aes_mbedtls_adapter.c

00001 /*
00002  * Copyright (c) 2015-2017, Arm Limited and affiliates.
00003  * SPDX-License-Identifier: Apache-2.0
00004  *
00005  * Licensed under the Apache License, Version 2.0 (the "License");
00006  * you may not use this file except in compliance with the License.
00007  * You may obtain a copy of the License at
00008  *
00009  *     http://www.apache.org/licenses/LICENSE-2.0
00010  *
00011  * Unless required by applicable law or agreed to in writing, software
00012  * distributed under the License is distributed on an "AS IS" BASIS,
00013  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00014  * See the License for the specific language governing permissions and
00015  * limitations under the License.
00016  */
00017 /*
00018  * Implementation of platform/arm_hal_aes.h using mbed TLS.
00019  *
00020  * Possible scenarios:
00021  *
00022  * 1) Platform with no hardware AES assist, mbed TLS not in use:
00023  *     Use this source file, and let it pull in the minimal mbed TLS code
00024  *     contained in aes_mbedtls.c to implement software AES.
00025  *
00026  * 2) Platform with hardware AES assist, mbed TLS not in use:
00027  *     Do not use this source file - implement arm_hal_aes.h yourself using
00028  *     your AES hardware.
00029  *
00030  * 3) Platform without hardware assist, already using (or wanting to use) mbed TLS:
00031  *     Use this source file, and define NS_USE_EXTERNAL_MBED_TLS so that
00032  *     it uses the external mbed TLS library. That library must be built with
00033  *     MBEDTLS_AES_C enabled, and it must be on the include path.
00034  *
00035  * 4) Platform with context-capable hardware assist, already using mbed TLS:
00036  *     Use this source file, and define NS_USE_EXTERNAL_MBED_TLS so that
00037  *     it uses the external mbed TLS library. That library must be built with
00038  *     MBEDTLS_AES_C enabled. Attach your hardware-accelerated AES to mbed TLS
00039  *     by defining MBEDTLS_AES_ALT; it will then be used both by users
00040  *     of arm_hal_aes.h, and other users of mbed TLS.
00041  *
00042  * 5) Platform with non-context-capable hardware assist, already using mbed TLS:
00043  *     If it's not possible, or too complex, to handle multiple contexts for the
00044  *     AES decode, then you will not be able to accelerate all mbed TLS users.
00045  *     Instead you can reserve the AES hardware for providing arm_hal_aes.h, so
00046  *     this becomes the same as case 2. Don't use this source file - implement
00047  *     arm_hal_aes.h yourself using your AES hardware. The external mbed TLS
00048  *     will use its software implementation.
00049  */
00050 
00051 /* Get the API we are implementing from libService */
00052 #include "platform/arm_hal_aes.h"
00053 
00054 /* Either pull in the external mbed TLS header for its AES functions, or
00055  * pull in our own local cut-down copy of the mbed TLS code.
00056  */
00057 #ifdef NS_USE_EXTERNAL_MBED_TLS
00058 #include "mbedtls/aes.h"
00059 #else
00060 #include "aes_mbedtls.c"
00061 #endif /* NS_USE_EXTERNAL_MBED_TLS */
00062 
00063 static mbedtls_aes_context context;
00064 
00065 void arm_aes_start(const uint8_t key[static 16])
00066 {
00067     mbedtls_aes_init(&context);
00068     mbedtls_aes_setkey_enc(&context, key, 128);
00069 }
00070 
00071 void arm_aes_encrypt(const uint8_t src[static 16], uint8_t dst[static 16])
00072 {
00073     mbedtls_aes_crypt_ecb(&context, MBEDTLS_AES_ENCRYPT, src, dst);
00074 }
00075 
00076 void arm_aes_finish(void)
00077 {
00078     mbedtls_aes_free(&context);
00079 }