Crypto driver support

ChibiOS public support forum for topics related to the Atmel AVR family of micro-controllers.

Moderators: utzig, tfAteba

User avatar
tfAteba
Posts: 510
Joined: Fri Oct 16, 2015 11:03 pm
Location: Chartres, France
Has thanked: 75 times
Been thanked: 44 times

Crypto driver support

Postby tfAteba » Tue Jun 12, 2018 10:33 am

Hello Giovanni,

I'm trying to add a crypto driver for the XMEGA architecture.

For the moment I just want to test the AES algorithm, so I had the idea to disable all the other algorithm in the driver header file (os/hal/ports/AVR:XMEGA/LLD/CRYPv1/hal_crypto_lld.h)

Code: Select all

 30 /*==========================================================================*/
 31 /* Driver constants.                                                        */
 32 /*==========================================================================*/
 33
 34 /**
 35  * @name    Driver capability switches
 36  * @{
 37  */
 38 #define CRY_LLD_SUPPORTS_AES                TRUE
 39 #define CRY_LLD_SUPPORTS_AES_ECB            FALSE
 40 #define CRY_LLD_SUPPORTS_AES_CBC            FALSE
 41 #define CRY_LLD_SUPPORTS_AES_CFB            FALSE
 42 #define CRY_LLD_SUPPORTS_AES_CTR            FALSE
 43 #define CRY_LLD_SUPPORTS_AES_GCM            FALSE
 44 #define CRY_LLD_SUPPORTS_DES                FALSE
 45 #define CRY_LLD_SUPPORTS_DES_ECB            FALSE
 46 #define CRY_LLD_SUPPORTS_DES_CBC            FALSE
 47 #define CRY_LLD_SUPPORTS_SHA1               FALSE
 48 #define CRY_LLD_SUPPORTS_SHA256             FALSE
 49 #define CRY_LLD_SUPPORTS_SHA512             FALSE
 50 #define CRY_LLD_SUPPORTS_HMAC_SHA256        FALSE
 51 #define CRY_LLD_SUPPORTS_HMAC_SHA512        FALSE
 52 #define CRY_LLD_SUPPORTS_TRNG               FALSE



Then I have the following errors:

Code: Select all

Compiling hal.c
In file included from ../../../../os/hal/include/hal.h:136:0,
                 from ../../../../os/hal/src/hal.c:25:
../../../../os/hal/include/hal_crypto.h:345:32: error: unknown type name ‘HMACSHA256Context’
                                HMACSHA256Context *hmacsha256ctxp);
                                ^
../../../../os/hal/include/hal_crypto.h:347:34: error: unknown type name ‘HMACSHA256Context’
                                  HMACSHA256Context *hmacsha256ctxp,
                                  ^
../../../../os/hal/include/hal_crypto.h:351:33: error: unknown type name ‘HMACSHA256Context’
                                 HMACSHA256Context *hmacsha256ctxp,
                                 ^
../../../../os/hal/include/hal_crypto.h:354:32: error: unknown type name ‘HMACSHA512Context’
                                HMACSHA512Context *hmacsha512ctxp);
                                ^
../../../../os/hal/include/hal_crypto.h:356:34: error: unknown type name ‘HMACSHA512Context’
                                  HMACSHA512Context *hmacsha512ctxp,
                                  ^
../../../../os/hal/include/hal_crypto.h:360:33: error: unknown type name ‘HMACSHA512Context’
                                 HMACSHA512Context *hmacsha512ctxp,
                                 ^
../../../../os/common/ports/AVR/compilers/GCC/rules.mk:174: recipe for target 'build/obj/hal.o' failed
make: *** [build/obj/hal.o] Error 1



The same errors also appear in STM32 code if I made the same modification to the STM driver.

I think the hal_crypto must have a conditional compilation to avoid that errors if the driver do not support one or many algorithm.

Can I make change to the code? to resolve this?

What do you think about? Another way to do?

Thanks.
regards,

Theo.

User avatar
Giovanni
Site Admin
Posts: 11080
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 367 times
Been thanked: 306 times
Contact:

Re: Crypto driver support

Postby Giovanni » Tue Jun 12, 2018 10:48 am

Hi,

It is some conditional missing, it is supposed to allow you to disable algorithms. Not very tested because currently there is no implementation, I will implement it for STM32 at some point.

Propose a patch, if it is a totally obvious error then make the change directly.

Giovanni

User avatar
tfAteba
Posts: 510
Joined: Fri Oct 16, 2015 11:03 pm
Location: Chartres, France
Has thanked: 75 times
Been thanked: 44 times

Re: Crypto driver support

Postby tfAteba » Tue Jun 12, 2018 11:42 am

I will make change to the code directly and you will improve or modify if necessary.

Thanks
regards,

Theo.

User avatar
tfAteba
Posts: 510
Joined: Fri Oct 16, 2015 11:03 pm
Location: Chartres, France
Has thanked: 75 times
Been thanked: 44 times

Re: Crypto driver support

Postby tfAteba » Tue Jun 12, 2018 1:03 pm

The correction is done.

I have tested that the STM code is still compiling even if the some algorithm are disable.

Even if those algorithm are not part of the MCU hardware, I think it could be easy to have some macros in halconf.h or another configuration file.

Those macros should then overwrite the macros locate in os/hal/potrs/STM32/LLD/CRYPv1/hal_crypto_lld.h that would then be easy to select in user application the algorithm to use.

I will now insert my crypto driver for the XMEGA family ;)

Thanks.
regards,

Theo.

User avatar
Giovanni
Site Admin
Posts: 11080
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 367 times
Been thanked: 306 times
Contact:

Re: Crypto driver support

Postby Giovanni » Wed Jun 13, 2018 9:27 am

Hi,

I had to make more changes, conditionals were required for all algorithms, not just HMAC. In addition, high level functions are not supposed to have conditionals, those are always present.

I hope to not have introduced problems.

Giovanni

User avatar
tfAteba
Posts: 510
Joined: Fri Oct 16, 2015 11:03 pm
Location: Chartres, France
Has thanked: 75 times
Been thanked: 44 times

Re: Crypto driver support

Postby tfAteba » Wed Jun 13, 2018 10:19 am

Hi,

I will test after your modification and see if any problem have been introduce.

Can we change the prototypes of all functions? In order to add "key" as parameters. I know it will break all the existing demo code but it will be easier for me to implement other algorithms.

Thanks.
regards,

Theo.

User avatar
Giovanni
Site Admin
Posts: 11080
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 367 times
Been thanked: 306 times
Contact:

Re: Crypto driver support

Postby Giovanni » Wed Jun 13, 2018 10:31 am

Sorry no, key cannot be part of the API, there are scenarios where you don't have the key which is stored in a secure vault, you can only use it, not know it.

You nee to use the transient key mechanism if the key is provided by application.

Giovanni

User avatar
tfAteba
Posts: 510
Joined: Fri Oct 16, 2015 11:03 pm
Location: Chartres, France
Has thanked: 75 times
Been thanked: 44 times

Re: Crypto driver support

Postby tfAteba » Wed Jun 13, 2018 10:43 am

Thanks for the answer, I was not aware of that, :) happy to learn how thins works.
regards,

Theo.

User avatar
tfAteba
Posts: 510
Joined: Fri Oct 16, 2015 11:03 pm
Location: Chartres, France
Has thanked: 75 times
Been thanked: 44 times

Re: Crypto driver support

Postby tfAteba » Wed Jun 13, 2018 10:50 am

I have just update my driver according to your modifications.

I had troubles, regarding the two errors code that I have define for Encryption and Decryption.
So I replace them by the new error code 'CRY_ERR_OP_FAILURE' then my application compile as before :) .

Thanks.
regards,

Theo.

User avatar
Giovanni
Site Admin
Posts: 11080
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 367 times
Been thanked: 306 times
Contact:

Re: Crypto driver support

Postby Giovanni » Wed Jun 13, 2018 10:59 am

Yes, it is not necessary to have several error codes. Hash operations do not do encrypt/decrypt so something more generic was needed.

Giovanni


Return to “AVR Support”

Who is online

Users browsing this forum: No registered users and 0 guests