From 24cb05059aa2848685a8c626faf8d902c772d8dc Mon Sep 17 00:00:00 2001 From: kkrentz Date: Wed, 21 Oct 2015 01:18:04 -0700 Subject: [PATCH] CC2538: Add AES-128 driver --- cpu/cc2538/Makefile.cc2538 | 1 + cpu/cc2538/dev/cc2538-aes-128.c | 119 ++++++++++++++++++++++++++++ cpu/cc2538/dev/cc2538-aes-128.h | 63 +++++++++++++++ cpu/cc2538/dev/crypto.h | 14 ++++ platform/cc2538dk/Makefile.cc2538dk | 2 +- platform/cc2538dk/contiki-conf.h | 14 ++++ platform/cc2538dk/contiki-main.c | 7 ++ platform/zoul/Makefile.zoul | 2 +- platform/zoul/contiki-conf.h | 14 ++++ platform/zoul/contiki-main.c | 6 ++ 10 files changed, 240 insertions(+), 2 deletions(-) create mode 100644 cpu/cc2538/dev/cc2538-aes-128.c create mode 100644 cpu/cc2538/dev/cc2538-aes-128.h diff --git a/cpu/cc2538/Makefile.cc2538 b/cpu/cc2538/Makefile.cc2538 index 85ef3991a..fe9f3a1de 100644 --- a/cpu/cc2538/Makefile.cc2538 +++ b/cpu/cc2538/Makefile.cc2538 @@ -54,6 +54,7 @@ CONTIKI_CPU_DIRS += ../cc253x/usb/common ../cc253x/usb/common/cdc-acm CONTIKI_CPU_SOURCEFILES += clock.c rtimer-arch.c uart.c watchdog.c CONTIKI_CPU_SOURCEFILES += nvic.c cpu.c sys-ctrl.c gpio.c ioc.c spi.c adc.c CONTIKI_CPU_SOURCEFILES += crypto.c aes.c ecb.c ccm.c sha256.c +CONTIKI_CPU_SOURCEFILES += cc2538-aes-128.c CONTIKI_CPU_SOURCEFILES += cc2538-rf.c udma.c lpm.c CONTIKI_CPU_SOURCEFILES += pka.c bignum-driver.c ecc-driver.c ecc-algorithm.c CONTIKI_CPU_SOURCEFILES += ecc-curve.c diff --git a/cpu/cc2538/dev/cc2538-aes-128.c b/cpu/cc2538/dev/cc2538-aes-128.c new file mode 100644 index 000000000..a1031c2c8 --- /dev/null +++ b/cpu/cc2538/dev/cc2538-aes-128.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2015, Hasso-Plattner-Institut. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file is part of the Contiki operating system. + */ +/** + * \addtogroup cc2538-aes-128 + * @{ + * + * \file + * Implementation of the AES-128 driver for the CC2538 SoC + * \author + * Konrad Krentz + */ +#include "contiki.h" +#include "dev/ecb.h" +#include "dev/cc2538-aes-128.h" + +#include +#include +/*---------------------------------------------------------------------------*/ +#define MODULE_NAME "cc2538-aes-128" + +#define DEBUG 0 +#if DEBUG +#define PRINTF(...) printf(__VA_ARGS__) +#else +#define PRINTF(...) +#endif +/*---------------------------------------------------------------------------*/ +static uint8_t +enable_crypto(void) +{ + uint8_t enabled = CRYPTO_IS_ENABLED(); + if(!enabled) { + crypto_enable(); + } + return enabled; +} +/*---------------------------------------------------------------------------*/ +static void +restore_crypto(uint8_t enabled) +{ + if(!enabled) { + crypto_disable(); + } +} +/*---------------------------------------------------------------------------*/ +static void +set_key(const uint8_t *key) +{ + uint8_t crypto_enabled, ret; + + crypto_enabled = enable_crypto(); + + ret = aes_load_keys(key, AES_KEY_STORE_SIZE_KEY_SIZE_128, 1, + CC2538_AES_128_KEY_AREA); + if(ret != CRYPTO_SUCCESS) { + PRINTF("%s: aes_load_keys() error %u\n", MODULE_NAME, ret); + } + + restore_crypto(crypto_enabled); +} +/*---------------------------------------------------------------------------*/ +static void +encrypt(uint8_t *plaintext_and_result) +{ + uint8_t crypto_enabled, ret; + int8_t res; + + crypto_enabled = enable_crypto(); + + ret = ecb_crypt_start(true, CC2538_AES_128_KEY_AREA, plaintext_and_result, + plaintext_and_result, AES_128_BLOCK_SIZE, NULL); + if(ret != CRYPTO_SUCCESS) { + PRINTF("%s: ecb_crypt_start() error %u\n", MODULE_NAME, ret); + restore_crypto(crypto_enabled); + return; + } + + while((res = ecb_crypt_check_status()) == CRYPTO_PENDING); + if(res != CRYPTO_SUCCESS) { + PRINTF("%s: ecb_crypt_check_status() error %d\n", MODULE_NAME, res); + } + + restore_crypto(crypto_enabled); +} +/*---------------------------------------------------------------------------*/ +const struct aes_128_driver cc2538_aes_128_driver = { + set_key, + encrypt +}; + +/** @} */ diff --git a/cpu/cc2538/dev/cc2538-aes-128.h b/cpu/cc2538/dev/cc2538-aes-128.h new file mode 100644 index 000000000..20615fc55 --- /dev/null +++ b/cpu/cc2538/dev/cc2538-aes-128.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2015, Hasso-Plattner-Institut. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file is part of the Contiki operating system. + */ +/** + * \addtogroup cc2538-aes + * @{ + * + * \defgroup cc2538-aes-128 CC2538 AES-128 + * + * AES-128 driver for the CC2538 SoC + * @{ + * + * \file + * Header file of the AES-128 driver for the CC2538 SoC + * \author + * Konrad Krentz + */ +#ifndef CC2538_AES_128_H_ +#define CC2538_AES_128_H_ + +#include "lib/aes-128.h" +/*---------------------------------------------------------------------------*/ +#ifdef CC2538_AES_128_CONF_KEY_AREA +#define CC2538_AES_128_KEY_AREA CC2538_AES_128_CONF_KEY_AREA +#else +#define CC2538_AES_128_KEY_AREA 0 +#endif +/*---------------------------------------------------------------------------*/ +extern const struct aes_128_driver cc2538_aes_128_driver; + +#endif /* CC2538_AES_128_H_ */ + +/** + * @} + * @} + */ diff --git a/cpu/cc2538/dev/crypto.h b/cpu/cc2538/dev/crypto.h index 54278c551..5d164a400 100644 --- a/cpu/cc2538/dev/crypto.h +++ b/cpu/cc2538/dev/crypto.h @@ -44,6 +44,8 @@ #define CRYPTO_H_ #include "contiki.h" +#include "dev/sys-ctrl.h" +#include "reg.h" /*---------------------------------------------------------------------------*/ /** \name Crypto drivers return codes * @{ @@ -54,6 +56,18 @@ #define CRYPTO_NULL_ERROR 2 #define CRYPTO_RESOURCE_IN_USE 3 #define CRYPTO_DMA_BUS_ERROR 4 +/** @} */ +/*---------------------------------------------------------------------------*/ +/** \name Crypto macros + * @{ + */ + +/** \brief Indicates whether the AES/SHA cryptoprocessor is enabled + * \return Boolean value indicating whether the AES/SHA cryptoprocessor is + * enabled + */ +#define CRYPTO_IS_ENABLED() (!!(REG(SYS_CTRL_RCGCSEC) & SYS_CTRL_RCGCSEC_AES)) + /** @} */ /*---------------------------------------------------------------------------*/ /** \name Crypto functions diff --git a/platform/cc2538dk/Makefile.cc2538dk b/platform/cc2538dk/Makefile.cc2538dk index 4dbeb6d03..c1b7890b8 100644 --- a/platform/cc2538dk/Makefile.cc2538dk +++ b/platform/cc2538dk/Makefile.cc2538dk @@ -26,7 +26,7 @@ include $(CONTIKI_CPU)/Makefile.cc2538 MODULES += core/net core/net/mac \ core/net/mac/contikimac \ - core/net/llsec + core/net/llsec core/net/llsec/noncoresec PYTHON = python BSL_FLAGS += -e -w -v diff --git a/platform/cc2538dk/contiki-conf.h b/platform/cc2538dk/contiki-conf.h index ddc3e3746..1158f0922 100644 --- a/platform/cc2538dk/contiki-conf.h +++ b/platform/cc2538dk/contiki-conf.h @@ -500,6 +500,20 @@ typedef uint32_t rtimer_clock_t; #endif /* NETSTACK_CONF_WITH_IPV6 */ /** @} */ /*---------------------------------------------------------------------------*/ +/** + * \name Security + * + * @{ + */ +#ifndef CRYPTO_CONF_INIT +#define CRYPTO_CONF_INIT 1 /**< Whether to init cryptoprocessor */ +#endif + +#ifndef AES_128_CONF +#define AES_128_CONF cc2538_aes_128_driver /**< AES-128 driver */ +#endif +/** @} */ +/*---------------------------------------------------------------------------*/ #endif /* CONTIKI_CONF_H_ */ diff --git a/platform/cc2538dk/contiki-main.c b/platform/cc2538dk/contiki-main.c index 71de03a10..8d55dc1d0 100644 --- a/platform/cc2538dk/contiki-main.c +++ b/platform/cc2538dk/contiki-main.c @@ -56,6 +56,7 @@ #include "dev/slip.h" #include "dev/cc2538-rf.h" #include "dev/udma.h" +#include "dev/crypto.h" #include "usb/usb-serial.h" #include "lib/random.h" #include "net/netstack.h" @@ -201,6 +202,12 @@ main(void) ctimer_init(); set_rf_params(); + +#if CRYPTO_CONF_INIT + crypto_init(); + crypto_disable(); +#endif + netstack_init(); #if NETSTACK_CONF_WITH_IPV6 diff --git a/platform/zoul/Makefile.zoul b/platform/zoul/Makefile.zoul index fcca4906e..027c1a79b 100644 --- a/platform/zoul/Makefile.zoul +++ b/platform/zoul/Makefile.zoul @@ -45,7 +45,7 @@ include $(CONTIKI_CPU)/Makefile.cc2538 MODULES += core/net core/net/mac \ core/net/mac/contikimac \ - core/net/llsec dev/cc1200 + core/net/llsec core/net/llsec/noncoresec dev/cc1200 BSL = $(CONTIKI)/tools/cc2538-bsl/cc2538-bsl.py diff --git a/platform/zoul/contiki-conf.h b/platform/zoul/contiki-conf.h index 9b2e9df42..034c67157 100644 --- a/platform/zoul/contiki-conf.h +++ b/platform/zoul/contiki-conf.h @@ -568,6 +568,20 @@ typedef uint32_t rtimer_clock_t; #endif /* NETSTACK_CONF_WITH_IPV6 */ /** @} */ /*---------------------------------------------------------------------------*/ +/** + * \name Security + * + * @{ + */ +#ifndef CRYPTO_CONF_INIT +#define CRYPTO_CONF_INIT 1 /**< Whether to init cryptoprocessor */ +#endif + +#ifndef AES_128_CONF +#define AES_128_CONF cc2538_aes_128_driver /**< AES-128 driver */ +#endif +/** @} */ +/*---------------------------------------------------------------------------*/ #endif /* CONTIKI_CONF_H_ */ diff --git a/platform/zoul/contiki-main.c b/platform/zoul/contiki-main.c index 7e22de4da..80ca1ab21 100644 --- a/platform/zoul/contiki-main.c +++ b/platform/zoul/contiki-main.c @@ -57,6 +57,7 @@ #include "dev/slip.h" #include "dev/cc2538-rf.h" #include "dev/udma.h" +#include "dev/crypto.h" #include "usb/usb-serial.h" #include "lib/random.h" #include "net/netstack.h" @@ -195,6 +196,11 @@ main(void) board_init(); +#if CRYPTO_CONF_INIT + crypto_init(); + crypto_disable(); +#endif + netstack_init(); set_rf_params();