STM32L486RG/mbedtls: add aes hw acceleration

Author: adustm

features/mbedtls/targets/TARGET_STM/TARGET_STM32L4/TARGET_NUCLEO_L486RG/mbedtls_device.h

@@ -0,0 +1,30 @@
+/*
+ *  mbedtls_device.h 
+ *******************************************************************************
+ * Copyright (c) 2017, STMicroelectronics
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+#ifndef MBEDTLS_DEVICE_H
+#define MBEDTLS_DEVICE_H
+
+#define MBEDTLS_AES_ALT
+
+//the following defines are provided to maintain compatibility between STM32 families
+#define __HAL_RCC_CRYP_CLK_ENABLE    __HAL_RCC_AES_CLK_ENABLE
+#define __HAL_RCC_CRYP_FORCE_RESET   __HAL_RCC_AES_FORCE_RESET
+#define __HAL_RCC_CRYP_RELEASE_RESET __HAL_RCC_AES_RELEASE_RESET
+#define CRYP                         AES
+#endif /* MBEDTLS_DEVICE_H */

features/mbedtls/targets/TARGET_STM/aes_alt.c

@@ -28,17 +28,22 @@ static int aes_set_key( mbedtls_aes_context *ctx, const unsigned char *key, unsi
     switch( keybits )
     {
         case 128:
-          ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_128B;
-          memcpy(ctx->aes_key, key, 16);
-          break;
+            ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_128B;
+            memcpy(ctx->aes_key, key, 16);
+            break;
         case 192:
-          ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_192B;
-          memcpy(ctx->aes_key, key, 24);
-          break;
+#if defined (TARGET_STM32L486xG)
+            return(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH);
+#else
+            ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_192B;
+            memcpy(ctx->aes_key, key, 24);
+            break;
+#endif
+
         case 256:
-          ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_256B;
-          memcpy(ctx->aes_key, key, 32);
-          break;
+            ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_256B;
+            memcpy(ctx->aes_key, key, 32);
+            break;
        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
     }
 
@@ -52,6 +57,9 @@ static int aes_set_key( mbedtls_aes_context *ctx, const unsigned char *key, unsi
     __HAL_RCC_CRYP_CLK_ENABLE();
 
     ctx->hcryp_aes.Init.pKey = ctx->aes_key;
+#if defined (TARGET_STM32L486xG)
+    ctx->hcryp_aes.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE;
+#endif
     if (HAL_CRYP_Init(&ctx->hcryp_aes) == HAL_ERROR)
         return (HAL_ERROR);
 
@@ -148,14 +156,46 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
     if( mode == MBEDTLS_AES_DECRYPT )
     {
         ctx->hcryp_aes.Init.pInitVect = &iv[0]; // used in process, not in the init 
-
+#if defined (TARGET_STM32L486xG)
+        if ((ctx->hcryp_aes.Init.OperatingMode != CRYP_ALGOMODE_KEYDERIVATION_DECRYPT) || \
+             (ctx->hcryp_aes.Init.ChainingMode != CRYP_CHAINMODE_AES_CBC) || \
+             (ctx->hcryp_aes.Init.KeyWriteFlag != CRYP_KEY_WRITE_ENABLE)) {
+            /* Re-initialize AES IP with proper parameters */
+            if (HAL_CRYP_DeInit(&ctx->hcryp_aes) != HAL_OK) 
+                return HAL_ERROR;
+            ctx->hcryp_aes.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT;
+            ctx->hcryp_aes.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC;
+            ctx->hcryp_aes.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE;
+            if (HAL_CRYP_Init(&ctx->hcryp_aes) != HAL_OK)
+                return HAL_ERROR;
+        }
+      
+        status =  HAL_CRYPEx_AES(&ctx->hcryp_aes, (uint8_t *)input, length, (uint8_t *)output, 10);
+#else
         status = HAL_CRYP_AESCBC_Decrypt(&ctx->hcryp_aes, (uint8_t *)input, length, (uint8_t *)output, 10);
+#endif
     }
     else
     {
         ctx->hcryp_aes.Init.pInitVect = &iv[0]; // used in process, not in the init 
-        
+#if defined (TARGET_STM32L486xG)
+        if ((ctx->hcryp_aes.Init.OperatingMode != CRYP_ALGOMODE_ENCRYPT) || \
+             (ctx->hcryp_aes.Init.ChainingMode != CRYP_CHAINMODE_AES_CBC) || \
+             (ctx->hcryp_aes.Init.KeyWriteFlag != CRYP_KEY_WRITE_ENABLE)) {
+            /* Re-initialize AES IP with proper parameters */
+            if (HAL_CRYP_DeInit(&ctx->hcryp_aes) != HAL_OK) 
+                return HAL_ERROR;
+            ctx->hcryp_aes.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT;
+            ctx->hcryp_aes.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC;
+            ctx->hcryp_aes.Init.KeyWriteFlag = CRYP_KEY_WRITE_ENABLE;
+            if (HAL_CRYP_Init(&ctx->hcryp_aes) != HAL_OK)
+                return HAL_ERROR;
+        }
+      
+        status =  HAL_CRYPEx_AES(&ctx->hcryp_aes, (uint8_t *)input, length, (uint8_t *)output, 10);
+#else
         status = HAL_CRYP_AESCBC_Encrypt(&ctx->hcryp_aes, (uint8_t *)input, length, (uint8_t *)output, 10);
+#endif
     }
     return( status );
 }

targets/targets.json

@@ -1087,7 +1087,7 @@
         "supported_toolchains": ["ARM", "uARM", "IAR", "GCC_ARM"],
         "inherits": ["Target"],
         "detect_code": ["0827"],
-        "macros": ["TRANSACTION_QUEUE_SIZE_SPI=2","USBHOST_OTHER"],
+        "macros": ["TRANSACTION_QUEUE_SIZE_SPI=2","USBHOST_OTHER", "MBEDTLS_CONFIG_HW_SUPPORT"],
         "device_has": ["ANALOGIN", "ANALOGOUT", "CAN", "I2C", "I2CSLAVE", "I2C_ASYNCH", "INTERRUPTIN", "LOWPOWERTIMER", "PORTIN", "PORTINOUT", "PORTOUT", "PWMOUT", "RTC", "SERIAL", "SERIAL_ASYNCH", "SERIAL_FC", "SLEEP", "SPI", "SPISLAVE", "SPI_ASYNCH", "STDIO_MESSAGES", "TRNG"],
         "release_versions": ["2", "5"],
         "device_name": "STM32L486RG"