This is an automated email from the ASF dual-hosted git repository. utzig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
commit bd226cd2afb7880a46c1f43202a0a1eeeff35ab0 Author: Fabio Utzig <ut...@apache.org> AuthorDate: Fri Jan 31 06:51:39 2020 -0300 stm32: crypto: make driver obey syscfg HW support Allow disabling of HW support for CBC/CTR. This is a correctness change; nobody should do this in practice unless for testing the SW fallbacks or in the unlikely case that there is a BUG found in one of those encryption/decryption modes. Signed-off-by: Fabio Utzig <ut...@apache.org> --- hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c | 34 ++++++++++++++++++----- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c b/hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c index 38b76b8..dc9652e 100644 --- a/hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c +++ b/hw/drivers/crypto/crypto_stm32/src/crypto_stm32.c @@ -64,9 +64,13 @@ stm32_has_support(struct crypto_dev *crypto, uint8_t op, uint16_t algo, } switch (mode) { - case CRYPTO_MODE_ECB: /* fallthrough */ - case CRYPTO_MODE_CBC: /* fallthrough */ + case CRYPTO_MODE_ECB: +#if MYNEWT_VAL(CRYPTO_HW_AES_CBC) + case CRYPTO_MODE_CBC: +#endif +#if MYNEWT_VAL(CRYPTO_HW_AES_CTR) case CRYPTO_MODE_CTR: +#endif return true; } @@ -82,12 +86,18 @@ stm32_crypto_op(struct crypto_dev *crypto, uint8_t op, uint16_t algo, CRYP_ConfigTypeDef conf; uint32_t sz = 0; uint8_t i; - uint8_t iv_save[AES_BLOCK_LEN]; +#if MYNEWT_VAL(CRYPTO_HW_AES_CTR) unsigned int inc; unsigned int carry; unsigned int v; +#endif +#if MYNEWT_VAL(CRYPTO_HW_AES_CBC) + uint8_t iv_save[AES_BLOCK_LEN]; +#endif uint32_t key32[AES_MAX_KEY_LEN / sizeof(uint32_t)]; +#if (MYNEWT_VAL(CRYPTO_HW_AES_CTR) || MYNEWT_VAL(CRYPTO_HW_AES_CBC)) uint32_t iv32[AES_BLOCK_LEN / sizeof(uint32_t)]; +#endif if (!stm32_has_support(crypto, op, algo, mode, keylen)) { return 0; @@ -106,21 +116,27 @@ stm32_crypto_op(struct crypto_dev *crypto, uint8_t op, uint16_t algo, conf.Algorithm = CRYP_AES_ECB; conf.pInitVect = NULL; break; +#if MYNEWT_VAL(CRYPTO_HW_AES_CBC) case CRYPTO_MODE_CBC: conf.Algorithm = CRYP_AES_CBC; conf.pInitVect = iv32; break; +#endif +#if MYNEWT_VAL(CRYPTO_HW_AES_CTR) case CRYPTO_MODE_CTR: conf.Algorithm = CRYP_AES_CTR; conf.pInitVect = iv32; break; +#endif } +#if (MYNEWT_VAL(CRYPTO_HW_AES_CTR) || MYNEWT_VAL(CRYPTO_HW_AES_CBC)) if (conf.pInitVect != NULL) { for (i = 0; i < AES_BLOCK_LEN / sizeof(uint32_t); i++) { iv32[i] = os_bswap_32(((uint32_t *)iv)[i]); } } +#endif os_mutex_pend(&gmtx, OS_TIMEOUT_NEVER); @@ -134,28 +150,31 @@ stm32_crypto_op(struct crypto_dev *crypto, uint8_t op, uint16_t algo, case CRYPTO_MODE_ECB: if (op == CRYPTO_OP_ENCRYPT) { status = HAL_CRYP_Encrypt(&g_hcryp, (uint32_t *)inbuf, len, - (uint32_t *)outbuf, HAL_MAX_DELAY); + (uint32_t *)outbuf, HAL_MAX_DELAY); } else { status = HAL_CRYP_Decrypt(&g_hcryp, (uint32_t *)inbuf, len, - (uint32_t *)outbuf, HAL_MAX_DELAY); + (uint32_t *)outbuf, HAL_MAX_DELAY); } break; +#if MYNEWT_VAL(CRYPTO_HW_AES_CBC) case CRYPTO_MODE_CBC: if (op == CRYPTO_OP_ENCRYPT) { status = HAL_CRYP_Encrypt(&g_hcryp, (uint32_t *)inbuf, len, - (uint32_t *)outbuf, HAL_MAX_DELAY); + (uint32_t *)outbuf, HAL_MAX_DELAY); if (status == HAL_OK) { memcpy(iv, &outbuf[len-AES_BLOCK_LEN], AES_BLOCK_LEN); } } else { memcpy(iv_save, &inbuf[len-AES_BLOCK_LEN], AES_BLOCK_LEN); status = HAL_CRYP_Decrypt(&g_hcryp, (uint32_t *)inbuf, len, - (uint32_t *)outbuf, HAL_MAX_DELAY); + (uint32_t *)outbuf, HAL_MAX_DELAY); if (status == HAL_OK) { memcpy(iv, iv_save, AES_BLOCK_LEN); } } break; +#endif +#if MYNEWT_VAL(CRYPTO_HW_AES_CTR) case CRYPTO_MODE_CTR: if (op == CRYPTO_OP_ENCRYPT) { status = HAL_CRYP_Encrypt(&g_hcryp, (uint32_t *)inbuf, len, @@ -175,6 +194,7 @@ stm32_crypto_op(struct crypto_dev *crypto, uint8_t op, uint16_t algo, } } break; +#endif default: sz = 0; goto out;