xref: /optee_os/lib/libmbedtls/core/aes_ctr.c (revision 5b25c76ac40f830867e3d60800120ffd7874e8dc) 
1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (C) 2019, Linaro Limited
4  */
5 
6 #include <assert.h>
7 #include <compiler.h>
8 #include <crypto/crypto_accel.h>
9 #include <crypto/crypto.h>
10 #include <crypto/crypto_impl.h>
11 #include <mbedtls/aes.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <tee_api_types.h>
15 #include <utee_defines.h>
16 #include <util.h>
17 
18 struct mbed_aes_ctr_ctx {
19 	struct crypto_cipher_ctx ctx;
20 	mbedtls_aes_context aes_ctx;
21 	size_t nc_off;
22 	unsigned char counter[TEE_AES_BLOCK_SIZE];
23 	unsigned char block[TEE_AES_BLOCK_SIZE];
24 };
25 
26 static const struct crypto_cipher_ops mbed_aes_ctr_ops;
27 
28 static struct mbed_aes_ctr_ctx *to_aes_ctr_ctx(struct crypto_cipher_ctx *ctx)
29 {
30 	assert(ctx && ctx->ops == &mbed_aes_ctr_ops);
31 
32 	return container_of(ctx, struct mbed_aes_ctr_ctx, ctx);
33 }
34 
35 static TEE_Result mbed_aes_ctr_init(struct crypto_cipher_ctx *ctx,
36 				    TEE_OperationMode mode __unused,
37 				    const uint8_t *key1, size_t key1_len,
38 				    const uint8_t *key2 __unused,
39 				    size_t key2_len __unused,
40 				    const uint8_t *iv, size_t iv_len)
41 {
42 	struct mbed_aes_ctr_ctx *c = to_aes_ctr_ctx(ctx);
43 
44 	if (iv_len != sizeof(c->counter))
45 		return TEE_ERROR_BAD_PARAMETERS;
46 	memcpy(c->counter, iv, sizeof(c->counter));
47 
48 	mbedtls_aes_init(&c->aes_ctx);
49 	c->nc_off = 0;
50 
51 	if (mbedtls_aes_setkey_enc(&c->aes_ctx, key1, key1_len * 8))
52 		return TEE_ERROR_BAD_STATE;
53 
54 	return TEE_SUCCESS;
55 }
56 
57 static TEE_Result mbed_aes_ctr_update(struct crypto_cipher_ctx *ctx,
58 				      bool last_block __unused,
59 				      const uint8_t *data, size_t len,
60 				      uint8_t *dst)
61 {
62 	struct mbed_aes_ctr_ctx *c = to_aes_ctr_ctx(ctx);
63 
64 	if (mbedtls_aes_crypt_ctr(&c->aes_ctx, len, &c->nc_off, c->counter,
65 				   c->block, data, dst))
66 		return TEE_ERROR_BAD_STATE;
67 
68 	return TEE_SUCCESS;
69 }
70 
71 static void mbed_aes_ctr_final(struct crypto_cipher_ctx *ctx)
72 {
73 	struct mbed_aes_ctr_ctx *c = to_aes_ctr_ctx(ctx);
74 
75 	mbedtls_aes_free(&c->aes_ctx);
76 	memset(c->block, 0, sizeof(c->block));
77 }
78 
79 static void mbed_aes_ctr_free_ctx(struct crypto_cipher_ctx *ctx)
80 {
81 	free(to_aes_ctr_ctx(ctx));
82 }
83 
84 static void mbed_aes_ctr_copy_state(struct crypto_cipher_ctx *dst_ctx,
85 				    struct crypto_cipher_ctx *src_ctx)
86 {
87 	struct mbed_aes_ctr_ctx *src = to_aes_ctr_ctx(src_ctx);
88 	struct mbed_aes_ctr_ctx *dst = to_aes_ctr_ctx(dst_ctx);
89 
90 	memcpy(dst->counter, src->counter, sizeof(dst->counter));
91 	memcpy(dst->block, src->block, sizeof(dst->block));
92 	dst->nc_off = src->nc_off;
93 	dst->aes_ctx = src->aes_ctx;
94 }
95 
96 static const struct crypto_cipher_ops mbed_aes_ctr_ops = {
97 	.init = mbed_aes_ctr_init,
98 	.update = mbed_aes_ctr_update,
99 	.final = mbed_aes_ctr_final,
100 	.free_ctx = mbed_aes_ctr_free_ctx,
101 	.copy_state = mbed_aes_ctr_copy_state,
102 };
103 
104 TEE_Result crypto_aes_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx_ret)
105 {
106 	struct mbed_aes_ctr_ctx *c = NULL;
107 
108 	c = calloc(1, sizeof(*c));
109 	if (!c)
110 		return TEE_ERROR_OUT_OF_MEMORY;
111 
112 	c->ctx.ops = &mbed_aes_ctr_ops;
113 	*ctx_ret = &c->ctx;
114 
115 	return TEE_SUCCESS;
116 }
117 
118 #if defined(MBEDTLS_AES_ALT)
119 static void next_ctr(unsigned char stream_block[16], mbedtls_aes_context *ctx,
120 		     unsigned char nonce_counter[16])
121 {
122 	const unsigned char zeroes[16] = { 0 };
123 
124 	crypto_accel_aes_ctr_be_enc(stream_block, zeroes, ctx->key,
125 				    ctx->round_count, 1, nonce_counter);
126 }
127 
128 int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, size_t length,
129 			  size_t *nc_off, unsigned char nonce_counter[16],
130 			  unsigned char stream_block[16],
131 			  const unsigned char *input, unsigned char *output)
132 {
133 	size_t offs = 0;
134 
135 	if (*nc_off >= 16)
136 		return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
137 
138 	/*
139 	 * If the stream_block is in use, continue until done or
140 	 * stream_block is consumed.
141 	 */
142 	while (*nc_off) {
143 		output[offs] = stream_block[*nc_off] ^ input[offs];
144 		offs++;
145 		*nc_off = (*nc_off + 1) % 16;
146 		if (offs == length)
147 			return 0;
148 	}
149 
150 	if ((length - offs) >= 16) {
151 		size_t block_count = (length - offs) / 16;
152 
153 		crypto_accel_aes_ctr_be_enc(output + offs, input + offs,
154 					    ctx->key, ctx->round_count,
155 					    block_count, nonce_counter);
156 		offs += block_count * 16;
157 	}
158 
159 	while (offs < length) {
160 		if (!*nc_off)
161 			next_ctr(stream_block, ctx, nonce_counter);
162 		output[offs] = stream_block[*nc_off] ^ input[offs];
163 		offs++;
164 		*nc_off = (*nc_off + 1) % 16;
165 	}
166 
167 	return 0;
168 }
169 #endif /*MBEDTLS_AES_ALT*/
170