mbedtls-alt: add aes alternative implementation

aes module of mbedtls use alternative implementation via /dev/crypto
Signed-off-by: makejian <makejian@xiaomi.com>

crypto/mbedtls/Kconfig

@@ -144,6 +144,11 @@ config MBEDTLS_ALT
 	---help---
 		Enable Mbed TLS alted by nuttx crypto via /dev/crypto
 
+config MBEDTLS_AES_ALT
+	bool "Enable Mbedt TLS AES module alted by nuttx crypto"
+	select MBEDTLS_ALT
+	default n
+
 config MBEDTLS_SHA1_ALT
 	bool "Enable Mbedt TLS SHA1 module alted by nuttx crypto"
 	select MBEDTLS_ALT

crypto/mbedtls/Makefile

@@ -101,6 +101,10 @@ ifeq ($(CONFIG_MBEDTLS_ALT),y)
 
 CSRCS += $(APPDIR)/crypto/mbedtls/source/dev_alt.c
 
+ifeq ($(CONFIG_MBEDTLS_AES_ALT),y)
+CSRCS += $(APPDIR)/crypto/mbedtls/source/aes_alt.c
+endif
+
 ifeq ($(CONFIG_MBEDTLS_SHA1_ALT),y)
 CSRCS += $(APPDIR)/crypto/mbedtls/source/sha1_alt.c
 endif

crypto/mbedtls/include/aes_alt.h

@@ -0,0 +1,44 @@
+/****************************************************************************
+ * apps/crypto/mbedtls/include/aes_alt.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ ****************************************************************************/
+
+#ifndef __APPS_CRYPTO_MBEDTLS_INCLUDE_AES_ALT_H
+#define __APPS_CRYPTO_MBEDTLS_INCLUDE_AES_ALT_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include "dev_alt.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define MAX_KEY_SIZE      36
+
+typedef struct mbedtls_aes_context
+{
+  cryptodev_context_t dev;
+  unsigned char key[MAX_KEY_SIZE];
+}
+mbedtls_aes_context;
+
+#define mbedtls_aes_xts_context mbedtls_aes_context
+
+#endif /* __APPS_CRYPTO_MBEDTLS_INCLUDE_AES_ALT_H */

crypto/mbedtls/include/mbedtls/mbedtls_config.h

@@ -349,8 +349,10 @@
  *
  */
 
-/* #define MBEDTLS_AES_ALT
- * #define MBEDTLS_ARC4_ALT
+#ifdef CONFIG_MBEDTLS_AES_ALT
+#define MBEDTLS_AES_ALT
+#endif
+/* #define MBEDTLS_ARC4_ALT
  * #define MBEDTLS_ARIA_ALT
  * #define MBEDTLS_BLOWFISH_ALT
  * #define MBEDTLS_CAMELLIA_ALT

crypto/mbedtls/source/aes_alt.c

@@ -0,0 +1,331 @@
+/****************************************************************************
+ * apps/crypto/mbedtls/source/aes_alt.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include "mbedtls/aes.h"
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define ECB_BLOCK_SIZE    16
+#define NONCE_LENGTH      4
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+void mbedtls_aes_init(FAR mbedtls_aes_context *ctx)
+{
+  cryptodev_init(&ctx->dev);
+}
+
+void mbedtls_aes_free(FAR mbedtls_aes_context *ctx)
+{
+  cryptodev_free(&ctx->dev);
+}
+
+int mbedtls_aes_setkey_enc(FAR mbedtls_aes_context *ctx,
+                           FAR const unsigned char *key,
+                           unsigned int keybits)
+{
+  memcpy(ctx->key, key, keybits / 8);
+  ctx->dev.session.key = (caddr_t)ctx->key;
+  ctx->dev.session.keylen = keybits / 8;
+  return 0;
+}
+
+int mbedtls_aes_setkey_dec(FAR mbedtls_aes_context *ctx,
+                           FAR const unsigned char *key,
+                           unsigned int keybits)
+{
+  return mbedtls_aes_setkey_enc(ctx, key, keybits);
+}
+
+/* AES-ECB block encryption/decryption */
+
+int mbedtls_aes_crypt_ecb(FAR mbedtls_aes_context *ctx,
+                          int mode,
+                          const unsigned char input[16],
+                          unsigned char output[16])
+{
+  int ret;
+  unsigned char iv[16];
+
+  ctx->dev.session.cipher = CRYPTO_AES_CBC;
+  ret = cryptodev_get_session(&ctx->dev);
+  if (ret != 0)
+    {
+      return ret;
+    }
+
+  memset(iv, 0, 16);
+  ctx->dev.crypt.ses = ctx->dev.session.ses;
+  ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ?
+                              COP_ENCRYPT : COP_DECRYPT;
+  ctx->dev.crypt.len = ECB_BLOCK_SIZE;
+  ctx->dev.crypt.src = (caddr_t)input;
+  ctx->dev.crypt.dst = (caddr_t)output;
+  ctx->dev.crypt.iv = (caddr_t)iv;
+  ret = cryptodev_crypt(&ctx->dev);
+  cryptodev_free_session(&ctx->dev);
+  return ret;
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+
+/* AES-CBC buffer encryption/decryption */
+
+int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
+                          int mode,
+                          size_t length,
+                          unsigned char iv[16],
+                          const unsigned char *input,
+                          unsigned char *output)
+{
+  int ret;
+
+  ctx->dev.session.cipher = CRYPTO_AES_CBC;
+  ret = cryptodev_get_session(&ctx->dev);
+  if (ret != 0)
+    {
+      return ret;
+    }
+
+  ctx->dev.crypt.ses = ctx->dev.session.ses;
+  ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ?
+                              COP_ENCRYPT : COP_DECRYPT;
+  ctx->dev.crypt.len = length;
+  ctx->dev.crypt.src = (caddr_t)input;
+  ctx->dev.crypt.dst = (caddr_t)output;
+  ctx->dev.crypt.iv = (caddr_t)iv;
+  ret = cryptodev_crypt(&ctx->dev);
+  cryptodev_free_session(&ctx->dev);
+  return ret;
+}
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+
+/* AES-CTR buffer encryption/decryption */
+
+int mbedtls_aes_crypt_ctr(FAR mbedtls_aes_context *ctx,
+                          size_t length,
+                          FAR size_t *nc_off,
+                          unsigned char nonce_counter[16],
+                          unsigned char stream_block[16],
+                          FAR const unsigned char *input,
+                          FAR unsigned char *output)
+{
+  int ret;
+
+  ctx->dev.session.cipher = CRYPTO_AES_CTR;
+  memcpy(ctx->key + ctx->dev.session.keylen,
+         nonce_counter, NONCE_LENGTH);
+  ctx->dev.session.keylen += NONCE_LENGTH;
+  ret = cryptodev_get_session(&ctx->dev);
+  if (ret != 0)
+    {
+      return ret;
+    }
+
+  ctx->dev.crypt.ses = ctx->dev.session.ses;
+  ctx->dev.crypt.op = COP_ENCRYPT;
+  ctx->dev.crypt.len = length;
+  ctx->dev.crypt.src = (caddr_t)input;
+  ctx->dev.crypt.dst = (caddr_t)output;
+  ctx->dev.crypt.iv = (caddr_t)nonce_counter + NONCE_LENGTH;
+  ret = cryptodev_crypt(&ctx->dev);
+  if (ret == 0)
+    {
+      *nc_off = length % ECB_BLOCK_SIZE;
+    }
+
+  cryptodev_free_session(&ctx->dev);
+  return ret;
+}
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+void mbedtls_aes_xts_init(FAR mbedtls_aes_xts_context *ctx)
+{
+  mbedtls_aes_init(ctx);
+}
+
+void mbedtls_aes_xts_free(FAR mbedtls_aes_xts_context *ctx)
+{
+  mbedtls_aes_free(ctx);
+}
+
+int mbedtls_aes_xts_setkey_enc(FAR mbedtls_aes_xts_context *ctx,
+                               FAR const unsigned char *key,
+                               unsigned int keybits)
+{
+  return mbedtls_aes_setkey_enc(ctx, key, keybits);
+}
+
+int mbedtls_aes_xts_setkey_dec(FAR mbedtls_aes_xts_context *ctx,
+                               FAR const unsigned char *key,
+                               unsigned int keybits)
+{
+  return mbedtls_aes_setkey_dec(ctx, key, keybits);
+}
+
+int mbedtls_aes_crypt_xts(FAR mbedtls_aes_xts_context *ctx,
+                          int mode,
+                          size_t length,
+                          const unsigned char data_unit[16],
+                          FAR const unsigned char *input,
+                          FAR unsigned char *output)
+{
+  int ret;
+  unsigned char iv[16];
+
+  ctx->dev.session.cipher = CRYPTO_AES_XTS;
+  ret = cryptodev_get_session(&ctx->dev);
+  if (ret != 0)
+    {
+      return ret;
+    }
+
+  memcpy(iv, data_unit, 16);
+  ctx->dev.crypt.ses = ctx->dev.session.ses;
+  ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ?
+                              COP_ENCRYPT : COP_DECRYPT;
+  ctx->dev.crypt.len = length;
+  ctx->dev.crypt.src = (caddr_t)input;
+  ctx->dev.crypt.dst = (caddr_t)output;
+  ctx->dev.crypt.iv = (caddr_t)iv;
+  ret = cryptodev_crypt(&ctx->dev);
+  cryptodev_free_session(&ctx->dev);
+  return ret;
+}
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+
+/* AES-CFB128 buffer encryption/decryption */
+
+int mbedtls_aes_crypt_cfb128(FAR mbedtls_aes_context *ctx,
+                             int mode,
+                             size_t length,
+                             size_t *iv_off,
+                             unsigned char iv[16],
+                             const unsigned char *input,
+                             unsigned char *output)
+{
+  int ret;
+
+  ctx->dev.session.cipher = CRYPTO_AES_CFB_128;
+  ret = cryptodev_get_session(&ctx->dev);
+  if (ret != 0)
+    {
+      return ret;
+    }
+
+  ctx->dev.crypt.ses = ctx->dev.session.ses;
+  ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ?
+                              COP_ENCRYPT : COP_DECRYPT;
+  ctx->dev.crypt.len = length;
+  ctx->dev.crypt.src = (caddr_t)input;
+  ctx->dev.crypt.dst = (caddr_t)output;
+  ctx->dev.crypt.iv = (caddr_t)iv;
+  ret = cryptodev_crypt(&ctx->dev);
+  if (ret == 0)
+    {
+      *iv_off = length % ECB_BLOCK_SIZE;
+    }
+
+  cryptodev_free_session(&ctx->dev);
+  return ret;
+}
+
+/* AES-CFB8 buffer encryption/decryption */
+
+int mbedtls_aes_crypt_cfb8(FAR mbedtls_aes_context *ctx,
+                           int mode,
+                           size_t length,
+                           unsigned char iv[16],
+                           const unsigned char *input,
+                           unsigned char *output)
+{
+  int ret;
+
+  ctx->dev.session.cipher = CRYPTO_AES_CFB_8;
+  ret = cryptodev_get_session(&ctx->dev);
+  if (ret != 0)
+    {
+      return ret;
+    }
+
+  ctx->dev.crypt.ses = ctx->dev.session.ses;
+  ctx->dev.crypt.op = mode == MBEDTLS_AES_ENCRYPT ?
+                              COP_ENCRYPT : COP_DECRYPT;
+  ctx->dev.crypt.len = length;
+  ctx->dev.crypt.src = (caddr_t)input;
+  ctx->dev.crypt.dst = (caddr_t)output;
+  ctx->dev.crypt.iv = (caddr_t)iv;
+  ret = cryptodev_crypt(&ctx->dev);
+  cryptodev_free_session(&ctx->dev);
+  return ret;
+}
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+
+/* AES-OFB (Output Feedback Mode) buffer encryption/decryption */
+
+int mbedtls_aes_crypt_ofb(FAR mbedtls_aes_context *ctx,
+                          size_t length,
+                          size_t *iv_off,
+                          unsigned char iv[16],
+                          const unsigned char *input,
+                          unsigned char *output)
+{
+  int ret;
+
+  ctx->dev.session.cipher = CRYPTO_AES_OFB;
+  ret = cryptodev_get_session(&ctx->dev);
+  if (ret != 0)
+    {
+      return ret;
+    }
+
+  ctx->dev.crypt.ses = ctx->dev.session.ses;
+  ctx->dev.crypt.op = COP_ENCRYPT;
+  ctx->dev.crypt.len = length;
+  ctx->dev.crypt.src = (caddr_t)input;
+  ctx->dev.crypt.dst = (caddr_t)output;
+  ctx->dev.crypt.iv = (caddr_t)iv;
+  ret = cryptodev_crypt(&ctx->dev);
+  if (ret == 0)
+    {
+      *iv_off = length % ECB_BLOCK_SIZE;
+    }
+
+  cryptodev_free_session(&ctx->dev);
+  return ret;
+}
+#endif /* MBEDTLS_CIPHER_MODE_OFB */