xref: /optee_os-3.20.0/core/crypto/aes-gcm.c

27 static void ghash_update_pad_zero(struct internal_aes_gcm_state *state,  in ghash_update_pad_zero()  argument
35 			internal_aes_gcm_ghash_update(state, NULL, data, n);  in ghash_update_pad_zero()
43 				internal_aes_gcm_ghash_update(state, NULL,  in ghash_update_pad_zero()
53 		internal_aes_gcm_ghash_update(state, block, NULL, 0);  in ghash_update_pad_zero()
57 static void ghash_update_lengths(struct internal_aes_gcm_state *state,  in ghash_update_lengths()  argument
66 	internal_aes_gcm_ghash_update(state, (uint8_t *)len_fields, NULL, 0);  in ghash_update_lengths()
69 static TEE_Result __gcm_init(struct internal_aes_gcm_state *state,  in __gcm_init()  argument
74 	COMPILE_TIME_ASSERT(sizeof(state->ctr) == TEE_AES_BLOCK_SIZE);  in __gcm_init()
76 	if (tag_len > sizeof(state->buf_tag))  in __gcm_init()
79 	memset(state, 0, sizeof(*state));  in __gcm_init()
81 	state->tag_len = tag_len;  in __gcm_init()
82 	internal_aes_gcm_set_key(state, ek);  in __gcm_init()
85 		memcpy(state->ctr, nonce, nonce_len);  in __gcm_init()
86 		internal_aes_gcm_inc_ctr(state);  in __gcm_init()
88 		ghash_update_pad_zero(state, nonce, nonce_len);  in __gcm_init()
89 		ghash_update_lengths(state, 0, nonce_len);  in __gcm_init()
91 		memcpy(state->ctr, state->hash_state, sizeof(state->ctr));  in __gcm_init()
92 		memset(state->hash_state, 0, sizeof(state->hash_state));  in __gcm_init()
96 			     state->ctr, state->buf_tag);  in __gcm_init()
97 	internal_aes_gcm_inc_ctr(state);  in __gcm_init()
117 				     state->ctr, state->buf_cryp);  in __gcm_init()
118 		internal_aes_gcm_inc_ctr(state);  in __gcm_init()
137 	return __gcm_init(&ctx->state, ek, mode, nonce, nonce_len, tag_len);  in internal_aes_gcm_init()
140 static TEE_Result __gcm_update_aad(struct internal_aes_gcm_state *state,  in __gcm_update_aad()  argument
148 	if (state->payload_bytes)  in __gcm_update_aad()
151 	state->aad_bytes += len;  in __gcm_update_aad()
154 		if (state->buf_pos ||  in __gcm_update_aad()
157 			n = MIN(TEE_AES_BLOCK_SIZE - state->buf_pos, l);  in __gcm_update_aad()
158 			memcpy(state->buf_hash + state->buf_pos, d, n);  in __gcm_update_aad()
159 			state->buf_pos += n;  in __gcm_update_aad()
161 			if (state->buf_pos != TEE_AES_BLOCK_SIZE)  in __gcm_update_aad()
164 			state->buf_pos = 0;  in __gcm_update_aad()
165 			head = state->buf_hash;  in __gcm_update_aad()
175 		internal_aes_gcm_ghash_update(state, head, d, n);  in __gcm_update_aad()
186 	return __gcm_update_aad(&ctx->state, data, len);  in internal_aes_gcm_update_aad()
190 __gcm_update_payload(struct internal_aes_gcm_state *state,  in __gcm_update_payload()  argument
200 	if (!state->payload_bytes && state->buf_pos) {  in __gcm_update_payload()
202 		memset(state->buf_hash + state->buf_pos, 0,  in __gcm_update_payload()
203 		       TEE_AES_BLOCK_SIZE - state->buf_pos);  in __gcm_update_payload()
204 		internal_aes_gcm_ghash_update(state, state->buf_hash, NULL, 0);  in __gcm_update_payload()
205 		state->buf_pos = 0;  in __gcm_update_payload()
208 	state->payload_bytes += len;  in __gcm_update_payload()
211 		if (state->buf_pos || l < TEE_AES_BLOCK_SIZE) {  in __gcm_update_payload()
212 			n = MIN(TEE_AES_BLOCK_SIZE - state->buf_pos, l);  in __gcm_update_payload()
214 			if (!state->buf_pos && mode == TEE_MODE_DECRYPT)  in __gcm_update_payload()
216 						     ek->rounds, state->ctr,  in __gcm_update_payload()
217 						     state->buf_cryp);  in __gcm_update_payload()
219 			xor_buf(state->buf_cryp + state->buf_pos, s, n);  in __gcm_update_payload()
220 			memcpy(d, state->buf_cryp + state->buf_pos, n);  in __gcm_update_payload()
222 				memcpy(state->buf_hash + state->buf_pos,  in __gcm_update_payload()
223 				       state->buf_cryp + state->buf_pos, n);  in __gcm_update_payload()
225 				memcpy(state->buf_hash + state->buf_pos, s, n);  in __gcm_update_payload()
227 			state->buf_pos += n;  in __gcm_update_payload()
229 			if (state->buf_pos != TEE_AES_BLOCK_SIZE)  in __gcm_update_payload()
232 			internal_aes_gcm_ghash_update(state, state->buf_hash,  in __gcm_update_payload()
234 			state->buf_pos = 0;  in __gcm_update_payload()
241 						     ek->rounds, state->ctr,  in __gcm_update_payload()
242 						     state->buf_cryp);  in __gcm_update_payload()
243 			internal_aes_gcm_inc_ctr(state);  in __gcm_update_payload()
246 			internal_aes_gcm_update_payload_blocks(state, ek, mode,  in __gcm_update_payload()
262 	return __gcm_update_payload(&ctx->state, &ctx->key, mode, src, len,  in internal_aes_gcm_update_payload()
266 static TEE_Result operation_final(struct internal_aes_gcm_state *state,  in operation_final()  argument
273 	res = __gcm_update_payload(state, enc_key, m, src, len, dst);  in operation_final()
277 	if (state->buf_pos) {  in operation_final()
278 		memset(state->buf_hash + state->buf_pos, 0,  in operation_final()
279 		       sizeof(state->buf_hash) - state->buf_pos);  in operation_final()
280 		internal_aes_gcm_ghash_update(state, state->buf_hash, NULL, 0);  in operation_final()
283 	ghash_update_lengths(state, state->aad_bytes, state->payload_bytes);  in operation_final()
285 	xor_buf(state->buf_tag, state->hash_state, state->tag_len);  in operation_final()
290 static TEE_Result __gcm_enc_final(struct internal_aes_gcm_state *state,  in __gcm_enc_final()  argument
297 	if (*tag_len < state->tag_len)  in __gcm_enc_final()
300 	res = operation_final(state, enc_key, TEE_MODE_ENCRYPT, src, len, dst);  in __gcm_enc_final()
304 	memcpy(tag, state->buf_tag, state->tag_len);  in __gcm_enc_final()
305 	*tag_len = state->tag_len;  in __gcm_enc_final()
314 	return __gcm_enc_final(&ctx->state, &ctx->key, src, len, dst, tag,  in internal_aes_gcm_enc_final()
318 static TEE_Result __gcm_dec_final(struct internal_aes_gcm_state *state,  in __gcm_dec_final()  argument
325 	if (tag_len != state->tag_len)  in __gcm_dec_final()
328 	res = operation_final(state, enc_key, TEE_MODE_DECRYPT, src, len, dst);  in __gcm_dec_final()
332 	if (consttime_memcmp(state->buf_tag, tag, tag_len))  in __gcm_dec_final()
342 	return __gcm_dec_final(&ctx->state, &ctx->key, src, len, dst, tag,  in internal_aes_gcm_dec_final()
346 void internal_aes_gcm_inc_ctr(struct internal_aes_gcm_state *state)  in internal_aes_gcm_inc_ctr()  argument
350 	c = TEE_U64_FROM_BIG_ENDIAN(state->ctr[1]) + 1;  in internal_aes_gcm_inc_ctr()
351 	state->ctr[1] = TEE_U64_TO_BIG_ENDIAN(c);  in internal_aes_gcm_inc_ctr()
353 		c = TEE_U64_FROM_BIG_ENDIAN(state->ctr[0]) + 1;  in internal_aes_gcm_inc_ctr()
354 		state->ctr[0] = TEE_U64_TO_BIG_ENDIAN(c);  in internal_aes_gcm_inc_ctr()
358 void internal_aes_gcm_dec_ctr(struct internal_aes_gcm_state *state)  in internal_aes_gcm_dec_ctr()  argument
362 	c = TEE_U64_FROM_BIG_ENDIAN(state->ctr[1]) - 1;  in internal_aes_gcm_dec_ctr()
363 	state->ctr[1] = TEE_U64_TO_BIG_ENDIAN(c);  in internal_aes_gcm_dec_ctr()
365 		c = TEE_U64_FROM_BIG_ENDIAN(state->ctr[0]) - 1;  in internal_aes_gcm_dec_ctr()
366 		state->ctr[0] = TEE_U64_TO_BIG_ENDIAN(c);  in internal_aes_gcm_dec_ctr()
377 	struct internal_aes_gcm_state state;  in internal_aes_gcm_enc()  local
379 	res = __gcm_init(&state, enc_key, TEE_MODE_ENCRYPT, nonce, nonce_len,  in internal_aes_gcm_enc()
385 		res = __gcm_update_aad(&state, aad, aad_len);  in internal_aes_gcm_enc()
390 	return __gcm_enc_final(&state, enc_key, src, len, dst, tag, tag_len);  in internal_aes_gcm_enc()
400 	struct internal_aes_gcm_state state;  in internal_aes_gcm_dec()  local
402 	res = __gcm_init(&state, enc_key, TEE_MODE_DECRYPT, nonce, nonce_len,  in internal_aes_gcm_dec()
408 		res = __gcm_update_aad(&state, aad, aad_len);  in internal_aes_gcm_dec()
413 	return __gcm_dec_final(&state, enc_key, src, len, dst, tag, tag_len);  in internal_aes_gcm_dec()

Last Index update Sun Aug 20 00:18:20 CST 2023