1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (C) 2019, Linaro Limited 4 * Copyright (C) 2021, Huawei Technologies Co., Ltd 5 */ 6 7 #include <assert.h> 8 #include <compiler.h> 9 #include <crypto/crypto_accel.h> 10 #include <crypto/crypto.h> 11 #include <crypto/crypto_impl.h> 12 #include <mbedtls/aes.h> 13 #include <stdlib.h> 14 #include <string.h> 15 #include <tee_api_types.h> 16 #include <utee_defines.h> 17 #include <util.h> 18 19 #include "mbed_helpers.h" 20 21 struct mbed_aes_cbc_ctx { 22 struct crypto_cipher_ctx ctx; 23 int mbed_mode; 24 mbedtls_aes_context aes_ctx; 25 unsigned char iv[TEE_AES_BLOCK_SIZE]; 26 }; 27 28 static const struct crypto_cipher_ops mbed_aes_cbc_ops; 29 30 static struct mbed_aes_cbc_ctx *to_aes_cbc_ctx(struct crypto_cipher_ctx *ctx) 31 { 32 assert(ctx && ctx->ops == &mbed_aes_cbc_ops); 33 34 return container_of(ctx, struct mbed_aes_cbc_ctx, ctx); 35 } 36 37 static TEE_Result mbed_aes_cbc_init(struct crypto_cipher_ctx *ctx, 38 TEE_OperationMode mode, const uint8_t *key1, 39 size_t key1_len, 40 const uint8_t *key2 __unused, 41 size_t key2_len __unused, 42 const uint8_t *iv, size_t iv_len) 43 { 44 struct mbed_aes_cbc_ctx *c = to_aes_cbc_ctx(ctx); 45 int mbed_res = 0; 46 47 if (iv_len != sizeof(c->iv)) 48 return TEE_ERROR_BAD_PARAMETERS; 49 memcpy(c->iv, iv, sizeof(c->iv)); 50 51 mbedtls_aes_init(&c->aes_ctx); 52 53 if (mode == TEE_MODE_ENCRYPT) { 54 c->mbed_mode = MBEDTLS_AES_ENCRYPT; 55 mbed_res = mbedtls_aes_setkey_enc(&c->aes_ctx, key1, 56 key1_len * 8); 57 } else { 58 c->mbed_mode = MBEDTLS_AES_DECRYPT; 59 mbed_res = mbedtls_aes_setkey_dec(&c->aes_ctx, key1, 60 key1_len * 8); 61 } 62 63 if (mbed_res) 64 return TEE_ERROR_BAD_STATE; 65 66 return TEE_SUCCESS; 67 } 68 69 static TEE_Result mbed_aes_cbc_update(struct crypto_cipher_ctx *ctx, 70 bool last_block __unused, 71 const uint8_t *data, size_t len, 72 uint8_t *dst) 73 { 74 struct mbed_aes_cbc_ctx *c = to_aes_cbc_ctx(ctx); 75 76 if (mbedtls_aes_crypt_cbc(&c->aes_ctx, c->mbed_mode, len, c->iv, 77 data, dst)) 78 return TEE_ERROR_BAD_STATE; 79 80 return TEE_SUCCESS; 81 } 82 83 static void mbed_aes_cbc_final(struct crypto_cipher_ctx *ctx) 84 { 85 mbedtls_aes_free(&to_aes_cbc_ctx(ctx)->aes_ctx); 86 } 87 88 static void mbed_aes_cbc_free_ctx(struct crypto_cipher_ctx *ctx) 89 { 90 free(to_aes_cbc_ctx(ctx)); 91 } 92 93 static void mbed_aes_cbc_copy_state(struct crypto_cipher_ctx *dst_ctx, 94 struct crypto_cipher_ctx *src_ctx) 95 { 96 struct mbed_aes_cbc_ctx *src = to_aes_cbc_ctx(src_ctx); 97 struct mbed_aes_cbc_ctx *dst = to_aes_cbc_ctx(dst_ctx); 98 99 memcpy(dst->iv, src->iv, sizeof(dst->iv)); 100 dst->mbed_mode = src->mbed_mode; 101 mbed_copy_mbedtls_aes_context(&dst->aes_ctx, &src->aes_ctx); 102 } 103 104 static const struct crypto_cipher_ops mbed_aes_cbc_ops = { 105 .init = mbed_aes_cbc_init, 106 .update = mbed_aes_cbc_update, 107 .final = mbed_aes_cbc_final, 108 .free_ctx = mbed_aes_cbc_free_ctx, 109 .copy_state = mbed_aes_cbc_copy_state, 110 }; 111 112 TEE_Result crypto_aes_cbc_alloc_ctx(struct crypto_cipher_ctx **ctx_ret) 113 { 114 struct mbed_aes_cbc_ctx *c = NULL; 115 116 c = calloc(1, sizeof(*c)); 117 if (!c) 118 return TEE_ERROR_OUT_OF_MEMORY; 119 120 c->ctx.ops = &mbed_aes_cbc_ops; 121 *ctx_ret = &c->ctx; 122 123 return TEE_SUCCESS; 124 } 125 126 #if defined(MBEDTLS_AES_ALT) 127 int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, int mode, size_t length, 128 unsigned char iv[16], const unsigned char *input, 129 unsigned char *output) 130 { 131 if (length % 16) 132 return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; 133 134 if (mode == MBEDTLS_AES_ENCRYPT) 135 crypto_accel_aes_cbc_enc(output, input, ctx->key, 136 ctx->round_count, length / 16, iv); 137 else 138 crypto_accel_aes_cbc_dec(output, input, ctx->key, 139 ctx->round_count, length / 16, iv); 140 141 return 0; 142 } 143 #endif /*MBEDTLS_AES_ALT*/ 144