This commit adds crypto support for several series which have
the same/very similar or same AES IP.
This includes G0, G4, L5, WL.
WB is also very similar but, expects the app to load the key via CKS.
Signed-off-by: Thomas Stranger <thomas.stranger@outlook.com>
Currently there is no way to distinguish between a caller
explicitly asking for a semaphore with a limit that
happens to be `UINT_MAX` and a semaphore that just
has a limit "as large as possible".
Add `K_SEM_MAX_LIMIT`, currently defined to `UINT_MAX`, and akin
to `K_FOREVER` versus just passing some very large wait time.
In addition, the `k_sem_*` APIs were type-confused, where
the internal data structure was `uint32_t`, but the APIs took
and returned `unsigned int`. This changes the underlying data
structure to also use `unsigned int`, as changing the APIs
would be a (potentially) breaking change.
These changes are backwards-compatible, but it is strongly suggested
to take a quick scan for `k_sem_init` and `K_SEM_DEFINE` calls with
`UINT_MAX` (or `UINT32_MAX`) and replace them with `K_SEM_MAX_LIMIT`
where appropriate.
Signed-off-by: James Harris <james.harris@intel.com>
Convert from device_get_binding to DEVICE_DT_GET. In doing this we
no longer need the label in the devicetree node so we remove that.
Removed all __ASSERT_NO_MSG(clk) since we'll get a build error if
DEVICE_DT_GET cant be satisfied, and the clock control api's will
handle reporting if the device_is_ready.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Convert the driver so that it creates its instance basing on DT.
Remove no longer needed Kconfig option CRYPTO_NRF_ECB_NAME.
Also update accordingly the crypto sample.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Convert driver(s) to DEVICE_DEFINE instead of DEVICE_AND_API_INIT
so we can deprecate DEVICE_AND_API_INIT in the future.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace all calls to the assert macro that comes from libc by calls to
__ASSERT_NO_MSG(). This is usefull as the former might be different
depending on the libc used and the later can be customized to reduce
flash footprint.
Signed-off-by: Xavier Chapron <xavier.chapron@stimio.fr>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Update mbedTLS commit along with the following fixes:
* Fix naming inconsistencies in some cipher modes, to match core mbedTLS
configs
* Add Kconfig to enable CTR cipher mode
Fixes#22421
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Convert older DT_INST_ macro use in STM32 drivers to the new
include/devicetree.h DT_INST macro APIs.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Add CAP_NO_IV_PREFIX capability support to the STM32 CRYP crypto driver,
so the initialization vector does not have to be prefixed to the
plaintext/ciphertext buffer.
Signed-off-by: Markus Fuchs <markus.fuchs@de.sauter-bc.com>
mtls_session_setup checks early if the given mode is valid and return
an error if not. CRYPTO_CIPHER_MODE_CTR is not a valid one so there is
no needed to have it in the switch.
CID: 20600
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This patch adds crypto driver support for all STM32F4 devices providing
a CRYP peripheral.
This driver implements the AES ECB, CBC and CTR modes of operation.
It has been tested on a STM32F437 SoC running the Zephyr crypto driver
sample.
Signed-off-by: Markus Fuchs <markus.fuchs@de.sauter-bc.com>
Add support for `CAP_NO_IV_PREFIX` in mbedTLS_shim and advertise this as
one of its capabilities. When this flag is active, the IV passed is
preserved to allow applications to reuse the IV buffer.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
The conversion of struct cipher_ctx * to mtls_aes_context * happens in
a bunch of places. Add a macro MTLS_GET_CTX() to simplify this.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Add support for AES CBC mode of operation in mbedTLS shim driver.
Refactor mtls_session_setup() to allow multiple cipher modes to
co-exist.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move i2c.h to drivers/i2c.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Found a few annoying typos and figured I better run script and
fix anything it can find, here are the results...
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Libraries that use mbedTLS have been invoking
zephyr_link_interface(mbedTLS). It is not clear what the intent of
this code has been, but it is redundant with the mbedTLS build
scripts, so it can be safely removed.
In addition to being redundant, it causes problems as it introduces an
ordering dependency, with this code mbedTLS must be declared before
users of mbedTLS are declared. Since this code is redundant, this
ordering dependency is also unnecessary.
This code is believed to have been added early on by accident and
copied through cargo-cult programming since.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
unify the API of CCM alogrithm's implemation for TinyCrypt,
mbedTLS and cc2520 crypto device to make users easy to use.
Fixes#8339.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
The logical NOT operator has a higher precedence than bitwise
AND operator. Therefore to make the test in if statement
correct, add parenthesis around the operands of bitwise
AND operator.
Found using Coccinelle.
Semantic Patch Language (SmPL) used:
<smpl>
@@
expression x;
constant C;
@@
- !x & C
+ !(x & C)
</smpl>
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Consistently use
config FOO
bool/int/hex/string "Prompt text"
instead of
config FOO
bool/int/hex/string
prompt "Prompt text"
(...and a bunch of other variations that e.g. swapped the order of the
type and the 'prompt', or put other properties between them).
The shorthand is fully equivalent to using 'prompt'. It saves lines and
avoids tricking people into thinking there is some semantic difference.
Most of the grunt work was done by a modified version of
https://unix.stackexchange.com/questions/26284/how-can-i-use-sed-to-replace-a-multi-line-string/26290#26290, but some
of the rarer variations had to be converted manually.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
do_cbc_decrypt() was not accounting IV's size in the input buffer.
Note that tinycrypt expects that IV and cipher text to be contiguous,
but input length must consider only the cipher text.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though, and is
inconsistent.
This will make the auto-generated Kconfig documentation have "No
defaults. Implicitly defaults to n." as well, which is clearer than
'default n if ...'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
In the code we had an if defined based on
CONFIG_ATAES132A_I2C_SPEED_STANDARD that should be
CONFIG_CRYPTO_ATAES132A_I2C_SPEED_STANDARD.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Leading/trailing whitespace in prompts requires ugly workarounds in
genrest.py, as e.g. *prompt * is invalid RST. strip() all prompts in
Kconfiglib and get rid of the genrest.py workarounds. Add a warning too.
The Kconfiglib update has some unrelated cleanups and fixes (that won't
affect Zephyr).
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Selecting a choice symbol is always a no-op, and the latest version of
Kconfiglib prints a warning. This commit removes all selects of choice
symbols, which might make the Kconfig files a bit clearer and gets rid
of the warnings.
This is just a dumb removal. I did not try to guess the intent of each
select.
Fixes#6849
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
Thomas Stranger