/*! * @brief Authenticate and decrypt a (CCM) stream. * * @param user_ctx The user's context * @param auth_ctx Info on this Auth operation * @param cipher_key_info Key to encrypt payload * @param auth_key_info (unused - same key in CCM) * @param auth_data_length Length in bytes of @a auth_data * @param auth_data Any auth-only data * @param payload_length Length in bytes of @a payload * @param ct The encrypted data * @param auth_value The authentication code to validate * @param[out] payload The location to store decrypted data * * @return A return code of type #fsl_shw_return_t. */ fsl_shw_return_t fsl_shw_auth_decrypt(fsl_shw_uco_t * user_ctx, fsl_shw_acco_t * auth_ctx, fsl_shw_sko_t * cipher_key_info, fsl_shw_sko_t * auth_key_info, uint32_t auth_data_length, const uint8_t * auth_data, uint32_t payload_length, const uint8_t * ct, const uint8_t * auth_value, uint8_t * payload) { SAH_SF_DCLS; uint8_t *calced_auth = NULL; unsigned blocking = user_ctx->flags & FSL_UCO_BLOCKING_MODE; SAH_SF_USER_CHECK(); /* Only support INIT and FINALIZE flags right now. */ if (auth_ctx->mode != FSL_ACC_MODE_CCM) { ret = FSL_RETURN_BAD_MODE_S; goto out; } if ((auth_ctx->flags & (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_LOAD | FSL_ACCO_CTX_SAVE | FSL_ACCO_CTX_FINALIZE)) != (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_FINALIZE)) { ret = FSL_RETURN_BAD_FLAG_S; goto out; } ret = load_ctr_key(&desc_chain, user_ctx, auth_ctx, cipher_key_info); if (ret != FSL_RETURN_OK_S) { goto out; } /* Decrypt the MAC which the user passed in */ header = SAH_HDR_SKHA_ENC_DEC; DESC_IN_OUT(header, auth_ctx->mac_length, auth_value, auth_ctx->mac_length, auth_ctx->unencrypted_mac); #ifndef NO_ZERO_IV_LOAD ret = load_dummy_iv(&desc_chain, user_ctx, 1, auth_ctx->auth_info.CCM_ctx_info.block_size_bytes); #endif if (auth_data_length > 0) { ret = add_assoc_preamble(&desc_chain, user_ctx, auth_ctx, auth_data, auth_data_length); if (ret != FSL_RETURN_OK_S) { goto out; } } /* if auth_data_length > 0 */ ret = process_payload(&desc_chain, user_ctx, 0, payload_length, ct, payload); if (ret != FSL_RETURN_OK_S) { goto out; } /* Now pull CBC context (unencrypted MAC) out for comparison. */ /* Need to allocate a place for it, to handle non-blocking mode * when this stack frame will disappear! */ calced_auth = DESC_TEMP_ALLOC(auth_ctx->mac_length); ret = extract_mac(&desc_chain, user_ctx, auth_ctx->mac_length, calced_auth); if (ret != FSL_RETURN_OK_S) { goto out; } if (!blocking) { /* get_results will need this for comparison */ desc_chain->out1_ptr = calced_auth; desc_chain->out2_ptr = auth_ctx->unencrypted_mac; desc_chain->out_len = auth_ctx->mac_length; } SAH_SF_EXECUTE(); if (blocking && (ret == FSL_RETURN_OK_S)) { unsigned i; /* Validate the auth code */ for (i = 0; i < auth_ctx->mac_length; i++) { if (calced_auth[i] != auth_ctx->unencrypted_mac[i]) { ret = FSL_RETURN_AUTH_FAILED_S; break; } } } out: SAH_SF_DESC_CLEAN(); DESC_TEMP_FREE(calced_auth); (void)auth_key_info; return ret; } /* fsl_shw_gen_decrypt() */
/*! * @brief Authenticate and decrypt a (CCM) stream. * * @param user_ctx The user's context * @param auth_ctx Info on this Auth operation * @param cipher_key_info Key to encrypt payload * @param auth_key_info (unused - same key in CCM) * @param auth_data_length Length in bytes of @a auth_data * @param auth_data Any auth-only data * @param payload_length Length in bytes of @a payload * @param ct The encrypted data * @param auth_value The authentication code to validate * @param[out] payload The location to store decrypted data * * @return A return code of type #fsl_shw_return_t. */ fsl_shw_return_t fsl_shw_auth_decrypt(fsl_shw_uco_t * user_ctx, fsl_shw_acco_t * auth_ctx, fsl_shw_sko_t * cipher_key_info, fsl_shw_sko_t * auth_key_info, uint32_t auth_data_length, const uint8_t * auth_data, uint32_t payload_length, const uint8_t * ct, const uint8_t * auth_value, uint8_t * payload) { SAH_SF_DCLS; #if defined(FSL_HAVE_SAHARA2) || defined(USE_S2_CCM_DECRYPT_CHAIN) uint8_t *calced_auth = NULL; unsigned blocking = user_ctx->flags & FSL_UCO_BLOCKING_MODE; #endif SAH_SF_USER_CHECK(); /* Only support CCM */ if (auth_ctx->mode != FSL_ACC_MODE_CCM) { ret = FSL_RETURN_BAD_MODE_S; goto out; } /* Only support INIT and FINALIZE flags right now. */ if ((auth_ctx->flags & (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_LOAD | FSL_ACCO_CTX_SAVE | FSL_ACCO_CTX_FINALIZE)) != (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_FINALIZE)) { ret = FSL_RETURN_BAD_FLAG_S; goto out; } /* Load CTR0 and Key */ header = SAH_HDR_SKHA_SET_MODE_IV_KEY ^ sah_insert_skha_mode_ctr ^ sah_insert_skha_modulus_128; #if defined (FSL_HAVE_SAHARA4) && !defined (USE_S2_CCM_DECRYPT_CHAIN) header ^= sah_insert_skha_aux0; #endif DESC_IN_KEY(header, auth_ctx->cipher_ctx_info.block_size_bytes, auth_ctx->cipher_ctx_info.context, cipher_key_info); /* Decrypt the MAC which the user passed in */ header = SAH_HDR_SKHA_ENC_DEC; DESC_IN_OUT(header, auth_ctx->mac_length, auth_value, auth_ctx->mac_length, auth_ctx->unencrypted_mac); #if defined(FSL_HAVE_SAHARA2) || defined(USE_S2_CCM_DECRYPT_CHAIN) #ifndef NO_ZERO_IV_LOAD header = (SAH_HDR_SKHA_SET_MODE_IV_KEY ^ sah_insert_skha_encrypt ^ sah_insert_skha_mode_cbc); DESC_IN_IN(header, auth_ctx->auth_info.CCM_ctx_info.block_size_bytes, block_zeros, 0, NULL); #endif #endif ret = add_assoc_preamble(&desc_chain, user_ctx, auth_ctx, 0, auth_data, auth_data_length); if (ret != FSL_RETURN_OK_S) { goto out; } /* Process the payload */ header = (SAH_HDR_SKHA_SET_MODE_ENC_DEC ^ sah_insert_skha_mode_ccm ^ sah_insert_skha_modulus_128); #if defined (FSL_HAVE_SAHARA4) && !defined (USE_S2_CCM_DECRYPT_CHAIN) header ^= sah_insert_skha_aux0; #endif if (payload_length != 0) { DESC_IN_OUT(header, payload_length, ct, payload_length, payload); } else { DESC_IN_OUT(header, 0, NULL, 0, NULL); } #if defined (FSL_HAVE_SAHARA2) || defined (USE_S2_CCM_DECRYPT_CHAIN) /* Now pull CBC context (unencrypted MAC) out for comparison. */ /* Need to allocate a place for it, to handle non-blocking mode * when this stack frame will disappear! */ calced_auth = DESC_TEMP_ALLOC(auth_ctx->mac_length); header = SAH_HDR_SKHA_READ_CONTEXT_IV; DESC_OUT_OUT(header, 0, NULL, auth_ctx->mac_length, calced_auth); if (!blocking) { /* get_results will need this for comparison */ desc_chain->out1_ptr = calced_auth; desc_chain->out2_ptr = auth_ctx->unencrypted_mac; desc_chain->out_len = auth_ctx->mac_length; } #endif SAH_SF_EXECUTE(); #if defined (FSL_HAVE_SAHARA2) || defined (USE_S2_CCM_DECRYPT_CHAIN) if (blocking && (ret == FSL_RETURN_OK_S)) { unsigned i; /* Validate the auth code */ for (i = 0; i < auth_ctx->mac_length; i++) { if (calced_auth[i] != auth_ctx->unencrypted_mac[i]) { ret = FSL_RETURN_AUTH_FAILED_S; break; } } } #endif out: SAH_SF_DESC_CLEAN(); #if defined (FSL_HAVE_SAHARA2) || defined (USE_S2_CCM_DECRYPT_CHAIN) DESC_TEMP_FREE(calced_auth); #endif (void)auth_key_info; return ret; } /* fsl_shw_gen_decrypt() */
/*! * @brief Generate a (CCM) auth code and encrypt the payload. * * This is a very complicated function. Seven (or eight) descriptors are * required to perform a CCM calculation. * * First: Load CTR0 and key. * * Second: Run an octet of data through to bump to CTR1. (This could be * done in software, but software will have to bump and later decrement - * or copy and bump. * * Third: (in Virtio) Load a descriptor with data of zeros for CBC IV. * * Fourth: Run any (optional) "additional data" through the CBC-mode * portion of the algorithm. * * Fifth: Run the payload through in CCM mode. * * Sixth: Extract the unencrypted MAC. * * Seventh: Load CTR0. * * Eighth: Encrypt the MAC. * * @param user_ctx The user's context * @param auth_ctx Info on this Auth operation * @param cipher_key_info Key to encrypt payload * @param auth_key_info (unused - same key in CCM) * @param auth_data_length Length in bytes of @a auth_data * @param auth_data Any auth-only data * @param payload_length Length in bytes of @a payload * @param payload The data to encrypt * @param[out] ct The location to store encrypted data * @param[out] auth_value The location to store authentication code * * @return A return code of type #fsl_shw_return_t. */ fsl_shw_return_t fsl_shw_gen_encrypt(fsl_shw_uco_t * user_ctx, fsl_shw_acco_t * auth_ctx, fsl_shw_sko_t * cipher_key_info, fsl_shw_sko_t * auth_key_info, uint32_t auth_data_length, const uint8_t * auth_data, uint32_t payload_length, const uint8_t * payload, uint8_t * ct, uint8_t * auth_value) { SAH_SF_DCLS; SAH_SF_USER_CHECK(); if (auth_ctx->mode != FSL_ACC_MODE_CCM) { ret = FSL_RETURN_BAD_MODE_S; goto out; } /* Only support INIT and FINALIZE flags right now. */ if ((auth_ctx->flags & (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_LOAD | FSL_ACCO_CTX_SAVE | FSL_ACCO_CTX_FINALIZE)) != (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_FINALIZE)) { ret = FSL_RETURN_BAD_FLAG_S; goto out; } ret = load_ctr_key(&desc_chain, user_ctx, auth_ctx, cipher_key_info); if (ret != FSL_RETURN_OK_S) { goto out; } header = SAH_HDR_SKHA_ENC_DEC; DESC_IN_OUT(header, auth_ctx->cipher_ctx_info.block_size_bytes, garbage_output, auth_ctx->cipher_ctx_info.block_size_bytes, garbage_output); #ifndef NO_ZERO_IV_LOAD ret = load_dummy_iv(&desc_chain, user_ctx, 1, auth_ctx->auth_info.CCM_ctx_info.block_size_bytes); if (ret != FSL_RETURN_OK_S) { goto out; } #endif if (auth_data_length > 0) { ret = add_assoc_preamble(&desc_chain, user_ctx, auth_ctx, auth_data, auth_data_length); if (ret != FSL_RETURN_OK_S) { goto out; } } /* if auth_data_length > 0 */ ret = process_payload(&desc_chain, user_ctx, 1, payload_length, payload, ct); if (ret != FSL_RETURN_OK_S) { goto out; } /* Pull out the CBC-MAC value. */ ret = extract_mac(&desc_chain, user_ctx, auth_ctx->mac_length, auth_ctx->unencrypted_mac); if (ret != FSL_RETURN_OK_S) { goto out; } /* Now load CTR0 in, and encrypt the MAC */ ret = encrypt_mac(&desc_chain, user_ctx, auth_ctx, auth_ctx->unencrypted_mac, auth_value); if (ret != FSL_RETURN_OK_S) { goto out; } SAH_SF_EXECUTE(); out: SAH_SF_DESC_CLEAN(); (void)auth_key_info; return ret; } /* fsl_shw_gen_encrypt() */
/*! * @brief Generate a (CCM) auth code and encrypt the payload. * * This is a very complicated function. Seven (or eight) descriptors are * required to perform a CCM calculation. * * First: Load CTR0 and key. * * Second: Run an octet of data through to bump to CTR1. (This could be * done in software, but software will have to bump and later decrement - * or copy and bump. * * Third: (in Virtio) Load a descriptor with data of zeros for CBC IV. * * Fourth: Run any (optional) "additional data" through the CBC-mode * portion of the algorithm. * * Fifth: Run the payload through in CCM mode. * * Sixth: Extract the unencrypted MAC. * * Seventh: Load CTR0. * * Eighth: Encrypt the MAC. * * @param user_ctx The user's context * @param auth_ctx Info on this Auth operation * @param cipher_key_info Key to encrypt payload * @param auth_key_info (unused - same key in CCM) * @param auth_data_length Length in bytes of @a auth_data * @param auth_data Any auth-only data * @param payload_length Length in bytes of @a payload * @param payload The data to encrypt * @param[out] ct The location to store encrypted data * @param[out] auth_value The location to store authentication code * * @return A return code of type #fsl_shw_return_t. */ fsl_shw_return_t fsl_shw_gen_encrypt(fsl_shw_uco_t * user_ctx, fsl_shw_acco_t * auth_ctx, fsl_shw_sko_t * cipher_key_info, fsl_shw_sko_t * auth_key_info, uint32_t auth_data_length, const uint8_t * auth_data, uint32_t payload_length, const uint8_t * payload, uint8_t * ct, uint8_t * auth_value) { SAH_SF_DCLS; SAH_SF_USER_CHECK(); if (auth_ctx->mode == FSL_ACC_MODE_SSL) { #if SUPPORT_SSL ret = do_ssl_gen(user_ctx, auth_ctx, cipher_key_info, auth_key_info, auth_data_length, auth_data, payload_length, payload, ct, auth_value); #else ret = FSL_RETURN_BAD_MODE_S; #endif goto out; } if (auth_ctx->mode != FSL_ACC_MODE_CCM) { ret = FSL_RETURN_BAD_MODE_S; goto out; } /* Only support INIT and FINALIZE flags right now. */ if ((auth_ctx->flags & (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_LOAD | FSL_ACCO_CTX_SAVE | FSL_ACCO_CTX_FINALIZE)) != (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_FINALIZE)) { ret = FSL_RETURN_BAD_FLAG_S; goto out; } /* Load CTR0 and Key */ header = (SAH_HDR_SKHA_SET_MODE_IV_KEY ^ sah_insert_skha_mode_ctr ^ sah_insert_skha_modulus_128 ^ sah_insert_skha_encrypt); DESC_IN_KEY(header, auth_ctx->cipher_ctx_info.block_size_bytes, auth_ctx->cipher_ctx_info.context, cipher_key_info); /* Encrypt dummy data to bump to CTR1 */ header = SAH_HDR_SKHA_ENC_DEC; DESC_IN_OUT(header, auth_ctx->mac_length, garbage_output, auth_ctx->mac_length, garbage_output); #if defined(FSL_HAVE_SAHARA2) || defined(USE_S2_CCM_ENCRYPT_CHAIN) #ifndef NO_ZERO_IV_LOAD header = (SAH_HDR_SKHA_SET_MODE_IV_KEY ^ sah_insert_skha_encrypt ^ sah_insert_skha_mode_cbc); DESC_IN_IN(header, auth_ctx->auth_info.CCM_ctx_info.block_size_bytes, block_zeros, 0, NULL); #endif #endif ret = add_assoc_preamble(&desc_chain, user_ctx, auth_ctx, 1, auth_data, auth_data_length); if (ret != FSL_RETURN_OK_S) { goto out; } /* Process the payload */ header = (SAH_HDR_SKHA_SET_MODE_ENC_DEC ^ sah_insert_skha_mode_ccm ^ sah_insert_skha_modulus_128 ^ sah_insert_skha_encrypt); #if defined (FSL_HAVE_SAHARA4) && !defined (USE_S2_CCM_ENCRYPT_CHAIN) header ^= sah_insert_skha_aux0; #endif if (payload_length != 0) { DESC_IN_OUT(header, payload_length, payload, payload_length, ct); } else { DESC_IN_OUT(header, 0, NULL, 0, NULL); } /* if payload_length */ #if defined (FSL_HAVE_SAHARA4) && !defined (USE_S2_CCM_ENCRYPT_CHAIN) /* Pull out the CBC-MAC value. */ DESC_OUT_OUT(SAH_HDR_SKHA_READ_CONTEXT_IV, 0, NULL, auth_ctx->mac_length, auth_value); #else /* Pull out the unencrypted CBC-MAC value. */ DESC_OUT_OUT(SAH_HDR_SKHA_READ_CONTEXT_IV, 0, NULL, auth_ctx->mac_length, auth_ctx->unencrypted_mac); /* Now load CTR0 in, and encrypt the MAC */ header = SAH_HDR_SKHA_SET_MODE_IV_KEY ^ sah_insert_skha_encrypt ^ sah_insert_skha_mode_ctr ^ sah_insert_skha_modulus_128; DESC_IN_IN(header, auth_ctx->cipher_ctx_info.block_size_bytes, auth_ctx->cipher_ctx_info.context, 0, NULL); header = SAH_HDR_SKHA_ENC_DEC; /* Desc. #4 SKHA Enc/Dec */ DESC_IN_OUT(header, auth_ctx->mac_length, auth_ctx->unencrypted_mac, auth_ctx->mac_length, auth_value); #endif SAH_SF_EXECUTE(); out: SAH_SF_DESC_CLEAN(); (void)auth_key_info; return ret; } /* fsl_shw_gen_encrypt() */