Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reworked Cmac hash computation for lower memory consumption #677

Merged
merged 5 commits into from
Feb 18, 2019
Merged

Reworked Cmac hash computation for lower memory consumption #677

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5792d57
Reworked Cmac hash computation for lower memory consumption
mvds00 Feb 12, 2019
030f0ae
applied patch supplied by mluis to bring code in line with coding rules
mvds00 Feb 13, 2019
a4ecfac
different API for SecureElementComputeAesCmacBlocks: fixed size (opti…
mvds00 Feb 13, 2019
f6fdbd6
fixed coding style
mvds00 Feb 14, 2019
5c81647
Removed option to use previous Cmac computation API, line endings fix
mvds00 Feb 15, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 2 additions & 14 deletions src/mac/LoRaMacCrypto.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -474,13 +474,7 @@ static LoRaMacCryptoStatus_t ComputeCmacB0( uint8_t* msg, uint16_t len, KeyIdent
// Initialize the first Block
PrepareB0( len, keyID, isAck, dir, devAddr, fCnt, micBuff );

SecureElementBlock_t blocks[2];
blocks[0].Buffer = micBuff;
blocks[0].Size = sizeof( micBuff );
blocks[1].Buffer = msg;
blocks[1].Size = len;

if( SecureElementComputeAesCmacBlocks( blocks, 2, keyID, cmac ) != SECURE_ELEMENT_SUCCESS )
if( SecureElementComputeAesCmacBlocks( micBuff, msg, len, keyID, cmac ) != SECURE_ELEMENT_SUCCESS )
{
return LORAMAC_CRYPTO_ERROR_SECURE_ELEMENT_FUNC;
}
Expand Down Expand Up @@ -639,13 +633,7 @@ static LoRaMacCryptoStatus_t ComputeCmacB1( uint8_t* msg, uint16_t len, KeyIdent
// Initialize the first Block
PrepareB1( len, keyID, isAck, txDr, txCh, devAddr, fCntUp, micBuff );

SecureElementBlock_t blocks[2];
blocks[0].Buffer = micBuff;
blocks[0].Size = sizeof( micBuff );
blocks[1].Buffer = msg;
blocks[1].Size = len;

if( SecureElementComputeAesCmacBlocks( blocks, 2, keyID, cmac ) != SECURE_ELEMENT_SUCCESS )
if( SecureElementComputeAesCmacBlocks( micBuff, msg, len, keyID, cmac ) != SECURE_ELEMENT_SUCCESS )
{
return LORAMAC_CRYPTO_ERROR_SECURE_ELEMENT_FUNC;
}
Expand Down
20 changes: 5 additions & 15 deletions src/mac/secure-element.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,17 +77,6 @@ typedef enum eSecureElementStatus
SECURE_ELEMENT_ERROR,
}SecureElementStatus_t;

#if( USE_CMAC_BLOCKS_API == 1 )
/*!
* CMAC buffer block.
*/
typedef struct SecureElementBlock_s
{
uint8_t *Buffer;
uint16_t Size;
}SecureElementBlock_t;
#endif

/*!
* Signature of callback function to be called by the Secure Element driver when the
* non volatile context have to be stored.
Expand Down Expand Up @@ -142,15 +131,16 @@ SecureElementStatus_t SecureElementComputeAesCmac( uint8_t* buffer, uint16_t siz

#if( USE_CMAC_BLOCKS_API == 1 )
/*!
* Computes a CMAC of a message given in blocks
* Computes a CMAC of a message using provided initial Bx block
*
* \param[IN] blocks - Buffer blocks
* \param[IN] nbBlocks - Number of buffer blocks
* \param[IN] micBxBuffer - Buffer containing the initial Bx block
* \param[IN] buffer - Data buffer
* \param[IN] size - Data buffer size
* \param[IN] keyID - Key identifier to determine the AES key to be used
* \param[OUT] cmac - Computed cmac
* \retval - Status of the operation
*/
SecureElementStatus_t SecureElementComputeAesCmacBlocks( SecureElementBlock_t* blocks, uint16_t nbBlocks, KeyIdentifier_t keyID, uint32_t* cmac );
SecureElementStatus_t SecureElementComputeAesCmacBlocks( uint8_t* micBxBuffer, uint8_t* buffer, uint16_t size, KeyIdentifier_t keyID, uint32_t* cmac );
#endif

/*!
Expand Down
36 changes: 14 additions & 22 deletions src/peripherals/soft-se/soft-se.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,19 +149,20 @@ SecureElementStatus_t ComputeCmac( uint8_t* buffer, uint16_t size, KeyIdentifier
}
#else
/*
* Computes a CMAC of a message given in blocks
* Computes a CMAC of a message using provided initial Bx block
*
* cmac = aes128_cmac(keyID, blocks[i].Buffer)
*
* \param[IN] blocks - Buffer blocks
* \param[IN] nbBlocks - Number of buffer blocks
* \param[IN] micBxBuffer - Buffer containing the initial Bx block
* \param[IN] buffer - Data buffer
* \param[IN] size - Data buffer size
* \param[IN] keyID - Key identifier to determine the AES key to be used
* \param[OUT] cmac - Computed cmac
* \retval - Status of the operation
*/
static SecureElementStatus_t ComputeCmacBlocks( SecureElementBlock_t* blocks, uint16_t nbBlocks, KeyIdentifier_t keyID, uint32_t* cmac )
static SecureElementStatus_t ComputeCmacBlocks( uint8_t *micBxBuffer, uint8_t *buffer, uint16_t size, KeyIdentifier_t keyID, uint32_t* cmac )
{
if( ( blocks == NULL ) || ( nbBlocks == 0 ) || ( cmac == NULL ) )
if( ( buffer == NULL ) || ( cmac == NULL ) )
{
return SECURE_ELEMENT_ERROR_NPE;
}
Expand All @@ -177,16 +178,13 @@ static SecureElementStatus_t ComputeCmacBlocks( SecureElementBlock_t* blocks, ui
{
AES_CMAC_SetKey( SeNvmCtx.AesCmacCtx, keyItem->KeyValue );

for( uint16_t i = 0; i < nbBlocks; i++ )
if ( micBxBuffer )
mvds00 marked this conversation as resolved.
Show resolved Hide resolved
{
if( ( blocks[i].Buffer == NULL ) ||
( blocks[i].Size == 0 ) )
{
continue;
}
AES_CMAC_Update( SeNvmCtx.AesCmacCtx, blocks[i].Buffer, blocks[i].Size );
AES_CMAC_Update( SeNvmCtx.AesCmacCtx, micBxBuffer, 16 );
}

AES_CMAC_Update( SeNvmCtx.AesCmacCtx, buffer, size );

AES_CMAC_Final( Cmac, SeNvmCtx.AesCmacCtx );

// Bring into the required format
Expand Down Expand Up @@ -307,23 +305,20 @@ SecureElementStatus_t SecureElementComputeAesCmac( uint8_t* buffer, uint16_t siz
#if( USE_CMAC_BLOCKS_API == 0 )
return ComputeCmac( buffer, size, keyID, cmac );
#else
SecureElementBlock_t block;
block.Buffer = buffer;
block.Size = size;
return ComputeCmacBlocks( &block, 1, keyID, cmac );
return ComputeCmacBlocks( NULL, buffer, size, keyID, cmac );
#endif
}

#if( USE_CMAC_BLOCKS_API == 1 )
SecureElementStatus_t SecureElementComputeAesCmacBlocks( SecureElementBlock_t* blocks, uint16_t nbBlocks, KeyIdentifier_t keyID, uint32_t* cmac )
SecureElementStatus_t SecureElementComputeAesCmacBlocks( uint8_t *micBxBuffer, uint8_t *buffer, uint16_t size, KeyIdentifier_t keyID, uint32_t* cmac )
{
if( keyID >= LORAMAC_CRYPTO_MULITCAST_KEYS )
{
//Never accept multicast key identifier for cmac computation
return SECURE_ELEMENT_ERROR_INVALID_KEY_ID;
}

return ComputeCmacBlocks( blocks, nbBlocks, keyID, cmac );
return ComputeCmacBlocks( micBxBuffer, buffer, size, keyID, cmac );
}
#endif

Expand All @@ -339,10 +334,7 @@ SecureElementStatus_t SecureElementVerifyAesCmac( uint8_t* buffer, uint16_t size
#if( USE_CMAC_BLOCKS_API == 0 )
retval = ComputeCmac( buffer, size, keyID, &compCmac );
#else
SecureElementBlock_t block;
block.Buffer = buffer;
block.Size = size;
retval = ComputeCmacBlocks( &block, 1, keyID, &compCmac );
retval = ComputeCmacBlocks( NULL, buffer, size, keyID, &compCmac );
#endif
if( retval != SECURE_ELEMENT_SUCCESS )
{
Expand Down