From 47aba83c2cfbe5a3414f8befb096c60fbc462c70 Mon Sep 17 00:00:00 2001 From: jeromecoutant Date: Mon, 30 Mar 2020 14:14:10 +0200 Subject: [PATCH] STM32 MBEDTLS: Remove specific STM32F4 & STM32F7 implementation All families (except STM32L4) will be aligned --- .../TARGET_STM/TARGET_STM32F4/aes_alt.c | 530 ----------- .../TARGET_STM/TARGET_STM32F4/aes_alt.h | 307 ------- .../TARGET_STM/TARGET_STM32F7/aes_alt.c | 846 ------------------ .../TARGET_STM/TARGET_STM32F7/aes_alt.h | 502 ----------- 4 files changed, 2185 deletions(-) delete mode 100644 features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.c delete mode 100644 features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.h delete mode 100644 features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/aes_alt.c delete mode 100644 features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/aes_alt.h diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.c b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.c deleted file mode 100644 index 2aded7eafb..0000000000 --- a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.c +++ /dev/null @@ -1,530 +0,0 @@ -/* - * Hardware aes implementation for STM32F4 STM32F7 and STM32L4 families - ******************************************************************************* - * Copyright (c) 2017, STMicroelectronics - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include "mbedtls/aes.h" - -#if defined(MBEDTLS_AES_ALT) - -#if MBED_CONF_MBED_TRACE_ENABLE -#define TLSPRINT 1 -#endif - -static uint32_t swap(uint32_t in) -{ - uint32_t in1, in2, in3, in4, out; - - in1 = ((in & 0xff000000) >> 24); - in2 = ((in & 0x00FF0000) >> 8); - in3 = ((in & 0x0000FF00) << 8); - in4 = ((in & 0xFF) << 24); - out = in1 | in2 | in3 | in4; - - return out; -} - -static int aes_set_key(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) -{ -#if TLSPRINT - mbedtls_printf(" ****** aes_set_key *******\n"); - mbedtls_printf("keybits = %d\n", keybits); -#endif - - switch (keybits) { - case 128: - ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_128B; - memcpy(ctx->aes_key, key, 16); - - ctx->aes_key[0] = swap(ctx->aes_key[0]); - ctx->aes_key[1] = swap(ctx->aes_key[1]); - ctx->aes_key[2] = swap(ctx->aes_key[2]); - ctx->aes_key[3] = swap(ctx->aes_key[3]); - - break; - case 192: - ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_192B; - memcpy(ctx->aes_key, key, 24); - - ctx->aes_key[0] = swap(ctx->aes_key[0]); - ctx->aes_key[1] = swap(ctx->aes_key[1]); - ctx->aes_key[2] = swap(ctx->aes_key[2]); - ctx->aes_key[3] = swap(ctx->aes_key[3]); - ctx->aes_key[4] = swap(ctx->aes_key[4]); - ctx->aes_key[5] = swap(ctx->aes_key[5]); - - break; - case 256: - ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_256B; - memcpy(ctx->aes_key, key, 32); - - ctx->aes_key[0] = swap(ctx->aes_key[0]); - ctx->aes_key[1] = swap(ctx->aes_key[1]); - ctx->aes_key[2] = swap(ctx->aes_key[2]); - ctx->aes_key[3] = swap(ctx->aes_key[3]); - ctx->aes_key[4] = swap(ctx->aes_key[4]); - ctx->aes_key[5] = swap(ctx->aes_key[5]); - ctx->aes_key[6] = swap(ctx->aes_key[6]); - ctx->aes_key[7] = swap(ctx->aes_key[7]); - - break; - default : - return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); - } - - ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; - ctx->hcryp_aes.Instance = CRYP; - - /* Deinitializes the CRYP peripheral */ - if (HAL_CRYP_DeInit(&ctx->hcryp_aes) == HAL_ERROR) { - return (HAL_ERROR); - } - - /* Enable CRYP clock */ - __HAL_RCC_CRYP_CLK_ENABLE(); - - ctx->hcryp_aes.Init.pKey = ctx->aes_key; - if (HAL_CRYP_Init(&ctx->hcryp_aes) == HAL_ERROR) { - return (HAL_ERROR); - } - - /* allow multi-instance of CRYP use: save context for CRYP HW module CR */ - ctx->ctx_save_cr = ctx->hcryp_aes.Instance->CR; - return (0); - -} - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize(void *v, size_t n) -{ -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_zeroize *******\n"); -#endif - - volatile unsigned char *p = (unsigned char *)v; - while (n--) { - *p++ = 0; - } -} - - -void mbedtls_aes_init(mbedtls_aes_context *ctx) -{ -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_init *******\n"); -#endif - - memset(ctx, 0, sizeof(mbedtls_aes_context)); -} - - -void mbedtls_aes_free(mbedtls_aes_context *ctx) -{ -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_free *******\n"); -#endif - - if (ctx == NULL) { - return; - } -#if defined(DUAL_CORE) - uint32_t timeout = HSEM_TIMEOUT; - while (LL_HSEM_1StepLock(HSEM, CFG_HW_RCC_SEMID) && (--timeout != 0)) { - } -#endif /* DUAL_CORE */ - /* Force the CRYP Periheral Clock Reset */ - __HAL_RCC_CRYP_FORCE_RESET(); - - /* Release the CRYP Periheral Clock Reset */ - __HAL_RCC_CRYP_RELEASE_RESET(); -#if defined(DUAL_CORE) - LL_HSEM_ReleaseLock(HSEM, CFG_HW_RCC_SEMID, HSEM_CR_COREID_CURRENT); -#endif /* DUAL_CORE */ - - mbedtls_zeroize(ctx, sizeof(mbedtls_aes_context)); -} - - -int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits) -{ - int ret_val = 0; - -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_setkey_enc *******\n"); - mbedtls_printf("enc keybits : %d\n", keybits); - mbedtls_printf("enc key :\n"); - for (int i = 1; i <= keybits / 8; i++) { - mbedtls_printf("%x\t", key[i - 1]); - if ((i % 8) == 0) { - mbedtls_printf("\n"); - } - } -#endif - - ret_val = aes_set_key(ctx, key, keybits); - return (ret_val); -} - -int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits) -{ - int ret_val = 0; - -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_setkey_dec *******\n"); - mbedtls_printf("dec keybits : %d\n", keybits); - mbedtls_printf("enc key:\n"); - for (int i = 1; i <= keybits / 8; i++) { - mbedtls_printf("%x\t", key[i - 1]); - if ((i % 8) == 0) { - mbedtls_printf("\n"); - } - } -#endif - - ret_val = aes_set_key(ctx, key, keybits); - return (ret_val); -} - - -int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16]) -{ - int ret; - -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_crypt_ecb (%s)*******\n", mode == MBEDTLS_AES_DECRYPT ? "decrypt" : "encrypt"); - mbedtls_printf("input:\n"); - for (int i = 1; i <= 16; i++) { - mbedtls_printf("%x\t", input[i - 1]); - if ((i % 8) == 0) { - mbedtls_printf("\n"); - } - } -#endif - - /* allow multi-instance of CRYP use: restore context for CRYP hw module */ - ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr; - ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; - ctx->hcryp_aes.Init.pKey = ctx->aes_key; - - /* Set the Algo if not configured till now */ - if (CRYP_AES_ECB != (ctx->hcryp_aes.Instance->CR & CRYP_AES_ECB)) { - ctx->hcryp_aes.Init.Algorithm = CRYP_AES_ECB; - - /* Configure the CRYP */ - HAL_CRYP_SetConfig(&ctx->hcryp_aes, &ctx->hcryp_aes.Init); - -#if TLSPRINT - mbedtls_printf(" ****** AES ECB algo configuration set : %ld *******\n", CRYP_AES_ECB); -#endif - } - - if (mode == MBEDTLS_AES_DECRYPT) { /* AES decryption */ - ret = mbedtls_internal_aes_decrypt(ctx, input, output); - if (ret) { - return ST_ERR_AES_BUSY; - } else { -#if TLSPRINT - mbedtls_printf("dec output :\n"); - for (int j = 1; j <= 16; j++) { - mbedtls_printf("%x\t", output[j - 1]); - if ((j % 8) == 0) { - mbedtls_printf("\n"); - } - } -#endif - } - } else { /* AES encryption */ - ret = mbedtls_internal_aes_encrypt(ctx, input, output); - if (ret) { - return ST_ERR_AES_BUSY; - } else { -#if TLSPRINT - mbedtls_printf("enc output :\n"); - for (int k = 1; k <= 16; k++) { - mbedtls_printf("%x\t", output[k - 1]); - if ((k % 8) == 0) { - mbedtls_printf("\n"); - } - } -#endif - } - } - /* allow multi-instance of CRYP use: save context for CRYP HW module CR */ - ctx->ctx_save_cr = ctx->hcryp_aes.Instance->CR; - - return (0); -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -static int st_cbc_restore_context(mbedtls_aes_context *ctx) -{ -#if TLSPRINT - mbedtls_printf(" ****** st_cbc_restore_context *******\n"); -#endif - /* allow multi-instance of CRYP use: restore context for CRYP hw module */ - ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr; - /* Re-initialize AES processor with proper parameters - and (re-)apply key and IV for multi context usecases */ - if (HAL_CRYP_DeInit(&ctx->hcryp_aes) != HAL_OK) { - return ST_ERR_AES_BUSY; - } - if (HAL_CRYP_Init(&ctx->hcryp_aes) != HAL_OK) { - return ST_ERR_AES_BUSY; - } - return 0; -} - -int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output) -{ - uint32_t tickstart; - uint32_t *iv_ptr = (uint32_t *)&iv[0]; - -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_crypt_cbc *******\n"); -#endif - - if (length % 16) { - return (MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH); - } - ctx->hcryp_aes.Init.pInitVect = (uint32_t *)&iv[0]; - if (st_cbc_restore_context(ctx) != 0) { - return (ST_ERR_AES_BUSY); - } - - /* Set the Algo if not configured till now */ - if (CRYP_AES_CBC != (ctx->hcryp_aes.Instance->CR & CRYP_AES_CBC)) { - ctx->hcryp_aes.Init.Algorithm = CRYP_AES_CBC; - - /* Configure the CRYP */ - HAL_CRYP_SetConfig(&ctx->hcryp_aes, &ctx->hcryp_aes.Init); - } - - if (mode == MBEDTLS_AES_DECRYPT) { - if (HAL_CRYP_Decrypt(&ctx->hcryp_aes, (uint32_t *)input, length / 4, (uint32_t *)output, 10) != HAL_OK) { - return ST_ERR_AES_BUSY; - } - /* Save the internal IV vector for multi context purpose */ - tickstart = HAL_GetTick(); - while ((ctx->hcryp_aes.Instance->SR & (CRYP_SR_IFEM | CRYP_SR_OFNE | CRYP_SR_BUSY)) != CRYP_SR_IFEM) { - if ((HAL_GetTick() - tickstart) > ST_AES_TIMEOUT) { - return ST_ERR_AES_BUSY; // timeout: CRYP processor is busy - } - } - ctx->ctx_save_cr = ctx->hcryp_aes.Instance->CR; // save here before overwritten - ctx->hcryp_aes.Instance->CR &= ~CRYP_CR_CRYPEN; - *iv_ptr++ = ctx->hcryp_aes.Instance->IV0LR; - *iv_ptr++ = ctx->hcryp_aes.Instance->IV0RR; - *iv_ptr++ = ctx->hcryp_aes.Instance->IV1LR; - *iv_ptr++ = ctx->hcryp_aes.Instance->IV1RR; - } else { - if (HAL_CRYP_Encrypt(&ctx->hcryp_aes, (uint32_t *)input, length / 4, (uint32_t *)output, 10) != HAL_OK) { - return ST_ERR_AES_BUSY; - } - memcpy(iv, output, 16); /* current output is the IV vector for the next call */ - ctx->ctx_save_cr = ctx->hcryp_aes.Instance->CR; - } - - return 0; -} -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output) -{ - int c; - size_t n = *iv_off; - -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_crypt_cfb128 *******\n"); -#endif - - if (mode == MBEDTLS_AES_DECRYPT) { - while (length--) { - if (n == 0) - if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv) != 0) { - return ST_ERR_AES_BUSY; - } - - c = *input++; - *output++ = (unsigned char)(c ^ iv[n]); - iv[n] = (unsigned char) c; - - n = (n + 1) & 0x0F; - } - } else { - while (length--) { - if (n == 0) - if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv) != 0) { - return ST_ERR_AES_BUSY; - } - - iv[n] = *output++ = (unsigned char)(iv[n] ^ *input++); - - n = (n + 1) & 0x0F; - } - } - - *iv_off = n; - - return (0); -} - - -int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output) -{ - unsigned char c; - unsigned char ov[17]; - -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_crypt_cfb8 *******\n"); -#endif - - while (length--) { - memcpy(ov, iv, 16); - if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv) != 0) { - return ST_ERR_AES_BUSY; - } - - if (mode == MBEDTLS_AES_DECRYPT) { - ov[16] = *input; - } - - c = *output++ = (unsigned char)(iv[0] ^ *input++); - - if (mode == MBEDTLS_AES_ENCRYPT) { - ov[16] = c; - } - - memcpy(iv, ov + 1, 16); - } - - return (0); -} - -#endif /*MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output) -{ - int c, i; - size_t n = *nc_off; - - while (length--) { - if (n == 0) { - if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block) != 0) { - return ST_ERR_AES_BUSY; - } - - for (i = 16; i > 0; i--) - if (++nonce_counter[i - 1] != 0) { - break; - } - } - c = *input++; - *output++ = (unsigned char)(c ^ stream_block[n]); - - n = (n + 1) & 0x0F; - } - - *nc_off = n; - - return (0); -} -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) -{ -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_internal_aes_encrypt *******\n"); -#endif - - if (HAL_CRYP_Encrypt(&ctx->hcryp_aes, (uint32_t *)input, 4, (uint32_t *)output, 10) != HAL_OK) { - // error found - return ST_ERR_AES_BUSY; - } - return 0; - -} - -int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) -{ -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_internal_aes_decrypt *******\n"); -#endif - - if (HAL_CRYP_Decrypt(&ctx->hcryp_aes, (uint32_t *)input, 4, (uint32_t *)output, 10) != HAL_OK) { - // error found - return ST_ERR_AES_BUSY; - } - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) -{ -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_encrypt *******\n"); -#endif - mbedtls_internal_aes_encrypt(ctx, input, output); -} - -void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) -{ -#if TLSPRINT - mbedtls_printf(" ****** mbedtls_aes_decrypt *******\n"); -#endif - mbedtls_internal_aes_decrypt(ctx, input, output); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /*MBEDTLS_AES_ALT*/ diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.h deleted file mode 100644 index e1654b8b6c..0000000000 --- a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F4/aes_alt.h +++ /dev/null @@ -1,307 +0,0 @@ -/* - * aes_alt.h AES block cipher - ******************************************************************************* - * Copyright (c) 2017, STMicroelectronics - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef MBEDTLS_AES_ALT_H -#define MBEDTLS_AES_ALT_H - - -#if defined(MBEDTLS_AES_ALT) -#include "mbedtls/platform.h" -#include "mbedtls/config.h" - -#include "cmsis.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define ST_AES_TIMEOUT ((uint32_t) 0xFF) /* 255 ms timeout for the crypto processor */ -#define ST_ERR_AES_BUSY (-0x0023) /* Crypto processor is busy, timeout occured */ -/** - * \brief AES context structure - * - * \note buf is able to hold 32 extra bytes, which can be used: - * - for alignment purposes if VIA padlock is used, and/or - * - to simplify key expansion in the 256-bit case by - * generating an extra round key - */ -typedef struct { - uint32_t aes_key[8]; /* Decryption key */ - CRYP_HandleTypeDef hcryp_aes; - uint32_t ctx_save_cr; /* save context for multi-instance */ -} -mbedtls_aes_context; - -/** - * \brief Initialize AES context - * - * \param ctx AES context to be initialized - */ -void mbedtls_aes_init(mbedtls_aes_context *ctx); - -/** - * \brief Clear AES context - * - * \param ctx AES context to be cleared - */ -void mbedtls_aes_free(mbedtls_aes_context *ctx); - -/** - * \brief AES key schedule (encryption) - * - * \param ctx AES context to be initialized - * \param key encryption key - * \param keybits must be 128, 192 or 256 - * - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH - */ -int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits); - -/** - * \brief AES key schedule (decryption) - * - * \param ctx AES context to be initialized - * \param key decryption key - * \param keybits must be 128, 192 or 256 - * - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH - */ -int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits); - -/** - * \brief AES-ECB block encryption/decryption - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block - * - * \return 0 if successful - */ -int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16]); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/** - * \brief AES-CBC buffer encryption/decryption - * Length should be a multiple of the block - * size (16 bytes) - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH - */ -int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/** - * \brief AES-CFB128 buffer encryption/decryption. - * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv_off offset in IV (updated after use) - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful - */ -int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output); - -/** - * \brief AES-CFB8 buffer encryption/decryption. - * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful - */ -int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output); -#endif /*MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/** - * \brief AES-CTR buffer encryption/decryption - * - * Warning: You have to keep the maximum use of your counter in mind! - * - * Note: Due to the nature of CTR you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. - * - * \param ctx AES context - * \param length The length of the data - * \param nc_off The offset in the current stream_block (for resuming - * within current cipher stream). The offset pointer to - * should be 0 at the start of a stream. - * \param nonce_counter The 128-bit nonce and counter. - * \param stream_block The saved stream-block for resuming. Is overwritten - * by the function. - * \param input The input data stream - * \param output The output data stream - * - * \return 0 if successful - */ -int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -/** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) - * - * \param ctx AES context - * \param input Plaintext block - * \param output Output (ciphertext) block - * - * \return 0 if successful - */ -int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); - -/** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) - * - * \param ctx AES context - * \param input Ciphertext block - * \param output Output (plaintext) block - * - * \return 0 if successful - */ -int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -/** - * \brief Deprecated internal AES block encryption function - * without return value. - * - * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 - * - * \param ctx AES context - * \param input Plaintext block - * \param output Output (ciphertext) block - */ -MBEDTLS_DEPRECATED void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); - -/** - * \brief Deprecated internal AES block decryption function - * without return value. - * - * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 - * - * \param ctx AES context - * \param input Ciphertext block - * \param output Output (plaintext) block - */ -MBEDTLS_DEPRECATED void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); - -#undef MBEDTLS_DEPRECATED -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_AES_ALT */ - -#endif /* MBEDTLS_AES_ALT_H */ - diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/aes_alt.c b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/aes_alt.c deleted file mode 100644 index 301c3389d9..0000000000 --- a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/aes_alt.c +++ /dev/null @@ -1,846 +0,0 @@ -/* -* FIPS-197 compliant AES implementation -* -* Copyright (C) 2006-2019, ARM Limited, All Rights Reserved -* SPDX-License-Identifier: Apache-2.0 -* -* Licensed under the Apache License, Version 2.0 (the "License"); you may -* not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -* -* Copyright (C) 2006-2019 STMicroelectronics, All Rights Reserved -* -* This file implements ST AES HW services based on API from mbed TLS -* -* The AES block cipher was designed by Vincent Rijmen and Joan Daemen. -* -* http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf -* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf -*/ - - -/* Includes ------------------------------------------------------------------*/ -#include "mbedtls/aes.h" - -#if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_AES_ALT) -#include "mbedtls/platform_util.h" -#include - -/* Parameter validation macros based on platform_util.h */ -#define AES_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) -#define AES_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - -/* Private typedef -----------------------------------------------------------*/ -/* Private define ------------------------------------------------------------*/ -#define TIMEOUT_VALUE 0xFF - -/* Private macro -------------------------------------------------------------*/ -#define SWAP_B32_TO_B8(b32,b8,i) \ -{ \ - (b8)[(i) + 3] = (unsigned char) ( ( (b32) ) & 0xFF ); \ - (b8)[(i) + 2] = (unsigned char) ( ( (b32) >> 8 ) & 0xFF ); \ - (b8)[(i) + 1] = (unsigned char) ( ( (b32) >> 16 ) & 0xFF ); \ - (b8)[(i) ] = (unsigned char) ( ( (b32) >> 24 ) & 0xFF ); \ -} - -#define SWAP_B8_TO_B32(b32,b8,i) \ -{ \ - (b32) = ( (uint32_t) (b8)[(i) + 3] ) \ - | ( (uint32_t) (b8)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b8)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b8)[(i) ] << 24 ); \ -} - -/* Private variables ---------------------------------------------------------*/ -/* Private function prototypes -----------------------------------------------*/ -/* Private functions ---------------------------------------------------------*/ -static int aes_set_key(mbedtls_aes_context *ctx, - const unsigned char *key, - unsigned int keybits) -{ - /* Deinitializes the CRYP peripheral */ - if (HAL_CRYP_DeInit(&ctx->hcryp_aes) == HAL_ERROR) { - return (HAL_ERROR); - } - - switch (keybits) { - case 128: - ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_128B;; - - SWAP_B8_TO_B32(ctx->aes_key[0], key, 0); - SWAP_B8_TO_B32(ctx->aes_key[1], key, 4); - SWAP_B8_TO_B32(ctx->aes_key[2], key, 8); - SWAP_B8_TO_B32(ctx->aes_key[3], key, 12); - - break; - case 192: - ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_192B; - - SWAP_B8_TO_B32(ctx->aes_key[0], key, 0); - SWAP_B8_TO_B32(ctx->aes_key[1], key, 4); - SWAP_B8_TO_B32(ctx->aes_key[2], key, 8); - SWAP_B8_TO_B32(ctx->aes_key[3], key, 12); - SWAP_B8_TO_B32(ctx->aes_key[4], key, 16); - SWAP_B8_TO_B32(ctx->aes_key[5], key, 20); - - break; - - case 256: - ctx->hcryp_aes.Init.KeySize = CRYP_KEYSIZE_256B; - - SWAP_B8_TO_B32(ctx->aes_key[0], key, 0); - SWAP_B8_TO_B32(ctx->aes_key[1], key, 4); - SWAP_B8_TO_B32(ctx->aes_key[2], key, 8); - SWAP_B8_TO_B32(ctx->aes_key[3], key, 12); - SWAP_B8_TO_B32(ctx->aes_key[4], key, 16); - SWAP_B8_TO_B32(ctx->aes_key[5], key, 20); - SWAP_B8_TO_B32(ctx->aes_key[6], key, 24); - SWAP_B8_TO_B32(ctx->aes_key[7], key, 28); - - break; - default : - return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); - } - - ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; - ctx->hcryp_aes.Instance = CRYP; - ctx->hcryp_aes.Init.pKey = ctx->aes_key; - - /* Enable CRYP clock */ - __HAL_RCC_CRYP_CLK_ENABLE(); - - if (HAL_CRYP_Init(&ctx->hcryp_aes) == HAL_ERROR) { - return (HAL_ERROR); - } - - /* allow multi-instance of CRYP use: save context for CRYP HW module CR */ - ctx->ctx_save_cr = ctx->hcryp_aes.Instance->CR; - return (0); - -} - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize(void *v, size_t n) -{ - volatile unsigned char *p = (unsigned char *)v; - while (n--) { - *p++ = 0; - } -} - -void mbedtls_aes_init(mbedtls_aes_context *ctx) -{ - AES_VALIDATE(ctx != NULL); - - memset(ctx, 0, sizeof(mbedtls_aes_context)); -} - - -void mbedtls_aes_free(mbedtls_aes_context *ctx) -{ - - if (ctx == NULL) { - return; - } - /* Force the CRYP Periheral Clock Reset */ - __HAL_RCC_CRYP_FORCE_RESET(); - - /* Release the CRYP Periheral Clock Reset */ - __HAL_RCC_CRYP_RELEASE_RESET(); - - mbedtls_zeroize(ctx, sizeof(mbedtls_aes_context)); -} - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx) -{ - AES_VALIDATE(ctx != NULL); - - mbedtls_aes_init(&ctx->crypt); - mbedtls_aes_init(&ctx->tweak); -} - -void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) -{ - if (ctx == NULL) { - return; - } - - mbedtls_aes_free(&ctx->crypt); - mbedtls_aes_free(&ctx->tweak); -} -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/* - * AES key schedule (encryption) - */ -int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits) -{ - int ret_val = 0; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(key != NULL); - - ret_val = aes_set_key(ctx, key, keybits); - return (ret_val); -} - -/* - * AES key schedule (decryption) - */ -int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits) -{ - int ret_val = 0; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(key != NULL); - - ret_val = aes_set_key(ctx, key, keybits); - return (ret_val); -} - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -static int mbedtls_aes_xts_decode_keys(const unsigned char *key, - unsigned int keybits, - const unsigned char **key1, - unsigned int *key1bits, - const unsigned char **key2, - unsigned int *key2bits) -{ - const unsigned int half_keybits = keybits / 2; - const unsigned int half_keybytes = half_keybits / 8; - - switch (keybits) { - case 256: - break; - case 512: - break; - default : - return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); - } - - *key1bits = half_keybits; - *key2bits = half_keybits; - *key1 = &key[0]; - *key2 = &key[half_keybytes]; - - return 0; -} - -int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) -{ - int ret; - const unsigned char *key1, *key2; - unsigned int key1bits, key2bits; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(key != NULL); - - ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits, - &key2, &key2bits); - if (ret != 0) { - return (ret); - } - - /* Set the tweak key. Always set tweak key for the encryption mode. */ - ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); - if (ret != 0) { - return (ret); - } - - /* Set crypt key for encryption. */ - return mbedtls_aes_setkey_enc(&ctx->crypt, key1, key1bits); -} - -int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) -{ - int ret; - const unsigned char *key1, *key2; - unsigned int key1bits, key2bits; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(key != NULL); - - ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits, - &key2, &key2bits); - if (ret != 0) { - return (ret); - } - - /* Set the tweak key. Always set tweak key for encryption. */ - ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); - if (ret != 0) { - return (ret); - } - - /* Set crypt key for decryption. */ - return mbedtls_aes_setkey_dec(&ctx->crypt, key1, key1bits); -} -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/* - * AES-ECB block encryption/decryption - */ -int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16]) -{ - int ret; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT); - - /* allow multi-instance of CRYP use: restore context for CRYP hw module */ - ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr; - - ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; - ctx->hcryp_aes.Init.pKey = ctx->aes_key; - - /* Set the Algo if not configured till now */ - if (CRYP_AES_ECB != ctx->hcryp_aes.Init.Algorithm) { - ctx->hcryp_aes.Init.Algorithm = CRYP_AES_ECB; - - /* Configure the CRYP */ - HAL_CRYP_SetConfig(&ctx->hcryp_aes, &ctx->hcryp_aes.Init); - } - - if (mode == MBEDTLS_AES_DECRYPT) { /* AES decryption */ - ret = mbedtls_internal_aes_decrypt(ctx, input, output); - if (ret) { - return ST_ERR_AES_BUSY; - } - } else { /* AES encryption */ - ret = mbedtls_internal_aes_encrypt(ctx, input, output); - if (ret) { - return ST_ERR_AES_BUSY; - } - } - /* allow multi-instance of CRYP use: save context for CRYP HW module CR */ - ctx->ctx_save_cr = ctx->hcryp_aes.Instance->CR; - - return (0); -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/* - * AES-CBC buffer encryption/decryption - */ -static int st_cbc_restore_context(mbedtls_aes_context *ctx) -{ - /* allow multi-instance of CRYP use: restore context for CRYP hw module */ - ctx->hcryp_aes.Instance->CR = ctx->ctx_save_cr; - /* Re-initialize AES processor with proper parameters - and (re-)apply key and IV for multi context usecases */ - if (HAL_CRYP_DeInit(&ctx->hcryp_aes) != HAL_OK) { - return ST_ERR_AES_BUSY; - } - if (HAL_CRYP_Init(&ctx->hcryp_aes) != HAL_OK) { - return ST_ERR_AES_BUSY; - } - return 0; -} - -int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output) -{ - uint32_t tickstart; - uint32_t *iv_ptr = (uint32_t *)&iv[0]; - - ALIGN_32BYTES(static uint32_t iv_32B[4]); - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT); - AES_VALIDATE_RET(iv != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - if (length % 16) { - return (MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH); - } - - if (st_cbc_restore_context(ctx) != 0) { - return (ST_ERR_AES_BUSY); - } - - /* Set the Algo if not configured till now */ - if (CRYP_AES_CBC != ctx->hcryp_aes.Init.Algorithm) { - ctx->hcryp_aes.Init.Algorithm = CRYP_AES_CBC; - } - - if (mode == MBEDTLS_AES_DECRYPT) { - ctx->hcryp_aes.Init.pInitVect = (uint32_t *)&iv[0]; - - /* reconfigure the CRYP */ - HAL_CRYP_SetConfig(&ctx->hcryp_aes, &ctx->hcryp_aes.Init); - - if (HAL_CRYP_Decrypt(&ctx->hcryp_aes, (uint32_t *)input, length / 4, (uint32_t *)output, TIMEOUT_VALUE) != HAL_OK) { - return ST_ERR_AES_BUSY; - } - - /* Save the internal IV vector for multi context purpose */ - tickstart = HAL_GetTick(); - while ((ctx->hcryp_aes.Instance->SR & (CRYP_SR_IFEM | CRYP_SR_OFNE | CRYP_SR_BUSY)) != CRYP_SR_IFEM) { - if ((HAL_GetTick() - tickstart) > ST_AES_TIMEOUT) { - return ST_ERR_AES_BUSY; // timeout: CRYP processor is busy - } - } - ctx->ctx_save_cr = ctx->hcryp_aes.Instance->CR; // save here before overwritten - ctx->hcryp_aes.Instance->CR &= ~CRYP_CR_CRYPEN; - *iv_ptr++ = ctx->hcryp_aes.Instance->IV0LR; - *iv_ptr++ = ctx->hcryp_aes.Instance->IV0RR; - *iv_ptr++ = ctx->hcryp_aes.Instance->IV1LR; - *iv_ptr++ = ctx->hcryp_aes.Instance->IV1RR; - } else { - ctx->hcryp_aes.Init.DataType = CRYP_DATATYPE_8B; - ctx->hcryp_aes.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE; - - SWAP_B8_TO_B32(iv_32B[0], iv, 0); - SWAP_B8_TO_B32(iv_32B[1], iv, 4); - SWAP_B8_TO_B32(iv_32B[2], iv, 8); - SWAP_B8_TO_B32(iv_32B[3], iv, 12); - - ctx->hcryp_aes.Init.pInitVect = iv_32B; - - /* reconfigure the CRYP */ - HAL_CRYP_SetConfig(&ctx->hcryp_aes, &ctx->hcryp_aes.Init); - - if (HAL_CRYP_Encrypt(&ctx->hcryp_aes, (uint32_t *)input, length, (uint32_t *)output, TIMEOUT_VALUE) != HAL_OK) { - return ST_ERR_AES_BUSY; - } - - memcpy(iv, output, 16); /* current output is the IV vector for the next call */ - ctx->ctx_save_cr = ctx->hcryp_aes.Instance->CR; - } - - return 0; -} -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_XTS) - -/* Endianess with 64 bits values */ -#ifndef GET_UINT64_LE -#define GET_UINT64_LE(n,b,i) \ -{ \ - (n) = ( (uint64_t) (b)[(i) + 7] << 56 ) \ - | ( (uint64_t) (b)[(i) + 6] << 48 ) \ - | ( (uint64_t) (b)[(i) + 5] << 40 ) \ - | ( (uint64_t) (b)[(i) + 4] << 32 ) \ - | ( (uint64_t) (b)[(i) + 3] << 24 ) \ - | ( (uint64_t) (b)[(i) + 2] << 16 ) \ - | ( (uint64_t) (b)[(i) + 1] << 8 ) \ - | ( (uint64_t) (b)[(i) ] ); \ -} -#endif - -#ifndef PUT_UINT64_LE -#define PUT_UINT64_LE(n,b,i) \ -{ \ - (b)[(i) + 7] = (unsigned char) ( (n) >> 56 ); \ - (b)[(i) + 6] = (unsigned char) ( (n) >> 48 ); \ - (b)[(i) + 5] = (unsigned char) ( (n) >> 40 ); \ - (b)[(i) + 4] = (unsigned char) ( (n) >> 32 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) ] = (unsigned char) ( (n) ); \ -} -#endif - -/* - * GF(2^128) multiplication function - * - * This function multiplies a field element by x in the polynomial field - * representation. It uses 64-bit word operations to gain speed but compensates - * for machine endianess and hence works correctly on both big and little - * endian machines. - */ -static void mbedtls_gf128mul_x_ble(unsigned char r[16], - const unsigned char x[16]) -{ - uint64_t a, b, ra, rb; - - GET_UINT64_LE(a, x, 0); - GET_UINT64_LE(b, x, 8); - - ra = (a << 1) ^ 0x0087 >> (8 - ((b >> 63) << 3)); - rb = (a >> 63) | (b << 1); - - PUT_UINT64_LE(ra, r, 0); - PUT_UINT64_LE(rb, r, 8); -} - -/* - * AES-XTS buffer encryption/decryption - */ -int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output) -{ - int ret; - size_t blocks = length / 16; - size_t leftover = length % 16; - unsigned char tweak[16]; - unsigned char prev_tweak[16]; - unsigned char tmp[16]; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT); - AES_VALIDATE_RET(data_unit != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - /* Data units must be at least 16 bytes long. */ - if (length < 16) { - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - } - - /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */ - if (length > (1 << 20) * 16) { - return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; - } - - /* Compute the tweak. */ - ret = mbedtls_aes_crypt_ecb(&ctx->tweak, MBEDTLS_AES_ENCRYPT, - data_unit, tweak); - if (ret != 0) { - return (ret); - } - - while (blocks--) { - size_t i; - - if (leftover && (mode == MBEDTLS_AES_DECRYPT) && blocks == 0) { - /* We are on the last block in a decrypt operation that has - * leftover bytes, so we need to use the next tweak for this block, - * and this tweak for the lefover bytes. Save the current tweak for - * the leftovers and then update the current tweak for use on this, - * the last full block. */ - memcpy(prev_tweak, tweak, sizeof(tweak)); - mbedtls_gf128mul_x_ble(tweak, tweak); - } - - for (i = 0; i < 16; i++) { - tmp[i] = input[i] ^ tweak[i]; - } - - ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); - if (ret != 0) { - return (ret); - } - - for (i = 0; i < 16; i++) { - output[i] = tmp[i] ^ tweak[i]; - } - - /* Update the tweak for the next block. */ - mbedtls_gf128mul_x_ble(tweak, tweak); - - output += 16; - input += 16; - } - - if (leftover) { - /* If we are on the leftover bytes in a decrypt operation, we need to - * use the previous tweak for these bytes (as saved in prev_tweak). */ - unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak; - - /* We are now on the final part of the data unit, which doesn't divide - * evenly by 16. It's time for ciphertext stealing. */ - size_t i; - unsigned char *prev_output = output - 16; - - /* Copy ciphertext bytes from the previous block to our output for each - * byte of cyphertext we won't steal. At the same time, copy the - * remainder of the input for this final round (since the loop bounds - * are the same). */ - for (i = 0; i < leftover; i++) { - output[i] = prev_output[i]; - tmp[i] = input[i] ^ t[i]; - } - - /* Copy ciphertext bytes from the previous block for input in this - * round. */ - for (; i < 16; i++) { - tmp[i] = prev_output[i] ^ t[i]; - } - - ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); - if (ret != 0) { - return ret; - } - - /* Write the result back to the previous block, overriding the previous - * output we copied. */ - for (i = 0; i < 16; i++) { - prev_output[i] = tmp[i] ^ t[i]; - } - } - - return (0); -} -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/* - * AES-CFB128 buffer encryption/decryption - */ -int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output) -{ - int c; - size_t n; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT); - AES_VALIDATE_RET(iv_off != NULL); - AES_VALIDATE_RET(iv != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - n = *iv_off; - - if (mode == MBEDTLS_AES_DECRYPT) { - while (length--) { - if (n == 0) - if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv) != 0) { - return ST_ERR_AES_BUSY; - } - - c = *input++; - *output++ = (unsigned char)(c ^ iv[n]); - iv[n] = (unsigned char) c; - - n = (n + 1) & 0x0F; - } - } else { - while (length--) { - if (n == 0) - if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv) != 0) { - return ST_ERR_AES_BUSY; - } - - iv[n] = *output++ = (unsigned char)(iv[n] ^ *input++); - - n = (n + 1) & 0x0F; - } - } - - *iv_off = n; - - return (0); -} - -/* - * AES-CFB8 buffer encryption/decryption - */ -int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output) -{ - unsigned char c; - unsigned char ov[17]; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT); - AES_VALIDATE_RET(iv != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - while (length--) { - memcpy(ov, iv, 16); - if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv) != 0) { - return ST_ERR_AES_BUSY; - } - - if (mode == MBEDTLS_AES_DECRYPT) { - ov[16] = *input; - } - - c = *output++ = (unsigned char)(iv[0] ^ *input++); - - if (mode == MBEDTLS_AES_ENCRYPT) { - ov[16] = c; - } - - memcpy(iv, ov + 1, 16); - } - - return (0); -} - -#endif /*MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_OFB) -/* - * AES-OFB (Output Feedback Mode) buffer encryption/decryption - */ -int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output) -{ - int ret = 0; - size_t n; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(iv_off != NULL); - AES_VALIDATE_RET(iv != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - n = *iv_off; - - if (n > 15) { - return (MBEDTLS_ERR_AES_BAD_INPUT_DATA); - } - - while (length--) { - if (n == 0) { - ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); - if (ret != 0) { - goto exit; - } - } - *output++ = *input++ ^ iv[n]; - - n = (n + 1) & 0x0F; - } - - *iv_off = n; - -exit: - return (ret); -} -#endif /* MBEDTLS_CIPHER_MODE_OFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/* - * AES-CTR buffer encryption/decryption - */ -int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output) -{ - int c, i; - size_t n; - - AES_VALIDATE_RET(ctx != NULL); - AES_VALIDATE_RET(nc_off != NULL); - AES_VALIDATE_RET(nonce_counter != NULL); - AES_VALIDATE_RET(stream_block != NULL); - AES_VALIDATE_RET(input != NULL); - AES_VALIDATE_RET(output != NULL); - - n = *nc_off; - - while (length--) { - if (n == 0) { - if (mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block) != 0) { - return ST_ERR_AES_BUSY; - } - - for (i = 16; i > 0; i--) - if (++nonce_counter[i - 1] != 0) { - break; - } - } - c = *input++; - *output++ = (unsigned char)(c ^ stream_block[n]); - - n = (n + 1) & 0x0F; - } - - *nc_off = n; - - return (0); -} -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) -{ - - if (HAL_CRYP_Encrypt(&ctx->hcryp_aes, (uint32_t *)input, 4, (uint32_t *)output, TIMEOUT_VALUE) != HAL_OK) { - // error found - return ST_ERR_AES_BUSY; - } - return 0; - -} - -int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) -{ - if (HAL_CRYP_Decrypt(&ctx->hcryp_aes, (uint32_t *)input, 4, (uint32_t *)output, TIMEOUT_VALUE) != HAL_OK) { - // error found - return ST_ERR_AES_BUSY; - } - return 0; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) -{ - mbedtls_internal_aes_encrypt(ctx, input, output); -} - -void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) -{ - mbedtls_internal_aes_decrypt(ctx, input, output); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /*MBEDTLS_AES_ALT*/ -#endif /* MBEDTLS_AES_C */ diff --git a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/aes_alt.h b/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/aes_alt.h deleted file mode 100644 index 10ca5d771c..0000000000 --- a/features/mbedtls/targets/TARGET_STM/TARGET_STM32F7/aes_alt.h +++ /dev/null @@ -1,502 +0,0 @@ -/** - * \file aes_alt.h - * - * \brief This file contains AES definitions and functions. - * - * The Advanced Encryption Standard (AES) specifies a FIPS-approved - * cryptographic algorithm that can be used to protect electronic - * data. - * - * The AES algorithm is a symmetric block cipher that can - * encrypt and decrypt information. For more information, see - * FIPS Publication 197: Advanced Encryption Standard and - * ISO/IEC 18033-2:2006: Information technology -- Security - * techniques -- Encryption algorithms -- Part 2: Asymmetric - * ciphers. - * - * The AES-XTS block mode is standardized by NIST SP 800-38E - * - * and described in detail by IEEE P1619 - * . - */ - -/* Copyright (C) 2006-2019, ARM Limited, All Rights Reserved. - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Copyright (C) 2006-2019 STMicroelectronics, All Rights Reserved - * - * This file implements ST AES HW services based on API from mbed TLS - */ - -#ifndef MBEDTLS_AES_ALT_H -#define MBEDTLS_AES_ALT_H - -#if defined(MBEDTLS_AES_ALT) -#include "mbedtls/platform.h" - -#include "cmsis.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define ST_AES_TIMEOUT ((uint32_t) 0xFF) /* 255 ms timeout for the crypto processor */ -#define ST_ERR_AES_BUSY (-0x0023) /* Crypto processor is busy, timeout occured */ -/** - * \brief AES context structure - * - * \note buf is able to hold 32 extra bytes, which can be used: - * - for alignment purposes if VIA padlock is used, and/or - * - to simplify key expansion in the 256-bit case by - * generating an extra round key - */ -typedef struct { - uint32_t aes_key[8]; /* Decryption key */ - CRYP_HandleTypeDef hcryp_aes; - uint32_t ctx_save_cr; /* save context for multi-instance */ -} -mbedtls_aes_context; - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief The AES XTS context-type definition. - */ -typedef struct mbedtls_aes_xts_context { - mbedtls_aes_context crypt; /*!< The AES context to use for AES block - encryption or decryption. */ - mbedtls_aes_context tweak; /*!< The AES context used for tweak - computation. */ -} mbedtls_aes_xts_context; -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/** - * \brief Initialize AES context - * - * \param ctx AES context to be initialized - */ -void mbedtls_aes_init(mbedtls_aes_context *ctx); - -/** - * \brief Clear AES context - * - * \param ctx AES context to be cleared - */ -void mbedtls_aes_free(mbedtls_aes_context *ctx); - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief This function initializes the specified AES XTS context. - * - * It must be the first API called before using - * the context. - * - * \param ctx The AES XTS context to initialize. This must not be \c NULL. - */ -void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx); - -/** - * \brief This function releases and clears the specified AES XTS context. - * - * \param ctx The AES XTS context to clear. - * If this is \c NULL, this function does nothing. - * Otherwise, the context must have been at least initialized. - */ -void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx); -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/** - * \brief AES key schedule (encryption) - * - * \param ctx AES context to be initialized - * \param key encryption key - * \param keybits must be 128, 192 or 256 - * - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH - */ -int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits); - -/** - * \brief AES key schedule (decryption) - * - * \param ctx AES context to be initialized - * \param key decryption key - * \param keybits must be 128, 192 or 256 - * - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH - */ -int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits); - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief This function prepares an XTS context for encryption and - * sets the encryption key. - * - * \param ctx The AES XTS context to which the key should be bound. - * It must be initialized. - * \param key The encryption key. This is comprised of the XTS key1 - * concatenated with the XTS key2. - * This must be a readable buffer of size \p keybits bits. - * \param keybits The size of \p key passed in bits. Valid options are: - *
  • 256 bits (each of key1 and key2 is a 128-bit key)
    • - *
  • 512 bits (each of key1 and key2 is a 256-bit key)
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits); - -/** - * \brief This function prepares an XTS context for decryption and - * sets the decryption key. - * - * \param ctx The AES XTS context to which the key should be bound. - * It must be initialized. - * \param key The decryption key. This is comprised of the XTS key1 - * concatenated with the XTS key2. - * This must be a readable buffer of size \p keybits bits. - * \param keybits The size of \p key passed in bits. Valid options are: - *
  • 256 bits (each of key1 and key2 is a 128-bit key)
    • - *
  • 512 bits (each of key1 and key2 is a 256-bit key)
- * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. - */ -int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits); -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -/** - * \brief AES-ECB block encryption/decryption - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block - * - * \return 0 if successful - */ -int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16]); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/** - * \brief AES-CBC buffer encryption/decryption - * Length should be a multiple of the block - * size (16 bytes) - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH - */ -int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_XTS) -/** - * \brief This function performs an AES-XTS encryption or decryption - * operation for an entire XTS data unit. - * - * AES-XTS encrypts or decrypts blocks based on their location as - * defined by a data unit number. The data unit number must be - * provided by \p data_unit. - * - * NIST SP 800-38E limits the maximum size of a data unit to 2^20 - * AES blocks. If the data unit is larger than this, this function - * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH. - * - * \param ctx The AES XTS context to use for AES XTS operations. - * It must be initialized and bound to a key. - * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or - * #MBEDTLS_AES_DECRYPT. - * \param length The length of a data unit in Bytes. This can be any - * length between 16 bytes and 2^24 bytes inclusive - * (between 1 and 2^20 block cipher blocks). - * \param data_unit The address of the data unit encoded as an array of 16 - * bytes in little-endian format. For disk encryption, this - * is typically the index of the block device sector that - * contains the data. - * \param input The buffer holding the input data (which is an entire - * data unit). This function reads \p length Bytes from \p - * input. - * \param output The buffer holding the output data (which is an entire - * data unit). This function writes \p length Bytes to \p - * output. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is - * smaller than an AES block in size (16 Bytes) or if \p - * length is larger than 2^20 blocks (16 MiB). - */ -int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output); -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/** - * \brief AES-CFB128 buffer encryption/decryption. - * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv_off offset in IV (updated after use) - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful - */ -int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output); - -/** - * \brief AES-CFB8 buffer encryption/decryption. - * - * Note: Due to the nature of CFB you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if successful - */ -int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output); -#endif /*MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_OFB) -/** - * \brief This function performs an AES-OFB (Output Feedback Mode) - * encryption or decryption operation. - * - * For OFB, you must set up the context with - * mbedtls_aes_setkey_enc(), regardless of whether you are - * performing an encryption or decryption operation. This is - * because OFB mode uses the same key schedule for encryption and - * decryption. - * - * The OFB operation is identical for encryption or decryption, - * therefore no operation mode needs to be specified. - * - * \note Upon exit, the content of iv, the Initialisation Vector, is - * updated so that you can call the same function again on the next - * block(s) of data and get the same result as if it was encrypted - * in one call. This allows a "streaming" usage, by initialising - * iv_off to 0 before the first call, and preserving its value - * between calls. - * - * For non-streaming use, the iv should be initialised on each call - * to a unique value, and iv_off set to 0 on each call. - * - * If you need to retain the contents of the initialisation vector, - * you must either save it manually or use the cipher module - * instead. - * - * \warning For the OFB mode, the initialisation vector must be unique - * every encryption operation. Reuse of an initialisation vector - * will compromise security. - * - * \param ctx The AES context to use for encryption or decryption. - * It must be initialized and bound to a key. - * \param length The length of the input data. - * \param iv_off The offset in IV (updated after use). - * It must point to a valid \c size_t. - * \param iv The initialization vector (updated after use). - * It must be a readable and writeable buffer of \c 16 Bytes. - * \param input The buffer holding the input data. - * It must be readable and of size \p length Bytes. - * \param output The buffer holding the output data. - * It must be writeable and of size \p length Bytes. - * - * \return \c 0 on success. - */ -int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output); - -#endif /* MBEDTLS_CIPHER_MODE_OFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/** - * \brief AES-CTR buffer encryption/decryption - * - * Warning: You have to keep the maximum use of your counter in mind! - * - * Note: Due to the nature of CTR you should use the same key schedule for - * both encryption and decryption. So a context initialized with - * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT. - * - * \param ctx AES context - * \param length The length of the data - * \param nc_off The offset in the current stream_block (for resuming - * within current cipher stream). The offset pointer to - * should be 0 at the start of a stream. - * \param nonce_counter The 128-bit nonce and counter. - * \param stream_block The saved stream-block for resuming. Is overwritten - * by the function. - * \param input The input data stream - * \param output The output data stream - * - * \return 0 if successful - */ -int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -/** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) - * - * \param ctx AES context - * \param input Plaintext block - * \param output Output (ciphertext) block - * - * \return 0 if successful - */ -int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); - -/** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) - * - * \param ctx AES context - * \param input Ciphertext block - * \param output Output (plaintext) block - * - * \return 0 if successful - */ -int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -/** - * \brief Deprecated internal AES block encryption function - * without return value. - * - * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 - * - * \param ctx AES context - * \param input Plaintext block - * \param output Output (ciphertext) block - */ -MBEDTLS_DEPRECATED void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); - -/** - * \brief Deprecated internal AES block decryption function - * without return value. - * - * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 - * - * \param ctx AES context - * \param input Ciphertext block - * \param output Output (plaintext) block - */ -MBEDTLS_DEPRECATED void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); - -#undef MBEDTLS_DEPRECATED -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_AES_ALT */ - -#endif /* MBEDTLS_AES_ALT_H */ -