diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32L4/TARGET_NUCLEO_L486RG/mbedtls_device.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32L4/TARGET_NUCLEO_L486RG/mbedtls_device.h new file mode 100644 index 00000000000..7cb737741fa --- /dev/null +++ b/features/mbedtls/targets/TARGET_STM/TARGET_STM32L4/TARGET_NUCLEO_L486RG/mbedtls_device.h @@ -0,0 +1,25 @@ +/* + * mbedtls_device.h + ******************************************************************************* + * Copyright (c) 2017, STMicroelectronics + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +#ifndef MBEDTLS_DEVICE_H +#define MBEDTLS_DEVICE_H + +#define MBEDTLS_AES_ALT + +#endif /* MBEDTLS_DEVICE_H */ diff --git a/features/mbedtls/targets/TARGET_STM/aes_alt.c b/features/mbedtls/targets/TARGET_STM/aes_alt.c index a5a8fa4dce2..8736d7ee474 100644 --- a/features/mbedtls/targets/TARGET_STM/aes_alt.c +++ b/features/mbedtls/targets/TARGET_STM/aes_alt.c @@ -23,22 +23,34 @@ #if defined(MBEDTLS_AES_ALT) +#if defined(TARGET_STM32L486xG) +//the following defines are provided to maintain compatibility between STM32 families +#define __HAL_RCC_CRYP_CLK_ENABLE __HAL_RCC_AES_CLK_ENABLE +#define __HAL_RCC_CRYP_FORCE_RESET __HAL_RCC_AES_FORCE_RESET +#define __HAL_RCC_CRYP_RELEASE_RESET __HAL_RCC_AES_RELEASE_RESET +#define CRYP AES +#endif + static int aes_set_key( mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits ) { - switch( keybits ) - { + switch( keybits ) { case 128: - ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_128B; - memcpy(ctx->aes_key, key, 16); - break; + ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_128B; + memcpy(ctx->aes_key, key, 16); + break; case 192: - ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_192B; - memcpy(ctx->aes_key, key, 24); - break; +#if defined (TARGET_STM32L486xG) + return(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); +#else + ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_192B; + memcpy(ctx->aes_key, key, 24); + break; +#endif + case 256: - ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_256B; - memcpy(ctx->aes_key, key, 32); - break; + ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_256B; + memcpy(ctx->aes_key, key, 32); + break; default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); } @@ -52,6 +64,9 @@ static int aes_set_key( mbedtls_aes_context *ctx, const unsigned char *key, unsi __HAL_RCC_CRYP_CLK_ENABLE(); ctx->hcryp_aes.Init.pKey = ctx->aes_key; +#if defined (TARGET_STM32L486xG) + ctx->hcryp_aes.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; +#endif if (HAL_CRYP_Init(&ctx->hcryp_aes) == HAL_ERROR) return (HAL_ERROR); @@ -62,7 +77,8 @@ static int aes_set_key( mbedtls_aes_context *ctx, const unsigned char *key, unsi } /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { +static void mbedtls_zeroize( void *v, size_t n ) +{ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } @@ -114,14 +130,11 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, /* allow multi-instance of CRYP use: restore context for CRYP hw module */ ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr; - if(mode == MBEDTLS_AES_DECRYPT) /* AES decryption */ - { + if(mode == MBEDTLS_AES_DECRYPT) { /* AES decryption */ ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; ctx->hcryp_aes.Init.pKey = ctx->aes_key; mbedtls_aes_decrypt( ctx, input, output ); - } - else /* AES encryption */ - { + } else { /* AES encryption */ ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; ctx->hcryp_aes.Init.pKey = ctx->aes_key; mbedtls_aes_encrypt( ctx, input, output ); @@ -133,6 +146,31 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, } #if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined (TARGET_STM32L486xG) +static int st_hal_cryp_cbc( mbedtls_aes_context *ctx, uint32_t opmode, size_t length, + unsigned char iv[16], uint8_t *input, uint8_t *output) +{ + int status = 0; + ctx->hcryp_aes.Init.pInitVect = &iv[0]; // used in process, not in the init + if ((ctx->hcryp_aes.Init.OperatingMode != opmode) || \ + (ctx->hcryp_aes.Init.ChainingMode != CRYP_CHAINMODE_AES_CBC) || \ + (ctx->hcryp_aes.Init.KeyWriteFlag != CRYP_KEY_WRITE_ENABLE)) { + + /* Re-initialize AES IP with proper parameters */ + if (HAL_CRYP_DeInit(&ctx->hcryp_aes) != HAL_OK) + return HAL_ERROR; + ctx->hcryp_aes.Init.OperatingMode = opmode; + ctx->hcryp_aes.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; + ctx->hcryp_aes.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE; + if (HAL_CRYP_Init(&ctx->hcryp_aes) != HAL_OK) + return HAL_ERROR; + } + + status = HAL_CRYPEx_AES(&ctx->hcryp_aes, input, length, output, 10); + + return status; +} +#endif /* TARGET_STM32L486xG */ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, int mode, @@ -141,22 +179,24 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, const unsigned char *input, unsigned char *output ) { - int status=0; + int status = 0; if( length % 16 ) return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); - - if( mode == MBEDTLS_AES_DECRYPT ) - { - ctx->hcryp_aes.Init.pInitVect = &iv[0]; // used in process, not in the init - - status = HAL_CRYP_AESCBC_Decrypt(&ctx->hcryp_aes, (uint8_t *)input, length, (uint8_t *)output, 10); +#if defined (TARGET_STM32L486xG) + if( mode == MBEDTLS_AES_DECRYPT ) { + status = st_hal_cryp_cbc(ctx, CRYP_ALGOMODE_KEYDERIVATION_DECRYPT, length, iv, (uint8_t *)input, (uint8_t *)output); + } else { + status = st_hal_cryp_cbc(ctx, CRYP_ALGOMODE_ENCRYPT, length, iv, (uint8_t *)input, (uint8_t *)output); } - else - { - ctx->hcryp_aes.Init.pInitVect = &iv[0]; // used in process, not in the init - +#else + ctx->hcryp_aes.Init.pInitVect = &iv[0]; + + if( mode == MBEDTLS_AES_DECRYPT ) { + status = HAL_CRYP_AESCBC_Decrypt(&ctx->hcryp_aes, (uint8_t *)input, length, (uint8_t *)output, 10); + } else { status = HAL_CRYP_AESCBC_Encrypt(&ctx->hcryp_aes, (uint8_t *)input, length, (uint8_t *)output, 10); } +#endif return( status ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -173,10 +213,8 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, int c; size_t n = *iv_off; - if( mode == MBEDTLS_AES_DECRYPT ) - { - while( length-- ) - { + if( mode == MBEDTLS_AES_DECRYPT ) { + while( length-- ) { if( n == 0 ) mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); @@ -186,11 +224,8 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, n = ( n + 1 ) & 0x0F; } - } - else - { - while( length-- ) - { + } else { + while( length-- ) { if( n == 0 ) mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); @@ -216,8 +251,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, unsigned char c; unsigned char ov[17]; - while( length-- ) - { + while( length-- ) { memcpy( ov, iv, 16 ); mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); diff --git a/targets/targets.json b/targets/targets.json index 1b6ef220ea5..0eb73c4ef87 100644 --- a/targets/targets.json +++ b/targets/targets.json @@ -1109,7 +1109,7 @@ "core": "Cortex-M4F", "extra_labels_add": ["STM32L4", "STM32L486RG", "STM32L486xG"], "detect_code": ["0827"], - "macros_add": ["USBHOST_OTHER"], + "macros_add": ["USBHOST_OTHER", "MBEDTLS_CONFIG_HW_SUPPORT"], "device_has_add": ["ANALOGOUT", "CAN", "LOWPOWERTIMER", "SERIAL_ASYNCH", "SERIAL_FC", "TRNG", "FLASH"], "release_versions": ["2", "5"], "device_name": "STM32L486RG"