/*!
* @brief Authenticate and decrypt a (CCM) stream.
*
* @param user_ctx The user's context
* @param auth_ctx Info on this Auth operation
* @param cipher_key_info Key to encrypt payload
* @param auth_key_info (unused - same key in CCM)
* @param auth_data_length Length in bytes of @a auth_data
* @param auth_data Any auth-only data
* @param payload_length Length in bytes of @a payload
* @param ct The encrypted data
* @param auth_value The authentication code to validate
* @param[out] payload The location to store decrypted data
*
* @return A return code of type #fsl_shw_return_t.
*/
fsl_shw_return_t fsl_shw_auth_decrypt(fsl_shw_uco_t * user_ctx,
fsl_shw_acco_t * auth_ctx,
fsl_shw_sko_t * cipher_key_info,
fsl_shw_sko_t * auth_key_info,
uint32_t auth_data_length,
const uint8_t * auth_data,
uint32_t payload_length,
const uint8_t * ct,
const uint8_t * auth_value,
uint8_t * payload)
{
SAH_SF_DCLS;
uint8_t *calced_auth = NULL;
unsigned blocking = user_ctx->flags & FSL_UCO_BLOCKING_MODE;
SAH_SF_USER_CHECK();
/* Only support INIT and FINALIZE flags right now. */
if (auth_ctx->mode != FSL_ACC_MODE_CCM) {
ret = FSL_RETURN_BAD_MODE_S;
goto out;
}
if ((auth_ctx->flags & (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_LOAD |
FSL_ACCO_CTX_SAVE | FSL_ACCO_CTX_FINALIZE))
!= (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_FINALIZE)) {
ret = FSL_RETURN_BAD_FLAG_S;
goto out;
}
ret = load_ctr_key(&desc_chain, user_ctx, auth_ctx, cipher_key_info);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
/* Decrypt the MAC which the user passed in */
header = SAH_HDR_SKHA_ENC_DEC;
DESC_IN_OUT(header,
auth_ctx->mac_length, auth_value,
auth_ctx->mac_length, auth_ctx->unencrypted_mac);
#ifndef NO_ZERO_IV_LOAD
ret = load_dummy_iv(&desc_chain, user_ctx, 1,
auth_ctx->auth_info.CCM_ctx_info.block_size_bytes);
#endif
if (auth_data_length > 0) {
ret = add_assoc_preamble(&desc_chain, user_ctx,
auth_ctx, auth_data, auth_data_length);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
}
/* if auth_data_length > 0 */
ret = process_payload(&desc_chain, user_ctx, 0,
payload_length, ct, payload);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
/* Now pull CBC context (unencrypted MAC) out for comparison. */
/* Need to allocate a place for it, to handle non-blocking mode
* when this stack frame will disappear!
*/
calced_auth = DESC_TEMP_ALLOC(auth_ctx->mac_length);
ret = extract_mac(&desc_chain, user_ctx,
auth_ctx->mac_length, calced_auth);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
if (!blocking) {
/* get_results will need this for comparison */
desc_chain->out1_ptr = calced_auth;
desc_chain->out2_ptr = auth_ctx->unencrypted_mac;
desc_chain->out_len = auth_ctx->mac_length;
}
SAH_SF_EXECUTE();
if (blocking && (ret == FSL_RETURN_OK_S)) {
unsigned i;
/* Validate the auth code */
for (i = 0; i < auth_ctx->mac_length; i++) {
if (calced_auth[i] != auth_ctx->unencrypted_mac[i]) {
ret = FSL_RETURN_AUTH_FAILED_S;
break;
}
}
}
out:
SAH_SF_DESC_CLEAN();
DESC_TEMP_FREE(calced_auth);
(void)auth_key_info;
return ret;
} /* fsl_shw_gen_decrypt() */
/*!
* @brief Authenticate and decrypt a (CCM) stream.
*
* @param user_ctx The user's context
* @param auth_ctx Info on this Auth operation
* @param cipher_key_info Key to encrypt payload
* @param auth_key_info (unused - same key in CCM)
* @param auth_data_length Length in bytes of @a auth_data
* @param auth_data Any auth-only data
* @param payload_length Length in bytes of @a payload
* @param ct The encrypted data
* @param auth_value The authentication code to validate
* @param[out] payload The location to store decrypted data
*
* @return A return code of type #fsl_shw_return_t.
*/
fsl_shw_return_t fsl_shw_auth_decrypt(fsl_shw_uco_t * user_ctx,
fsl_shw_acco_t * auth_ctx,
fsl_shw_sko_t * cipher_key_info,
fsl_shw_sko_t * auth_key_info,
uint32_t auth_data_length,
const uint8_t * auth_data,
uint32_t payload_length,
const uint8_t * ct,
const uint8_t * auth_value,
uint8_t * payload)
{
SAH_SF_DCLS;
#if defined(FSL_HAVE_SAHARA2) || defined(USE_S2_CCM_DECRYPT_CHAIN)
uint8_t *calced_auth = NULL;
unsigned blocking = user_ctx->flags & FSL_UCO_BLOCKING_MODE;
#endif
SAH_SF_USER_CHECK();
/* Only support CCM */
if (auth_ctx->mode != FSL_ACC_MODE_CCM) {
ret = FSL_RETURN_BAD_MODE_S;
goto out;
}
/* Only support INIT and FINALIZE flags right now. */
if ((auth_ctx->flags & (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_LOAD |
FSL_ACCO_CTX_SAVE | FSL_ACCO_CTX_FINALIZE))
!= (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_FINALIZE)) {
ret = FSL_RETURN_BAD_FLAG_S;
goto out;
}
/* Load CTR0 and Key */
header = SAH_HDR_SKHA_SET_MODE_IV_KEY
^ sah_insert_skha_mode_ctr ^ sah_insert_skha_modulus_128;
#if defined (FSL_HAVE_SAHARA4) && !defined (USE_S2_CCM_DECRYPT_CHAIN)
header ^= sah_insert_skha_aux0;
#endif
DESC_IN_KEY(header,
auth_ctx->cipher_ctx_info.block_size_bytes,
auth_ctx->cipher_ctx_info.context, cipher_key_info);
/* Decrypt the MAC which the user passed in */
header = SAH_HDR_SKHA_ENC_DEC;
DESC_IN_OUT(header,
auth_ctx->mac_length, auth_value,
auth_ctx->mac_length, auth_ctx->unencrypted_mac);
#if defined(FSL_HAVE_SAHARA2) || defined(USE_S2_CCM_DECRYPT_CHAIN)
#ifndef NO_ZERO_IV_LOAD
header = (SAH_HDR_SKHA_SET_MODE_IV_KEY
^ sah_insert_skha_encrypt ^ sah_insert_skha_mode_cbc);
DESC_IN_IN(header,
auth_ctx->auth_info.CCM_ctx_info.block_size_bytes,
block_zeros, 0, NULL);
#endif
#endif
ret = add_assoc_preamble(&desc_chain, user_ctx,
auth_ctx, 0, auth_data, auth_data_length);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
/* Process the payload */
header = (SAH_HDR_SKHA_SET_MODE_ENC_DEC
^ sah_insert_skha_mode_ccm ^ sah_insert_skha_modulus_128);
#if defined (FSL_HAVE_SAHARA4) && !defined (USE_S2_CCM_DECRYPT_CHAIN)
header ^= sah_insert_skha_aux0;
#endif
if (payload_length != 0) {
DESC_IN_OUT(header, payload_length, ct, payload_length,
payload);
} else {
DESC_IN_OUT(header, 0, NULL, 0, NULL);
}
#if defined (FSL_HAVE_SAHARA2) || defined (USE_S2_CCM_DECRYPT_CHAIN)
/* Now pull CBC context (unencrypted MAC) out for comparison. */
/* Need to allocate a place for it, to handle non-blocking mode
* when this stack frame will disappear!
*/
calced_auth = DESC_TEMP_ALLOC(auth_ctx->mac_length);
header = SAH_HDR_SKHA_READ_CONTEXT_IV;
DESC_OUT_OUT(header, 0, NULL, auth_ctx->mac_length, calced_auth);
if (!blocking) {
/* get_results will need this for comparison */
desc_chain->out1_ptr = calced_auth;
desc_chain->out2_ptr = auth_ctx->unencrypted_mac;
desc_chain->out_len = auth_ctx->mac_length;
}
#endif
SAH_SF_EXECUTE();
#if defined (FSL_HAVE_SAHARA2) || defined (USE_S2_CCM_DECRYPT_CHAIN)
if (blocking && (ret == FSL_RETURN_OK_S)) {
unsigned i;
/* Validate the auth code */
for (i = 0; i < auth_ctx->mac_length; i++) {
if (calced_auth[i] != auth_ctx->unencrypted_mac[i]) {
ret = FSL_RETURN_AUTH_FAILED_S;
break;
}
}
}
#endif
out:
SAH_SF_DESC_CLEAN();
#if defined (FSL_HAVE_SAHARA2) || defined (USE_S2_CCM_DECRYPT_CHAIN)
DESC_TEMP_FREE(calced_auth);
#endif
(void)auth_key_info;
return ret;
} /* fsl_shw_gen_decrypt() */
/*!
* @brief Generate a (CCM) auth code and encrypt the payload.
*
* This is a very complicated function. Seven (or eight) descriptors are
* required to perform a CCM calculation.
*
* First: Load CTR0 and key.
*
* Second: Run an octet of data through to bump to CTR1. (This could be
* done in software, but software will have to bump and later decrement -
* or copy and bump.
*
* Third: (in Virtio) Load a descriptor with data of zeros for CBC IV.
*
* Fourth: Run any (optional) "additional data" through the CBC-mode
* portion of the algorithm.
*
* Fifth: Run the payload through in CCM mode.
*
* Sixth: Extract the unencrypted MAC.
*
* Seventh: Load CTR0.
*
* Eighth: Encrypt the MAC.
*
* @param user_ctx The user's context
* @param auth_ctx Info on this Auth operation
* @param cipher_key_info Key to encrypt payload
* @param auth_key_info (unused - same key in CCM)
* @param auth_data_length Length in bytes of @a auth_data
* @param auth_data Any auth-only data
* @param payload_length Length in bytes of @a payload
* @param payload The data to encrypt
* @param[out] ct The location to store encrypted data
* @param[out] auth_value The location to store authentication code
*
* @return A return code of type #fsl_shw_return_t.
*/
fsl_shw_return_t fsl_shw_gen_encrypt(fsl_shw_uco_t * user_ctx,
fsl_shw_acco_t * auth_ctx,
fsl_shw_sko_t * cipher_key_info,
fsl_shw_sko_t * auth_key_info,
uint32_t auth_data_length,
const uint8_t * auth_data,
uint32_t payload_length,
const uint8_t * payload,
uint8_t * ct, uint8_t * auth_value)
{
SAH_SF_DCLS;
SAH_SF_USER_CHECK();
if (auth_ctx->mode != FSL_ACC_MODE_CCM) {
ret = FSL_RETURN_BAD_MODE_S;
goto out;
}
/* Only support INIT and FINALIZE flags right now. */
if ((auth_ctx->flags & (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_LOAD |
FSL_ACCO_CTX_SAVE | FSL_ACCO_CTX_FINALIZE))
!= (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_FINALIZE)) {
ret = FSL_RETURN_BAD_FLAG_S;
goto out;
}
ret = load_ctr_key(&desc_chain, user_ctx, auth_ctx, cipher_key_info);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
header = SAH_HDR_SKHA_ENC_DEC;
DESC_IN_OUT(header, auth_ctx->cipher_ctx_info.block_size_bytes,
garbage_output, auth_ctx->cipher_ctx_info.block_size_bytes,
garbage_output);
#ifndef NO_ZERO_IV_LOAD
ret = load_dummy_iv(&desc_chain, user_ctx,
1,
auth_ctx->auth_info.CCM_ctx_info.block_size_bytes);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
#endif
if (auth_data_length > 0) {
ret = add_assoc_preamble(&desc_chain, user_ctx,
auth_ctx, auth_data, auth_data_length);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
}
/* if auth_data_length > 0 */
ret = process_payload(&desc_chain, user_ctx, 1,
payload_length, payload, ct);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
/* Pull out the CBC-MAC value. */
ret = extract_mac(&desc_chain, user_ctx,
auth_ctx->mac_length, auth_ctx->unencrypted_mac);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
/* Now load CTR0 in, and encrypt the MAC */
ret = encrypt_mac(&desc_chain, user_ctx, auth_ctx,
auth_ctx->unencrypted_mac, auth_value);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
SAH_SF_EXECUTE();
out:
SAH_SF_DESC_CLEAN();
(void)auth_key_info;
return ret;
} /* fsl_shw_gen_encrypt() */
/*!
* @brief Generate a (CCM) auth code and encrypt the payload.
*
* This is a very complicated function. Seven (or eight) descriptors are
* required to perform a CCM calculation.
*
* First: Load CTR0 and key.
*
* Second: Run an octet of data through to bump to CTR1. (This could be
* done in software, but software will have to bump and later decrement -
* or copy and bump.
*
* Third: (in Virtio) Load a descriptor with data of zeros for CBC IV.
*
* Fourth: Run any (optional) "additional data" through the CBC-mode
* portion of the algorithm.
*
* Fifth: Run the payload through in CCM mode.
*
* Sixth: Extract the unencrypted MAC.
*
* Seventh: Load CTR0.
*
* Eighth: Encrypt the MAC.
*
* @param user_ctx The user's context
* @param auth_ctx Info on this Auth operation
* @param cipher_key_info Key to encrypt payload
* @param auth_key_info (unused - same key in CCM)
* @param auth_data_length Length in bytes of @a auth_data
* @param auth_data Any auth-only data
* @param payload_length Length in bytes of @a payload
* @param payload The data to encrypt
* @param[out] ct The location to store encrypted data
* @param[out] auth_value The location to store authentication code
*
* @return A return code of type #fsl_shw_return_t.
*/
fsl_shw_return_t fsl_shw_gen_encrypt(fsl_shw_uco_t * user_ctx,
fsl_shw_acco_t * auth_ctx,
fsl_shw_sko_t * cipher_key_info,
fsl_shw_sko_t * auth_key_info,
uint32_t auth_data_length,
const uint8_t * auth_data,
uint32_t payload_length,
const uint8_t * payload,
uint8_t * ct, uint8_t * auth_value)
{
SAH_SF_DCLS;
SAH_SF_USER_CHECK();
if (auth_ctx->mode == FSL_ACC_MODE_SSL) {
#if SUPPORT_SSL
ret = do_ssl_gen(user_ctx, auth_ctx, cipher_key_info,
auth_key_info, auth_data_length, auth_data,
payload_length, payload, ct, auth_value);
#else
ret = FSL_RETURN_BAD_MODE_S;
#endif
goto out;
}
if (auth_ctx->mode != FSL_ACC_MODE_CCM) {
ret = FSL_RETURN_BAD_MODE_S;
goto out;
}
/* Only support INIT and FINALIZE flags right now. */
if ((auth_ctx->flags & (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_LOAD |
FSL_ACCO_CTX_SAVE | FSL_ACCO_CTX_FINALIZE))
!= (FSL_ACCO_CTX_INIT | FSL_ACCO_CTX_FINALIZE)) {
ret = FSL_RETURN_BAD_FLAG_S;
goto out;
}
/* Load CTR0 and Key */
header = (SAH_HDR_SKHA_SET_MODE_IV_KEY
^ sah_insert_skha_mode_ctr
^ sah_insert_skha_modulus_128 ^ sah_insert_skha_encrypt);
DESC_IN_KEY(header,
auth_ctx->cipher_ctx_info.block_size_bytes,
auth_ctx->cipher_ctx_info.context, cipher_key_info);
/* Encrypt dummy data to bump to CTR1 */
header = SAH_HDR_SKHA_ENC_DEC;
DESC_IN_OUT(header, auth_ctx->mac_length, garbage_output,
auth_ctx->mac_length, garbage_output);
#if defined(FSL_HAVE_SAHARA2) || defined(USE_S2_CCM_ENCRYPT_CHAIN)
#ifndef NO_ZERO_IV_LOAD
header = (SAH_HDR_SKHA_SET_MODE_IV_KEY
^ sah_insert_skha_encrypt ^ sah_insert_skha_mode_cbc);
DESC_IN_IN(header,
auth_ctx->auth_info.CCM_ctx_info.block_size_bytes,
block_zeros, 0, NULL);
#endif
#endif
ret = add_assoc_preamble(&desc_chain, user_ctx,
auth_ctx, 1, auth_data, auth_data_length);
if (ret != FSL_RETURN_OK_S) {
goto out;
}
/* Process the payload */
header = (SAH_HDR_SKHA_SET_MODE_ENC_DEC
^ sah_insert_skha_mode_ccm
^ sah_insert_skha_modulus_128 ^ sah_insert_skha_encrypt);
#if defined (FSL_HAVE_SAHARA4) && !defined (USE_S2_CCM_ENCRYPT_CHAIN)
header ^= sah_insert_skha_aux0;
#endif
if (payload_length != 0) {
DESC_IN_OUT(header, payload_length, payload, payload_length,
ct);
} else {
DESC_IN_OUT(header, 0, NULL, 0, NULL);
} /* if payload_length */
#if defined (FSL_HAVE_SAHARA4) && !defined (USE_S2_CCM_ENCRYPT_CHAIN)
/* Pull out the CBC-MAC value. */
DESC_OUT_OUT(SAH_HDR_SKHA_READ_CONTEXT_IV, 0, NULL,
auth_ctx->mac_length, auth_value);
#else
/* Pull out the unencrypted CBC-MAC value. */
DESC_OUT_OUT(SAH_HDR_SKHA_READ_CONTEXT_IV,
0, NULL, auth_ctx->mac_length, auth_ctx->unencrypted_mac);
/* Now load CTR0 in, and encrypt the MAC */
header = SAH_HDR_SKHA_SET_MODE_IV_KEY
^ sah_insert_skha_encrypt
^ sah_insert_skha_mode_ctr ^ sah_insert_skha_modulus_128;
DESC_IN_IN(header,
auth_ctx->cipher_ctx_info.block_size_bytes,
auth_ctx->cipher_ctx_info.context, 0, NULL);
header = SAH_HDR_SKHA_ENC_DEC; /* Desc. #4 SKHA Enc/Dec */
DESC_IN_OUT(header,
auth_ctx->mac_length, auth_ctx->unencrypted_mac,
auth_ctx->mac_length, auth_value);
#endif
SAH_SF_EXECUTE();
out:
SAH_SF_DESC_CLEAN();
(void)auth_key_info;
return ret;
} /* fsl_shw_gen_encrypt() */
