1 /* **************************************************************************** 2 * * 3 * C-Sky Microsystems Confidential * 4 * ------------------------------- * 5 * This file and all its contents are properties of C-Sky Microsystems. The * 6 * information contained herein is confidential and proprietary and is not * 7 * to be disclosed outside of C-Sky Microsystems except under a * 8 * Non-Disclosured Agreement (NDA). * 9 * * 10 ****************************************************************************/ 11 12 #ifndef MBEDTLS_AES_ALT_H 13 #define MBEDTLS_AES_ALT_H 14 15 #if defined(MBEDTLS_AES_ALT) 16 17 #include "sec_crypto_aes.h" 18 19 // Regular implementation 20 // 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 #define SSE_AES_CTX_SIZE 36 27 28 /** 29 * \brief AES context structure 30 * 31 * \note buf is able to hold 32 extra bytes, which can be used: 32 * - for alignment purposes if VIA padlock is used, and/or 33 * - to simplify key expansion in the 256-bit case by 34 * generating an extra round key 35 */ 36 37 38 typedef struct { 39 #if defined(CONFIG_TEE_AES) 40 void *ctx; 41 unsigned char key[32]; 42 unsigned int key_len; 43 #endif 44 sc_aes_t sc_ctx; 45 } mbedtls_aes_context; 46 47 /** 48 * \brief Initialize AES context 49 * 50 * \param ctx AES context to be initialized 51 */ 52 void mbedtls_aes_init(mbedtls_aes_context *ctx); 53 54 /** 55 * \brief Clear AES context 56 * 57 * \param ctx AES context to be cleared 58 */ 59 void mbedtls_aes_free(mbedtls_aes_context *ctx); 60 61 /** 62 * \brief AES key schedule (encryption) 63 * 64 * \param ctx AES context to be initialized 65 * \param key encryption key 66 * \param keybits must be 128, 192 or 256 67 * 68 * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH 69 */ 70 int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, 71 unsigned int keybits); 72 73 /** 74 * \brief AES key schedule (decryption) 75 * 76 * \param ctx AES context to be initialized 77 * \param key decryption key 78 * \param keybits must be 128, 192 or 256 79 * 80 * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH 81 */ 82 int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, 83 unsigned int keybits); 84 85 /** 86 * \brief AES-ECB block encryption/decryption 87 * 88 * \param ctx AES context 89 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 90 * \param input 16-byte input block 91 * \param output 16-byte output block 92 * 93 * \return 0 if successful 94 */ 95 int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, 96 int mode, 97 const unsigned char input[16], 98 unsigned char output[16]); 99 100 #if defined(MBEDTLS_CIPHER_MODE_CBC) 101 /** 102 * \brief AES-CBC buffer encryption/decryption 103 * Length should be a multiple of the block 104 * size (16 bytes) 105 * 106 * \note Upon exit, the content of the IV is updated so that you can 107 * call the function same function again on the following 108 * block(s) of data and get the same result as if it was 109 * encrypted in one call. This allows a "streaming" usage. 110 * If on the other hand you need to retain the contents of the 111 * IV, you should either save it manually or use the cipher 112 * module instead. 113 * 114 * \param ctx AES context 115 * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT 116 * \param length length of the input data 117 * \param iv initialization vector (updated after use) 118 * \param input buffer holding the input data 119 * \param output buffer holding the output data 120 * 121 * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH 122 */ 123 int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, 124 int mode, 125 size_t length, 126 unsigned char iv[16], 127 const unsigned char *input, 128 unsigned char *output); 129 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 130 131 #if defined(MBEDTLS_CIPHER_MODE_CTR) 132 /** 133 * \brief AES-CTR buffer encryption/decryption 134 * 135 * Warning: You have to keep the maximum use of your counter in mind! 136 * 137 * Note: Due to the nature of CTR you should use the same key schedule for 138 * both encryption and decryption. So a context initialized with 139 * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. 140 * 141 * \param ctx AES context 142 * \param length The length of the data 143 * \param nc_off The offset in the current stream_block (for resuming 144 * within current cipher stream). The offset pointer to 145 * should be 0 at the start of a stream. 146 * \param nonce_counter The 128-bit nonce and counter. 147 * \param stream_block The saved stream-block for resuming. Is overwritten 148 * by the function. 149 * \param input The input data stream 150 * \param output The output data stream 151 * 152 * \return 0 if successful 153 */ 154 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, 155 size_t length, 156 size_t *nc_off, 157 unsigned char nonce_counter[16], 158 unsigned char stream_block[16], 159 const unsigned char *input, 160 unsigned char *output ); 161 #endif /* MBEDTLS_CIPHER_MODE_CTR */ 162 163 #ifdef __cplusplus 164 } 165 #endif 166 167 #endif /* MBEDTLS_AES_ALT */ 168 169 #endif /* aes_alt.h */ 170