Skip to content

Commit a58457d

Browse files
Ron EldorRon Eldor
Ron Eldor
authored and
Ron Eldor
committed
Port aes cc310 driver
Add support for CC310 AES driver, returning `MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED` for key size other than 128 bits, and for AES modes not supported by the driver. Use `MBEDTLS_CTR_DRBG_USE_128_BIT_KEY`.
1 parent 4bd1d15 commit a58457d

File tree

3 files changed

+388
-1
lines changed

3 files changed

+388
-1
lines changed

features/cryptocell/FEATURE_CRYPTOCELL310/aes_alt.c

Lines changed: 329 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,329 @@
1+
/*
2+
* aes_alt.c
3+
*
4+
* Copyright (C) 2019, Arm Limited, All Rights Reserved
5+
* SPDX-License-Identifier: Apache-2.0
6+
*
7+
* Licensed under the Apache License, Version 2.0 (the "License"); you may
8+
* not use this file except in compliance with the License.
9+
* You may obtain a copy of the License at
10+
*
11+
* http://www.apache.org/licenses/LICENSE-2.0
12+
*
13+
* Unless required by applicable law or agreed to in writing, software
14+
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15+
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+
* See the License for the specific language governing permissions and
17+
* limitations under the License.
18+
*
19+
*/
20+
21+
#include "mbedtls/aes.h"
22+
#if defined(MBEDTLS_AES_ALT)
23+
#include <string.h>
24+
#include "ssi_aes_defs.h"
25+
#include "mbedtls/platform.h"
26+
27+
#if defined(MBEDTLS_CIPHER_MODE_CFB)
28+
/*
29+
* AES-CFB128 buffer encryption/decryption
30+
*/
31+
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
32+
int mode,
33+
size_t length,
34+
size_t *iv_off,
35+
unsigned char iv[16],
36+
const unsigned char *input,
37+
unsigned char *output )
38+
{
39+
return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
40+
}
41+
42+
/*
43+
* AES-CFB8 buffer encryption/decryption
44+
*/
45+
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
46+
int mode,
47+
size_t length,
48+
unsigned char iv[16],
49+
const unsigned char *input,
50+
unsigned char *output )
51+
{
52+
return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
53+
}
54+
#endif /*MBEDTLS_CIPHER_MODE_CFB */
55+
56+
#if defined(MBEDTLS_CIPHER_MODE_XTS)
57+
58+
int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
59+
const unsigned char *key,
60+
unsigned int keybits )
61+
{
62+
return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
63+
}
64+
65+
int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
66+
const unsigned char *key,
67+
unsigned int keybits )
68+
{
69+
return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
70+
}
71+
72+
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
73+
int mode,
74+
size_t length,
75+
const unsigned char data_unit[16],
76+
const unsigned char *input,
77+
unsigned char *output )
78+
{
79+
return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
80+
}
81+
#endif /* MBEDTLS_CIPHER_MODE_XTS */
82+
83+
#if defined(MBEDTLS_CIPHER_MODE_OFB)
84+
int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
85+
size_t length,
86+
size_t *iv_off,
87+
unsigned char iv[16],
88+
const unsigned char *input,
89+
unsigned char *output );
90+
{
91+
return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
92+
}
93+
#endif /* MBEDTLS_CIPHER_MODE_OFB */
94+
95+
void mbedtls_aes_init( mbedtls_aes_context *ctx )
96+
{
97+
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
98+
}
99+
100+
void mbedtls_aes_free( mbedtls_aes_context *ctx )
101+
{
102+
if( ctx == NULL )
103+
return;
104+
105+
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
106+
}
107+
#if defined(MBEDTLS_CIPHER_MODE_XTS)
108+
109+
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ){}
110+
111+
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ){}
112+
#endif /* MBEDTLS_CIPHER_MODE_XTS */
113+
114+
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
115+
unsigned int keybits )
116+
{
117+
int ret = 0;
118+
if ( ctx == NULL )
119+
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
120+
121+
switch( keybits )
122+
{
123+
case 128:
124+
{
125+
ctx->CC_cipherFlag = SASI_AES_ENCRYPT;
126+
ctx->CC_keySizeInBytes = ( keybits / 8 );
127+
memcpy( ctx->CC_Key, key, ctx->CC_keySizeInBytes );
128+
}
129+
break;
130+
case 192:
131+
case 256:
132+
return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
133+
default:
134+
return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
135+
}
136+
137+
return ( 0 );
138+
139+
}
140+
141+
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
142+
unsigned int keybits )
143+
{
144+
int ret = 0;
145+
if( ctx == NULL )
146+
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
147+
148+
switch( keybits )
149+
{
150+
case 128:
151+
{
152+
ctx->CC_cipherFlag = SASI_AES_DECRYPT;
153+
ctx->CC_keySizeInBytes = ( keybits / 8 );
154+
memcpy( ctx->CC_Key, key, ctx->CC_keySizeInBytes );
155+
}
156+
break;
157+
case 192:
158+
case 256:
159+
return( MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED );
160+
default:
161+
return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
162+
}
163+
164+
return( 0 );
165+
166+
}
167+
168+
static int CC_aes_cipher( mbedtls_aes_context *ctx,
169+
int mode,
170+
SaSiAesOperationMode_t aes_mode,
171+
size_t length,
172+
unsigned char* iv,
173+
size_t iv_len,
174+
const unsigned char *input,
175+
unsigned char *output )
176+
{
177+
int ret = 0;
178+
SaSiAesUserKeyData_t CC_KeyData = { ctx->CC_Key,
179+
ctx->CC_keySizeInBytes };
180+
181+
ret = SaSi_AesInit( &ctx->CC_Context,
182+
ctx->CC_cipherFlag,
183+
aes_mode, SASI_AES_PADDING_NONE );
184+
if( ret != 0 )
185+
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
186+
187+
ret = SaSi_AesSetKey( &ctx->CC_Context, SASI_AES_USER_KEY,
188+
&CC_KeyData, sizeof( CC_KeyData ) );
189+
if( ret != 0 )
190+
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
191+
192+
if( iv )
193+
{
194+
if( iv_len != SASI_AES_IV_SIZE_IN_BYTES )
195+
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
196+
197+
ret = SaSi_AesSetIv ( &ctx->CC_Context, iv );
198+
if( ret != 0 )
199+
return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
200+
}
201+
202+
ret = SaSi_AesFinish( &ctx->CC_Context, length,
203+
( unsigned char* )input, length, output, &length );
204+
if( ret != 0 )
205+
return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
206+
207+
/* update the IV for next block
208+
* For CTR mode, update the nonce only if the current length is a full AES block length
209+
*/
210+
211+
if( ( ( aes_mode == SASI_AES_MODE_CBC ) ||
212+
( (aes_mode == SASI_AES_MODE_CTR) && ( ( length % SASI_AES_BLOCK_SIZE_IN_BYTES) == 0) ) )
213+
&& iv )
214+
{
215+
ret = SaSi_AesGetIv( &ctx->CC_Context, iv );
216+
if( ret != 0 )
217+
return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
218+
}
219+
220+
ret = SaSi_AesFree( &ctx->CC_Context );
221+
if ( ret != 0 )
222+
return ( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
223+
224+
return ( 0 );
225+
}
226+
227+
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
228+
int mode,
229+
const unsigned char input[16],
230+
unsigned char output[16] )
231+
{
232+
if( ctx == NULL )
233+
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
234+
235+
if( ( mode == MBEDTLS_AES_ENCRYPT && ctx->CC_cipherFlag != SASI_AES_ENCRYPT ) ||
236+
( mode == MBEDTLS_AES_DECRYPT && ctx->CC_cipherFlag != SASI_AES_DECRYPT ) )
237+
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
238+
239+
return( CC_aes_cipher( ctx, mode, SASI_AES_MODE_ECB, 16, NULL, 0, input, output ) );
240+
241+
}
242+
243+
#if defined(MBEDTLS_CIPHER_MODE_CBC)
244+
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
245+
int mode,
246+
size_t length,
247+
unsigned char iv[16],
248+
const unsigned char *input,
249+
unsigned char *output )
250+
{
251+
if( ctx == NULL )
252+
return ( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
253+
254+
255+
if( length % SASI_AES_BLOCK_SIZE_IN_BYTES )
256+
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
257+
258+
if( ( mode != MBEDTLS_AES_ENCRYPT || ctx->CC_cipherFlag != SASI_AES_ENCRYPT ) &&
259+
( mode != MBEDTLS_AES_DECRYPT || ctx->CC_cipherFlag != SASI_AES_DECRYPT ) )
260+
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
261+
262+
return( CC_aes_cipher( ctx, mode, SASI_AES_MODE_CBC, length, iv, 16, input, output ) );
263+
}
264+
265+
#endif /* MBEDTLS_CIPHER_MODE_CBC */
266+
267+
#if defined(MBEDTLS_CIPHER_MODE_CTR)
268+
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
269+
size_t length,
270+
size_t *nc_off,
271+
unsigned char nonce_counter[16],
272+
unsigned char stream_block[16],
273+
const unsigned char *input,
274+
unsigned char *output )
275+
{
276+
int ret = 0;
277+
int n = *nc_off, c, i;
278+
size_t j;
279+
if( ctx == NULL )
280+
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
281+
282+
if ( *nc_off )
283+
{
284+
/* handle corner case where we are resuming a previous encryption,
285+
* and we are resuming within current cipher stream(stream_block) */
286+
while( n != 0 )
287+
{
288+
c = *input++;
289+
*output++ = (unsigned char)( c ^ stream_block[n] );
290+
n = ( n + 1) & 0x0F;
291+
if( length > 0)
292+
--length;
293+
}
294+
/*
295+
* Increase the nonce_counter by 1 since we now passed one block
296+
*/
297+
for( i = 16; i > 0; i-- )
298+
if( ++nonce_counter[i - 1] != 0 )
299+
break;
300+
}
301+
if( CC_aes_cipher( ctx, MBEDTLS_AES_ENCRYPT, SASI_AES_MODE_CTR,
302+
length, nonce_counter, SASI_AES_IV_SIZE_IN_BYTES, input, output ) != 0 )
303+
{
304+
ret = -1;
305+
}
306+
if( ( ( length % SASI_AES_BLOCK_SIZE_IN_BYTES ) != 0 ) && ret == 0 )
307+
{
308+
/* in case the length is not aligned, generate stream block for resuming
309+
* increase nonce_block to the correct value*/
310+
for( j = 0; j < ( length/SASI_AES_BLOCK_SIZE_IN_BYTES ); j++)
311+
for( i = 16; i > 0; i-- )
312+
if( ++nonce_counter[i - 1] != 0 )
313+
break;
314+
if( ( ret = CC_aes_cipher( ctx, MBEDTLS_AES_ENCRYPT, SASI_AES_MODE_ECB,
315+
SASI_AES_BLOCK_SIZE_IN_BYTES, NULL, 0,
316+
nonce_counter, stream_block ) ) != 0 )
317+
{
318+
goto exit;
319+
}
320+
321+
}
322+
*nc_off = ( length % SASI_AES_BLOCK_SIZE_IN_BYTES );
323+
324+
exit:
325+
return ret;
326+
}
327+
#endif /* MBEDTLS_CIPHER_MODE_CTR */
328+
#endif/* MBEDTLS_AES_ALT */
329+

features/cryptocell/FEATURE_CRYPTOCELL310/aes_alt.h

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
/*
2+
* aes_alt.h
3+
*
4+
* Copyright (C) 2019, Arm Limited, All Rights Reserved
5+
* SPDX-License-Identifier: Apache-2.0
6+
*
7+
* Licensed under the Apache License, Version 2.0 (the "License"); you may
8+
* not use this file except in compliance with the License.
9+
* You may obtain a copy of the License at
10+
*
11+
* http://www.apache.org/licenses/LICENSE-2.0
12+
*
13+
* Unless required by applicable law or agreed to in writing, software
14+
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15+
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+
* See the License for the specific language governing permissions and
17+
* limitations under the License.
18+
*
19+
*/
20+
21+
#ifndef __AES_ALT__
22+
#define __AES_ALT__
23+
24+
#if defined(MBEDTLS_AES_ALT)
25+
#include "ssi_aes.h"
26+
#ifdef __cplusplus
27+
extern "C" {
28+
#endif
29+
30+
typedef struct
31+
{
32+
SaSiAesUserContext_t CC_Context;
33+
SaSiAesEncryptMode_t CC_cipherFlag;
34+
uint8_t CC_Key[SASI_AES_KEY_MAX_SIZE_IN_BYTES];
35+
size_t CC_keySizeInBytes;
36+
}
37+
mbedtls_aes_context;
38+
39+
#if defined(MBEDTLS_CIPHER_MODE_XTS)
40+
/**
41+
* \brief The AES XTS context-type definition.
42+
*/
43+
typedef struct mbedtls_aes_xts_context
44+
{
45+
int unsupported;
46+
}
47+
mbedtls_aes_xts_context;
48+
#endif /* MBEDTLS_CIPHER_MODE_XTS */
49+
50+
#ifdef __cplusplus
51+
}
52+
#endif
53+
54+
#endif /* MBEDTLS_AES_ALT */
55+
#endif /* __AES_ALT__ */
56+

0 commit comments

Comments
 (0)