HardwareCrypto.c 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227
  1. /**
  2. * MIT License
  3. *
  4. * Copyright (c) 2018 Infineon Technologies AG
  5. *
  6. * Permission is hereby granted, free of charge, to any person obtaining a copy
  7. * of this software and associated documentation files (the "Software"), to deal
  8. * in the Software without restriction, including without limitation the rights
  9. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10. * copies of the Software, and to permit persons to whom the Software is
  11. * furnished to do so, subject to the following conditions:
  12. *
  13. * The above copyright notice and this permission notice shall be included in all
  14. * copies or substantial portions of the Software.
  15. *
  16. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  19. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  22. * SOFTWARE
  23. *
  24. *
  25. * \file HardwareCrypto.c
  26. *
  27. * \brief This file provides APIs for hardware crypto layer.
  28. *
  29. * \addtogroup grMutualAuth
  30. * @{
  31. *
  32. */
  33. #include "optiga/common/Util.h"
  34. #include "optiga/dtls/HardwareCrypto.h"
  35. #include "optiga/dtls/OcpCommon.h"
  36. #include "optiga/cmd/CommandLib.h"
  37. #ifdef MODULE_ENABLE_DTLS_MUTUAL_AUTH
  38. /**
  39. * Initialises the Hardware Crypto Layer.
  40. *
  41. * \param[in,out] PpsCL Pointer to #sHardwareCrypto_d structure.
  42. * \param[in] PpParam Pointer to the sessionKeyOID to be used for Encryption and Decryption.
  43. *
  44. * \retval #OCP_CL_OK Successful execution
  45. * \retval #OCP_CL_ERROR Failure in execution
  46. *
  47. */
  48. int32_t HWCL_Init(sCL_d* PpsCL, const void* PpParam)
  49. {
  50. int32_t i4Status = (int32_t)OCP_CL_ERROR;
  51. do
  52. {
  53. PpsCL->phCryptoHdl = (sHardwareCrypto_d*)OCP_MALLOC(sizeof(sHardwareCrypto_d));
  54. if(NULL == PpsCL->phCryptoHdl)
  55. {
  56. i4Status = (int32_t)OCP_CL_MALLOC_FAILURE;
  57. break;
  58. }
  59. memset(PpsCL->phCryptoHdl, 0x00, sizeof(sHardwareCrypto_d));
  60. ((sHardwareCrypto_d*)PpsCL->phCryptoHdl)->wSessionKeyOID = *((uint16_t*)PpParam);
  61. i4Status = OCP_CL_OK;
  62. }while(FALSE);
  63. return i4Status;
  64. }
  65. /**
  66. * Encrypts the input plain text using Security chip.
  67. * Under some erroneous conditions, error codes from Command Library can also be returned. <br>
  68. *
  69. * \param[in] PpsCL Pointer to #sHardwareCrypto_d structure.
  70. * \param[in] PpsBlobPlainText Pointer to sbBlob_d containing plain text.
  71. * \param[in,out] PpsBlobCipherText Pointer to sbBlob_d containing cipher text.
  72. * \param[in] PwLen Length of data to be encrypted.
  73. *
  74. * \retval #OCP_CL_OK Successful execution
  75. * \retval #OCP_CL_ERROR Failure in execution
  76. *
  77. */
  78. int32_t HWCL_Encrypt(const sCL_d* PpsCL, const sbBlob_d* PpsBlobPlainText,sbBlob_d* PpsBlobCipherText,uint16_t PwLen)
  79. {
  80. int32_t i4Status = (int32_t)OCP_CL_ERROR;
  81. sProcCryptoData_d sProcCryptoData;
  82. do
  83. {
  84. //Null Check
  85. if((NULL == PpsBlobPlainText)||(NULL == PpsBlobPlainText->prgbStream) ||
  86. (NULL == PpsBlobCipherText)|| (NULL == PpsBlobCipherText->prgbStream) || (NULL == PpsCL))
  87. {
  88. i4Status = (int32_t)OCP_CL_NULL_PARAM;
  89. break;
  90. }
  91. //Length check for input parameters
  92. if(0 == PwLen)
  93. {
  94. i4Status = (int32_t)OCP_CL_ZERO_LEN;
  95. break;
  96. }
  97. //Length check for input parameters
  98. if(PpsBlobPlainText->wLen < (PwLen + OVERHEAD_UPDOWNLINK) ||
  99. (PpsBlobCipherText->wLen < (PwLen + OVERHEAD_ENCDEC_RESPONSE + MAC_LENGTH + EXPLICIT_NOUNCE_LENGTH)))
  100. {
  101. i4Status = (int32_t)OCP_CL_INSUFFICIENT_MEMORY;
  102. break;
  103. }
  104. //Assign the required parameter(s) for the Encrypt Message command
  105. sProcCryptoData.sInData.prgbStream = PpsBlobPlainText->prgbStream;
  106. sProcCryptoData.sInData.wLen = PpsBlobPlainText->wLen;
  107. sProcCryptoData.wInDataLength = PwLen;
  108. sProcCryptoData.wSessionKeyOID = ((sHardwareCrypto_d*)PpsCL->phCryptoHdl)->wSessionKeyOID;
  109. sProcCryptoData.sOutData.prgbBuffer = PpsBlobCipherText->prgbStream;
  110. sProcCryptoData.sOutData.wBufferLength = PpsBlobCipherText->wLen;
  111. //Invoke the encrypt command API from the command library
  112. i4Status = CmdLib_Encrypt(&sProcCryptoData);
  113. if(CMD_LIB_OK != i4Status)
  114. {
  115. break;
  116. }
  117. PpsBlobCipherText->wLen = sProcCryptoData.sOutData.wRespLength;
  118. i4Status = (int32_t)OCP_CL_OK;
  119. }while(FALSE);
  120. return i4Status;
  121. }
  122. /**
  123. * Decrypts the input cipher text using Security chip.
  124. * Under some erroneous conditions, error codes from Command Library can also be returned. <br>
  125. *
  126. * \param[in] PpsCL Pointer to #sHardwareCrypto_d structure.
  127. * \param[in] PpsBlobCipherText Pointer to sbBlob_d containing cipher text.
  128. * \param[in,out] PpsBlobPlainText Pointer to sbBlob_d containing plain text.
  129. * \param[in] PwLen Length of data to be decrypted.
  130. *
  131. * \retval #OCP_CL_OK Successful execution
  132. * \retval #OCP_CL_ERROR Failure in execution
  133. *
  134. */
  135. int32_t HWCL_Decrypt(const sCL_d* PpsCL,const sbBlob_d* PpsBlobCipherText,sbBlob_d* PpsBlobPlainText,uint16_t PwLen)
  136. {
  137. int32_t i4Status = (int32_t)OCP_CL_ERROR;
  138. sProcCryptoData_d sProcCryptoData;
  139. do
  140. {
  141. //Null Check
  142. if((NULL == PpsBlobPlainText)||(NULL == PpsBlobPlainText->prgbStream) ||
  143. (NULL == PpsBlobCipherText)|| (NULL == PpsBlobCipherText->prgbStream) || (NULL == PpsCL))
  144. {
  145. i4Status = (int32_t)OCP_CL_NULL_PARAM;
  146. break;
  147. }
  148. //Length check for input parameters
  149. if(0 == PwLen)
  150. {
  151. i4Status = (int32_t)OCP_CL_ZERO_LEN;
  152. break;
  153. }
  154. //Length check for input parameters
  155. if((PpsBlobPlainText->wLen < (PwLen + OVERHEAD_ENCDEC_RESPONSE - (MAC_LENGTH + EXPLICIT_NOUNCE_LENGTH))) ||
  156. (PpsBlobCipherText->wLen < (PwLen + OVERHEAD_UPDOWNLINK)))
  157. {
  158. i4Status = (int32_t)OCP_CL_INSUFFICIENT_MEMORY;
  159. break;
  160. }
  161. //Assign the required parameter(s) for the Decrypt Message command
  162. sProcCryptoData.sInData.prgbStream = PpsBlobCipherText->prgbStream;
  163. sProcCryptoData.sInData.wLen = PpsBlobCipherText->wLen;
  164. sProcCryptoData.wInDataLength = PwLen;
  165. sProcCryptoData.wSessionKeyOID = ((sHardwareCrypto_d*)PpsCL->phCryptoHdl)->wSessionKeyOID;
  166. sProcCryptoData.sOutData.prgbBuffer = PpsBlobPlainText->prgbStream;
  167. sProcCryptoData.sOutData.wBufferLength = PpsBlobPlainText->wLen;
  168. LOG_TRANSPORTMSG("Encrypted Data sent to OPTIGA",eInfo);
  169. //Invoke the Decrypt command API from the command library
  170. i4Status = CmdLib_Decrypt(&sProcCryptoData);
  171. if(CMD_LIB_OK != i4Status)
  172. {
  173. LOG_TRANSPORTDBVAL(i4Status,eInfo);
  174. break;
  175. }
  176. PpsBlobPlainText->wLen = sProcCryptoData.sOutData.wRespLength;
  177. //To log the decrypted data
  178. LOG_TRANSPORTDBARY("Decrypted Data", sProcCryptoData.sOutData.prgbBuffer, PpsBlobPlainText->wLen, eInfo);
  179. i4Status = (int32_t) OCP_CL_OK;
  180. }while(FALSE);
  181. return i4Status;
  182. }
  183. /**
  184. * Closes the Crypto layer.
  185. *
  186. * \param[in,out] PpsCL Pointer to #sHardwareCrypto_d structure.
  187. *
  188. */
  189. void HWCL_Close(sCL_d* PpsCL)
  190. {
  191. if((NULL != PpsCL) && (NULL != PpsCL->phCryptoHdl))
  192. {
  193. OCP_FREE(PpsCL->phCryptoHdl);
  194. PpsCL->phCryptoHdl = NULL;
  195. }
  196. }
  197. #endif //MODULE_ENABLE_DTLS_MUTUAL_AUTH