Fawwaz Nadzmy / mbed-STM

mbed library sources. Supersedes mbed-src.

Fork of mbed-dev by mbed official

targets/TARGET_NUVOTON/TARGET_NUC472/crypto/aes/aes_alt.c@149:156823d33999, 2016-10-28 (annotated)

Committer:
<>
Date:
Fri Oct 28 11:17:30 2016 +0100
Revision:
149:156823d33999
This updates the lib to the mbed lib v128



NOTE: This release includes a restructuring of the file and directory locations and thus some

include paths in your code may need updating accordingly.

Who changed what in which revision?

UserRevisionLine numberNew contents of line
<> 149:156823d33999 1 /* mbed Microcontroller Library
<> 149:156823d33999 2 * Copyright (c) 2015-2016 Nuvoton
<> 149:156823d33999 3 *
<> 149:156823d33999 4 * Licensed under the Apache License, Version 2.0 (the "License");
<> 149:156823d33999 5 * you may not use this file except in compliance with the License.
<> 149:156823d33999 6 * You may obtain a copy of the License at
<> 149:156823d33999 7 *
<> 149:156823d33999 8 * http://www.apache.org/licenses/LICENSE-2.0
<> 149:156823d33999 9 *
<> 149:156823d33999 10 * Unless required by applicable law or agreed to in writing, software
<> 149:156823d33999 11 * distributed under the License is distributed on an "AS IS" BASIS,
<> 149:156823d33999 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<> 149:156823d33999 13 * See the License for the specific language governing permissions and
<> 149:156823d33999 14 * limitations under the License.
<> 149:156823d33999 15 */
<> 149:156823d33999 16
<> 149:156823d33999 17 /*
<> 149:156823d33999 18 * The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
<> 149:156823d33999 19 *
<> 149:156823d33999 20 * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
<> 149:156823d33999 21 * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
<> 149:156823d33999 22 */
<> 149:156823d33999 23
<> 149:156823d33999 24 #if !defined(MBEDTLS_CONFIG_FILE)
<> 149:156823d33999 25 #include "mbedtls/config.h"
<> 149:156823d33999 26 #else
<> 149:156823d33999 27 #include MBEDTLS_CONFIG_FILE
<> 149:156823d33999 28 #endif
<> 149:156823d33999 29
<> 149:156823d33999 30 #if defined(MBEDTLS_AES_C)
<> 149:156823d33999 31 #if defined(MBEDTLS_AES_ALT)
<> 149:156823d33999 32
<> 149:156823d33999 33 #include <string.h>
<> 149:156823d33999 34
<> 149:156823d33999 35 #include "mbedtls/aes.h"
<> 149:156823d33999 36
<> 149:156823d33999 37 #include "NUC472_442.h"
<> 149:156823d33999 38 #include "toolchain.h"
<> 149:156823d33999 39 #include "mbed_assert.h"
<> 149:156823d33999 40
<> 149:156823d33999 41 //static int aes_init_done = 0;
<> 149:156823d33999 42
<> 149:156823d33999 43
<> 149:156823d33999 44 #define mbedtls_trace(...) //printf(__VA_ARGS__)
<> 149:156823d33999 45
<> 149:156823d33999 46 /* Implementation that should never be optimized out by the compiler */
<> 149:156823d33999 47 static void mbedtls_zeroize( void *v, size_t n ) {
<> 149:156823d33999 48 volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
<> 149:156823d33999 49 }
<> 149:156823d33999 50
<> 149:156823d33999 51
<> 149:156823d33999 52 static uint32_t au32MyAESIV[4] = {
<> 149:156823d33999 53 0x00000000, 0x00000000, 0x00000000, 0x00000000
<> 149:156823d33999 54 };
<> 149:156823d33999 55
<> 149:156823d33999 56 extern volatile int g_AES_done;
<> 149:156823d33999 57
<> 149:156823d33999 58 // Must be a multiple of 16 bytes block size
<> 149:156823d33999 59 #define MAX_DMA_CHAIN_SIZE (16*6)
<> 149:156823d33999 60 static uint8_t au8OutputData[MAX_DMA_CHAIN_SIZE] MBED_ALIGN(4);
<> 149:156823d33999 61 static uint8_t au8InputData[MAX_DMA_CHAIN_SIZE] MBED_ALIGN(4);
<> 149:156823d33999 62
<> 149:156823d33999 63 static void dumpHex(const unsigned char au8Data[], int len)
<> 149:156823d33999 64 {
<> 149:156823d33999 65 int j;
<> 149:156823d33999 66 for (j = 0; j < len; j++) mbedtls_trace("%02x ", au8Data[j]);
<> 149:156823d33999 67 mbedtls_trace("\r\n");
<> 149:156823d33999 68 }
<> 149:156823d33999 69
<> 149:156823d33999 70 static void swapInitVector(unsigned char iv[16])
<> 149:156823d33999 71 {
<> 149:156823d33999 72 unsigned int* piv;
<> 149:156823d33999 73 int i;
<> 149:156823d33999 74 // iv SWAP
<> 149:156823d33999 75 piv = (unsigned int*)iv;
<> 149:156823d33999 76 for( i=0; i< 4; i++)
<> 149:156823d33999 77 {
<> 149:156823d33999 78 *piv = (((*piv) & 0x000000FF) << 24) |
<> 149:156823d33999 79 (((*piv) & 0x0000FF00) << 8) |
<> 149:156823d33999 80 (((*piv) & 0x00FF0000) >> 8) |
<> 149:156823d33999 81 (((*piv) & 0xFF000000) >> 24);
<> 149:156823d33999 82 piv++;
<> 149:156823d33999 83 }
<> 149:156823d33999 84 }
<> 149:156823d33999 85
<> 149:156823d33999 86 //volatile void CRYPTO_IRQHandler()
<> 149:156823d33999 87 //{
<> 149:156823d33999 88 // if (AES_GET_INT_FLAG()) {
<> 149:156823d33999 89 // g_AES_done = 1;
<> 149:156823d33999 90 // AES_CLR_INT_FLAG();
<> 149:156823d33999 91 // }
<> 149:156823d33999 92 //}
<> 149:156823d33999 93
<> 149:156823d33999 94 // AES available channel 0~3
<> 149:156823d33999 95 static unsigned char channel_flag[4]={0x00,0x00,0x00,0x00}; // 0: idle, 1: busy
<> 149:156823d33999 96 static int channel_alloc()
<> 149:156823d33999 97 {
<> 149:156823d33999 98 int i;
<> 149:156823d33999 99 for(i=0; i< (int)sizeof(channel_flag); i++)
<> 149:156823d33999 100 {
<> 149:156823d33999 101 if( channel_flag[i] == 0x00 )
<> 149:156823d33999 102 {
<> 149:156823d33999 103 channel_flag[i] = 0x01;
<> 149:156823d33999 104 return i;
<> 149:156823d33999 105 }
<> 149:156823d33999 106 }
<> 149:156823d33999 107 return(-1);
<> 149:156823d33999 108 }
<> 149:156823d33999 109
<> 149:156823d33999 110 static void channel_free(int i)
<> 149:156823d33999 111 {
<> 149:156823d33999 112 if( i >=0 && i < (int)sizeof(channel_flag) )
<> 149:156823d33999 113 channel_flag[i] = 0x00;
<> 149:156823d33999 114 }
<> 149:156823d33999 115
<> 149:156823d33999 116
<> 149:156823d33999 117 void mbedtls_aes_init( mbedtls_aes_context *ctx )
<> 149:156823d33999 118 {
<> 149:156823d33999 119 int i =-1;
<> 149:156823d33999 120
<> 149:156823d33999 121 // sw_mbedtls_aes_init(ctx);
<> 149:156823d33999 122 // return;
<> 149:156823d33999 123
<> 149:156823d33999 124 mbedtls_trace("=== %s \r\n", __FUNCTION__);
<> 149:156823d33999 125 memset( ctx, 0, sizeof( mbedtls_aes_context ) );
<> 149:156823d33999 126
<> 149:156823d33999 127 ctx->swapType = AES_IN_OUT_SWAP;
<> 149:156823d33999 128 while( (i = channel_alloc()) < 0 )
<> 149:156823d33999 129 {
<> 149:156823d33999 130 mbed_assert_internal("No available AES channel", __FILE__, __LINE__);
<> 149:156823d33999 131 //osDelay(300);
<> 149:156823d33999 132 }
<> 149:156823d33999 133 ctx->channel = i;
<> 149:156823d33999 134 ctx->iv = au32MyAESIV;
<> 149:156823d33999 135
<> 149:156823d33999 136 /* Unlock protected registers */
<> 149:156823d33999 137 SYS_UnlockReg();
<> 149:156823d33999 138 CLK_EnableModuleClock(CRPT_MODULE);
<> 149:156823d33999 139 /* Lock protected registers */
<> 149:156823d33999 140 SYS_LockReg();
<> 149:156823d33999 141
<> 149:156823d33999 142 NVIC_EnableIRQ(CRPT_IRQn);
<> 149:156823d33999 143 AES_ENABLE_INT();
<> 149:156823d33999 144 mbedtls_trace("=== %s channel[%d]\r\n", __FUNCTION__, (int)ctx->channel);
<> 149:156823d33999 145 }
<> 149:156823d33999 146
<> 149:156823d33999 147 void mbedtls_aes_free( mbedtls_aes_context *ctx )
<> 149:156823d33999 148 {
<> 149:156823d33999 149
<> 149:156823d33999 150 mbedtls_trace("=== %s channel[%d]\r\n", __FUNCTION__,(int)ctx->channel);
<> 149:156823d33999 151
<> 149:156823d33999 152 if( ctx == NULL )
<> 149:156823d33999 153 return;
<> 149:156823d33999 154
<> 149:156823d33999 155 /* Unlock protected registers */
<> 149:156823d33999 156 // SYS_UnlockReg();
<> 149:156823d33999 157 // CLK_DisableModuleClock(CRPT_MODULE);
<> 149:156823d33999 158 /* Lock protected registers */
<> 149:156823d33999 159 // SYS_LockReg();
<> 149:156823d33999 160
<> 149:156823d33999 161 // NVIC_DisableIRQ(CRPT_IRQn);
<> 149:156823d33999 162 // AES_DISABLE_INT();
<> 149:156823d33999 163 channel_free(ctx->channel);
<> 149:156823d33999 164 mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) );
<> 149:156823d33999 165 }
<> 149:156823d33999 166
<> 149:156823d33999 167 /*
<> 149:156823d33999 168 * AES key schedule (encryption)
<> 149:156823d33999 169 */
<> 149:156823d33999 170 #if defined(MBEDTLS_AES_SETKEY_ENC_ALT)
<> 149:156823d33999 171 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
<> 149:156823d33999 172 unsigned int keybits )
<> 149:156823d33999 173 {
<> 149:156823d33999 174 unsigned int i;
<> 149:156823d33999 175
<> 149:156823d33999 176 mbedtls_trace("=== %s keybits[%d]\r\n", __FUNCTION__, keybits);
<> 149:156823d33999 177 dumpHex(key,keybits/8);
<> 149:156823d33999 178
<> 149:156823d33999 179 switch( keybits )
<> 149:156823d33999 180 {
<> 149:156823d33999 181 case 128:
<> 149:156823d33999 182 ctx->keySize = AES_KEY_SIZE_128;
<> 149:156823d33999 183 break;
<> 149:156823d33999 184 case 192:
<> 149:156823d33999 185 ctx->keySize = AES_KEY_SIZE_192;
<> 149:156823d33999 186 break;
<> 149:156823d33999 187 case 256:
<> 149:156823d33999 188 ctx->keySize = AES_KEY_SIZE_256;
<> 149:156823d33999 189 break;
<> 149:156823d33999 190 default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
<> 149:156823d33999 191 }
<> 149:156823d33999 192
<> 149:156823d33999 193
<> 149:156823d33999 194
<> 149:156823d33999 195 // key swap
<> 149:156823d33999 196 for( i = 0; i < ( keybits >> 5 ); i++ )
<> 149:156823d33999 197 {
<> 149:156823d33999 198 ctx->buf[i] = (*(key+i*4) << 24) |
<> 149:156823d33999 199 (*(key+1+i*4) << 16) |
<> 149:156823d33999 200 (*(key+2+i*4) << 8) |
<> 149:156823d33999 201 (*(key+3+i*4) );
<> 149:156823d33999 202 }
<> 149:156823d33999 203 AES_SetKey(ctx->channel, ctx->buf, ctx->keySize);
<> 149:156823d33999 204
<> 149:156823d33999 205
<> 149:156823d33999 206 return( 0 );
<> 149:156823d33999 207 }
<> 149:156823d33999 208 #endif /* MBEDTLS_AES_SETKEY_ENC_ALT */
<> 149:156823d33999 209
<> 149:156823d33999 210 /*
<> 149:156823d33999 211 * AES key schedule (decryption)
<> 149:156823d33999 212 */
<> 149:156823d33999 213 #if defined(MBEDTLS_AES_SETKEY_DEC_ALT)
<> 149:156823d33999 214 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
<> 149:156823d33999 215 unsigned int keybits )
<> 149:156823d33999 216 {
<> 149:156823d33999 217 int ret;
<> 149:156823d33999 218
<> 149:156823d33999 219 mbedtls_trace("=== %s keybits[%d]\r\n", __FUNCTION__, keybits);
<> 149:156823d33999 220 dumpHex((uint8_t *)key,keybits/8);
<> 149:156823d33999 221
<> 149:156823d33999 222 /* Also checks keybits */
<> 149:156823d33999 223 if( ( ret = mbedtls_aes_setkey_enc( ctx, key, keybits ) ) != 0 )
<> 149:156823d33999 224 goto exit;
<> 149:156823d33999 225
<> 149:156823d33999 226 exit:
<> 149:156823d33999 227
<> 149:156823d33999 228 return( ret );
<> 149:156823d33999 229 }
<> 149:156823d33999 230 #endif /* MBEDTLS_AES_SETKEY_DEC_ALT */
<> 149:156823d33999 231
<> 149:156823d33999 232
<> 149:156823d33999 233 static void __nvt_aes_crypt( mbedtls_aes_context *ctx,
<> 149:156823d33999 234 const unsigned char input[16],
<> 149:156823d33999 235 unsigned char output[16], int dataSize)
<> 149:156823d33999 236 {
<> 149:156823d33999 237 unsigned char* pIn;
<> 149:156823d33999 238 unsigned char* pOut;
<> 149:156823d33999 239
<> 149:156823d33999 240 // mbedtls_trace("=== %s \r\n", __FUNCTION__);
<> 149:156823d33999 241 dumpHex(input,16);
<> 149:156823d33999 242
<> 149:156823d33999 243 AES_Open(ctx->channel, ctx->encDec, ctx->opMode, ctx->keySize, ctx->swapType);
<> 149:156823d33999 244 AES_SetInitVect(ctx->channel, ctx->iv);
<> 149:156823d33999 245 if( ((uint32_t)input) & 0x03 )
<> 149:156823d33999 246 {
<> 149:156823d33999 247 memcpy(au8InputData, input, dataSize);
<> 149:156823d33999 248 pIn = au8InputData;
<> 149:156823d33999 249 }else{
<> 149:156823d33999 250 pIn = (unsigned char*)input;
<> 149:156823d33999 251 }
<> 149:156823d33999 252 if( (((uint32_t)output) & 0x03) || (dataSize%4)) // HW CFB output byte count must be multiple of word
<> 149:156823d33999 253 {
<> 149:156823d33999 254 pOut = au8OutputData;
<> 149:156823d33999 255 } else {
<> 149:156823d33999 256 pOut = output;
<> 149:156823d33999 257 }
<> 149:156823d33999 258
<> 149:156823d33999 259 AES_SetDMATransfer(ctx->channel, (uint32_t)pIn, (uint32_t)pOut, dataSize);
<> 149:156823d33999 260
<> 149:156823d33999 261 g_AES_done = 0;
<> 149:156823d33999 262 AES_Start(ctx->channel, CRYPTO_DMA_ONE_SHOT);
<> 149:156823d33999 263 while (!g_AES_done);
<> 149:156823d33999 264
<> 149:156823d33999 265 if( pOut != output ) memcpy(output, au8OutputData, dataSize);
<> 149:156823d33999 266 dumpHex(output,16);
<> 149:156823d33999 267
<> 149:156823d33999 268 }
<> 149:156823d33999 269
<> 149:156823d33999 270 /*
<> 149:156823d33999 271 * AES-ECB block encryption
<> 149:156823d33999 272 */
<> 149:156823d33999 273 #if defined(MBEDTLS_AES_ENCRYPT_ALT)
<> 149:156823d33999 274 void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
<> 149:156823d33999 275 const unsigned char input[16],
<> 149:156823d33999 276 unsigned char output[16] )
<> 149:156823d33999 277 {
<> 149:156823d33999 278
<> 149:156823d33999 279 mbedtls_trace("=== %s \r\n", __FUNCTION__);
<> 149:156823d33999 280
<> 149:156823d33999 281 ctx->encDec = 1;
<> 149:156823d33999 282 __nvt_aes_crypt(ctx, input, output, 16);
<> 149:156823d33999 283
<> 149:156823d33999 284 }
<> 149:156823d33999 285 #endif /* MBEDTLS_AES_ENCRYPT_ALT */
<> 149:156823d33999 286
<> 149:156823d33999 287 /*
<> 149:156823d33999 288 * AES-ECB block decryption
<> 149:156823d33999 289 */
<> 149:156823d33999 290 #if defined(MBEDTLS_AES_DECRYPT_ALT)
<> 149:156823d33999 291 void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
<> 149:156823d33999 292 const unsigned char input[16],
<> 149:156823d33999 293 unsigned char output[16] )
<> 149:156823d33999 294 {
<> 149:156823d33999 295
<> 149:156823d33999 296 mbedtls_trace("=== %s \r\n", __FUNCTION__);
<> 149:156823d33999 297
<> 149:156823d33999 298 ctx->encDec = 0;
<> 149:156823d33999 299 __nvt_aes_crypt(ctx, input, output, 16);
<> 149:156823d33999 300
<> 149:156823d33999 301
<> 149:156823d33999 302 }
<> 149:156823d33999 303 #endif /* MBEDTLS_AES_DECRYPT_ALT */
<> 149:156823d33999 304
<> 149:156823d33999 305 /*
<> 149:156823d33999 306 * AES-ECB block encryption/decryption
<> 149:156823d33999 307 */
<> 149:156823d33999 308 int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
<> 149:156823d33999 309 int mode,
<> 149:156823d33999 310 const unsigned char input[16],
<> 149:156823d33999 311 unsigned char output[16] )
<> 149:156823d33999 312 {
<> 149:156823d33999 313
<> 149:156823d33999 314 mbedtls_trace("=== %s \r\n", __FUNCTION__);
<> 149:156823d33999 315
<> 149:156823d33999 316 ctx->opMode = AES_MODE_ECB;
<> 149:156823d33999 317 if( mode == MBEDTLS_AES_ENCRYPT )
<> 149:156823d33999 318 mbedtls_aes_encrypt( ctx, input, output );
<> 149:156823d33999 319 else
<> 149:156823d33999 320 mbedtls_aes_decrypt( ctx, input, output );
<> 149:156823d33999 321
<> 149:156823d33999 322
<> 149:156823d33999 323 return( 0 );
<> 149:156823d33999 324 }
<> 149:156823d33999 325
<> 149:156823d33999 326 #if defined(MBEDTLS_CIPHER_MODE_CBC)
<> 149:156823d33999 327 /*
<> 149:156823d33999 328 * AES-CBC buffer encryption/decryption
<> 149:156823d33999 329 */
<> 149:156823d33999 330 int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
<> 149:156823d33999 331 int mode,
<> 149:156823d33999 332 size_t len,
<> 149:156823d33999 333 unsigned char iv[16],
<> 149:156823d33999 334 const unsigned char *input,
<> 149:156823d33999 335 unsigned char *output )
<> 149:156823d33999 336 {
<> 149:156823d33999 337 unsigned char temp[16];
<> 149:156823d33999 338 int length = len;
<> 149:156823d33999 339 int blockChainLen;
<> 149:156823d33999 340 mbedtls_trace("=== %s [0x%x]\r\n", __FUNCTION__,length);
<> 149:156823d33999 341 if( length % 16 )
<> 149:156823d33999 342 return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
<> 149:156823d33999 343
<> 149:156823d33999 344 if( (((uint32_t)input) & 0x03) || (((uint32_t)output) & 0x03) )
<> 149:156823d33999 345 {
<> 149:156823d33999 346 blockChainLen = (( length > MAX_DMA_CHAIN_SIZE ) ? MAX_DMA_CHAIN_SIZE : length );
<> 149:156823d33999 347 } else {
<> 149:156823d33999 348 blockChainLen = length;
<> 149:156823d33999 349 }
<> 149:156823d33999 350
<> 149:156823d33999 351 while( length > 0 )
<> 149:156823d33999 352 {
<> 149:156823d33999 353 ctx->opMode = AES_MODE_CBC;
<> 149:156823d33999 354 swapInitVector(iv); // iv SWAP
<> 149:156823d33999 355 ctx->iv = (uint32_t *)iv;
<> 149:156823d33999 356
<> 149:156823d33999 357 if( mode == MBEDTLS_AES_ENCRYPT )
<> 149:156823d33999 358 {
<> 149:156823d33999 359 ctx->encDec = 1;
<> 149:156823d33999 360 __nvt_aes_crypt(ctx, input, output, blockChainLen);
<> 149:156823d33999 361 // if( blockChainLen == length ) break; // finish last block chain but still need to prepare next iv for mbedtls_aes_self_test()
<> 149:156823d33999 362 memcpy( iv, output+blockChainLen-16, 16 );
<> 149:156823d33999 363 }else{
<> 149:156823d33999 364 memcpy( temp, input+blockChainLen-16, 16 );
<> 149:156823d33999 365 ctx->encDec = 0;
<> 149:156823d33999 366 __nvt_aes_crypt(ctx, input, output, blockChainLen);
<> 149:156823d33999 367 // if( blockChainLen == length ) break; // finish last block chain but still need to prepare next iv for mbedtls_aes_self_test()
<> 149:156823d33999 368 memcpy( iv, temp, 16 );
<> 149:156823d33999 369 }
<> 149:156823d33999 370 length -= blockChainLen;
<> 149:156823d33999 371 input += blockChainLen;
<> 149:156823d33999 372 output += blockChainLen;
<> 149:156823d33999 373 if(length < MAX_DMA_CHAIN_SIZE ) blockChainLen = length; // For last remainder block chain
<> 149:156823d33999 374
<> 149:156823d33999 375 }
<> 149:156823d33999 376
<> 149:156823d33999 377 return( 0 );
<> 149:156823d33999 378 }
<> 149:156823d33999 379 #endif /* MBEDTLS_CIPHER_MODE_CBC */
<> 149:156823d33999 380
<> 149:156823d33999 381 #if defined(MBEDTLS_CIPHER_MODE_CFB)
<> 149:156823d33999 382 /*
<> 149:156823d33999 383 * AES-CFB128 buffer encryption/decryption
<> 149:156823d33999 384 */
<> 149:156823d33999 385 /* Support partial block encryption/decryption */
<> 149:156823d33999 386 static int __nvt_aes_crypt_partial_block_cfb128( mbedtls_aes_context *ctx,
<> 149:156823d33999 387 int mode,
<> 149:156823d33999 388 size_t length,
<> 149:156823d33999 389 size_t *iv_off,
<> 149:156823d33999 390 unsigned char iv[16],
<> 149:156823d33999 391 const unsigned char *input,
<> 149:156823d33999 392 unsigned char *output )
<> 149:156823d33999 393 {
<> 149:156823d33999 394 int c;
<> 149:156823d33999 395 size_t n = *iv_off;
<> 149:156823d33999 396 unsigned char iv_tmp[16];
<> 149:156823d33999 397 mbedtls_trace("=== %s \r\n", __FUNCTION__);
<> 149:156823d33999 398 if( mode == MBEDTLS_AES_DECRYPT )
<> 149:156823d33999 399 {
<> 149:156823d33999 400 while( length-- )
<> 149:156823d33999 401 {
<> 149:156823d33999 402 if( n == 0)
<> 149:156823d33999 403 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
<> 149:156823d33999 404 else if( ctx->opMode == AES_MODE_CFB) // For previous cryption is CFB mode
<> 149:156823d33999 405 {
<> 149:156823d33999 406 memcpy(iv_tmp, iv, n);
<> 149:156823d33999 407 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, ctx->prv_iv, iv );
<> 149:156823d33999 408 memcpy(iv, iv_tmp, n);
<> 149:156823d33999 409 }
<> 149:156823d33999 410
<> 149:156823d33999 411 c = *input++;
<> 149:156823d33999 412 *output++ = (unsigned char)( c ^ iv[n] );
<> 149:156823d33999 413 iv[n] = (unsigned char) c;
<> 149:156823d33999 414
<> 149:156823d33999 415 n = ( n + 1 ) & 0x0F;
<> 149:156823d33999 416 }
<> 149:156823d33999 417 }
<> 149:156823d33999 418 else
<> 149:156823d33999 419 {
<> 149:156823d33999 420 while( length-- )
<> 149:156823d33999 421 {
<> 149:156823d33999 422 if( n == 0 )
<> 149:156823d33999 423 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
<> 149:156823d33999 424 else if( ctx->opMode == AES_MODE_CFB) // For previous cryption is CFB mode
<> 149:156823d33999 425 {
<> 149:156823d33999 426 memcpy(iv_tmp, iv, n);
<> 149:156823d33999 427 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, ctx->prv_iv, iv );
<> 149:156823d33999 428 memcpy(iv, iv_tmp, n);
<> 149:156823d33999 429 }
<> 149:156823d33999 430
<> 149:156823d33999 431 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
<> 149:156823d33999 432
<> 149:156823d33999 433 n = ( n + 1 ) & 0x0F;
<> 149:156823d33999 434 }
<> 149:156823d33999 435 }
<> 149:156823d33999 436
<> 149:156823d33999 437 *iv_off = n;
<> 149:156823d33999 438
<> 149:156823d33999 439 return( 0 );
<> 149:156823d33999 440 }
<> 149:156823d33999 441
<> 149:156823d33999 442 int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
<> 149:156823d33999 443 int mode,
<> 149:156823d33999 444 size_t len,
<> 149:156823d33999 445 size_t *iv_off,
<> 149:156823d33999 446 unsigned char iv[16],
<> 149:156823d33999 447 const unsigned char *input,
<> 149:156823d33999 448 unsigned char *output )
<> 149:156823d33999 449 {
<> 149:156823d33999 450 size_t n = *iv_off;
<> 149:156823d33999 451 unsigned char temp[16];
<> 149:156823d33999 452 int length=len;
<> 149:156823d33999 453 int blockChainLen;
<> 149:156823d33999 454 int remLen=0;
<> 149:156823d33999 455 int ivLen;
<> 149:156823d33999 456
<> 149:156823d33999 457 mbedtls_trace("=== %s \r\n", __FUNCTION__);
<> 149:156823d33999 458
<> 149:156823d33999 459 // proceed: start with partial block by ECB mode first
<> 149:156823d33999 460 if( n !=0 ) {
<> 149:156823d33999 461 __nvt_aes_crypt_partial_block_cfb128(ctx, mode, 16 - n , iv_off, iv, input, output);
<> 149:156823d33999 462 input += (16 - n);
<> 149:156823d33999 463 output += (16 - n);
<> 149:156823d33999 464 length -= (16 - n);
<> 149:156823d33999 465 }
<> 149:156823d33999 466
<> 149:156823d33999 467 // For address or byte count non-word alignment, go through reserved DMA buffer.
<> 149:156823d33999 468 if( (((uint32_t)input) & 0x03) || (((uint32_t)output) & 0x03) ) // Must reserved DMA buffer for each block
<> 149:156823d33999 469 {
<> 149:156823d33999 470 blockChainLen = (( length > MAX_DMA_CHAIN_SIZE ) ? MAX_DMA_CHAIN_SIZE : length );
<> 149:156823d33999 471 } else if(length%4) { // Need reserved DMA buffer once for last chain
<> 149:156823d33999 472 blockChainLen = (( length > MAX_DMA_CHAIN_SIZE ) ? (length - length%16) : length );
<> 149:156823d33999 473 } else { // Not need reserved DMA buffer
<> 149:156823d33999 474 blockChainLen = length;
<> 149:156823d33999 475 }
<> 149:156823d33999 476
<> 149:156823d33999 477 // proceed: start with block alignment
<> 149:156823d33999 478 while( length > 0 )
<> 149:156823d33999 479 {
<> 149:156823d33999 480
<> 149:156823d33999 481 ctx->opMode = AES_MODE_CFB;
<> 149:156823d33999 482
<> 149:156823d33999 483 swapInitVector(iv); // iv SWAP
<> 149:156823d33999 484
<> 149:156823d33999 485 ctx->iv = (uint32_t *)iv;
<> 149:156823d33999 486 remLen = blockChainLen%16;
<> 149:156823d33999 487 ivLen = (( remLen > 0) ? remLen: 16 );
<> 149:156823d33999 488
<> 149:156823d33999 489 if( mode == MBEDTLS_AES_DECRYPT )
<> 149:156823d33999 490 {
<> 149:156823d33999 491 memcpy(temp, input+blockChainLen - ivLen, ivLen);
<> 149:156823d33999 492 if(blockChainLen >= 16) memcpy(ctx->prv_iv, input+blockChainLen-remLen-16 , 16);
<> 149:156823d33999 493 ctx->encDec = 0;
<> 149:156823d33999 494 __nvt_aes_crypt(ctx, input, output, blockChainLen);
<> 149:156823d33999 495 memcpy(iv,temp, ivLen);
<> 149:156823d33999 496 }
<> 149:156823d33999 497 else
<> 149:156823d33999 498 {
<> 149:156823d33999 499 ctx->encDec = 1;
<> 149:156823d33999 500 __nvt_aes_crypt(ctx, input, output, blockChainLen);
<> 149:156823d33999 501 if(blockChainLen >= 16) memcpy(ctx->prv_iv, output+blockChainLen-remLen-16 , 16);
<> 149:156823d33999 502 memcpy(iv,output+blockChainLen-ivLen,ivLen);
<> 149:156823d33999 503 }
<> 149:156823d33999 504 length -= blockChainLen;
<> 149:156823d33999 505 input += blockChainLen;
<> 149:156823d33999 506 output += blockChainLen;
<> 149:156823d33999 507 if(length < MAX_DMA_CHAIN_SIZE ) blockChainLen = length; // For last remainder block chain
<> 149:156823d33999 508 }
<> 149:156823d33999 509
<> 149:156823d33999 510 *iv_off = remLen;
<> 149:156823d33999 511
<> 149:156823d33999 512 return( 0 );
<> 149:156823d33999 513 }
<> 149:156823d33999 514
<> 149:156823d33999 515
<> 149:156823d33999 516 /*
<> 149:156823d33999 517 * AES-CFB8 buffer encryption/decryption
<> 149:156823d33999 518 */
<> 149:156823d33999 519 int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
<> 149:156823d33999 520 int mode,
<> 149:156823d33999 521 size_t length,
<> 149:156823d33999 522 unsigned char iv[16],
<> 149:156823d33999 523 const unsigned char *input,
<> 149:156823d33999 524 unsigned char *output )
<> 149:156823d33999 525 {
<> 149:156823d33999 526 unsigned char c;
<> 149:156823d33999 527 unsigned char ov[17];
<> 149:156823d33999 528
<> 149:156823d33999 529 mbedtls_trace("=== %s \r\n", __FUNCTION__);
<> 149:156823d33999 530 while( length-- )
<> 149:156823d33999 531 {
<> 149:156823d33999 532 memcpy( ov, iv, 16 );
<> 149:156823d33999 533 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
<> 149:156823d33999 534
<> 149:156823d33999 535 if( mode == MBEDTLS_AES_DECRYPT )
<> 149:156823d33999 536 ov[16] = *input;
<> 149:156823d33999 537
<> 149:156823d33999 538 c = *output++ = (unsigned char)( iv[0] ^ *input++ );
<> 149:156823d33999 539
<> 149:156823d33999 540 if( mode == MBEDTLS_AES_ENCRYPT )
<> 149:156823d33999 541 ov[16] = c;
<> 149:156823d33999 542
<> 149:156823d33999 543 memcpy( iv, ov + 1, 16 );
<> 149:156823d33999 544 }
<> 149:156823d33999 545
<> 149:156823d33999 546 return( 0 );
<> 149:156823d33999 547 }
<> 149:156823d33999 548 #endif /*MBEDTLS_CIPHER_MODE_CFB */
<> 149:156823d33999 549
<> 149:156823d33999 550 #if defined(MBEDTLS_CIPHER_MODE_CTR)
<> 149:156823d33999 551 /*
<> 149:156823d33999 552 * AES-CTR buffer encryption/decryption
<> 149:156823d33999 553 */
<> 149:156823d33999 554 int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
<> 149:156823d33999 555 size_t length,
<> 149:156823d33999 556 size_t *nc_off,
<> 149:156823d33999 557 unsigned char nonce_counter[16],
<> 149:156823d33999 558 unsigned char stream_block[16],
<> 149:156823d33999 559 const unsigned char *input,
<> 149:156823d33999 560 unsigned char *output )
<> 149:156823d33999 561 {
<> 149:156823d33999 562 int c, i;
<> 149:156823d33999 563 size_t n = *nc_off;
<> 149:156823d33999 564
<> 149:156823d33999 565 mbedtls_trace("=== %s \r\n", __FUNCTION__);
<> 149:156823d33999 566 while( length-- )
<> 149:156823d33999 567 {
<> 149:156823d33999 568 if( n == 0 ) {
<> 149:156823d33999 569 mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
<> 149:156823d33999 570
<> 149:156823d33999 571 for( i = 16; i > 0; i-- )
<> 149:156823d33999 572 if( ++nonce_counter[i - 1] != 0 )
<> 149:156823d33999 573 break;
<> 149:156823d33999 574 }
<> 149:156823d33999 575 c = *input++;
<> 149:156823d33999 576 *output++ = (unsigned char)( c ^ stream_block[n] );
<> 149:156823d33999 577
<> 149:156823d33999 578 n = ( n + 1 ) & 0x0F;
<> 149:156823d33999 579 }
<> 149:156823d33999 580
<> 149:156823d33999 581 *nc_off = n;
<> 149:156823d33999 582
<> 149:156823d33999 583 return( 0 );
<> 149:156823d33999 584 }
<> 149:156823d33999 585 #endif /* MBEDTLS_CIPHER_MODE_CTR */
<> 149:156823d33999 586
<> 149:156823d33999 587 #endif /* MBEDTLS_AES_ALT */
<> 149:156823d33999 588
<> 149:156823d33999 589
<> 149:156823d33999 590 #endif /* MBEDTLS_AES_C */