arm_uc_crypto_mbedtls.c

00001 // ----------------------------------------------------------------------------
00002 // Copyright 2016-2017 ARM Ltd.
00003 //
00004 // SPDX-License-Identifier: Apache-2.0
00005 //
00006 // Licensed under the Apache License, Version 2.0 (the "License");
00007 // you may not use this file except in compliance with the License.
00008 // You may obtain a copy of the License at
00009 //
00010 //     http://www.apache.org/licenses/LICENSE-2.0
00011 //
00012 // Unless required by applicable law or agreed to in writing, software
00013 // distributed under the License is distributed on an "AS IS" BASIS,
00014 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00015 // See the License for the specific language governing permissions and
00016 // limitations under the License.
00017 // ----------------------------------------------------------------------------
00018 
00019 #include "update-client-common/arm_uc_config.h"
00020 #include "update-client-common/arm_uc_error.h"
00021 #include "update-client-common/arm_uc_crypto.h"
00022 
00023 #include <string.h>
00024 
00025 #if defined(ARM_UC_FEATURE_CRYPTO_MBEDTLS) && (ARM_UC_FEATURE_CRYPTO_MBEDTLS == 1)
00026 
00027 arm_uc_error_t ARM_UC_cryptoHashSetup(arm_uc_mdHandle_t *hDigest, arm_uc_mdType_t mdType)
00028 {
00029     arm_uc_error_t result = (arm_uc_error_t) { ARM_UC_CU_ERR_INVALID_PARAMETER };
00030 
00031     const mbedtls_md_info_t *md_info = NULL;
00032 
00033     if (hDigest) {
00034         mbedtls_md_init(hDigest);
00035         md_info = mbedtls_md_info_from_type(mdType);
00036         int mbedtls_result = mbedtls_md_setup(hDigest, md_info, 0);
00037         mbedtls_result |= mbedtls_md_starts(hDigest);
00038 
00039         if (mbedtls_result == 0) {
00040             result = (arm_uc_error_t) { ERR_NONE };
00041         }
00042     }
00043 
00044     return result;
00045 }
00046 
00047 arm_uc_error_t ARM_UC_cryptoHashUpdate(arm_uc_mdHandle_t *hDigest, arm_uc_buffer_t *input)
00048 {
00049     arm_uc_error_t result = (arm_uc_error_t) { ARM_UC_CU_ERR_INVALID_PARAMETER };
00050 
00051     if (hDigest && input) {
00052         int mbedtls_result = mbedtls_md_update(hDigest, input->ptr, input->size);
00053 
00054         if (mbedtls_result == 0) {
00055             result = (arm_uc_error_t) { ERR_NONE };
00056         }
00057     }
00058 
00059     return result;
00060 }
00061 
00062 arm_uc_error_t ARM_UC_cryptoHashFinish(arm_uc_mdHandle_t *hDigest, arm_uc_buffer_t *output)
00063 {
00064     arm_uc_error_t result = (arm_uc_error_t) { ARM_UC_CU_ERR_INVALID_PARAMETER };
00065 
00066     if (hDigest && output && (output->size_max >= (unsigned)hDigest->md_info->size)) {
00067         int mbedtls_result = mbedtls_md_finish(hDigest, output->ptr);
00068 
00069         if (mbedtls_result == 0) {
00070             result = (arm_uc_error_t) { ERR_NONE };
00071 
00072             output->size = hDigest->md_info->size;
00073         }
00074     }
00075 
00076     // free memory
00077     mbedtls_md_free(hDigest);
00078 
00079     return result;
00080 }
00081 
00082 arm_uc_error_t ARM_UC_cryptoDecryptSetup(arm_uc_cipherHandle_t *hCipher, arm_uc_buffer_t *key, arm_uc_buffer_t *iv,
00083                                          int32_t aesKeySize)
00084 {
00085     arm_uc_error_t result = (arm_uc_error_t) { ARM_UC_CU_ERR_INVALID_PARAMETER };
00086 
00087     if (key && key->ptr && iv && iv->ptr) {
00088         int mbedtls_result = 1;
00089 
00090         switch (aesKeySize) {
00091             case 128:
00092             case 256: {
00093                 memset(hCipher->aes_partial, 0, sizeof(hCipher->aes_partial));
00094                 hCipher->aes_nc_off = 0;
00095                 mbedtls_aes_init(&hCipher->aes_context);
00096                 /* NOTE: From the mbedtls documentation:
00097                  * Due to the nature of CTR you should use the same key schedule for
00098                  * both encryption and decryption. So a context initialized with
00099                  * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
00100                  */
00101                 mbedtls_result = mbedtls_aes_setkey_enc(&hCipher->aes_context, key->ptr, aesKeySize);
00102                 hCipher->aes_iv = iv->ptr;
00103                 break;
00104             }
00105             default:
00106                 // mbedtls_result is still 1, this means the function returns Invalid Parameter
00107                 break;
00108         }
00109 
00110         if (mbedtls_result == 0) {
00111             result = (arm_uc_error_t) { ERR_NONE };
00112         }
00113     }
00114 
00115     return result;
00116 }
00117 
00118 arm_uc_error_t ARM_UC_cryptoDecryptUpdate(arm_uc_cipherHandle_t *hCipher, const uint8_t *input_ptr, uint32_t input_size,
00119                                           arm_uc_buffer_t *output)
00120 {
00121     arm_uc_error_t result = (arm_uc_error_t) { ARM_UC_CU_ERR_INVALID_PARAMETER };
00122     size_t data_size = input_size < output->size_max ? input_size : output->size_max;
00123     output->size = 0;
00124     int mbedtls_result = mbedtls_aes_crypt_ctr(
00125                              &hCipher->aes_context,
00126                              data_size,
00127                              &hCipher->aes_nc_off,
00128                              hCipher->aes_iv,
00129                              hCipher->aes_partial,
00130                              input_ptr,
00131                              output->ptr
00132 
00133                          );
00134     if (mbedtls_result == 0) {
00135         result = (arm_uc_error_t) { ERR_NONE };
00136         output->size = data_size;
00137     }
00138     return result;
00139 }
00140 
00141 arm_uc_error_t ARM_UC_cryptoDecryptFinish(arm_uc_cipherHandle_t *hCipher, arm_uc_buffer_t *output)
00142 {
00143     (void) output;
00144     return (arm_uc_error_t) {ERR_NONE};
00145 }
00146 
00147 #endif