drivers: crypto: add driver for nRF ECB

add driver for nRF AES Electronic CodeBook (ECB) peripheral

Signed-off-by: Maciej Fabia <maciej.fabia@nordicsemi.no>

CODEOWNERS

@@ -140,6 +140,7 @@
 /drivers/clock_control/*nrf*              @nordic-krch
 /drivers/counter/                         @nordic-krch
 /drivers/counter/counter_cmos.c           @andrewboie
+/drivers/crypto/*nrf_ecb*                 @maciekfabia @anangl
 /drivers/display/                         @vanwinkeljan
 /drivers/display/display_framebuf.c       @andrewboie
 /drivers/dma/*dw*                         @tbursztyka

drivers/crypto/CMakeLists.txt

@@ -5,4 +5,5 @@ zephyr_library_sources_ifdef(CONFIG_CRYPTO_TINYCRYPT_SHIM	crypto_tc_shim.c)
 zephyr_library_sources_ifdef(CONFIG_CRYPTO_ATAES132A		crypto_ataes132a.c)
 zephyr_library_sources_ifdef(CONFIG_CRYPTO_MBEDTLS_SHIM		crypto_mtls_shim.c)
 zephyr_library_sources_ifdef(CONFIG_CRYPTO_STM32			crypto_stm32.c)
+zephyr_library_sources_ifdef(CONFIG_CRYPTO_NRF_ECB		crypto_nrf_ecb.c)
 zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)

drivers/crypto/Kconfig

@@ -72,5 +72,6 @@ config CRYPTO_MBEDTLS_SHIM_MAX_SESSION
 
 source "drivers/crypto/Kconfig.ataes132a"
 source "drivers/crypto/Kconfig.stm32"
+source "drivers/crypto/Kconfig.nrf_ecb"
 
 endif # CRYPTO

drivers/crypto/Kconfig.nrf_ecb

@@ -0,0 +1,18 @@
+# NRF AES ECB configuration options
+
+# Copyright (c) 2020 Nordic Semiconductor ASA
+# SPDX-License-Identifier: Apache-2.0
+
+
+menuconfig CRYPTO_NRF_ECB
+	bool "nRF AES electronic codebook mode encryption"
+	depends on HAS_HW_NRF_ECB && !BT_CTLR
+	help
+	  Enable nRF HAL-based AES ECB encryption driver
+
+config CRYPTO_NRF_ECB_DRV_NAME
+	string "nRF AES ECB driver name"
+	default "CRYPTO_NRF_ECB"
+	depends on CRYPTO_NRF_ECB
+	help
+	  Driver name for nRF AES ECB

drivers/crypto/crypto_nrf_ecb.c

@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2020 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <string.h>
+#include <crypto/cipher.h>
+#include <logging/log.h>
+#include <hal/nrf_ecb.h>
+
+#define ECB_AES_KEY_SIZE   16
+#define ECB_AES_BLOCK_SIZE 16
+
+LOG_MODULE_REGISTER(crypto_nrf_ecb, CONFIG_CRYPTO_LOG_LEVEL);
+
+struct ecb_data {
+	u8_t key[ECB_AES_KEY_SIZE];
+	u8_t cleartext[ECB_AES_BLOCK_SIZE];
+	u8_t ciphertext[ECB_AES_BLOCK_SIZE];
+};
+
+struct nrf_ecb_drv_state {
+	struct ecb_data data;
+	bool in_use;
+};
+
+static struct nrf_ecb_drv_state drv_state;
+
+static int do_ecb_encrypt(struct cipher_ctx *ctx, struct cipher_pkt *pkt)
+{
+	ARG_UNUSED(ctx);
+
+	if (pkt->in_len != ECB_AES_BLOCK_SIZE) {
+		LOG_ERR("only 16-byte blocks are supported");
+		return -EINVAL;
+	}
+	if (pkt->out_buf_max < pkt->in_len) {
+		LOG_ERR("output buffer too small");
+		return -EINVAL;
+	}
+
+	if (pkt->in_buf != drv_state.data.cleartext) {
+		memcpy(drv_state.data.cleartext, pkt->in_buf,
+		       ECB_AES_BLOCK_SIZE);
+	}
+
+	nrf_ecb_event_clear(NRF_ECB, NRF_ECB_EVENT_ENDECB);
+	nrf_ecb_event_clear(NRF_ECB, NRF_ECB_EVENT_ERRORECB);
+	nrf_ecb_task_trigger(NRF_ECB, NRF_ECB_TASK_STARTECB);
+	while (!(nrf_ecb_event_check(NRF_ECB, NRF_ECB_EVENT_ENDECB) ||
+		 nrf_ecb_event_check(NRF_ECB, NRF_ECB_EVENT_ERRORECB))) {
+	}
+	if (nrf_ecb_event_check(NRF_ECB, NRF_ECB_EVENT_ERRORECB)) {
+		LOG_ERR("ECB operation error");
+		return -EIO;
+	}
+	if (pkt->out_buf != drv_state.data.ciphertext) {
+		memcpy(pkt->out_buf, drv_state.data.ciphertext,
+		       ECB_AES_BLOCK_SIZE);
+	}
+	pkt->out_len = pkt->in_len;
+	return 0;
+}
+
+static int nrf_ecb_driver_init(struct device *dev)
+{
+	ARG_UNUSED(dev);
+
+	nrf_ecb_data_pointer_set(NRF_ECB, &drv_state.data);
+	drv_state.in_use = false;
+	return 0;
+}
+
+static int nrf_ecb_query_caps(struct device *dev)
+{
+	ARG_UNUSED(dev);
+
+	return (CAP_RAW_KEY | CAP_SEPARATE_IO_BUFS | CAP_SYNC_OPS);
+}
+
+static int nrf_ecb_session_setup(struct device *dev, struct cipher_ctx *ctx,
+				 enum cipher_algo algo, enum cipher_mode mode,
+				 enum cipher_op op_type)
+{
+	ARG_UNUSED(dev);
+
+	if ((algo != CRYPTO_CIPHER_ALGO_AES) ||
+	    !(ctx->flags & CAP_SYNC_OPS) ||
+	    (ctx->keylen != ECB_AES_KEY_SIZE) ||
+	    (op_type != CRYPTO_CIPHER_OP_ENCRYPT) ||
+	    (mode != CRYPTO_CIPHER_MODE_ECB)) {
+		LOG_ERR("This driver only supports 128-bit AES ECB encryption"
+			" in synchronous mode");
+		return -EINVAL;
+	}
+
+	if (ctx->key.bit_stream == NULL) {
+		LOG_ERR("No key provided");
+		return -EINVAL;
+	}
+
+	if (drv_state.in_use) {
+		LOG_ERR("Peripheral in use");
+		return -EBUSY;
+	}
+
+	drv_state.in_use = true;
+
+	ctx->ops.block_crypt_hndlr = do_ecb_encrypt;
+	ctx->ops.cipher_mode = mode;
+
+	if (ctx->key.bit_stream != drv_state.data.key) {
+		memcpy(drv_state.data.key, ctx->key.bit_stream,
+		       ECB_AES_KEY_SIZE);
+	}
+
+	return 0;
+}
+
+static int nrf_ecb_session_free(struct device *dev, struct cipher_ctx *sessn)
+{
+	ARG_UNUSED(dev);
+	ARG_UNUSED(sessn);
+
+	drv_state.in_use = false;
+
+	return 0;
+}
+
+static const struct crypto_driver_api crypto_enc_funcs = {
+	.begin_session = nrf_ecb_session_setup,
+	.free_session = nrf_ecb_session_free,
+	.crypto_async_callback_set = NULL,
+	.query_hw_caps = nrf_ecb_query_caps,
+};
+
+DEVICE_AND_API_INIT(nrf_ecb, CONFIG_CRYPTO_NRF_ECB_DRV_NAME,
+		    nrf_ecb_driver_init, NULL, NULL,
+		    POST_KERNEL, CONFIG_CRYPTO_INIT_PRIORITY,
+		    &crypto_enc_funcs);

samples/drivers/crypto/prj_nrf_ecb.conf

@@ -0,0 +1,5 @@
+CONFIG_LOG=y
+CONFIG_LOG_MINIMAL=y
+CONFIG_CRYPTO=y
+CONFIG_CRYPTO_LOG_LEVEL_DBG=y
+CONFIG_CRYPTO_NRF_ECB=y

samples/drivers/crypto/src/main.c

@@ -23,6 +23,8 @@ LOG_MODULE_REGISTER(main);
 #define CRYPTO_DRV_NAME CONFIG_CRYPTO_MBEDTLS_SHIM_DRV_NAME
 #elif CONFIG_CRYPTO_STM32
 #define CRYPTO_DRV_NAME DT_LABEL(DT_INST(0, st_stm32_cryp))
+#elif CONFIG_CRYPTO_NRF_ECB
+#define CRYPTO_DRV_NAME CONFIG_CRYPTO_NRF_ECB_DRV_NAME
 #else
 #error "You need to enable one crypto device"
 #endif