1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (C) 2019, Linaro Limited
4  * Copyright (C) 2021, Huawei Technologies Co., Ltd
5  */
6 
7 #include <assert.h>
8 #include <compiler.h>
9 #include <crypto/crypto_accel.h>
10 #include <crypto/crypto.h>
11 #include <crypto/crypto_impl.h>
12 #include <mbedtls/aes.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <tee_api_types.h>
16 #include <utee_defines.h>
17 #include <util.h>
18 
19 #include "mbed_helpers.h"
20 
21 struct mbed_aes_ctr_ctx {
22 	struct crypto_cipher_ctx ctx;
23 	mbedtls_aes_context aes_ctx;
24 	size_t nc_off;
25 	unsigned char counter[TEE_AES_BLOCK_SIZE];
26 	unsigned char block[TEE_AES_BLOCK_SIZE];
27 };
28 
29 static const struct crypto_cipher_ops mbed_aes_ctr_ops;
30 
to_aes_ctr_ctx(struct crypto_cipher_ctx * ctx)31 static struct mbed_aes_ctr_ctx *to_aes_ctr_ctx(struct crypto_cipher_ctx *ctx)
32 {
33 	assert(ctx && ctx->ops == &mbed_aes_ctr_ops);
34 
35 	return container_of(ctx, struct mbed_aes_ctr_ctx, ctx);
36 }
37 
mbed_aes_ctr_init(struct crypto_cipher_ctx * ctx,TEE_OperationMode mode __unused,const uint8_t * key1,size_t key1_len,const uint8_t * key2 __unused,size_t key2_len __unused,const uint8_t * iv,size_t iv_len)38 static TEE_Result mbed_aes_ctr_init(struct crypto_cipher_ctx *ctx,
39 				    TEE_OperationMode mode __unused,
40 				    const uint8_t *key1, size_t key1_len,
41 				    const uint8_t *key2 __unused,
42 				    size_t key2_len __unused,
43 				    const uint8_t *iv, size_t iv_len)
44 {
45 	struct mbed_aes_ctr_ctx *c = to_aes_ctr_ctx(ctx);
46 
47 	if (iv_len != sizeof(c->counter))
48 		return TEE_ERROR_BAD_PARAMETERS;
49 	memcpy(c->counter, iv, sizeof(c->counter));
50 
51 	mbedtls_aes_init(&c->aes_ctx);
52 	c->nc_off = 0;
53 
54 	if (mbedtls_aes_setkey_enc(&c->aes_ctx, key1, key1_len * 8))
55 		return TEE_ERROR_BAD_STATE;
56 
57 	return TEE_SUCCESS;
58 }
59 
mbed_aes_ctr_update(struct crypto_cipher_ctx * ctx,bool last_block __unused,const uint8_t * data,size_t len,uint8_t * dst)60 static TEE_Result mbed_aes_ctr_update(struct crypto_cipher_ctx *ctx,
61 				      bool last_block __unused,
62 				      const uint8_t *data, size_t len,
63 				      uint8_t *dst)
64 {
65 	struct mbed_aes_ctr_ctx *c = to_aes_ctr_ctx(ctx);
66 
67 	if (mbedtls_aes_crypt_ctr(&c->aes_ctx, len, &c->nc_off, c->counter,
68 				   c->block, data, dst))
69 		return TEE_ERROR_BAD_STATE;
70 
71 	return TEE_SUCCESS;
72 }
73 
mbed_aes_ctr_final(struct crypto_cipher_ctx * ctx)74 static void mbed_aes_ctr_final(struct crypto_cipher_ctx *ctx)
75 {
76 	struct mbed_aes_ctr_ctx *c = to_aes_ctr_ctx(ctx);
77 
78 	mbedtls_aes_free(&c->aes_ctx);
79 	memset(c->block, 0, sizeof(c->block));
80 }
81 
mbed_aes_ctr_free_ctx(struct crypto_cipher_ctx * ctx)82 static void mbed_aes_ctr_free_ctx(struct crypto_cipher_ctx *ctx)
83 {
84 	free(to_aes_ctr_ctx(ctx));
85 }
86 
mbed_aes_ctr_copy_state(struct crypto_cipher_ctx * dst_ctx,struct crypto_cipher_ctx * src_ctx)87 static void mbed_aes_ctr_copy_state(struct crypto_cipher_ctx *dst_ctx,
88 				    struct crypto_cipher_ctx *src_ctx)
89 {
90 	struct mbed_aes_ctr_ctx *src = to_aes_ctr_ctx(src_ctx);
91 	struct mbed_aes_ctr_ctx *dst = to_aes_ctr_ctx(dst_ctx);
92 
93 	memcpy(dst->counter, src->counter, sizeof(dst->counter));
94 	memcpy(dst->block, src->block, sizeof(dst->block));
95 	dst->nc_off = src->nc_off;
96 	mbed_copy_mbedtls_aes_context(&dst->aes_ctx, &src->aes_ctx);
97 }
98 
99 static const struct crypto_cipher_ops mbed_aes_ctr_ops = {
100 	.init = mbed_aes_ctr_init,
101 	.update = mbed_aes_ctr_update,
102 	.final = mbed_aes_ctr_final,
103 	.free_ctx = mbed_aes_ctr_free_ctx,
104 	.copy_state = mbed_aes_ctr_copy_state,
105 };
106 
crypto_aes_ctr_alloc_ctx(struct crypto_cipher_ctx ** ctx_ret)107 TEE_Result crypto_aes_ctr_alloc_ctx(struct crypto_cipher_ctx **ctx_ret)
108 {
109 	struct mbed_aes_ctr_ctx *c = NULL;
110 
111 	c = calloc(1, sizeof(*c));
112 	if (!c)
113 		return TEE_ERROR_OUT_OF_MEMORY;
114 
115 	c->ctx.ops = &mbed_aes_ctr_ops;
116 	*ctx_ret = &c->ctx;
117 
118 	return TEE_SUCCESS;
119 }
120 
121 #if defined(MBEDTLS_AES_ALT)
next_ctr(unsigned char stream_block[16],mbedtls_aes_context * ctx,unsigned char nonce_counter[16])122 static void next_ctr(unsigned char stream_block[16], mbedtls_aes_context *ctx,
123 		     unsigned char nonce_counter[16])
124 {
125 	const unsigned char zeroes[16] = { 0 };
126 
127 	crypto_accel_aes_ctr_be_enc(stream_block, zeroes, ctx->key,
128 				    ctx->round_count, 1, nonce_counter);
129 }
130 
mbedtls_aes_crypt_ctr(mbedtls_aes_context * ctx,size_t length,size_t * nc_off,unsigned char nonce_counter[16],unsigned char stream_block[16],const unsigned char * input,unsigned char * output)131 int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, size_t length,
132 			  size_t *nc_off, unsigned char nonce_counter[16],
133 			  unsigned char stream_block[16],
134 			  const unsigned char *input, unsigned char *output)
135 {
136 	size_t offs = 0;
137 
138 	if (*nc_off >= 16)
139 		return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
140 
141 	/*
142 	 * If the stream_block is in use, continue until done or
143 	 * stream_block is consumed.
144 	 */
145 	while (*nc_off) {
146 		output[offs] = stream_block[*nc_off] ^ input[offs];
147 		offs++;
148 		*nc_off = (*nc_off + 1) % 16;
149 		if (offs == length)
150 			return 0;
151 	}
152 
153 	if ((length - offs) >= 16) {
154 		size_t block_count = (length - offs) / 16;
155 
156 		crypto_accel_aes_ctr_be_enc(output + offs, input + offs,
157 					    ctx->key, ctx->round_count,
158 					    block_count, nonce_counter);
159 		offs += block_count * 16;
160 	}
161 
162 	while (offs < length) {
163 		if (!*nc_off)
164 			next_ctr(stream_block, ctx, nonce_counter);
165 		output[offs] = stream_block[*nc_off] ^ input[offs];
166 		offs++;
167 		*nc_off = (*nc_off + 1) % 16;
168 	}
169 
170 	return 0;
171 }
172 #endif /*MBEDTLS_AES_ALT*/
173