xref: /optee_os/core/include/crypto/internal_aes-gcm.h (revision 8f848cdb03b809e96ccec8ecce1231f265ad7c02) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2017-2020, Linaro Limited
4  *
5  */
6 
7 #ifndef __CRYPTO_INTERNAL_AES_GCM_H
8 #define __CRYPTO_INTERNAL_AES_GCM_H
9 
10 #include <assert.h>
11 #include <tee_api_types.h>
12 #include <utee_defines.h>
13 #include <util.h>
14 
15 #ifdef CFG_CRYPTO_WITH_CE
16 #include <crypto/ghash-ce-core.h>
17 #else
18 struct internal_ghash_key {
19 #ifdef CFG_AES_GCM_TABLE_BASED
20 	uint64_t HL[16];
21 	uint64_t HH[16];
22 #else
23 	uint64_t hash_subkey[2];
24 #endif
25 };
26 #endif
27 
28 struct internal_aes_gcm_key {
29 	/* AES (CTR) encryption key and number of rounds */
30 	uint64_t data[30];
31 	unsigned int rounds;
32 };
33 
34 struct internal_aes_gcm_state {
35 	uint64_t ctr[2];
36 
37 	struct internal_ghash_key ghash_key;
38 	uint8_t hash_state[TEE_AES_BLOCK_SIZE];
39 
40 	uint8_t buf_tag[TEE_AES_BLOCK_SIZE];
41 	uint8_t buf_hash[TEE_AES_BLOCK_SIZE];
42 	uint8_t buf_cryp[TEE_AES_BLOCK_SIZE];
43 
44 	unsigned int tag_len;
45 	unsigned int aad_bytes;
46 	unsigned int payload_bytes;
47 	unsigned int buf_pos;
48 };
49 
50 struct internal_aes_gcm_ctx {
51 	struct internal_aes_gcm_state state;
52 	struct internal_aes_gcm_key key;
53 };
54 
55 TEE_Result internal_aes_gcm_init(struct internal_aes_gcm_ctx *ctx,
56 				 TEE_OperationMode mode, const void *key,
57 				 size_t key_len, const void *nonce,
58 				 size_t nonce_len, size_t tag_len);
59 TEE_Result internal_aes_gcm_update_aad(struct internal_aes_gcm_ctx *ctx,
60 				       const void *data, size_t len);
61 TEE_Result internal_aes_gcm_update_payload(struct internal_aes_gcm_ctx *ctx,
62 					   TEE_OperationMode mode,
63 					   const void *src, size_t len,
64 					   void *dst);
65 TEE_Result internal_aes_gcm_enc_final(struct internal_aes_gcm_ctx *ctx,
66 				      const void *src, size_t len, void *dst,
67 				      void *tag, size_t *tag_len);
68 TEE_Result internal_aes_gcm_dec_final(struct internal_aes_gcm_ctx *ctx,
69 				      const void *src, size_t len, void *dst,
70 				      const void *tag, size_t tag_len);
71 
72 void internal_aes_gcm_inc_ctr(struct internal_aes_gcm_state *state);
73 
74 TEE_Result internal_aes_gcm_enc(const struct internal_aes_gcm_key *enc_key,
75 				const void *nonce, size_t nonce_len,
76 				const void *aad, size_t aad_len,
77 				const void *src, size_t len, void *dst,
78 				void *tag, size_t *tag_len);
79 
80 TEE_Result internal_aes_gcm_dec(const struct internal_aes_gcm_key *enc_key,
81 				const void *nonce, size_t nonce_len,
82 				const void *aad, size_t aad_len,
83 				const void *src, size_t len, void *dst,
84 				const void *tag, size_t tag_len);
85 
86 TEE_Result
87 internal_aes_gcm_expand_enc_key(const void *key, size_t key_len,
88 				struct internal_aes_gcm_key *enc_key);
89 
90 void internal_aes_gcm_gfmul(const uint64_t X[2], const uint64_t Y[2],
91 			    uint64_t product[2]);
92 
93 void internal_aes_gcm_encrypt_block(struct internal_aes_gcm_state *state,
94 				    const struct internal_aes_gcm_key *enc_key,
95 				    const uint64_t src[2], uint64_t dst[2]);
96 void internal_aes_gcm_decrypt_block(struct internal_aes_gcm_state *state,
97 				    const struct internal_aes_gcm_key *enc_key,
98 				    const uint64_t src[2], uint64_t dst[2]);
99 
100 static inline void internal_aes_gcm_xor_block(void *dst, const void *src)
101 {
102 	uint64_t *d = dst;
103 	const uint64_t *s = src;
104 
105 	assert(ALIGNMENT_IS_OK(dst, uint64_t));
106 	assert(ALIGNMENT_IS_OK(src, uint64_t));
107 
108 	d[0] ^= s[0];
109 	d[1] ^= s[1];
110 }
111 
112 static inline bool internal_aes_gcm_ptr_is_block_aligned(const void *p)
113 {
114 	return !((vaddr_t)p & (TEE_AES_BLOCK_SIZE - 1));
115 }
116 
117 #ifdef CFG_AES_GCM_TABLE_BASED
118 void internal_aes_gcm_ghash_gen_tbl(struct internal_ghash_key *ghash_key,
119 				    const struct internal_aes_gcm_key *enc_key);
120 void internal_aes_gcm_ghash_mult_tbl(struct internal_ghash_key *ghash_key,
121 				     const unsigned char x[16],
122 				     unsigned char output[16]);
123 #endif
124 
125 /*
126  * Must be implemented in core/arch/arm/crypto/ if CFG_CRYPTO_WITH_CE=y
127  */
128 void internal_aes_gcm_set_key(struct internal_aes_gcm_state *state,
129 			      const struct internal_aes_gcm_key *enc_key);
130 
131 void internal_aes_gcm_ghash_update(struct internal_aes_gcm_state *state,
132 				   const void *head, const void *data,
133 				   size_t num_blocks);
134 /*
135  * Internal weak function that can be overridden with hardware specific
136  * implementation.
137  */
138 void
139 internal_aes_gcm_update_payload_blocks(struct internal_aes_gcm_state *state,
140 				       const struct internal_aes_gcm_key *ek,
141 				       TEE_OperationMode mode, const void *src,
142 				       size_t num_blocks, void *dst);
143 
144 #endif /*__CRYPTO_INTERNAL_AES_GCM_H*/
145