Crypto API Subsystem

Overview

The NuttX Crypto API subsystem provides a unified interface for cryptographic operations, supporting various encryption, decryption, hashing, and authentication algorithms. The subsystem abstracts hardware and software crypto implementations through a common interface.

Supported Algorithms

Symmetric Encryption Algorithms

AES (Advanced Encryption Standard)

• AES-CBC Mode: - CRYPTO_AES_CBC (128-bit key size) - CRYPTO_AES_192_CBC (192-bit key size) - CRYPTO_AES_256_CBC (256-bit key size)

• AES-CTR Mode (Counter mode): - CRYPTO_AES_CTR

• AES-XTS Mode (XEX-based Tweaked CodeBook): - CRYPTO_AES_XTS

• AES-GCM Mode (Galois/Counter Mode): - CRYPTO_AES_GCM_16

• AES-OFB Mode (Output Feedback): - CRYPTO_AES_OFB

• AES-CFB Mode (Cipher Feedback): - CRYPTO_AES_CFB_8 (8-bit) - CRYPTO_AES_CFB_128 (128-bit)

Other Block Cipher Modes

• Blowfish (BLF): - CRYPTO_BLF_CBC

• CAST (CAST-128): - CRYPTO_CAST_CBC

• Rijndael (128-bit): - CRYPTO_RIJNDAEL128_CBC

• Null (No encryption): - CRYPTO_NULL

Authentication and Hashing Algorithms

HMAC (Hash-based Message Authentication Code)

• MD5-HMAC: - CRYPTO_MD5_HMAC

• SHA-1 HMAC: - CRYPTO_SHA1_HMAC

• SHA-2 HMAC: - CRYPTO_SHA2_256_HMAC (256-bit) - CRYPTO_SHA2_384_HMAC (384-bit) - CRYPTO_SHA2_512_HMAC (512-bit)

Hash Functions

• MD5: - CRYPTO_MD5

• SHA-1: - CRYPTO_SHA1

• SHA-2: - CRYPTO_SHA2_224 (224-bit) - CRYPTO_SHA2_256 (256-bit) - CRYPTO_SHA2_384 (384-bit) - CRYPTO_SHA2_512 (512-bit)

• RIPEMD-160: - CRYPTO_RIPEMD160 (as hash function) - CRYPTO_RIPEMD160_HMAC

Message Authentication Codes

• AES-GMAC (Galois Message Authentication Code): - CRYPTO_AES_128_GMAC (128-bit key) - CRYPTO_AES_192_GMAC (192-bit key) - CRYPTO_AES_256_GMAC (256-bit key) - CRYPTO_AES_GMAC (generic)

• AES-CMAC (Cipher-based Message Authentication Code): - CRYPTO_AES_CMAC - CRYPTO_AES_128_CMAC (128-bit)

• Poly1305: - CRYPTO_POLY1305 - CRYPTO_CHACHA20_POLY1305 - CRYPTO_CHACHA20_POLY1305_MAC

Stream Ciphers

• ChaCha20: - CRYPTO_CHACHA20_POLY1305 (with Poly1305 MAC)

Integrity and Checksums

• CRC-32: - CRYPTO_CRC32

• Extended Sequence Numbers (ESN): - CRYPTO_ESN

Compression

• Deflate Compression: - CRYPTO_DEFLATE_COMP

Usage

The Crypto API is accessed through the cryptodev interface, which provides ioctl commands for initializing cryptographic sessions and performing operations.

Basic Usage Pattern

1. Open the cryptodev device (/dev/crypto)

2. Initialize a cryptographic session with desired algorithm

3. Submit crypto operations (encrypt/decrypt/hash)

4. Close the session when done

For more details, refer to the cryptodev.h header file and specific driver documentation.

Asymmetric Cryptography

Public Key Algorithms

RSA (Rivest-Shamir-Adleman)

• RSA key pair generation for variable key sizes

• Digital signature generation and verification with multiple padding schemes: - PKCS#1 v1.5 padding (CRK_RSA_PKCS15_SIGN, CRK_RSA_PKCS15_VERIFY) - PSS (Probabilistic Signature Scheme) padding (CRK_RSA_PSS_SIGN, CRK_RSA_PSS_VERIFY)

• Public key encryption and decryption

• RSA operations accessible via /dev/crypto cryptodev interface

ECDSA (Elliptic Curve Digital Signature Algorithm)

• ECDSA key pair generation for different curves

• Digital signature generation and verification

ECC / ECDSA (Software)

NuttX also provides a lightweight ECC implementation and public API in include/crypto/ecc.h. It can be used for ECC key generation, ECDH shared secret computation, and ECDSA sign/verify. Public key export is available in compressed form (ECC_BYTES + 1) as well as X/Y uncompressed form.

RSA Digital Signature Operations

The cryptodev module supports RSA digital signatures via the cryptokey interface:

• CRK_RSA_PKCS15_SIGN: Generate RSA signature with PKCS#1 v1.5 padding - Input: message hash, private key ID - Output: RSA signature

• CRK_RSA_PKCS15_VERIFY: Verify RSA signature with PKCS#1 v1.5 padding - Input: message hash, signature, public key ID - Output: verification result

• CRK_RSA_PSS_SIGN: Generate RSA signature with PSS padding - Input: message hash, private key ID - Output: RSA signature

• CRK_RSA_PSS_VERIFY: Verify RSA signature with PSS padding - Input: message hash, signature, public key ID - Output: verification result

Both padding schemes are supported via the cryptokey ioctl interface accessible through /dev/crypto.

Key Management Operations

The cryptodev module provides comprehensive key management interfaces:

Key Generation

• CRK_GENERATE_AES_KEY: Generate AES key data with specified key ID - Supports 128-bit, 192-bit, and 256-bit key generation - Generates cryptographically secure random AES keys using software implementation - Keys can be used immediately for AES encryption/decryption operations

• CRK_GENERATE_RSA_KEY: Generate RSA keypair (public and private) with specified key ID

• CRK_GENERATE_SECP256R1_KEY: Generate ECDSA keypair on SECP256R1 curve with specified key ID - Generates P-256 elliptic curve keypairs for ECDSA operations - Uses NuttX’s lightweight ECC implementation for key generation - Generated keys can be used for ECDSA digital signature operations

Key Lifecycle Management

• CRK_DELETE_KEY: Remove key with specified key ID from the driver

• CRK_SAVE_KEY: Persist key data to FLASH storage for non-volatile storage

• CRK_LOAD_KEY: Load previously saved key data from FLASH into RAM

MTD-based Key Storage

NuttX supports persistent key storage using MTD (Memory Technology Device):

• Keys can be saved to MTD-based storage for non-volatile persistence

• Software-based key management (swkey) provides transparent MTD integration

• Keys are automatically loaded from MTD upon system initialization

• Supports both symmetric (AES) and asymmetric (RSA, ECC) key storage

• Enables secure device configuration and credential persistence across reboots

Cryptographic Operations Using Keys

Once keys are allocated, generated, or imported, they can be used for:

• Symmetric encryption/decryption operations (AES)

• RSA signature generation and verification

• ECDSA digital signature operations

• Key exchange protocols