1fb7ef469SJerome Forissier // SPDX-License-Identifier: BSD-2-Clause 21fca7e26SJens Wiklander /* 3*b314df1fSJens Wiklander * Copyright (c) 2017-2020, Linaro Limited 41fca7e26SJens Wiklander */ 51fca7e26SJens Wiklander 661b4cd9cSJens Wiklander #include <assert.h> 761b4cd9cSJens Wiklander #include <crypto/crypto.h> 81fca7e26SJens Wiklander #include <crypto/internal_aes-gcm.h> 91fca7e26SJens Wiklander #include <string.h> 101fca7e26SJens Wiklander #include <tee_api_types.h> 111fca7e26SJens Wiklander #include <types_ext.h> 121fca7e26SJens Wiklander 13*b314df1fSJens Wiklander void internal_aes_gcm_set_key(struct internal_aes_gcm_state *state, 1454af8d67SJens Wiklander const struct internal_aes_gcm_key *ek) 151fca7e26SJens Wiklander { 16b8c186b5SJens Wiklander #ifdef CFG_AES_GCM_TABLE_BASED 17*b314df1fSJens Wiklander internal_aes_gcm_ghash_gen_tbl(&state->ghash_key, ek); 18b8c186b5SJens Wiklander #else 19*b314df1fSJens Wiklander internal_aes_gcm_encrypt_block(ek, state->ctr, 20*b314df1fSJens Wiklander state->ghash_key.hash_subkey); 21b8c186b5SJens Wiklander #endif 221fca7e26SJens Wiklander } 231fca7e26SJens Wiklander 24*b314df1fSJens Wiklander static void ghash_update_block(struct internal_aes_gcm_state *state, 25*b314df1fSJens Wiklander const void *data) 26*b314df1fSJens Wiklander { 27*b314df1fSJens Wiklander void *y = state->hash_state; 28*b314df1fSJens Wiklander 29*b314df1fSJens Wiklander internal_aes_gcm_xor_block(y, data); 30*b314df1fSJens Wiklander #ifdef CFG_AES_GCM_TABLE_BASED 31*b314df1fSJens Wiklander internal_aes_gcm_ghash_mult_tbl(&state->ghash_key, y, y); 32*b314df1fSJens Wiklander #else 33*b314df1fSJens Wiklander internal_aes_gcm_gfmul(state->ghash_key.hash_subkey, y, y); 34*b314df1fSJens Wiklander #endif 35*b314df1fSJens Wiklander } 36*b314df1fSJens Wiklander 37*b314df1fSJens Wiklander void internal_aes_gcm_ghash_update(struct internal_aes_gcm_state *state, 38b8c186b5SJens Wiklander const void *head, const void *data, 39b8c186b5SJens Wiklander size_t num_blocks) 40b8c186b5SJens Wiklander { 41*b314df1fSJens Wiklander size_t n = 0; 42b8c186b5SJens Wiklander 43b8c186b5SJens Wiklander if (head) 44*b314df1fSJens Wiklander ghash_update_block(state, head); 45b8c186b5SJens Wiklander 46b8c186b5SJens Wiklander for (n = 0; n < num_blocks; n++) 47*b314df1fSJens Wiklander ghash_update_block(state, 48*b314df1fSJens Wiklander (uint8_t *)data + n * TEE_AES_BLOCK_SIZE); 49b8c186b5SJens Wiklander } 50b8c186b5SJens Wiklander 51*b314df1fSJens Wiklander void internal_aes_gcm_encrypt_block(const struct internal_aes_gcm_key *ek, 521fca7e26SJens Wiklander const void *src, void *dst) 531fca7e26SJens Wiklander { 54e7dbc357SSummer Qin size_t ek_len = sizeof(ek->data); 55e7dbc357SSummer Qin 56e7dbc357SSummer Qin crypto_aes_enc_block(ek->data, ek_len, ek->rounds, src, dst); 5761b4cd9cSJens Wiklander } 5861b4cd9cSJens Wiklander 59*b314df1fSJens Wiklander TEE_Result internal_aes_gcm_expand_enc_key(const void *key, size_t key_len, 6054af8d67SJens Wiklander struct internal_aes_gcm_key *ek) 6161b4cd9cSJens Wiklander { 62e7dbc357SSummer Qin size_t ek_len = sizeof(ek->data); 63e7dbc357SSummer Qin 64e7dbc357SSummer Qin return crypto_aes_expand_enc_key(key, key_len, ek->data, ek_len, 65e7dbc357SSummer Qin &ek->rounds); 661fca7e26SJens Wiklander } 67