Merge pull request #1435 from bthebaudeau/cc2538-hw-llsec

cc2538: Add support for hardware-accelerated llsec
This commit is contained in:
Benoît Thébaudeau 2016-01-04 21:17:58 +01:00
commit 626d676d33
26 changed files with 1622 additions and 444 deletions

View File

@ -167,17 +167,6 @@ encrypt(uint8_t *state)
}
/*---------------------------------------------------------------------------*/
void
aes_128_padded_encrypt(uint8_t *plaintext_and_result, uint8_t plaintext_len)
{
uint8_t block[AES_128_BLOCK_SIZE];
memset(block, 0, AES_128_BLOCK_SIZE);
memcpy(block, plaintext_and_result, plaintext_len);
AES_128.encrypt(block);
memcpy(plaintext_and_result, block, plaintext_len);
}
/*---------------------------------------------------------------------------*/
void
aes_128_set_padded_key(uint8_t *key, uint8_t key_len)
{
uint8_t block[AES_128_BLOCK_SIZE];

View File

@ -37,8 +37,8 @@
* Konrad Krentz <konrad.krentz@gmail.com>
*/
#ifndef AES_H_
#define AES_H_
#ifndef AES_128_H_
#define AES_128_H_
#include "contiki.h"
@ -67,11 +67,6 @@ struct aes_128_driver {
void (* encrypt)(uint8_t *plaintext_and_result);
};
/**
* \brief Pads the plaintext with zeroes before calling AES_128.encrypt
*/
void aes_128_padded_encrypt(uint8_t *plaintext_and_result, uint8_t plaintext_len);
/**
* \brief Pads the key with zeroes before calling AES_128.set_key
*/
@ -79,4 +74,4 @@ void aes_128_set_padded_key(uint8_t *key, uint8_t key_len);
extern const struct aes_128_driver AES_128;
#endif /* AES_H_ */
#endif /* AES_128_H_ */

View File

@ -44,6 +44,7 @@ netstack_init(void)
{
NETSTACK_RADIO.init();
NETSTACK_RDC.init();
NETSTACK_LLSEC.init();
NETSTACK_MAC.init();
NETSTACK_NETWORK.init();
}

View File

@ -53,7 +53,8 @@ CONTIKI_CPU_DIRS += ../cc253x/usb/common ../cc253x/usb/common/cdc-acm
### CPU-dependent source files
CONTIKI_CPU_SOURCEFILES += clock.c rtimer-arch.c uart.c watchdog.c
CONTIKI_CPU_SOURCEFILES += nvic.c cpu.c sys-ctrl.c gpio.c ioc.c spi.c adc.c
CONTIKI_CPU_SOURCEFILES += crypto.c aes.c ccm.c sha256.c
CONTIKI_CPU_SOURCEFILES += crypto.c aes.c ecb.c ccm.c sha256.c
CONTIKI_CPU_SOURCEFILES += cc2538-aes-128.c cc2538-ccm-star.c
CONTIKI_CPU_SOURCEFILES += cc2538-rf.c udma.c lpm.c
CONTIKI_CPU_SOURCEFILES += pka.c bignum-driver.c ecc-driver.c ecc-algorithm.c
CONTIKI_CPU_SOURCEFILES += ecc-curve.c

View File

@ -42,9 +42,11 @@
*/
#include "contiki.h"
#include "dev/rom-util.h"
#include "dev/nvic.h"
#include "dev/aes.h"
#include "reg.h"
#include <stdbool.h>
#include <stdint.h>
/*---------------------------------------------------------------------------*/
uint8_t
@ -53,7 +55,7 @@ aes_load_keys(const void *keys, uint8_t key_size, uint8_t count,
{
uint32_t aes_key_store_size;
uint32_t areas;
uint64_t aligned_keys[16];
uint64_t aligned_keys[AES_KEY_AREAS * 128 / 8 / sizeof(uint64_t)];
int i;
if(REG(AES_CTRL_ALG_SEL) != 0x00000000) {
@ -63,7 +65,8 @@ aes_load_keys(const void *keys, uint8_t key_size, uint8_t count,
/* 192-bit keys must be padded to 256 bits */
if(key_size == AES_KEY_STORE_SIZE_KEY_SIZE_192) {
for(i = 0; i < count; i++) {
rom_util_memcpy(&aligned_keys[i << 2], &((uint64_t *)keys)[i * 3], 24);
rom_util_memcpy(&aligned_keys[i << 2], &((const uint64_t *)keys)[i * 3],
192 / 8);
aligned_keys[(i << 2) + 3] = 0;
}
}
@ -148,5 +151,181 @@ aes_load_keys(const void *keys, uint8_t key_size, uint8_t count,
return CRYPTO_SUCCESS;
}
/*---------------------------------------------------------------------------*/
uint8_t
aes_auth_crypt_start(uint32_t ctrl, uint8_t key_area, const void *iv,
const void *adata, uint16_t adata_len,
const void *data_in, void *data_out, uint16_t data_len,
struct process *process)
{
if(REG(AES_CTRL_ALG_SEL) != 0x00000000) {
return CRYPTO_RESOURCE_IN_USE;
}
/* Workaround for AES registers not retained after PM2 */
REG(AES_CTRL_INT_CFG) = AES_CTRL_INT_CFG_LEVEL;
REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_DMA_IN_DONE |
AES_CTRL_INT_EN_RESULT_AV;
REG(AES_CTRL_ALG_SEL) = AES_CTRL_ALG_SEL_AES;
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
AES_CTRL_INT_CLR_RESULT_AV;
REG(AES_KEY_STORE_READ_AREA) = key_area;
/* Wait until key is loaded to the AES module */
while(REG(AES_KEY_STORE_READ_AREA) & AES_KEY_STORE_READ_AREA_BUSY);
/* Check for Key Store read error */
if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_KEY_ST_RD_ERR) {
/* Clear the Keystore Read error bit */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_KEY_ST_RD_ERR;
/* Disable the master control / DMA clock */
REG(AES_CTRL_ALG_SEL) = 0x00000000;
return AES_KEYSTORE_READ_ERROR;
}
if(iv != NULL) {
/* Write initialization vector */
REG(AES_AES_IV_0) = ((const uint32_t *)iv)[0];
REG(AES_AES_IV_1) = ((const uint32_t *)iv)[1];
REG(AES_AES_IV_2) = ((const uint32_t *)iv)[2];
REG(AES_AES_IV_3) = ((const uint32_t *)iv)[3];
}
/* Program AES authentication/crypto operation */
REG(AES_AES_CTRL) = ctrl;
/* Write the length of the payload block (lo) */
REG(AES_AES_C_LENGTH_0) = data_len;
/* Write the length of the payload block (hi) */
REG(AES_AES_C_LENGTH_1) = 0;
/* For combined modes only (CCM or GCM) */
if(ctrl & (AES_AES_CTRL_CCM | AES_AES_CTRL_GCM)) {
/* Write the length of the AAD data block (may be non-block size-aligned) */
REG(AES_AES_AUTH_LENGTH) = adata_len;
if(adata_len != 0) {
/* Configure DMAC to fetch the AAD data
* Enable DMA channel 0 */
REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
/* Base address of the AAD data buffer */
REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)adata;
/* AAD data length in bytes */
REG(AES_DMAC_CH0_DMALENGTH) = adata_len;
/* Wait for completion of the AAD data transfer, DMA_IN_DONE */
while(!(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_IN_DONE));
/* Check for the absence of error */
if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
/* Clear the DMA error */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR;
/* Disable the master control / DMA clock */
REG(AES_CTRL_ALG_SEL) = 0x00000000;
return CRYPTO_DMA_BUS_ERROR;
}
}
}
/* Clear interrupt status */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
AES_CTRL_INT_CLR_RESULT_AV;
if(process != NULL) {
crypto_register_process_notification(process);
nvic_interrupt_unpend(NVIC_INT_AES);
nvic_interrupt_enable(NVIC_INT_AES);
}
/* Enable result available bit in interrupt enable */
REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_RESULT_AV;
if(data_len != 0) {
/* Configure DMAC
* Enable DMA channel 0 */
REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
/* Base address of the input payload data buffer */
REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)data_in;
/* Input payload data length in bytes */
REG(AES_DMAC_CH0_DMALENGTH) = data_len;
if(data_out != NULL) {
/* Enable DMA channel 1 */
REG(AES_DMAC_CH1_CTRL) = AES_DMAC_CH_CTRL_EN;
/* Base address of the output payload data buffer */
REG(AES_DMAC_CH1_EXTADDR) = (uint32_t)data_out;
/* Output payload data length in bytes */
REG(AES_DMAC_CH1_DMALENGTH) = data_len;
}
}
return CRYPTO_SUCCESS;
}
/*---------------------------------------------------------------------------*/
uint8_t
aes_auth_crypt_check_status(void)
{
return !!(REG(AES_CTRL_INT_STAT) &
(AES_CTRL_INT_STAT_DMA_BUS_ERR | AES_CTRL_INT_STAT_KEY_ST_WR_ERR |
AES_CTRL_INT_STAT_KEY_ST_RD_ERR | AES_CTRL_INT_STAT_RESULT_AV));
}
/*---------------------------------------------------------------------------*/
uint8_t
aes_auth_crypt_get_result(void *iv, void *tag)
{
uint32_t aes_ctrl_int_stat;
aes_ctrl_int_stat = REG(AES_CTRL_INT_STAT);
/* Clear the error bits */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR |
AES_CTRL_INT_CLR_KEY_ST_WR_ERR |
AES_CTRL_INT_CLR_KEY_ST_RD_ERR;
nvic_interrupt_disable(NVIC_INT_AES);
crypto_register_process_notification(NULL);
/* Disable the master control / DMA clock */
REG(AES_CTRL_ALG_SEL) = 0x00000000;
if(aes_ctrl_int_stat & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
return CRYPTO_DMA_BUS_ERROR;
}
if(aes_ctrl_int_stat & AES_CTRL_INT_STAT_KEY_ST_WR_ERR) {
return AES_KEYSTORE_WRITE_ERROR;
}
if(aes_ctrl_int_stat & AES_CTRL_INT_STAT_KEY_ST_RD_ERR) {
return AES_KEYSTORE_READ_ERROR;
}
if(iv != NULL || tag != NULL) {
/* Read result
* Wait for the context ready bit */
while(!(REG(AES_AES_CTRL) & AES_AES_CTRL_SAVED_CONTEXT_READY));
if(iv != NULL) {
/* Read the initialization vector registers */
((uint32_t *)iv)[0] = REG(AES_AES_IV_0);
((uint32_t *)iv)[1] = REG(AES_AES_IV_1);
((uint32_t *)iv)[2] = REG(AES_AES_IV_2);
((uint32_t *)iv)[3] = REG(AES_AES_IV_3);
}
if(tag != NULL) {
/* Read the tag registers */
((uint32_t *)tag)[0] = REG(AES_AES_TAG_OUT_0);
((uint32_t *)tag)[1] = REG(AES_AES_TAG_OUT_1);
((uint32_t *)tag)[2] = REG(AES_AES_TAG_OUT_2);
((uint32_t *)tag)[3] = REG(AES_AES_TAG_OUT_3);
}
}
/* Clear the interrupt status */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
AES_CTRL_INT_CLR_RESULT_AV;
return CRYPTO_SUCCESS;
}
/** @} */

View File

@ -51,6 +51,7 @@
#include "contiki.h"
#include "dev/crypto.h"
#include <stdbool.h>
#include <stdint.h>
/*---------------------------------------------------------------------------*/
/** \name AES register offsets
@ -464,6 +465,16 @@
*/
#define AES_KEYSTORE_READ_ERROR 5
#define AES_KEYSTORE_WRITE_ERROR 6
#define AES_AUTHENTICATION_FAILED 7
/** @} */
/*---------------------------------------------------------------------------*/
/** \name AES constants
* @{
*/
#define AES_KEY_AREAS 8
#define AES_BLOCK_LEN (128 / 8)
#define AES_IV_LEN AES_BLOCK_LEN
#define AES_TAG_LEN AES_BLOCK_LEN
/** @} */
/*---------------------------------------------------------------------------*/
/** \name AES functions
@ -473,10 +484,11 @@
/** \brief Writes keys into the Key RAM
* \param keys Pointer to AES Keys
* \param key_size Key size: \c AES_KEY_STORE_SIZE_KEY_SIZE_x
* \param count Number of keys (1 to 8 - \p start_area for 128-bit keys, 1 to
* (8 - \p start_area) / 2 for 192- and 256-bit keys)
* \param start_area Start area in Key RAM where to store the key (0 to 7, must
* be even for 192- and 256-bit keys)
* \param count Number of keys (1 to \c AES_KEY_AREAS - \p start_area for
* 128-bit keys, 1 to (\c AES_KEY_AREAS - \p start_area) / 2 for 192- and
* 256-bit keys)
* \param start_area Start area in Key RAM where to store the keys (0 to
* \c AES_KEY_AREAS - 1, must be even for 192- and 256-bit keys)
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/AES error code
* \note Calling this function with a value of \p key_size different from the
* one passed for the previous calls causes the deletion of all previously
@ -485,6 +497,43 @@
uint8_t aes_load_keys(const void *keys, uint8_t key_size, uint8_t count,
uint8_t start_area);
/** \brief Starts an AES authentication/crypto operation
* \param ctrl Contents of the \c AES_AES_CTRL register
* \param key_area Area in Key RAM where the key is stored (0 to
* \c AES_KEY_AREAS - 1)
* \param iv Pointer to 128-bit initialization vector, or \c NULL
* \param adata Pointer to additional authenticated data in SRAM, or \c NULL
* \param adata_len Length of additional authenticated data in octets, or \c 0
* \param data_in Pointer to input payload data in SRAM, or \c NULL
* \param data_out Pointer to output payload data in SRAM (may be \p data_in),
* or \c NULL
* \param data_len Length of payload data in octets, or \c 0
* \param process Process to be polled upon completion of the operation, or
* \c NULL
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/AES error code
* \note This function is only supposed to be called by the AES drivers.
*/
uint8_t aes_auth_crypt_start(uint32_t ctrl, uint8_t key_area, const void *iv,
const void *adata, uint16_t adata_len,
const void *data_in, void *data_out,
uint16_t data_len, struct process *process);
/** \brief Checks the status of the AES authentication/crypto operation
* \retval false Result not yet available, and no error occurred
* \retval true Result available, or error occurred
* \note This function is only supposed to be called by the AES drivers.
*/
uint8_t aes_auth_crypt_check_status(void);
/** \brief Gets the result of the AES authentication/crypto operation
* \param iv Pointer to 128-bit result initialization vector, or \c NULL
* \param tag Pointer to 128-bit result tag, or \c NULL
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/AES error code
* \note This function must be called only after \c aes_auth_crypt_start().
* \note This function is only supposed to be called by the AES drivers.
*/
uint8_t aes_auth_crypt_get_result(void *iv, void *tag);
/** @} */
#endif /* AES_H_ */

View File

@ -0,0 +1,119 @@
/*
* Copyright (c) 2015, Hasso-Plattner-Institut.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file is part of the Contiki operating system.
*/
/**
* \addtogroup cc2538-aes-128
* @{
*
* \file
* Implementation of the AES-128 driver for the CC2538 SoC
* \author
* Konrad Krentz <konrad.krentz@gmail.com>
*/
#include "contiki.h"
#include "dev/ecb.h"
#include "dev/cc2538-aes-128.h"
#include <stdint.h>
#include <stdio.h>
/*---------------------------------------------------------------------------*/
#define MODULE_NAME "cc2538-aes-128"
#define DEBUG 0
#if DEBUG
#define PRINTF(...) printf(__VA_ARGS__)
#else
#define PRINTF(...)
#endif
/*---------------------------------------------------------------------------*/
static uint8_t
enable_crypto(void)
{
uint8_t enabled = CRYPTO_IS_ENABLED();
if(!enabled) {
crypto_enable();
}
return enabled;
}
/*---------------------------------------------------------------------------*/
static void
restore_crypto(uint8_t enabled)
{
if(!enabled) {
crypto_disable();
}
}
/*---------------------------------------------------------------------------*/
static void
set_key(const uint8_t *key)
{
uint8_t crypto_enabled, ret;
crypto_enabled = enable_crypto();
ret = aes_load_keys(key, AES_KEY_STORE_SIZE_KEY_SIZE_128, 1,
CC2538_AES_128_KEY_AREA);
if(ret != CRYPTO_SUCCESS) {
PRINTF("%s: aes_load_keys() error %u\n", MODULE_NAME, ret);
}
restore_crypto(crypto_enabled);
}
/*---------------------------------------------------------------------------*/
static void
encrypt(uint8_t *plaintext_and_result)
{
uint8_t crypto_enabled, ret;
int8_t res;
crypto_enabled = enable_crypto();
ret = ecb_crypt_start(true, CC2538_AES_128_KEY_AREA, plaintext_and_result,
plaintext_and_result, AES_128_BLOCK_SIZE, NULL);
if(ret != CRYPTO_SUCCESS) {
PRINTF("%s: ecb_crypt_start() error %u\n", MODULE_NAME, ret);
restore_crypto(crypto_enabled);
return;
}
while((res = ecb_crypt_check_status()) == CRYPTO_PENDING);
if(res != CRYPTO_SUCCESS) {
PRINTF("%s: ecb_crypt_check_status() error %d\n", MODULE_NAME, res);
}
restore_crypto(crypto_enabled);
}
/*---------------------------------------------------------------------------*/
const struct aes_128_driver cc2538_aes_128_driver = {
set_key,
encrypt
};
/** @} */

View File

@ -0,0 +1,63 @@
/*
* Copyright (c) 2015, Hasso-Plattner-Institut.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file is part of the Contiki operating system.
*/
/**
* \addtogroup cc2538-aes
* @{
*
* \defgroup cc2538-aes-128 CC2538 AES-128
*
* AES-128 driver for the CC2538 SoC
* @{
*
* \file
* Header file of the AES-128 driver for the CC2538 SoC
* \author
* Konrad Krentz <konrad.krentz@gmail.com>
*/
#ifndef CC2538_AES_128_H_
#define CC2538_AES_128_H_
#include "lib/aes-128.h"
/*---------------------------------------------------------------------------*/
#ifdef CC2538_AES_128_CONF_KEY_AREA
#define CC2538_AES_128_KEY_AREA CC2538_AES_128_CONF_KEY_AREA
#else
#define CC2538_AES_128_KEY_AREA 0
#endif
/*---------------------------------------------------------------------------*/
extern const struct aes_128_driver cc2538_aes_128_driver;
#endif /* CC2538_AES_128_H_ */
/**
* @}
* @}
*/

View File

@ -0,0 +1,130 @@
/*
* Copyright (c) 2015, Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* \addtogroup cc2538-ccm-star
* @{
*
* \file
* Implementation of the AES-CCM* driver for the CC2538 SoC
*/
#include "contiki.h"
#include "dev/ccm.h"
#include "dev/cc2538-aes-128.h"
#include "dev/cc2538-ccm-star.h"
#include <stdint.h>
#include <stdio.h>
/*---------------------------------------------------------------------------*/
#define MODULE_NAME "cc2538-ccm-star"
#define CCM_STAR_LEN_LEN (CCM_NONCE_LEN_LEN - CCM_STAR_NONCE_LENGTH)
#define DEBUG 0
#if DEBUG
#define PRINTF(...) printf(__VA_ARGS__)
#else
#define PRINTF(...)
#endif
/*---------------------------------------------------------------------------*/
static uint8_t
enable_crypto(void)
{
uint8_t enabled = CRYPTO_IS_ENABLED();
if(!enabled) {
crypto_enable();
}
return enabled;
}
/*---------------------------------------------------------------------------*/
static void
restore_crypto(uint8_t enabled)
{
if(!enabled) {
crypto_disable();
}
}
/*---------------------------------------------------------------------------*/
static void
set_key(const uint8_t *key)
{
cc2538_aes_128_driver.set_key(key);
}
/*---------------------------------------------------------------------------*/
static void
aead(const uint8_t *nonce, uint8_t *m, uint8_t m_len, const uint8_t *a,
uint8_t a_len, uint8_t *result, uint8_t mic_len, int forward)
{
uint16_t cdata_len;
uint8_t crypto_enabled, ret;
crypto_enabled = enable_crypto();
if(forward) {
ret = ccm_auth_encrypt_start(CCM_STAR_LEN_LEN, CC2538_AES_128_KEY_AREA,
nonce, a, a_len, m, m_len, m, mic_len, NULL);
if(ret != CRYPTO_SUCCESS) {
PRINTF("%s: ccm_auth_encrypt_start() error %u\n", MODULE_NAME, ret);
restore_crypto(crypto_enabled);
return;
}
while(!ccm_auth_encrypt_check_status());
ret = ccm_auth_encrypt_get_result(result, mic_len);
if(ret != CRYPTO_SUCCESS) {
PRINTF("%s: ccm_auth_encrypt_get_result() error %u\n", MODULE_NAME, ret);
}
} else {
cdata_len = m_len + mic_len;
ret = ccm_auth_decrypt_start(CCM_STAR_LEN_LEN, CC2538_AES_128_KEY_AREA,
nonce, a, a_len, m, cdata_len, m, mic_len,
NULL);
if(ret != CRYPTO_SUCCESS) {
PRINTF("%s: ccm_auth_decrypt_start() error %u\n", MODULE_NAME, ret);
restore_crypto(crypto_enabled);
return;
}
while(!ccm_auth_decrypt_check_status());
ret = ccm_auth_decrypt_get_result(m, cdata_len, result, mic_len);
if(ret != CRYPTO_SUCCESS) {
PRINTF("%s: ccm_auth_decrypt_get_result() error %u\n", MODULE_NAME, ret);
}
}
restore_crypto(crypto_enabled);
}
/*---------------------------------------------------------------------------*/
const struct ccm_star_driver cc2538_ccm_star_driver = {
set_key,
aead
};
/** @} */

View File

@ -0,0 +1,55 @@
/*
* Copyright (c) 2015, Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* \addtogroup cc2538-aes
* @{
*
* \defgroup cc2538-ccm-star CC2538 AES-CCM*
*
* AES-CCM* driver for the CC2538 SoC
* @{
*
* \file
* Header file of the AES-CCM* driver for the CC2538 SoC
*/
#ifndef CC2538_CCM_STAR_H_
#define CC2538_CCM_STAR_H_
#include "lib/ccm-star.h"
/*---------------------------------------------------------------------------*/
extern const struct ccm_star_driver cc2538_ccm_star_driver;
#endif /* CC2538_CCM_STAR_H_ */
/**
* @}
* @}
*/

View File

@ -43,371 +43,100 @@
#include "contiki.h"
#include "sys/cc.h"
#include "dev/rom-util.h"
#include "dev/nvic.h"
#include "dev/ccm.h"
#include "reg.h"
#include <stdbool.h>
#include <stdint.h>
/*---------------------------------------------------------------------------*/
uint8_t
ccm_auth_encrypt_start(uint8_t len_len, uint8_t key_area, const void *nonce,
const void *adata, uint16_t adata_len, void *pdata,
uint16_t pdata_len, uint8_t mic_len,
struct process *process)
static uint8_t
ccm_auth_crypt_start(uint8_t encrypt, uint8_t len_len, uint8_t key_area,
const void *nonce, const void *adata, uint16_t adata_len,
const void *data_in, void *data_out, uint16_t data_len,
uint8_t mic_len, struct process *process)
{
uint32_t iv[4];
uint32_t ctrl;
uint32_t iv[AES_IV_LEN / sizeof(uint32_t)];
if(REG(AES_CTRL_ALG_SEL) != 0x00000000) {
return CRYPTO_RESOURCE_IN_USE;
}
/* Workaround for AES registers not retained after PM2 */
REG(AES_CTRL_INT_CFG) = AES_CTRL_INT_CFG_LEVEL;
REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_DMA_IN_DONE |
AES_CTRL_INT_EN_RESULT_AV;
REG(AES_CTRL_ALG_SEL) = AES_CTRL_ALG_SEL_AES;
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
AES_CTRL_INT_CLR_RESULT_AV;
REG(AES_KEY_STORE_READ_AREA) = key_area;
/* Wait until key is loaded to the AES module */
while(REG(AES_KEY_STORE_READ_AREA) & AES_KEY_STORE_READ_AREA_BUSY);
/* Check for Key Store read error */
if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_KEY_ST_RD_ERR) {
/* Clear the Keystore Read error bit */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_KEY_ST_RD_ERR;
/* Disable the master control / DMA clock */
REG(AES_CTRL_ALG_SEL) = 0x00000000;
return AES_KEYSTORE_READ_ERROR;
}
/* Prepare the encryption initialization vector
* Flags: L' = L - 1 */
((uint8_t *)iv)[0] = len_len - 1;
/* Nonce */
rom_util_memcpy(&((uint8_t *)iv)[1], nonce, 15 - len_len);
/* Initialize counter to 0 */
rom_util_memset(&((uint8_t *)iv)[16 - len_len], 0, len_len);
/* Write initialization vector */
REG(AES_AES_IV_0) = iv[0];
REG(AES_AES_IV_1) = iv[1];
REG(AES_AES_IV_2) = iv[2];
REG(AES_AES_IV_3) = iv[3];
/* Program AES-CCM encryption */
REG(AES_AES_CTRL) = AES_AES_CTRL_SAVE_CONTEXT | /* Save context */
/* Program AES-CCM authentication/crypto operation */
ctrl = AES_AES_CTRL_SAVE_CONTEXT | /* Save context */
(((MAX(mic_len, 2) - 2) >> 1) << AES_AES_CTRL_CCM_M_S) | /* M */
((len_len - 1) << AES_AES_CTRL_CCM_L_S) | /* L */
AES_AES_CTRL_CCM | /* CCM */
AES_AES_CTRL_CTR_WIDTH_128 | /* CTR width 128 */
AES_AES_CTRL_CTR | /* CTR */
AES_AES_CTRL_DIRECTION_ENCRYPT; /* Encryption */
(encrypt ? AES_AES_CTRL_DIRECTION_ENCRYPT : 0); /* En/decryption */
/* Write the length of the crypto block (lo) */
REG(AES_AES_C_LENGTH_0) = pdata_len;
/* Write the length of the crypto block (hi) */
REG(AES_AES_C_LENGTH_1) = 0;
/* Prepare the crypto initialization vector
* Flags: L' = L - 1 */
((uint8_t *)iv)[0] = len_len - 1;
/* Nonce */
rom_util_memcpy(&((uint8_t *)iv)[CCM_FLAGS_LEN], nonce,
CCM_NONCE_LEN_LEN - len_len);
/* Initialize counter to 0 */
rom_util_memset(&((uint8_t *)iv)[AES_IV_LEN - len_len], 0, len_len);
/* Write the length of the AAD data block (may be non-block size-aligned) */
REG(AES_AES_AUTH_LENGTH) = adata_len;
return aes_auth_crypt_start(ctrl, key_area, iv, adata, adata_len,
data_in, data_out, data_len, process);
}
/*---------------------------------------------------------------------------*/
static uint8_t
ccm_auth_crypt_get_result(const void *cdata, uint16_t cdata_len,
void *mic, uint8_t mic_len)
{
uint32_t tag[AES_TAG_LEN / sizeof(uint32_t)];
uint16_t data_len;
uint8_t ret;
if(adata_len != 0) {
/* Configure DMAC to fetch the AAD data
* Enable DMA channel 0 */
REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
/* Base address of the AAD input data in ext. memory */
REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)adata;
/* AAD data length in bytes */
REG(AES_DMAC_CH0_DMALENGTH) = adata_len;
ret = aes_auth_crypt_get_result(NULL, tag);
if(ret != CRYPTO_SUCCESS) {
return ret;
}
/* Wait for completion of the AAD data transfer, DMA_IN_DONE */
while(!(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_IN_DONE));
/* Check for the absence of error */
if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
/* Clear the DMA error */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR;
/* Disable the master control / DMA clock */
REG(AES_CTRL_ALG_SEL) = 0x00000000;
return CRYPTO_DMA_BUS_ERROR;
if(cdata != NULL) {
/* Check MIC */
data_len = cdata_len - mic_len;
if(rom_util_memcmp(tag, &((const uint8_t *)cdata)[data_len], mic_len)) {
ret = AES_AUTHENTICATION_FAILED;
}
}
/* Clear interrupt status */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
AES_CTRL_INT_CLR_RESULT_AV;
/* Copy tag to MIC */
rom_util_memcpy(mic, tag, mic_len);
if(process != NULL) {
crypto_register_process_notification(process);
nvic_interrupt_unpend(NVIC_INT_AES);
nvic_interrupt_enable(NVIC_INT_AES);
}
/* Enable result available bit in interrupt enable */
REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_RESULT_AV;
if(pdata_len != 0) {
/* Configure DMAC
* Enable DMA channel 0 */
REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
/* Base address of the payload data in ext. memory */
REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)pdata;
/* Payload data length in bytes */
REG(AES_DMAC_CH0_DMALENGTH) = pdata_len;
/* Enable DMA channel 1 */
REG(AES_DMAC_CH1_CTRL) = AES_DMAC_CH_CTRL_EN;
/* Base address of the output data buffer */
REG(AES_DMAC_CH1_EXTADDR) = (uint32_t)pdata;
/* Output data length in bytes */
REG(AES_DMAC_CH1_DMALENGTH) = pdata_len;
}
return CRYPTO_SUCCESS;
return ret;
}
/*---------------------------------------------------------------------------*/
uint8_t
ccm_auth_encrypt_check_status(void)
ccm_auth_encrypt_start(uint8_t len_len, uint8_t key_area, const void *nonce,
const void *adata, uint16_t adata_len, const void *pdata,
uint16_t pdata_len, void *cdata, uint8_t mic_len,
struct process *process)
{
return !!(REG(AES_CTRL_INT_STAT) &
(AES_CTRL_INT_STAT_DMA_BUS_ERR | AES_CTRL_INT_STAT_KEY_ST_WR_ERR |
AES_CTRL_INT_STAT_KEY_ST_RD_ERR | AES_CTRL_INT_STAT_RESULT_AV));
return ccm_auth_crypt_start(true, len_len, key_area, nonce, adata, adata_len,
pdata, cdata, pdata_len, mic_len, process);
}
/*---------------------------------------------------------------------------*/
uint8_t
ccm_auth_encrypt_get_result(void *mic, uint8_t mic_len)
{
uint32_t aes_ctrl_int_stat;
uint32_t tag[4];
aes_ctrl_int_stat = REG(AES_CTRL_INT_STAT);
/* Clear the error bits */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR |
AES_CTRL_INT_CLR_KEY_ST_WR_ERR |
AES_CTRL_INT_CLR_KEY_ST_RD_ERR;
nvic_interrupt_disable(NVIC_INT_AES);
crypto_register_process_notification(NULL);
/* Disable the master control / DMA clock */
REG(AES_CTRL_ALG_SEL) = 0x00000000;
if(aes_ctrl_int_stat & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
return CRYPTO_DMA_BUS_ERROR;
}
if(aes_ctrl_int_stat & AES_CTRL_INT_STAT_KEY_ST_WR_ERR) {
return AES_KEYSTORE_WRITE_ERROR;
}
if(aes_ctrl_int_stat & AES_CTRL_INT_STAT_KEY_ST_RD_ERR) {
return AES_KEYSTORE_READ_ERROR;
}
/* Read tag
* Wait for the context ready bit */
while(!(REG(AES_AES_CTRL) & AES_AES_CTRL_SAVED_CONTEXT_READY));
/* Read the tag registers */
tag[0] = REG(AES_AES_TAG_OUT_0);
tag[1] = REG(AES_AES_TAG_OUT_1);
tag[2] = REG(AES_AES_TAG_OUT_2);
tag[3] = REG(AES_AES_TAG_OUT_3);
/* Clear the interrupt status */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
AES_CTRL_INT_CLR_RESULT_AV;
/* Copy tag to MIC */
rom_util_memcpy(mic, tag, mic_len);
return CRYPTO_SUCCESS;
return ccm_auth_crypt_get_result(NULL, 0, mic, mic_len);
}
/*---------------------------------------------------------------------------*/
uint8_t
ccm_auth_decrypt_start(uint8_t len_len, uint8_t key_area, const void *nonce,
const void *adata, uint16_t adata_len, void *cdata,
uint16_t cdata_len, uint8_t mic_len,
const void *adata, uint16_t adata_len, const void *cdata,
uint16_t cdata_len, void *pdata, uint8_t mic_len,
struct process *process)
{
uint16_t pdata_len = cdata_len - mic_len;
uint32_t iv[4];
uint16_t data_len = cdata_len - mic_len;
if(REG(AES_CTRL_ALG_SEL) != 0x00000000) {
return CRYPTO_RESOURCE_IN_USE;
}
/* Workaround for AES registers not retained after PM2 */
REG(AES_CTRL_INT_CFG) = AES_CTRL_INT_CFG_LEVEL;
REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_DMA_IN_DONE |
AES_CTRL_INT_EN_RESULT_AV;
REG(AES_CTRL_ALG_SEL) = AES_CTRL_ALG_SEL_AES;
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
AES_CTRL_INT_CLR_RESULT_AV;
REG(AES_KEY_STORE_READ_AREA) = key_area;
/* Wait until key is loaded to the AES module */
while(REG(AES_KEY_STORE_READ_AREA) & AES_KEY_STORE_READ_AREA_BUSY);
/* Check for Key Store read error */
if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_KEY_ST_RD_ERR) {
/* Clear the Keystore Read error bit */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_KEY_ST_RD_ERR;
/* Disable the master control / DMA clock */
REG(AES_CTRL_ALG_SEL) = 0x00000000;
return AES_KEYSTORE_READ_ERROR;
}
/* Prepare the decryption initialization vector
* Flags: L' = L - 1 */
((uint8_t *)iv)[0] = len_len - 1;
/* Nonce */
rom_util_memcpy(&((uint8_t *)iv)[1], nonce, 15 - len_len);
/* Initialize counter to 0 */
rom_util_memset(&((uint8_t *)iv)[16 - len_len], 0, len_len);
/* Write initialization vector */
REG(AES_AES_IV_0) = iv[0];
REG(AES_AES_IV_1) = iv[1];
REG(AES_AES_IV_2) = iv[2];
REG(AES_AES_IV_3) = iv[3];
/* Program AES-CCM decryption */
REG(AES_AES_CTRL) = AES_AES_CTRL_SAVE_CONTEXT | /* Save context */
(((MAX(mic_len, 2) - 2) >> 1) << AES_AES_CTRL_CCM_M_S) | /* M */
((len_len - 1) << AES_AES_CTRL_CCM_L_S) | /* L */
AES_AES_CTRL_CCM | /* CCM */
AES_AES_CTRL_CTR_WIDTH_128 | /* CTR width 128 */
AES_AES_CTRL_CTR; /* CTR */
/* Write the length of the crypto block (lo) */
REG(AES_AES_C_LENGTH_0) = pdata_len;
/* Write the length of the crypto block (hi) */
REG(AES_AES_C_LENGTH_1) = 0;
/* Write the length of the AAD data block (may be non-block size-aligned) */
REG(AES_AES_AUTH_LENGTH) = adata_len;
if(adata_len != 0) {
/* Configure DMAC to fetch the AAD data
* Enable DMA channel 0 */
REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
/* Base address of the AAD input data in ext. memory */
REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)adata;
/* AAD data length in bytes */
REG(AES_DMAC_CH0_DMALENGTH) = adata_len;
/* Wait for completion of the AAD data transfer, DMA_IN_DONE */
while(!(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_IN_DONE));
/* Check for the absence of error */
if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
/* Clear the DMA error */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR;
/* Disable the master control / DMA clock */
REG(AES_CTRL_ALG_SEL) = 0x00000000;
return CRYPTO_DMA_BUS_ERROR;
}
}
/* Clear interrupt status */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
AES_CTRL_INT_CLR_RESULT_AV;
if(process != NULL) {
crypto_register_process_notification(process);
nvic_interrupt_unpend(NVIC_INT_AES);
nvic_interrupt_enable(NVIC_INT_AES);
}
/* Enable result available bit in interrupt enable */
REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_RESULT_AV;
if(pdata_len != 0) {
/* Configure DMAC
* Enable DMA channel 0 */
REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
/* Base address of the payload data in ext. memory */
REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)cdata;
/* Payload data length in bytes */
REG(AES_DMAC_CH0_DMALENGTH) = pdata_len;
/* Enable DMA channel 1 */
REG(AES_DMAC_CH1_CTRL) = AES_DMAC_CH_CTRL_EN;
/* Base address of the output data buffer */
REG(AES_DMAC_CH1_EXTADDR) = (uint32_t)cdata;
/* Output data length in bytes */
REG(AES_DMAC_CH1_DMALENGTH) = pdata_len;
}
return CRYPTO_SUCCESS;
}
/*---------------------------------------------------------------------------*/
uint8_t
ccm_auth_decrypt_check_status(void)
{
/* Check if result is available or some error has occured */
return ccm_auth_encrypt_check_status();
return ccm_auth_crypt_start(false, len_len, key_area, nonce, adata, adata_len,
cdata, pdata, data_len, mic_len, process);
}
/*---------------------------------------------------------------------------*/
uint8_t
ccm_auth_decrypt_get_result(const void *cdata, uint16_t cdata_len,
void *mic, uint8_t mic_len)
{
uint32_t aes_ctrl_int_stat;
uint16_t pdata_len = cdata_len - mic_len;
uint32_t tag[4];
aes_ctrl_int_stat = REG(AES_CTRL_INT_STAT);
/* Clear the error bits */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR |
AES_CTRL_INT_CLR_KEY_ST_WR_ERR |
AES_CTRL_INT_CLR_KEY_ST_RD_ERR;
nvic_interrupt_disable(NVIC_INT_AES);
crypto_register_process_notification(NULL);
/* Disable the master control / DMA clock */
REG(AES_CTRL_ALG_SEL) = 0x00000000;
if(aes_ctrl_int_stat & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
return CRYPTO_DMA_BUS_ERROR;
}
if(aes_ctrl_int_stat & AES_CTRL_INT_STAT_KEY_ST_WR_ERR) {
return AES_KEYSTORE_WRITE_ERROR;
}
if(aes_ctrl_int_stat & AES_CTRL_INT_STAT_KEY_ST_RD_ERR) {
return AES_KEYSTORE_READ_ERROR;
}
/* Read tag
* Wait for the context ready bit */
while(!(REG(AES_AES_CTRL) & AES_AES_CTRL_SAVED_CONTEXT_READY));
/* Read the tag registers */
tag[0] = REG(AES_AES_TAG_OUT_0);
tag[1] = REG(AES_AES_TAG_OUT_1);
tag[2] = REG(AES_AES_TAG_OUT_2);
tag[3] = REG(AES_AES_TAG_OUT_3);
/* Clear the interrupt status */
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
AES_CTRL_INT_CLR_RESULT_AV;
/* Check MIC */
if(rom_util_memcmp(tag, &((const uint8_t *)cdata)[pdata_len], mic_len)) {
return CCM_AUTHENTICATION_FAILED;
}
/* Copy tag to MIC */
rom_util_memcpy(mic, tag, mic_len);
return CRYPTO_SUCCESS;
}
__attribute__ ((alias("ccm_auth_crypt_get_result")));
/** @} */

View File

@ -54,77 +54,95 @@
#include <stdbool.h>
#include <stdint.h>
/*---------------------------------------------------------------------------*/
/** \name AES-CCM driver return codes
/** \name CCM constants
* @{
*/
#define CCM_AUTHENTICATION_FAILED 7
#define CCM_FLAGS_LEN 1
#define CCM_NONCE_LEN_LEN (AES_IV_LEN - CCM_FLAGS_LEN)
#define CCM_MIC_MAX_LEN AES_TAG_LEN
/** @} */
/*---------------------------------------------------------------------------*/
/** \name AES-CCM functions
* @{
*/
/** \brief Starts the CCM authentication and encryption operation
* \param len_len Number of octets in length field (2, 4 or 8)
* \param key_area Area in Key RAM where the key is stored (0 to 7)
* \param nonce Pointer to nonce (15 - \p len_len octets)
* \param adata Pointer to additional authenticated data, or \c NULL
/** \brief Starts a CCM authentication and encryption operation
* \param len_len Number of octets in length field (2, 4, or 8)
* \param key_area Area in Key RAM where the key is stored (0 to
* \c AES_KEY_AREAS - 1)
* \param nonce Pointer to nonce (\c CCM_NONCE_LEN_LEN - \p len_len octets)
* \param adata Pointer to additional authenticated data in SRAM, or \c NULL
* \param adata_len Length of additional authenticated data in octets, or \c 0
* \param pdata Pointer to message to authenticate and encrypt, or \c NULL
* \param pdata_len Length of message to authenticate and encrypt in octets, or \c 0
* \param mic_len Number of octets in authentication field (even value between 0 and 16)
* \param process Process to be polled upon completion of the operation, or \c NULL
* \param pdata Pointer to message to authenticate and encrypt in SRAM, or
* \c NULL
* \param pdata_len Length of message to authenticate and encrypt in octets, or
* \c 0
* \param cdata Pointer to encrypted message in SRAM (may be \p pdata), or
* \c NULL
* \param mic_len Number of octets in authentication field (even value between 0
* and \c CCM_MIC_MAX_LEN)
* \param process Process to be polled upon completion of the operation, or
* \c NULL
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/AES/CCM error code
*/
uint8_t ccm_auth_encrypt_start(uint8_t len_len, uint8_t key_area,
const void *nonce, const void *adata,
uint16_t adata_len, void *pdata,
uint16_t pdata_len, uint8_t mic_len,
uint16_t adata_len, const void *pdata,
uint16_t pdata_len, void *cdata, uint8_t mic_len,
struct process *process);
/** \brief Checks the status of the CCM authentication and encryption operation
* \retval false Result not yet available, and no error occurred
* \retval true Result available, or error occurred
*/
uint8_t ccm_auth_encrypt_check_status(void);
#define ccm_auth_encrypt_check_status aes_auth_crypt_check_status
/** \brief Gets the result of the CCM authentication and encryption operation
* \param mic Pointer to authentication field, or \c NULL
* \param mic_len Number of octets in authentication field (even value between 0 and 16)
* \param mic_len Number of octets in authentication field (even value between 0
* and \c CCM_MIC_MAX_LEN)
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/AES/CCM error code
* \note This function must be called only after \c ccm_auth_encrypt_start().
*/
uint8_t ccm_auth_encrypt_get_result(void *mic, uint8_t mic_len);
/** \brief Starts the CCM authentication checking and decryption operation
* \param len_len Number of octets in length field (2, 4 or 8)
* \param key_area Area in Key RAM where the key is stored (0 to 7)
* \param nonce Pointer to nonce (15 - \p len_len octets)
* \param adata Pointer to additional authenticated data, or \c NULL
/** \brief Starts a CCM authentication checking and decryption operation
* \param len_len Number of octets in length field (2, 4, or 8)
* \param key_area Area in Key RAM where the key is stored (0 to
* \c AES_KEY_AREAS - 1)
* \param nonce Pointer to nonce (\c CCM_NONCE_LEN_LEN - \p len_len octets)
* \param adata Pointer to additional authenticated data in SRAM, or \c NULL
* \param adata_len Length of additional authenticated data in octets, or \c 0
* \param cdata Pointer to encrypted and authenticated message
* \param cdata Pointer to encrypted and authenticated message in SRAM
* \param cdata_len Length of encrypted and authenticated message in octets
* \param mic_len Number of octets in authentication field (even value between 0 and 16)
* \param process Process to be polled upon completion of the operation, or \c NULL
* \param pdata Pointer to decrypted message in SRAM (may be \p cdata), or
* \c NULL
* \param mic_len Number of octets in authentication field (even value between 0
* and \c CCM_MIC_MAX_LEN)
* \param process Process to be polled upon completion of the operation, or
* \c NULL
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/AES/CCM error code
*/
uint8_t ccm_auth_decrypt_start(uint8_t len_len, uint8_t key_area,
const void *nonce, const void *adata,
uint16_t adata_len, void *cdata,
uint16_t cdata_len, uint8_t mic_len,
uint16_t adata_len, const void *cdata,
uint16_t cdata_len, void *pdata, uint8_t mic_len,
struct process *process);
/** \brief Checks the status of the CCM authentication checking and decryption operation
/** \brief Checks the status of the CCM authentication checking and decryption
* operation
* \retval false Result not yet available, and no error occurred
* \retval true Result available, or error occurred
*/
uint8_t ccm_auth_decrypt_check_status(void);
#define ccm_auth_decrypt_check_status aes_auth_crypt_check_status
/** \brief Gets the result of the CCM authentication checking and decryption operation
/** \brief Gets the result of the CCM authentication checking and decryption
* operation
* \param cdata Pointer to encrypted and authenticated message
* \param cdata_len Length of encrypted and authenticated message in octets
* \param mic Pointer to authentication field, or \c NULL
* \param mic_len Number of octets in authentication field (even value between 0 and 16)
* \param mic_len Number of octets in authentication field (even value between 0
* and \c CCM_MIC_MAX_LEN)
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/AES/CCM error code
* \note This function must be called only after \c ccm_auth_decrypt_start().
*/

View File

@ -44,15 +44,30 @@
#define CRYPTO_H_
#include "contiki.h"
#include "dev/sys-ctrl.h"
#include "reg.h"
/*---------------------------------------------------------------------------*/
/** \name Crypto drivers return codes
* @{
*/
#define CRYPTO_PENDING (-1)
#define CRYPTO_SUCCESS 0
#define CRYPTO_INVALID_PARAM 1
#define CRYPTO_NULL_ERROR 2
#define CRYPTO_RESOURCE_IN_USE 3
#define CRYPTO_DMA_BUS_ERROR 4
/** @} */
/*---------------------------------------------------------------------------*/
/** \name Crypto macros
* @{
*/
/** \brief Indicates whether the AES/SHA cryptoprocessor is enabled
* \return Boolean value indicating whether the AES/SHA cryptoprocessor is
* enabled
*/
#define CRYPTO_IS_ENABLED() (!!(REG(SYS_CTRL_RCGCSEC) & SYS_CTRL_RCGCSEC_AES))
/** @} */
/*---------------------------------------------------------------------------*/
/** \name Crypto functions

64
cpu/cc2538/dev/ecb.c Normal file
View File

@ -0,0 +1,64 @@
/*
* Copyright (c) 2015, Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* \addtogroup cc2538-ecb
* @{
*
* \file
* Implementation of the cc2538 AES-ECB driver
*/
#include "contiki.h"
#include "dev/ecb.h"
#include <stdbool.h>
#include <stdint.h>
/*---------------------------------------------------------------------------*/
uint8_t
ecb_crypt_start(uint8_t encrypt, uint8_t key_area, const void *mdata_in,
void *mdata_out, uint16_t mdata_len, struct process *process)
{
uint32_t ctrl;
/* Program AES-ECB crypto operation */
ctrl = encrypt ? AES_AES_CTRL_DIRECTION_ENCRYPT : 0; /* En/decryption */
return aes_auth_crypt_start(ctrl, key_area, NULL, NULL, 0,
mdata_in, mdata_out, mdata_len, process);
}
/*---------------------------------------------------------------------------*/
int8_t
ecb_crypt_check_status(void)
{
return aes_auth_crypt_check_status() ? aes_auth_crypt_get_result(NULL, NULL) :
CRYPTO_PENDING;
}
/** @} */

85
cpu/cc2538/dev/ecb.h Normal file
View File

@ -0,0 +1,85 @@
/*
* Copyright (c) 2015, Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* \addtogroup cc2538-aes
* @{
*
* \defgroup cc2538-ecb cc2538 AES-ECB
*
* Driver for the cc2538 AES-ECB mode of the security core
* @{
*
* \file
* Header file for the cc2538 AES-ECB driver
*/
#ifndef ECB_H_
#define ECB_H_
#include "contiki.h"
#include "dev/aes.h"
#include <stdbool.h>
#include <stdint.h>
/*---------------------------------------------------------------------------*/
/** \name AES-ECB functions
* @{
*/
/** \brief Starts an ECB crypto operation
* \param encrypt \c true to encrypt, or \c false to decrypt
* \param key_area Area in Key RAM where the key is stored (0 to
* \c AES_KEY_AREAS - 1)
* \param mdata_in Pointer to input message in SRAM
* \param mdata_out Pointer to output message in SRAM (may be \p mdata_in)
* \param mdata_len Length of message in octets
* \param process Process to be polled upon completion of the operation, or
* \c NULL
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/AES/ECB error code
*/
uint8_t ecb_crypt_start(uint8_t encrypt, uint8_t key_area, const void *mdata_in,
void *mdata_out, uint16_t mdata_len,
struct process *process);
/** \brief Checks the status of the ECB crypto operation
* \return \c CRYPTO_PENDING if operation still pending, \c CRYPTO_SUCCESS if
* successful, or CRYPTO/AES/ECB error code
* \note This function must be called only after \c ecb_crypt_start().
*/
int8_t ecb_crypt_check_status(void);
/** @} */
#endif /* ECB_H_ */
/**
* @}
* @}
*/

View File

@ -1,4 +1,4 @@
CONTIKI_PROJECT = ccm-test sha256-test
CONTIKI_PROJECT = ecb-test ccm-test sha256-test
all: $(CONTIKI_PROJECT)

View File

@ -58,6 +58,11 @@
#include <stdio.h>
#include <stdint.h>
/*---------------------------------------------------------------------------*/
#define NONCE_MAX_LEN 13
#define ADATA_MAX_LEN 32
#define MDATA_MAX_LEN 40
#define MIC_MAX_LEN 16
/*---------------------------------------------------------------------------*/
PROCESS(ccm_test_process, "ccm test process");
AUTOSTART_PROCESSES(&ccm_test_process);
/*---------------------------------------------------------------------------*/
@ -73,13 +78,13 @@ PROCESS_THREAD(ccm_test_process, ev, data)
"keystore write error",
"authentication failed"
};
static const uint8_t keys128[][16] = {
static const uint8_t keys128[][128 / 8] = {
{ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf }
};
static const uint8_t keys192[][24] = {
static const uint8_t keys192[][192 / 8] = {
{ 0x26, 0x51, 0x1f, 0xb5, 0x1f, 0xcf, 0xa7, 0x5c,
0xb4, 0xb4, 0x4d, 0xa7, 0x5a, 0x6e, 0x5a, 0x0e,
0xb8, 0xd9, 0xc8, 0xf3, 0xb9, 0x06, 0xf8, 0x86 },
@ -93,7 +98,7 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x37, 0x34, 0x1f, 0xec, 0x49, 0x94, 0x7e, 0x8c,
0x70, 0x48, 0x24, 0x94, 0xa8, 0xf0, 0x7f, 0xcc }
};
static const uint8_t keys256[][32] = {
static const uint8_t keys256[][256 / 8] = {
{ 0x26, 0x51, 0x1f, 0xb5, 0x1f, 0xcf, 0xa7, 0x5c,
0xb4, 0xb4, 0x4d, 0xa7, 0x5a, 0x6e, 0x5a, 0x0e,
0xb8, 0xd9, 0xc8, 0xf3, 0xb9, 0x06, 0xf8, 0x86,
@ -123,19 +128,18 @@ PROCESS_THREAD(ccm_test_process, ev, data)
{ keys256, AES_KEY_STORE_SIZE_KEY_SIZE_256,
sizeof(keys256) / sizeof(keys256[0]) }
};
static struct {
static const struct {
bool encrypt;
uint8_t len_len;
uint8_t key_size_index;
uint8_t key_area;
uint8_t nonce[13];
uint8_t adata[32];
uint8_t nonce[NONCE_MAX_LEN];
uint8_t adata[ADATA_MAX_LEN];
uint16_t adata_len;
uint8_t mdata[40];
uint8_t mdata[MDATA_MAX_LEN];
uint16_t mdata_len;
uint8_t mic[16];
uint8_t mic_len;
uint8_t expected[40];
uint8_t expected[MDATA_MAX_LEN];
} vectors[] = {
{
true, /* encrypt */
@ -150,7 +154,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f }, /* mdata */
20, /* mdata_len */
{}, /* mic */
0, /* mic_len */
{ 0x92, 0xe8, 0xad, 0xca, 0x53, 0x81, 0xbf, 0xd0,
0x5b, 0xdd, 0xf3, 0x61, 0x09, 0x09, 0x82, 0xe6,
@ -169,7 +172,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
26, /* adata_len */
{}, /* mdata */
0, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
8, /* mic_len */
{ 0x22, 0x3b, 0xc1, 0xec, 0x84, 0x1a, 0xb5, 0x53 } /* expected */
}, {
@ -186,7 +188,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f }, /* mdata */
20, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00 }, /* mic */
4, /* mic_len */
{ 0x92, 0xe8, 0xad, 0xca, 0x53, 0x81, 0xbf, 0xd0,
0x5b, 0xdd, 0xf3, 0x61, 0x09, 0x09, 0x82, 0xe6,
@ -204,7 +205,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x5b, 0xdd, 0xf3, 0x61, 0x09, 0x09, 0x82, 0xe6,
0x2c, 0x61, 0x01, 0x4e }, /* mdata */
20, /* mdata_len */
{}, /* mic */
0, /* mic_len */
{ 0x14, 0xaa, 0xbb, 0x00, 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
@ -223,7 +223,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
26, /* adata_len */
{ 0x22, 0x3b, 0xc1, 0xec, 0x84, 0x1a, 0xb5, 0x53 }, /* mdata */
8, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
8, /* mic_len */
{} /* expected */
}, {
@ -240,7 +239,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x5b, 0xdd, 0xf3, 0x61, 0x09, 0x09, 0x82, 0xe6,
0x2c, 0x61, 0x01, 0x4e, 0x7b, 0x34, 0x4f, 0x09 }, /* mdata */
24, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00 }, /* mic */
4, /* mic_len */
{ 0x14, 0xaa, 0xbb, 0x00, 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
@ -258,8 +256,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x12, 0x55, 0x06, 0x39, 0xb9, 0x1f, 0xb2, 0x57,
0x3e, 0x39, 0xa8, 0xeb, 0x5d, 0x80, 0x1d, 0xe8 }, /* mdata */
24, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0x63, 0x42, 0xb8, 0x70, 0x0e, 0xde, 0xc9, 0x7a,
0x96, 0x0e, 0xb1, 0x6e, 0x7c, 0xb1, 0xeb, 0x44,
@ -280,8 +276,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
32, /* adata_len */
{}, /* mdata */
0, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0x3b, 0xf9, 0xd9, 0x3a, 0xf6, 0xff, 0xac, 0x9a,
0xc8, 0x4c, 0xd3, 0x20, 0x2d, 0x4e, 0x0c, 0xc8 } /* expected */
@ -300,8 +294,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0xe6, 0x9c, 0x2a, 0x1f, 0x58, 0x93, 0x9d, 0xfe,
0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10 }, /* mdata */
24, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74,
0x87, 0xfd, 0x95, 0xa2, 0x8a, 0xd3, 0x92, 0xc8,
@ -324,7 +316,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0xe5, 0xd6, 0x25, 0x49, 0x59, 0xa1, 0x8a, 0xff,
0xc4, 0xfa, 0xf5, 0x9c, 0x8e, 0xf6, 0x34, 0x89 }, /* mdata */
24, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00 }, /* mic */
4, /* mic_len */
{ 0x13, 0x7d, 0x9d, 0xa5, 0x9b, 0xaf, 0x5c, 0xbf,
0xd4, 0x66, 0x20, 0xc5, 0xf2, 0x98, 0xfc, 0x76,
@ -345,8 +336,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0xb0, 0x90, 0x15, 0x5d, 0x34, 0xa7, 0x6c, 0x83,
0x24, 0xe5, 0x55, 0x0c, 0x3e, 0xf4, 0x26, 0xed }, /* mdata */
40, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0x39, 0xf0, 0x8a, 0x2a, 0xf1, 0xd8, 0xda, 0x62,
0x12, 0x55, 0x06, 0x39, 0xb9, 0x1f, 0xb2, 0x57,
@ -366,8 +355,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
{ 0x3b, 0xf9, 0xd9, 0x3a, 0xf6, 0xff, 0xac, 0x9a,
0xc8, 0x4c, 0xd3, 0x20, 0x2d, 0x4e, 0x0c, 0xc8 }, /* mdata */
16, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{} /* expected */
}, {
@ -387,8 +374,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7,
0x23, 0xdc, 0x07, 0x44, 0x14, 0xdb, 0x50, 0x6d }, /* mdata */
40, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f,
0xe6, 0x9c, 0x2a, 0x1f, 0x58, 0x93, 0x9d, 0xfe,
@ -410,7 +395,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x6d, 0xe1, 0x0a, 0xc6, 0x8e, 0x77, 0x4e, 0xdf,
0x1f, 0x2c, 0x5b, 0xad }, /* mdata */
28, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00 }, /* mic */
4, /* mic_len */
{ 0xee, 0x7e, 0x60, 0x75, 0xba, 0x52, 0x84, 0x6d,
0xe5, 0xd6, 0x25, 0x49, 0x59, 0xa1, 0x8a, 0xff,
@ -428,8 +412,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0xe7, 0x91, 0x11, 0x0f, 0xca, 0xea, 0x48, 0xe4,
0x1d, 0xb7, 0xc7, 0xf0, 0x98, 0xa8, 0x10, 0x00 }, /* mdata */
24, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0x55, 0xf0, 0x68, 0xc0, 0xbb, 0xba, 0x8b, 0x59,
0x80, 0x13, 0xdd, 0x18, 0x41, 0xfd, 0x74, 0x0f,
@ -450,8 +432,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
32, /* adata_len */
{}, /* mdata */
0, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0xca, 0x48, 0x2c, 0x67, 0x4b, 0x59, 0x90, 0x46,
0xcc, 0x7d, 0x7e, 0xe0, 0xd0, 0x0e, 0xec, 0x1e } /* expected */
@ -470,8 +450,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x7b, 0x5e, 0x01, 0x5e, 0xea, 0x14, 0x1c, 0xa1,
0xa8, 0x80, 0x20, 0xf2, 0xd5, 0xd6, 0xcc, 0x2c }, /* mdata */
24, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0x27, 0xed, 0x90, 0x66, 0x81, 0x74, 0xeb, 0xf8,
0x24, 0x1a, 0x3c, 0x74, 0xb3, 0x5e, 0x12, 0x46,
@ -494,7 +472,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x7e, 0xdb, 0xb6, 0x7f, 0x8a, 0xe4, 0x56, 0xb4,
0xea, 0x06, 0x6a, 0x4b, 0xee, 0xe0, 0x65, 0xf9 }, /* mdata */
24, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00 }, /* mic */
4, /* mic_len */
{ 0x9c, 0x8d, 0x5d, 0xd2, 0x27, 0xfd, 0x9f, 0x81,
0x23, 0x76, 0x01, 0x83, 0x0a, 0xfe, 0xe4, 0xf0,
@ -515,8 +492,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x93, 0x57, 0x53, 0xe6, 0x01, 0xb7, 0x9d, 0xb4,
0xae, 0x73, 0x0b, 0x6a, 0xe3, 0x50, 0x07, 0x31 }, /* mdata */
40, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0x30, 0xd5, 0x6f, 0xf2, 0xa2, 0x5b, 0x83, 0xfe,
0xe7, 0x91, 0x11, 0x0f, 0xca, 0xea, 0x48, 0xe4,
@ -536,8 +511,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
{ 0xca, 0x48, 0x2c, 0x67, 0x4b, 0x59, 0x90, 0x46,
0xcc, 0x7d, 0x7e, 0xe0, 0xd0, 0x0e, 0xec, 0x1e }, /* mdata */
16, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{} /* expected */
}, {
@ -557,8 +530,6 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x3b, 0xdb, 0x67, 0x06, 0x2a, 0x13, 0xef, 0x4e,
0x98, 0x6f, 0x5b, 0xb3, 0xd0, 0xbb, 0x43, 0x07 }, /* mdata */
40, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* mic */
16, /* mic_len */
{ 0x64, 0x4e, 0xb3, 0x4b, 0x9a, 0x12, 0x6e, 0x43,
0x7b, 0x5e, 0x01, 0x5e, 0xea, 0x14, 0x1c, 0xa1,
@ -580,13 +551,15 @@ PROCESS_THREAD(ccm_test_process, ev, data)
0x11, 0x56, 0x36, 0xc8, 0xe5, 0xd5, 0xfd, 0x74,
0x3c, 0xb9, 0xaf, 0xed }, /* mdata */
28, /* mdata_len */
{ 0x00, 0x00, 0x00, 0x00 }, /* mic */
4, /* mic_len */
{ 0x23, 0x90, 0x29, 0xf1, 0x50, 0xbc, 0xcb, 0xd6,
0x7e, 0xdb, 0xb6, 0x7f, 0x8a, 0xe4, 0x56, 0xb4,
0xea, 0x06, 0x6a, 0x4b, 0xee, 0xe0, 0x65, 0xf9 } /* expected */
}
};
static uint8_t adata[ADATA_MAX_LEN];
static uint8_t mdata[MDATA_MAX_LEN];
static uint8_t mic[MIC_MAX_LEN];
static int i;
static uint8_t key_size_index = -1, ret;
static rtimer_clock_t time, time2, total_time;
@ -622,13 +595,17 @@ PROCESS_THREAD(ccm_test_process, ev, data)
vectors[i].len_len, vectors[i].key_area,
vectors[i].adata_len, vectors[i].mdata_len, vectors[i].mic_len);
/* adata and mdata have to be in SRAM. */
rom_util_memcpy(adata, vectors[i].adata, vectors[i].adata_len);
rom_util_memcpy(mdata, vectors[i].mdata, vectors[i].mdata_len);
time = RTIMER_NOW();
if(vectors[i].encrypt) {
ret = ccm_auth_encrypt_start(vectors[i].len_len, vectors[i].key_area,
vectors[i].nonce, vectors[i].adata,
vectors[i].adata_len, vectors[i].mdata,
vectors[i].mdata_len, vectors[i].mic_len,
&ccm_test_process);
vectors[i].nonce, adata,
vectors[i].adata_len, mdata,
vectors[i].mdata_len, mdata,
vectors[i].mic_len, &ccm_test_process);
time2 = RTIMER_NOW();
time = time2 - time;
total_time = time;
@ -647,7 +624,7 @@ PROCESS_THREAD(ccm_test_process, ev, data)
(uint32_t)((uint64_t)time2 * 1000000 / RTIMER_SECOND));
time = RTIMER_NOW();
ret = ccm_auth_encrypt_get_result(vectors[i].mic, vectors[i].mic_len);
ret = ccm_auth_encrypt_get_result(mic, vectors[i].mic_len);
time = RTIMER_NOW() - time;
total_time += time;
printf("ccm_auth_encrypt_get_result(): %s, %lu us\n", str_res[ret],
@ -657,15 +634,13 @@ PROCESS_THREAD(ccm_test_process, ev, data)
continue;
}
if(rom_util_memcmp(vectors[i].mdata, vectors[i].expected,
vectors[i].mdata_len)) {
if(rom_util_memcmp(mdata, vectors[i].expected, vectors[i].mdata_len)) {
puts("Encrypted message does not match expected one");
} else {
puts("Encrypted message OK");
}
if(rom_util_memcmp(vectors[i].mic,
vectors[i].expected + vectors[i].mdata_len,
if(rom_util_memcmp(mic, vectors[i].expected + vectors[i].mdata_len,
vectors[i].mic_len)) {
puts("MIC does not match expected one");
} else {
@ -673,10 +648,10 @@ PROCESS_THREAD(ccm_test_process, ev, data)
}
} else {
ret = ccm_auth_decrypt_start(vectors[i].len_len, vectors[i].key_area,
vectors[i].nonce, vectors[i].adata,
vectors[i].adata_len, vectors[i].mdata,
vectors[i].mdata_len, vectors[i].mic_len,
&ccm_test_process);
vectors[i].nonce, adata,
vectors[i].adata_len, mdata,
vectors[i].mdata_len, mdata,
vectors[i].mic_len, &ccm_test_process);
time2 = RTIMER_NOW();
time = time2 - time;
total_time = time;
@ -695,8 +670,8 @@ PROCESS_THREAD(ccm_test_process, ev, data)
(uint32_t)((uint64_t)time2 * 1000000 / RTIMER_SECOND));
time = RTIMER_NOW();
ret = ccm_auth_decrypt_get_result(vectors[i].mdata, vectors[i].mdata_len,
vectors[i].mic, vectors[i].mic_len);
ret = ccm_auth_decrypt_get_result(mdata, vectors[i].mdata_len,
mic, vectors[i].mic_len);
time = RTIMER_NOW() - time;
total_time += time;
printf("ccm_auth_decrypt_get_result(): %s, %lu us\n", str_res[ret],
@ -706,7 +681,7 @@ PROCESS_THREAD(ccm_test_process, ev, data)
continue;
}
if(rom_util_memcmp(vectors[i].mdata, vectors[i].expected,
if(rom_util_memcmp(mdata, vectors[i].expected,
vectors[i].mdata_len - vectors[i].mic_len)) {
puts("Decrypted message does not match expected one");
} else {

View File

@ -0,0 +1,662 @@
/*
* Copyright (c) 2015, Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/**
* \addtogroup cc2538-examples
* @{
*
* \defgroup cc2538-ecb-test cc2538dk AES-ECB Test Project
*
* AES-ECB access example for CC2538 on SmartRF06EB.
*
* This example shows how AES-ECB should be used. The example also verifies
* the AES-ECB functionality.
*
* @{
*
* \file
* Example demonstrating AES-ECB on the cc2538dk platform
*/
#include "contiki.h"
#include "sys/rtimer.h"
#include "dev/rom-util.h"
#include "dev/ecb.h"
#include <stdbool.h>
#include <stdio.h>
#include <stdint.h>
/*---------------------------------------------------------------------------*/
#define MDATA_MAX_LEN 160
/*---------------------------------------------------------------------------*/
PROCESS(ecb_test_process, "ecb test process");
AUTOSTART_PROCESSES(&ecb_test_process);
/*---------------------------------------------------------------------------*/
PROCESS_THREAD(ecb_test_process, ev, data)
{
static const char *const str_res[] = {
"success",
"invalid param",
"NULL error",
"resource in use",
"DMA bus error",
"keystore read error",
"keystore write error",
"authentication failed"
};
static const uint8_t keys128[][128 / 8] = {
{ 0xed, 0xfd, 0xb2, 0x57, 0xcb, 0x37, 0xcd, 0xf1,
0x82, 0xc5, 0x45, 0x5b, 0x0c, 0x0e, 0xfe, 0xbb },
{ 0xef, 0x60, 0xfb, 0x14, 0x00, 0xc8, 0x39, 0x36,
0x41, 0x4a, 0x25, 0x65, 0x1e, 0xb5, 0x1a, 0x1b },
{ 0x00, 0xcc, 0x73, 0xc9, 0x90, 0xd3, 0x76, 0xb8,
0x22, 0x46, 0xe4, 0x5e, 0xa3, 0xae, 0x2e, 0x37 },
{ 0xeb, 0xea, 0x9c, 0x6a, 0x82, 0x21, 0x3a, 0x00,
0xac, 0x1d, 0x22, 0xfa, 0xea, 0x22, 0x11, 0x6f },
{ 0x54, 0xb7, 0x60, 0xdd, 0x29, 0x68, 0xf0, 0x79,
0xac, 0x1d, 0x5d, 0xd2, 0x06, 0x26, 0x44, 0x5d },
{ 0x9b, 0xa8, 0x52, 0x52, 0x0c, 0x9f, 0xd1, 0xeb,
0x36, 0x7b, 0x6a, 0xd2, 0xae, 0xd0, 0x7a, 0xbd },
{ 0x8e, 0xc6, 0xa5, 0xa0, 0x54, 0xfe, 0xa2, 0xfc,
0x8d, 0xaf, 0xb5, 0x93, 0x9a, 0x4b, 0xd7, 0x88 },
{ 0x44, 0xf0, 0xee, 0x62, 0x6d, 0x04, 0x46, 0xe0,
0xa3, 0x92, 0x4c, 0xfb, 0x07, 0x89, 0x44, 0xbb }
};
static const uint8_t keys192[][192 / 8] = {
{ 0x61, 0x39, 0x6c, 0x53, 0x0c, 0xc1, 0x74, 0x9a,
0x5b, 0xab, 0x6f, 0xbc, 0xf9, 0x06, 0xfe, 0x67,
0x2d, 0x0c, 0x4a, 0xb2, 0x01, 0xaf, 0x45, 0x54 },
{ 0x4f, 0x41, 0xfa, 0x4d, 0x4a, 0x25, 0x10, 0x0b,
0x58, 0x65, 0x51, 0x82, 0x83, 0x73, 0xbc, 0xca,
0x55, 0x40, 0xc6, 0x8e, 0x9b, 0xf8, 0x45, 0x62 },
{ 0xf2, 0xd2, 0xb8, 0x22, 0x80, 0xc2, 0x59, 0x2e,
0xcf, 0xbc, 0xf5, 0x00, 0xae, 0x64, 0x70, 0x78,
0xc9, 0xc5, 0x76, 0x24, 0xcd, 0xe9, 0xbf, 0x6c },
{ 0x9c, 0xc2, 0x4e, 0xa1, 0xf1, 0x95, 0x9d, 0x9a,
0x97, 0x2e, 0x71, 0x82, 0xef, 0x3b, 0x4e, 0x22,
0xa9, 0x7a, 0x87, 0xd0, 0xda, 0x7f, 0xf6, 0x4b }
};
static const uint8_t keys256[][256 / 8] = {
{ 0xcc, 0x22, 0xda, 0x78, 0x7f, 0x37, 0x57, 0x11,
0xc7, 0x63, 0x02, 0xbe, 0xf0, 0x97, 0x9d, 0x8e,
0xdd, 0xf8, 0x42, 0x82, 0x9c, 0x2b, 0x99, 0xef,
0x3d, 0xd0, 0x4e, 0x23, 0xe5, 0x4c, 0xc2, 0x4b },
{ 0x44, 0xa2, 0xb5, 0xa7, 0x45, 0x3e, 0x49, 0xf3,
0x82, 0x61, 0x90, 0x4f, 0x21, 0xac, 0x79, 0x76,
0x41, 0xd1, 0xbc, 0xd8, 0xdd, 0xed, 0xd2, 0x93,
0xf3, 0x19, 0x44, 0x9f, 0xe6, 0x3b, 0x29, 0x48 },
{ 0xa8, 0x1f, 0xd6, 0xca, 0x56, 0x68, 0x3d, 0x0f,
0x54, 0x45, 0x65, 0x9d, 0xde, 0x4d, 0x99, 0x5d,
0xc6, 0x5f, 0x4b, 0xce, 0x20, 0x89, 0x63, 0x05,
0x3e, 0x28, 0xd7, 0xf2, 0xdf, 0x51, 0x7c, 0xe4 },
{ 0xc4, 0xa7, 0x1e, 0x05, 0x5a, 0x72, 0x54, 0xdd,
0xa3, 0x60, 0x69, 0x3f, 0xe1, 0xbe, 0x49, 0xf1,
0x0f, 0xaa, 0x67, 0x31, 0xc3, 0x6d, 0xba, 0xa6,
0x59, 0x0b, 0x05, 0x97, 0x4e, 0x18, 0x5c, 0x5b }
};
static const struct {
const void *keys;
uint8_t key_size;
uint8_t count;
} keys[] = {
{ keys128, AES_KEY_STORE_SIZE_KEY_SIZE_128,
sizeof(keys128) / sizeof(keys128[0]) },
{ keys192, AES_KEY_STORE_SIZE_KEY_SIZE_192,
sizeof(keys192) / sizeof(keys192[0]) },
{ keys256, AES_KEY_STORE_SIZE_KEY_SIZE_256,
sizeof(keys256) / sizeof(keys256[0]) }
};
static const struct {
bool encrypt;
uint8_t key_size_index;
uint8_t key_area;
uint8_t mdata[MDATA_MAX_LEN];
uint16_t mdata_len;
uint8_t expected[MDATA_MAX_LEN];
} vectors[] = {
{
true, /* encrypt */
0, /* key_size_index */
0, /* key_area */
{ 0x16, 0x95, 0xfe, 0x47, 0x54, 0x21, 0xca, 0xce,
0x35, 0x57, 0xda, 0xca, 0x01, 0xf4, 0x45, 0xff }, /* mdata */
16, /* mdata_len */
{ 0x78, 0x88, 0xbe, 0xae, 0x6e, 0x7a, 0x42, 0x63,
0x32, 0xa7, 0xea, 0xa2, 0xf8, 0x08, 0xe6, 0x37 } /* expected */
}, {
true, /* encrypt */
0, /* key_size_index */
1, /* key_area */
{ 0x59, 0x35, 0x59, 0x31, 0x8c, 0xc6, 0x6b, 0xf6,
0x95, 0xe4, 0x9f, 0xeb, 0x42, 0x79, 0x4b, 0xdf,
0xb6, 0x6b, 0xce, 0x89, 0x5e, 0xc2, 0x22, 0xca,
0x26, 0x09, 0xb1, 0x33, 0xec, 0xf6, 0x6a, 0xc7,
0x34, 0x4d, 0x13, 0x02, 0x1e, 0x01, 0xe1, 0x1a,
0x96, 0x9c, 0x46, 0x84, 0xcb, 0xe2, 0x0a, 0xba,
0xe2, 0xb1, 0x9d, 0x3c, 0xeb, 0x2c, 0xac, 0xd4,
0x14, 0x19, 0xf2, 0x1f, 0x1c, 0x86, 0x51, 0x49 }, /* mdata */
64, /* mdata_len */
{ 0x3e, 0xa6, 0xf4, 0x30, 0x52, 0x17, 0xbd, 0x47,
0xee, 0xbe, 0x77, 0x3d, 0xa4, 0xb5, 0x78, 0x54,
0x9c, 0xac, 0x74, 0x4c, 0x00, 0xcb, 0xd8, 0xf9,
0xd5, 0x96, 0xd3, 0x80, 0x10, 0x30, 0x4b, 0xd8,
0x50, 0xcc, 0x2f, 0x4b, 0x19, 0xa9, 0x1c, 0x2e,
0x02, 0x2e, 0xab, 0xf1, 0x00, 0x26, 0x61, 0x85,
0xca, 0x27, 0x05, 0x12, 0x78, 0x15, 0xdf, 0xd4,
0x6e, 0xfb, 0xe4, 0xec, 0xd4, 0x6a, 0x30, 0x58 } /* expected */
}, {
true, /* encrypt */
0, /* key_size_index */
2, /* key_area */
{ 0x37, 0xa1, 0x20, 0x5e, 0xa9, 0x29, 0x35, 0x5d,
0x2e, 0x4e, 0xe5, 0x2d, 0x5e, 0x1d, 0x9c, 0xda,
0x27, 0x9a, 0xe0, 0x1e, 0x64, 0x02, 0x87, 0xcc,
0xb1, 0x53, 0x27, 0x6e, 0x7e, 0x0e, 0xcf, 0x2d,
0x63, 0x3c, 0xf4, 0xf2, 0xb3, 0xaf, 0xae, 0xcb,
0x54, 0x8a, 0x25, 0x90, 0xce, 0x04, 0x45, 0xc6,
0xa1, 0x68, 0xba, 0xc3, 0xdc, 0x60, 0x18, 0x13,
0xeb, 0x74, 0x59, 0x1b, 0xb1, 0xce, 0x8d, 0xfc,
0xd7, 0x40, 0xcd, 0xbb, 0x63, 0x88, 0x71, 0x9e,
0x8c, 0xd2, 0x83, 0xd9, 0xcc, 0x7e, 0x73, 0x69,
0x38, 0x24, 0x0b, 0x41, 0x0d, 0xd5, 0xa6, 0xa4,
0x8b, 0xa4, 0x9d, 0xd2, 0x06, 0x65, 0x03, 0xe6,
0x3a, 0xb5, 0x92, 0xff, 0xdf, 0x3b, 0xe4, 0x9e,
0x7d, 0x2d, 0xe7, 0x4f, 0x82, 0x15, 0x8b, 0x8c }, /* mdata */
112, /* mdata_len */
{ 0xc8, 0x8e, 0x03, 0x38, 0x3b, 0xa9, 0xda, 0x6f,
0x98, 0x2c, 0x05, 0x7f, 0xe9, 0x2c, 0x0b, 0xb3,
0xed, 0x5b, 0x9c, 0xd1, 0x82, 0x95, 0xa1, 0x00,
0xe1, 0x3a, 0x4e, 0x12, 0xd4, 0x40, 0xb9, 0x19,
0xbb, 0xb8, 0xb2, 0x21, 0xab, 0xea, 0xd3, 0x62,
0x90, 0x2c, 0xe4, 0x4d, 0x30, 0xd0, 0xb8, 0x0e,
0x56, 0xbe, 0xe1, 0xf6, 0x6a, 0x7d, 0x8d, 0xe0,
0xb1, 0xe1, 0xb4, 0xdb, 0xf7, 0x6c, 0x90, 0xc1,
0x80, 0x7a, 0x3b, 0xc5, 0xf2, 0x77, 0xe9, 0x81,
0x4c, 0x82, 0xab, 0x12, 0x0f, 0x7e, 0x10, 0x21,
0x7d, 0xfd, 0xf6, 0x09, 0x2c, 0xe4, 0x95, 0x8f,
0x89, 0x06, 0xc5, 0xe3, 0x22, 0x79, 0xc6, 0x53,
0x7d, 0xd1, 0xfb, 0xae, 0x20, 0xcb, 0x7a, 0x1d,
0x9f, 0x89, 0xd0, 0x49, 0x0b, 0x6a, 0xef, 0xc1 } /* expected */
}, {
true, /* encrypt */
0, /* key_size_index */
3, /* key_area */
{ 0x45, 0x1f, 0x45, 0x66, 0x3b, 0x44, 0xfd, 0x00,
0x5f, 0x3c, 0x28, 0x8a, 0xe5, 0x7b, 0x38, 0x38,
0x83, 0xf0, 0x2d, 0x9a, 0xd3, 0xdc, 0x17, 0x15,
0xf9, 0xe3, 0xd6, 0x94, 0x85, 0x64, 0x25, 0x7b,
0x9b, 0x06, 0xd7, 0xdd, 0x51, 0x93, 0x5f, 0xee,
0x58, 0x0a, 0x96, 0xbb, 0xdf, 0xef, 0xb9, 0x18,
0xb4, 0xe6, 0xb1, 0xda, 0xac, 0x80, 0x98, 0x47,
0x46, 0x55, 0x78, 0xcb, 0x8b, 0x53, 0x56, 0xed,
0x38, 0x55, 0x6f, 0x80, 0x1f, 0xf7, 0xc1, 0x1e,
0xcb, 0xa9, 0xcd, 0xd2, 0x63, 0x03, 0x9c, 0x15,
0xd0, 0x59, 0x00, 0xfc, 0x22, 0x8e, 0x1c, 0xaf,
0x30, 0x2d, 0x26, 0x1d, 0x7f, 0xb5, 0x6c, 0xee,
0x66, 0x35, 0x95, 0xb9, 0x6f, 0x19, 0x2a, 0x78,
0xff, 0x44, 0x55, 0x39, 0x3a, 0x5f, 0xe8, 0x16,
0x21, 0x70, 0xa0, 0x66, 0xfd, 0xae, 0xac, 0x35,
0x01, 0x94, 0x69, 0xf2, 0x2b, 0x34, 0x70, 0x68,
0x6b, 0xce, 0xd2, 0xf0, 0x07, 0xa1, 0xa2, 0xe4,
0x3e, 0x01, 0xb4, 0x56, 0x2c, 0xaa, 0xa5, 0x02,
0xed, 0x54, 0x1b, 0x82, 0x05, 0x87, 0x4e, 0xc1,
0xff, 0xb1, 0xc8, 0xb2, 0x55, 0x76, 0x69, 0x42 }, /* mdata */
160, /* mdata_len */
{ 0x01, 0x04, 0x30, 0x53, 0xf8, 0x32, 0xef, 0x9b,
0x91, 0x1e, 0xd3, 0x87, 0xba, 0x57, 0x74, 0x51,
0xe3, 0x0d, 0x51, 0xd4, 0xb6, 0xb1, 0x1f, 0x31,
0x9d, 0x4c, 0xd5, 0x39, 0xd0, 0x67, 0xb7, 0xf4,
0xf9, 0xb4, 0xf4, 0x1f, 0x7f, 0x3d, 0x4e, 0x92,
0x0c, 0x57, 0xcb, 0xe2, 0xb5, 0xe1, 0x88, 0x5a,
0xa6, 0x62, 0x03, 0xae, 0x49, 0x3e, 0x93, 0xa1,
0xdf, 0x63, 0x79, 0x3a, 0x95, 0x63, 0xc1, 0x76,
0xbc, 0x67, 0x75, 0xdd, 0x09, 0xcc, 0x91, 0x61,
0xe2, 0x78, 0xa0, 0x1b, 0xeb, 0x8f, 0xd8, 0xa1,
0x92, 0x00, 0x32, 0x6b, 0xd9, 0x5a, 0xbc, 0x5f,
0x71, 0x67, 0x68, 0xe3, 0x4f, 0x90, 0xb5, 0x05,
0x23, 0xd3, 0x0f, 0xda, 0xbb, 0x10, 0x3a, 0x3b,
0xc0, 0x20, 0xaf, 0xbb, 0xb0, 0xcb, 0x3b, 0xd2,
0xad, 0x51, 0x2a, 0x6f, 0xea, 0x79, 0xf8, 0xd6,
0x4c, 0xef, 0x34, 0x74, 0x58, 0xde, 0xc4, 0x8b,
0xe8, 0x94, 0x51, 0xcb, 0x0b, 0x80, 0x7d, 0x73,
0x59, 0x3f, 0x27, 0x3d, 0x9f, 0xc5, 0x21, 0xb7,
0x89, 0xa7, 0x75, 0x24, 0x40, 0x4f, 0x43, 0xe0,
0x0f, 0x20, 0xb3, 0xb7, 0x7b, 0x93, 0x8b, 0x1a } /* expected */
}, {
false, /* encrypt */
0, /* key_size_index */
4, /* key_area */
{ 0x06, 0x5b, 0xd5, 0xa9, 0x54, 0x0d, 0x22, 0xd5,
0xd7, 0xb0, 0xf7, 0x5d, 0x66, 0xcb, 0x8b, 0x30 }, /* mdata */
16, /* mdata_len */
{ 0x46, 0xf2, 0xc9, 0x89, 0x32, 0x34, 0x9c, 0x33,
0x8e, 0x9d, 0x67, 0xf7, 0x44, 0xa1, 0xc9, 0x88 } /* expected */
}, {
false, /* encrypt */
0, /* key_size_index */
5, /* key_area */
{ 0x6c, 0x53, 0x48, 0x9f, 0x6a, 0x4b, 0xd0, 0xf7,
0xcd, 0x15, 0xd2, 0x0f, 0x6e, 0xbc, 0x7e, 0x64,
0x9f, 0xd9, 0x5b, 0x76, 0xb1, 0x07, 0xe6, 0xda,
0xba, 0x96, 0x7c, 0x8a, 0x94, 0x84, 0x79, 0x7f,
0x29, 0xa8, 0xa2, 0x82, 0xee, 0x31, 0xc0, 0x3f,
0xae, 0x4f, 0x8e, 0x9b, 0x89, 0x30, 0xd5, 0x47,
0x3c, 0x2e, 0xd6, 0x95, 0xa3, 0x47, 0xe8, 0x8b,
0x7c, 0xcd, 0x62, 0x37, 0x6d, 0x5e, 0xbb, 0x41 }, /* mdata */
64, /* mdata_len */
{ 0x60, 0x61, 0xdf, 0x5b, 0xcd, 0x42, 0x1f, 0xab,
0xdb, 0x52, 0x35, 0xfc, 0x03, 0x25, 0x02, 0x65,
0x04, 0x48, 0xfd, 0x82, 0x33, 0xa0, 0x23, 0x7c,
0x5f, 0x6f, 0x24, 0x9a, 0x63, 0xd7, 0xdb, 0x3e,
0x42, 0x83, 0xac, 0x9a, 0x86, 0x84, 0xa3, 0x63,
0xef, 0x64, 0xe7, 0x60, 0xc5, 0x88, 0x65, 0x64,
0x65, 0x9d, 0xa6, 0x19, 0x46, 0x68, 0x51, 0x56,
0x8b, 0x32, 0x09, 0x1d, 0xf5, 0x51, 0x6f, 0x57 } /* expected */
}, {
false, /* encrypt */
0, /* key_size_index */
6, /* key_area */
{ 0x4d, 0x6f, 0x97, 0x29, 0x46, 0xa2, 0xe4, 0xca,
0x05, 0xbf, 0xbe, 0xec, 0xd0, 0x05, 0x35, 0xec,
0xe6, 0xc8, 0x1e, 0xd9, 0x63, 0xc4, 0x16, 0x70,
0x63, 0xb1, 0xc3, 0x4b, 0x6a, 0x18, 0x5d, 0x55,
0x04, 0x64, 0x6d, 0x81, 0xa8, 0x3c, 0xd5, 0xbc,
0xe2, 0x10, 0x11, 0x20, 0xb2, 0xf2, 0xbc, 0x6a,
0x2f, 0xa8, 0x56, 0xae, 0x6f, 0xff, 0x44, 0x49,
0xab, 0x62, 0x18, 0x18, 0x9f, 0xaa, 0x13, 0xe7,
0x30, 0x38, 0xe8, 0x2c, 0x51, 0x41, 0xc3, 0xf6,
0x27, 0x6a, 0x8a, 0x20, 0x6b, 0x95, 0x63, 0xca,
0x11, 0xfa, 0x76, 0x09, 0x27, 0x79, 0xf4, 0xde,
0xff, 0x2e, 0x58, 0x65, 0x90, 0x47, 0xed, 0x4f,
0x1a, 0x12, 0x90, 0x92, 0x09, 0x5a, 0xb7, 0x5f,
0x1c, 0xf4, 0xb2, 0x55, 0xc6, 0x95, 0x31, 0xf4 }, /* mdata */
112, /* mdata_len */
{ 0x6e, 0x19, 0xce, 0xc7, 0x75, 0x59, 0x5c, 0x2f,
0x76, 0x8d, 0xe3, 0xbd, 0xa3, 0x68, 0x2f, 0xb4,
0x02, 0x6e, 0xd1, 0x88, 0x9f, 0xc3, 0xde, 0x11,
0xbc, 0x45, 0xa2, 0xa3, 0xe2, 0xb2, 0x26, 0x94,
0xdd, 0xaa, 0xb3, 0x27, 0x4c, 0x81, 0xb2, 0x92,
0x04, 0xfa, 0x03, 0x4e, 0xed, 0xac, 0x56, 0x4a,
0x7d, 0xfe, 0x27, 0xaa, 0xbb, 0x6f, 0xf4, 0x20,
0xf9, 0xaa, 0x5a, 0xba, 0xdf, 0x15, 0xc7, 0x46,
0x76, 0xef, 0xea, 0xbd, 0x96, 0xa7, 0xff, 0x24,
0x91, 0x81, 0x3b, 0xa5, 0x3c, 0xb5, 0xab, 0x76,
0xea, 0xcd, 0x37, 0x25, 0x5a, 0x28, 0xda, 0xec,
0xbb, 0xe5, 0x80, 0xf5, 0xeb, 0x77, 0xf9, 0xbc,
0x03, 0x39, 0xe0, 0xda, 0x59, 0xb2, 0xb3, 0x07,
0xf5, 0x29, 0x74, 0xb6, 0x18, 0x2c, 0xb1, 0x06 } /* expected */
}, {
false, /* encrypt */
0, /* key_size_index */
7, /* key_area */
{ 0x93, 0x1b, 0x2f, 0x5f, 0x3a, 0x58, 0x20, 0xd5,
0x3a, 0x6b, 0xea, 0xaa, 0x64, 0x31, 0x08, 0x3a,
0x34, 0x88, 0xf4, 0xeb, 0x03, 0xb0, 0xf5, 0xb5,
0x7e, 0xf8, 0x38, 0xe1, 0x57, 0x96, 0x23, 0x10,
0x3b, 0xd6, 0xe6, 0x80, 0x03, 0x77, 0x53, 0x8b,
0x2e, 0x51, 0xef, 0x70, 0x8f, 0x3c, 0x49, 0x56,
0x43, 0x2e, 0x8a, 0x8e, 0xe6, 0xa3, 0x4e, 0x19,
0x06, 0x42, 0xb2, 0x6a, 0xd8, 0xbd, 0xae, 0x6c,
0x2a, 0xf9, 0xa6, 0xc7, 0x99, 0x6f, 0x3b, 0x60,
0x04, 0xd2, 0x67, 0x1e, 0x41, 0xf1, 0xc9, 0xf4,
0x0e, 0xe0, 0x3d, 0x1c, 0x4a, 0x52, 0xb0, 0xa0,
0x65, 0x4a, 0x33, 0x1f, 0x15, 0xf3, 0x4d, 0xce,
0x4a, 0xcb, 0x96, 0xbd, 0x65, 0x07, 0x81, 0x5c,
0xa4, 0x34, 0x7a, 0x3d, 0xe1, 0x1a, 0x31, 0x1b,
0x7d, 0xe5, 0x35, 0x1c, 0x97, 0x87, 0xc4, 0x53,
0x81, 0x58, 0xe2, 0x89, 0x74, 0xff, 0xa8, 0x3d,
0x82, 0x96, 0xdf, 0xe9, 0xcd, 0x09, 0xcd, 0x87,
0xf7, 0xbf, 0x4f, 0x54, 0xd9, 0x7d, 0x28, 0xd4,
0x78, 0x87, 0x99, 0x16, 0x34, 0x08, 0x32, 0x39,
0x43, 0xb3, 0xe7, 0x2f, 0x5e, 0xab, 0x66, 0xc1 }, /* mdata */
160, /* mdata_len */
{ 0x9c, 0x29, 0xee, 0xcb, 0x2d, 0xe0, 0x42, 0x54,
0xfa, 0xfb, 0x89, 0x6a, 0x99, 0x41, 0x02, 0xd1,
0xda, 0x30, 0xdd, 0xb4, 0x9d, 0x82, 0x72, 0x8e,
0xb2, 0x3d, 0xbd, 0x02, 0x99, 0x01, 0xe9, 0xb7,
0x5b, 0x3d, 0x0a, 0xee, 0x03, 0xf7, 0xa0, 0x5f,
0x6c, 0x85, 0x2d, 0x8f, 0xad, 0xa0, 0xb5, 0xc2,
0x8e, 0x8c, 0x9a, 0xed, 0x33, 0x4f, 0xad, 0x11,
0x82, 0x9d, 0xf3, 0xdf, 0xad, 0xc5, 0xc2, 0xe4,
0x71, 0xeb, 0x41, 0xaf, 0x9e, 0x48, 0xa8, 0xa4,
0x65, 0xe0, 0x3d, 0x5e, 0xbd, 0xb0, 0x21, 0x69,
0x15, 0x08, 0x1f, 0x3b, 0x5a, 0x0e, 0xbb, 0x23,
0x08, 0xdf, 0xc2, 0xd2, 0x8e, 0x5a, 0x8b, 0xa3,
0xf3, 0x2a, 0xda, 0xe4, 0xc3, 0x57, 0x59, 0x21,
0xbc, 0x65, 0x7b, 0x63, 0xd4, 0x6b, 0xa5, 0xa6,
0x18, 0x88, 0x0e, 0xe9, 0xad, 0x8a, 0xf3, 0xfb,
0xa5, 0x64, 0x3a, 0x50, 0x26, 0xfa, 0xcd, 0x7d,
0x66, 0x7c, 0xe5, 0x99, 0x32, 0x7f, 0x93, 0x6c,
0xdd, 0xa7, 0xe1, 0xbb, 0x74, 0x2a, 0x33, 0xa0,
0x19, 0x99, 0x0b, 0x76, 0xbe, 0x64, 0x8a, 0x6e,
0xc7, 0x25, 0xda, 0xed, 0x54, 0x0e, 0xd9, 0xe7 } /* expected */
}, {
true, /* encrypt */
1, /* key_size_index */
0, /* key_area */
{ 0x60, 0xbc, 0xdb, 0x94, 0x16, 0xba, 0xc0, 0x8d,
0x7f, 0xd0, 0xd7, 0x80, 0x35, 0x37, 0x40, 0xa5 }, /* mdata */
16, /* mdata_len */
{ 0x24, 0xf4, 0x0c, 0x4e, 0xec, 0xd9, 0xc4, 0x98,
0x25, 0x00, 0x0f, 0xcb, 0x49, 0x72, 0x64, 0x7a } /* expected */
}, {
true, /* encrypt */
1, /* key_size_index */
2, /* key_area */
{ 0x7c, 0x72, 0x7b, 0xd3, 0xe7, 0x04, 0x8e, 0x7a,
0x89, 0x95, 0xb7, 0xb1, 0x16, 0x9a, 0xe4, 0xb5,
0xa5, 0x5e, 0x85, 0x4b, 0xb4, 0xf7, 0xa9, 0x57,
0x6d, 0x78, 0x63, 0xab, 0x28, 0x68, 0x73, 0x1d,
0x30, 0x73, 0x22, 0xdc, 0xca, 0x60, 0x6e, 0x04,
0x73, 0x43, 0x67, 0x6f, 0x6a, 0xf4, 0xd9, 0xcf,
0x6e, 0xbf, 0x2b, 0xf9, 0xc9, 0x5d, 0x87, 0x84,
0x8d, 0x23, 0x3c, 0x93, 0x1e, 0x7a, 0x60, 0xef,
0xf0, 0x8f, 0xb9, 0x59, 0x92, 0x4c, 0xde, 0x1e,
0xec, 0x86, 0x99, 0xeb, 0xc5, 0x78, 0x90, 0xe3,
0x88, 0x70, 0x24, 0xef, 0x47, 0xc8, 0x9a, 0x55,
0x00, 0x18, 0x78, 0x8d, 0x1f, 0xaa, 0x32, 0x50,
0x45, 0x2e, 0x06, 0xf1, 0x48, 0xaf, 0x25, 0xf0,
0x7b, 0xc6, 0x13, 0xcd, 0x2f, 0x0e, 0x50, 0x1a,
0x79, 0xd7, 0x38, 0xd4, 0x36, 0x1f, 0x28, 0xf3,
0x4d, 0xbe, 0xe2, 0x40, 0x34, 0xe0, 0x33, 0x67,
0xb6, 0xb8, 0xd3, 0x4d, 0xf3, 0x73, 0x8c, 0xa3,
0xa8, 0x6b, 0x9e, 0xbc, 0xb0, 0x9e, 0x63, 0x9b,
0xcb, 0x5e, 0x2f, 0x51, 0x9f, 0x4a, 0x7a, 0x86,
0xfc, 0x7c, 0x41, 0x55, 0x64, 0x04, 0xa9, 0x5d }, /* mdata */
160, /* mdata_len */
{ 0x92, 0x28, 0x12, 0xad, 0x5f, 0xea, 0xcd, 0xf1,
0x1f, 0xe7, 0xfd, 0xae, 0x96, 0x30, 0x01, 0x49,
0x41, 0x9e, 0x31, 0xcf, 0xf5, 0x40, 0x61, 0xb3,
0xc5, 0xed, 0x27, 0xfd, 0xb8, 0xb5, 0x0c, 0x9c,
0x09, 0x32, 0xb5, 0x22, 0xa6, 0xc0, 0x4e, 0x48,
0x24, 0x99, 0xb0, 0x11, 0xef, 0x3c, 0x3e, 0x9d,
0xc5, 0x6a, 0x1a, 0x61, 0xcf, 0xeb, 0x78, 0xb3,
0x40, 0x32, 0xd2, 0x6d, 0xbd, 0xc3, 0xca, 0xc5,
0x1a, 0x32, 0x79, 0xbc, 0x93, 0x4b, 0x9b, 0xce,
0x2d, 0x9c, 0x19, 0xbf, 0x85, 0x82, 0x35, 0x61,
0x3b, 0xa7, 0x84, 0xe4, 0x8e, 0x29, 0x2d, 0x22,
0xc6, 0xb5, 0xa2, 0x8e, 0x1d, 0x1b, 0xb8, 0x60,
0x52, 0x4f, 0xb7, 0xb5, 0xf9, 0xb3, 0xd9, 0xa5,
0xf4, 0xda, 0x66, 0xe3, 0x40, 0x58, 0x5b, 0xd2,
0x49, 0x6f, 0xe6, 0xd6, 0x94, 0x2d, 0xb8, 0xd0,
0x5d, 0x71, 0x6f, 0xec, 0x03, 0xb1, 0x7d, 0x19,
0xab, 0xb5, 0x8b, 0x33, 0x33, 0x2e, 0x24, 0xbe,
0xae, 0xc7, 0x99, 0x5d, 0x69, 0x52, 0x53, 0x64,
0xfe, 0x13, 0x9a, 0xa1, 0xfd, 0x62, 0x05, 0x46,
0x68, 0xc5, 0x8f, 0x23, 0xf1, 0xf9, 0x4c, 0xfd } /* expected */
}, {
false, /* encrypt */
1, /* key_size_index */
4, /* key_area */
{ 0x21, 0xc8, 0x22, 0x9a, 0x4d, 0xce, 0xaf, 0x53,
0x3f, 0xe4, 0xe9, 0x6e, 0xce, 0xd4, 0x82, 0xa6 }, /* mdata */
16, /* mdata_len */
{ 0x49, 0xaa, 0xbe, 0x67, 0xda, 0x53, 0x22, 0xb6,
0xe1, 0x1d, 0x63, 0xb7, 0x8b, 0x5a, 0x0e, 0x15 } /* expected */
}, {
false, /* encrypt */
1, /* key_size_index */
6, /* key_area */
{ 0x95, 0x2f, 0x45, 0x46, 0xa8, 0xbf, 0x71, 0x66,
0x96, 0x49, 0x17, 0xec, 0xe0, 0x1b, 0xda, 0x3c,
0x68, 0x57, 0xe4, 0x27, 0xce, 0xf5, 0xda, 0x0f,
0xf9, 0x0b, 0x0e, 0x4b, 0xf4, 0x4c, 0xf7, 0xcc,
0xfc, 0xcf, 0xdf, 0x01, 0xd7, 0x13, 0xdc, 0xf9,
0x67, 0x3f, 0x01, 0xc8, 0x7e, 0xae, 0xd5, 0x2b,
0xf4, 0xaa, 0x04, 0x6f, 0xf7, 0x78, 0x55, 0x8e,
0xa3, 0x96, 0xdc, 0x9c, 0xd2, 0x40, 0x71, 0x61,
0x36, 0x38, 0x61, 0x48, 0xa5, 0xc7, 0x63, 0x78,
0xb3, 0xff, 0xcd, 0x40, 0x86, 0x44, 0x07, 0xb8,
0xe6, 0x0b, 0x40, 0xa5, 0x94, 0xe0, 0x61, 0x9e,
0xdd, 0xae, 0x3f, 0x6d, 0x6e, 0x3b, 0x15, 0xb8,
0x6a, 0xf2, 0x31, 0xe1, 0xba, 0xe5, 0xed, 0x2a,
0xa5, 0x12, 0xe1, 0x1d, 0xa0, 0xe5, 0x57, 0x2b,
0x67, 0xff, 0xff, 0x93, 0x4c, 0x36, 0xe5, 0x85,
0xcf, 0xdd, 0x9f, 0x87, 0x70, 0x45, 0xcb, 0x19,
0xc1, 0x83, 0xb9, 0x94, 0xbf, 0x74, 0x64, 0x58,
0x62, 0xff, 0xa7, 0x26, 0x73, 0x9a, 0xad, 0xcb,
0x9e, 0x10, 0xaa, 0xff, 0xc8, 0x81, 0xc8, 0x8c,
0xa3, 0xaa, 0x65, 0xb3, 0x7f, 0x66, 0x7b, 0xcb }, /* mdata */
160, /* mdata_len */
{ 0xb8, 0xbb, 0x5c, 0xe5, 0x3a, 0x15, 0xaa, 0x6d,
0xfd, 0xf2, 0xcb, 0x61, 0xbc, 0x8e, 0x36, 0x17,
0xd1, 0xd0, 0xfe, 0xfe, 0x9b, 0xa5, 0xd1, 0x75,
0x55, 0x04, 0x70, 0xe3, 0x23, 0x97, 0xf6, 0xf3,
0xb3, 0xe6, 0x5b, 0x43, 0xbd, 0xed, 0x2b, 0x21,
0xe5, 0xc1, 0x81, 0xd3, 0xc4, 0xc4, 0xc5, 0x26,
0xc4, 0x1c, 0xea, 0xb0, 0x44, 0x28, 0x95, 0x08,
0x45, 0x80, 0x48, 0xb6, 0x33, 0x52, 0xdf, 0xc3,
0x79, 0xde, 0x37, 0x3f, 0xd1, 0x9a, 0x2c, 0x90,
0x0c, 0x43, 0x52, 0x4b, 0x75, 0x94, 0x9e, 0x67,
0x7c, 0xce, 0xda, 0x86, 0x6f, 0x7f, 0x2b, 0xcc,
0x48, 0x44, 0xef, 0x2e, 0x5d, 0xac, 0x5b, 0x80,
0x4b, 0x40, 0x45, 0xe6, 0x57, 0xc8, 0x15, 0x6d,
0x1d, 0xcd, 0xb4, 0x3c, 0xbf, 0x2f, 0x5e, 0x00,
0xa4, 0xf9, 0x25, 0x5e, 0x3b, 0xe2, 0x43, 0x94,
0x36, 0xc4, 0xd0, 0x44, 0x9a, 0x8d, 0x2c, 0x4c,
0x1a, 0x56, 0xbe, 0xce, 0x98, 0xea, 0x0f, 0xd6,
0x8a, 0xba, 0xf1, 0x23, 0x98, 0x03, 0x99, 0x94,
0xae, 0xbf, 0xfc, 0x69, 0x2b, 0x90, 0x00, 0xe5,
0x80, 0x47, 0x9b, 0x4f, 0x4b, 0x28, 0xb5, 0xfe } /* expected */
}, {
true, /* encrypt */
2, /* key_size_index */
0, /* key_area */
{ 0xcc, 0xc6, 0x2c, 0x6b, 0x0a, 0x09, 0xa6, 0x71,
0xd6, 0x44, 0x56, 0x81, 0x8d, 0xb2, 0x9a, 0x4d }, /* mdata */
16, /* mdata_len */
{ 0xdf, 0x86, 0x34, 0xca, 0x02, 0xb1, 0x3a, 0x12,
0x5b, 0x78, 0x6e, 0x1d, 0xce, 0x90, 0x65, 0x8b } /* expected */
}, {
true, /* encrypt */
2, /* key_size_index */
2, /* key_area */
{ 0xc9, 0x1b, 0x8a, 0x7b, 0x9c, 0x51, 0x17, 0x84,
0xb6, 0xa3, 0x7f, 0x73, 0xb2, 0x90, 0x51, 0x6b,
0xb9, 0xef, 0x1e, 0x8d, 0xf6, 0x8d, 0x89, 0xbf,
0x49, 0x16, 0x9e, 0xac, 0x40, 0x39, 0x65, 0x0c,
0x43, 0x07, 0xb6, 0x26, 0x0e, 0x9c, 0x4e, 0x93,
0x65, 0x02, 0x23, 0x44, 0x02, 0x52, 0xf5, 0xc7,
0xd3, 0x1c, 0x26, 0xc5, 0x62, 0x09, 0xcb, 0xd0,
0x95, 0xbf, 0x03, 0x5b, 0x97, 0x05, 0x88, 0x0a,
0x16, 0x28, 0x83, 0x2d, 0xaf, 0x9d, 0xa5, 0x87,
0xa6, 0xe7, 0x73, 0x53, 0xdb, 0xbc, 0xe1, 0x89,
0xf9, 0x63, 0x23, 0x5d, 0xf1, 0x60, 0xc0, 0x08,
0xa7, 0x53, 0xe8, 0xcc, 0xea, 0x1e, 0x07, 0x32,
0xaa, 0x46, 0x9a, 0x97, 0x65, 0x9c, 0x42, 0xe6,
0xe3, 0x1c, 0x16, 0xa7, 0x23, 0x15, 0x3e, 0x39,
0x95, 0x8a, 0xbe, 0x5b, 0x8a, 0xd8, 0x8f, 0xf2,
0xe8, 0x9a, 0xf4, 0x06, 0x22, 0xca, 0x0b, 0x0d,
0x67, 0x29, 0xa2, 0x6c, 0x1a, 0xe0, 0x4d, 0x3b,
0x83, 0x67, 0xb5, 0x48, 0xc4, 0xa6, 0x33, 0x5f,
0x0e, 0x5a, 0x9e, 0xc9, 0x14, 0xbb, 0x61, 0x13,
0xc0, 0x5c, 0xd0, 0x11, 0x25, 0x52, 0xbc, 0x21 }, /* mdata */
160, /* mdata_len */
{ 0x05, 0xd5, 0x1a, 0xf0, 0xe2, 0xb6, 0x1e, 0x2c,
0x06, 0xcb, 0x1e, 0x84, 0x3f, 0xee, 0x31, 0x72,
0x82, 0x5e, 0x63, 0xb5, 0xd1, 0xce, 0x81, 0x83,
0xb7, 0xe1, 0xdb, 0x62, 0x68, 0xdb, 0x5a, 0xa7,
0x26, 0x52, 0x1f, 0x46, 0xe9, 0x48, 0x02, 0x8a,
0xa4, 0x43, 0xaf, 0x9e, 0xbd, 0x8b, 0x7c, 0x6b,
0xaf, 0x95, 0x80, 0x67, 0xab, 0x0d, 0x4a, 0x8a,
0xc5, 0x30, 0xec, 0xbb, 0x68, 0xcd, 0xfc, 0x3e,
0xb9, 0x30, 0x34, 0xa4, 0x28, 0xeb, 0x7e, 0x8f,
0x6a, 0x38, 0x13, 0xce, 0xa6, 0x18, 0x90, 0x68,
0xdf, 0xec, 0xfa, 0x26, 0x8b, 0x7e, 0xcd, 0x59,
0x87, 0xf8, 0xcb, 0x27, 0x32, 0xc6, 0x88, 0x2b,
0xbe, 0xc8, 0xf7, 0x16, 0xba, 0xc2, 0x54, 0xd7,
0x22, 0x69, 0x23, 0x0a, 0xec, 0x5d, 0xc7, 0xf5,
0xa6, 0xb8, 0x66, 0xfd, 0x30, 0x52, 0x42, 0x55,
0x2d, 0x40, 0x0f, 0x5b, 0x04, 0x04, 0xf1, 0x9c,
0xbf, 0xe7, 0x29, 0x1f, 0xab, 0x69, 0x0e, 0xcf,
0xe6, 0x01, 0x8c, 0x43, 0x09, 0xfc, 0x63, 0x9d,
0x1b, 0x65, 0xfc, 0xb6, 0x5e, 0x64, 0x3e, 0xdb,
0x0a, 0xd1, 0xf0, 0x9c, 0xfe, 0x9c, 0xee, 0x4a } /* expected */
}, {
false, /* encrypt */
2, /* key_size_index */
4, /* key_area */
{ 0x41, 0x54, 0xc0, 0xbe, 0x71, 0x07, 0x29, 0x45,
0xd8, 0x15, 0x6f, 0x5f, 0x04, 0x6d, 0x19, 0x8d }, /* mdata */
16, /* mdata_len */
{ 0x8b, 0x2b, 0x1b, 0x22, 0xf7, 0x33, 0xac, 0x09,
0xd1, 0x19, 0x6d, 0x6b, 0xe6, 0xa8, 0x7a, 0x72 } /* expected */
}, {
false, /* encrypt */
2, /* key_size_index */
6, /* key_area */
{ 0x2c, 0x48, 0x7f, 0xa9, 0x6f, 0x40, 0x90, 0xc5,
0x6a, 0xa1, 0xb5, 0xbe, 0x81, 0x91, 0x8a, 0x93,
0x4c, 0x94, 0x92, 0x87, 0x8f, 0xb0, 0xcd, 0x68,
0x6d, 0xcf, 0x8d, 0x17, 0xd8, 0x64, 0x85, 0x45,
0x4c, 0x51, 0x23, 0x7b, 0xbd, 0x09, 0x20, 0x5d,
0xce, 0xf1, 0x55, 0x2f, 0x43, 0x0d, 0xd0, 0x98,
0xb9, 0xd8, 0x27, 0xa6, 0x94, 0x73, 0x0c, 0x13,
0x3a, 0x02, 0x22, 0xc7, 0x7f, 0x54, 0x0f, 0x9d,
0x5f, 0xc2, 0xd3, 0x6a, 0xf3, 0x59, 0x58, 0x3c,
0x9e, 0x3b, 0x49, 0xdf, 0x88, 0x42, 0x28, 0xa6,
0x4d, 0xe7, 0x9b, 0x67, 0xf6, 0x62, 0x07, 0xc8,
0x28, 0x13, 0x60, 0xb9, 0x9b, 0x21, 0x40, 0x42,
0xce, 0x61, 0x36, 0x7f, 0xf9, 0x79, 0x60, 0xe9,
0x44, 0x45, 0x3c, 0xd6, 0x36, 0x79, 0xbb, 0x44,
0x70, 0x88, 0x97, 0xd2, 0x9b, 0xc5, 0xe7, 0x0f,
0x9f, 0xc8, 0xf1, 0xf7, 0x15, 0x14, 0x3f, 0xbb,
0x00, 0xf7, 0xf5, 0xc1, 0xb7, 0xb1, 0x61, 0xec,
0x26, 0xd8, 0xd4, 0x1d, 0x36, 0xfa, 0xb0, 0xfa,
0x8a, 0x85, 0xc3, 0xee, 0x6c, 0xe4, 0xd3, 0x70,
0x07, 0xeb, 0x7a, 0x89, 0xd6, 0x75, 0x35, 0x90 }, /* mdata */
160, /* mdata_len */
{ 0x31, 0xfd, 0x5a, 0x30, 0x7e, 0x27, 0x9b, 0x2f,
0x34, 0x58, 0x1e, 0x2c, 0x43, 0x23, 0x79, 0xdf,
0x8e, 0xcc, 0xba, 0xf7, 0x95, 0x32, 0x93, 0x89,
0x16, 0x71, 0x1c, 0xd3, 0x77, 0x54, 0x0b, 0x90,
0x45, 0x37, 0x3e, 0x47, 0xf2, 0x21, 0x4b, 0x8f,
0x87, 0x60, 0x40, 0xaf, 0x73, 0x3f, 0x6c, 0x9d,
0x8f, 0x03, 0xa7, 0xc5, 0x8f, 0x87, 0x14, 0xd2,
0xfb, 0xb4, 0xc1, 0x4a, 0xf5, 0x9c, 0x75, 0xb4,
0x83, 0xad, 0xc7, 0x18, 0x94, 0x6e, 0xe9, 0x07,
0xa1, 0x82, 0x86, 0xcc, 0x4e, 0xfd, 0x20, 0x67,
0x89, 0x06, 0x4b, 0x6f, 0x1b, 0x19, 0x5f, 0x0d,
0x0d, 0x23, 0x44, 0x68, 0xe4, 0xf0, 0x0e, 0x6f,
0x1c, 0xad, 0x5c, 0xd3, 0xb9, 0xc0, 0xa6, 0x43,
0xb3, 0xc0, 0xdd, 0x09, 0x28, 0x0f, 0xf2, 0xe2,
0xa5, 0x92, 0x91, 0x83, 0x40, 0x93, 0x84, 0xdd,
0x72, 0xdc, 0x94, 0xe3, 0x96, 0x87, 0xea, 0x2b,
0x62, 0x3d, 0x5d, 0x77, 0x67, 0x00, 0xbd, 0x8b,
0x36, 0xe6, 0x13, 0x0f, 0xfd, 0xe9, 0x66, 0xf1,
0x34, 0xc4, 0xb1, 0xf3, 0x5f, 0x29, 0xc5, 0xcc,
0x4a, 0x03, 0x29, 0x7e, 0x1c, 0xcc, 0x95, 0x39 } /* expected */
}
};
static uint8_t mdata[MDATA_MAX_LEN];
static int i;
static uint8_t key_size_index = -1, ret;
static int8_t res;
static rtimer_clock_t time, time2, total_time;
PROCESS_BEGIN();
puts("-----------------------------------------\n"
"Initializing cryptoprocessor...");
crypto_init();
for(i = 0; i < sizeof(vectors) / sizeof(vectors[0]); i++) {
if(key_size_index != vectors[i].key_size_index) {
key_size_index = vectors[i].key_size_index;
printf("-----------------------------------------\n"
"Filling %d-bit key store...\n", 128 + (key_size_index << 6));
time = RTIMER_NOW();
ret = aes_load_keys(keys[key_size_index].keys,
keys[key_size_index].key_size, keys[key_size_index].count, 0);
time = RTIMER_NOW() - time;
printf("aes_load_keys(): %s, %lu us\n", str_res[ret],
(uint32_t)((uint64_t)time * 1000000 / RTIMER_SECOND));
PROCESS_PAUSE();
if(ret != CRYPTO_SUCCESS) {
break;
}
}
printf("-----------------------------------------\n"
"Test vector #%d: %s\n"
"key_area=%d mdata_len=%d\n",
i, vectors[i].encrypt ? "encrypt" : "decrypt",
vectors[i].key_area, vectors[i].mdata_len);
/* mdata has to be in SRAM. */
rom_util_memcpy(mdata, vectors[i].mdata, vectors[i].mdata_len);
time = RTIMER_NOW();
ret = ecb_crypt_start(vectors[i].encrypt, vectors[i].key_area, mdata, mdata,
vectors[i].mdata_len, &ecb_test_process);
time2 = RTIMER_NOW();
time = time2 - time;
total_time = time;
if(ret == CRYPTO_SUCCESS) {
PROCESS_WAIT_EVENT_UNTIL((res = ecb_crypt_check_status()) !=
CRYPTO_PENDING);
time2 = RTIMER_NOW() - time2;
total_time += time2;
}
printf("ecb_crypt_start(): %s, %lu us\n", str_res[ret],
(uint32_t)((uint64_t)time * 1000000 / RTIMER_SECOND));
if(ret != CRYPTO_SUCCESS) {
PROCESS_PAUSE();
continue;
}
printf("ecb_crypt_check_status() wait: %s, %lu us\n", str_res[res],
(uint32_t)((uint64_t)time2 * 1000000 / RTIMER_SECOND));
PROCESS_PAUSE();
if(res != CRYPTO_SUCCESS) {
continue;
}
if(rom_util_memcmp(mdata, vectors[i].expected, vectors[i].mdata_len)) {
puts("Output message does not match expected one");
} else {
puts("Output message OK");
}
printf("Total duration: %lu us\n",
(uint32_t)((uint64_t)total_time * 1000000 / RTIMER_SECOND));
}
puts("-----------------------------------------\n"
"Disabling cryptoprocessor...");
crypto_disable();
puts("Done!");
PROCESS_END();
}
/*---------------------------------------------------------------------------*/
/**
* @}
* @}
*/

View File

@ -26,7 +26,7 @@ include $(CONTIKI_CPU)/Makefile.cc2538
MODULES += core/net core/net/mac \
core/net/mac/contikimac \
core/net/llsec
core/net/llsec core/net/llsec/noncoresec
PYTHON = python
BSL_FLAGS += -e -w -v

View File

@ -30,7 +30,7 @@ In terms of hardware support, the following drivers have been implemented:
* General-Purpose Timers. NB: GPT0 is in use by the platform code, the remaining GPTs are available for application development.
* ADC
* PWM
* Cryptoprocessor (AES-CCM-256, SHA-256)
* Cryptoprocessor (AES-ECB/CCM-128/192/256, SHA-256)
* Public Key Accelerator (ECDH, ECDSA)
* Flash-based port of Coffee
* SmartRF06 EB and BB peripherals

View File

@ -500,6 +500,24 @@ typedef uint32_t rtimer_clock_t;
#endif /* NETSTACK_CONF_WITH_IPV6 */
/** @} */
/*---------------------------------------------------------------------------*/
/**
* \name Security
*
* @{
*/
#ifndef CRYPTO_CONF_INIT
#define CRYPTO_CONF_INIT 1 /**< Whether to init cryptoprocessor */
#endif
#ifndef AES_128_CONF
#define AES_128_CONF cc2538_aes_128_driver /**< AES-128 driver */
#endif
#ifndef CCM_STAR_CONF
#define CCM_STAR_CONF cc2538_ccm_star_driver /**< AES-CCM* driver */
#endif
/** @} */
/*---------------------------------------------------------------------------*/
#endif /* CONTIKI_CONF_H_ */

View File

@ -56,6 +56,7 @@
#include "dev/slip.h"
#include "dev/cc2538-rf.h"
#include "dev/udma.h"
#include "dev/crypto.h"
#include "usb/usb-serial.h"
#include "lib/random.h"
#include "net/netstack.h"
@ -201,6 +202,12 @@ main(void)
ctimer_init();
set_rf_params();
#if CRYPTO_CONF_INIT
crypto_init();
crypto_disable();
#endif
netstack_init();
#if NETSTACK_CONF_WITH_IPV6

View File

@ -45,7 +45,7 @@ include $(CONTIKI_CPU)/Makefile.cc2538
MODULES += core/net core/net/mac \
core/net/mac/contikimac \
core/net/llsec dev/cc1200
core/net/llsec core/net/llsec/noncoresec dev/cc1200
BSL = $(CONTIKI)/tools/cc2538-bsl/cc2538-bsl.py

View File

@ -51,7 +51,7 @@ In terms of hardware support, the following drivers have been implemented for th
* Low Power Modes
* General-Purpose Timers. NB: GPT0 is in use by the platform code, the remaining GPTs are available for application development.
* ADC
* Cryptoprocessor (AES-CCM-256, SHA-256)
* Cryptoprocessor (AES-ECB/CCM-128/192/256, SHA-256)
* Public Key Accelerator (ECDH, ECDSA)
* Flash-based port of Coffee
* PWM

View File

@ -568,6 +568,24 @@ typedef uint32_t rtimer_clock_t;
#endif /* NETSTACK_CONF_WITH_IPV6 */
/** @} */
/*---------------------------------------------------------------------------*/
/**
* \name Security
*
* @{
*/
#ifndef CRYPTO_CONF_INIT
#define CRYPTO_CONF_INIT 1 /**< Whether to init cryptoprocessor */
#endif
#ifndef AES_128_CONF
#define AES_128_CONF cc2538_aes_128_driver /**< AES-128 driver */
#endif
#ifndef CCM_STAR_CONF
#define CCM_STAR_CONF cc2538_ccm_star_driver /**< AES-CCM* driver */
#endif
/** @} */
/*---------------------------------------------------------------------------*/
#endif /* CONTIKI_CONF_H_ */

View File

@ -57,6 +57,7 @@
#include "dev/slip.h"
#include "dev/cc2538-rf.h"
#include "dev/udma.h"
#include "dev/crypto.h"
#include "usb/usb-serial.h"
#include "lib/random.h"
#include "net/netstack.h"
@ -195,6 +196,11 @@ main(void)
board_init();
#if CRYPTO_CONF_INIT
crypto_init();
crypto_disable();
#endif
netstack_init();
set_rf_params();