kopia lustrzana https://github.com/espressif/esp-idf
crypto accelerator support on esp32s3
SHA: passing unit tests RSA: pass tests AES: tests passingpull/5682/merge
rodzic
cc66334014
commit
bff0016eb8
|
@ -29,5 +29,6 @@ PROVIDE ( I2C1 = 0x60027000 );
|
|||
PROVIDE ( GPSPI4 = 0x60037000 );
|
||||
PROVIDE ( GDMA = 0x6003F000 );
|
||||
PROVIDE ( UART2 = 0x60010000 );
|
||||
PROVIDE ( DMA = 0x6003F000 );
|
||||
PROVIDE ( APB_SARADC = 0x60040000 );
|
||||
PROVIDE ( LCD_CAM = 0x60041000 );
|
||||
|
|
|
@ -94,6 +94,12 @@ static inline uint32_t periph_ll_get_clk_en_mask(periph_module_t periph)
|
|||
return SYSTEM_SYSTIMER_CLK_EN;
|
||||
case PERIPH_GDMA_MODULE:
|
||||
return SYSTEM_DMA_CLK_EN;
|
||||
case PERIPH_AES_MODULE:
|
||||
return SYSTEM_CRYPTO_AES_CLK_EN;
|
||||
case PERIPH_SHA_MODULE:
|
||||
return SYSTEM_CRYPTO_SHA_CLK_EN;
|
||||
case PERIPH_RSA_MODULE:
|
||||
return SYSTEM_CRYPTO_RSA_CLK_EN;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
@ -159,6 +165,30 @@ static inline uint32_t periph_ll_get_rst_en_mask(periph_module_t periph, bool en
|
|||
return SYSTEM_SYSTIMER_RST;
|
||||
case PERIPH_GDMA_MODULE:
|
||||
return SYSTEM_DMA_RST;
|
||||
case PERIPH_AES_MODULE:
|
||||
if (enable == true) {
|
||||
// Clear reset on digital signature, otherwise AES unit is held in reset also.
|
||||
return (SYSTEM_CRYPTO_AES_RST | SYSTEM_CRYPTO_DS_RST);
|
||||
} else {
|
||||
//Don't return other units to reset, as this pulls reset on RSA & SHA units, respectively.
|
||||
return SYSTEM_CRYPTO_AES_RST;
|
||||
}
|
||||
case PERIPH_SHA_MODULE:
|
||||
if (enable == true) {
|
||||
// Clear reset on digital signature and HMAC, otherwise SHA is held in reset
|
||||
return (SYSTEM_CRYPTO_SHA_RST | SYSTEM_CRYPTO_DS_RST | SYSTEM_CRYPTO_HMAC_RST | SYSTEM_DMA_RST) ;
|
||||
} else {
|
||||
// Don't assert reset on secure boot, otherwise AES is held in reset
|
||||
return SYSTEM_CRYPTO_SHA_RST | SYSTEM_DMA_RST;
|
||||
}
|
||||
case PERIPH_RSA_MODULE:
|
||||
if (enable == true) {
|
||||
/* also clear reset on digital signature, otherwise RSA is held in reset */
|
||||
return (SYSTEM_CRYPTO_RSA_RST | SYSTEM_CRYPTO_DS_RST);
|
||||
} else {
|
||||
/* don't reset digital signature unit, as this resets AES also */
|
||||
return SYSTEM_CRYPTO_RSA_RST;
|
||||
}
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
@ -177,6 +207,9 @@ static uint32_t periph_ll_get_clk_en_reg(periph_module_t periph)
|
|||
case PERIPH_UART2_MODULE:
|
||||
case PERIPH_SDMMC_MODULE:
|
||||
case PERIPH_GDMA_MODULE:
|
||||
case PERIPH_AES_MODULE:
|
||||
case PERIPH_SHA_MODULE:
|
||||
case PERIPH_RSA_MODULE:
|
||||
return SYSTEM_PERIP_CLK_EN1_REG;
|
||||
default:
|
||||
return SYSTEM_PERIP_CLK_EN0_REG;
|
||||
|
@ -196,6 +229,8 @@ static uint32_t periph_ll_get_rst_en_reg(periph_module_t periph)
|
|||
case PERIPH_UART2_MODULE:
|
||||
case PERIPH_SDMMC_MODULE:
|
||||
case PERIPH_GDMA_MODULE:
|
||||
case PERIPH_AES_MODULE:
|
||||
case PERIPH_RSA_MODULE:
|
||||
return SYSTEM_PERIP_RST_EN1_REG;
|
||||
default:
|
||||
return SYSTEM_PERIP_RST_EN0_REG;
|
||||
|
|
|
@ -8,10 +8,10 @@
|
|||
#define IDF_PERFORMANCE_MAX_TIME_SHA1_32KB 1000
|
||||
#define IDF_PERFORMANCE_MAX_TIME_SHA512_32KB 900
|
||||
|
||||
#define IDF_PERFORMANCE_MAX_RSA_2048KEY_PUBLIC_OP 14000
|
||||
#define IDF_PERFORMANCE_MAX_RSA_2048KEY_PRIVATE_OP 100000
|
||||
#define IDF_PERFORMANCE_MAX_RSA_4096KEY_PUBLIC_OP 60000
|
||||
#define IDF_PERFORMANCE_MAX_RSA_4096KEY_PRIVATE_OP 600000
|
||||
#define IDF_PERFORMANCE_MAX_RSA_2048KEY_PUBLIC_OP 18000
|
||||
#define IDF_PERFORMANCE_MAX_RSA_2048KEY_PRIVATE_OP 210000
|
||||
#define IDF_PERFORMANCE_MAX_RSA_4096KEY_PUBLIC_OP 80000
|
||||
#define IDF_PERFORMANCE_MAX_RSA_4096KEY_PRIVATE_OP 1500000
|
||||
|
||||
#define IDF_PERFORMANCE_MAX_SPI_PER_TRANS_NO_POLLING 32
|
||||
#define IDF_PERFORMANCE_MAX_SPI_PER_TRANS_NO_POLLING_NO_DMA 30
|
||||
|
|
Plik diff jest za duży
Load Diff
|
@ -0,0 +1,223 @@
|
|||
/**
|
||||
* \brief Multi-precision integer library, ESP32 S3 hardware accelerated parts
|
||||
*
|
||||
* based on mbedTLS implementation
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
#include "soc/hwcrypto_periph.h"
|
||||
#include "driver/periph_ctrl.h"
|
||||
#include <mbedtls/bignum.h>
|
||||
#include "bignum_impl.h"
|
||||
#include "soc/dport_reg.h"
|
||||
#include "soc/system_reg.h"
|
||||
#include "soc/periph_defs.h"
|
||||
#include <sys/param.h>
|
||||
|
||||
size_t esp_mpi_hardware_words(size_t words)
|
||||
{
|
||||
return words;
|
||||
}
|
||||
|
||||
void esp_mpi_enable_hardware_hw_op( void )
|
||||
{
|
||||
/* Enable RSA hardware */
|
||||
periph_module_enable(PERIPH_RSA_MODULE);
|
||||
|
||||
REG_CLR_BIT(SYSTEM_RSA_PD_CTRL_REG, SYSTEM_RSA_MEM_PD);
|
||||
|
||||
while (DPORT_REG_READ(RSA_QUERY_CLEAN_REG) != 1) {
|
||||
}
|
||||
// Note: from enabling RSA clock to here takes about 1.3us
|
||||
|
||||
|
||||
}
|
||||
|
||||
void esp_mpi_disable_hardware_hw_op( void )
|
||||
{
|
||||
REG_SET_BIT(SYSTEM_RSA_PD_CTRL_REG, SYSTEM_RSA_MEM_PD);
|
||||
|
||||
/* Disable RSA hardware */
|
||||
periph_module_disable(PERIPH_RSA_MODULE);
|
||||
}
|
||||
|
||||
|
||||
/* Copy mbedTLS MPI bignum 'mpi' to hardware memory block at 'mem_base'.
|
||||
|
||||
If num_words is higher than the number of words in the bignum then
|
||||
these additional words will be zeroed in the memory buffer.
|
||||
*/
|
||||
static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words)
|
||||
{
|
||||
uint32_t *pbase = (uint32_t *)mem_base;
|
||||
uint32_t copy_words = MIN(num_words, mpi->n);
|
||||
|
||||
/* Copy MPI data to memory block registers */
|
||||
for (int i = 0; i < copy_words; i++) {
|
||||
pbase[i] = mpi->p[i];
|
||||
}
|
||||
|
||||
/* Zero any remaining memory block data */
|
||||
for (int i = copy_words; i < num_words; i++) {
|
||||
pbase[i] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Read mbedTLS MPI bignum back from hardware memory block.
|
||||
|
||||
Reads num_words words from block.
|
||||
*/
|
||||
static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_words)
|
||||
{
|
||||
|
||||
/* Copy data from memory block registers */
|
||||
esp_dport_access_read_buffer(x->p, mem_base, num_words);
|
||||
/* Zero any remaining limbs in the bignum, if the buffer is bigger
|
||||
than num_words */
|
||||
for (size_t i = num_words; i < x->n; i++) {
|
||||
x->p[i] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* Begin an RSA operation. op_reg specifies which 'START' register
|
||||
to write to.
|
||||
*/
|
||||
static inline void start_op(uint32_t op_reg)
|
||||
{
|
||||
/* Clear interrupt status */
|
||||
DPORT_REG_WRITE(RSA_CLEAR_INTERRUPT_REG, 1);
|
||||
|
||||
/* Note: above REG_WRITE includes a memw, so we know any writes
|
||||
to the memory blocks are also complete. */
|
||||
|
||||
DPORT_REG_WRITE(op_reg, 1);
|
||||
}
|
||||
|
||||
/* Wait for an RSA operation to complete.
|
||||
*/
|
||||
static inline void wait_op_complete(void)
|
||||
{
|
||||
while (DPORT_REG_READ(RSA_QUERY_INTERRUPT_REG) != 1)
|
||||
{ }
|
||||
|
||||
/* clear the interrupt */
|
||||
DPORT_REG_WRITE(RSA_CLEAR_INTERRUPT_REG, 1);
|
||||
}
|
||||
|
||||
|
||||
/* Read result from last MPI operation */
|
||||
void esp_mpi_read_result_hw_op(mbedtls_mpi *Z, size_t z_words)
|
||||
{
|
||||
wait_op_complete();
|
||||
mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, z_words);
|
||||
}
|
||||
|
||||
|
||||
/* Z = (X * Y) mod M
|
||||
|
||||
Not an mbedTLS function
|
||||
*/
|
||||
void esp_mpi_mul_mpi_mod_hw_op(const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, const mbedtls_mpi *Rinv, mbedtls_mpi_uint Mprime, size_t num_words)
|
||||
{
|
||||
DPORT_REG_WRITE(RSA_LENGTH_REG, (num_words - 1));
|
||||
|
||||
/* Load M, X, Rinv, Mprime (Mprime is mod 2^32) */
|
||||
mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, num_words);
|
||||
mpi_to_mem_block(RSA_MEM_Y_BLOCK_BASE, Y, num_words);
|
||||
mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, num_words);
|
||||
mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, Rinv, num_words);
|
||||
DPORT_REG_WRITE(RSA_M_DASH_REG, Mprime);
|
||||
|
||||
start_op(RSA_MOD_MULT_START_REG);
|
||||
}
|
||||
|
||||
/* Z = (X ^ Y) mod M
|
||||
*/
|
||||
void esp_mpi_exp_mpi_mod_hw_op(const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M, const mbedtls_mpi *Rinv, mbedtls_mpi_uint Mprime, size_t num_words)
|
||||
{
|
||||
size_t y_bits = mbedtls_mpi_bitlen(Y);
|
||||
|
||||
DPORT_REG_WRITE(RSA_LENGTH_REG, (num_words - 1));
|
||||
|
||||
/* Load M, X, Rinv, Mprime (Mprime is mod 2^32) */
|
||||
mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, num_words);
|
||||
mpi_to_mem_block(RSA_MEM_Y_BLOCK_BASE, Y, num_words);
|
||||
mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, num_words);
|
||||
mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, Rinv, num_words);
|
||||
DPORT_REG_WRITE(RSA_M_DASH_REG, Mprime);
|
||||
|
||||
/* Enable acceleration options */
|
||||
DPORT_REG_WRITE(RSA_CONSTANT_TIME_REG, 0);
|
||||
DPORT_REG_WRITE(RSA_SEARCH_OPEN_REG, 1);
|
||||
DPORT_REG_WRITE(RSA_SEARCH_POS_REG, y_bits - 1);
|
||||
|
||||
/* Execute first stage montgomery multiplication */
|
||||
start_op(RSA_MODEXP_START_REG);
|
||||
|
||||
DPORT_REG_WRITE(RSA_SEARCH_OPEN_REG, 0);
|
||||
}
|
||||
|
||||
|
||||
/* Z = X * Y */
|
||||
void esp_mpi_mul_mpi_hw_op(const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t num_words)
|
||||
{
|
||||
/* Copy X (right-extended) & Y (left-extended) to memory block */
|
||||
mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, num_words);
|
||||
mpi_to_mem_block(RSA_MEM_Z_BLOCK_BASE + num_words * 4, Y, num_words);
|
||||
/* NB: as Y is left-extended, we don't zero the bottom words_mult words of Y block.
|
||||
This is OK for now because zeroing is done by hardware when we do esp_mpi_acquire_hardware().
|
||||
*/
|
||||
DPORT_REG_WRITE(RSA_LENGTH_REG, (num_words * 2 - 1));
|
||||
start_op(RSA_MULT_START_REG);
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @brief Special-case of (X * Y), where we use hardware montgomery mod
|
||||
multiplication to calculate result where either A or B are >2048 bits so
|
||||
can't use the standard multiplication method.
|
||||
*
|
||||
*/
|
||||
void esp_mpi_mult_mpi_failover_mod_mult_hw_op(const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t num_words)
|
||||
{
|
||||
/* M = 2^num_words - 1, so block is entirely FF */
|
||||
for (int i = 0; i < num_words; i++) {
|
||||
DPORT_REG_WRITE(RSA_MEM_M_BLOCK_BASE + i * 4, UINT32_MAX);
|
||||
}
|
||||
|
||||
/* Mprime = 1 */
|
||||
DPORT_REG_WRITE(RSA_M_DASH_REG, 1);
|
||||
DPORT_REG_WRITE(RSA_LENGTH_REG, num_words - 1);
|
||||
|
||||
/* Load X & Y */
|
||||
mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, num_words);
|
||||
mpi_to_mem_block(RSA_MEM_Y_BLOCK_BASE, Y, num_words);
|
||||
|
||||
/* Rinv = 1, write first word */
|
||||
DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE, 1);
|
||||
|
||||
/* Zero out rest of the Rinv words */
|
||||
for (int i = 1; i < num_words; i++) {
|
||||
DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE + i * 4, 0);
|
||||
}
|
||||
|
||||
start_op(RSA_MOD_MULT_START_REG);
|
||||
}
|
|
@ -0,0 +1,255 @@
|
|||
/*
|
||||
* SHA-1 implementation with hardware ESP32 support added.
|
||||
* Uses mbedTLS software implementation for failover when concurrent
|
||||
* SHA operations are in use.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE LTD
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* The SHA-1 standard was published by NIST in 1993.
|
||||
*
|
||||
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
|
||||
|
||||
#include "mbedtls/sha1.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#include "esp32s3/sha.h"
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n )
|
||||
{
|
||||
volatile unsigned char *p = (unsigned char *)v; while ( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
|
||||
#ifndef PUT_UINT32_BE
|
||||
#define PUT_UINT32_BE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
|
||||
{
|
||||
if ( ctx == NULL ) {
|
||||
return;
|
||||
}
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
|
||||
const mbedtls_sha1_context *src )
|
||||
{
|
||||
memcpy(dst, src, sizeof(mbedtls_sha1_context));
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA-1 context setup
|
||||
*/
|
||||
int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
|
||||
{
|
||||
ctx->total[0] = 0;
|
||||
ctx->total[1] = 0;
|
||||
|
||||
memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
|
||||
ctx->mode = SHA1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
|
||||
{
|
||||
mbedtls_sha1_starts_ret( ctx );
|
||||
}
|
||||
#endif
|
||||
|
||||
static int esp_internal_sha1_dma_process(mbedtls_sha1_context *ctx,
|
||||
const uint8_t *data, size_t len,
|
||||
uint8_t *buf, size_t buf_len)
|
||||
{
|
||||
return esp_sha_dma(SHA1, data, len, buf, buf_len, ctx->first_block);
|
||||
}
|
||||
|
||||
int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
|
||||
{
|
||||
int ret;
|
||||
esp_sha_acquire_hardware();
|
||||
ret = esp_sha_dma(ctx->mode, data, 64, 0, 0, ctx->first_block);
|
||||
esp_sha_release_hardware();
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_sha1_process( ctx, data );
|
||||
}
|
||||
#endif
|
||||
|
||||
int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
|
||||
{
|
||||
int ret;
|
||||
size_t fill;
|
||||
uint32_t left, len, local_len = 0;
|
||||
|
||||
if ( !ilen || (input == NULL)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
left = ctx->total[0] & 0x3F;
|
||||
fill = 64 - left;
|
||||
|
||||
ctx->total[0] += (uint32_t) ilen;
|
||||
ctx->total[0] &= 0xFFFFFFFF;
|
||||
|
||||
if ( ctx->total[0] < (uint32_t) ilen ) {
|
||||
ctx->total[1]++;
|
||||
}
|
||||
|
||||
if ( left && ilen >= fill ) {
|
||||
memcpy( (void *) (ctx->buffer + left), input, fill );
|
||||
|
||||
input += fill;
|
||||
ilen -= fill;
|
||||
left = 0;
|
||||
local_len = 64;
|
||||
}
|
||||
|
||||
len = (ilen / 64) * 64;
|
||||
if ( len || local_len) {
|
||||
|
||||
esp_sha_acquire_hardware();
|
||||
|
||||
if (ctx->sha_state == ESP_SHA1_STATE_INIT) {
|
||||
ctx->first_block = true;
|
||||
ctx->sha_state = ESP_SHA1_STATE_IN_PROCESS;
|
||||
} else if (ctx->sha_state == ESP_SHA1_STATE_IN_PROCESS) {
|
||||
ctx->first_block = false;
|
||||
esp_sha_write_digest_state(SHA1, ctx->state);
|
||||
}
|
||||
|
||||
ret = esp_internal_sha1_dma_process(ctx, input, len, ctx->buffer, local_len);
|
||||
|
||||
esp_sha_read_digest_state(SHA1, ctx->state);
|
||||
|
||||
esp_sha_release_hardware();
|
||||
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if ( ilen > 0 ) {
|
||||
memcpy( (void *) (ctx->buffer + left), input + len, ilen - len );
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha1_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
static const unsigned char sha1_padding[64] = {
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||
};
|
||||
|
||||
/*
|
||||
* SHA-1 final digest
|
||||
*/
|
||||
int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] )
|
||||
{
|
||||
int ret;
|
||||
uint32_t last, padn;
|
||||
uint32_t high, low;
|
||||
unsigned char msglen[8];
|
||||
|
||||
high = ( ctx->total[0] >> 29 )
|
||||
| ( ctx->total[1] << 3 );
|
||||
low = ( ctx->total[0] << 3 );
|
||||
|
||||
PUT_UINT32_BE( high, msglen, 0 );
|
||||
PUT_UINT32_BE( low, msglen, 4 );
|
||||
|
||||
last = ctx->total[0] & 0x3F;
|
||||
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
|
||||
|
||||
|
||||
if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) {
|
||||
return ret;
|
||||
}
|
||||
if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
memcpy(output, ctx->state, 20);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
|
||||
unsigned char output[20] )
|
||||
{
|
||||
mbedtls_sha1_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */
|
|
@ -0,0 +1,267 @@
|
|||
/*
|
||||
* SHA-256 implementation with hardware ESP32 support added.
|
||||
* Uses mbedTLS software implementation for failover when concurrent
|
||||
* SHA operations are in use.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE LTD
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* The SHA-256 Secure Hash Standard was published by NIST in 2002.
|
||||
*
|
||||
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT)
|
||||
|
||||
#include "mbedtls/sha256.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#include "esp32s3/sha.h"
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n )
|
||||
{
|
||||
volatile unsigned char *p = v; while ( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
#ifndef GET_UINT32_BE
|
||||
#define GET_UINT32_BE(n,b,i) \
|
||||
do { \
|
||||
(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
|
||||
| ( (uint32_t) (b)[(i) + 1] << 16 ) \
|
||||
| ( (uint32_t) (b)[(i) + 2] << 8 ) \
|
||||
| ( (uint32_t) (b)[(i) + 3] ); \
|
||||
} while( 0 )
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT32_BE
|
||||
#define PUT_UINT32_BE(n,b,i) \
|
||||
do { \
|
||||
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
||||
} while( 0 )
|
||||
#endif
|
||||
|
||||
void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
|
||||
{
|
||||
if ( ctx == NULL ) {
|
||||
return;
|
||||
}
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
|
||||
const mbedtls_sha256_context *src )
|
||||
{
|
||||
*dst = *src;
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA-256 context setup
|
||||
*/
|
||||
int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
|
||||
|
||||
if ( is224 ) {
|
||||
ctx->mode = SHA2_224;
|
||||
} else {
|
||||
ctx->mode = SHA2_256;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
|
||||
int is224 )
|
||||
{
|
||||
mbedtls_sha256_starts_ret( ctx, is224 );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
|
||||
{
|
||||
int ret;
|
||||
esp_sha_acquire_hardware();
|
||||
ret = esp_sha_dma(ctx->mode, data, 64, 0, 0, ctx->first_block);
|
||||
esp_sha_release_hardware();
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
|
||||
const unsigned char data[64] )
|
||||
{
|
||||
mbedtls_internal_sha256_process( ctx, data );
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* SHA-256 process buffer
|
||||
*/
|
||||
int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
int ret = 0;
|
||||
size_t fill;
|
||||
uint32_t left, len, local_len = 0;
|
||||
|
||||
if ( ilen == 0 ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
left = ctx->total[0] & 0x3F;
|
||||
fill = 64 - left;
|
||||
|
||||
ctx->total[0] += (uint32_t) ilen;
|
||||
ctx->total[0] &= 0xFFFFFFFF;
|
||||
|
||||
if ( ctx->total[0] < (uint32_t) ilen ) {
|
||||
ctx->total[1]++;
|
||||
}
|
||||
|
||||
/* Check if any data pending from previous call to this API */
|
||||
if ( left && ilen >= fill ) {
|
||||
memcpy( (void *) (ctx->buffer + left), input, fill );
|
||||
|
||||
input += fill;
|
||||
ilen -= fill;
|
||||
left = 0;
|
||||
local_len = 64;
|
||||
}
|
||||
|
||||
len = (ilen / 64) * 64;
|
||||
|
||||
if ( len || local_len) {
|
||||
esp_sha_acquire_hardware();
|
||||
|
||||
if (ctx->sha_state == ESP_SHA256_STATE_INIT) {
|
||||
ctx->first_block = true;
|
||||
ctx->sha_state = ESP_SHA256_STATE_IN_PROCESS;
|
||||
} else if (ctx->sha_state == ESP_SHA256_STATE_IN_PROCESS) {
|
||||
ctx->first_block = false;
|
||||
esp_sha_write_digest_state(ctx->mode, ctx->state);
|
||||
}
|
||||
|
||||
ret = esp_sha_dma(ctx->mode, input, len, ctx->buffer, local_len, ctx->first_block);
|
||||
|
||||
esp_sha_read_digest_state(ctx->mode, ctx->state);
|
||||
|
||||
esp_sha_release_hardware();
|
||||
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
if ( ilen > 0 ) {
|
||||
memcpy( (void *) (ctx->buffer + left), input + len, ilen - len );
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha256_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
static const unsigned char sha256_padding[64] = {
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||
};
|
||||
|
||||
/*
|
||||
* SHA-256 final digest
|
||||
*/
|
||||
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] )
|
||||
{
|
||||
int ret;
|
||||
uint32_t last, padn;
|
||||
uint32_t high, low;
|
||||
unsigned char msglen[8];
|
||||
|
||||
high = ( ctx->total[0] >> 29 )
|
||||
| ( ctx->total[1] << 3 );
|
||||
low = ( ctx->total[0] << 3 );
|
||||
|
||||
PUT_UINT32_BE( high, msglen, 0 );
|
||||
PUT_UINT32_BE( low, msglen, 4 );
|
||||
|
||||
last = ctx->total[0] & 0x3F;
|
||||
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
|
||||
|
||||
if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
memcpy(output, ctx->state, 32);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
|
||||
unsigned char output[32] )
|
||||
{
|
||||
mbedtls_sha256_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */
|
|
@ -0,0 +1,317 @@
|
|||
/*
|
||||
* SHA-512 implementation with hardware ESP32 support added.
|
||||
* Uses mbedTLS software implementation for failover when concurrent
|
||||
* SHA operations are in use.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE LTD
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* The SHA-512 Secure Hash Standard was published by NIST in 2002.
|
||||
*
|
||||
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
|
||||
*/
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include "mbedtls/config.h"
|
||||
#else
|
||||
#include MBEDTLS_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT)
|
||||
|
||||
#include "mbedtls/sha512.h"
|
||||
|
||||
#if defined(_MSC_VER) || defined(__WATCOMC__)
|
||||
#define UL64(x) x##ui64
|
||||
#else
|
||||
#define UL64(x) x##ULL
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#define mbedtls_printf printf
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
#endif /* MBEDTLS_SELF_TEST */
|
||||
|
||||
#include "esp32s3/sha.h"
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_zeroize( void *v, size_t n )
|
||||
{
|
||||
volatile unsigned char *p = v; while ( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 64-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
#ifndef PUT_UINT64_BE
|
||||
#define PUT_UINT64_BE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
|
||||
(b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) + 7] = (unsigned char) ( (n) ); \
|
||||
}
|
||||
#endif /* PUT_UINT64_BE */
|
||||
|
||||
void esp_sha512_set_mode(mbedtls_sha512_context *ctx, esp_sha_type type)
|
||||
{
|
||||
switch (type) {
|
||||
case SHA2_384:
|
||||
case SHA2_512224:
|
||||
case SHA2_512256:
|
||||
case SHA2_512T:
|
||||
ctx->mode = type;
|
||||
break;
|
||||
default:
|
||||
ctx->mode = SHA2_512;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* For SHA512/t mode the intial hash value will depend on t */
|
||||
void esp_sha512_set_t( mbedtls_sha512_context *ctx, uint16_t t_val)
|
||||
{
|
||||
ctx->t_val = t_val;
|
||||
}
|
||||
|
||||
void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
|
||||
{
|
||||
if ( ctx == NULL ) {
|
||||
return;
|
||||
}
|
||||
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
|
||||
const mbedtls_sha512_context *src )
|
||||
{
|
||||
memcpy(dst, src, sizeof(mbedtls_sha512_context));
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA-512 context setup
|
||||
*/
|
||||
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
|
||||
{
|
||||
mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
|
||||
|
||||
if ( is384 ) {
|
||||
ctx->mode = SHA2_384;
|
||||
} else {
|
||||
ctx->mode = SHA2_512;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
|
||||
int is384 )
|
||||
{
|
||||
mbedtls_sha512_starts_ret( ctx, is384 );
|
||||
}
|
||||
#endif
|
||||
|
||||
static int esp_internal_sha512_dma_process(mbedtls_sha512_context *ctx,
|
||||
const uint8_t *data, size_t len,
|
||||
uint8_t *buf, size_t buf_len)
|
||||
{
|
||||
|
||||
|
||||
return esp_sha_dma(ctx->mode, data, len, buf, buf_len, ctx->first_block);
|
||||
|
||||
|
||||
}
|
||||
|
||||
int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
|
||||
{
|
||||
int ret;
|
||||
esp_sha_acquire_hardware();
|
||||
ret = esp_internal_sha512_dma_process(ctx, data, 128, 0, 0);
|
||||
esp_sha_release_hardware();
|
||||
|
||||
return ret;
|
||||
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
|
||||
const unsigned char data[128] )
|
||||
{
|
||||
mbedtls_internal_sha512_process( ctx, data );
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* SHA-512 process buffer
|
||||
*/
|
||||
int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
int ret;
|
||||
size_t fill;
|
||||
unsigned int left, len, local_len = 0;
|
||||
|
||||
if ( ilen == 0 ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
left = (unsigned int) (ctx->total[0] & 0x7F);
|
||||
fill = 128 - left;
|
||||
|
||||
ctx->total[0] += (uint64_t) ilen;
|
||||
|
||||
if ( ctx->total[0] < (uint64_t) ilen ) {
|
||||
ctx->total[1]++;
|
||||
}
|
||||
|
||||
if ( left && ilen >= fill ) {
|
||||
memcpy( (void *) (ctx->buffer + left), input, fill );
|
||||
|
||||
input += fill;
|
||||
ilen -= fill;
|
||||
left = 0;
|
||||
local_len = 128;
|
||||
}
|
||||
|
||||
len = (ilen / 128) * 128;
|
||||
|
||||
if ( len || local_len) {
|
||||
|
||||
esp_sha_acquire_hardware();
|
||||
|
||||
if (ctx->sha_state == ESP_SHA512_STATE_INIT) {
|
||||
|
||||
if (ctx->mode == SHA2_512T) {
|
||||
esp_sha_512_t_init_hash(ctx->t_val);
|
||||
ctx->first_block = false;
|
||||
} else {
|
||||
ctx->first_block = true;
|
||||
}
|
||||
ctx->sha_state = ESP_SHA512_STATE_IN_PROCESS;
|
||||
|
||||
} else if (ctx->sha_state == ESP_SHA512_STATE_IN_PROCESS) {
|
||||
ctx->first_block = false;
|
||||
esp_sha_write_digest_state(ctx->mode, ctx->state);
|
||||
}
|
||||
|
||||
ret = esp_internal_sha512_dma_process(ctx, input, len, ctx->buffer, local_len);
|
||||
|
||||
esp_sha_read_digest_state(ctx->mode, ctx->state);
|
||||
|
||||
esp_sha_release_hardware();
|
||||
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
if ( ilen > 0 ) {
|
||||
memcpy( (void *) (ctx->buffer + left), input + len, ilen - len );
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
|
||||
const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
mbedtls_sha512_update_ret( ctx, input, ilen );
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
static const unsigned char sha512_padding[128] = {
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||
};
|
||||
|
||||
/*
|
||||
* SHA-512 final digest
|
||||
*/
|
||||
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] )
|
||||
{
|
||||
int ret;
|
||||
size_t last, padn;
|
||||
uint64_t high, low;
|
||||
unsigned char msglen[16];
|
||||
|
||||
high = ( ctx->total[0] >> 61 )
|
||||
| ( ctx->total[1] << 3 );
|
||||
low = ( ctx->total[0] << 3 );
|
||||
|
||||
PUT_UINT64_BE( high, msglen, 0 );
|
||||
PUT_UINT64_BE( low, msglen, 8 );
|
||||
|
||||
last = (size_t)( ctx->total[0] & 0x7F );
|
||||
padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
|
||||
|
||||
if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (ctx->mode == SHA2_384) {
|
||||
memcpy(output, ctx->state, 48);
|
||||
} else {
|
||||
memcpy(output, ctx->state, 64);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
|
||||
unsigned char output[64] )
|
||||
{
|
||||
mbedtls_sha512_finish_ret( ctx, output );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */
|
|
@ -0,0 +1,384 @@
|
|||
/*
|
||||
* ESP32 hardware accelerated SHA1/256/512 implementation
|
||||
* based on mbedTLS FIPS-197 compliant version.
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
* Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
/*
|
||||
* The SHA-1 standard was published by NIST in 1993.
|
||||
*
|
||||
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
|
||||
*/
|
||||
|
||||
typedef int _lock_t;
|
||||
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/lock.h>
|
||||
#include "esp_err.h"
|
||||
#include "esp_log.h"
|
||||
#include "esp32s3/rom/ets_sys.h"
|
||||
#include "soc/dport_reg.h"
|
||||
#include "soc/hwcrypto_reg.h"
|
||||
#include "soc/soc_memory_layout.h"
|
||||
|
||||
#include "esp32s3/rom/cache.h"
|
||||
|
||||
#include "soc/cache_memory.h"
|
||||
|
||||
#include "freertos/FreeRTOS.h"
|
||||
#include "freertos/semphr.h"
|
||||
|
||||
#include "esp32s3/sha.h"
|
||||
#include "esp32s3/rom/lldesc.h"
|
||||
#include "soc/periph_defs.h"
|
||||
#include "driver/periph_ctrl.h"
|
||||
#include "sys/param.h"
|
||||
#include "soc/gdma_struct.h"
|
||||
#include "soc/extmem_reg.h"
|
||||
|
||||
#define DMA_PERIPH_AES 6 /* DMA peripheral indexes */
|
||||
#define DMA_PERIPH_SHA 7
|
||||
#define DMA_CHANNEL 1 /* note: hard-coded */
|
||||
|
||||
/* Max amount of bytes in a single DMA operation is 4095,
|
||||
for SHA this means that the biggest safe amount of bytes is
|
||||
31 blocks of 128 bytes = 3968
|
||||
*/
|
||||
#define SHA_DMA_MAX_BYTES 3968
|
||||
|
||||
/* Lock for SHA engine */
|
||||
static _lock_t s_sha_lock;
|
||||
|
||||
const static char *TAG = "esp-sha";
|
||||
|
||||
inline static size_t block_length(esp_sha_type type)
|
||||
{
|
||||
switch (type) {
|
||||
case SHA1:
|
||||
case SHA2_224:
|
||||
case SHA2_256:
|
||||
return 64;
|
||||
case SHA2_384:
|
||||
case SHA2_512:
|
||||
case SHA2_512224:
|
||||
case SHA2_512256:
|
||||
case SHA2_512T:
|
||||
return 128;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Return state size (in bytes) for a given SHA type */
|
||||
inline static size_t state_length(esp_sha_type type)
|
||||
{
|
||||
switch (type) {
|
||||
case SHA1:
|
||||
return 160 / 8;
|
||||
case SHA2_224:
|
||||
case SHA2_256:
|
||||
return 256 / 8;
|
||||
case SHA2_384:
|
||||
case SHA2_512:
|
||||
case SHA2_512224:
|
||||
case SHA2_512256:
|
||||
case SHA2_512T:
|
||||
return 512 / 8;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Enable SHA peripheral and then lock it */
|
||||
void esp_sha_acquire_hardware()
|
||||
{
|
||||
_lock_acquire(&s_sha_lock);
|
||||
|
||||
/* Enable SHA and DMA hardware */
|
||||
//periph_module_enable(PERIPH_SHA_DMA_MODULE);
|
||||
REG_SET_BIT(SYSTEM_PERIP_CLK_EN1_REG, SYSTEM_CRYPTO_SHA_CLK_EN | SYSTEM_DMA_CLK_EN);
|
||||
REG_CLR_BIT(SYSTEM_PERIP_RST_EN1_REG, SYSTEM_CRYPTO_SHA_RST | SYSTEM_CRYPTO_HMAC_RST |
|
||||
SYSTEM_DMA_RST | SYSTEM_CRYPTO_DS_RST);
|
||||
|
||||
|
||||
}
|
||||
|
||||
/* Disable SHA peripheral block and then release it */
|
||||
void esp_sha_release_hardware()
|
||||
{
|
||||
/* Disable SHA and DMA hardware */
|
||||
//periph_module_disable(PERIPH_SHA_MODULE);
|
||||
REG_SET_BIT(SYSTEM_PERIP_RST_EN1_REG, SYSTEM_CRYPTO_SHA_RST | SYSTEM_DMA_RST |
|
||||
SYSTEM_CRYPTO_DS_RST);
|
||||
REG_CLR_BIT(SYSTEM_PERIP_CLK_EN1_REG, SYSTEM_CRYPTO_SHA_CLK_EN | SYSTEM_DMA_CLK_EN);
|
||||
|
||||
_lock_release(&s_sha_lock);
|
||||
|
||||
}
|
||||
|
||||
|
||||
/* Busy wait until SHA is idle */
|
||||
static void esp_sha_wait_idle(void)
|
||||
{
|
||||
while (DPORT_REG_READ(SHA_BUSY_REG) != 0) {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state)
|
||||
{
|
||||
uint32_t *digest_state_words = (uint32_t *)digest_state;
|
||||
uint32_t *reg_addr_buf = (uint32_t *)(SHA_H_BASE);
|
||||
|
||||
for (int i = 0; i < state_length(sha_type) / 4; i++) {
|
||||
REG_WRITE(®_addr_buf[i], digest_state_words[i]);
|
||||
}
|
||||
}
|
||||
|
||||
/* Read the SHA digest from hardware */
|
||||
void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state)
|
||||
{
|
||||
uint32_t *digest_state_words = (uint32_t *)digest_state;
|
||||
int word_len = state_length(sha_type) / 4;
|
||||
|
||||
esp_dport_access_read_buffer(digest_state_words, SHA_H_BASE, word_len);
|
||||
|
||||
/* Fault injection check: verify SHA engine actually ran,
|
||||
state is not all zeroes.
|
||||
*/
|
||||
for (int i = 0; i < word_len; i++) {
|
||||
if (digest_state_words[i] != 0) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
abort(); // SHA peripheral returned all zero state, probably due to fault injection
|
||||
}
|
||||
|
||||
|
||||
static int esp_sha_dma_process(esp_sha_type sha_type, const void *input, uint32_t ilen,
|
||||
const void *buf, uint32_t buf_len, bool is_first_block);
|
||||
|
||||
/* Performs SHA on multiple blocks at a time using DMA
|
||||
splits up into smaller operations for inputs that exceed a single DMA list
|
||||
*/
|
||||
int esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen,
|
||||
const void *buf, uint32_t buf_len, bool is_first_block)
|
||||
{
|
||||
int ret = 0;
|
||||
const void *dma_input;
|
||||
unsigned char *non_icache_input = NULL;
|
||||
unsigned char *non_icache_buf = NULL;
|
||||
int dma_op_num = ( ilen / (SHA_DMA_MAX_BYTES + 1) ) + 1;
|
||||
|
||||
if (buf_len > 128) {
|
||||
ESP_LOGE(TAG, "SHA DMA buf_len cannot exceed max size for a single block");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* DMA cannot access memory in the iCache range, copy data to temporary buffers before transfer */
|
||||
if (!esp_ptr_dma_capable(input) && ilen) {
|
||||
non_icache_input = malloc(sizeof(unsigned char) * MIN(ilen, SHA_DMA_MAX_BYTES));
|
||||
if (non_icache_input == NULL) {
|
||||
ESP_LOGE(TAG, "Failed to allocate memory");
|
||||
ret = ESP_ERR_NO_MEM;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
if (!esp_ptr_dma_capable(buf) && buf_len) {
|
||||
non_icache_buf = malloc(sizeof(unsigned char) * buf_len);
|
||||
if (non_icache_buf == NULL) {
|
||||
ESP_LOGE(TAG, "Failed to allocate memory");
|
||||
ret = ESP_ERR_NO_MEM;
|
||||
goto cleanup;
|
||||
}
|
||||
memcpy(non_icache_buf, buf, buf_len);
|
||||
buf = non_icache_buf;
|
||||
}
|
||||
|
||||
/* The max amount of blocks in a single hardware operation is 2^6 - 1 = 63
|
||||
Thus we only do a single DMA input list + dma buf list,
|
||||
which is max 3968/64 + 64/64 = 63 blocks */
|
||||
for (int i = 0; i < dma_op_num; i++) {
|
||||
int dma_chunk_len = MIN(ilen, SHA_DMA_MAX_BYTES);
|
||||
|
||||
|
||||
/* Input depends on if it's a temp alloc buffer or supplied by user */
|
||||
if (non_icache_input != NULL) {
|
||||
memcpy(non_icache_input, input, dma_chunk_len);
|
||||
dma_input = non_icache_input;
|
||||
} else {
|
||||
dma_input = input;
|
||||
}
|
||||
|
||||
ret = esp_sha_dma_process(sha_type, dma_input, dma_chunk_len, buf, buf_len, is_first_block);
|
||||
|
||||
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
is_first_block = false;
|
||||
|
||||
|
||||
ilen -= dma_chunk_len;
|
||||
input += dma_chunk_len;
|
||||
|
||||
// Only append buf to the first operation
|
||||
buf_len = 0;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
free(non_icache_input);
|
||||
free(non_icache_buf);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void esp_sha_dma_init(lldesc_t *input)
|
||||
{
|
||||
/* Reset DMA */
|
||||
REG_CLR_BIT(SYSTEM_PERIP_CLK_EN1_REG, SYSTEM_DMA_CLK_EN);
|
||||
REG_SET_BIT(SYSTEM_PERIP_CLK_EN1_REG, SYSTEM_DMA_CLK_EN);
|
||||
REG_SET_BIT(SYSTEM_PERIP_RST_EN1_REG, SYSTEM_DMA_RST);
|
||||
REG_CLR_BIT(SYSTEM_PERIP_RST_EN1_REG, SYSTEM_DMA_RST);
|
||||
|
||||
/* NOTE: all hardcoded to DMA channel 1 */
|
||||
/* Note: burst mode has alignment requirements that we have not checked here */
|
||||
GDMA.conf0[0].outdscr_burst_en = 0; /* was 1*/
|
||||
GDMA.conf0[0].out_data_burst_en = 0; /* was 1*/
|
||||
GDMA.conf0[0].out_auto_wrback = 0;
|
||||
|
||||
GDMA.peri_sel[0].peri_out_sel = DMA_PERIPH_SHA;
|
||||
|
||||
GDMA.sram_size[0].in_size = 3; /* 40 bytes, also minimum size for EDMA */
|
||||
GDMA.sram_size[0].out_size = 3;
|
||||
GDMA.conf1[0].in_ext_mem_bk_size = 0; // 16 bytes
|
||||
GDMA.conf1[0].out_ext_mem_bk_size = 0; // 16 bytes
|
||||
|
||||
/* Set descriptors */
|
||||
GDMA.out_link[0].addr = (uint32_t)input;
|
||||
|
||||
GDMA.conf0[0].in_rst = 1;
|
||||
GDMA.conf0[0].in_rst = 0;
|
||||
GDMA.conf0[0].out_rst = 1;
|
||||
GDMA.conf0[0].out_rst = 0;
|
||||
|
||||
/* Start transfer */
|
||||
GDMA.out_link[0].start = 1;
|
||||
}
|
||||
|
||||
/* The initial hash value for SHA512/t is generated according to the
|
||||
algorithm described in the TRM, chapter SHA-Accelerator
|
||||
*/
|
||||
int esp_sha_512_t_init_hash(uint16_t t)
|
||||
{
|
||||
uint32_t t_string = 0;
|
||||
uint8_t t0, t1, t2, t_len;
|
||||
|
||||
if (t == 384) {
|
||||
ESP_LOGE(TAG, "Invalid t for SHA512/t, t = %u,cannot be 384", t);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (t <= 9) {
|
||||
t_string = (uint32_t)((1 << 23) | ((0x30 + t) << 24));
|
||||
t_len = 0x48;
|
||||
} else if (t <= 99) {
|
||||
t0 = t % 10;
|
||||
t1 = (t / 10) % 10;
|
||||
t_string = (uint32_t)((1 << 15) | ((0x30 + t0) << 16) |
|
||||
(((0x30 + t1) << 24)));
|
||||
t_len = 0x50;
|
||||
} else if (t <= 512) {
|
||||
t0 = t % 10;
|
||||
t1 = (t / 10) % 10;
|
||||
t2 = t / 100;
|
||||
t_string = (uint32_t)((1 << 7) | ((0x30 + t0) << 8) |
|
||||
(((0x30 + t1) << 16) + ((0x30 + t2) << 24)));
|
||||
t_len = 0x58;
|
||||
} else {
|
||||
ESP_LOGE(TAG, "Invalid t for SHA512/t, t = %u, must equal or less than 512", t);
|
||||
return -1;
|
||||
}
|
||||
|
||||
REG_WRITE(SHA_T_LENGTH_REG, t_len);
|
||||
REG_WRITE(SHA_T_STRING_REG, t_string);
|
||||
REG_WRITE(SHA_MODE_REG, SHA2_512T);
|
||||
REG_WRITE(SHA_START_REG, 1);
|
||||
|
||||
esp_sha_wait_idle();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Performs SHA on multiple blocks at a time */
|
||||
static int esp_sha_dma_process(esp_sha_type sha_type, const void *input, uint32_t ilen,
|
||||
const void *buf, uint32_t buf_len, bool is_first_block)
|
||||
{
|
||||
size_t blk_len = 0;
|
||||
int ret = 0;
|
||||
lldesc_t dma_descr_input = {};
|
||||
lldesc_t dma_descr_buf = {};
|
||||
lldesc_t *dma_descr_head;
|
||||
|
||||
blk_len = block_length(sha_type);
|
||||
|
||||
REG_WRITE(SHA_MODE_REG, sha_type);
|
||||
REG_WRITE(SHA_BLOCK_NUM_REG, ((ilen + buf_len) / blk_len));
|
||||
|
||||
|
||||
/* DMA descriptor for Memory to DMA-SHA transfer */
|
||||
if (ilen) {
|
||||
dma_descr_input.length = ilen;
|
||||
dma_descr_input.size = ilen;
|
||||
dma_descr_input.owner = 1;
|
||||
dma_descr_input.eof = 1;
|
||||
dma_descr_input.buf = (void *)input;
|
||||
dma_descr_head = &dma_descr_input;
|
||||
}
|
||||
/* Check after input to overide head if there is any buf*/
|
||||
if (buf_len) {
|
||||
dma_descr_buf.length = buf_len;
|
||||
dma_descr_buf.size = buf_len;
|
||||
dma_descr_buf.owner = 1;
|
||||
dma_descr_buf.eof = 1;
|
||||
dma_descr_buf.buf = (void *)buf;
|
||||
dma_descr_head = &dma_descr_buf;
|
||||
}
|
||||
|
||||
/* Link DMA lists */
|
||||
if (buf_len && ilen) {
|
||||
dma_descr_buf.eof = 0;
|
||||
dma_descr_buf.empty = (uint32_t)(&dma_descr_input);
|
||||
}
|
||||
|
||||
esp_sha_dma_init(dma_descr_head);
|
||||
|
||||
/* Start hashing */
|
||||
if (is_first_block) {
|
||||
REG_WRITE(SHA_DMA_START_REG, 1);
|
||||
} else {
|
||||
REG_WRITE(SHA_DMA_CONTINUE_REG, 1);
|
||||
}
|
||||
|
||||
esp_sha_wait_idle();
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
@ -40,10 +40,16 @@
|
|||
|
||||
#if CONFIG_IDF_TARGET_ESP32
|
||||
#include "esp32/aes.h"
|
||||
#elif CONFIG_IDF_TARGET_ESP32S2
|
||||
#endif
|
||||
|
||||
#if CONFIG_IDF_TARGET_ESP32S2
|
||||
#include "esp32s2/aes.h"
|
||||
#endif
|
||||
|
||||
#if CONFIG_IDF_TARGET_ESP32S3
|
||||
#include "esp32s3/aes.h"
|
||||
#endif
|
||||
|
||||
void esp_aes_xts_init( esp_aes_xts_context *ctx )
|
||||
{
|
||||
esp_aes_init( &ctx->crypt );
|
||||
|
|
|
@ -12,6 +12,284 @@
|
|||
#include "esp_heap_caps.h"
|
||||
#include "test_utils.h"
|
||||
|
||||
static const uint8_t key_256[] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
||||
};
|
||||
|
||||
static const uint8_t iv[] = {
|
||||
0x10, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09,
|
||||
0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01,
|
||||
};
|
||||
|
||||
/* Cipher produced via this Python:
|
||||
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
|
||||
def as_c_array(byte_arr):
|
||||
|
||||
hex_str = ''
|
||||
for idx, byte in enumerate(byte_arr):
|
||||
hex_str += "0x{:02x}, ".format(byte)
|
||||
bytes_per_line = 8
|
||||
if idx % bytes_per_line == bytes_per_line - 1:
|
||||
hex_str += '\n'
|
||||
|
||||
return hex_str
|
||||
|
||||
key = bytearray(range(32))
|
||||
iv = bytearray(range(16, 0, -1))
|
||||
|
||||
print("Key: \n{}".format(as_c_array(key)))
|
||||
print("IV: \n{}".format(as_c_array(iv)))
|
||||
|
||||
# Replace CTR with desired mode
|
||||
cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=default_backend())
|
||||
encryptor = cipher.encryptor()
|
||||
|
||||
input_len = 1000
|
||||
|
||||
plain = b'\x3A'*input_len
|
||||
print(as_c_array(plain))
|
||||
ct = encryptor.update(plain) + encryptor.finalize()
|
||||
|
||||
print("Chipertext: {}".format(as_c_array(ct)))
|
||||
*/
|
||||
TEST_CASE("mbedtls CBC AES-256 test", "[aes]")
|
||||
{
|
||||
const unsigned SZ = 1600;
|
||||
mbedtls_aes_context ctx;
|
||||
uint8_t nonce[16];
|
||||
|
||||
const uint8_t expected_cipher_end[] = {
|
||||
0x3e, 0x68, 0x8a, 0x02, 0xe6, 0xf2, 0x6a, 0x9e,
|
||||
0x9b, 0xb2, 0xc0, 0xc4, 0x63, 0x63, 0xd9, 0x25,
|
||||
0x51, 0xdc, 0xc2, 0x71, 0x96, 0xb3, 0xe5, 0xcd,
|
||||
0xbd, 0x0e, 0xf2, 0xef, 0xa9, 0xab, 0xab, 0x2d,
|
||||
};
|
||||
|
||||
memcpy(nonce, iv, 16);
|
||||
|
||||
// allocate internal memory
|
||||
uint8_t *chipertext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *plaintext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *decryptedtext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
|
||||
TEST_ASSERT_NOT_NULL(chipertext);
|
||||
TEST_ASSERT_NOT_NULL(plaintext);
|
||||
TEST_ASSERT_NOT_NULL(decryptedtext);
|
||||
|
||||
mbedtls_aes_init(&ctx);
|
||||
mbedtls_aes_setkey_enc(&ctx, key_256, 256);
|
||||
|
||||
memset(plaintext, 0x3A, SZ);
|
||||
memset(decryptedtext, 0x0, SZ);
|
||||
|
||||
// Encrypt
|
||||
mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, SZ, nonce, plaintext, chipertext);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher_end, chipertext + SZ - 32, 32);
|
||||
|
||||
// Decrypt
|
||||
memcpy(nonce, iv, 16);
|
||||
mbedtls_aes_setkey_dec(&ctx, key_256, 256);
|
||||
mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_DECRYPT, SZ, nonce, chipertext, decryptedtext);
|
||||
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ);
|
||||
|
||||
free(plaintext);
|
||||
free(chipertext);
|
||||
free(decryptedtext);
|
||||
}
|
||||
|
||||
TEST_CASE("mbedtls CTR AES-256 test", "[aes]")
|
||||
{
|
||||
const unsigned SZ = 1000;
|
||||
mbedtls_aes_context ctx;
|
||||
uint8_t nonce[16];
|
||||
uint8_t stream_block[16];
|
||||
size_t nc_off = 0;
|
||||
|
||||
const uint8_t expected_cipher_end[] = {
|
||||
0xd4, 0xdc, 0x4f, 0x8f, 0xfe, 0x86, 0xee, 0xb5,
|
||||
0x14, 0x7f, 0xba, 0x30, 0x25, 0xa6, 0x7f, 0x6c,
|
||||
0xb5, 0x73, 0xaf, 0x90, 0xd7, 0xff, 0x36, 0xba,
|
||||
0x2b, 0x1d, 0xec, 0xb9, 0x38, 0xfa, 0x0d, 0xeb,
|
||||
};
|
||||
|
||||
memcpy(nonce, iv, 16);
|
||||
|
||||
// allocate internal memory
|
||||
uint8_t *chipertext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *plaintext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *decryptedtext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
|
||||
TEST_ASSERT_NOT_NULL(chipertext);
|
||||
TEST_ASSERT_NOT_NULL(plaintext);
|
||||
TEST_ASSERT_NOT_NULL(decryptedtext);
|
||||
|
||||
mbedtls_aes_init(&ctx);
|
||||
mbedtls_aes_setkey_enc(&ctx, key_256, 256);
|
||||
|
||||
memset(plaintext, 0x3A, SZ);
|
||||
memset(decryptedtext, 0x0, SZ);
|
||||
|
||||
// Encrypt
|
||||
mbedtls_aes_crypt_ctr(&ctx, SZ, &nc_off, nonce, stream_block, plaintext, chipertext);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher_end, chipertext + SZ - 32, 32);
|
||||
|
||||
// Decrypt
|
||||
nc_off = 0;
|
||||
memcpy(nonce, iv, 16);
|
||||
mbedtls_aes_crypt_ctr(&ctx, SZ, &nc_off, nonce, stream_block, chipertext, decryptedtext);
|
||||
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ);
|
||||
|
||||
free(plaintext);
|
||||
free(chipertext);
|
||||
free(decryptedtext);
|
||||
}
|
||||
|
||||
TEST_CASE("mbedtls OFB AES-256 test", "[aes]")
|
||||
{
|
||||
const unsigned SZ = 1000;
|
||||
mbedtls_aes_context ctx;
|
||||
uint8_t nonce[16];
|
||||
size_t nc_off = 0;
|
||||
|
||||
const uint8_t expected_cipher_end[] = {
|
||||
0xca, 0xc3, 0x05, 0x77, 0xae, 0xb9, 0x38, 0xd6,
|
||||
0x03, 0x0a, 0xad, 0x90, 0x6e, 0xdd, 0xf3, 0x9a,
|
||||
0x41, 0x4d, 0x71, 0x30, 0x04, 0x9f, 0xd3, 0x53,
|
||||
0xb7, 0x5e, 0xb4, 0xfd, 0x93, 0xf8, 0x31, 0x6a,
|
||||
};
|
||||
|
||||
memcpy(nonce, iv, 16);
|
||||
|
||||
// allocate internal memory
|
||||
uint8_t *chipertext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *plaintext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *decryptedtext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
|
||||
TEST_ASSERT_NOT_NULL(chipertext);
|
||||
TEST_ASSERT_NOT_NULL(plaintext);
|
||||
TEST_ASSERT_NOT_NULL(decryptedtext);
|
||||
|
||||
mbedtls_aes_init(&ctx);
|
||||
mbedtls_aes_setkey_enc(&ctx, key_256, 256);
|
||||
|
||||
memset(plaintext, 0x3A, SZ);
|
||||
memset(decryptedtext, 0x0, SZ);
|
||||
|
||||
// Encrypt
|
||||
mbedtls_aes_crypt_ofb(&ctx, SZ, &nc_off, nonce, plaintext, chipertext);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher_end, chipertext + SZ - 32, 32);
|
||||
|
||||
// Decrypt
|
||||
nc_off = 0;
|
||||
memcpy(nonce, iv, 16);
|
||||
mbedtls_aes_crypt_ofb(&ctx, SZ, &nc_off, nonce, chipertext, decryptedtext);
|
||||
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ);
|
||||
|
||||
free(plaintext);
|
||||
free(chipertext);
|
||||
free(decryptedtext);
|
||||
}
|
||||
|
||||
TEST_CASE("mbedtls CFB-8 AES-256 test", "[aes]")
|
||||
{
|
||||
const unsigned SZ = 1000;
|
||||
mbedtls_aes_context ctx;
|
||||
uint8_t nonce[16];
|
||||
|
||||
const uint8_t expected_cipher_end[] = {
|
||||
0x69, 0xdc, 0x1d, 0x8a, 0x0b, 0x9e, 0xbc, 0x84,
|
||||
0x29, 0xa2, 0x04, 0xb6, 0x91, 0x6b, 0xb2, 0x83,
|
||||
0x13, 0x23, 0x54, 0xcb, 0xf9, 0x6d, 0xcc, 0x53,
|
||||
0x04, 0x59, 0xd1, 0xc9, 0xff, 0xab, 0xe2, 0x37,
|
||||
};
|
||||
|
||||
memcpy(nonce, iv, 16);
|
||||
|
||||
// allocate internal memory
|
||||
uint8_t *chipertext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *plaintext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *decryptedtext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
|
||||
TEST_ASSERT_NOT_NULL(chipertext);
|
||||
TEST_ASSERT_NOT_NULL(plaintext);
|
||||
TEST_ASSERT_NOT_NULL(decryptedtext);
|
||||
|
||||
mbedtls_aes_init(&ctx);
|
||||
mbedtls_aes_setkey_enc(&ctx, key_256, 256);
|
||||
|
||||
memset(plaintext, 0x3A, SZ);
|
||||
memset(decryptedtext, 0x0, SZ);
|
||||
|
||||
// Encrypt
|
||||
mbedtls_aes_crypt_cfb8(&ctx, MBEDTLS_AES_ENCRYPT, SZ, nonce, plaintext, chipertext);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher_end, chipertext + SZ - 32, 32);
|
||||
|
||||
// Decrypt
|
||||
memcpy(nonce, iv, 16);
|
||||
mbedtls_aes_crypt_cfb8(&ctx, MBEDTLS_AES_DECRYPT, SZ, nonce, chipertext, decryptedtext);
|
||||
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ);
|
||||
|
||||
free(plaintext);
|
||||
free(chipertext);
|
||||
free(decryptedtext);
|
||||
}
|
||||
|
||||
TEST_CASE("mbedtls CFB-128 AES-256 test", "[aes]")
|
||||
{
|
||||
const unsigned SZ = 1000;
|
||||
mbedtls_aes_context ctx;
|
||||
uint8_t nonce[16];
|
||||
size_t nc_off = 0;
|
||||
|
||||
const uint8_t expected_cipher_end[] = {
|
||||
0xf3, 0x64, 0x20, 0xa1, 0x70, 0x2a, 0xd9, 0x3f,
|
||||
0xb7, 0x48, 0x8c, 0x2c, 0x1f, 0x65, 0x53, 0xc2,
|
||||
0xac, 0xfd, 0x82, 0xe5, 0x31, 0x24, 0x1f, 0x30,
|
||||
0xaf, 0xcc, 0x8d, 0xb3, 0xf3, 0x63, 0xe1, 0xa0,
|
||||
};
|
||||
|
||||
memcpy(nonce, iv, 16);
|
||||
|
||||
// allocate internal memory
|
||||
uint8_t *chipertext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *plaintext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
uint8_t *decryptedtext = heap_caps_malloc(SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
|
||||
|
||||
TEST_ASSERT_NOT_NULL(chipertext);
|
||||
TEST_ASSERT_NOT_NULL(plaintext);
|
||||
TEST_ASSERT_NOT_NULL(decryptedtext);
|
||||
|
||||
mbedtls_aes_init(&ctx);
|
||||
mbedtls_aes_setkey_enc(&ctx, key_256, 256);
|
||||
|
||||
memset(plaintext, 0x3A, SZ);
|
||||
memset(decryptedtext, 0x0, SZ);
|
||||
|
||||
// Encrypt
|
||||
mbedtls_aes_crypt_cfb128(&ctx, MBEDTLS_AES_ENCRYPT, SZ, &nc_off, nonce, plaintext, chipertext);
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher_end, chipertext + SZ - 32, 32);
|
||||
|
||||
// Decrypt
|
||||
nc_off = 0;
|
||||
memcpy(nonce, iv, 16);
|
||||
mbedtls_aes_crypt_cfb128(&ctx, MBEDTLS_AES_DECRYPT, SZ, &nc_off, nonce, chipertext, decryptedtext);
|
||||
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ);
|
||||
|
||||
free(plaintext);
|
||||
free(chipertext);
|
||||
free(decryptedtext);
|
||||
}
|
||||
|
||||
TEST_CASE("mbedtls CTR stream test", "[aes]")
|
||||
{
|
||||
const unsigned SZ = 100;
|
||||
|
@ -79,11 +357,11 @@ TEST_CASE("mbedtls CTR stream test", "[aes]")
|
|||
memset(decryptedtext, 0x0, SZ);
|
||||
|
||||
size_t offset = 0;
|
||||
|
||||
// Encrypt
|
||||
for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) {
|
||||
// Limit length of last call to avoid exceeding buffer size
|
||||
size_t length = (idx + bytes_to_process > SZ) ? (SZ - idx) : bytes_to_process;
|
||||
|
||||
mbedtls_aes_crypt_ctr(&ctx, length, &offset, nonce,
|
||||
stream_block, plaintext + idx, chipertext + idx );
|
||||
}
|
||||
|
|
Ładowanie…
Reference in New Issue