kernel/hil/
symmetric_encryption.rs

1// Licensed under the Apache License, Version 2.0 or the MIT License.
2// SPDX-License-Identifier: Apache-2.0 OR MIT
3// Copyright Tock Contributors 2022.
4
5//! Interface for symmetric-cipher encryption
6//!
7//! see boards/imix/src/aes_test.rs for example usage
8
9use crate::ErrorCode;
10
11/// Implement this trait and use `set_client()` in order to receive callbacks from an `AES128`
12/// instance.
13pub trait Client<'a> {
14    fn crypt_done(&'a self, source: Option<&'static mut [u8]>, dest: &'static mut [u8]);
15}
16
17/// The number of bytes used for AES block operations.  Keys and IVs must have this length,
18/// and encryption/decryption inputs must be have a multiple of this length.
19pub const AES128_BLOCK_SIZE: usize = 16;
20pub const AES128_KEY_SIZE: usize = 16;
21
22pub trait AES128<'a> {
23    /// Enable the AES hardware.
24    /// Must be called before any other methods
25    fn enable(&self);
26
27    /// Disable the AES hardware
28    fn disable(&self);
29
30    /// Set the client instance which will receive `crypt_done()` callbacks
31    fn set_client(&'a self, client: &'a dyn Client<'a>);
32
33    /// Set the encryption key.
34    /// Returns `INVAL` if length is not `AES128_KEY_SIZE`
35    fn set_key(&self, key: &[u8]) -> Result<(), ErrorCode>;
36
37    /// Set the IV (or initial counter).
38    /// Returns `INVAL` if length is not `AES128_BLOCK_SIZE`
39    fn set_iv(&self, iv: &[u8]) -> Result<(), ErrorCode>;
40
41    /// Begin a new message (with the configured IV) when `crypt()` is
42    /// next called.  Multiple calls to `crypt()` may be made between
43    /// calls to `start_message()`, allowing the encryption context to
44    /// extend over non-contiguous extents of data.
45    ///
46    /// If an encryption operation is in progress, this method instead
47    /// has no effect.
48    fn start_message(&self);
49
50    /// Request an encryption/decryption
51    ///
52    /// If the source buffer is not `None`, the encryption input
53    /// will be that entire buffer.  Otherwise the destination buffer
54    /// at indices between `start_index` and `stop_index` will
55    /// provide the input, which will be overwritten.
56    ///
57    /// If `None` is returned, the client's `crypt_done` method will eventually
58    /// be called, and the portion of the data buffer between `start_index`
59    /// and `stop_index` will hold the result of the encryption/decryption.
60    ///
61    /// If `Some(result, source, dest)` is returned, `result` is the
62    /// error condition and `source` and `dest` are the buffers that
63    /// were passed to `crypt`.
64    ///
65    /// The indices `start_index` and `stop_index` must be valid
66    /// offsets in the destination buffer, and the length
67    /// `stop_index - start_index` must be a multiple of
68    /// `AES128_BLOCK_SIZE`.  Otherwise, `Some(INVAL, ...)` will be
69    /// returned.
70    ///
71    /// If the source buffer is not `None`, its length must be
72    /// `stop_index - start_index`.  Otherwise, `Some(INVAL, ...)`
73    /// will be returned.
74    ///
75    /// If an encryption operation is already in progress,
76    /// `Some(BUSY, ...)` will be returned.
77    ///
78    /// For correct operation, the methods `set_key` and `set_iv` must have
79    /// previously been called to set the buffers containing the
80    /// key and the IV (or initial counter value), and a method `set_mode_*()`
81    /// must have been called to set the desired mode.  These settings persist
82    /// across calls to `crypt()`.
83    ///
84    fn crypt(
85        &self,
86        source: Option<&'static mut [u8]>,
87        dest: &'static mut [u8],
88        start_index: usize,
89        stop_index: usize,
90    ) -> Option<(
91        Result<(), ErrorCode>,
92        Option<&'static mut [u8]>,
93        &'static mut [u8],
94    )>;
95}
96
97pub trait AES128Ctr {
98    /// Call before `AES128::crypt()` to perform AES128Ctr
99    fn set_mode_aes128ctr(&self, encrypting: bool) -> Result<(), ErrorCode>;
100}
101
102pub trait AES128CBC {
103    /// Call before `AES128::crypt()` to perform AES128CBC
104    fn set_mode_aes128cbc(&self, encrypting: bool) -> Result<(), ErrorCode>;
105}
106
107pub trait AES128ECB {
108    /// Call before `AES128::crypt()` to perform AES128ECB
109    fn set_mode_aes128ecb(&self, encrypting: bool) -> Result<(), ErrorCode>;
110}
111
112pub trait CCMClient {
113    /// `res` is Ok(()) if the encryption/decryption process succeeded. This
114    /// does not mean that the message has been verified in the case of
115    /// decryption.
116    /// If we are encrypting: `tag_is_valid` is `true` iff `res` is Ok(()).
117    /// If we are decrypting: `tag_is_valid` is `true` iff `res` is Ok(()) and the
118    /// message authentication tag is valid.
119    fn crypt_done(&self, buf: &'static mut [u8], res: Result<(), ErrorCode>, tag_is_valid: bool);
120}
121
122pub const CCM_NONCE_LENGTH: usize = 13;
123
124pub trait AES128CCM<'a> {
125    /// Set the client instance which will receive `crypt_done()` callbacks
126    fn set_client(&'a self, client: &'a dyn CCMClient);
127
128    /// Set the key to be used for CCM encryption
129    fn set_key(&self, key: &[u8]) -> Result<(), ErrorCode>;
130
131    /// Set the nonce (length NONCE_LENGTH) to be used for CCM encryption
132    fn set_nonce(&self, nonce: &[u8]) -> Result<(), ErrorCode>;
133
134    /// Try to begin the encryption/decryption process
135    fn crypt(
136        &self,
137        buf: &'static mut [u8],
138        a_off: usize,
139        m_off: usize,
140        m_len: usize,
141        mic_len: usize,
142        confidential: bool,
143        encrypting: bool,
144    ) -> Result<(), (ErrorCode, &'static mut [u8])>;
145}
146
147pub trait GCMClient {
148    /// `res` is Ok(()) if the encryption/decryption process succeeded. This
149    /// does not mean that the message has been verified in the case of
150    /// decryption.
151    /// If we are encrypting: `tag_is_valid` is `true` iff `res` is Ok(()).
152    /// If we are decrypting: `tag_is_valid` is `true` iff `res` is Ok(()) and the
153    /// message authentication tag is valid.
154    fn crypt_done(&self, buf: &'static mut [u8], res: Result<(), ErrorCode>, tag_is_valid: bool);
155}
156
157pub trait AES128GCM<'a> {
158    /// Set the client instance which will receive `crypt_done()` callbacks
159    fn set_client(&'a self, client: &'a dyn GCMClient);
160
161    /// Set the key to be used for GCM encryption
162    /// Returns `INVAL` if length is not `AES128_KEY_SIZE`
163    fn set_key(&self, key: &[u8]) -> Result<(), ErrorCode>;
164
165    /// Set the IV to be used for GCM encryption. The IV should be less
166    /// or equal to 12 bytes (96 bits) as recommened in NIST-800-38D.
167    /// Returns `INVAL` if length is greater then 12 bytes
168    fn set_iv(&self, nonce: &[u8]) -> Result<(), ErrorCode>;
169
170    /// Try to begin the encryption/decryption process
171    /// The possible ErrorCodes are:
172    ///     - `BUSY`: An operation is already in progress
173    ///     - `SIZE`: The offset and lengths don't fit inside the buffer
174    fn crypt(
175        &self,
176        buf: &'static mut [u8],
177        aad_offset: usize,
178        message_offset: usize,
179        message_len: usize,
180        encrypting: bool,
181    ) -> Result<(), (ErrorCode, &'static mut [u8])>;
182}