diff --git a/include/cx_stubs.h b/include/cx_stubs.h index 61e8bb5a7..eaf144847 100644 --- a/include/cx_stubs.h +++ b/include/cx_stubs.h @@ -140,3 +140,4 @@ #define _NR_cx_eddsa_update_hash 0x88 #define _NR_cx_eddsa_verify_init_hash 0x89 #define _NR_cx_eddsa_verify_hash 0x8a +#define _NR_cx_aes_siv_update_mac 0x8b diff --git a/lib_cxng/cx.export b/lib_cxng/cx.export index b6898a8c9..5d90399f1 100644 --- a/lib_cxng/cx.export +++ b/lib_cxng/cx.export @@ -143,3 +143,4 @@ cx_eddsa_sign_hash cx_eddsa_update_hash cx_eddsa_verify_init_hash cx_eddsa_verify_hash +cx_aes_siv_update_mac diff --git a/lib_cxng/include/lcx_aes_siv.h b/lib_cxng/include/lcx_aes_siv.h index 3b64340fd..06905dc69 100644 --- a/lib_cxng/include/lcx_aes_siv.h +++ b/lib_cxng/include/lcx_aes_siv.h @@ -104,6 +104,8 @@ WARN_UNUSED_RESULT cx_err_t cx_aes_siv_update_aad(cx_aes_siv_context_t *ctx, const uint8_t *aad, size_t aad_len); +cx_err_t cx_aes_siv_update_mac(cx_aes_siv_context_t *ctx, const uint8_t *input, size_t in_len); + /** * @brief Processes plaintext or ciphertext with AES-CTR. * diff --git a/lib_cxng/src/cx_aes_siv.c b/lib_cxng/src/cx_aes_siv.c index 71fe6fdd8..ed106d3dd 100644 --- a/lib_cxng/src/cx_aes_siv.c +++ b/lib_cxng/src/cx_aes_siv.c @@ -68,21 +68,28 @@ cx_err_t cx_aes_siv_update_aad(cx_aes_siv_context_t *ctx, const uint8_t *aad, si uint8_t tmp[CX_AES_BLOCK_SIZE] = {0}; cx_err_t error; + CX_CHECK(cx_cipher_setup(ctx->cipher_ctx, ctx->cipher_type, CX_CHAIN_ECB)); + CX_CHECK(cx_cmac_start(ctx->cipher_ctx, ctx->key1, ctx->key_len)); + if (NULL == aad) { return CX_OK; } - CX_CHECK(cx_cipher_setup(ctx->cipher_ctx, ctx->cipher_type, CX_CHAIN_ECB)); CX_CHECK(cx_cmac_shift_and_xor(tmp, ctx->tag_state, CX_AES_BLOCK_SIZE)); - CX_CHECK(cx_cmac_start(ctx->cipher_ctx, ctx->key1, ctx->key_len)); CX_CHECK(cx_cmac_update(ctx->cipher_ctx, aad, aad_len)); CX_CHECK(cx_cmac_finish(ctx->cipher_ctx, ctx->tag_state)); cx_memxor(ctx->tag_state, tmp, CX_AES_BLOCK_SIZE); + CX_CHECK(cx_cmac_start(ctx->cipher_ctx, ctx->key1, ctx->key_len)); end: return error; } +cx_err_t cx_aes_siv_update_mac(cx_aes_siv_context_t *ctx, const uint8_t *input, size_t in_len) +{ + return cx_cmac_update(ctx->cipher_ctx, input, in_len); +} + cx_err_t cx_aes_siv_update(cx_aes_siv_context_t *ctx, const uint8_t *input, uint8_t *output, @@ -91,7 +98,6 @@ cx_err_t cx_aes_siv_update(cx_aes_siv_context_t *ctx, size_t out_len = len; cx_err_t error; CX_CHECK(cx_cipher_update(ctx->cipher_ctx, input, len, output, &out_len)); - cx_cipher_reset(ctx->cipher_ctx); end: return error; @@ -112,19 +118,16 @@ cx_err_t cx_aes_siv_finish(cx_aes_siv_context_t *ctx, uint8_t tmp[CX_AES_BLOCK_SIZE] = {0}; cx_err_t error; - CX_CHECK(cx_cipher_setup(ctx->cipher_ctx, ctx->cipher_type, CX_CHAIN_ECB)); if (in_len < CX_AES_BLOCK_SIZE) { CX_CHECK(cx_cmac_shift_and_xor(tmp, ctx->tag_state, CX_AES_BLOCK_SIZE)); memset(ctx->tag_state, 0, CX_AES_BLOCK_SIZE); memcpy(ctx->tag_state, input, in_len); add_one_and_zeros_padding(ctx->tag_state, CX_AES_BLOCK_SIZE, in_len); cx_memxor(tmp, ctx->tag_state, CX_AES_BLOCK_SIZE); - CX_CHECK(cx_cmac_start(ctx->cipher_ctx, ctx->key1, ctx->key_len)); CX_CHECK(cx_cmac_update(ctx->cipher_ctx, tmp, CX_AES_BLOCK_SIZE)); CX_CHECK(cx_cmac_finish(ctx->cipher_ctx, ctx->tag_state)); } else { - CX_CHECK(cx_cmac_start(ctx->cipher_ctx, ctx->key1, ctx->key_len)); CX_CHECK(cx_cmac_update(ctx->cipher_ctx, input, in_len - CX_AES_BLOCK_SIZE)); cx_memxor(ctx->tag_state, input + in_len - CX_AES_BLOCK_SIZE, CX_AES_BLOCK_SIZE); CX_CHECK(cx_cmac_update(ctx->cipher_ctx, ctx->tag_state, CX_AES_BLOCK_SIZE)); @@ -172,6 +175,7 @@ cx_err_t cx_aes_siv_decrypt(cx_aes_siv_context_t *ctx, cx_err_t error; CX_CHECK(cx_aes_siv_start(ctx, CX_DECRYPT, tag, CX_AES_BLOCK_SIZE)); CX_CHECK(cx_aes_siv_update(ctx, input, output, in_len)); + cx_cipher_reset(ctx->cipher_ctx); CX_CHECK(cx_aes_siv_update_aad(ctx, aad, aad_len)); CX_CHECK(cx_aes_siv_finish(ctx, output, in_len, tag)); diff --git a/lib_cxng/src/cx_exported_functions.c b/lib_cxng/src/cx_exported_functions.c index e5c40fde4..9b89ee038 100644 --- a/lib_cxng/src/cx_exported_functions.c +++ b/lib_cxng/src/cx_exported_functions.c @@ -164,4 +164,5 @@ unsigned long __attribute((section("._cx_exported_functions"))) cx_exported_func [_NR_cx_eddsa_update_hash] = (unsigned long) cx_eddsa_update_hash, [_NR_cx_eddsa_verify_init_hash] = (unsigned long) cx_eddsa_verify_init_hash, [_NR_cx_eddsa_verify_hash] = (unsigned long) cx_eddsa_verify_hash, + [_NR_cx_aes_siv_update_mac] = (unsigned long) cx_aes_siv_update_mac, }; diff --git a/src/cx_stubs.S b/src/cx_stubs.S index 7d702a1eb..63ca306ea 100644 --- a/src/cx_stubs.S +++ b/src/cx_stubs.S @@ -155,6 +155,7 @@ CX_TRAMPOLINE _NR_cx_eddsa_sign_hash cx_eddsa_sign_hash CX_TRAMPOLINE _NR_cx_eddsa_update_hash cx_eddsa_update_hash CX_TRAMPOLINE _NR_cx_eddsa_verify_init_hash cx_eddsa_verify_init_hash CX_TRAMPOLINE _NR_cx_eddsa_verify_hash cx_eddsa_verify_hash +CX_TRAMPOLINE _NR_cx_aes_siv_update_mac cx_aes_siv_update_mac .thumb_func cx_trampoline_helper: