xref: /optee_os/core/crypto/aes-gcm-sw.c (revision 5a913ee74d3c71af2a2860ce8a4e7aeab2916f9b) 
1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (c) 2017, Linaro Limited
4  */
5 
6 #include <assert.h>
7 #include <crypto/crypto.h>
8 #include <crypto/internal_aes-gcm.h>
9 #include <string.h>
10 #include <tee_api_types.h>
11 #include <types_ext.h>
12 
13 #include "aes-gcm-private.h"
14 
15 void __weak internal_aes_gcm_set_key(struct internal_aes_gcm_state *state,
16 				     const struct internal_aes_gcm_key *ek)
17 {
18 #ifdef CFG_AES_GCM_TABLE_BASED
19 	internal_aes_gcm_ghash_gen_tbl(state, ek);
20 #else
21 	internal_aes_gcm_encrypt_block(ek, state->ctr, state->hash_subkey);
22 #endif
23 }
24 
25 void __weak internal_aes_gcm_ghash_update(struct internal_aes_gcm_state *state,
26 					  const void *head, const void *data,
27 					  size_t num_blocks)
28 {
29 	size_t n;
30 
31 	if (head)
32 		internal_aes_gcm_ghash_update_block(state, head);
33 
34 	for (n = 0; n < num_blocks; n++)
35 		internal_aes_gcm_ghash_update_block(state, (uint8_t *)data +
36 						    n * TEE_AES_BLOCK_SIZE);
37 }
38 
39 void __weak
40 internal_aes_gcm_update_payload_block_aligned(
41 				struct internal_aes_gcm_state *state,
42 				const struct internal_aes_gcm_key *ek,
43 				TEE_OperationMode m, const void *src,
44 				size_t num_blocks, void *dst)
45 {
46 	size_t n;
47 	const uint8_t *s = src;
48 	uint8_t *d = dst;
49 	void *ctr = state->ctr;
50 	void *buf_cryp = state->buf_cryp;
51 
52 	assert(!state->buf_pos && num_blocks &&
53 	       internal_aes_gcm_ptr_is_block_aligned(s) &&
54 	       internal_aes_gcm_ptr_is_block_aligned(d));
55 
56 	for (n = 0; n < num_blocks; n++) {
57 		if (m == TEE_MODE_ENCRYPT) {
58 			internal_aes_gcm_xor_block(buf_cryp, s);
59 			internal_aes_gcm_ghash_update(state, buf_cryp, NULL, 0);
60 			memcpy(d, buf_cryp, sizeof(state->buf_cryp));
61 
62 			internal_aes_gcm_encrypt_block(ek, ctr, buf_cryp);
63 			internal_aes_gcm_inc_ctr(state);
64 		} else {
65 			internal_aes_gcm_encrypt_block(ek, ctr, buf_cryp);
66 
67 			internal_aes_gcm_xor_block(buf_cryp, s);
68 			internal_aes_gcm_ghash_update(state, s, NULL, 0);
69 			memcpy(d, buf_cryp, sizeof(state->buf_cryp));
70 
71 			internal_aes_gcm_inc_ctr(state);
72 		}
73 		s += TEE_AES_BLOCK_SIZE;
74 		d += TEE_AES_BLOCK_SIZE;
75 	}
76 }
77 
78 void __weak
79 internal_aes_gcm_encrypt_block(const struct internal_aes_gcm_key *ek,
80 			       const void *src, void *dst)
81 {
82 	size_t ek_len = sizeof(ek->data);
83 
84 	crypto_aes_enc_block(ek->data, ek_len, ek->rounds, src, dst);
85 }
86 
87 TEE_Result __weak
88 internal_aes_gcm_expand_enc_key(const void *key, size_t key_len,
89 				struct internal_aes_gcm_key *ek)
90 {
91 	size_t ek_len = sizeof(ek->data);
92 
93 	return crypto_aes_expand_enc_key(key, key_len, ek->data, ek_len,
94 					&ek->rounds);
95 }
96