Remove SW fallback for CCM

Remove SW fallback for CCM mode, and return
`MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE` when trying to set a key
which is not 128 bit size.

Author: Ron Eldor

features/mbedtls/targets/TARGET_CRYPTOCELL310/ccm_alt.c

@@ -22,45 +22,14 @@
 #if defined(MBEDTLS_CCM_ALT)
 #include <string.h>
 #include "mbedtls/platform.h"
+#include "mbedtls/aes.h"
 
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
     volatile unsigned char *p = (unsigned char*)v;
     while( n-- ) *p++ = 0;
 }
 
-#define CCM_ENCRYPT 0
-#define CCM_DECRYPT 1
-
-
-/*
- * Macros for common operations.
- * Results in smaller compiled code than static inline functions.
- */
-
-/*
- * Update the CBC-MAC state in y using a block in b
- * (Always using b as the source helps the compiler optimise a bit better.)
- */
-#define UPDATE_CBC_MAC                                                      \
-    for( i = 0; i < 16; i++ )                                               \
-        y[i] ^= b[i];                                                       \
-                                                                            \
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
-        return ( ret );
-
-/*
- * Encrypt or decrypt a partial block with CTR
- * Warning: using b for temporary storage! src and dst must not be b!
- * This avoids allocating one more 16 bytes buffer while allowing src == dst.
- */
-#define CTR_CRYPT( dst, src, len  )                                            \
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, 16, b, &olen ) ) != 0 )  \
-        return ( ret );                                                         \
-                                                                               \
-    for( i = 0; i < len; i++ )                                                 \
-        dst[i] = src[i] ^ b[i];
-
 void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
 {
     memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
@@ -71,30 +40,6 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
     mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
 }
 
-static int mbedtls_ccm_setkey_sw( mbedtls_ccm_sw_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits )
-{
-
-    int ret = 0;
-    const mbedtls_cipher_info_t *cipher_info = NULL;
-
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
-    if( cipher_info == NULL )
-        return ( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    if( cipher_info->block_size != 16 )
-        return ( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
-        return ( ret );
-
-    return ( mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, MBEDTLS_ENCRYPT ) );
-}
-
 int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
                         mbedtls_cipher_id_t cipher,
                         const unsigned char *key,
@@ -106,14 +51,11 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
     if( cipher != MBEDTLS_CIPHER_ID_AES ||
          keybits != 128 )
     {
-        ctx->is_sw = 1;
-        return ( mbedtls_ccm_setkey_sw( &ctx->u_ctx.ccm_sw_ctx, cipher, key, keybits ) );
+        return ( MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE );
     }
 
-    ctx->is_sw = 0;
-
-    memcpy( ctx->u_ctx.ccm_alt_ctx.cipher_key , key, keybits/8 );
-    ctx->u_ctx.ccm_alt_ctx.keySize_ID = CRYS_AES_Key128BitSize;
+    memcpy( ctx->cipher_key , key, keybits/8 );
+    ctx->keySize_ID = CRYS_AES_Key128BitSize;
 
     return ( 0 );
 
@@ -122,159 +64,6 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
 /*
  * Authenticated encryption or decryption
  */
-static int ccm_auth_crypt_sw( mbedtls_ccm_sw_context *ctx, int mode, size_t length,
-                           const unsigned char *iv, size_t iv_len,
-                           const unsigned char *add, size_t add_len,
-                           const unsigned char *input, unsigned char *output,
-                           unsigned char *tag, size_t tag_len )
-{
-    int ret;
-    unsigned char i;
-    unsigned char q;
-    size_t len_left, olen;
-    unsigned char b[16];
-    unsigned char y[16];
-    unsigned char ctr[16];
-    const unsigned char *src;
-    unsigned char *dst;
-
-    if( add_len > 0xFF00 )
-        return ( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    q = 16 - 1 - (unsigned char) iv_len;
-
-    /*
-     * First block B_0:
-     * 0        .. 0        flags
-     * 1        .. iv_len   nonce (aka iv)
-     * iv_len+1 .. 15       length
-     *
-     * With flags as (bits):
-     * 7        0
-     * 6        add present?
-     * 5 .. 3   (t - 2) / 2
-     * 2 .. 0   q - 1
-     */
-    b[0] = 0;
-    b[0] |= ( add_len > 0 ) << 6;
-    b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
-    b[0] |= q - 1;
-
-    memcpy( b + 1, iv, iv_len );
-
-    for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
-        b[15-i] = (unsigned char)( len_left & 0xFF );
-
-    if( len_left > 0 )
-        return ( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-
-    /* Start CBC-MAC with first block */
-    memset( y, 0, 16 );
-    UPDATE_CBC_MAC;
-
-    /*
-     * If there is additional data, update CBC-MAC with
-     * add_len, add, 0 (padding to a block boundary)
-     */
-    if( add_len > 0 )
-    {
-        size_t use_len;
-        len_left = add_len;
-        src = add;
-
-        memset( b, 0, 16 );
-        b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
-        b[1] = (unsigned char)( ( add_len      ) & 0xFF );
-
-        use_len = len_left < 16 - 2 ? len_left : 16 - 2;
-        memcpy( b + 2, src, use_len );
-        len_left -= use_len;
-        src += use_len;
-
-        UPDATE_CBC_MAC;
-        while( len_left > 0 )
-        {
-            use_len = len_left > 16 ? 16 : len_left;
-
-            memset( b, 0, 16 );
-            memcpy( b, src, use_len );
-            UPDATE_CBC_MAC;
-
-            len_left -= use_len;
-            src += use_len;
-        }
-    }
-
-    /*
-     * Prepare counter block for encryption:
-     * 0        .. 0        flags
-     * 1        .. iv_len   nonce (aka iv)
-     * iv_len+1 .. 15       counter (initially 1)
-     *
-     * With flags as (bits):
-     * 7 .. 3   0
-     * 2 .. 0   q - 1
-     */
-    ctr[0] = q - 1;
-    memcpy( ctr + 1, iv, iv_len );
-    memset( ctr + 1 + iv_len, 0, q );
-    ctr[15] = 1;
-
-    /*
-     * Authenticate and {en,de}crypt the message.
-     *
-     * The only difference between encryption and decryption is
-     * the respective order of authentication and {en,de}cryption.
-     */
-    len_left = length;
-    src = input;
-    dst = output;
-
-    while( len_left > 0 )
-    {
-        size_t use_len = len_left > 16 ? 16 : len_left;
-
-        if( mode == CCM_ENCRYPT )
-        {
-            memset( b, 0, 16 );
-            memcpy( b, src, use_len );
-            UPDATE_CBC_MAC;
-        }
-
-        CTR_CRYPT( dst, src, use_len );
-
-        if( mode == CCM_DECRYPT )
-        {
-            memset( b, 0, 16 );
-            memcpy( b, dst, use_len );
-            UPDATE_CBC_MAC;
-        }
-
-        dst += use_len;
-        src += use_len;
-        len_left -= use_len;
-
-        /*
-         * Increment counter.
-         * No need to check for overflow thanks to the length check above.
-         */
-        for( i = 0; i < q; i++ )
-            if( ++ctr[15-i] != 0 )
-                break;
-    }
-
-    /*
-     * Authentication: reset counter and crypt/mask internal tag
-     */
-    for( i = 0; i < q; i++ )
-        ctr[15-i] = 0;
-
-    CTR_CRYPT( y, y, 16 );
-    memcpy( tag, y, tag_len );
-
-    return ( 0 );
-}
 
 int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
                          const unsigned char *iv, size_t iv_len,
@@ -296,16 +85,11 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
     if( iv_len < 7 || iv_len > 13 )
         return ( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    if( ctx->is_sw )
-        return ( ccm_auth_crypt_sw( &ctx->u_ctx.ccm_sw_ctx, CCM_ENCRYPT,  length, iv, iv_len,
-                                                     add, add_len, input, output,
-                                                     tag, tag_len ) );
-
     if( length > 0xFFFFFFFF || add_len > 0xFFFFFFFF )
         return ( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    CrysRet =  CRYS_AESCCM( SASI_AES_ENCRYPT, ctx->u_ctx.ccm_alt_ctx.cipher_key, ctx->u_ctx.ccm_alt_ctx.keySize_ID,
-                   (uint8_t*)iv, iv_len,  (uint8_t*)add, add_len,  (uint8_t*)input, length, output, tag_len, tag );
+    CrysRet =  CRYS_AESCCM( SASI_AES_ENCRYPT, ctx->cipher_key, ctx->keySize_ID,(uint8_t*)iv, iv_len,
+                            (uint8_t*)add, add_len,  (uint8_t*)input, length, output, tag_len, tag );
     if( CrysRet != CRYS_OK )
         return ( MBEDTLS_ERR_CCM_HW_ACCEL_FAILED );
 
@@ -316,37 +100,6 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
 /*
  * Authenticated decryption
  */
-static int mbedtls_ccm_auth_decrypt_sw( mbedtls_ccm_sw_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len )
-{
-    int ret;
-    unsigned char check_tag[16];
-    unsigned char i;
-    int diff;
-
-    if( ( ret = ccm_auth_crypt_sw( ctx, CCM_DECRYPT, length,
-                                        iv, iv_len, add, add_len,
-                                        input, output, check_tag, tag_len ) ) != 0 )
-    {
-        return ( ret );
-    }
-
-    /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
-        diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_zeroize( output, length );
-        return ( MBEDTLS_ERR_CCM_AUTH_FAILED );
-    }
-
-    return ( 0 );
-}
-
 int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
                       const unsigned char *iv, size_t iv_len,
                       const unsigned char *add, size_t add_len,
@@ -367,16 +120,11 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
     if( iv_len < 7 || iv_len > 13 )
         return ( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    if ( ctx->is_sw )
-        return ( mbedtls_ccm_auth_decrypt_sw( &ctx->u_ctx.ccm_sw_ctx, length, iv, iv_len,
-                                                  add, add_len, input, output,
-                                                  tag, tag_len ) );
-
     if( length > 0xFFFFFFFF || add_len > 0xFFFFFFFF )
         return ( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    CrysRet =  CRYS_AESCCM( SASI_AES_DECRYPT, ctx->u_ctx.ccm_alt_ctx.cipher_key, ctx->u_ctx.ccm_alt_ctx.keySize_ID,
-                         (uint8_t*)iv, iv_len,  (uint8_t*)add, add_len,  (uint8_t*)input, length, output, tag_len, (uint8_t*)tag );
+    CrysRet =  CRYS_AESCCM( SASI_AES_DECRYPT, ctx->cipher_key, ctx->keySize_ID,(uint8_t*)iv, iv_len,
+                            (uint8_t*)add, add_len,  (uint8_t*)input, length, output, tag_len, (uint8_t*)tag );
     if ( CrysRet != CRYS_OK )
         return ( MBEDTLS_ERR_CCM_HW_ACCEL_FAILED );
 

features/mbedtls/targets/TARGET_CRYPTOCELL310/ccm_alt.h

@@ -32,21 +32,6 @@ typedef struct {
     CRYS_AESCCM_Key_t cipher_key;    /*!< cipher key used */
     CRYS_AESCCM_KeySize_t keySize_ID;
 }
-mbedtls_ccm_alt_context_t;
-
-typedef struct {
-    mbedtls_cipher_context_t cipher_ctx;    /*!< cipher context used */
-}
-mbedtls_ccm_sw_context;
-
-typedef struct {
-    union
-    {
-        mbedtls_ccm_alt_context_t ccm_alt_ctx;
-        mbedtls_ccm_sw_context ccm_sw_ctx;
-    } u_ctx;
-    unsigned int    is_sw;
-}
 mbedtls_ccm_context;
 
 /**