mirror of
https://github.com/apache/nuttx.git
synced 2026-05-19 03:03:37 +08:00
Vlad Pruteanu
3039184806
This adds support for PBKDF2 (SHA1 and SHA256) while leveraging the existing infrastructure for HMAC. Signed-off-by: Vlad Pruteanu <pruteanuvlad1611@yahoo.com>
238 lines
6.5 KiB
ReStructuredText
238 lines
6.5 KiB
ReStructuredText
====================
|
|
Crypto API Subsystem
|
|
====================
|
|
|
|
Overview
|
|
========
|
|
|
|
The NuttX Crypto API subsystem provides a unified interface for cryptographic operations, supporting various encryption, decryption, hashing, and authentication algorithms. The subsystem abstracts hardware and software crypto implementations through a common interface.
|
|
|
|
Supported Algorithms
|
|
====================
|
|
|
|
Symmetric Encryption Algorithms
|
|
--------------------------------
|
|
|
|
**AES (Advanced Encryption Standard)**
|
|
|
|
- AES-CBC Mode:
|
|
- CRYPTO_AES_CBC (128-bit key size)
|
|
- CRYPTO_AES_192_CBC (192-bit key size)
|
|
- CRYPTO_AES_256_CBC (256-bit key size)
|
|
|
|
- AES-CTR Mode (Counter mode):
|
|
- CRYPTO_AES_CTR
|
|
|
|
- AES-XTS Mode (XEX-based Tweaked CodeBook):
|
|
- CRYPTO_AES_XTS
|
|
|
|
- AES-GCM Mode (Galois/Counter Mode):
|
|
- CRYPTO_AES_GCM_16
|
|
|
|
- AES-OFB Mode (Output Feedback):
|
|
- CRYPTO_AES_OFB
|
|
|
|
- AES-CFB Mode (Cipher Feedback):
|
|
- CRYPTO_AES_CFB_8 (8-bit)
|
|
- CRYPTO_AES_CFB_128 (128-bit)
|
|
|
|
**Other Block Cipher Modes**
|
|
|
|
- Blowfish (BLF):
|
|
- CRYPTO_BLF_CBC
|
|
|
|
- CAST (CAST-128):
|
|
- CRYPTO_CAST_CBC
|
|
|
|
- Rijndael (128-bit):
|
|
- CRYPTO_RIJNDAEL128_CBC
|
|
|
|
- Null (No encryption):
|
|
- CRYPTO_NULL
|
|
|
|
Authentication and Hashing Algorithms
|
|
--------------------------------------
|
|
|
|
**HMAC (Hash-based Message Authentication Code)**
|
|
|
|
- MD5-HMAC:
|
|
- CRYPTO_MD5_HMAC
|
|
|
|
- SHA-1 HMAC:
|
|
- CRYPTO_SHA1_HMAC
|
|
|
|
- SHA-2 HMAC:
|
|
- CRYPTO_SHA2_256_HMAC (256-bit)
|
|
- CRYPTO_SHA2_384_HMAC (384-bit)
|
|
- CRYPTO_SHA2_512_HMAC (512-bit)
|
|
|
|
**Hash Functions**
|
|
|
|
- MD5:
|
|
- CRYPTO_MD5
|
|
|
|
- SHA-1:
|
|
- CRYPTO_SHA1
|
|
|
|
- SHA-2:
|
|
- CRYPTO_SHA2_224 (224-bit)
|
|
- CRYPTO_SHA2_256 (256-bit)
|
|
- CRYPTO_SHA2_384 (384-bit)
|
|
- CRYPTO_SHA2_512 (512-bit)
|
|
|
|
- RIPEMD-160:
|
|
- CRYPTO_RIPEMD160 (as hash function)
|
|
- CRYPTO_RIPEMD160_HMAC
|
|
|
|
**Message Authentication Codes**
|
|
|
|
- AES-GMAC (Galois Message Authentication Code):
|
|
- CRYPTO_AES_128_GMAC (128-bit key)
|
|
- CRYPTO_AES_192_GMAC (192-bit key)
|
|
- CRYPTO_AES_256_GMAC (256-bit key)
|
|
- CRYPTO_AES_GMAC (generic)
|
|
|
|
- AES-CMAC (Cipher-based Message Authentication Code):
|
|
- CRYPTO_AES_CMAC
|
|
- CRYPTO_AES_128_CMAC (128-bit)
|
|
|
|
- Poly1305:
|
|
- CRYPTO_POLY1305
|
|
- CRYPTO_CHACHA20_POLY1305
|
|
- CRYPTO_CHACHA20_POLY1305_MAC
|
|
|
|
**Stream Ciphers**
|
|
|
|
- ChaCha20:
|
|
- CRYPTO_CHACHA20_POLY1305 (with Poly1305 MAC)
|
|
|
|
Integrity and Checksums
|
|
------------------------
|
|
|
|
- CRC-32:
|
|
- CRYPTO_CRC32
|
|
|
|
- Extended Sequence Numbers (ESN):
|
|
- CRYPTO_ESN
|
|
|
|
Compression
|
|
-----------
|
|
|
|
- Deflate Compression:
|
|
- CRYPTO_DEFLATE_COMP
|
|
|
|
Usage
|
|
=====
|
|
|
|
The Crypto API is accessed through the cryptodev interface, which provides ioctl commands for initializing cryptographic sessions and performing operations.
|
|
|
|
Basic Usage Pattern
|
|
-------------------
|
|
|
|
1. Open the cryptodev device (/dev/crypto)
|
|
2. Initialize a cryptographic session with desired algorithm
|
|
3. Submit crypto operations (encrypt/decrypt/hash)
|
|
4. Close the session when done
|
|
|
|
For more details, refer to the cryptodev.h header file and specific driver documentation.
|
|
|
|
Asymmetric Cryptography
|
|
=======================
|
|
|
|
Public Key Algorithms
|
|
---------------------
|
|
|
|
**RSA (Rivest-Shamir-Adleman)**
|
|
|
|
- RSA key pair generation for variable key sizes
|
|
- Digital signature generation and verification with multiple padding schemes:
|
|
- PKCS#1 v1.5 padding (CRK_RSA_PKCS15_SIGN, CRK_RSA_PKCS15_VERIFY)
|
|
- PSS (Probabilistic Signature Scheme) padding (CRK_RSA_PSS_SIGN, CRK_RSA_PSS_VERIFY)
|
|
- Public key encryption and decryption
|
|
- RSA operations accessible via /dev/crypto cryptodev interface
|
|
|
|
**ECDSA (Elliptic Curve Digital Signature Algorithm)**
|
|
|
|
- ECDSA key pair generation for different curves
|
|
- Digital signature generation and verification
|
|
|
|
ECC / ECDSA (Software)
|
|
----------------------
|
|
|
|
NuttX also provides a lightweight ECC implementation and public API in
|
|
``include/crypto/ecc.h``. It can be used for ECC key generation, ECDH shared
|
|
secret computation, and ECDSA sign/verify. Public key export is available in
|
|
compressed form (``ECC_BYTES + 1``) as well as X/Y uncompressed form.
|
|
|
|
RSA Digital Signature Operations
|
|
--------------------------------
|
|
|
|
The cryptodev module supports RSA digital signatures via the cryptokey interface:
|
|
|
|
- **CRK_RSA_PKCS15_SIGN**: Generate RSA signature with PKCS#1 v1.5 padding
|
|
- Input: message hash, private key ID
|
|
- Output: RSA signature
|
|
|
|
- **CRK_RSA_PKCS15_VERIFY**: Verify RSA signature with PKCS#1 v1.5 padding
|
|
- Input: message hash, signature, public key ID
|
|
- Output: verification result
|
|
|
|
- **CRK_RSA_PSS_SIGN**: Generate RSA signature with PSS padding
|
|
- Input: message hash, private key ID
|
|
- Output: RSA signature
|
|
|
|
- **CRK_RSA_PSS_VERIFY**: Verify RSA signature with PSS padding
|
|
- Input: message hash, signature, public key ID
|
|
- Output: verification result
|
|
|
|
Both padding schemes are supported via the cryptokey ioctl interface accessible through ``/dev/crypto``.
|
|
|
|
Key Management Operations
|
|
--------------------------
|
|
|
|
The cryptodev module provides comprehensive key management interfaces:
|
|
|
|
**Key Derivation**
|
|
|
|
- PBKDF2:
|
|
- CRYPTO_PBKDF2_HMAC_SHA1
|
|
- CRYPTO_PBKDF2_HMAC_SHA256
|
|
|
|
**Key Generation**
|
|
|
|
- CRK_GENERATE_AES_KEY: Generate AES key data with specified key ID
|
|
- Supports 128-bit, 192-bit, and 256-bit key generation
|
|
- Generates cryptographically secure random AES keys using software implementation
|
|
- Keys can be used immediately for AES encryption/decryption operations
|
|
|
|
- CRK_GENERATE_RSA_KEY: Generate RSA keypair (public and private) with specified key ID
|
|
- CRK_GENERATE_SECP256R1_KEY: Generate ECDSA keypair on SECP256R1 curve with specified key ID
|
|
- Generates P-256 elliptic curve keypairs for ECDSA operations
|
|
- Uses NuttX's lightweight ECC implementation for key generation
|
|
- Generated keys can be used for ECDSA digital signature operations
|
|
|
|
**Key Lifecycle Management**
|
|
|
|
- CRK_DELETE_KEY: Remove key with specified key ID from the driver
|
|
- CRK_SAVE_KEY: Persist key data to FLASH storage for non-volatile storage
|
|
- CRK_LOAD_KEY: Load previously saved key data from FLASH into RAM
|
|
|
|
**MTD-based Key Storage**
|
|
|
|
NuttX supports persistent key storage using MTD (Memory Technology Device):
|
|
|
|
- Keys can be saved to MTD-based storage for non-volatile persistence
|
|
- Software-based key management (swkey) provides transparent MTD integration
|
|
- Keys are automatically loaded from MTD upon system initialization
|
|
- Supports both symmetric (AES) and asymmetric (RSA, ECC) key storage
|
|
- Enables secure device configuration and credential persistence across reboots
|
|
|
|
**Cryptographic Operations Using Keys**
|
|
|
|
Once keys are allocated, generated, or imported, they can be used for:
|
|
|
|
- Symmetric encryption/decryption operations (AES)
|
|
- RSA signature generation and verification
|
|
- ECDSA digital signature operations
|
|
- Key exchange protocols
|