include/crypto/internal_aes-gcm.h

/* SPDX-License-Identifier: BSD-2-Clause */
/*
 * Copyright (c) 2017, Linaro Limited
 *
 */

#ifndef __CRYPTO_INTERNAL_AES_GCM_H
#define __CRYPTO_INTERNAL_AES_GCM_H

#include <tee_api_types.h>
#include <utee_defines.h>

struct internal_aes_gcm_key {
	/* AES (CTR) encryption key and number of rounds */
	uint64_t data[30];
	unsigned int rounds;
};

struct internal_aes_gcm_state {
	uint64_t ctr[2];

#ifdef CFG_AES_GCM_TABLE_BASED
	uint64_t HL[16];
	uint64_t HH[16];
#else
	uint8_t hash_subkey[TEE_AES_BLOCK_SIZE];
#endif
	uint8_t hash_state[TEE_AES_BLOCK_SIZE];

	uint8_t buf_tag[TEE_AES_BLOCK_SIZE];
	uint8_t buf_hash[TEE_AES_BLOCK_SIZE];
	uint8_t buf_cryp[TEE_AES_BLOCK_SIZE];

	unsigned int tag_len;
	unsigned int aad_bytes;
	unsigned int payload_bytes;
	unsigned int buf_pos;
};

struct internal_aes_gcm_ctx {
	struct internal_aes_gcm_state state;
	struct internal_aes_gcm_key key;
};

TEE_Result internal_aes_gcm_init(struct internal_aes_gcm_ctx *ctx,
				 TEE_OperationMode mode, const void *key,
				 size_t key_len, const void *nonce,
				 size_t nonce_len, size_t tag_len);
TEE_Result internal_aes_gcm_update_aad(struct internal_aes_gcm_ctx *ctx,
				       const void *data, size_t len);
TEE_Result internal_aes_gcm_update_payload(struct internal_aes_gcm_ctx *ctx,
					   TEE_OperationMode mode,
					   const void *src, size_t len,
					   void *dst);
TEE_Result internal_aes_gcm_enc_final(struct internal_aes_gcm_ctx *ctx,
				      const void *src, size_t len, void *dst,
				      void *tag, size_t *tag_len);
TEE_Result internal_aes_gcm_dec_final(struct internal_aes_gcm_ctx *ctx,
				      const void *src, size_t len, void *dst,
				      const void *tag, size_t tag_len);

void internal_aes_gcm_inc_ctr(struct internal_aes_gcm_state *state);

TEE_Result internal_aes_gcm_enc(const struct internal_aes_gcm_key *enc_key,
				const void *nonce, size_t nonce_len,
				const void *aad, size_t aad_len,
				const void *src, size_t len, void *dst,
				void *tag, size_t *tag_len);

TEE_Result internal_aes_gcm_dec(const struct internal_aes_gcm_key *enc_key,
				const void *nonce, size_t nonce_len,
				const void *aad, size_t aad_len,
				const void *src, size_t len, void *dst,
				const void *tag, size_t tag_len);

TEE_Result
internal_aes_gcm_expand_enc_key(const void *key, size_t key_len,
				struct internal_aes_gcm_key *enc_key);

/*
 * Internal weak functions that can be overridden with hardware specific
 * implementations.
 */
void internal_aes_gcm_set_key(struct internal_aes_gcm_state *state,
			      const struct internal_aes_gcm_key *enc_key);

void internal_aes_gcm_ghash_update(struct internal_aes_gcm_state *state,
				   const void *head, const void *data,
				   size_t num_blocks);

void internal_aes_gcm_update_payload_block_aligned(
				struct internal_aes_gcm_state *state,
				const struct internal_aes_gcm_key *enc_key,
				TEE_OperationMode mode, const void *src,
				size_t num_blocks, void *dst);


void internal_aes_gcm_encrypt_block(const struct internal_aes_gcm_key *enc_key,
				    const void *src, void *dst);
#endif /*__CRYPTO_INTERNAL_AES_GCM_H*/