CC312: Define a Poly1305 context

adeaarm · adeaarm · commit 3ece164b0b9b · 2022-04-01T09:39:35.000+01:00
To support a multipart flow for the Poly1305 algorithm, the Poly
module must expose a context to be retained across calls, i.e.
to preserve the state of the operation on the PKA engine.

Signed-off-by: Antonio de Angelis &lt;antonio.deangelis@arm.com&gt;
Change-Id: I5b41450a15a8ca163072f16d04568dcadec213b7
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/driver/chacha_driver.c b/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/driver/chacha_driver.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2022, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -260,5 +260,3 @@ drvError_t ProcessChacha(ChachaContext_t *chachaCtx, CCBuffInfo_t *pInputBuffInf
 
     return drvRc;
 }
-
-
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/driver/chacha_driver.h b/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/driver/chacha_driver.h
@@ -9,6 +9,11 @@
 
 #include "driver_defs.h"
 
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
 /******************************************************************************
 *               TYPE DEFINITIONS
 ******************************************************************************/
@@ -39,7 +44,6 @@ typedef struct ChachaContext {
     ChachaState_t state;
 } ChachaContext_t;
 
-
 /******************************************************************************
 *               FUNCTION PROTOTYPES
 ******************************************************************************/
@@ -55,6 +59,8 @@ typedef struct ChachaContext {
  */
 drvError_t ProcessChacha(ChachaContext_t *chachaCtx, CCBuffInfo_t *pInputBuffInfo, CCBuffInfo_t *pOutputBuffInfo, uint32_t inDataSize);
 
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* _CHACHA_DRIVER_H */
-
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/pki/poly/poly.c b/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/pki/poly/poly.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2022, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -279,9 +279,8 @@ CCError_t PolyMacCalc(mbedtls_poly_key  key,        /*!< [in] Poniter to 256 bit
     //7. copy acc into macRes
     PkaCopyDataFromPkaReg(macRes, CC_POLY_MAC_SIZE_IN_WORDS, ACC_REG);
 
-    end_func:
+end_func:
     PkaFinishAndMutexUnlock(pkaRegsNum);
     return rc;
-
 }
 
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/pki/poly/poly.h b/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/pki/poly/poly.h
@@ -1,10 +1,9 @@
 /*
- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2001-2022, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
-
 #ifndef POLY_H
 #define POLY_H
 
@@ -16,7 +15,6 @@
 #include "cc_error.h"
 #include "mbedtls_cc_poly.h"
 
-
 #ifdef __cplusplus
 extern "C"
 {
@@ -34,6 +32,32 @@ extern "C"
 #define CC_POLY_PKA_REG_SIZE_IN_WORDS  (CC_POLY_PKA_REG_SIZE_IN_PKA_WORDS * (CALC_FULL_32BIT_WORDS(CC_PKA_WORD_SIZE_IN_BITS)))
 #define CC_POLY_PKA_REG_SIZE_IN_BYTES  (CC_POLY_PKA_REG_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE)
 
+/**
+ * PKA register contexts. Between multipart calls, the PKA engine needs to save
+ * and restore the register context. It's composed of the clamped key pair
+ * (r,s) 256 bit long and the value of the accumulator register which is mod P,
+ * where P is 2^130-5, which in full words is 160 bit long, 5 32-bit words.
+ */
+typedef struct PolyPkaContext {
+    uint32_t key[8]; /*!< (r,s) concatenated with r already clamped */
+    uint32_t acc[5]; /*!< Value of the accumulator modulus P, i.e. [0,2^130-5)*/
+} PolyPkaContext_t;
+
+/**
+ * State information required to support multipart APIs in AEAD for MAC
+ * computation. As Poly1305 operates on CC_POLY_BLOCK_SIZE_IN BYTES of data
+ * it needs to cache up to CC_POLY_BLOCK_SIZE_IN_BYTES-1 of the input. But
+ * for practical reasons (i.e. working on 4-byte aligned buffers) we store an
+ * entire block of 16 bytes that can be processed in one go without additional
+ * copies
+ */
+typedef struct PolyState {
+    uint32_t msg_state[CC_POLY_BLOCK_SIZE_IN_WORDS]; /*!< Equals 16 bytes of
+                                                      *   data
+                                                      */
+    uint8_t msg_state_size;  /*!< Size of the message buffered in msg_state */
+    PolyPkaContext_t context; /*!< PKA registers context (clamped key, acc) */
+} PolyState_t;
 
 /**
  * @brief Generates the POLY mac according to RFC 7539 section 2.5.1
@@ -52,4 +76,4 @@ CCError_t PolyMacCalc(mbedtls_poly_key  key,        /*!< [in] Poniter to 256 bit
 }
 #endif
 
-#endif  //POLY_H
+#endif  /* POLY_H */

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.`
	`2`	`+ * Copyright (c) 2001-2022, Arm Limited and Contributors. All rights reserved.`
`3`	`3`	`*`
`4`	`4`	`* SPDX-License-Identifier: BSD-3-Clause`
`5`	`5`	`*/`
`@@ -260,5 +260,3 @@ drvError_t ProcessChacha(ChachaContext_t chachaCtx, CCBuffInfo_t pInputBuffInf`
`260`	`260`
`261`	`261`	`return drvRc;`
`262`	`262`	`}`
`263`		`-`
`264`		`-`