embedded-crypto

What this skill does

# Embedded Cryptographic Operations Skill

Expert skill for cryptographic operations in embedded systems. Provides expertise in hardware crypto accelerators, secure key storage, TrustZone configuration, and security best practices.

## Overview

The Embedded Crypto skill enables secure cryptographic implementation in embedded systems:
- Hardware crypto accelerator usage
- AES/SHA/ECC implementation
- Secure key storage configuration
- TrustZone configuration (Cortex-M33/M55)
- Secure boot chain implementation
- Certificate management
- Random number generation (TRNG)
- Side-channel attack mitigation

## Capabilities

### 1. Hardware Crypto Accelerator Integration

Leverage hardware acceleration for cryptographic operations:

```c
/**
 * @brief Initialize hardware crypto accelerator
 *
 * Enables clock and configures the crypto peripheral for
 * accelerated AES, SHA, and random number generation.
 *
 * @return CRYPTO_OK on success
 */
crypto_status_t crypto_hw_init(void)
{
    // Enable peripheral clock
    RCC->AHB2ENR |= RCC_AHB2ENR_CRYPTEN;

    // Enable AES, SHA, and RNG modules
    CRYP->CR = CRYP_CR_ALGODIR | CRYP_CR_ALGOMODE_AES_CBC;

    // Configure for interrupt or DMA mode
    CRYP->CR |= CRYP_CR_CRYPEN;

    return CRYPTO_OK;
}

/**
 * @brief Hardware-accelerated AES-128 CBC encryption
 *
 * @param[in]  key        128-bit encryption key
 * @param[in]  iv         128-bit initialization vector
 * @param[in]  plaintext  Data to encrypt
 * @param[out] ciphertext Encrypted output
 * @param[in]  length     Data length (must be multiple of 16)
 *
 * @return CRYPTO_OK on success
 */
crypto_status_t crypto_aes128_cbc_encrypt(
    const uint8_t key[16],
    const uint8_t iv[16],
    const uint8_t *plaintext,
    uint8_t *ciphertext,
    size_t length
);
```

### 2. Secure Key Storage

Configure secure key storage mechanisms:

```c
/**
 * @brief Key storage locations and protection levels
 */
typedef enum {
    KEY_STORAGE_RAM,          // Volatile, cleared on reset
    KEY_STORAGE_OTP,          // One-time programmable fuses
    KEY_STORAGE_SECURE_FLASH, // Encrypted flash with RDP
    KEY_STORAGE_TRUSTZONE,    // TrustZone secure region
    KEY_STORAGE_HSM,          // External secure element
} key_storage_t;

/**
 * @brief Key attributes for secure storage
 */
typedef struct {
    uint32_t id;              // Key identifier
    key_storage_t location;   // Storage location
    uint32_t algorithm;       // Key algorithm (AES, ECC, etc.)
    uint16_t bits;            // Key size in bits
    uint32_t usage;           // Allowed operations (encrypt, sign, etc.)
    uint32_t lifetime;        // Persistent or volatile
    uint8_t exportable;       // Can key be exported
} key_attributes_t;

/**
 * @brief Import key into secure storage
 *
 * @param[in]  attributes  Key attributes
 * @param[in]  data        Key material
 * @param[in]  length      Key length
 * @param[out] key_id      Assigned key ID
 *
 * @return CRYPTO_OK on success
 */
crypto_status_t secure_key_import(
    const key_attributes_t *attributes,
    const uint8_t *data,
    size_t length,
    uint32_t *key_id
);
```

### 3. TrustZone Configuration (ARMv8-M)

Configure TrustZone for secure/non-secure separation:

```c
/**
 * @brief TrustZone memory region configuration
 *
 * Memory Map with TrustZone:
 *
 * Address Range       | Security | Purpose
 * --------------------|----------|------------------
 * 0x00000000-0x0001FFFF | Secure  | Secure bootloader
 * 0x00020000-0x0007FFFF | NS      | Non-secure app
 * 0x10000000-0x1000FFFF | Secure  | Secure code/data
 * 0x20000000-0x20007FFF | Secure  | Secure RAM
 * 0x20008000-0x2001FFFF | NS      | Non-secure RAM
 * 0x40000000-0x4FFFFFFF | NS-call | Peripherals (SAU)
 */

/**
 * @brief Configure SAU regions for TrustZone
 */
void sau_configure(void)
{
    // Region 0: Non-secure flash (application)
    SAU->RNR = 0;
    SAU->RBAR = 0x00020000U;  // Base address
    SAU->RLAR = 0x0007FFFFU | SAU_RLAR_ENABLE_Msk;  // Non-secure

    // Region 1: Non-secure RAM
    SAU->RNR = 1;
    SAU->RBAR = 0x20008000U;
    SAU->RLAR = 0x2001FFFFU | SAU_RLAR_ENABLE_Msk;

    // Region 2: Non-secure callable (NSC) for secure API
    SAU->RNR = 2;
    SAU->RBAR = 0x0001F000U;
    SAU->RLAR = 0x0001FFFFU | SAU_RLAR_NSC_Msk | SAU_RLAR_ENABLE_Msk;

    // Enable SAU
    SAU->CTRL = SAU_CTRL_ENABLE_Msk;
}

/**
 * @brief Secure function exposed to non-secure world
 *
 * @note Function must be in NSC region
 */
__attribute__((cmse_nonsecure_entry))
int32_t secure_encrypt(uint8_t *data, size_t length)
{
    // Validate non-secure pointer
    if (cmse_check_address_range(data, length, CMSE_AU_NONSECURE) == NULL) {
        return CRYPTO_ERR_INVALID_PARAM;
    }

    // Perform encryption in secure world
    return crypto_aes128_encrypt_internal(data, length);
}
```

### 4. True Random Number Generation

Implement secure random number generation:

```c
/**
 * @brief Initialize hardware TRNG
 *
 * Configures the true random number generator with
 * health tests and conditioning.
 *
 * @return CRYPTO_OK on success, error if health test fails
 */
crypto_status_t trng_init(void)
{
    // Enable RNG clock
    RCC->AHB2ENR |= RCC_AHB2ENR_RNGEN;

    // Configure health tests
    RNG->CR |= RNG_CR_CED;  // Clock error detection
    RNG->CR |= RNG_CR_RNG_CONFIG3;  // Conditioning

    // Enable RNG
    RNG->CR |= RNG_CR_RNGEN;

    // Wait for first random number and verify
    if (!trng_health_test()) {
        return CRYPTO_ERR_HEALTH_TEST;
    }

    return CRYPTO_OK;
}

/**
 * @brief Generate cryptographically secure random bytes
 *
 * @param[out] output  Buffer to fill with random data
 * @param[in]  length  Number of random bytes to generate
 *
 * @return CRYPTO_OK on success
 *
 * @note Blocks until sufficient entropy available
 */
crypto_status_t trng_generate(uint8_t *output, size_t length);
```

### 5. Certificate Management

Handle X.509 certificates for device identity:

```c
/**
 * @brief Device certificate chain
 *
 * Chain structure:
 * 1. Device certificate (leaf)
 * 2. Intermediate CA certificate
 * 3. Root CA certificate (optional, often trusted by peer)
 */
typedef struct {
    uint8_t *device_cert;
    size_t device_cert_len;
    uint8_t *intermediate_cert;
    size_t intermediate_cert_len;
    uint8_t *root_cert;
    size_t root_cert_len;
} cert_chain_t;

/**
 * @brief Verify certificate chain validity
 *
 * @param[in] chain     Certificate chain to verify
 * @param[in] trusted   Trusted root certificates
 *
 * @return CRYPTO_OK if valid, error code otherwise
 */
crypto_status_t cert_verify_chain(
    const cert_chain_t *chain,
    const cert_store_t *trusted
);

/**
 * @brief Extract public key from certificate
 *
 * @param[in]  cert      DER-encoded certificate
 * @param[in]  cert_len  Certificate length
 * @param[out] pubkey    Extracted public key
 *
 * @return CRYPTO_OK on success
 */
crypto_status_t cert_get_public_key(
    const uint8_t *cert,
    size_t cert_len,
    public_key_t *pubkey
);
```

### 6. Side-Channel Attack Mitigation

Implement countermeasures against side-channel attacks:

```c
/**
 * @brief Side-channel resistant comparison
 *
 * Compares two buffers in constant time to prevent
 * timing attacks.
 *
 * @param[in] a       First buffer
 * @param[in] b       Second buffer
 * @param[in] length  Number of bytes to compare
 *
 * @return 0 if equal, non-zero otherwise
 */
int crypto_compare_constant_time(
    const uint8_t *a,
    const uint8_t *b,
    size_t length
)
{
    uint8_t result = 0;
    for (size_t i = 0; i < length; i++) {
        result |= a[i] ^ b[i];
    }
    return result;
}

/**
 * @brief AES with masking countermeasure
 *
 * Applies random masking to intermediate values
 * to protect against DPA attacks.
 */
typedef struct {
    uint8_t key_masked[16];
    uint8_t mask[16];
    uint8_t state_mask[16];
} aes_masked_ctx_t;

/**
 * @brief Initialize AES with random mask
 */
crypto_status_t aes_masked_init(
    aes_masked_ct