Blame - drivers/auth/mbedtls/mbedtls_crypto.c - filogic/atf

blob: 6d6364f326ee75a2e649ea49ce523f3c4c949ef8 [file] [log] [blame]

Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	1	/*
Govindraj Raja	9c7dfb0	2023-01-11 18:34:58 +0000	[diff] [blame]	2	* Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	3	*
dp-arm	fa3cf0b	2017-05-03 09:38:09 +0100	[diff] [blame]	4	* SPDX-License-Identifier: BSD-3-Clause
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	5	*/
				6
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	7	#include <assert.h>
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	8	#include <stddef.h>
				9	#include <string.h>
				10
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	11	/* mbed TLS headers */
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	12	#include <mbedtls/gcm.h>
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	13	#include <mbedtls/md.h>
				14	#include <mbedtls/memory_buffer_alloc.h>
				15	#include <mbedtls/oid.h>
				16	#include <mbedtls/platform.h>
Govindraj Raja	9c7dfb0	2023-01-11 18:34:58 +0000	[diff] [blame]	17	#include <mbedtls/version.h>
Madhukar Pappireddy	57eaae8	2020-03-05 18:18:40 -0600	[diff] [blame]	18	#include <mbedtls/x509.h>
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	19
Antonio Nino Diaz	e0f9063	2018-12-14 00:18:21 +0000	[diff] [blame]	20	#include <common/debug.h>
				21	#include <drivers/auth/crypto_mod.h>
				22	#include <drivers/auth/mbedtls/mbedtls_common.h>
Govindraj Raja	9c7dfb0	2023-01-11 18:34:58 +0000	[diff] [blame]	23
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	24	#include <plat/common/platform.h>
Antonio Nino Diaz	e0f9063	2018-12-14 00:18:21 +0000	[diff] [blame]	25
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	26	#define LIB_NAME "mbed TLS"
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	27
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	28	#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY \|\| \
				29	CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
Manish V Badarkhe	e112a5a	2021-10-06 23:41:50 +0100	[diff] [blame]	30	/*
				31	* CRYPTO_MD_MAX_SIZE value is as per current stronger algorithm available
				32	* so make sure that mbed TLS MD maximum size must be lesser than this.
				33	*/
				34	CASSERT(CRYPTO_MD_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE,
				35	assert_mbedtls_md_size_overflow);
				36
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	37	#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY \|\| \
				38	CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
Manish V Badarkhe	e112a5a	2021-10-06 23:41:50 +0100	[diff] [blame]	39
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	40	/*
				41	* AlgorithmIdentifier ::= SEQUENCE {
				42	* algorithm OBJECT IDENTIFIER,
				43	* parameters ANY DEFINED BY algorithm OPTIONAL
				44	* }
				45	*
				46	* SubjectPublicKeyInfo ::= SEQUENCE {
				47	* algorithm AlgorithmIdentifier,
				48	* subjectPublicKey BIT STRING
				49	* }
				50	*
				51	* DigestInfo ::= SEQUENCE {
				52	* digestAlgorithm AlgorithmIdentifier,
				53	* digest OCTET STRING
				54	* }
				55	*/
				56
				57	/*
				58	* Initialize the library and export the descriptor
				59	*/
				60	static void init(void)
				61	{
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	62	/* Initialize mbed TLS */
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	63	mbedtls_init();
				64	}
				65
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	66	#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY \|\| \
				67	CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	68	/*
				69	* Verify a signature.
				70	*
				71	* Parameters are passed using the DER encoding format following the ASN.1
				72	* structures detailed above.
				73	*/
				74	static int verify_signature(void *data_ptr, unsigned int data_len,
				75	void *sig_ptr, unsigned int sig_len,
				76	void *sig_alg, unsigned int sig_alg_len,
				77	void *pk_ptr, unsigned int pk_len)
				78	{
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	79	mbedtls_asn1_buf sig_oid, sig_params;
				80	mbedtls_asn1_buf signature;
				81	mbedtls_md_type_t md_alg;
				82	mbedtls_pk_type_t pk_alg;
Soby Mathew	0a68d13	2017-05-31 10:35:27 +0100	[diff] [blame]	83	mbedtls_pk_context pk = {0};
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	84	int rc;
				85	void *sig_opts = NULL;
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	86	const mbedtls_md_info_t *md_info;
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	87	unsigned char p, end;
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	88	unsigned char hash[MBEDTLS_MD_MAX_SIZE];
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	89
				90	/* Get pointers to signature OID and parameters */
				91	p = (unsigned char *)sig_alg;
				92	end = (unsigned char *)(p + sig_alg_len);
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	93	rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, &sig_params);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	94	if (rc != 0) {
				95	return CRYPTO_ERR_SIGNATURE;
				96	}
				97
				98	/* Get the actual signature algorithm (MD + PK) */
Soby Mathew	0a68d13	2017-05-31 10:35:27 +0100	[diff] [blame]	99	rc = mbedtls_x509_get_sig_alg(&sig_oid, &sig_params, &md_alg, &pk_alg, &sig_opts);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	100	if (rc != 0) {
				101	return CRYPTO_ERR_SIGNATURE;
				102	}
				103
				104	/* Parse the public key */
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	105	mbedtls_pk_init(&pk);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	106	p = (unsigned char *)pk_ptr;
				107	end = (unsigned char *)(p + pk_len);
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	108	rc = mbedtls_pk_parse_subpubkey(&p, end, &pk);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	109	if (rc != 0) {
Soby Mathew	0a68d13	2017-05-31 10:35:27 +0100	[diff] [blame]	110	rc = CRYPTO_ERR_SIGNATURE;
				111	goto end2;
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	112	}
				113
				114	/* Get the signature (bitstring) */
				115	p = (unsigned char *)sig_ptr;
				116	end = (unsigned char *)(p + sig_len);
				117	signature.tag = *p;
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	118	rc = mbedtls_asn1_get_bitstring_null(&p, end, &signature.len);
Demi Marie Obenour	447adc0	2022-12-08 15:24:10 -0500	[diff] [blame]	119	if ((rc != 0) \|\| ((size_t)(end - p) != signature.len)) {
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	120	rc = CRYPTO_ERR_SIGNATURE;
Soby Mathew	0a68d13	2017-05-31 10:35:27 +0100	[diff] [blame]	121	goto end1;
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	122	}
				123	signature.p = p;
				124
				125	/* Calculate the hash of the data */
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	126	md_info = mbedtls_md_info_from_type(md_alg);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	127	if (md_info == NULL) {
				128	rc = CRYPTO_ERR_SIGNATURE;
Soby Mathew	0a68d13	2017-05-31 10:35:27 +0100	[diff] [blame]	129	goto end1;
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	130	}
				131	p = (unsigned char *)data_ptr;
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	132	rc = mbedtls_md(md_info, p, data_len, hash);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	133	if (rc != 0) {
				134	rc = CRYPTO_ERR_SIGNATURE;
Soby Mathew	0a68d13	2017-05-31 10:35:27 +0100	[diff] [blame]	135	goto end1;
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	136	}
				137
				138	/* Verify the signature */
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	139	rc = mbedtls_pk_verify_ext(pk_alg, sig_opts, &pk, md_alg, hash,
				140	mbedtls_md_get_size(md_info),
				141	signature.p, signature.len);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	142	if (rc != 0) {
				143	rc = CRYPTO_ERR_SIGNATURE;
Soby Mathew	0a68d13	2017-05-31 10:35:27 +0100	[diff] [blame]	144	goto end1;
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	145	}
				146
				147	/* Signature verification success */
				148	rc = CRYPTO_SUCCESS;
				149
Soby Mathew	0a68d13	2017-05-31 10:35:27 +0100	[diff] [blame]	150	end1:
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	151	mbedtls_pk_free(&pk);
Soby Mathew	0a68d13	2017-05-31 10:35:27 +0100	[diff] [blame]	152	end2:
				153	mbedtls_free(sig_opts);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	154	return rc;
				155	}
				156
				157	/*
				158	* Match a hash
				159	*
				160	* Digest info is passed in DER format following the ASN.1 structure detailed
				161	* above.
				162	*/
				163	static int verify_hash(void *data_ptr, unsigned int data_len,
				164	void *digest_info_ptr, unsigned int digest_info_len)
				165	{
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	166	mbedtls_asn1_buf hash_oid, params;
				167	mbedtls_md_type_t md_alg;
				168	const mbedtls_md_info_t *md_info;
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	169	unsigned char p, end, *hash;
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	170	unsigned char data_hash[MBEDTLS_MD_MAX_SIZE];
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	171	size_t len;
				172	int rc;
				173
Demi Marie Obenour	ae26664	2022-12-08 15:24:01 -0500	[diff] [blame]	174	/*
				175	* Digest info should be an MBEDTLS_ASN1_SEQUENCE
				176	* and consume all bytes.
				177	*/
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	178	p = (unsigned char *)digest_info_ptr;
Sandrine Bailleux	df8de2d	2016-01-04 15:49:23 +0000	[diff] [blame]	179	end = p + digest_info_len;
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	180	rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED \|
				181	MBEDTLS_ASN1_SEQUENCE);
Demi Marie Obenour	ae26664	2022-12-08 15:24:01 -0500	[diff] [blame]	182	if (rc != 0 \|\| ((size_t)(end - p) != len)) {
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	183	return CRYPTO_ERR_HASH;
				184	}
				185
				186	/* Get the hash algorithm */
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	187	rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	188	if (rc != 0) {
				189	return CRYPTO_ERR_HASH;
				190	}
				191
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	192	rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	193	if (rc != 0) {
				194	return CRYPTO_ERR_HASH;
				195	}
				196
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	197	md_info = mbedtls_md_info_from_type(md_alg);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	198	if (md_info == NULL) {
				199	return CRYPTO_ERR_HASH;
				200	}
				201
Demi Marie Obenour	ae26664	2022-12-08 15:24:01 -0500	[diff] [blame]	202	/* Hash should be octet string type and consume all bytes */
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	203	rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
Demi Marie Obenour	ae26664	2022-12-08 15:24:01 -0500	[diff] [blame]	204	if ((rc != 0) \|\| ((size_t)(end - p) != len)) {
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	205	return CRYPTO_ERR_HASH;
				206	}
				207
				208	/* Length of hash must match the algorithm's size */
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	209	if (len != mbedtls_md_get_size(md_info)) {
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	210	return CRYPTO_ERR_HASH;
				211	}
				212	hash = p;
				213
				214	/* Calculate the hash of the data */
				215	p = (unsigned char *)data_ptr;
Juan Castillo	bae6b2a	2015-11-05 09:24:53 +0000	[diff] [blame]	216	rc = mbedtls_md(md_info, p, data_len, data_hash);
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	217	if (rc != 0) {
				218	return CRYPTO_ERR_HASH;
				219	}
				220
				221	/* Compare values */
Antonio Nino Diaz	0ca1afa	2017-02-09 10:26:54 +0000	[diff] [blame]	222	rc = memcmp(data_hash, hash, mbedtls_md_get_size(md_info));
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	223	if (rc != 0) {
				224	return CRYPTO_ERR_HASH;
				225	}
				226
				227	return CRYPTO_SUCCESS;
				228	}
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	229	#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY \|\| \
				230	CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	231
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	232	#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY \|\| \
				233	CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
Alexei Fedorov	913cb7e	2020-01-23 14:27:38 +0000	[diff] [blame]	234	/*
Manish V Badarkhe	e112a5a	2021-10-06 23:41:50 +0100	[diff] [blame]	235	* Map a generic crypto message digest algorithm to the corresponding macro used
				236	* by Mbed TLS.
				237	*/
				238	static inline mbedtls_md_type_t md_type(enum crypto_md_algo algo)
				239	{
				240	switch (algo) {
				241	case CRYPTO_MD_SHA512:
				242	return MBEDTLS_MD_SHA512;
				243	case CRYPTO_MD_SHA384:
				244	return MBEDTLS_MD_SHA384;
				245	case CRYPTO_MD_SHA256:
				246	return MBEDTLS_MD_SHA256;
				247	default:
				248	/* Invalid hash algorithm. */
				249	return MBEDTLS_MD_NONE;
				250	}
				251	}
				252
				253	/*
Alexei Fedorov	913cb7e	2020-01-23 14:27:38 +0000	[diff] [blame]	254	* Calculate a hash
				255	*
				256	* output points to the computed hash
				257	*/
Manish V Badarkhe	e112a5a	2021-10-06 23:41:50 +0100	[diff] [blame]	258	static int calc_hash(enum crypto_md_algo md_algo, void *data_ptr,
				259	unsigned int data_len,
				260	unsigned char output[CRYPTO_MD_MAX_SIZE])
Alexei Fedorov	913cb7e	2020-01-23 14:27:38 +0000	[diff] [blame]	261	{
				262	const mbedtls_md_info_t *md_info;
				263
Manish V Badarkhe	e112a5a	2021-10-06 23:41:50 +0100	[diff] [blame]	264	md_info = mbedtls_md_info_from_type(md_type(md_algo));
Alexei Fedorov	913cb7e	2020-01-23 14:27:38 +0000	[diff] [blame]	265	if (md_info == NULL) {
				266	return CRYPTO_ERR_HASH;
				267	}
				268
Manish V Badarkhe	e112a5a	2021-10-06 23:41:50 +0100	[diff] [blame]	269	/*
				270	* Calculate the hash of the data, it is safe to pass the
				271	* 'output' hash buffer pointer considering its size is always
				272	* bigger than or equal to MBEDTLS_MD_MAX_SIZE.
				273	*/
Alexei Fedorov	913cb7e	2020-01-23 14:27:38 +0000	[diff] [blame]	274	return mbedtls_md(md_info, data_ptr, data_len, output);
				275	}
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	276	#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY \|\| \
				277	CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
Alexei Fedorov	913cb7e	2020-01-23 14:27:38 +0000	[diff] [blame]	278
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	279	#if TF_MBEDTLS_USE_AES_GCM
				280	/*
				281	* Stack based buffer allocation for decryption operation. It could
				282	* be configured to balance stack usage vs execution speed.
				283	*/
				284	#define DEC_OP_BUF_SIZE 128
				285
				286	static int aes_gcm_decrypt(void data_ptr, size_t len, const void key,
				287	unsigned int key_len, const void *iv,
				288	unsigned int iv_len, const void *tag,
				289	unsigned int tag_len)
				290	{
				291	mbedtls_gcm_context ctx;
				292	mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
				293	unsigned char buf[DEC_OP_BUF_SIZE];
				294	unsigned char tag_buf[CRYPTO_MAX_TAG_SIZE];
				295	unsigned char *pt = data_ptr;
				296	size_t dec_len;
				297	int diff, i, rc;
Govindraj Raja	dee8b6f	2023-01-12 15:34:12 +0000	[diff] [blame]	298	size_t output_length __unused;
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	299
				300	mbedtls_gcm_init(&ctx);
				301
				302	rc = mbedtls_gcm_setkey(&ctx, cipher, key, key_len * 8);
				303	if (rc != 0) {
				304	rc = CRYPTO_ERR_DECRYPTION;
				305	goto exit_gcm;
				306	}
				307
Govindraj Raja	dee8b6f	2023-01-12 15:34:12 +0000	[diff] [blame]	308	#if (MBEDTLS_VERSION_MAJOR < 3)
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	309	rc = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv, iv_len, NULL, 0);
Govindraj Raja	dee8b6f	2023-01-12 15:34:12 +0000	[diff] [blame]	310	#else
				311	rc = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv, iv_len);
				312	#endif
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	313	if (rc != 0) {
				314	rc = CRYPTO_ERR_DECRYPTION;
				315	goto exit_gcm;
				316	}
				317
				318	while (len > 0) {
				319	dec_len = MIN(sizeof(buf), len);
				320
Govindraj Raja	dee8b6f	2023-01-12 15:34:12 +0000	[diff] [blame]	321	#if (MBEDTLS_VERSION_MAJOR < 3)
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	322	rc = mbedtls_gcm_update(&ctx, dec_len, pt, buf);
Govindraj Raja	dee8b6f	2023-01-12 15:34:12 +0000	[diff] [blame]	323	#else
				324	rc = mbedtls_gcm_update(&ctx, pt, dec_len, buf, sizeof(buf), &output_length);
				325	#endif
				326
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	327	if (rc != 0) {
				328	rc = CRYPTO_ERR_DECRYPTION;
				329	goto exit_gcm;
				330	}
				331
				332	memcpy(pt, buf, dec_len);
				333	pt += dec_len;
				334	len -= dec_len;
				335	}
				336
Govindraj Raja	dee8b6f	2023-01-12 15:34:12 +0000	[diff] [blame]	337	#if (MBEDTLS_VERSION_MAJOR < 3)
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	338	rc = mbedtls_gcm_finish(&ctx, tag_buf, sizeof(tag_buf));
Govindraj Raja	dee8b6f	2023-01-12 15:34:12 +0000	[diff] [blame]	339	#else
				340	rc = mbedtls_gcm_finish(&ctx, NULL, 0, &output_length, tag_buf, sizeof(tag_buf));
				341	#endif
				342
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	343	if (rc != 0) {
				344	rc = CRYPTO_ERR_DECRYPTION;
				345	goto exit_gcm;
				346	}
				347
				348	/* Check tag in "constant-time" */
				349	for (diff = 0, i = 0; i < tag_len; i++)
				350	diff \|= ((const unsigned char *)tag)[i] ^ tag_buf[i];
				351
				352	if (diff != 0) {
				353	rc = CRYPTO_ERR_DECRYPTION;
				354	goto exit_gcm;
				355	}
				356
				357	/* GCM decryption success */
				358	rc = CRYPTO_SUCCESS;
				359
				360	exit_gcm:
				361	mbedtls_gcm_free(&ctx);
				362	return rc;
				363	}
				364
				365	/*
				366	* Authenticated decryption of an image
				367	*/
				368	static int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr,
				369	size_t len, const void *key, unsigned int key_len,
				370	unsigned int key_flags, const void *iv,
				371	unsigned int iv_len, const void *tag,
				372	unsigned int tag_len)
				373	{
				374	int rc;
				375
				376	assert((key_flags & ENC_KEY_IS_IDENTIFIER) == 0);
				377
				378	switch (dec_algo) {
				379	case CRYPTO_GCM_DECRYPT:
				380	rc = aes_gcm_decrypt(data_ptr, len, key, key_len, iv, iv_len,
				381	tag, tag_len);
				382	if (rc != 0)
				383	return rc;
				384	break;
				385	default:
				386	return CRYPTO_ERR_DECRYPTION;
				387	}
				388
				389	return CRYPTO_SUCCESS;
				390	}
				391	#endif /* TF_MBEDTLS_USE_AES_GCM */
				392
Juan Castillo	a57a4d5	2015-04-02 15:44:20 +0100	[diff] [blame]	393	/*
				394	* Register crypto library descriptor
				395	*/
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	396	#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	397	#if TF_MBEDTLS_USE_AES_GCM
				398	REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
Yann Gautier	c68b8af	2023-01-24 09:39:47 +0100	[diff] [blame]	399	auth_decrypt, NULL);
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	400	#else
				401	REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
Yann Gautier	c68b8af	2023-01-24 09:39:47 +0100	[diff] [blame]	402	NULL, NULL);
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	403	#endif
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	404	#elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	405	#if TF_MBEDTLS_USE_AES_GCM
Yann Gautier	2b6673d	2023-03-15 11:31:25 +0100	[diff] [blame^]	406	REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL,
Yann Gautier	c68b8af	2023-01-24 09:39:47 +0100	[diff] [blame]	407	auth_decrypt, NULL);
Alexei Fedorov	913cb7e	2020-01-23 14:27:38 +0000	[diff] [blame]	408	#else
Yann Gautier	2b6673d	2023-03-15 11:31:25 +0100	[diff] [blame^]	409	REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL,
				410	NULL, NULL);
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame]	411	#endif
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	412	#elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY
Yann Gautier	2b6673d	2023-03-15 11:31:25 +0100	[diff] [blame^]	413	REGISTER_CRYPTO_LIB(LIB_NAME, init, NULL, NULL, calc_hash, NULL, NULL);
Manish V Badarkhe	c9fdaf6	2022-06-20 15:32:38 +0100	[diff] [blame]	414	#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */