf_crypto_mbedtls_backend + * + * @brief Hash functionality provided by the nrf_crypto mbedtls backend. + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include "sdk_errors.h" +#include "nrf_crypto_hash_shared.h" + +/*lint -save -e????*/ +#include "mbedtls/sha256.h" +#include "mbedtls/sha512.h" +/*lint -restore*/ + +#ifdef __cplusplus +extern "C" { +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA256) + +// Flag that nrf_crypto_hash frontend can be compiled +#undef NRF_CRYPTO_HASH_ENABLED +#define NRF_CRYPTO_HASH_ENABLED 1 + +// Duplicate backend enabled test for SHA-256 +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HASH_SHA256) +#error "Duplicate definition of SHA-256. More than one backend enabled"); +#endif + +// Flag that SHA-256 is enabled in backend +#define NRF_CRYPTO_HASH_SHA256_ENABLED 1 + + +/**brief nrf_crypto_hash context for SHA-256 in nrf_crypto mbedtls backend. */ +typedef struct +{ + nrf_crypto_hash_internal_context_t header; /**< Common header for context. */ + mbedtls_sha256_context context; /**< Hash context internal to mbedtls. */ +} nrf_crypto_backend_hash_sha256_context_t; + + +#endif // NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA256_ENABLED + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA512) + +// Flag that nrf_crypto_hash frontend can be compiled +#undef NRF_CRYPTO_HASH_ENABLED +#define NRF_CRYPTO_HASH_ENABLED 1 + +// Duplicate backend enabled test for SHA-512 +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HASH_SHA512) +#error "Duplicate definition of SHA-512. More than one backend enabled"); +#endif + +// Flag that SHA-512 is enabled in backend +#define NRF_CRYPTO_HASH_SHA512_ENABLED 1 + + +/**brief nrf_crypto_hash context for SHA-512 in nrf_crypto mbedtls backend. */ +typedef struct +{ + nrf_crypto_hash_internal_context_t header; /**< Common header for context. */ + mbedtls_sha512_context context; /**< Hash context internal to mbedtls. */ +} nrf_crypto_backend_hash_sha512_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA512) + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +/**@} */ + +#endif //MBEDTLS_BACKEND_HASH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hmac.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hmac.c new file mode 100644 index 0000000..0a6658c --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hmac.c @@ -0,0 +1,230 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include "nrf_log.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" +#include "mbedtls_backend_hmac.h" + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA256) + +static ret_code_t mbedtls_backend_hmac_init_sha256(void * const p_context, + uint8_t const * p_key, + size_t key_size) +{ + int err_code; + nrf_crypto_backend_mbedtls_hmac_sha256_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_hmac_sha256_context_t *)p_context; + + // Memset context to 0. This is equevalend with a call to mbedtls_md_init(). + memset(p_ctx->md_ctx_buffer, 0, sizeof(p_ctx->md_ctx_buffer)); + memset(p_ctx->hmac_ctx_buffer, 0, sizeof(p_ctx->hmac_ctx_buffer)); + + // Set info and context pointers to buffer allocated by user. + // This is Normally handled by mbedtls_md_setup(), but has to be done here in order + // to avoid dynamic allocation of memory inside mbed TLS. + p_ctx->mbedtls_ctx.md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + p_ctx->mbedtls_ctx.md_ctx = p_ctx->md_ctx_buffer; + p_ctx->mbedtls_ctx.hmac_ctx = p_ctx->hmac_ctx_buffer; + + // Enter key to start + err_code = mbedtls_md_hmac_starts(&p_ctx->mbedtls_ctx, + p_key, + key_size); + + if (err_code != 0) + { + NRF_LOG_ERROR("Error in mbedtls_md_hmac_starts: %u", err_code); + return NRF_ERROR_CRYPTO_INTERNAL; + } + + return NRF_SUCCESS; +} + + +static ret_code_t mbedtls_backend_hmac_update_sha256(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + int err_code; + nrf_crypto_backend_mbedtls_hmac_sha256_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_hmac_sha256_context_t *)p_context; + + err_code = mbedtls_md_hmac_update(&p_ctx->mbedtls_ctx, p_data, size); + if (err_code != 0) + { + NRF_LOG_ERROR("Error in mbedtls_md_hmac_update: %u", err_code); + return NRF_ERROR_CRYPTO_INTERNAL; + } + + return NRF_SUCCESS; +} + + +static ret_code_t mbedtls_backend_hmac_finalize_sha256(void * const p_context, + uint8_t * p_digest, + size_t * const p_size) +{ + int err_code; + nrf_crypto_backend_mbedtls_hmac_sha256_context_t * const p_ctx = + (nrf_crypto_backend_mbedtls_hmac_sha256_context_t *)p_context; + + // Set the digest length to 0 so that this is used in case of any error. + *p_size = 0; + + err_code = mbedtls_md_hmac_finish(&p_ctx->mbedtls_ctx, p_digest); + if (err_code != 0) + { + NRF_LOG_ERROR("Error in mbedtls_md_hmac_finish: %u", err_code); + return NRF_ERROR_CRYPTO_INTERNAL; + } + + *p_size = p_ctx->header.p_info->digest_size; + + return NRF_SUCCESS; +} + + +// Information structure for HMAC SHA256 using mbed TLS backend. +const nrf_crypto_hmac_info_t g_nrf_crypto_hmac_sha256_info = +{ + .init_fn = mbedtls_backend_hmac_init_sha256, + .update_fn = mbedtls_backend_hmac_update_sha256, + .finalize_fn = mbedtls_backend_hmac_finalize_sha256, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA256, + .context_size = sizeof(nrf_crypto_backend_hmac_sha256_context_t), + .type = NRF_CRYPTO_HMAC_SHA256_TYPE +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA256) + + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA512) + +static ret_code_t mbedtls_backend_hmac_init_sha512(void * const p_context, + uint8_t const * p_key, + size_t key_size) +{ + int err_code; + nrf_crypto_backend_mbedtls_hmac_sha512_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_hmac_sha512_context_t *)p_context; + + // Memset context to 0. This is equevalend with a call to mbedtls_md_init(). + memset(p_ctx->md_ctx_buffer, 0, sizeof(p_ctx->md_ctx_buffer)); + memset(p_ctx->hmac_ctx_buffer, 0, sizeof(p_ctx->hmac_ctx_buffer)); + + // Set info and context pointers to buffer allocated by user. + // (Normally handled by mbedtls_md_setup()) + p_ctx->mbedtls_ctx.md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); + p_ctx->mbedtls_ctx.md_ctx = p_ctx->md_ctx_buffer; + p_ctx->mbedtls_ctx.hmac_ctx = p_ctx->hmac_ctx_buffer; + + // Enter key to start + err_code = mbedtls_md_hmac_starts(&p_ctx->mbedtls_ctx, p_key, key_size); + if (err_code != 0) + { + NRF_LOG_ERROR("Error in mbedtls_md_hmac_starts: %u", err_code); + return NRF_ERROR_CRYPTO_INTERNAL; + } + + return NRF_SUCCESS; +} + + +static ret_code_t mbedtls_backend_hmac_update_sha512(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + int err_code; + nrf_crypto_backend_mbedtls_hmac_sha512_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_hmac_sha512_context_t *)p_context; + + err_code = mbedtls_md_hmac_update(&p_ctx->mbedtls_ctx, p_data, size); + if (err_code != 0) + { + NRF_LOG_ERROR("Error in mbedtls_md_hmac_update: %u", err_code); + return NRF_ERROR_CRYPTO_INTERNAL; + } + + return NRF_SUCCESS; +} + + +static ret_code_t mbedtls_backend_hmac_finalize_sha512(void * const p_context, + uint8_t * p_digest, + size_t * const p_size) +{ + int err_code; + nrf_crypto_backend_mbedtls_hmac_sha512_context_t * p_ctx = + (nrf_crypto_backend_mbedtls_hmac_sha512_context_t *)p_context; + + // Set the digest length to 0 so that this is used in case of any error. + *p_size = 0; + + err_code = mbedtls_md_hmac_finish(&p_ctx->mbedtls_ctx, p_digest); + if (err_code != 0) + { + NRF_LOG_ERROR("Error in mbedtls_md_hmac_finish: %u", err_code); + return NRF_ERROR_CRYPTO_INTERNAL; } + + *p_size = p_ctx->header.p_info->digest_size; + + return NRF_SUCCESS; +} + + +// Information structure for HMAC SHA512 using mbed TLS backend. +const nrf_crypto_hmac_info_t g_nrf_crypto_hmac_sha512_info = +{ + .init_fn = mbedtls_backend_hmac_init_sha512, + .update_fn = mbedtls_backend_hmac_update_sha512, + .finalize_fn = mbedtls_backend_hmac_finalize_sha512, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA512, + .context_size = sizeof(nrf_crypto_backend_hmac_sha512_context_t), + .type = NRF_CRYPTO_HMAC_SHA512_TYPE +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA512) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hmac.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hmac.h new file mode 100644 index 0000000..2645bba --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_hmac.h @@ -0,0 +1,140 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MBEDTLS_BACKEND_HMAC_H__ +#define MBEDTLS_BACKEND_HMAC_H__ + +/** @file + * + * @defgroup nrf_crypto_mbedtls_backend_hmac mbed TLS backend for HMAC + * @{ + * @ingroup nrf_crypto_mbedtls_backend + * + * @brief Backend wrapper for mbed TLS. None of these types should be used directly by the + * application. + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) && \ + ( NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA256) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA512) ) + +#include "nrf_crypto_hmac_shared.h" +/*lint -save -e????*/ +#include "mbedtls/md.h" +#include "mbedtls/sha256.h" +#include "mbedtls/sha512.h" +/*lint -restore*/ + +#ifdef __cplusplus +extern "C" { +#endif + +#undef NRF_CRYPTO_HMAC_ENABLED +#define NRF_CRYPTO_HMAC_ENABLED 1 + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA256) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HMAC_SHA256) +#error "Duplicate definition of HMAC SHA-256. More than one backend enabled" +#endif // NRF_CRYPTO_HMAC_SHA256_ENABLED +#define NRF_CRYPTO_HMAC_SHA256_ENABLED 1 + +/** + * @internal @brief Internal context object used by the mbed TLS backend wrapper for HMAC SHA256. + * + * @note This should never be used directly. Use @ref nrf_crypto_backend_hmac_sha256_context_t + * instead. + */ +typedef struct +{ + nrf_crypto_hmac_internal_context_t header; //!< Internal nrf_crypto_hmac context. + mbedtls_md_context_t mbedtls_ctx; //!< Mbed TLS context object. + uint8_t md_ctx_buffer[sizeof(mbedtls_sha256_context)]; //!< Message digest buffer for mbed TLS. + uint16_t hmac_ctx_buffer[64]; //!< Hash buffer for mbed TLS of size defined in mbedtls_sha256_info in md_internal.h. +} nrf_crypto_backend_mbedtls_hmac_sha256_context_t; + +/** + * @internal @brief Context for HMAC SHA256 using mbed TLS backend. + */ +typedef nrf_crypto_backend_mbedtls_hmac_sha256_context_t nrf_crypto_backend_hmac_sha256_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA256) + + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA512) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HMAC_SHA512) +#error "Duplicate definition of HMAC SHA-512. More than one backend enabled" +#endif // NRF_CRYPTO_HMAC_SHA512_ENABLED +#define NRF_CRYPTO_HMAC_SHA512_ENABLED 1 + +/** + * @internal @brief Internal context object used by the mbed TLS backend wrapper for HMAC SHA512. + * + * @note This should never be used directly. Use @ref nrf_crypto_backend_hmac_sha512_context_t + * instead. + */ +typedef struct +{ + nrf_crypto_hmac_internal_context_t header; //!< Internal nrf_crypto_hmac context header. + mbedtls_md_context_t mbedtls_ctx; //!< Mbed TLS context object. + uint8_t md_ctx_buffer[sizeof(mbedtls_sha512_context)]; //!< Message digest buffer for mbed TLS. + uint16_t hmac_ctx_buffer[128]; //!< Hash buffer for mbed TLS of size defined in mbedtls_sha512_info in md_internal.h. +} nrf_crypto_backend_mbedtls_hmac_sha512_context_t; + +/** + * @internal @brief Context for HMAC SHA512 using mbed TLS backend. + */ +typedef nrf_crypto_backend_mbedtls_hmac_sha512_context_t nrf_crypto_backend_hmac_sha512_context_t; + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA512) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) && ( NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA256) || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA512) ) + +/**@} */ + +#endif // MBEDTLS_BACKEND_HMAC_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_init.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_init.c new file mode 100644 index 0000000..aa37d67 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/mbedtls/mbedtls_backend_init.c @@ -0,0 +1,106 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#include "sdk_config.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) + +#include <string.h> +#include <stdint.h> +#include "nrf_crypto_init.h" +#include "nrf_crypto_mem.h" +/*lint -save -e????*/ +#include "mbedtls/platform.h" +/*lint -restore*/ + + +#if NRF_CRYPTO_ALLOC_ON_STACK +#error "MBED TLS backend does not support memory allocation on stack. Use different allocator." +#endif + + +/** @internal @brief Function to use NRF_CRYPTO_ALLOC for MBED TLS memory allocation. + */ +static void * mbedtls_backend_calloc(size_t count, size_t size) +{ + size_t total_size = count * size; + void * p_data = NRF_CRYPTO_ALLOC(total_size); + if (p_data != NULL) + { + memset(p_data, 0, total_size); + } + return p_data; +} + + +/** @internal @brief Function to use NRF_CRYPTO_FREE for MBED TLS memory deallocation. + */ +static void mbedtls_backend_free(void * p_data) +{ + NRF_CRYPTO_FREE(p_data); +} + + +/** @internal @brief Function to initialize MBED TLS backend - setup memory management for. + */ +static ret_code_t mbedtls_backend_init(void) +{ + (void)mbedtls_platform_set_calloc_free(mbedtls_backend_calloc, mbedtls_backend_free); + return NRF_SUCCESS; +} + + +/** @internal @brief Function to uninitialize MBED TLS backend - currently no implementation is required. + */ +static ret_code_t mbedtls_backend_uninit(void) +{ + // Empty implementation + return NRF_SUCCESS; +} + + +CRYPTO_BACKEND_REGISTER(nrf_crypto_backend_info_t const mbedtls_backend) = +{ + .init_fn = mbedtls_backend_init, + .uninit_fn = mbedtls_backend_uninit, +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MBEDTLS) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.c new file mode 100644 index 0000000..534d756 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.c @@ -0,0 +1,352 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#include <stdbool.h> +#include <string.h> +#include <stddef.h> + +#include "app_util.h" +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_rng.h" +#include "nrf_crypto_shared.h" +#include "micro_ecc_backend_ecc.h" +#include "micro_ecc_backend_shared.h" +#include "uECC.h" + + +typedef uECC_Curve (*micro_ecc_curve_fn_t)(void); + + +int nrf_crypto_backend_micro_ecc_rng_callback(uint8_t * dest, unsigned size) +{ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_RNG) + + ret_code_t result; + + result = nrf_crypto_rng_vector_generate(dest, size); + + // Return values compatible with mbed TLS + if (result != NRF_SUCCESS) + { + return 0; + } + return 1; + +#else + UNUSED_PARAMETER(dest); + UNUSED_PARAMETER(size); + return 0; +#endif +} + + +uECC_Curve nrf_crypto_backend_micro_ecc_curve_get( + nrf_crypto_backend_micro_ecc_common_key_t const * p_key) +{ + nrf_crypto_internal_ecc_key_header_t const * p_key_header = + (nrf_crypto_internal_ecc_key_header_t const *)p_key; + + //lint -save -e611 (Suspicious cast) + micro_ecc_curve_fn_t micro_ecc_curve_fn = + (micro_ecc_curve_fn_t)p_key_header->p_info->p_backend_data; + //lint -restore + + uECC_Curve p_micro_ecc_curve = micro_ecc_curve_fn(); + + return p_micro_ecc_curve; +} + + +ret_code_t nrf_crypto_backend_micro_ecc_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key) +{ + int result; + + nrf_crypto_backend_micro_ecc_common_key_t * p_prv = + (nrf_crypto_backend_micro_ecc_common_key_t *)p_private_key; + nrf_crypto_backend_micro_ecc_common_key_t * p_pub = + (nrf_crypto_backend_micro_ecc_common_key_t *)p_public_key; + + uECC_Curve p_micro_ecc_curve = nrf_crypto_backend_micro_ecc_curve_get(p_prv); + + uECC_set_rng(nrf_crypto_backend_micro_ecc_rng_callback); + + result = uECC_make_key((uint8_t *)(&p_pub->key[0]), + (uint8_t *)(&p_prv->key[0]), + p_micro_ecc_curve); + + if (result == 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_micro_ecc_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key) +{ + int result; + + nrf_crypto_backend_micro_ecc_common_key_t const * p_prv = + (nrf_crypto_backend_micro_ecc_common_key_t const *)p_private_key; + nrf_crypto_backend_micro_ecc_common_key_t * p_pub = + (nrf_crypto_backend_micro_ecc_common_key_t *)p_public_key; + + uECC_Curve p_micro_ecc_curve = nrf_crypto_backend_micro_ecc_curve_get(p_prv); + + result = uECC_compute_public_key((uint8_t *)(&p_prv->key[0]), + (uint8_t *)(&p_pub->key[0]), + p_micro_ecc_curve); + + if (result == 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_micro_ecc_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data) +{ + nrf_crypto_backend_micro_ecc_common_key_t * p_prv = + (nrf_crypto_backend_micro_ecc_common_key_t *)p_private_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + +#if ECC_BACKEND_SWAP_BYTES + nrf_crypto_internal_swap_endian((uint8_t *)(&p_prv->key[0]), + p_raw_data, + p_info->raw_private_key_size); +#else + memcpy(&p_prv->key[0], p_raw_data, p_info->raw_private_key_size); +#endif + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_micro_ecc_private_key_to_raw( + void const * p_private_key, + uint8_t * p_raw_data) +{ + nrf_crypto_backend_micro_ecc_common_key_t const * p_prv = + (nrf_crypto_backend_micro_ecc_common_key_t const *)p_private_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + +#if ECC_BACKEND_SWAP_BYTES + nrf_crypto_internal_swap_endian(p_raw_data, + (uint8_t *)(&p_prv->key[0]), + p_info->raw_private_key_size); +#else + memcpy(p_raw_data, &p_prv->key[0], p_info->raw_private_key_size); +#endif + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_micro_ecc_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data) +{ + nrf_crypto_backend_micro_ecc_common_key_t * p_pub = + (nrf_crypto_backend_micro_ecc_common_key_t *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + uECC_Curve p_micro_ecc_curve = nrf_crypto_backend_micro_ecc_curve_get(p_pub); + +#if ECC_BACKEND_SWAP_BYTES + nrf_crypto_internal_double_swap_endian((uint8_t *)(&p_pub->key[0]), + p_raw_data, + p_info->raw_private_key_size); +#else + memcpy(&p_pub->key[0], p_raw_data, p_info->raw_public_key_size); +#endif + +#if !NRF_CRYPTO_BACKEND_MICRO_ECC_PUBLIC_KEY_TRUSTED_ENABLED + if (!uECC_valid_public_key((uint8_t *)(&p_pub->key[0]), p_micro_ecc_curve)) + { + return NRF_ERROR_CRYPTO_ECC_INVALID_KEY; + } +#else + UNUSED_PARAMETER(p_micro_ecc_curve); +#endif + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_micro_ecc_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data) +{ + nrf_crypto_backend_micro_ecc_common_key_t const * p_pub = + (nrf_crypto_backend_micro_ecc_common_key_t const *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + +#if ECC_BACKEND_SWAP_BYTES + nrf_crypto_internal_double_swap_endian(p_raw_data, + (uint8_t *)(&p_pub->key[0]), + p_info->raw_private_key_size); +#else + memcpy(p_raw_data, &p_pub->key[0], p_info->raw_public_key_size); +#endif + + return NRF_SUCCESS; +} + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP192R1) + +// Make sure that common key structure match secp192r1 (NIST 192-bit) key structure to safely cast types. +STATIC_ASSERT(offsetof(nrf_crypto_backend_micro_ecc_common_key_t, key) == + offsetof(nrf_crypto_backend_secp192r1_private_key_t, key), + "Common uECC private key structure does not match secp192r1 (NIST 192-bit) one."); +STATIC_ASSERT(offsetof(nrf_crypto_backend_micro_ecc_common_key_t, key) == + offsetof(nrf_crypto_backend_secp192r1_public_key_t, key), + "Common ECC public key structure does not match secp192r1 (NIST 192-bit) one."); + +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp192r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_secp192r1_private_key_t), + .private_key_size = sizeof(nrf_crypto_backend_secp192r1_public_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP192R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP192R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP192R1_RAW_PUBLIC_KEY_SIZE, + //lint -save -e611 -e546 (Suspicious cast, Suspicious use of &) + .p_backend_data = (void *)&uECC_secp192r1, + //lint -restore +}; + +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP224R1) + +// Make sure that common key structure match secp224r1 (NIST 224-bit) key structure to safely cast types. +STATIC_ASSERT(offsetof(nrf_crypto_backend_micro_ecc_common_key_t, key) == + offsetof(nrf_crypto_backend_secp224r1_private_key_t, key), + "Common uECC private key structure does not match secp224r1 (NIST 224-bit) one."); +STATIC_ASSERT(offsetof(nrf_crypto_backend_micro_ecc_common_key_t, key) == + offsetof(nrf_crypto_backend_secp224r1_public_key_t, key), + "Common ECC public key structure does not match secp224r1 (NIST 224-bit) one."); + +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp224r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_secp224r1_private_key_t), + .private_key_size = sizeof(nrf_crypto_backend_secp224r1_public_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP224R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP224R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP224R1_RAW_PUBLIC_KEY_SIZE, + //lint -save -e611 -e546 (Suspicious cast, Suspicious use of &) + .p_backend_data = (void *)&uECC_secp224r1, + //lint -restore +}; + +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1) + +// Make sure that common key structure match secp256r1 (NIST 256-bit) key structure to safely cast types. +STATIC_ASSERT(offsetof(nrf_crypto_backend_micro_ecc_common_key_t, key) == + offsetof(nrf_crypto_backend_secp256r1_private_key_t, key), + "Common uECC private key structure does not match secp256r1 (NIST 256-bit) one."); +STATIC_ASSERT(offsetof(nrf_crypto_backend_micro_ecc_common_key_t, key) == + offsetof(nrf_crypto_backend_secp256r1_public_key_t, key), + "Common ECC public key structure does not match secp256r1 (NIST 256-bit) one."); + +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp256r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_secp256r1_private_key_t), + .private_key_size = sizeof(nrf_crypto_backend_secp256r1_public_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP256R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PUBLIC_KEY_SIZE, + //lint -save -e611 -e546 (Suspicious cast, Suspicious use of &) + .p_backend_data = (void *)&uECC_secp256r1, + //lint -restore +}; + +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256K1) + +// Make sure that common key structure match secp256k1 (Koblitz 256-bit) key structure to safely cast types. +STATIC_ASSERT(offsetof(nrf_crypto_backend_micro_ecc_common_key_t, key) == + offsetof(nrf_crypto_backend_secp256k1_private_key_t, key), + "Common uECC private key structure does not match secp256k1 (Koblitz 256-bit) one."); +STATIC_ASSERT(offsetof(nrf_crypto_backend_micro_ecc_common_key_t, key) == + offsetof(nrf_crypto_backend_secp256k1_public_key_t, key), + "Common ECC public key structure does not match secp256k1 (Koblitz 256-bit) one."); + + +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp256k1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_secp256k1_private_key_t), + .private_key_size = sizeof(nrf_crypto_backend_secp256k1_public_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP256K1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP256K1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP256K1_RAW_PUBLIC_KEY_SIZE, + //lint -save -e611 -e546 (Suspicious cast, Suspicious use of &) + .p_backend_data = (void *)&uECC_secp256k1, + //lint -restore +}; + +#endif + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.h new file mode 100644 index 0000000..cafa506 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.h @@ -0,0 +1,303 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MICRO_ECC_BACKEND_ECC_H__ +#define MICRO_ECC_BACKEND_ECC_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#include <stdint.h> +#include <stdbool.h> +#include "nrf_crypto_ecc_shared.h" +#include "uECC.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +/** @internal See @ref nrf_crypto_backend_ecc_key_pair_generate_fn_t. + */ +ret_code_t nrf_crypto_backend_micro_ecc_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_calculate_fn_t. +*/ +ret_code_t nrf_crypto_backend_micro_ecc_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key); + + +/** @internal See @ref nrf_crypto_backend_ecc_private_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_micro_ecc_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_private_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_micro_ecc_private_key_to_raw( + void const * p_private_key, + uint8_t * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_micro_ecc_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_micro_ecc_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data); + + +/** @internal @brief Represents common uECC backend key structure. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + uint32_t key[1]; /**< @internal @brief micro-ecc specific key representation */ +} nrf_crypto_backend_micro_ecc_common_key_t; + + +/** @internal @brief Callback RNG function that can be provided to uECC API. + * @param dest Destination buffer. + * @param size Size of the buffer. + * @return 1 on success, 0 on error. + */ +int nrf_crypto_backend_micro_ecc_rng_callback(uint8_t * dest, unsigned size); + + +/** @internal @brief Gets uECC type based on provided key. + * @param p_key uECC backend key (public or private). + * @return uECC specific value representing a curve. + */ +uECC_Curve nrf_crypto_backend_micro_ecc_curve_get( + nrf_crypto_backend_micro_ecc_common_key_t const * p_key); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP192R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP192R1) +#error "More than one backend enabled for secp192r1 (NIST 192-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP192R1_ENABLED 1 + +/** @internal @brief Structure holding private key for secp192r1 (NIST 192-bit) in micro-ecc. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + uint32_t key[192 / 32]; /**< @internal @brief micro-ecc specific key representation */ +} nrf_crypto_backend_secp192r1_private_key_t; + +/** @internal @brief Structure holding public key for secp192r1 (NIST 192-bit) in micro-ecc. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + uint32_t key[2 * 192 / 32]; /**< @internal @brief micro-ecc specific key representation */ +} nrf_crypto_backend_secp192r1_public_key_t; + +// Aliases for one common micro-ecc implementation +#define nrf_crypto_backend_secp192r1_key_pair_generate nrf_crypto_backend_micro_ecc_key_pair_generate +#define nrf_crypto_backend_secp192r1_public_key_calculate nrf_crypto_backend_micro_ecc_public_key_calculate +#define nrf_crypto_backend_secp192r1_private_key_from_raw nrf_crypto_backend_micro_ecc_private_key_from_raw +#define nrf_crypto_backend_secp192r1_private_key_to_raw nrf_crypto_backend_micro_ecc_private_key_to_raw +#define nrf_crypto_backend_secp192r1_public_key_from_raw nrf_crypto_backend_micro_ecc_public_key_from_raw +#define nrf_crypto_backend_secp192r1_public_key_to_raw nrf_crypto_backend_micro_ecc_public_key_to_raw +#define nrf_crypto_backend_secp192r1_private_key_free NULL +#define nrf_crypto_backend_secp192r1_public_key_free NULL +#define NRF_CRYPTO_BACKEND_SECP192R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP192R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp192r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp192r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP192R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP224R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP224R1) +#error "More than one backend enabled for secp224r1 (NIST 224-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP224R1_ENABLED 1 + +/** @internal @brief Structure holding private key for secp224r1 (NIST 224-bit) in micro-ecc. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + uint32_t key[224 / 32]; /**< @internal @brief micro-ecc specific key representation */ +} nrf_crypto_backend_secp224r1_private_key_t; + +/** @internal @brief Structure holding public key for secp224r1 (NIST 224-bit) in micro-ecc. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + uint32_t key[2 * 224 / 32]; /**< @internal @brief micro-ecc specific key representation */ +} nrf_crypto_backend_secp224r1_public_key_t; + +// Aliases for one common micro-ecc implementation +#define nrf_crypto_backend_secp224r1_key_pair_generate nrf_crypto_backend_micro_ecc_key_pair_generate +#define nrf_crypto_backend_secp224r1_public_key_calculate nrf_crypto_backend_micro_ecc_public_key_calculate +#define nrf_crypto_backend_secp224r1_private_key_from_raw nrf_crypto_backend_micro_ecc_private_key_from_raw +#define nrf_crypto_backend_secp224r1_private_key_to_raw nrf_crypto_backend_micro_ecc_private_key_to_raw +#define nrf_crypto_backend_secp224r1_public_key_from_raw nrf_crypto_backend_micro_ecc_public_key_from_raw +#define nrf_crypto_backend_secp224r1_public_key_to_raw nrf_crypto_backend_micro_ecc_public_key_to_raw +#define nrf_crypto_backend_secp224r1_private_key_free NULL +#define nrf_crypto_backend_secp224r1_public_key_free NULL +#define NRF_CRYPTO_BACKEND_SECP224R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP224R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp224r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp224r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP256R1) +#error "More than one backend enabled for secp256r1 (NIST 256-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP256R1_ENABLED 1 + +/** @internal @brief Structure holding private key for secp256r1 (NIST 256-bit) in micro-ecc. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + uint32_t key[256 / 32]; /**< @internal @brief micro-ecc specific key representation */ +} nrf_crypto_backend_secp256r1_private_key_t; + +/** @internal @brief Structure holding public key for secp256r1 (NIST 256-bit) in micro-ecc. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + uint32_t key[2 * 256 / 32]; /**< @internal @brief micro-ecc specific key representation */ +} nrf_crypto_backend_secp256r1_public_key_t; + +// Aliases for one common micro-ecc implementation +#define nrf_crypto_backend_secp256r1_key_pair_generate nrf_crypto_backend_micro_ecc_key_pair_generate +#define nrf_crypto_backend_secp256r1_public_key_calculate nrf_crypto_backend_micro_ecc_public_key_calculate +#define nrf_crypto_backend_secp256r1_private_key_from_raw nrf_crypto_backend_micro_ecc_private_key_from_raw +#define nrf_crypto_backend_secp256r1_private_key_to_raw nrf_crypto_backend_micro_ecc_private_key_to_raw +#define nrf_crypto_backend_secp256r1_public_key_from_raw nrf_crypto_backend_micro_ecc_public_key_from_raw +#define nrf_crypto_backend_secp256r1_public_key_to_raw nrf_crypto_backend_micro_ecc_public_key_to_raw +#define nrf_crypto_backend_secp256r1_private_key_free NULL +#define nrf_crypto_backend_secp256r1_public_key_free NULL +#define NRF_CRYPTO_BACKEND_SECP256R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp256r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp256r1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256K1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP256K1) +#error "More than one backend enabled for secp256k1 (Koblitz 256-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP256K1_ENABLED 1 + +/** @internal @brief Structure holding private key for secp256k1 (Koblitz 256-bit) in micro-ecc. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + uint32_t key[256 / 32]; /**< @internal @brief micro-ecc specific key representation */ +} nrf_crypto_backend_secp256k1_private_key_t; + +/** @internal @brief Structure holding public key for secp256k1 (Koblitz 256-bit) in micro-ecc. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header */ + uint32_t key[2 * 256 / 32]; /**< @internal @brief micro-ecc specific key representation */ +} nrf_crypto_backend_secp256k1_public_key_t; + +// Aliases for one common micro-ecc implementation +#define nrf_crypto_backend_secp256k1_key_pair_generate nrf_crypto_backend_micro_ecc_key_pair_generate +#define nrf_crypto_backend_secp256k1_public_key_calculate nrf_crypto_backend_micro_ecc_public_key_calculate +#define nrf_crypto_backend_secp256k1_private_key_from_raw nrf_crypto_backend_micro_ecc_private_key_from_raw +#define nrf_crypto_backend_secp256k1_private_key_to_raw nrf_crypto_backend_micro_ecc_private_key_to_raw +#define nrf_crypto_backend_secp256k1_public_key_from_raw nrf_crypto_backend_micro_ecc_public_key_from_raw +#define nrf_crypto_backend_secp256k1_public_key_to_raw nrf_crypto_backend_micro_ecc_public_key_to_raw +#define nrf_crypto_backend_secp256k1_private_key_free NULL +#define nrf_crypto_backend_secp256k1_public_key_free NULL +#define NRF_CRYPTO_BACKEND_SECP256K1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256K1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp256k1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp256k1_public_key_calculate_context_t; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256K1) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#endif // MICRO_ECC_BACKEND_ECC_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdh.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdh.c new file mode 100644 index 0000000..a63307e --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdh.c @@ -0,0 +1,93 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#include <string.h> + +#include "nrf_crypto_ecc_shared.h" +#include "nrf_crypto_ecdh_shared.h" +#include "nrf_crypto_ecdh.h" +#include "nrf_crypto_shared.h" +#include "micro_ecc_backend_ecc.h" +#include "micro_ecc_backend_shared.h" +#include "uECC.h" + + +ret_code_t nrf_crypto_backend_micro_ecc_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret) +{ + int result; + + nrf_crypto_backend_micro_ecc_common_key_t const * p_prv = + (nrf_crypto_backend_micro_ecc_common_key_t const *)p_private_key; + nrf_crypto_backend_micro_ecc_common_key_t const * p_pub = + (nrf_crypto_backend_micro_ecc_common_key_t const *)p_public_key; + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + uECC_Curve p_micro_ecc_curve = nrf_crypto_backend_micro_ecc_curve_get(p_prv); + + result = uECC_shared_secret((uint8_t const *)(&p_pub->key[0]), + (uint8_t const *)(&p_prv->key[0]), + p_shared_secret, + p_micro_ecc_curve); + +#if ECC_BACKEND_SWAP_BYTES + nrf_crypto_internal_swap_endian_in_place(p_shared_secret, p_info->raw_private_key_size); +#else + UNUSED_PARAMETER(p_info); +#endif + + if (result == 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdh.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdh.h new file mode 100644 index 0000000..cdf366b --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdh.h @@ -0,0 +1,105 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MICRO_ECC_BACKEND_ECDH_H__ +#define MICRO_ECC_BACKEND_ECDH_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_ecdh_shared.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +/** @internal See @ref nrf_crypto_backend_ecdh_compute_fn_t. + */ +ret_code_t nrf_crypto_backend_micro_ecc_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP192R1) +// Aliases for one common MICRO_ECC implementation +#define nrf_crypto_backend_secp192r1_ecdh_compute nrf_crypto_backend_micro_ecc_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp192r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP192R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP192R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP224R1) +// Aliases for one common MICRO_ECC implementation +#define nrf_crypto_backend_secp224r1_ecdh_compute nrf_crypto_backend_micro_ecc_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp224r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP224R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP224R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1) +// Aliases for one common MICRO_ECC implementation +#define nrf_crypto_backend_secp256r1_ecdh_compute nrf_crypto_backend_micro_ecc_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp256r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP256R1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256K1) +// Aliases for one common MICRO_ECC implementation +#define nrf_crypto_backend_secp256k1_ecdh_compute nrf_crypto_backend_micro_ecc_ecdh_compute +typedef uint32_t nrf_crypto_backend_secp256k1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP256K1_ECDH_CONTEXT_SIZE 0 +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256K1) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#endif // MICRO_ECC_BACKEND_ECDH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdsa.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdsa.c new file mode 100644 index 0000000..f72e6dc --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdsa.c @@ -0,0 +1,166 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#include <stdint.h> +#include <stdbool.h> +#include <string.h> + +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_ecdsa.h" +#include "nrf_crypto_shared.h" +#include "nrf_crypto_mem.h" +#include "micro_ecc_backend_ecc.h" +#include "micro_ecc_backend_shared.h" +#include "uECC.h" + + +ret_code_t nrf_crypto_backend_micro_ecc_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature) +{ + int result; + + nrf_crypto_backend_micro_ecc_common_key_t const * p_prv = + (nrf_crypto_backend_micro_ecc_common_key_t const *)p_private_key; + + uECC_Curve p_micro_ecc_curve = nrf_crypto_backend_micro_ecc_curve_get(p_prv); + +#if ECC_BACKEND_SWAP_BYTES + + nrf_crypto_ecc_curve_info_t const * p_info = p_prv->header.p_info; + + size_t hash_size = MIN(data_size, p_info->raw_private_key_size); + uint8_t hash_le[NRF_CRYPTO_ECC_RAW_PRIVATE_KEY_MAX_SIZE]; + + nrf_crypto_internal_swap_endian(hash_le, p_data, hash_size); + + uECC_set_rng(nrf_crypto_backend_micro_ecc_rng_callback); + + result = uECC_sign((uint8_t const *)(&p_prv->key[0]), + hash_le, + hash_size, + p_signature, + p_micro_ecc_curve); + + nrf_crypto_internal_double_swap_endian_in_place(p_signature, p_info->raw_private_key_size); + +#else + + uECC_set_rng(nrf_crypto_backend_micro_ecc_rng_callback); + + result = uECC_sign((uint8_t const *)(&p_prv->key[0]), + p_data, + data_size, + p_signature, + p_micro_ecc_curve); + +#endif + + if (result == 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_micro_ecc_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature) +{ + int result; + + nrf_crypto_backend_micro_ecc_common_key_t const * p_pub = + (nrf_crypto_backend_micro_ecc_common_key_t const *)p_public_key; + + uECC_Curve p_micro_ecc_curve = nrf_crypto_backend_micro_ecc_curve_get(p_pub); + +#if ECC_BACKEND_SWAP_BYTES + + nrf_crypto_ecc_curve_info_t const * p_info = p_pub->header.p_info; + + size_t hash_size = MIN(data_size, p_info->raw_private_key_size); + uint8_t hash_le [NRF_CRYPTO_ECC_RAW_PRIVATE_KEY_MAX_SIZE]; + uint8_t signature_le[NRF_CRYPTO_ECDSA_SIGNATURE_MAX_SIZE]; + + nrf_crypto_internal_swap_endian(hash_le, p_data, hash_size); + + nrf_crypto_internal_double_swap_endian(signature_le, + p_signature, + p_info->raw_private_key_size); + + result = uECC_verify((uint8_t const *)(&p_pub->key[0]), + hash_le, + hash_size, + signature_le, + p_micro_ecc_curve); + +#else + + result = uECC_verify((uint8_t const *)(&p_pub->key[0]), + p_data, + data_size, + p_signature, + p_micro_ecc_curve); + +#endif + + if (result == 0) + { + return NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE; + } + + return NRF_SUCCESS; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdsa.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdsa.h new file mode 100644 index 0000000..a52d193 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdsa.h @@ -0,0 +1,124 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MICRO_ECC_BACKEND_ECDSA_H__ +#define MICRO_ECC_BACKEND_ECDSA_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#include "nrf_crypto_ecc_shared.h" +#include "nrf_crypto_ecdsa_shared.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +/** @internal See @ref nrf_crypto_backend_ecdsa_sign_fn_t. + */ +ret_code_t nrf_crypto_backend_micro_ecc_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature); + + +/** @internal See @ref nrf_crypto_backend_ecdsa_verify_fn_t. + */ +ret_code_t nrf_crypto_backend_micro_ecc_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP192R1) +#define NRF_CRYPTO_BACKEND_SECP192R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP192R1_VERIFY_CONTEXT_SIZE 0 +typedef uint32_t nrf_crypto_backend_secp192r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp192r1_verify_context_t; +#define nrf_crypto_backend_secp192r1_sign nrf_crypto_backend_micro_ecc_sign +#define nrf_crypto_backend_secp192r1_verify nrf_crypto_backend_micro_ecc_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP224R1) +#define NRF_CRYPTO_BACKEND_SECP224R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP224R1_VERIFY_CONTEXT_SIZE 0 +typedef uint32_t nrf_crypto_backend_secp224r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp224r1_verify_context_t; +#define nrf_crypto_backend_secp224r1_sign nrf_crypto_backend_micro_ecc_sign +#define nrf_crypto_backend_secp224r1_verify nrf_crypto_backend_micro_ecc_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1) +#define NRF_CRYPTO_BACKEND_SECP256R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256R1_VERIFY_CONTEXT_SIZE 0 +typedef uint32_t nrf_crypto_backend_secp256r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp256r1_verify_context_t; +#define nrf_crypto_backend_secp256r1_sign nrf_crypto_backend_micro_ecc_sign +#define nrf_crypto_backend_secp256r1_verify nrf_crypto_backend_micro_ecc_verify +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256K1) +#define NRF_CRYPTO_BACKEND_SECP256K1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256K1_VERIFY_CONTEXT_SIZE 0 +typedef uint32_t nrf_crypto_backend_secp256k1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp256k1_verify_context_t; +#define nrf_crypto_backend_secp256k1_sign nrf_crypto_backend_micro_ecc_sign +#define nrf_crypto_backend_secp256k1_verify nrf_crypto_backend_micro_ecc_verify +#endif + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#endif // MICRO_ECC_BACKEND_ECDSA_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_shared.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_shared.h new file mode 100644 index 0000000..019f280 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_shared.h @@ -0,0 +1,67 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef MICRO_ECC_BACKEND_SHARED_H__ +#define MICRO_ECC_BACKEND_SHARED_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#include "uECC.h" + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC_LITTLE_ENDIAN) +#define ECC_BACKEND_SWAP_BYTES (!uECC_VLI_NATIVE_LITTLE_ENDIAN) +#else +#define ECC_BACKEND_SWAP_BYTES uECC_VLI_NATIVE_LITTLE_ENDIAN +#endif + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_MICRO_ECC) + +#endif // MICRO_ECC_BACKEND_ECDSA_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_init.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_init.c new file mode 100644 index 0000000..d202f35 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_init.c @@ -0,0 +1,95 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) + +#include "nrf.h" +#include "nrf_crypto_init.h" +#include "nrf_crypto_rng.h" + + +static ret_code_t nrf_hw_backend_init(void) +{ +#if defined(NRF_CRYPTO_RNG_AUTO_INIT_ENABLED) && (NRF_CRYPTO_RNG_AUTO_INIT_ENABLED == 1) + + uint32_t ret_val; + ret_val = nrf_crypto_rng_init(NULL, NULL); + return ret_val; + +#elif defined(NRF_CRYPTO_RNG_AUTO_INIT_ENABLED) && (NRF_CRYPTO_RNG_AUTO_INIT_ENABLED == 0) + + return NRF_SUCCESS; + +#else + + #warning NRF_CRYPTO_RNG_AUTO_INIT_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?). + +#endif // NRF_CRYPTO_RNG_AUTO_INIT_ENABLED +} + + +static ret_code_t nrf_hw_backend_uninit(void) +{ +#if defined(NRF_CRYPTO_RNG_AUTO_INIT_ENABLED) && (NRF_CRYPTO_RNG_AUTO_INIT_ENABLED == 1) + + uint32_t ret_val; + ret_val = nrf_crypto_rng_uninit(); + return ret_val; + +#elif defined(NRF_CRYPTO_RNG_AUTO_INIT_ENABLED) && (NRF_CRYPTO_RNG_AUTO_INIT_ENABLED == 0) + + return NRF_SUCCESS; + +#else + + #warning NRF_CRYPTO_RNG_AUTO_INIT_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?). + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_RNG_AUTO_INIT) +} + + +CRYPTO_BACKEND_REGISTER(nrf_crypto_backend_info_t const nrf_hw_backend) = +{ + .init_fn = nrf_hw_backend_init, + .uninit_fn = nrf_hw_backend_uninit +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng.c new file mode 100644 index 0000000..e8331e1 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng.c @@ -0,0 +1,101 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) && \ + !NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG) + +#include "nrf_crypto_rng.h" +#include "nrf_drv_rng.h" + + +ret_code_t nrf_crypto_rng_backend_init(void * const p_context, + void * const p_temp_buffer) +{ + ret_code_t ret_val; + + UNUSED_PARAMETER(p_context); + UNUSED_PARAMETER(p_temp_buffer); + + ret_val = nrf_drv_rng_init(NULL); + + return ret_val; +} + + +ret_code_t nrf_crypto_rng_backend_uninit(void * const p_context) +{ + UNUSED_PARAMETER(p_context); + + nrf_drv_rng_uninit(); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_rng_backend_vector_generate(void * const p_context, + uint8_t * const p_target, + size_t size, + bool use_mutex) +{ + UNUSED_PARAMETER(use_mutex); + UNUSED_PARAMETER(p_context); + + nrf_drv_rng_block_rand(p_target, size); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_rng_backend_reseed(void * const p_context, + void * p_temp_buffer, + uint8_t * p_input_data, + size_t size) +{ + UNUSED_PARAMETER(p_context); + UNUSED_PARAMETER(p_temp_buffer); + UNUSED_PARAMETER(p_input_data); + UNUSED_PARAMETER(size); + + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; +} + +#endif //NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) && !NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng.h new file mode 100644 index 0000000..fcf6b8d --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng.h @@ -0,0 +1,104 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef NRF_HW_BACKEND_RNG_H__ +#define NRF_HW_BACKEND_RNG_H__ + +/** @file + * + * @defgroup nrf_crypto_nrf_hw_backend_rng nrf_crypto HW RNG backend + * @{ + * @ingroup nrf_crypto_backends + * + * @brief RNG functionality provided by the nrf_crypto nRF HW RNG backend. + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) && \ + !NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG) + +#if !NRF_MODULE_ENABLED(RNG) +#error Enable RNG_ENABLED in sdk_config.h. +#endif + +#if !NRFX_RNG_CONFIG_ERROR_CORRECTION +#error Enable NRFX_RNG_CONFIG_ERROR_CORRECTION and RNG_CONFIG_ERROR_CORRECTION in sdk_config.h. +#endif + +#include "nrf_crypto_rng_shared.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_RNG) +#error "More than one RNG backend enabled." +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_RNG) +#define NRF_CRYPTO_RNG_ENABLED 1 + + +/** + * @internal @brief Context for nRF RNG peripheral. + */ +typedef struct +{ + nrf_crypto_rng_internal_context_t header; //!< Internal common context header. +} nrf_crypto_backend_rng_context_t; + +/** + * @internal @brief Dummy temp buffer for nRF RNG peripheral. + */ +typedef struct +{ + uint32_t reserved; +} nrf_crypto_backend_rng_temp_buffer_t; + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) && !NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG) + +/**@} */ + +#endif // NRF_HW_BACKEND_RNG_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng_mbedtls.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng_mbedtls.c new file mode 100644 index 0000000..649904b --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng_mbedtls.c @@ -0,0 +1,168 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) && \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG) + +#include "nrf_crypto_rng.h" +#include "nrf_drv_rng.h" +#include "nrf_hw_backend_rng_mbedtls.h" + + +// Function to convert mbedtls error codes to ret_code_t. +static ret_code_t result_get(int mbedtls_ret_val) +{ + ret_code_t ret_val; + switch (mbedtls_ret_val) + { + case 0: + ret_val = NRF_SUCCESS; + break; + + case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG: + ret_val = NRF_ERROR_CRYPTO_INPUT_LENGTH; + break; + + case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG: + ret_val = NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + break; + + case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED: + default: + ret_val = NRF_ERROR_CRYPTO_INTERNAL; + break; + } + + return ret_val; +} + + +// Callback function used by mbed TLS to seed and reseed. +static int entropy_callback(void * p_entropy, unsigned char * p_buffer, size_t size) +{ + UNUSED_PARAMETER(p_entropy); + + nrf_drv_rng_block_rand(p_buffer, size); + + return 0; +} + + +ret_code_t nrf_crypto_rng_backend_init(void * const p_context, void * const p_temp_buffer) +{ + ret_code_t ret_val; + int mbedtls_ret_val; + mbedtls_ctr_drbg_context * p_mbedtls_context = + &((nrf_crypto_backend_rng_context_t *)p_context)->mbedtls_context; + + UNUSED_PARAMETER(p_temp_buffer); + + ret_val = nrf_drv_rng_init(NULL); + + if (ret_val != NRF_SUCCESS) + { + return ret_val; + } + + mbedtls_ctr_drbg_init(p_mbedtls_context); + + // Initial seeding. The nrf_crypto_rng API does not support additional entropy in the initial + // seeding. Additional entropy can be provided using nrf_crypto_rng_backend_reseed(), + // which calls mbedtls_ctr_drbg_reseed(). + mbedtls_ret_val = mbedtls_ctr_drbg_seed(p_mbedtls_context, + entropy_callback, + NULL, + NULL, + 0); + + ret_val = result_get(mbedtls_ret_val); + + return ret_val; +} + + +ret_code_t nrf_crypto_rng_backend_uninit(void * const p_context) +{ + mbedtls_ctr_drbg_context * p_mbedtls_context = + &((nrf_crypto_backend_rng_context_t *)p_context)->mbedtls_context; + + mbedtls_ctr_drbg_free(p_mbedtls_context); + nrf_drv_rng_uninit(); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_rng_backend_vector_generate(void * const p_context, + uint8_t * const p_target, + size_t size, + bool use_mutex) +{ + int mbedtls_ret_val; + mbedtls_ctr_drbg_context * p_mbedtls_context = + &((nrf_crypto_backend_rng_context_t *)p_context)->mbedtls_context; + + UNUSED_PARAMETER(use_mutex); + + mbedtls_ret_val = mbedtls_ctr_drbg_random(p_mbedtls_context, p_target, size); + + return result_get(mbedtls_ret_val); +} + + +ret_code_t nrf_crypto_rng_backend_reseed(void * const p_context, + void * p_temp_buffer, + uint8_t * p_input_data, + size_t size) +{ + int mbedtls_ret_val; + mbedtls_ctr_drbg_context * p_mbedtls_context = + &((nrf_crypto_backend_rng_context_t *)p_context)->mbedtls_context; + + UNUSED_PARAMETER(p_temp_buffer); + + mbedtls_ret_val = mbedtls_ctr_drbg_reseed(p_mbedtls_context, p_input_data, size); + + return result_get(mbedtls_ret_val); +} + +#endif //NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng_mbedtls.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng_mbedtls.h new file mode 100644 index 0000000..53daba0 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_hw/nrf_hw_backend_rng_mbedtls.h @@ -0,0 +1,108 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef NRF_HW_BACKEND_RNG_MBEDTLS_H__ +#define NRF_HW_BACKEND_RNG_MBEDTLS_H__ + +/** @file + * + * @defgroup nrf_crypto_nrf_hw_backend_rng_mbedtls nrf_crypto HW RNG backend using mbedtls CTR-DRBG + * @{ + * @ingroup nrf_crypto_nrf_hw_backend_rng + * + * @brief RNG functionality provided by the nrf_crypto nRF HW RNG backend and mbedtls CTR-DRBG. + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) && \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG) + +#if !NRF_MODULE_ENABLED(RNG) +#error Enable RNG_ENABLED in sdk_config.h. +#endif + +#if !NRFX_RNG_CONFIG_ERROR_CORRECTION +#error Enable NRFX_RNG_CONFIG_ERROR_CORRECTION and RNG_CONFIG_ERROR_CORRECTION in sdk_config.h. +#endif + +/*lint -save -e????*/ +#include "mbedtls/ctr_drbg.h" +/*lint -restore*/ +#include "nrf_crypto_rng_shared.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_RNG) +#error "More than one RNG backend enabled." +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_RNG) +#define NRF_CRYPTO_RNG_ENABLED 1 + + +/** + * @internal @brief Context for nRF RNG peripheral with mbed tls CTR-DRBG. + */ +typedef struct +{ + nrf_crypto_rng_internal_context_t header; //!< Internal common context header. + mbedtls_ctr_drbg_context mbedtls_context; //!< mbed TLS CTR-DRBG context. +} nrf_crypto_backend_rng_context_t; + +/** + * @internal @brief Dummy temp buffer for nRF RNG peripheral with mbed tls CTR-DRBG. + */ +typedef struct +{ + uint32_t reserved; +} nrf_crypto_backend_rng_temp_buffer_t; + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG) + +/**@} */ + +#endif // NRF_HW_BACKEND_RNG_MBEDTLS_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_sw/nrf_sw_backend_hash.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_sw/nrf_sw_backend_hash.c new file mode 100644 index 0000000..1360662 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_sw/nrf_sw_backend_hash.c @@ -0,0 +1,149 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_SW) + +#include "nrf_sw_backend_hash.h" +#include "sha256.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_hash_shared.h" +#include "sdk_macros.h" +#include "nrf_log.h" +#include "nrf_assert.h" + +#if defined(NRF_CRYPTO_BACKEND_NRF_SW_HASH_LITTLE_ENDIAN_DIGEST_ENABLED) && \ + (NRF_CRYPTO_BACKEND_NRF_SW_HASH_LITTLE_ENDIAN_DIGEST_ENABLED == 1) + + #define LITTLE_ENDIAN_HASH (true) + +#elif defined(NRF_CRYPTO_BACKEND_NRF_SW_HASH_LITTLE_ENDIAN_DIGEST_ENABLED) && \ + (NRF_CRYPTO_BACKEND_NRF_SW_HASH_LITTLE_ENDIAN_DIGEST_ENABLED == 0) + + #define LITTLE_ENDIAN_HASH (false) + +#else + + #define LITTLE_ENDIAN_HASH (false) + + #warning NRF_CRYPTO_BACKEND_NRF_SW_HASH_LITTLE_ENDIAN_DIGEST define not found in sdk_config.h (Is the sdk_config.h valid?). + +#endif + +static ret_code_t nrf_sw_backend_hash_sha256_init(void * const p_context) +{ + ret_code_t ret_val; + + // No parameter testing on this level. + // This has been done on upper level. + + sha256_context_t * p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *) p_context)->context); + + ret_val = sha256_init(p_backend_context); + + return ret_val; +} + +static uint32_t nrf_sw_backend_hash_sha256_update(void * const p_context, + uint8_t const * p_data, + size_t len) +{ + ret_code_t ret_val; + + // Limited parameter testing on this level. + // This has been done on upper level. + + sha256_context_t * p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t * ) p_context)->context); + + ret_val = sha256_update(p_backend_context, p_data, len); + + return ret_val; +} + + +static uint32_t nrf_sw_backend_hash_sha256_finalize(void * const p_context, + uint8_t * p_digest, + size_t * const p_digest_len) +{ + ret_code_t ret_val; + + // Limited parameter testing on this level. + // This has been done on upper level. + + sha256_context_t * p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t * )p_context)->context); + + if (NRF_CRYPTO_HASH_SIZE_SHA256 > *p_digest_len) + { + return NRF_ERROR_CRYPTO_OUTPUT_LENGTH; + } + + + ret_val = sha256_final(p_backend_context, p_digest, LITTLE_ENDIAN_HASH); + + if (ret_val != NRF_SUCCESS) + { + return ret_val; + } + + *p_digest_len = NRF_CRYPTO_HASH_SIZE_SHA256; + + return NRF_SUCCESS; + +} + + +const nrf_crypto_hash_info_t g_nrf_crypto_hash_sha256_info = +{ + .init_fn = nrf_sw_backend_hash_sha256_init, + .update_fn = nrf_sw_backend_hash_sha256_update, + .finalize_fn = nrf_sw_backend_hash_sha256_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA256, + .context_size = sizeof(nrf_crypto_backend_hash_sha256_context_t), + .hash_mode = NRF_CRYPTO_HASH_MODE_SHA256 +}; + + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_SW) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_sw/nrf_sw_backend_hash.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_sw/nrf_sw_backend_hash.h new file mode 100644 index 0000000..b5c025c --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/nrf_sw/nrf_sw_backend_hash.h @@ -0,0 +1,99 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef NRF_SW_BACKEND_HASH_H__ +#define NRF_SW_BACKEND_HASH_H__ + +/** @file + * + * @defgroup nrf_crypto_nrf_sw_backend_hash nrf_crypto nRF SW backend hash + * @{ + * @ingroup nrf_crypto_nrf_sw_backend + * + * @brief Legacy hash functionality for bootloader use in nRFx devices + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_SW) + +#include "sha256.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_hash_shared.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_SW_HASH_SHA256) + +// Flag that nrf_crypto_hash frontend can be compiled +#undef NRF_CRYPTO_HASH_ENABLED +#define NRF_CRYPTO_HASH_ENABLED 1 + +// Duplicate backend enabled test for SHA-256 +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HASH_SHA256) +#error "Duplicate definition of SHA-256. More than one backend enabled"); +#endif + +// Flag that SHA-256 is enabled in backend +#define NRF_CRYPTO_HASH_SHA256_ENABLED 1 + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_SW_HASH_SHA256) + + +/**@brief nrf_crypto_hash context for SHA-256 in nrf_crypto nrf_sw backend. */ +typedef struct +{ + nrf_crypto_hash_internal_context_t header; /**< Common header for context. */ + sha256_context_t context; /**< Hash context internal to nrf_sw. */ +} nrf_crypto_backend_hash_sha256_context_t; + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_NRF_SW) + +/**@} */ + +#endif // NRF_SW_BACKEND_HASH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_chacha_poly_aead.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_chacha_poly_aead.c new file mode 100644 index 0000000..14588d8 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_chacha_poly_aead.c @@ -0,0 +1,153 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +#include <stdbool.h> +#include "oberon_backend_chacha_poly_aead.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_OBERON_CHACHA_POLY_AEAD) + +static ret_code_t backend_cc310_init(void * const p_context, uint8_t * p_key) +{ + nrf_crypto_backend_chacha_poly_context_t * p_ctx = + (nrf_crypto_backend_chacha_poly_context_t *)p_context; + + + if (p_ctx->header.p_info->key_size != NRF_CRYPTO_KEY_SIZE_256) + { + return NRF_ERROR_CRYPTO_KEY_SIZE; + } + + memcpy(p_ctx->key, p_key, sizeof(p_ctx->key)); + + return NRF_SUCCESS; +} + +static inline ret_code_t backend_cc310_uninit(void * const p_context) +{ + return NRF_SUCCESS; +} + +static ret_code_t backend_cc310_crypt(void * const p_context, + nrf_crypto_operation_t operation, + uint8_t * p_nonce, + uint8_t nonce_size, + uint8_t * p_adata, + size_t adata_size, + uint8_t * p_data_in, + size_t data_in_size, + uint8_t * p_data_out, + uint8_t * p_mac, + uint8_t mac_size) + +{ + int result; + + nrf_crypto_backend_chacha_poly_context_t * p_ctx = + (nrf_crypto_backend_chacha_poly_context_t *)p_context; + + if ((adata_size == 0) || (data_in_size == 0)) + { + return NRF_ERROR_CRYPTO_INPUT_LENGTH; + } + + if (mac_size != NRF_CRYPTO_CHACHA_POLY_MAC_SIZE) + { + return NRF_ERROR_CRYPTO_AEAD_MAC_SIZE; + } + + if (nonce_size != NRF_CRYPTO_CHACHA_POLY_NONCE_SIZE) + { + return NRF_ERROR_CRYPTO_AEAD_NONCE_SIZE; + } + + if (operation == NRF_CRYPTO_ENCRYPT) + { + occ_chacha20_poly1305_encrypt_aad(p_mac, + p_data_out, + p_data_in, + data_in_size, + p_adata, + adata_size, + p_nonce, + (size_t)nonce_size, + p_ctx->key); + } + else if (operation == NRF_CRYPTO_DECRYPT) + { + result = occ_chacha20_poly1305_decrypt_aad(p_mac, + p_data_out, + p_data_in, + data_in_size, + p_adata, + adata_size, + p_nonce, + (size_t)nonce_size, + p_ctx->key); + + if (result != 0) + { + return NRF_ERROR_CRYPTO_AEAD_INVALID_MAC; + } + } + else + { + return NRF_ERROR_CRYPTO_INVALID_PARAM; + } + + return NRF_SUCCESS; +} + +nrf_crypto_aead_info_t const g_nrf_crypto_chacha_poly_256_info = +{ + .key_size = NRF_CRYPTO_KEY_SIZE_256, + .mode = NRF_CRYPTO_AEAD_MODE_CHACHA_POLY, + + .init_fn = backend_cc310_init, + .uninit_fn = backend_cc310_uninit, + .crypt_fn = backend_cc310_crypt +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_CC310_CHACHA_POLY_AEAD) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_chacha_poly_aead.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_chacha_poly_aead.h new file mode 100644 index 0000000..990db3e --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_chacha_poly_aead.h @@ -0,0 +1,100 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef OBERON_BACKEND_CHACHA_POLY_AEAD_H__ +#define OBERON_BACKEND_CHACHA_POLY_AEAD_H__ + +/** @file + * + * @defgroup nrf_crypto_oberon_backend_chacha_poly_aead nrf_crypto Oberon backend CHACHA_POLY AEAD + * @{ + * @ingroup nrf_crypto_oberon_backend + * + * @brief AES AEAD functionality provided by the nrf_crypto Oberon backend. + */ + +#include "sdk_config.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include "nrf_crypto_aead_shared.h" +#include "occ_chacha20_poly1305.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" + + +#ifdef __cplusplus +extern "C" { +#endif + +#define NRF_CRYPTO_OBERON_CHACHA_POLY_BACKEND_KEY_SIZE (32) + +/* CHACHA-POLY */ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_CHACHA_POLY) +#if NRF_MODULE_ENABLED(NRF_CRYPTO_CHACHA_POLY) +#error "Duplicate definition of CHACHA-POLY mode. More than one backend enabled"); +#endif +#define NRF_CRYPTO_CHACHA_POLY_ENABLED 1 +#undef NRF_CRYPTO_AEAD_ENABLED +#define NRF_CRYPTO_AEAD_ENABLED 1 // Flag that nrf_crypto_aead frontend can be compiled +#undef NRF_CRYPTO_OBERON_CHACHA_POLY_AEAD_ENABLED +#define NRF_CRYPTO_OBERON_CHACHA_POLY_AEAD_ENABLED 1 // aead backend for Oberon can be compiled + +/* defines for test purposes */ +#define NRF_CRYPTO_AES_CHACHA_POLY_256_ENABLED 1 + +typedef struct +{ + nrf_crypto_aead_internal_context_t header; /**< Common header for context. */ + + uint8_t key[NRF_CRYPTO_OBERON_CHACHA_POLY_BACKEND_KEY_SIZE]; +} nrf_crypto_backend_chacha_poly_context_t; +#endif + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +/** @} */ + +#endif // OBERON_BACKEND_CHACHA_POLY_AEAD_H__ + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecc.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecc.c new file mode 100644 index 0000000..ed8f510 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecc.c @@ -0,0 +1,458 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include <stdbool.h> +#include <string.h> +#include <stddef.h> + +#include "app_util.h" +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_mem.h" +#include "nrf_crypto_rng.h" +#include "nrf_crypto_shared.h" +#include "oberon_backend_ecc.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) +#include "occ_ecdh_p256.h" +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) +#include "occ_curve25519.h" +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) +#include "occ_ed25519.h" +#endif + + +/** @internal @brief Structure holding private key common to all curves implemented by the Oberon. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header. */ + uint8_t key[32]; /**< @internal @brief Raw key. */ +} nrf_crypto_backend_oberon_private_key_t; + + +/** @internal @brief Structure holding public key common to all curves implemented by the Oberon. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header. */ + uint8_t key[64]; /**< @internal @brief Raw key. */ +} nrf_crypto_backend_oberon_public_key_t; + + +/** @internal @brief Function to hold copy function (can be simple mem copy or copy with endian swap). + */ +typedef void (*copy_fn_t)(void * p_dest, void const * p_src, size_t size); + + +ret_code_t nrf_crypto_backend_oberon_private_key_to_raw( + void const * p_private_key, + uint8_t * p_raw_data) +{ + nrf_crypto_backend_oberon_private_key_t const * p_prv = + (nrf_crypto_backend_oberon_private_key_t const *)p_private_key; + + //lint -save -e611 (Suspicious cast) + copy_fn_t copy_fn = (copy_fn_t)p_prv->header.p_info->p_backend_data; + //lint -restore + + copy_fn(p_raw_data, p_prv->key, p_prv->header.p_info->raw_private_key_size); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_oberon_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data) +{ + nrf_crypto_backend_oberon_public_key_t * p_pub = + (nrf_crypto_backend_oberon_public_key_t *)p_public_key; + + //lint -save -e611 (Suspicious cast) + copy_fn_t copy_fn = (copy_fn_t)p_pub->header.p_info->p_backend_data; + //lint -restore + + copy_fn(p_pub->key, p_raw_data, p_pub->header.p_info->raw_public_key_size); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_oberon_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data) +{ + nrf_crypto_backend_oberon_public_key_t const * p_pub = + (nrf_crypto_backend_oberon_public_key_t const *)p_public_key; + + //lint -save -e611 (Suspicious cast) + copy_fn_t copy_fn = (copy_fn_t)p_pub->header.p_info->p_backend_data; + //lint -restore + + copy_fn(p_raw_data, p_pub->key, p_pub->header.p_info->raw_public_key_size); + + return NRF_SUCCESS; +} + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) \ + || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + + +ret_code_t nrf_crypto_backend_oberon_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data) +{ + nrf_crypto_backend_oberon_private_key_t * p_prv = + (nrf_crypto_backend_oberon_private_key_t *)p_private_key; + + //lint -save -e611 (Suspicious cast) + copy_fn_t copy_fn = (copy_fn_t)p_prv->header.p_info->p_backend_data; + //lint -restore + + copy_fn(p_prv->key, p_raw_data, p_prv->header.p_info->raw_private_key_size); + + return NRF_SUCCESS; +} + + +#endif //NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) \ + || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + + +static ret_code_t oberon_vector_generate(uint8_t * p_data, size_t size) +{ +#if defined(NRF_CRYPTO_RNG_ENABLED) && (NRF_CRYPTO_RNG_ENABLED == 1) + + return nrf_crypto_rng_vector_generate(p_data, size); + +#elif defined(NRF_CRYPTO_RNG_ENABLED) && (NRF_CRYPTO_RNG_ENABLED == 0) + + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; + +#else + + #warning NRF_CRYPTO_RNG_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?). + +#endif +} + + +#endif //NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + + +// Make sure that common key structure match secp256r1 key structure to safely cast types. +STATIC_ASSERT(offsetof(nrf_crypto_backend_oberon_private_key_t, key) == + offsetof(nrf_crypto_backend_secp256r1_private_key_t, key), + "Common Oberon private key structure does not match secp256r1 one."); +STATIC_ASSERT(offsetof(nrf_crypto_backend_oberon_public_key_t, key) == + offsetof(nrf_crypto_backend_secp256r1_public_key_t, key), + "Common Oberon public key structure does not match secp256r1 one."); + + +ret_code_t nrf_crypto_backend_oberon_ecc_secp256r1_rng(uint8_t data[32]) +{ +#if NRF_MODULE_ENABLED(NRF_CRYPTO_RNG) + + static const uint8_t min_value[32] = + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + }; + static const uint8_t max_value[32] = + { + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x50, + }; + return nrf_crypto_rng_vector_generate_in_range(data, min_value, max_value, 32); + +#else + return NRF_ERROR_CRYPTO_FEATURE_UNAVAILABLE; +#endif +} + + +ret_code_t nrf_crypto_backend_secp256r1_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key) +{ + int result; + + nrf_crypto_backend_secp256r1_private_key_t * p_prv = + (nrf_crypto_backend_secp256r1_private_key_t *)p_private_key; + + nrf_crypto_backend_secp256r1_public_key_t * p_pub = + (nrf_crypto_backend_secp256r1_public_key_t *)p_public_key; + + result = nrf_crypto_backend_oberon_ecc_secp256r1_rng(p_prv->key); + + if (result != NRF_SUCCESS) + { + return result; + } + + result = occ_ecdh_p256_public_key(p_pub->key, p_prv->key); + + if (result != 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_secp256r1_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key) +{ + int result; + + nrf_crypto_backend_secp256r1_private_key_t const * p_prv = + (nrf_crypto_backend_secp256r1_private_key_t const *)p_private_key; + + nrf_crypto_backend_secp256r1_public_key_t * p_pub = + (nrf_crypto_backend_secp256r1_public_key_t *)p_public_key; + + result = occ_ecdh_p256_public_key(p_pub->key, p_prv->key); + + if (result != 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + + +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_secp256r1_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_secp256r1_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_secp256r1_private_key_t), + .curve_type = NRF_CRYPTO_ECC_SECP256R1_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_SECP256R1_RAW_PUBLIC_KEY_SIZE, + //lint -save -e611 -e546 (Suspicious cast, Suspicious use of &) + .p_backend_data = (void *)&memcpy, + //lint -restore +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + + +// Make sure that common key structure match Curve25519 key structure to safely cast types. +STATIC_ASSERT(offsetof(nrf_crypto_backend_oberon_private_key_t, key) == + offsetof(nrf_crypto_backend_curve25519_private_key_t, key), + "Common Oberon private key structure does not match Curve25519 one."); +STATIC_ASSERT(offsetof(nrf_crypto_backend_oberon_public_key_t, key) == + offsetof(nrf_crypto_backend_curve25519_public_key_t, key), + "Common Oberon public key structure does not match Curve25519 one."); + + +ret_code_t nrf_crypto_backend_curve25519_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key) +{ + ret_code_t result; + + nrf_crypto_backend_curve25519_private_key_t * p_prv = + (nrf_crypto_backend_curve25519_private_key_t *)p_private_key; + + nrf_crypto_backend_curve25519_public_key_t * p_pub = + (nrf_crypto_backend_curve25519_public_key_t *)p_public_key; + + result = oberon_vector_generate(p_prv->key, sizeof(p_prv->key)); + + if (result != NRF_SUCCESS) + { + return result; + } + + p_prv->key[0] &= 0xF8; // Private key is multiply of 8 (by definition), so lower 3 bits are 0. + p_prv->key[31] &= 0x7F; // Highest bit has to be 0, because private key is 255-bit long. + p_prv->key[31] |= 0x40; // Bit 254 has to be 1 (by definition) + + occ_curve25519_scalarmult_base(p_pub->key, p_prv->key); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_curve25519_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key) +{ + nrf_crypto_backend_curve25519_private_key_t * p_prv = + (nrf_crypto_backend_curve25519_private_key_t *)p_private_key; + + nrf_crypto_backend_curve25519_public_key_t * p_pub = + (nrf_crypto_backend_curve25519_public_key_t *)p_public_key; + + // Private key bit fixing is done inside Oberon library. + occ_curve25519_scalarmult_base(p_pub->key, p_prv->key); + + return NRF_SUCCESS; +} + + +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_curve25519_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_curve25519_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_curve25519_private_key_t), + .curve_type = NRF_CRYPTO_ECC_CURVE25519_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_CURVE25519_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_CURVE25519_RAW_PUBLIC_KEY_SIZE, + //lint -save -e611 -e546 (Suspicious cast, Suspicious use of &) + .p_backend_data = (void *)&nrf_crypto_internal_swap_endian, + //lint -restore +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + + +// Make sure that common key structure match Ed25519 key structure to safely cast types. +STATIC_ASSERT(offsetof(nrf_crypto_backend_oberon_private_key_t, key) == + offsetof(nrf_crypto_backend_ed25519_private_key_t, private_part), + "Common Oberon private key structure does not match Ed25519 one."); +STATIC_ASSERT(offsetof(nrf_crypto_backend_oberon_public_key_t, key) == + offsetof(nrf_crypto_backend_ed25519_public_key_t, key), + "Common Oberon public key structure does not match Ed25519 one."); + + +ret_code_t nrf_crypto_backend_ed25519_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data) +{ + nrf_crypto_backend_ed25519_private_key_t * p_prv = + (nrf_crypto_backend_ed25519_private_key_t *)p_private_key; + + memcpy(p_prv->private_part, p_raw_data, sizeof(p_prv->private_part)); + + occ_ed25519_public_key(p_prv->public_part, p_prv->private_part); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_ed25519_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key) +{ + ret_code_t result; + + nrf_crypto_backend_ed25519_private_key_t * p_prv = + (nrf_crypto_backend_ed25519_private_key_t *)p_private_key; + + nrf_crypto_backend_ed25519_public_key_t * p_pub = + (nrf_crypto_backend_ed25519_public_key_t *)p_public_key; + + result = oberon_vector_generate(p_prv->private_part, sizeof(p_prv->private_part)); + + if (result != NRF_SUCCESS) + { + return result; + } + + occ_ed25519_public_key(p_prv->public_part, p_prv->private_part); + + memcpy(p_pub->key, p_prv->public_part, sizeof(p_pub->key)); + + return NRF_SUCCESS; +} + + +ret_code_t nrf_crypto_backend_ed25519_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key) +{ + nrf_crypto_backend_ed25519_private_key_t * p_prv = + (nrf_crypto_backend_ed25519_private_key_t *)p_private_key; + + nrf_crypto_backend_ed25519_public_key_t * p_pub = + (nrf_crypto_backend_ed25519_public_key_t *)p_public_key; + + memcpy(p_pub->key, p_prv->public_part, sizeof(p_pub->key)); + + return NRF_SUCCESS; +} + + +const nrf_crypto_ecc_curve_info_t g_nrf_crypto_ecc_ed25519_curve_info = +{ + .public_key_size = sizeof(nrf_crypto_backend_ed25519_public_key_t), + .private_key_size = sizeof(nrf_crypto_backend_ed25519_private_key_t), + .curve_type = NRF_CRYPTO_ECC_ED25519_CURVE_TYPE, + .raw_private_key_size = NRF_CRYPTO_ECC_ED25519_RAW_PRIVATE_KEY_SIZE, + .raw_public_key_size = NRF_CRYPTO_ECC_ED25519_RAW_PUBLIC_KEY_SIZE, + //lint -save -e611 -e546 (Suspicious cast, Suspicious use of &) + .p_backend_data = (void *)&memcpy, + //lint -restore +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecc.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecc.h new file mode 100644 index 0000000..2fa7d1e --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecc.h @@ -0,0 +1,314 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef OBERON_BACKEND_ECC_H__ +#define OBERON_BACKEND_ECC_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include <stdint.h> +#include <stdbool.h> +#include "nrf_crypto_ecc_shared.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +/** @internal See @ref nrf_crypto_backend_ecc_private_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_oberon_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_private_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_oberon_private_key_to_raw( + void const * p_private_key, + uint8_t * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_oberon_public_key_from_raw( + void * p_public_key, + uint8_t const * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_to_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_oberon_public_key_to_raw( + void const * p_public_key, + uint8_t * p_raw_data); + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_SECP256R1) +#error "More than one backend enabled for secp256r1 (NIST 256-bit)."); +#endif +#define NRF_CRYPTO_ECC_SECP256R1_ENABLED 1 + + +/** @internal @brief Generates random number that can be used as a private key for secp256r1. + * + * It uses RNG from libary frontend to generate random numbers. + * + * @param[out] data Array where generated random number will be placed. + * @returns NRF_SUCCESS or error code passed from RNG frontend. + */ +ret_code_t nrf_crypto_backend_oberon_ecc_secp256r1_rng(uint8_t data[32]); + + +/** @internal @brief Structure holding private key for Oberon's secp256r1. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header. */ + uint8_t key[32]; /**< @internal @brief Raw key. */ +} nrf_crypto_backend_secp256r1_private_key_t; + + +/** @internal @brief Structure holding public key for Oberon's secp256r1. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header. */ + uint8_t key[64]; /**< @internal @brief Raw key. */ +} nrf_crypto_backend_secp256r1_public_key_t; + + +/** @internal See @ref nrf_crypto_backend_ecc_key_pair_generate_fn_t. + */ +ret_code_t nrf_crypto_backend_secp256r1_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_calculate_fn_t. +*/ +ret_code_t nrf_crypto_backend_secp256r1_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key); + + +// Common key conversion functions +#define nrf_crypto_backend_secp256r1_private_key_from_raw \ + nrf_crypto_backend_oberon_private_key_from_raw +#define nrf_crypto_backend_secp256r1_private_key_to_raw \ + nrf_crypto_backend_oberon_private_key_to_raw +#define nrf_crypto_backend_secp256r1_public_key_from_raw \ + nrf_crypto_backend_oberon_public_key_from_raw +#define nrf_crypto_backend_secp256r1_public_key_to_raw \ + nrf_crypto_backend_oberon_public_key_to_raw + +// Free is not required for oberon keys +#define nrf_crypto_backend_secp256r1_private_key_free NULL +#define nrf_crypto_backend_secp256r1_public_key_free NULL + +// Context is not used in oberon functions +#define NRF_CRYPTO_BACKEND_SECP256R1_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256R1_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_secp256r1_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_secp256r1_public_key_calculate_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_CURVE25519) +#error "More than one backend enabled for Curve25519."); +#endif +#define NRF_CRYPTO_ECC_CURVE25519_ENABLED 1 + + +/** @internal @brief Structure holding private key for Oberon's Curve25519. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header. */ + uint8_t key[32]; /**< @internal @brief Raw key in little endian order. */ +} nrf_crypto_backend_curve25519_private_key_t; + + +/** @internal @brief Structure holding public key for Oberon's Curve25519. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header. */ + uint8_t key[32]; /**< @internal @brief Raw key in little endian order. */ +} nrf_crypto_backend_curve25519_public_key_t; + + +/** @internal See @ref nrf_crypto_backend_ecc_key_pair_generate_fn_t. + */ +ret_code_t nrf_crypto_backend_curve25519_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_calculate_fn_t. +*/ +ret_code_t nrf_crypto_backend_curve25519_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key); + + +// Common key conversion functions +#define nrf_crypto_backend_curve25519_private_key_from_raw \ + nrf_crypto_backend_oberon_private_key_from_raw +#define nrf_crypto_backend_curve25519_private_key_to_raw \ + nrf_crypto_backend_oberon_private_key_to_raw +#define nrf_crypto_backend_curve25519_public_key_from_raw \ + nrf_crypto_backend_oberon_public_key_from_raw +#define nrf_crypto_backend_curve25519_public_key_to_raw \ + nrf_crypto_backend_oberon_public_key_to_raw + +// Free is not required for oberon keys +#define nrf_crypto_backend_curve25519_private_key_free NULL +#define nrf_crypto_backend_curve25519_public_key_free NULL + +// Context is not used in oberon functions +#define NRF_CRYPTO_BACKEND_CURVE25519_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_CURVE25519_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_curve25519_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_curve25519_public_key_calculate_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_ECC_ED25519) +#error "More than one backend enabled for Ed25519."); +#endif +#define NRF_CRYPTO_ECC_ED25519_ENABLED 1 + + + +/** @internal @brief Structure holding private key for Oberon's Ed25519. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header. */ + uint8_t private_part[32]; /**< @internal @brief Raw private key. */ + uint8_t public_part[32]; /**< @internal @brief Raw public key. It is also required for Ed25519 signing. */ +} nrf_crypto_backend_ed25519_private_key_t; + + +/** @internal @brief Structure holding private key for Oberon's Ed25519. + */ +typedef struct +{ + nrf_crypto_internal_ecc_key_header_t header; /**< @internal @brief Common ECC key header. */ + uint8_t key[32]; /**< @internal @brief Raw key. */ +} nrf_crypto_backend_ed25519_public_key_t; + + +/** @internal See @ref nrf_crypto_backend_ecc_private_key_from_raw_fn_t. +*/ +ret_code_t nrf_crypto_backend_ed25519_private_key_from_raw( + void * p_private_key, + uint8_t const * p_raw_data); + + +/** @internal See @ref nrf_crypto_backend_ecc_key_pair_generate_fn_t. + */ +ret_code_t nrf_crypto_backend_ed25519_key_pair_generate( + void * p_context, + void * p_private_key, + void * p_public_key); + + +/** @internal See @ref nrf_crypto_backend_ecc_public_key_calculate_fn_t. +*/ +ret_code_t nrf_crypto_backend_ed25519_public_key_calculate( + void * p_context, + void const * p_private_key, + void * p_public_key); + + +// Common key conversion functions +#define nrf_crypto_backend_ed25519_private_key_to_raw \ + nrf_crypto_backend_oberon_private_key_to_raw +#define nrf_crypto_backend_ed25519_public_key_from_raw \ + nrf_crypto_backend_oberon_public_key_from_raw +#define nrf_crypto_backend_ed25519_public_key_to_raw \ + nrf_crypto_backend_oberon_public_key_to_raw + +// Free is not required for oberon keys +#define nrf_crypto_backend_ed25519_private_key_free NULL +#define nrf_crypto_backend_ed25519_public_key_free NULL + +// Context is not used in oberon functions +#define NRF_CRYPTO_BACKEND_ED25519_KEY_PAIR_GENERATE_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_ED25519_PUBLIC_KEY_CALCULATE_CONTEXT_SIZE 0 + +// Dummy typedef for unused context +typedef uint32_t nrf_crypto_backend_ed25519_key_pair_generate_context_t; +typedef uint32_t nrf_crypto_backend_ed25519_public_key_calculate_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#endif // OBERON_BACKEND_ECC_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdh.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdh.c new file mode 100644 index 0000000..9dcba96 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdh.c @@ -0,0 +1,114 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include <stdint.h> + +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_ecdh.h" +#include "nrf_crypto_shared.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) +#include "occ_ecdh_p256.h" +#endif +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) +#include "occ_curve25519.h" +#endif + + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + +ret_code_t nrf_crypto_backend_secp256r1_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret) +{ + int result; + + nrf_crypto_backend_secp256r1_private_key_t const * p_prv = + (nrf_crypto_backend_secp256r1_private_key_t const *)p_private_key; + + nrf_crypto_backend_secp256r1_public_key_t const * p_pub = + (nrf_crypto_backend_secp256r1_public_key_t const *)p_public_key; + + result = occ_ecdh_p256_common_secret(p_shared_secret, p_prv->key, p_pub->key); + + if (result != 0) + { + return NRF_ERROR_CRYPTO_INTERNAL; + } + return NRF_SUCCESS; +} + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + +ret_code_t nrf_crypto_backend_curve25519_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret) +{ + nrf_crypto_backend_curve25519_private_key_t const * p_prv = + (nrf_crypto_backend_curve25519_private_key_t const *)p_private_key; + + nrf_crypto_backend_curve25519_public_key_t const * p_pub = + (nrf_crypto_backend_curve25519_public_key_t const *)p_public_key; + + // Private key can be completely random at this point. + // Oberon library updates bits in the key according to Curve25519 specification before use. + occ_curve25519_scalarmult(p_shared_secret, p_prv->key, p_pub->key); + + nrf_crypto_internal_swap_endian_in_place(p_shared_secret, + NRF_CRYPTO_ECDH_CURVE25519_SHARED_SECRET_SIZE); + + return NRF_SUCCESS; +} + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdh.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdh.h new file mode 100644 index 0000000..85dd0d0 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdh.h @@ -0,0 +1,108 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef OBERON_BACKEND_ECDH_H__ +#define OBERON_BACKEND_ECDH_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include <stdint.h> +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_ecdh_shared.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + + +/** @internal See @ref nrf_crypto_backend_ecdh_compute_fn_t. + */ +ret_code_t nrf_crypto_backend_secp256r1_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret); + +// Context in not used in OBERON backend +typedef uint32_t nrf_crypto_backend_secp256r1_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_SECP256R1_ECDH_CONTEXT_SIZE 0 + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + +/** @internal See @ref nrf_crypto_backend_ecdh_compute_fn_t. + */ +ret_code_t nrf_crypto_backend_curve25519_ecdh_compute( + void * p_context, + void const * p_private_key, + void const * p_public_key, + uint8_t * p_shared_secret); + +// Context in not used in OBERON backend +typedef uint32_t nrf_crypto_backend_curve25519_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_CURVE25519_ECDH_CONTEXT_SIZE 0 + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + +// ECDH is not possible for Ed25519 +#define nrf_crypto_backend_ed25519_ecdh_compute NULL +typedef uint32_t nrf_crypto_backend_ed25519_ecdh_context_t; +#define NRF_CRYPTO_BACKEND_ED25519_ECDH_CONTEXT_SIZE 0 + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#endif // OBERON_BACKEND_ECDH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdsa.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdsa.c new file mode 100644 index 0000000..5bbfc18 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdsa.c @@ -0,0 +1,166 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include <stdint.h> +#include <stdbool.h> +#include <string.h> + +#include "nrf_crypto_ecc.h" +#include "nrf_crypto_rng.h" +#include "nrf_crypto_ecdsa.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + +#include "occ_ecdsa_p256.h" + + +#define OBERON_HASH_SIZE_FOR_SECP256R1 (256 / 8) + + +ret_code_t nrf_crypto_backend_secp256r1_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature) +{ + int result; + uint8_t session_key[32]; + + nrf_crypto_backend_secp256r1_private_key_t const * p_prv = + (nrf_crypto_backend_secp256r1_private_key_t const *)p_private_key; + + if (data_size < OBERON_HASH_SIZE_FOR_SECP256R1) + { + return NRF_ERROR_CRYPTO_INPUT_LENGTH; + } + + result = nrf_crypto_backend_oberon_ecc_secp256r1_rng(session_key); + if (result != NRF_SUCCESS) + { + return result; + } + + result = occ_ecdsa_p256_sign_hash(p_signature, p_data, p_prv->key, session_key); + + return result == 0 ? NRF_SUCCESS : NRF_ERROR_CRYPTO_INTERNAL; +} + + +ret_code_t nrf_crypto_backend_secp256r1_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature) +{ + int result; + + nrf_crypto_backend_secp256r1_public_key_t const * p_pub = + (nrf_crypto_backend_secp256r1_public_key_t const *)p_public_key; + + if (data_size < OBERON_HASH_SIZE_FOR_SECP256R1) + { + return NRF_ERROR_CRYPTO_INPUT_LENGTH; + } + + result = occ_ecdsa_p256_verify_hash(p_signature, p_data, p_pub->key); + + if (result != 0) + { + return NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE; + } + return NRF_SUCCESS; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + +#include "occ_ed25519.h" + + +ret_code_t nrf_crypto_backend_ed25519_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature) +{ + nrf_crypto_backend_ed25519_private_key_t const * p_prv = + (nrf_crypto_backend_ed25519_private_key_t const *)p_private_key; + + occ_ed25519_sign(p_signature, p_data, data_size, p_prv->private_part, p_prv->public_part); + + return NRF_SUCCESS; +} + +ret_code_t nrf_crypto_backend_ed25519_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature) +{ + int result; + + nrf_crypto_backend_ed25519_public_key_t const * p_pub = + (nrf_crypto_backend_ed25519_public_key_t const *)p_public_key; + + result = occ_ed25519_verify(p_signature, p_data, data_size, p_pub->key); + + if (result != 0) + { + return NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE; + } + return NRF_SUCCESS; +} + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdsa.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdsa.h new file mode 100644 index 0000000..070a8cf --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_ecdsa.h @@ -0,0 +1,141 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef OBERON_BACKEND_ECDSA_H__ +#define OBERON_BACKEND_ECDSA_H__ + +#include "sdk_config.h" +#include "nordic_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include <stdint.h> +#include "nrf_crypto_ecc_shared.h" +#include "nrf_crypto_ecdsa_shared.h" + + +#ifdef __cplusplus +extern "C" { +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1) + + +/** @internal See @ref nrf_crypto_backend_ecdsa_sign_fn_t. + */ +ret_code_t nrf_crypto_backend_secp256r1_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature); + + +/** @internal See @ref nrf_crypto_backend_ecdsa_verify_fn_t. + */ +ret_code_t nrf_crypto_backend_secp256r1_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature); + + +#define NRF_CRYPTO_BACKEND_SECP256R1_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_SECP256R1_VERIFY_CONTEXT_SIZE 0 +typedef uint32_t nrf_crypto_backend_secp256r1_sign_context_t; +typedef uint32_t nrf_crypto_backend_secp256r1_verify_context_t; + +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519) + +// Curve25519 is not designed for ECDSA +#define NRF_CRYPTO_BACKEND_CURVE25519_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_CURVE25519_VERIFY_CONTEXT_SIZE 0 +typedef uint32_t nrf_crypto_backend_curve25519_sign_context_t; +typedef uint32_t nrf_crypto_backend_curve25519_verify_context_t; +#define nrf_crypto_backend_curve25519_sign NULL +#define nrf_crypto_backend_curve25519_verify NULL + +#endif + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519) + + +/** @internal See @ref nrf_crypto_backend_ecdsa_sign_fn_t. + */ +ret_code_t nrf_crypto_backend_ed25519_sign( + void * p_context, + void const * p_private_key, + uint8_t const * p_data, + size_t data_size, + uint8_t * p_signature); + + +/** @internal See @ref nrf_crypto_backend_ecdsa_verify_fn_t. + */ +ret_code_t nrf_crypto_backend_ed25519_verify( + void * p_context, + void const * p_public_key, + uint8_t const * p_data, + size_t data_size, + uint8_t const * p_signature); + + +#define NRF_CRYPTO_BACKEND_ED25519_SIGN_CONTEXT_SIZE 0 +#define NRF_CRYPTO_BACKEND_ED25519_VERIFY_CONTEXT_SIZE 0 +typedef uint32_t nrf_crypto_backend_ed25519_sign_context_t; +typedef uint32_t nrf_crypto_backend_ed25519_verify_context_t; + + +#endif + + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#endif // OBERON_BACKEND_ECDSA_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hash.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hash.c new file mode 100644 index 0000000..cf90e51 --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hash.c @@ -0,0 +1,184 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include "oberon_backend_hash.h" +#include "crys_hash.h" +#include "crys_hash_error.h" +#include "nrf_crypto_init.h" +#include "nrf_crypto_types.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_hash_shared.h" +#include "sdk_macros.h" +#include "occ_sha256.h" +#include "occ_sha512.h" +#include "nrf_log.h" +#include "nrf_assert.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HASH_SHA256) + +static ret_code_t oberon_backend_hash_sha256_init(void * const p_context) +{ + // No parameter testing on this level. + // This has been done on upper level. + + occ_sha256_ctx * p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + occ_sha256_init(p_backend_context); + + return NRF_SUCCESS; +} + + +static uint32_t oberon_backend_hash_sha256_update(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + // Limited parameter testing on this level. + // This has been done on upper level. + + occ_sha256_ctx * p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + occ_sha256_update(p_backend_context, p_data, size); + + return NRF_SUCCESS; +} + + +static uint32_t oberon_backend_hash_sha256_finalize(void * const p_context, + uint8_t * p_digest, + size_t * const p_digest_size) +{ + // Limited parameter testing on this level. + // This has been done on upper level. + + occ_sha256_ctx * p_backend_context + = &(((nrf_crypto_backend_hash_sha256_context_t *)p_context)->context); + + occ_sha256_final(p_digest, p_backend_context); + + *p_digest_size = NRF_CRYPTO_HASH_SIZE_SHA256; + + return NRF_SUCCESS; +} + + +const nrf_crypto_hash_info_t g_nrf_crypto_hash_sha256_info = +{ + .init_fn = oberon_backend_hash_sha256_init, + .update_fn = oberon_backend_hash_sha256_update, + .finalize_fn = oberon_backend_hash_sha256_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA256, + .context_size = sizeof(nrf_crypto_backend_hash_sha256_context_t), + .hash_mode = NRF_CRYPTO_HASH_MODE_SHA256 +}; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HASH_SHA256) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HASH_SHA512) + + +static ret_code_t oberon_backend_hash_sha512_init(void * p_context) +{ + // No parameter testing on this level. + // This has been done on upper level. + + occ_sha512_ctx * p_backend_context + = &(((nrf_crypto_backend_hash_sha512_context_t *)p_context)->context); + + occ_sha512_init(p_backend_context); + + return NRF_SUCCESS; +} + + +static ret_code_t oberon_backend_hash_sha512_update(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + // Limited parameter testing on this level. + // This has been done on upper level. + + occ_sha512_ctx * p_backend_context + = &(((nrf_crypto_backend_hash_sha512_context_t *)p_context)->context); + + occ_sha512_update(p_backend_context, p_data, size); + + return NRF_SUCCESS; +} + + +static ret_code_t oberon_backend_hash_sha512_finalize(void * const p_context, + uint8_t * p_digest, + size_t * const p_digest_size) +{ + // Limited parameter testing on this level. + // This has been done on upper level. + + occ_sha512_ctx * p_backend_context + = &(((nrf_crypto_backend_hash_sha512_context_t *)p_context)->context); + + occ_sha512_final(p_digest, p_backend_context); + + *p_digest_size = NRF_CRYPTO_HASH_SIZE_SHA512; + + return NRF_SUCCESS; +} + + +const nrf_crypto_hash_info_t g_nrf_crypto_hash_sha512_info = +{ + .init_fn = oberon_backend_hash_sha512_init, + .update_fn = oberon_backend_hash_sha512_update, + .finalize_fn = oberon_backend_hash_sha512_finalize, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA512, + .context_size = sizeof(nrf_crypto_backend_hash_sha512_context_t), + .hash_mode = NRF_CRYPTO_HASH_MODE_SHA512 +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HASH_SHA512) + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hash.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hash.h new file mode 100644 index 0000000..534f0ca --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hash.h @@ -0,0 +1,123 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef OBERON_BACKEND_HASH_H__ +#define OBERON_BACKEND_HASH_H__ + +/** @file + * + * @defgroup nrf_crypto_oberon_backend_hash Oberon backend hash + * @{ + * @ingroup nrf_crypto_oberon_backend + * + * @brief Hash functionality provided by the Oberon nrf_crypto backend. + */ +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include "sdk_errors.h" +#include "nrf_crypto_hash_shared.h" +#include "occ_sha256.h" +#include "occ_sha512.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HASH_SHA256) + +// Flag that nrf_crypto_hash frontend can be compiled +#undef NRF_CRYPTO_HASH_ENABLED +#define NRF_CRYPTO_HASH_ENABLED 1 + +// Duplicate backend enabled test for SHA-256 +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HASH_SHA256) +#error "Duplicate definition of SHA-256. More than one backend enabled"); +#endif + +// Flag that SHA-256 is enabled in backend +#define NRF_CRYPTO_HASH_SHA256_ENABLED 1 + + +/**@brief nrf_crypto_hash context for SHA-256 in nrf_crypto Oberon backend. */ +typedef struct +{ + nrf_crypto_hash_internal_context_t header; /**< Common header for context. */ + occ_sha256_ctx context; /**< Hash context internal to Oberon. */ +} nrf_crypto_backend_hash_sha256_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HASH_SHA256) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HASH_SHA512) + +// Flag that nrf_crypto_hash frontend can be compiled +#undef NRF_CRYPTO_HASH_ENABLED +#define NRF_CRYPTO_HASH_ENABLED 1 + +// Duplicate backend enabled test for SHA-512 +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HASH_SHA512) +#error "Duplicate definition of SHA-512. More than one backend enabled"); +#endif + +// Flag that SHA-512 is enabled in backend +#define NRF_CRYPTO_HASH_SHA512_ENABLED 1 + + +/**@brief nrf_crypto_hash context for SHA-512 in nrf_crypto Oberon backend. */ +typedef struct +{ + nrf_crypto_hash_internal_context_t header; /**< Common header for context. */ + occ_sha512_ctx context; /**< Hash context internal to Oberon. */ +} nrf_crypto_backend_hash_sha512_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HASH_SHA512) + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +/**@} */ + +#endif // OBERON_BACKEND_HASH_H__ diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hmac.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hmac.c new file mode 100644 index 0000000..a89c4ac --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hmac.c @@ -0,0 +1,169 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) + +#include "nrf_log.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_types.h" +#include "oberon_backend_hmac.h" + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA256) + +#define HMAC_SHA256_BLOCK_SIZE 64 + +static ret_code_t oberon_backend_hmac_init_sha256(void * const p_context, + uint8_t const * p_key, + size_t key_size) +{ + nrf_crypto_backend_oberon_hmac_sha256_context_t * p_ctx = + (nrf_crypto_backend_oberon_hmac_sha256_context_t *)p_context; + + occ_hmac_sha256_init(&p_ctx->oberon_ctx, p_key, key_size); + + return NRF_SUCCESS; +} + + +static ret_code_t oberon_backend_hmac_update_sha256(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + nrf_crypto_backend_oberon_hmac_sha256_context_t * p_ctx = + (nrf_crypto_backend_oberon_hmac_sha256_context_t *)p_context; + + occ_hmac_sha256_update(&p_ctx->oberon_ctx, p_data, size); + + return NRF_SUCCESS; +} + + +static ret_code_t oberon_backend_hmac_finalize_sha256(void * const p_context, + uint8_t * p_digest, + size_t * const p_size) +{ + nrf_crypto_backend_oberon_hmac_sha256_context_t * const p_ctx = + (nrf_crypto_backend_oberon_hmac_sha256_context_t *)p_context; + + occ_hmac_sha256_final(p_digest, &p_ctx->oberon_ctx); + + // Assume operation was successful and update the digest size accordingly. + *p_size = p_ctx->header.p_info->digest_size; + + return NRF_SUCCESS; +} + + +// Information structure for HMAC SHA256 using Oberon backend. +const nrf_crypto_hmac_info_t g_nrf_crypto_hmac_sha256_info = +{ + .init_fn = oberon_backend_hmac_init_sha256, + .update_fn = oberon_backend_hmac_update_sha256, + .finalize_fn = oberon_backend_hmac_finalize_sha256, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA256, + .context_size = sizeof(nrf_crypto_backend_oberon_hmac_sha256_context_t), + .type = NRF_CRYPTO_HMAC_SHA256_TYPE +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA256) + + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA512) + +#define HMAC_SHA512_BLOCK_SIZE 128 + +static ret_code_t oberon_backend_hmac_init_sha512(void * const p_context, + uint8_t const * p_key, + size_t key_size) +{ + nrf_crypto_backend_oberon_hmac_sha512_context_t * p_ctx = + (nrf_crypto_backend_oberon_hmac_sha512_context_t *)p_context; + + occ_hmac_sha512_init(&p_ctx->oberon_ctx, p_key, key_size); + + return NRF_SUCCESS; +} + + +static ret_code_t oberon_backend_hmac_update_sha512(void * const p_context, + uint8_t const * p_data, + size_t size) +{ + nrf_crypto_backend_oberon_hmac_sha512_context_t * p_ctx = + (nrf_crypto_backend_oberon_hmac_sha512_context_t *)p_context; + + occ_hmac_sha512_update(&p_ctx->oberon_ctx, p_data, size); + + return NRF_SUCCESS; +} + + +static ret_code_t oberon_backend_hmac_finalize_sha512(void * const p_context, + uint8_t * p_digest, + size_t * const p_size) +{ + nrf_crypto_backend_oberon_hmac_sha512_context_t * const p_ctx = + (nrf_crypto_backend_oberon_hmac_sha512_context_t *)p_context; + + occ_hmac_sha512_final(p_digest, &p_ctx->oberon_ctx); + + // Assume operation was successful and update the digest size accordingly. + *p_size = p_ctx->header.p_info->digest_size; + + return NRF_SUCCESS; +} + + +// Information structure for HMAC SHA512 using Oberon backend. +const nrf_crypto_hmac_info_t g_nrf_crypto_hmac_sha512_info = +{ + .init_fn = oberon_backend_hmac_init_sha512, + .update_fn = oberon_backend_hmac_update_sha512, + .finalize_fn = oberon_backend_hmac_finalize_sha512, + .digest_size = NRF_CRYPTO_HASH_SIZE_SHA512, + .context_size = sizeof(nrf_crypto_backend_oberon_hmac_sha512_context_t), + .type = NRF_CRYPTO_HMAC_SHA512_TYPE +}; + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA512) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) && NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hmac.h b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hmac.h new file mode 100644 index 0000000..d32274f --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/backend/oberon/oberon_backend_hmac.h @@ -0,0 +1,136 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef OBERON_BACKEND_HMAC_H__ +#define OBERON_BACKEND_HMAC_H__ + +/** @file + * + * @defgroup nrf_crypto_oberon_backend_hmac Oberon backend for HMAC + * @{ + * @ingroup nrf_crypto_oberon_backend + * + * @brief Backend wrapper for Oberon. None of these types should be used directly by the + * application. + */ + +#include "sdk_common.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON) && \ + ( NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA256) || \ + NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA512) ) + +#include "nrf_crypto_hmac_shared.h" +#include "occ_hmac_sha256.h" +#include "occ_hmac_sha512.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#undef NRF_CRYPTO_HMAC_ENABLED +#define NRF_CRYPTO_HMAC_ENABLED 1 + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA256) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HMAC_SHA256) +#error "Duplicate definition of HMAC SHA-256. More than one backend enabled" +#endif // NRF_CRYPTO_HMAC_SHA256_ENABLED +#define NRF_CRYPTO_HMAC_SHA256_ENABLED 1 + +/** + * @internal @brief Internal context object used by the Oberon backend wrapper for HMAC SHA256. + * + * @note This should never be used directly. Use @ref nrf_crypto_backend_hmac_sha256_context_t + * instead. + */ +typedef struct +{ + nrf_crypto_hmac_internal_context_t header; //!< Internal nrf_crypto_hmac context. + occ_hmac_sha256_ctx oberon_ctx; //!< Oberon context object. +} nrf_crypto_backend_oberon_hmac_sha256_context_t; + + +/** + * @internal @brief Context for HMAC SHA256 using Oberon backend. + */ +typedef nrf_crypto_backend_oberon_hmac_sha256_context_t nrf_crypto_backend_hmac_sha256_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA256) + + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA512) + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HMAC_SHA512) +#error "Duplicate definition of HMAC SHA-512. More than one backend enabled" +#endif // NRF_CRYPTO_HMAC_SHA512_ENABLED +#define NRF_CRYPTO_HMAC_SHA512_ENABLED 1 + +/** + * @internal @brief Internal context object used by the Oberon backend wrapper for HMAC SHA512. + * + * @note This should never be used directly. Use @ref nrf_crypto_backend_hmac_sha512_context_t + * instead. + */ +typedef struct +{ + nrf_crypto_hmac_internal_context_t header; //!< Internal nrf_crypto_hmac context header. + occ_hmac_sha512_ctx oberon_ctx; //!< Oberon context object. +} nrf_crypto_backend_oberon_hmac_sha512_context_t; + +/** + * @internal @brief Context for HMAC SHA512 using Oberon backend. + */ +typedef nrf_crypto_backend_oberon_hmac_sha512_context_t nrf_crypto_backend_hmac_sha512_context_t; + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA512) + +#ifdef __cplusplus +} +#endif + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON && ( NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA256 || NRF_MODULE_ENABLED(NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA512) ) + +/**@} */ + +#endif // OBERON_BACKEND_HMAC_H__ |