1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (C) 2019, Linaro Limited
4 * Copyright (C) 2021, Huawei Technologies Co., Ltd
5 */
6
7 #include <assert.h>
8 #include <compiler.h>
9 #include <crypto/crypto_accel.h>
10 #include <crypto/crypto.h>
11 #include <crypto/crypto_impl.h>
12 #include <mbedtls/aes.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <tee_api_types.h>
16 #include <utee_defines.h>
17 #include <util.h>
18
19 #include "mbed_helpers.h"
20
21 struct mbed_aes_ctr_ctx {
22 struct crypto_cipher_ctx ctx;
23 mbedtls_aes_context aes_ctx;
24 size_t nc_off;
25 unsigned char counter[TEE_AES_BLOCK_SIZE];
26 unsigned char block[TEE_AES_BLOCK_SIZE];
27 };
28
29 static const struct crypto_cipher_ops mbed_aes_ctr_ops;
30
to_aes_ctr_ctx(struct crypto_cipher_ctx * ctx)31 static struct mbed_aes_ctr_ctx *to_aes_ctr_ctx(struct crypto_cipher_ctx *ctx)
32 {
33 assert(ctx && ctx->ops == &mbed_aes_ctr_ops);
34
35 return container_of(ctx, struct mbed_aes_ctr_ctx, ctx);
36 }
37
mbed_aes_ctr_init(struct crypto_cipher_ctx * ctx,TEE_OperationMode mode __unused,const uint8_t * key1,size_t key1_len,const uint8_t * key2 __unused,size_t key2_len __unused,const uint8_t * iv,size_t iv_len)38 static TEE_Result mbed_aes_ctr_init(struct crypto_cipher_ctx *ctx,
39 TEE_OperationMode mode __unused,
40 const uint8_t *key1, size_t key1_len,
41 const uint8_t *key2 __unused,
42 size_t key2_len __unused,
43 const uint8_t *iv, size_t iv_len)
44 {
45 struct mbed_aes_ctr_ctx *c = to_aes_ctr_ctx(ctx);
46
47 if (iv_len != sizeof(c->counter))
48 return TEE_ERROR_BAD_PARAMETERS;
49 memcpy(c->counter, iv, sizeof(c->counter));
50
51 mbedtls_aes_init(&c->aes_ctx);
52 c->nc_off = 0;
53
54 if (mbedtls_aes_setkey_enc(&c->aes_ctx, key1, key1_len * 8))
55 return TEE_ERROR_BAD_STATE;
56
57 return TEE_SUCCESS;
58 }
59
mbed_aes_ctr_update(struct crypto_cipher_ctx * ctx,bool last_block __unused,const uint8_t * data,size_t len,uint8_t * dst)60 static TEE_Result mbed_aes_ctr_update(struct crypto_cipher_ctx *ctx,
61 bool last_block __unused,
62 const uint8_t *data, size_t len,
63 uint8_t *dst)
64 {
65 struct mbed_aes_ctr_ctx *c = to_aes_ctr_ctx(ctx);
66
67 if (mbedtls_aes_crypt_ctr(&c->aes_ctx, len, &c->nc_off, c->counter,
68 c->block, data, dst))
69 return TEE_ERROR_BAD_STATE;
70
71 return TEE_SUCCESS;
72 }
73
mbed_aes_ctr_final(struct crypto_cipher_ctx * ctx)74 static void mbed_aes_ctr_final(struct crypto_cipher_ctx *ctx)
75 {
76 struct mbed_aes_ctr_ctx *c = to_aes_ctr_ctx(ctx);
77
78 mbedtls_aes_free(&c->aes_ctx);
79 memset(c->block, 0, sizeof(c->block));
80 }
81
mbed_aes_ctr_free_ctx(struct crypto_cipher_ctx * ctx)82 static void mbed_aes_ctr_free_ctx(struct crypto_cipher_ctx *ctx)
83 {
84 free(to_aes_ctr_ctx(ctx));
85 }
86
mbed_aes_ctr_copy_state(struct crypto_cipher_ctx * dst_ctx,struct crypto_cipher_ctx * src_ctx)87 static void mbed_aes_ctr_copy_state(struct crypto_cipher_ctx *dst_ctx,
88 struct crypto_cipher_ctx *src_ctx)
89 {
90 struct mbed_aes_ctr_ctx *src = to_aes_ctr_ctx(src_ctx);
91 struct mbed_aes_ctr_ctx *dst = to_aes_ctr_ctx(dst_ctx);
92
93 memcpy(dst->counter, src->counter, sizeof(dst->counter));
94 memcpy(dst->block, src->block, sizeof(dst->block));
95 dst->nc_off = src->nc_off;
96 mbed_copy_mbedtls_aes_context(&dst->aes_ctx, &src->aes_ctx);
97 }
98
99 static const struct crypto_cipher_ops mbed_aes_ctr_ops = {
100 .init = mbed_aes_ctr_init,
101 .update = mbed_aes_ctr_update,
102 .final = mbed_aes_ctr_final,
103 .free_ctx = mbed_aes_ctr_free_ctx,
104 .copy_state = mbed_aes_ctr_copy_state,
105 };
106
crypto_aes_ctr_alloc_ctx(struct crypto_cipher_ctx ** ctx_ret)107 TEE_Result crypto_aes_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx_ret)
108 {
109 struct mbed_aes_ctr_ctx *c = NULL;
110
111 c = calloc(1, sizeof(*c));
112 if (!c)
113 return TEE_ERROR_OUT_OF_MEMORY;
114
115 c->ctx.ops = &mbed_aes_ctr_ops;
116 *ctx_ret = &c->ctx;
117
118 return TEE_SUCCESS;
119 }
120
121 #if defined(MBEDTLS_AES_ALT)
next_ctr(unsigned char stream_block[16],mbedtls_aes_context * ctx,unsigned char nonce_counter[16])122 static void next_ctr(unsigned char stream_block[16], mbedtls_aes_context *ctx,
123 unsigned char nonce_counter[16])
124 {
125 const unsigned char zeroes[16] = { 0 };
126
127 crypto_accel_aes_ctr_be_enc(stream_block, zeroes, ctx->key,
128 ctx->round_count, 1, nonce_counter);
129 }
130
mbedtls_aes_crypt_ctr(mbedtls_aes_context * ctx,size_t length,size_t * nc_off,unsigned char nonce_counter[16],unsigned char stream_block[16],const unsigned char * input,unsigned char * output)131 int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, size_t length,
132 size_t *nc_off, unsigned char nonce_counter[16],
133 unsigned char stream_block[16],
134 const unsigned char *input, unsigned char *output)
135 {
136 size_t offs = 0;
137
138 if (*nc_off >= 16)
139 return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
140
141 /*
142 * If the stream_block is in use, continue until done or
143 * stream_block is consumed.
144 */
145 while (*nc_off) {
146 output[offs] = stream_block[*nc_off] ^ input[offs];
147 offs++;
148 *nc_off = (*nc_off + 1) % 16;
149 if (offs == length)
150 return 0;
151 }
152
153 if ((length - offs) >= 16) {
154 size_t block_count = (length - offs) / 16;
155
156 crypto_accel_aes_ctr_be_enc(output + offs, input + offs,
157 ctx->key, ctx->round_count,
158 block_count, nonce_counter);
159 offs += block_count * 16;
160 }
161
162 while (offs < length) {
163 if (!*nc_off)
164 next_ctr(stream_block, ctx, nonce_counter);
165 output[offs] = stream_block[*nc_off] ^ input[offs];
166 offs++;
167 *nc_off = (*nc_off + 1) % 16;
168 }
169
170 return 0;
171 }
172 #endif /*MBEDTLS_AES_ALT*/
173