From 165e1fe7816a2ed04a2c150d85ea45c30b0ccf86 Mon Sep 17 00:00:00 2001
From: Jens Wiklander <jens.wiklander@linaro.org>
Date: Fri, 12 Apr 2024 10:00:37 +0200
Subject: [PATCH] core: ltc: update for libtomcrypt changes

Adjust as needed to into account the changes in upstream since the last
sync:
- New file aes_desc.c added
- rsa_decrypt_key_ex() the arguments mgf_hash and lparam_hash replace
  the previous hash_idx argument introduced with commit 63091c9e5c77
  ("Add possibility to use different hash algorithms in RSAES-OAEP") LTC
  upstream
- struct rijndael_key now uses pointer for eK and dK so where a symmetrik
  AES key is initialized those two pointers must be updated. Done in:
  + core/lib/libtomcrypt/aes.c crypto_aes_expand_enc_key() and
    crypto_aes_enc_block()
  + core/lib/libtomcrypt/aes_accel.c rijndael_setup()

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
---
 core/lib/libtomcrypt/aes.c       | 13 ++++++++-----
 core/lib/libtomcrypt/aes_accel.c |  9 ++++++++-
 core/lib/libtomcrypt/rsa.c       |  4 ++--
 core/lib/libtomcrypt/sub.mk      |  1 +
 4 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/core/lib/libtomcrypt/aes.c b/core/lib/libtomcrypt/aes.c
index 3989140e710..ecd9c61662d 100644
--- a/core/lib/libtomcrypt/aes.c
+++ b/core/lib/libtomcrypt/aes.c
@@ -10,6 +10,8 @@
 #include <tee_api_types.h>
 #include <tomcrypt_private.h>
 
+#define AES_ENC_KEY_LEN	(sizeof(ulong32) * 60)
+
 TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len,
 				     void *enc_key, size_t enc_keylen,
 				     unsigned int *rounds)
@@ -20,13 +22,13 @@ TEE_Result crypto_aes_expand_enc_key(const void *key, size_t key_len,
 #else
 	symmetric_key skey;
 
-	if (enc_keylen < sizeof(skey.rijndael.eK))
+	if (enc_keylen < AES_ENC_KEY_LEN)
 		return TEE_ERROR_BAD_PARAMETERS;
 
 	if (aes_setup(key, key_len, 0, &skey))
 		return TEE_ERROR_BAD_PARAMETERS;
 
-	memcpy(enc_key, skey.rijndael.eK, sizeof(skey.rijndael.eK));
+	memcpy(enc_key, skey.rijndael.eK, AES_ENC_KEY_LEN);
 	*rounds = skey.rijndael.Nr;
 #endif
 	return TEE_SUCCESS;
@@ -38,10 +40,11 @@ void crypto_aes_enc_block(const void *enc_key, size_t enc_keylen __maybe_unused,
 #ifdef _CFG_CORE_LTC_AES_ACCEL
 	crypto_accel_aes_ecb_enc(dst, src, enc_key, rounds, 1);
 #else
-	symmetric_key skey;
+	symmetric_key skey = { };
 
-	assert(enc_keylen >= sizeof(skey.rijndael.eK));
-	memcpy(skey.rijndael.eK, enc_key, sizeof(skey.rijndael.eK));
+	assert(enc_keylen >= AES_ENC_KEY_LEN);
+	skey.rijndael.eK = LTC_ALIGN_BUF(skey.rijndael.K, 16);
+	memcpy(skey.rijndael.eK, enc_key, AES_ENC_KEY_LEN);
 	skey.rijndael.Nr = rounds;
 	if (aes_ecb_encrypt(src, dst, &skey))
 		panic();
diff --git a/core/lib/libtomcrypt/aes_accel.c b/core/lib/libtomcrypt/aes_accel.c
index 0fb4bfc57e0..5b622e58ae5 100644
--- a/core/lib/libtomcrypt/aes_accel.c
+++ b/core/lib/libtomcrypt/aes_accel.c
@@ -49,6 +49,10 @@
 #include <crypto/crypto_accel.h>
 #include <tomcrypt_private.h>
 
+#define EXPANDED_AES_KEY_WORD_COUNT	60
+#define EXPANDED_AES_KEY_LEN		(EXPANDED_AES_KEY_WORD_COUNT * \
+					 sizeof(uint32_t))
+
 int rijndael_setup(const unsigned char *key, int keylen, int num_rounds,
 	      symmetric_key *skey)
 {
@@ -60,9 +64,12 @@ int rijndael_setup(const unsigned char *key, int keylen, int num_rounds,
 	if (keylen != 16 && keylen != 24 && keylen != 32)
 		return CRYPT_INVALID_KEYSIZE;
 
+	skey->rijndael.eK = LTC_ALIGN_BUF(skey->rijndael.K, 16);
+	skey->rijndael.dK = skey->rijndael.eK + EXPANDED_AES_KEY_WORD_COUNT;
+
 	if (crypto_accel_aes_expand_keys(key, keylen, skey->rijndael.eK,
 					 skey->rijndael.dK,
-					 sizeof(skey->rijndael.eK),
+					 EXPANDED_AES_KEY_LEN,
 					 &round_count))
 		return CRYPT_INVALID_ARG;
 
diff --git a/core/lib/libtomcrypt/rsa.c b/core/lib/libtomcrypt/rsa.c
index f63bfe978f7..048f2da9eff 100644
--- a/core/lib/libtomcrypt/rsa.c
+++ b/core/lib/libtomcrypt/rsa.c
@@ -380,7 +380,7 @@ TEE_Result sw_crypto_acipher_rsaes_decrypt(uint32_t algo,
 
 	ltc_res = rsa_decrypt_key_ex(src, src_len, buf, &blen,
 				     ((label_len == 0) ? 0 : label), label_len,
-				     ltc_hashindex, ltc_rsa_algo, &ltc_stat,
+				     ltc_hashindex, -1, ltc_rsa_algo, &ltc_stat,
 				     &ltc_key);
 	switch (ltc_res) {
 	case CRYPT_PK_INVALID_PADDING:
@@ -466,7 +466,7 @@ TEE_Result sw_crypto_acipher_rsaes_encrypt(uint32_t algo,
 	ltc_res = rsa_encrypt_key_ex(src, src_len, dst,
 				     (unsigned long *)(dst_len), label,
 				     label_len, NULL, find_prng("prng_crypto"),
-				     ltc_hashindex, ltc_rsa_algo, &ltc_key);
+				     ltc_hashindex, -1, ltc_rsa_algo, &ltc_key);
 	switch (ltc_res) {
 	case CRYPT_PK_INVALID_PADDING:
 	case CRYPT_INVALID_PACKET:
diff --git a/core/lib/libtomcrypt/sub.mk b/core/lib/libtomcrypt/sub.mk
index f63185dbc8f..a2a153062c1 100644
--- a/core/lib/libtomcrypt/sub.mk
+++ b/core/lib/libtomcrypt/sub.mk
@@ -57,6 +57,7 @@ ifeq ($(_CFG_CORE_LTC_AES_ACCEL),y)
 srcs-$(_CFG_CORE_LTC_AES_DESC) += aes_accel.c
 else
 srcs-$(_CFG_CORE_LTC_AES_DESC) += src/ciphers/aes/aes.c
+srcs-$(_CFG_CORE_LTC_AES_DESC) += src/ciphers/aes/aes_desc.c
 endif
 
 cppflags-lib-$(_CFG_CORE_LTC_DES) += -DLTC_DES