From 27dd5dbe9c34dbd9c8f206c364712280c989a19a Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 13:47:29 +0100 Subject: [PATCH 01/11] Added basic cbc encryption support --- hal/src/aes.rs | 62 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index c1c019f69f..22fe561f58 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -777,6 +777,66 @@ impl Aes { Ok(()) } + + /// Encrypt using the Cipher block chaining (CBC) algorithm. + /// + /// # Panics + /// + /// * Key is not 128-bits long `[u32; 4]` or 256-bits long `[u32; 8]`. + /// + /// # Example + /// TODO CHANGE + /// ```no_run + /// use stm32wlxx_hal::{aes::Aes, pac}; + /// + /// let mut dp: pac::Peripherals = pac::Peripherals::take().unwrap(); + /// let mut aes: Aes = Aes::new(dp.AES, &mut dp.RCC); + /// + /// const KEY: [u32; 4] = [0; 4]; + /// const IV: [u32, 4] = [0; 4]; + /// + /// let plaintext: [u32; 4] = [0xf34481ec, 0x3cc627ba, 0xcd5dc3fb, 0x08f273e6]; + /// let mut ciphertext: [u32; 4] = [0; 4]; + /// aes.(encrypt_cbc(&KEY, &IV, &plaintext, &mut ciphertext)?; + /// # Ok::<(), stm32wlxx_hal::aes::Error>(()) + /// ``` + pub fn encrypt_cbc( + &mut self, + key: &[u32], + iv: &[u32; 4], + plaintext: &[u32; 4], + ciphertext: &mut [u32; 4], + ) -> Result<(), Error> { + const ALGO: Algorithm = Algorithm::Cbc; + const CHMOD2: bool = ALGO.chmod2(); + const CHMOD10: u8 = ALGO.chmod10(); + const MODE: u8 = Mode::Encryption.bits(); + + let keysize: KeySize = self.set_key(key); + + self.aes.cr.write(|w| { + w.en().enabled(); + w.datatype().variant(self.swap_mode); + w.mode().bits(MODE); + w.chmod2().bit(CHMOD2); + w.chmod().bits(CHMOD10); + w.ccfc().clear(); + w.errc().clear(); + w.ccfie().disabled(); + w.errie().disabled(); + w.dmainen().disabled(); + w.dmaouten().disabled(); + w.gcmph().bits(0); // do not care for ECB + w.keysize().variant(keysize); + w.npblb().bits(0) // no padding + }); + + self.set_din(plaintext); + self.poll_completion()?; + self.dout(ciphertext); + Ok(()) + } + /// Encrypt using the Galois counter mode (GCM) algorithm in-place. /// /// # Panics @@ -913,7 +973,7 @@ impl Aes { w.errie().disabled(); w.dmainen().disabled(); w.dmaouten().disabled(); - w.gcmph().bits(0); // do not care for ECB + w.gcmph().bits(0); // do not care for CBC w.keysize().variant(keysize); w.npblb().bits(0) // no padding }); From b2cb79b1a88e66dbe7e0c8f9f2c0822eea02df5a Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 13:59:41 +0100 Subject: [PATCH 02/11] fixed example --- hal/src/aes.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index 22fe561f58..5e7a78a744 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -785,7 +785,7 @@ impl Aes { /// * Key is not 128-bits long `[u32; 4]` or 256-bits long `[u32; 8]`. /// /// # Example - /// TODO CHANGE + /// /// ```no_run /// use stm32wlxx_hal::{aes::Aes, pac}; /// @@ -797,7 +797,7 @@ impl Aes { /// /// let plaintext: [u32; 4] = [0xf34481ec, 0x3cc627ba, 0xcd5dc3fb, 0x08f273e6]; /// let mut ciphertext: [u32; 4] = [0; 4]; - /// aes.(encrypt_cbc(&KEY, &IV, &plaintext, &mut ciphertext)?; + /// aes.encrypt_cbc(&KEY, &IV, &plaintext, &mut ciphertext)?; /// # Ok::<(), stm32wlxx_hal::aes::Error>(()) /// ``` pub fn encrypt_cbc( From bfcb7904ea8d14505e07ad9d0154d457a5bf79ad Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 14:01:44 +0100 Subject: [PATCH 03/11] Reverted wrong code comment --- hal/src/aes.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index 5e7a78a744..4f8e86551f 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -826,7 +826,7 @@ impl Aes { w.errie().disabled(); w.dmainen().disabled(); w.dmaouten().disabled(); - w.gcmph().bits(0); // do not care for ECB + w.gcmph().bits(0); // do not care for CBC w.keysize().variant(keysize); w.npblb().bits(0) // no padding }); @@ -973,7 +973,7 @@ impl Aes { w.errie().disabled(); w.dmainen().disabled(); w.dmaouten().disabled(); - w.gcmph().bits(0); // do not care for CBC + w.gcmph().bits(0); // do not care for ECB w.keysize().variant(keysize); w.npblb().bits(0) // no padding }); From 3c82082ff9e611720afbabd04c138c1d6337dfaf Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 14:16:14 +0100 Subject: [PATCH 04/11] Added support for specifing IVs other than 0 --- hal/src/aes.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index 4f8e86551f..5ef9e55aed 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -814,6 +814,11 @@ impl Aes { let keysize: KeySize = self.set_key(key); + self.aes.ivr0.write(|w| w.ivi().bits(iv[3])); + self.aes.ivr1.write(|w| w.ivi().bits(iv[2])); + self.aes.ivr2.write(|w| w.ivi().bits(iv[1])); + self.aes.ivr3.write(|w| w.ivi().bits(iv[0])); + self.aes.cr.write(|w| { w.en().enabled(); w.datatype().variant(self.swap_mode); @@ -833,7 +838,7 @@ impl Aes { self.set_din(plaintext); self.poll_completion()?; - self.dout(ciphertext); + self.dout(ciphertext); Ok(()) } From 4425650850b307263e27c384b4367439f873091e Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 14:19:32 +0100 Subject: [PATCH 05/11] Fixed typo in example --- hal/src/aes.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index 5ef9e55aed..d6cf9be88c 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -793,7 +793,7 @@ impl Aes { /// let mut aes: Aes = Aes::new(dp.AES, &mut dp.RCC); /// /// const KEY: [u32; 4] = [0; 4]; - /// const IV: [u32, 4] = [0; 4]; + /// const IV: [u32; 4] = [0; 4]; /// /// let plaintext: [u32; 4] = [0xf34481ec, 0x3cc627ba, 0xcd5dc3fb, 0x08f273e6]; /// let mut ciphertext: [u32; 4] = [0; 4]; From 6559d1a8b7f7fa19dbd658d941cc430fc201875f Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 14:22:17 +0100 Subject: [PATCH 06/11] ran cargo fmt --- hal/src/aes.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index d6cf9be88c..0f2fbb1815 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -777,7 +777,6 @@ impl Aes { Ok(()) } - /// Encrypt using the Cipher block chaining (CBC) algorithm. /// /// # Panics @@ -785,7 +784,7 @@ impl Aes { /// * Key is not 128-bits long `[u32; 4]` or 256-bits long `[u32; 8]`. /// /// # Example - /// + /// /// ```no_run /// use stm32wlxx_hal::{aes::Aes, pac}; /// @@ -838,7 +837,7 @@ impl Aes { self.set_din(plaintext); self.poll_completion()?; - self.dout(ciphertext); + self.dout(ciphertext); Ok(()) } From 31639e512cd33a4b042e1f3f35bdeaaf2e8adfd3 Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 14:34:41 +0100 Subject: [PATCH 07/11] Testing iv reordered --- hal/src/aes.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index 0f2fbb1815..5c6b95d73d 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -813,10 +813,10 @@ impl Aes { let keysize: KeySize = self.set_key(key); - self.aes.ivr0.write(|w| w.ivi().bits(iv[3])); - self.aes.ivr1.write(|w| w.ivi().bits(iv[2])); - self.aes.ivr2.write(|w| w.ivi().bits(iv[1])); - self.aes.ivr3.write(|w| w.ivi().bits(iv[0])); + self.aes.ivr0.write(|w| w.ivi().bits(iv[0])); + self.aes.ivr1.write(|w| w.ivi().bits(iv[1])); + self.aes.ivr2.write(|w| w.ivi().bits(iv[2])); + self.aes.ivr3.write(|w| w.ivi().bits(iv[3])); self.aes.cr.write(|w| { w.en().enabled(); From cd565b5650e02fc9e69480fbd8bb413cca1eb186 Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 14:43:26 +0100 Subject: [PATCH 08/11] Revert "Testing iv reordered" This reverts commit 31639e512cd33a4b042e1f3f35bdeaaf2e8adfd3. --- hal/src/aes.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index 5c6b95d73d..0f2fbb1815 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -813,10 +813,10 @@ impl Aes { let keysize: KeySize = self.set_key(key); - self.aes.ivr0.write(|w| w.ivi().bits(iv[0])); - self.aes.ivr1.write(|w| w.ivi().bits(iv[1])); - self.aes.ivr2.write(|w| w.ivi().bits(iv[2])); - self.aes.ivr3.write(|w| w.ivi().bits(iv[3])); + self.aes.ivr0.write(|w| w.ivi().bits(iv[3])); + self.aes.ivr1.write(|w| w.ivi().bits(iv[2])); + self.aes.ivr2.write(|w| w.ivi().bits(iv[1])); + self.aes.ivr3.write(|w| w.ivi().bits(iv[0])); self.aes.cr.write(|w| { w.en().enabled(); From ad06083ddcecea6373061561a98645546bc2fbfb Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 14:43:43 +0100 Subject: [PATCH 09/11] Revert "Added support for specifing IVs other than 0" This reverts commit 3c82082ff9e611720afbabd04c138c1d6337dfaf. --- hal/src/aes.rs | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index 0f2fbb1815..bf5701a69b 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -813,11 +813,6 @@ impl Aes { let keysize: KeySize = self.set_key(key); - self.aes.ivr0.write(|w| w.ivi().bits(iv[3])); - self.aes.ivr1.write(|w| w.ivi().bits(iv[2])); - self.aes.ivr2.write(|w| w.ivi().bits(iv[1])); - self.aes.ivr3.write(|w| w.ivi().bits(iv[0])); - self.aes.cr.write(|w| { w.en().enabled(); w.datatype().variant(self.swap_mode); From be0ac18fe4c6d0c3f61031b55c87e98930276c35 Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 14:44:28 +0100 Subject: [PATCH 10/11] Added hint that iv is currently always 0 --- hal/src/aes.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index bf5701a69b..d13c016e6c 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -792,7 +792,7 @@ impl Aes { /// let mut aes: Aes = Aes::new(dp.AES, &mut dp.RCC); /// /// const KEY: [u32; 4] = [0; 4]; - /// const IV: [u32; 4] = [0; 4]; + /// const IV: [u32; 4] = [0; 4]; //currently not used /// /// let plaintext: [u32; 4] = [0xf34481ec, 0x3cc627ba, 0xcd5dc3fb, 0x08f273e6]; /// let mut ciphertext: [u32; 4] = [0; 4]; @@ -802,7 +802,7 @@ impl Aes { pub fn encrypt_cbc( &mut self, key: &[u32], - iv: &[u32; 4], + _iv: &[u32; 4], plaintext: &[u32; 4], ciphertext: &mut [u32; 4], ) -> Result<(), Error> { From ecd3e9174f06573c5866ec185c891b789b2a8143 Mon Sep 17 00:00:00 2001 From: Jakob Gerstmayer Date: Sat, 31 Dec 2022 15:13:24 +0100 Subject: [PATCH 11/11] modified encrypt cbc to take more than one block --- hal/src/aes.rs | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/hal/src/aes.rs b/hal/src/aes.rs index d13c016e6c..241ba20e96 100644 --- a/hal/src/aes.rs +++ b/hal/src/aes.rs @@ -803,8 +803,8 @@ impl Aes { &mut self, key: &[u32], _iv: &[u32; 4], - plaintext: &[u32; 4], - ciphertext: &mut [u32; 4], + plaintext: &[u32], + ciphertext: &mut [u32], ) -> Result<(), Error> { const ALGO: Algorithm = Algorithm::Cbc; const CHMOD2: bool = ALGO.chmod2(); @@ -830,9 +830,36 @@ impl Aes { w.npblb().bits(0) // no padding }); - self.set_din(plaintext); - self.poll_completion()?; - self.dout(ciphertext); + if plaintext.len() != ciphertext.len() { + panic!("Plaintext and Ciphertext fields need to have the same length!") + } + + //Would be nice to have automatic padding here + if plaintext.len() % 4 != 0 { + panic!("Plaintext has to be a multiple of 128 bits!") + } + + let mut i = 0; + while i < plaintext.len() { + let mut part: [u32; 4] = [0; 4]; + part[0] = plaintext[i]; + part[1] = plaintext[i + 1]; + part[2] = plaintext[i + 2]; + part[3] = plaintext[i + 3]; + + self.set_din(&part); + self.poll_completion()?; + + let mut cipher_out: [u32; 4] = [0; 4]; + self.dout(&mut cipher_out); + ciphertext[i] = cipher_out[0]; + ciphertext[i + 1] = cipher_out[1]; + ciphertext[i + 2] = cipher_out[2]; + ciphertext[i + 3] = cipher_out[3]; + + i = i + 4; + } + Ok(()) }