b92a5afcc4
Using the AES interrupt allows the user process not to waste time polling for the completion of the operation. This time can be used by the user process to do something else, or to let the system enter PM0. Since the system is now free to perform various operations during a crypto operation, a protection of the crypto resource is added, and PM1+ is prohibited in order not to stall crypto operations. Signed-off-by: Benoît Thébaudeau <benoit.thebaudeau.dev@gmail.com>
356 lines
12 KiB
C
356 lines
12 KiB
C
/*
|
|
* Original file:
|
|
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
|
|
* All rights reserved.
|
|
*
|
|
* Port to Contiki:
|
|
* Copyright (c) 2013, ADVANSEE - http://www.advansee.com/
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* 3. Neither the name of the copyright holder nor the names of its
|
|
* contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
/**
|
|
* \addtogroup cc2538-sha256
|
|
* @{
|
|
*
|
|
* \file
|
|
* Implementation of the cc2538 SHA-256 driver
|
|
*/
|
|
#include "contiki.h"
|
|
#include "sys/cc.h"
|
|
#include "dev/rom-util.h"
|
|
#include "dev/aes.h"
|
|
#include "dev/sha256.h"
|
|
#include "reg.h"
|
|
|
|
#include <stdbool.h>
|
|
#include <stdint.h>
|
|
/*---------------------------------------------------------------------------*/
|
|
#define BLOCK_SIZE 64
|
|
#define OUTPUT_LEN 32
|
|
/*---------------------------------------------------------------------------*/
|
|
/** \brief Starts a new hash session in hardware
|
|
* \param state Hash state
|
|
* \param data Pointer to input message
|
|
* \param hash Destination of the hash (32 bytes)
|
|
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/SHA256 error code
|
|
*/
|
|
static uint8_t
|
|
new_hash(sha256_state_t *state, const void *data, void *hash)
|
|
{
|
|
/* Workaround for AES registers not retained after PM2 */
|
|
REG(AES_CTRL_INT_CFG) = AES_CTRL_INT_CFG_LEVEL;
|
|
REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_DMA_IN_DONE |
|
|
AES_CTRL_INT_EN_RESULT_AV;
|
|
|
|
/* Configure master control module and enable DMA path to the SHA-256 engine
|
|
* + Digest readout */
|
|
REG(AES_CTRL_ALG_SEL) = AES_CTRL_ALG_SEL_TAG | AES_CTRL_ALG_SEL_HASH;
|
|
|
|
/* Clear any outstanding events */
|
|
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_RESULT_AV;
|
|
|
|
/* Configure hash engine
|
|
* Indicate start of a new hash session and SHA-256 */
|
|
REG(AES_HASH_MODE_IN) = AES_HASH_MODE_IN_SHA256_MODE |
|
|
AES_HASH_MODE_IN_NEW_HASH;
|
|
|
|
/* If the final digest is required (pad the input DMA data), write the
|
|
* following register */
|
|
if(state->final_digest) {
|
|
/* Write length of the message (lo) */
|
|
REG(AES_HASH_LENGTH_IN_L) = (uint32_t)state->length;
|
|
/* Write length of the message (hi) */
|
|
REG(AES_HASH_LENGTH_IN_H) = (uint32_t)(state->length >> 32);
|
|
/* Pad the DMA-ed data */
|
|
REG(AES_HASH_IO_BUF_CTRL) = AES_HASH_IO_BUF_CTRL_PAD_DMA_MESSAGE;
|
|
}
|
|
|
|
/* Enable DMA channel 0 for message data */
|
|
REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
|
|
/* Base address of the data in ext. memory */
|
|
REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)data;
|
|
if(state->final_digest) {
|
|
/* Input data length in bytes, equal to the message */
|
|
REG(AES_DMAC_CH0_DMALENGTH) = state->curlen;
|
|
} else {
|
|
REG(AES_DMAC_CH0_DMALENGTH) = BLOCK_SIZE;
|
|
}
|
|
|
|
/* Enable DMA channel 1 for result digest */
|
|
REG(AES_DMAC_CH1_CTRL) = AES_DMAC_CH_CTRL_EN;
|
|
/* Base address of the digest buffer */
|
|
REG(AES_DMAC_CH1_EXTADDR) = (uint32_t)hash;
|
|
/* Length of the result digest */
|
|
REG(AES_DMAC_CH1_DMALENGTH) = OUTPUT_LEN;
|
|
|
|
/* Wait for completion of the operation */
|
|
while(!(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_RESULT_AV));
|
|
|
|
if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
|
|
/* Clear the DMA error */
|
|
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR;
|
|
/* Disable master control / DMA clock */
|
|
REG(AES_CTRL_ALG_SEL) = 0x00000000;
|
|
return CRYPTO_DMA_BUS_ERROR;
|
|
}
|
|
|
|
/* Clear the interrupt */
|
|
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
|
|
AES_CTRL_INT_CLR_RESULT_AV;
|
|
/* Disable master control / DMA clock */
|
|
REG(AES_CTRL_ALG_SEL) = 0x00000000;
|
|
/* Clear mode */
|
|
REG(AES_AES_CTRL) = 0x00000000;
|
|
|
|
return CRYPTO_SUCCESS;
|
|
}
|
|
/*---------------------------------------------------------------------------*/
|
|
/** \brief Resumes an already started hash session in hardware
|
|
* \param state Hash state
|
|
* \param data Pointer to the input message
|
|
* \param hash Pointer to the destination of the hash (32 bytes)
|
|
* \return \c CRYPTO_SUCCESS if successful, or CRYPTO/SHA256 error code
|
|
*/
|
|
static uint8_t
|
|
resume_hash(sha256_state_t *state, const void *data, void *hash)
|
|
{
|
|
/* Workaround for AES registers not retained after PM2 */
|
|
REG(AES_CTRL_INT_CFG) = AES_CTRL_INT_CFG_LEVEL;
|
|
REG(AES_CTRL_INT_EN) = AES_CTRL_INT_EN_DMA_IN_DONE |
|
|
AES_CTRL_INT_EN_RESULT_AV;
|
|
|
|
/* Configure master control module and enable the DMA path to the SHA-256
|
|
* engine */
|
|
REG(AES_CTRL_ALG_SEL) = AES_CTRL_ALG_SEL_HASH;
|
|
|
|
/* Clear any outstanding events */
|
|
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_RESULT_AV;
|
|
|
|
/* Configure hash engine
|
|
* Indicate the start of a resumed hash session and SHA-256 */
|
|
REG(AES_HASH_MODE_IN) = AES_HASH_MODE_IN_SHA256_MODE;
|
|
|
|
/* If the final digest is required (pad the input DMA data) */
|
|
if(state->final_digest) {
|
|
/* Write length of the message (lo) */
|
|
REG(AES_HASH_LENGTH_IN_L) = (uint32_t)state->length;
|
|
/* Write length of the message (hi) */
|
|
REG(AES_HASH_LENGTH_IN_H) = (uint32_t)(state->length >> 32);
|
|
}
|
|
|
|
/* Write the initial digest */
|
|
REG(AES_HASH_DIGEST_A) = (uint32_t)state->state[0];
|
|
REG(AES_HASH_DIGEST_B) = (uint32_t)state->state[1];
|
|
REG(AES_HASH_DIGEST_C) = (uint32_t)state->state[2];
|
|
REG(AES_HASH_DIGEST_D) = (uint32_t)state->state[3];
|
|
REG(AES_HASH_DIGEST_E) = (uint32_t)state->state[4];
|
|
REG(AES_HASH_DIGEST_F) = (uint32_t)state->state[5];
|
|
REG(AES_HASH_DIGEST_G) = (uint32_t)state->state[6];
|
|
REG(AES_HASH_DIGEST_H) = (uint32_t)state->state[7];
|
|
|
|
/* If final digest, pad the DMA-ed data */
|
|
if(state->final_digest) {
|
|
REG(AES_HASH_IO_BUF_CTRL) = AES_HASH_IO_BUF_CTRL_PAD_DMA_MESSAGE;
|
|
}
|
|
|
|
/* Enable DMA channel 0 for message data */
|
|
REG(AES_DMAC_CH0_CTRL) = AES_DMAC_CH_CTRL_EN;
|
|
/* Base address of the data in ext. memory */
|
|
REG(AES_DMAC_CH0_EXTADDR) = (uint32_t)data;
|
|
/* Input data length in bytes, equal to the message */
|
|
if(state->final_digest) {
|
|
REG(AES_DMAC_CH0_DMALENGTH) = state->curlen;
|
|
} else {
|
|
REG(AES_DMAC_CH0_DMALENGTH) = BLOCK_SIZE;
|
|
}
|
|
|
|
/* Wait for completion of the operation */
|
|
while(!(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_RESULT_AV));
|
|
|
|
/* Check for any DMA Bus errors */
|
|
if(REG(AES_CTRL_INT_STAT) & AES_CTRL_INT_STAT_DMA_BUS_ERR) {
|
|
/* Clear the DMA error */
|
|
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_BUS_ERR;
|
|
/* Disable master control / DMA clock */
|
|
REG(AES_CTRL_ALG_SEL) = 0x00000000;
|
|
return CRYPTO_DMA_BUS_ERROR;
|
|
}
|
|
|
|
/* Read digest */
|
|
((uint32_t *)hash)[0] = REG(AES_HASH_DIGEST_A);
|
|
((uint32_t *)hash)[1] = REG(AES_HASH_DIGEST_B);
|
|
((uint32_t *)hash)[2] = REG(AES_HASH_DIGEST_C);
|
|
((uint32_t *)hash)[3] = REG(AES_HASH_DIGEST_D);
|
|
((uint32_t *)hash)[4] = REG(AES_HASH_DIGEST_E);
|
|
((uint32_t *)hash)[5] = REG(AES_HASH_DIGEST_F);
|
|
((uint32_t *)hash)[6] = REG(AES_HASH_DIGEST_G);
|
|
((uint32_t *)hash)[7] = REG(AES_HASH_DIGEST_H);
|
|
|
|
/* Acknowledge reading of the digest */
|
|
REG(AES_HASH_IO_BUF_CTRL) = AES_HASH_IO_BUF_CTRL_OUTPUT_FULL;
|
|
|
|
/* Clear the interrupt */
|
|
REG(AES_CTRL_INT_CLR) = AES_CTRL_INT_CLR_DMA_IN_DONE |
|
|
AES_CTRL_INT_CLR_RESULT_AV;
|
|
/* Disable master control / DMA clock */
|
|
REG(AES_CTRL_ALG_SEL) = 0x00000000;
|
|
/* Clear mode */
|
|
REG(AES_AES_CTRL) = 0x00000000;
|
|
|
|
return CRYPTO_SUCCESS;
|
|
}
|
|
/*---------------------------------------------------------------------------*/
|
|
uint8_t
|
|
sha256_init(sha256_state_t *state)
|
|
{
|
|
if(state == NULL) {
|
|
return CRYPTO_NULL_ERROR;
|
|
}
|
|
|
|
state->curlen = 0;
|
|
state->length = 0;
|
|
state->new_digest = true;
|
|
state->final_digest = false;
|
|
return CRYPTO_SUCCESS;
|
|
}
|
|
/*---------------------------------------------------------------------------*/
|
|
uint8_t
|
|
sha256_process(sha256_state_t *state, const void *data, uint32_t len)
|
|
{
|
|
uint32_t n;
|
|
uint8_t ret;
|
|
|
|
if(state == NULL || data == NULL) {
|
|
return CRYPTO_NULL_ERROR;
|
|
}
|
|
|
|
if(state->curlen > sizeof(state->buf)) {
|
|
return CRYPTO_INVALID_PARAM;
|
|
}
|
|
|
|
if(REG(AES_CTRL_ALG_SEL) != 0x00000000) {
|
|
return CRYPTO_RESOURCE_IN_USE;
|
|
}
|
|
|
|
if(len > 0 && state->new_digest) {
|
|
if(state->curlen == 0 && len > BLOCK_SIZE) {
|
|
rom_util_memcpy(state->buf, data, BLOCK_SIZE);
|
|
ret = new_hash(state, state->buf, state->state);
|
|
if(ret != CRYPTO_SUCCESS) {
|
|
return ret;
|
|
}
|
|
state->new_digest = false;
|
|
state->length += BLOCK_SIZE << 3;
|
|
data += BLOCK_SIZE;
|
|
len -= BLOCK_SIZE;
|
|
} else {
|
|
n = MIN(len, BLOCK_SIZE - state->curlen);
|
|
rom_util_memcpy(&state->buf[state->curlen], data, n);
|
|
state->curlen += n;
|
|
data += n;
|
|
len -= n;
|
|
if(state->curlen == BLOCK_SIZE && len > 0) {
|
|
ret = new_hash(state, state->buf, state->state);
|
|
if(ret != CRYPTO_SUCCESS) {
|
|
return ret;
|
|
}
|
|
state->new_digest = false;
|
|
state->length += BLOCK_SIZE << 3;
|
|
state->curlen = 0;
|
|
}
|
|
}
|
|
}
|
|
|
|
while(len > 0 && !state->new_digest) {
|
|
if(state->curlen == 0 && len > BLOCK_SIZE) {
|
|
rom_util_memcpy(state->buf, data, BLOCK_SIZE);
|
|
ret = resume_hash(state, state->buf, state->state);
|
|
if(ret != CRYPTO_SUCCESS) {
|
|
return ret;
|
|
}
|
|
state->length += BLOCK_SIZE << 3;
|
|
data += BLOCK_SIZE;
|
|
len -= BLOCK_SIZE;
|
|
} else {
|
|
n = MIN(len, BLOCK_SIZE - state->curlen);
|
|
rom_util_memcpy(&state->buf[state->curlen], data, n);
|
|
state->curlen += n;
|
|
data += n;
|
|
len -= n;
|
|
if(state->curlen == BLOCK_SIZE && len > 0) {
|
|
ret = resume_hash(state, state->buf, state->state);
|
|
if(ret != CRYPTO_SUCCESS) {
|
|
return ret;
|
|
}
|
|
state->length += BLOCK_SIZE << 3;
|
|
state->curlen = 0;
|
|
}
|
|
}
|
|
}
|
|
|
|
return CRYPTO_SUCCESS;
|
|
}
|
|
/*---------------------------------------------------------------------------*/
|
|
uint8_t
|
|
sha256_done(sha256_state_t *state, void *hash)
|
|
{
|
|
uint8_t ret;
|
|
|
|
if(state == NULL || hash == NULL) {
|
|
return CRYPTO_NULL_ERROR;
|
|
}
|
|
|
|
if(state->curlen > sizeof(state->buf)) {
|
|
return CRYPTO_INVALID_PARAM;
|
|
}
|
|
|
|
if(REG(AES_CTRL_ALG_SEL) != 0x00000000) {
|
|
return CRYPTO_RESOURCE_IN_USE;
|
|
}
|
|
|
|
/* Increase the length of the message */
|
|
state->length += state->curlen << 3;
|
|
state->final_digest = true;
|
|
if(state->new_digest) {
|
|
ret = new_hash(state, state->buf, hash);
|
|
if(ret != CRYPTO_SUCCESS) {
|
|
return ret;
|
|
}
|
|
} else {
|
|
ret = resume_hash(state, state->buf, hash);
|
|
if(ret != CRYPTO_SUCCESS) {
|
|
return ret;
|
|
}
|
|
}
|
|
state->new_digest = false;
|
|
state->final_digest = false;
|
|
|
|
return CRYPTO_SUCCESS;
|
|
}
|
|
|
|
/** @} */
|