tls_ccm_crypt.c

00001 /*
00002  * Copyright (c) 2017, Arm Limited and affiliates.
00003  * SPDX-License-Identifier: Apache-2.0
00004  *
00005  * Licensed under the Apache License, Version 2.0 (the "License");
00006  * you may not use this file except in compliance with the License.
00007  * You may obtain a copy of the License at
00008  *
00009  *     http://www.apache.org/licenses/LICENSE-2.0
00010  *
00011  * Unless required by applicable law or agreed to in writing, software
00012  * distributed under the License is distributed on an "AS IS" BASIS,
00013  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00014  * See the License for the specific language governing permissions and
00015  * limitations under the License.
00016  */
00017 #include "nsconfig.h"
00018 #include "ns_types.h"
00019 #ifdef PANA
00020 #include "ns_trace.h"
00021 #include "string.h"
00022 #include "ccmLIB.h"
00023 #include "ns_trace.h"
00024 #include "common_functions.h"
00025 
00026 #define CLIENT_WRITE_KEY    0
00027 #define SERVER_WRITE_KEY    16
00028 #define CLIENT_IV           32
00029 #define SERVER_IV           36
00030 #define TRACE_GROUP "cryp"
00031 #define TLS_1_2_VER                 0x0303
00032 
00033 static ccm_globals_t * tls_ccm_init(const uint8_t *key_expansion, const uint8_t *nonce, bool server, uint8_t crypt_process)
00034 {
00035     ccm_globals_t *ccm_ptr;
00036     const uint8_t *key, *iv_ptr;
00037     if (server) {
00038         key = key_expansion + SERVER_WRITE_KEY;
00039         iv_ptr = key_expansion + SERVER_IV;
00040     } else {
00041         key = key_expansion + CLIENT_WRITE_KEY;
00042         iv_ptr = key_expansion + CLIENT_IV;
00043     }
00044     ccm_ptr = ccm_sec_init(AES_SECURITY_LEVEL_ENC_MIC64, key, crypt_process , 3);
00045     if (ccm_ptr) {
00046         memcpy(ccm_ptr->exp_nonce, iv_ptr, 4);
00047         memcpy(&ccm_ptr->exp_nonce[4], nonce, 8);
00048     }
00049     return ccm_ptr;
00050 }
00051 
00052 
00053 static void tls_set_adata(ccm_globals_t *ccm_ptr, uint8_t *a_data, const uint8_t *nonce, uint8_t type)
00054 {
00055     ccm_ptr->adata_len = 13;
00056     ccm_ptr->adata_ptr = a_data;
00057     memcpy(a_data, nonce, 8);
00058     a_data += 8;
00059     *a_data++ = type;
00060     a_data = common_write_16_bit(TLS_1_2_VER, a_data);
00061     common_write_16_bit(ccm_ptr->data_len, a_data);
00062 }
00063 
00064 
00065 int8_t tls_ccm_data_encrypt(uint8_t *data_ptr, uint16_t data_length, const uint8_t *key_expansion, const uint8_t *nonce, uint8_t type, bool server)
00066 {
00067     ccm_globals_t * ccm_ptr = tls_ccm_init(key_expansion, nonce, server, AES_CCM_ENCRYPT);
00068     if (!ccm_ptr) {
00069         return -1;
00070     }
00071     uint8_t adata[13];
00072     ccm_ptr->data_len = data_length;
00073     ccm_ptr->data_ptr  = data_ptr;
00074     ccm_ptr->mic = (ccm_ptr->data_ptr + ccm_ptr->data_len);
00075     tls_set_adata(ccm_ptr,adata, nonce, type);
00076     return ccm_process_run(ccm_ptr);
00077 }
00078 
00079 int8_t tls_ccm_data_decrypt(uint8_t *data_ptr, uint16_t data_length, const uint8_t *key_expansion, uint8_t type, bool server)
00080 {
00081 
00082     if (data_length <= 16) {
00083         return -1;
00084     }
00085     ccm_globals_t *ccm_ptr = tls_ccm_init(key_expansion, data_ptr, server, AES_CCM_DECRYPT);
00086     if (!ccm_ptr) {
00087         return -1;
00088     }
00089 
00090     uint8_t adata[13];
00091     ccm_ptr->data_len = data_length - 16;
00092 
00093     tls_set_adata(ccm_ptr, adata, data_ptr, type);
00094     ccm_ptr->data_ptr  = data_ptr + 8;
00095     ccm_ptr->mic = (ccm_ptr->data_ptr + ccm_ptr->data_len);
00096 
00097     return ccm_process_run(ccm_ptr);
00098 }
00099 #endif