xref: /optee_os/core/crypto/aes-gcm-sw.c (revision 4f6d71606482a7cc346546de5b6be277985650f6) 
1fb7ef469SJerome Forissier // SPDX-License-Identifier: BSD-2-Clause
21fca7e26SJens Wiklander /*
3b314df1fSJens Wiklander  * Copyright (c) 2017-2020, Linaro Limited
41fca7e26SJens Wiklander  */
51fca7e26SJens Wiklander 
661b4cd9cSJens Wiklander #include <assert.h>
761b4cd9cSJens Wiklander #include <crypto/crypto.h>
81fca7e26SJens Wiklander #include <crypto/internal_aes-gcm.h>
91fca7e26SJens Wiklander #include <string.h>
101fca7e26SJens Wiklander #include <tee_api_types.h>
111fca7e26SJens Wiklander #include <types_ext.h>
121fca7e26SJens Wiklander 
13b314df1fSJens Wiklander void internal_aes_gcm_set_key(struct internal_aes_gcm_state *state,
1454af8d67SJens Wiklander 			      const struct internal_aes_gcm_key *ek)
151fca7e26SJens Wiklander {
16b8c186b5SJens Wiklander #ifdef CFG_AES_GCM_TABLE_BASED
17b314df1fSJens Wiklander 	internal_aes_gcm_ghash_gen_tbl(&state->ghash_key, ek);
18b8c186b5SJens Wiklander #else
19*4f6d7160SJens Wiklander 	crypto_aes_enc_block(ek->data, sizeof(ek->data), ek->rounds,
20*4f6d7160SJens Wiklander 			     state->ctr, state->ghash_key.hash_subkey);
21b8c186b5SJens Wiklander #endif
221fca7e26SJens Wiklander }
231fca7e26SJens Wiklander 
24b314df1fSJens Wiklander static void ghash_update_block(struct internal_aes_gcm_state *state,
25b314df1fSJens Wiklander 			       const void *data)
26b314df1fSJens Wiklander {
27b314df1fSJens Wiklander 	void *y = state->hash_state;
28b314df1fSJens Wiklander 
29b314df1fSJens Wiklander 	internal_aes_gcm_xor_block(y, data);
30b314df1fSJens Wiklander #ifdef CFG_AES_GCM_TABLE_BASED
31b314df1fSJens Wiklander 	internal_aes_gcm_ghash_mult_tbl(&state->ghash_key, y, y);
32b314df1fSJens Wiklander #else
33b314df1fSJens Wiklander 	internal_aes_gcm_gfmul(state->ghash_key.hash_subkey, y, y);
34b314df1fSJens Wiklander #endif
35b314df1fSJens Wiklander }
36b314df1fSJens Wiklander 
37b314df1fSJens Wiklander void internal_aes_gcm_ghash_update(struct internal_aes_gcm_state *state,
38b8c186b5SJens Wiklander 				   const void *head, const void *data,
39b8c186b5SJens Wiklander 				   size_t num_blocks)
40b8c186b5SJens Wiklander {
41b314df1fSJens Wiklander 	size_t n = 0;
42b8c186b5SJens Wiklander 
43b8c186b5SJens Wiklander 	if (head)
44b314df1fSJens Wiklander 		ghash_update_block(state, head);
45b8c186b5SJens Wiklander 
46b8c186b5SJens Wiklander 	for (n = 0; n < num_blocks; n++)
47b314df1fSJens Wiklander 		ghash_update_block(state,
48b314df1fSJens Wiklander 				   (uint8_t *)data + n * TEE_AES_BLOCK_SIZE);
49b8c186b5SJens Wiklander }
50b8c186b5SJens Wiklander 
51b314df1fSJens Wiklander TEE_Result internal_aes_gcm_expand_enc_key(const void *key, size_t key_len,
5254af8d67SJens Wiklander 					   struct internal_aes_gcm_key *ek)
5361b4cd9cSJens Wiklander {
54e7dbc357SSummer Qin 	size_t ek_len = sizeof(ek->data);
55e7dbc357SSummer Qin 
56e7dbc357SSummer Qin 	return crypto_aes_expand_enc_key(key, key_len, ek->data, ek_len,
57e7dbc357SSummer Qin 					&ek->rounds);
581fca7e26SJens Wiklander }
59