kaspar/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-12-28 07:51:19 +01:00
Code Releases Activity

pkg/tinycrypt: add psa_crypto aes ccm glue code

Browse Source
This commit is contained in:
Lukas-Luger 2025-04-25 14:34:13 +02:00
parent ea04f0b1c4
commit 637a628797
3 changed files with 118 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/tinycrypt/Makefile.include
View File

@ -1,2 +1,9 @@
# Using -isyste instead of -I to avoid warnings about these headers
# Using -isystem instead of -I to avoid warnings about these headers
INCLUDES += -isystem$(PKGDIRBASE)/tinycrypt/lib/include
ifneq (,$(filter psa_tinycrypt_%, $(USEMODULE)))
DIRS += $(RIOTPKG)/tinycrypt/psa_tinycrypt
INCLUDES += -I$(RIOTBASE)/sys/psa_crypto/include
endif
PSEUDOMODULES += psa_tinycrypt_aes_ccm

4
pkg/tinycrypt/psa_tinycrypt/Makefile Normal file
View File

@ -0,0 +1,4 @@
BASE_MODULE := psa_tinycrypt
SUBMODULES := 1
include $(RIOTBASE)/Makefile.base

106
pkg/tinycrypt/psa_tinycrypt/aes_ccm.c Normal file
View File

@ -0,0 +1,106 @@
/*
* Copyright (C) 2025 TU Dresden
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup sys_psa_crypto pkg_tinycrypt
* @{
*
* @brief Glue code translating between PSA Crypto and the tinycrypt APIs
*
* @author Lukas Luger <lukas.luger@mailbox.tu-dresden.de>
*
* @}
*/
#include "psa/crypto.h"
#include "tinycrypt/aes.h"
#include "tinycrypt/ccm_mode.h"
#include <assert.h>
psa_status_t psa_aead_aes_128_ccm_encrypt(const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_length,
uint8_t tag_length, const uint8_t *nonce,
size_t nonce_length, const uint8_t *additional_data,
size_t additional_data_length, const uint8_t *plaintext,
size_t plaintext_length, uint8_t *ciphertext,
size_t ciphertext_size, size_t *ciphertext_length)
{
(void)attributes;
(void)key_buffer_length;
/* This should already have been checked by PSA. */
assert(ciphertext_size >= plaintext_length + tag_length);
int ret;
struct tc_ccm_mode_struct c;
struct tc_aes_key_sched_struct sched;
/* tinycrypt only supports a nonce_length of 13 */
if (nonce_length != 13 || additional_data_length >= TC_CCM_AAD_MAX_BYTES ||
plaintext_length >= TC_CCM_PAYLOAD_MAX_BYTES) {
return PSA_ERROR_NOT_SUPPORTED;
}
tc_aes128_set_encrypt_key(&sched, key_buffer);
ret = tc_ccm_config(&c, &sched, (uint8_t *)nonce, nonce_length, tag_length);
if (ret != 1) {
return PSA_ERROR_GENERIC_ERROR;
}
ret = tc_ccm_generation_encryption(ciphertext, ciphertext_size, additional_data,
additional_data_length, plaintext,
plaintext_length, &c);
if (ret != 1) {
return PSA_ERROR_GENERIC_ERROR;
}
*ciphertext_length = ciphertext_size;
return PSA_SUCCESS;
}
psa_status_t psa_aead_aes_128_ccm_decrypt(const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_length,
uint8_t tag_length, const uint8_t *nonce,
size_t nonce_length, const uint8_t *additional_data,
size_t additional_data_length, const uint8_t *ciphertext,
size_t ciphertext_length, uint8_t *plaintext,
size_t plaintext_size, size_t *plaintext_length)
{
(void)attributes;
(void)key_buffer_length;
/* This should already have been checked by PSA. */
assert(plaintext_size >= ciphertext_length - tag_length);
int ret;
struct tc_ccm_mode_struct c;
struct tc_aes_key_sched_struct sched;
/* tinycrypt only supports a nonce_length of 13 */
if (nonce_length != 13 || additional_data_length >= TC_CCM_AAD_MAX_BYTES ||
ciphertext_length >= TC_CCM_PAYLOAD_MAX_BYTES) {
return PSA_ERROR_NOT_SUPPORTED;
}
tc_aes128_set_decrypt_key(&sched, key_buffer);
ret = tc_ccm_config(&c, &sched, (uint8_t *)nonce, nonce_length, tag_length);
if (ret != 1) {
return PSA_ERROR_GENERIC_ERROR;
}
ret = tc_ccm_decryption_verification(plaintext, plaintext_size, additional_data,
additional_data_length, ciphertext,
ciphertext_length, &c);
if (ret != 1) {
return PSA_ERROR_INVALID_SIGNATURE;
}
*plaintext_length = plaintext_size;
return PSA_SUCCESS;
}