aes_platform.h 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579
  1. /*
  2. * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #ifndef OSSL_AES_PLATFORM_H
  10. # define OSSL_AES_PLATFORM_H
  11. # pragma once
  12. # include <openssl/aes.h>
  13. # ifdef VPAES_ASM
  14. int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
  15. AES_KEY *key);
  16. int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
  17. AES_KEY *key);
  18. void vpaes_encrypt(const unsigned char *in, unsigned char *out,
  19. const AES_KEY *key);
  20. void vpaes_decrypt(const unsigned char *in, unsigned char *out,
  21. const AES_KEY *key);
  22. void vpaes_cbc_encrypt(const unsigned char *in,
  23. unsigned char *out,
  24. size_t length,
  25. const AES_KEY *key, unsigned char *ivec, int enc);
  26. # endif /* VPAES_ASM */
  27. # ifdef BSAES_ASM
  28. void ossl_bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
  29. size_t length, const AES_KEY *key,
  30. unsigned char ivec[16], int enc);
  31. void ossl_bsaes_ctr32_encrypt_blocks(const unsigned char *in,
  32. unsigned char *out, size_t len,
  33. const AES_KEY *key,
  34. const unsigned char ivec[16]);
  35. void ossl_bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
  36. size_t len, const AES_KEY *key1,
  37. const AES_KEY *key2, const unsigned char iv[16]);
  38. void ossl_bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
  39. size_t len, const AES_KEY *key1,
  40. const AES_KEY *key2, const unsigned char iv[16]);
  41. # endif /* BSAES_ASM */
  42. # ifdef AES_CTR_ASM
  43. void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  44. size_t blocks, const AES_KEY *key,
  45. const unsigned char ivec[AES_BLOCK_SIZE]);
  46. # endif /* AES_CTR_ASM */
  47. # ifdef AES_XTS_ASM
  48. void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
  49. const AES_KEY *key1, const AES_KEY *key2,
  50. const unsigned char iv[16]);
  51. void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
  52. const AES_KEY *key1, const AES_KEY *key2,
  53. const unsigned char iv[16]);
  54. # endif /* AES_XTS_ASM */
  55. # if defined(OPENSSL_CPUID_OBJ)
  56. # if (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
  57. # include "crypto/ppc_arch.h"
  58. # ifdef VPAES_ASM
  59. # define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
  60. # endif
  61. # define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207)
  62. # define HWAES_set_encrypt_key aes_p8_set_encrypt_key
  63. # define HWAES_set_decrypt_key aes_p8_set_decrypt_key
  64. # define HWAES_encrypt aes_p8_encrypt
  65. # define HWAES_decrypt aes_p8_decrypt
  66. # define HWAES_cbc_encrypt aes_p8_cbc_encrypt
  67. # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
  68. # define HWAES_xts_encrypt aes_p8_xts_encrypt
  69. # define HWAES_xts_decrypt aes_p8_xts_decrypt
  70. # if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX)
  71. # define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300)
  72. # define AES_GCM_ENC_BYTES 128
  73. # define AES_GCM_DEC_BYTES 128
  74. size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
  75. size_t len, const void *key, unsigned char ivec[16],
  76. u64 *Xi);
  77. size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
  78. size_t len, const void *key, unsigned char ivec[16],
  79. u64 *Xi);
  80. # define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
  81. (gctx)->gcm.funcs.ghash==gcm_ghash_p8)
  82. void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
  83. # endif /* OPENSSL_SYS_AIX || OPENSSL_SYS_MACOSX */
  84. # endif /* PPC */
  85. # if (defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(_M_ARM64))
  86. # include "arm_arch.h"
  87. # if __ARM_MAX_ARCH__>=7
  88. # if defined(BSAES_ASM)
  89. # define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
  90. # endif
  91. # if defined(VPAES_ASM)
  92. # define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
  93. # endif
  94. # define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
  95. # define HWAES_set_encrypt_key aes_v8_set_encrypt_key
  96. # define HWAES_set_decrypt_key aes_v8_set_decrypt_key
  97. # define HWAES_encrypt aes_v8_encrypt
  98. # define HWAES_decrypt aes_v8_decrypt
  99. # define HWAES_cbc_encrypt aes_v8_cbc_encrypt
  100. # define HWAES_ecb_encrypt aes_v8_ecb_encrypt
  101. # if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64))
  102. # define HWAES_xts_encrypt aes_v8_xts_encrypt
  103. # define HWAES_xts_decrypt aes_v8_xts_decrypt
  104. # endif
  105. # define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
  106. # define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES))
  107. # define AES_GCM_ENC_BYTES 512
  108. # define AES_GCM_DEC_BYTES 512
  109. # if __ARM_MAX_ARCH__>=8 && (defined(__aarch64__) || defined(_M_ARM64))
  110. # define AES_gcm_encrypt armv8_aes_gcm_encrypt
  111. # define AES_gcm_decrypt armv8_aes_gcm_decrypt
  112. # define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_v8_ctr32_encrypt_blocks && \
  113. (gctx)->gcm.funcs.ghash==gcm_ghash_v8)
  114. /* The [unroll8_eor3_]aes_gcm_(enc|dec)_(128|192|256)_kernel() functions
  115. * take input length in BITS and return number of BYTES processed */
  116. size_t aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  117. uint64_t *Xi, unsigned char ivec[16], const void *key);
  118. size_t aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  119. uint64_t *Xi, unsigned char ivec[16], const void *key);
  120. size_t aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  121. uint64_t *Xi, unsigned char ivec[16], const void *key);
  122. size_t aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  123. uint64_t *Xi, unsigned char ivec[16], const void *key);
  124. size_t aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  125. uint64_t *Xi, unsigned char ivec[16], const void *key);
  126. size_t aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  127. uint64_t *Xi, unsigned char ivec[16], const void *key);
  128. size_t unroll8_eor3_aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  129. uint64_t *Xi, unsigned char ivec[16], const void *key);
  130. size_t unroll8_eor3_aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  131. uint64_t *Xi, unsigned char ivec[16], const void *key);
  132. size_t unroll8_eor3_aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
  133. uint64_t *Xi, unsigned char ivec[16], const void *key);
  134. size_t unroll8_eor3_aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  135. uint64_t *Xi, unsigned char ivec[16], const void *key);
  136. size_t unroll8_eor3_aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  137. uint64_t *Xi, unsigned char ivec[16], const void *key);
  138. size_t unroll8_eor3_aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
  139. uint64_t *Xi, unsigned char ivec[16], const void *key);
  140. size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key,
  141. unsigned char ivec[16], u64 *Xi);
  142. size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key,
  143. unsigned char ivec[16], u64 *Xi);
  144. void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
  145. # endif
  146. # endif
  147. # endif
  148. # endif /* OPENSSL_CPUID_OBJ */
  149. # if defined(AES_ASM) && ( \
  150. defined(__x86_64) || defined(__x86_64__) || \
  151. defined(_M_AMD64) || defined(_M_X64) )
  152. # define AES_CBC_HMAC_SHA_CAPABLE 1
  153. # define AESNI_CBC_HMAC_SHA_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
  154. # endif
  155. # if defined(__loongarch__) || defined(__loongarch64)
  156. # include "loongarch_arch.h"
  157. # if defined(VPAES_ASM)
  158. # define VPAES_CAPABLE (OPENSSL_loongarch_hwcap_P & LOONGARCH_HWCAP_LSX)
  159. # endif
  160. # endif
  161. # if defined(AES_ASM) && !defined(I386_ONLY) && ( \
  162. ((defined(__i386) || defined(__i386__) || \
  163. defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
  164. defined(__x86_64) || defined(__x86_64__) || \
  165. defined(_M_AMD64) || defined(_M_X64) )
  166. /* AES-NI section */
  167. # define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
  168. # ifdef VPAES_ASM
  169. # define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
  170. # endif
  171. # ifdef BSAES_ASM
  172. # define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
  173. # endif
  174. # define AES_GCM_ENC_BYTES 32
  175. # define AES_GCM_DEC_BYTES 16
  176. int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
  177. AES_KEY *key);
  178. int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
  179. AES_KEY *key);
  180. void aesni_encrypt(const unsigned char *in, unsigned char *out,
  181. const AES_KEY *key);
  182. void aesni_decrypt(const unsigned char *in, unsigned char *out,
  183. const AES_KEY *key);
  184. void aesni_ecb_encrypt(const unsigned char *in,
  185. unsigned char *out,
  186. size_t length, const AES_KEY *key, int enc);
  187. void aesni_cbc_encrypt(const unsigned char *in,
  188. unsigned char *out,
  189. size_t length,
  190. const AES_KEY *key, unsigned char *ivec, int enc);
  191. # ifndef OPENSSL_NO_OCB
  192. void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
  193. size_t blocks, const void *key,
  194. size_t start_block_num,
  195. unsigned char offset_i[16],
  196. const unsigned char L_[][16],
  197. unsigned char checksum[16]);
  198. void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
  199. size_t blocks, const void *key,
  200. size_t start_block_num,
  201. unsigned char offset_i[16],
  202. const unsigned char L_[][16],
  203. unsigned char checksum[16]);
  204. # endif /* OPENSSL_NO_OCB */
  205. void aesni_ctr32_encrypt_blocks(const unsigned char *in,
  206. unsigned char *out,
  207. size_t blocks,
  208. const void *key, const unsigned char *ivec);
  209. void aesni_xts_encrypt(const unsigned char *in,
  210. unsigned char *out,
  211. size_t length,
  212. const AES_KEY *key1, const AES_KEY *key2,
  213. const unsigned char iv[16]);
  214. void aesni_xts_decrypt(const unsigned char *in,
  215. unsigned char *out,
  216. size_t length,
  217. const AES_KEY *key1, const AES_KEY *key2,
  218. const unsigned char iv[16]);
  219. void aesni_ccm64_encrypt_blocks(const unsigned char *in,
  220. unsigned char *out,
  221. size_t blocks,
  222. const void *key,
  223. const unsigned char ivec[16],
  224. unsigned char cmac[16]);
  225. void aesni_ccm64_decrypt_blocks(const unsigned char *in,
  226. unsigned char *out,
  227. size_t blocks,
  228. const void *key,
  229. const unsigned char ivec[16],
  230. unsigned char cmac[16]);
  231. # if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
  232. size_t aesni_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
  233. const void *key, unsigned char ivec[16], u64 *Xi);
  234. size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
  235. const void *key, unsigned char ivec[16], u64 *Xi);
  236. void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len);
  237. # define AES_gcm_encrypt aesni_gcm_encrypt
  238. # define AES_gcm_decrypt aesni_gcm_decrypt
  239. # define AES_GCM_ASM(ctx) (ctx->ctr == aesni_ctr32_encrypt_blocks && \
  240. ctx->gcm.funcs.ghash == gcm_ghash_avx)
  241. # endif
  242. # elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
  243. /* Fujitsu SPARC64 X support */
  244. # include "crypto/sparc_arch.h"
  245. # define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
  246. # define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
  247. # define HWAES_set_encrypt_key aes_fx_set_encrypt_key
  248. # define HWAES_set_decrypt_key aes_fx_set_decrypt_key
  249. # define HWAES_encrypt aes_fx_encrypt
  250. # define HWAES_decrypt aes_fx_decrypt
  251. # define HWAES_cbc_encrypt aes_fx_cbc_encrypt
  252. # define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
  253. void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
  254. void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
  255. void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
  256. const AES_KEY *key);
  257. void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
  258. const AES_KEY *key);
  259. /*
  260. * Key-length specific subroutines were chosen for following reason.
  261. * Each SPARC T4 core can execute up to 8 threads which share core's
  262. * resources. Loading as much key material to registers allows to
  263. * minimize references to shared memory interface, as well as amount
  264. * of instructions in inner loops [much needed on T4]. But then having
  265. * non-key-length specific routines would require conditional branches
  266. * either in inner loops or on subroutines' entries. Former is hardly
  267. * acceptable, while latter means code size increase to size occupied
  268. * by multiple key-length specific subroutines, so why fight?
  269. */
  270. void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
  271. size_t len, const AES_KEY *key,
  272. unsigned char *ivec, int /*unused*/);
  273. void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
  274. size_t len, const AES_KEY *key,
  275. unsigned char *ivec, int /*unused*/);
  276. void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
  277. size_t len, const AES_KEY *key,
  278. unsigned char *ivec, int /*unused*/);
  279. void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
  280. size_t len, const AES_KEY *key,
  281. unsigned char *ivec, int /*unused*/);
  282. void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
  283. size_t len, const AES_KEY *key,
  284. unsigned char *ivec, int /*unused*/);
  285. void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
  286. size_t len, const AES_KEY *key,
  287. unsigned char *ivec, int /*unused*/);
  288. void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  289. size_t blocks, const AES_KEY *key,
  290. unsigned char *ivec);
  291. void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  292. size_t blocks, const AES_KEY *key,
  293. unsigned char *ivec);
  294. void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
  295. size_t blocks, const AES_KEY *key,
  296. unsigned char *ivec);
  297. void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
  298. size_t blocks, const AES_KEY *key1,
  299. const AES_KEY *key2, const unsigned char *ivec);
  300. void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
  301. size_t blocks, const AES_KEY *key1,
  302. const AES_KEY *key2, const unsigned char *ivec);
  303. void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
  304. size_t blocks, const AES_KEY *key1,
  305. const AES_KEY *key2, const unsigned char *ivec);
  306. void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
  307. size_t blocks, const AES_KEY *key1,
  308. const AES_KEY *key2, const unsigned char *ivec);
  309. # elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
  310. /* IBM S390X support */
  311. # include "s390x_arch.h"
  312. /* Convert key size to function code: [16,24,32] -> [18,19,20]. */
  313. # define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
  314. /* Most modes of operation need km for partial block processing. */
  315. # define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
  316. S390X_CAPBIT(S390X_AES_128))
  317. # define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
  318. S390X_CAPBIT(S390X_AES_192))
  319. # define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & \
  320. S390X_CAPBIT(S390X_AES_256))
  321. # define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
  322. # define S390X_aes_192_cbc_CAPABLE 1
  323. # define S390X_aes_256_cbc_CAPABLE 1
  324. # define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE
  325. # define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE
  326. # define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE
  327. # define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && \
  328. (OPENSSL_s390xcap_P.kmo[0] & \
  329. S390X_CAPBIT(S390X_AES_128)))
  330. # define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && \
  331. (OPENSSL_s390xcap_P.kmo[0] & \
  332. S390X_CAPBIT(S390X_AES_192)))
  333. # define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && \
  334. (OPENSSL_s390xcap_P.kmo[0] & \
  335. S390X_CAPBIT(S390X_AES_256)))
  336. # define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && \
  337. (OPENSSL_s390xcap_P.kmf[0] & \
  338. S390X_CAPBIT(S390X_AES_128)))
  339. # define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && \
  340. (OPENSSL_s390xcap_P.kmf[0] & \
  341. S390X_CAPBIT(S390X_AES_192)))
  342. # define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && \
  343. (OPENSSL_s390xcap_P.kmf[0] & \
  344. S390X_CAPBIT(S390X_AES_256)))
  345. # define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
  346. S390X_CAPBIT(S390X_AES_128))
  347. # define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
  348. S390X_CAPBIT(S390X_AES_192))
  349. # define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & \
  350. S390X_CAPBIT(S390X_AES_256))
  351. # define S390X_aes_128_cfb1_CAPABLE 0
  352. # define S390X_aes_192_cfb1_CAPABLE 0
  353. # define S390X_aes_256_cfb1_CAPABLE 0
  354. # define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
  355. # define S390X_aes_192_ctr_CAPABLE 1
  356. # define S390X_aes_256_ctr_CAPABLE 1
  357. # define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
  358. # define S390X_aes_256_xts_CAPABLE 1
  359. # define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && \
  360. (OPENSSL_s390xcap_P.kma[0] & \
  361. S390X_CAPBIT(S390X_AES_128)))
  362. # define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && \
  363. (OPENSSL_s390xcap_P.kma[0] & \
  364. S390X_CAPBIT(S390X_AES_192)))
  365. # define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && \
  366. (OPENSSL_s390xcap_P.kma[0] & \
  367. S390X_CAPBIT(S390X_AES_256)))
  368. # define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && \
  369. (OPENSSL_s390xcap_P.kmac[0] & \
  370. S390X_CAPBIT(S390X_AES_128)))
  371. # define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && \
  372. (OPENSSL_s390xcap_P.kmac[0] & \
  373. S390X_CAPBIT(S390X_AES_192)))
  374. # define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && \
  375. (OPENSSL_s390xcap_P.kmac[0] & \
  376. S390X_CAPBIT(S390X_AES_256)))
  377. # define S390X_CCM_AAD_FLAG 0x40
  378. # ifndef OPENSSL_NO_OCB
  379. # define S390X_aes_128_ocb_CAPABLE 0
  380. # define S390X_aes_192_ocb_CAPABLE 0
  381. # define S390X_aes_256_ocb_CAPABLE 0
  382. # endif /* OPENSSL_NO_OCB */
  383. # ifndef OPENSSL_NO_SIV
  384. # define S390X_aes_128_siv_CAPABLE 0
  385. # define S390X_aes_192_siv_CAPABLE 0
  386. # define S390X_aes_256_siv_CAPABLE 0
  387. # endif /* OPENSSL_NO_SIV */
  388. /* Convert key size to function code: [16,24,32] -> [18,19,20]. */
  389. # define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
  390. # elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
  391. /* RISC-V 64 support */
  392. # include "riscv_arch.h"
  393. /* Zkne and Zknd extensions (scalar crypto AES). */
  394. int rv64i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
  395. AES_KEY *key);
  396. int rv64i_zknd_set_decrypt_key(const unsigned char *userKey, const int bits,
  397. AES_KEY *key);
  398. void rv64i_zkne_encrypt(const unsigned char *in, unsigned char *out,
  399. const AES_KEY *key);
  400. void rv64i_zknd_decrypt(const unsigned char *in, unsigned char *out,
  401. const AES_KEY *key);
  402. /* Zvkned extension (vector crypto AES). */
  403. int rv64i_zvkned_set_encrypt_key(const unsigned char *userKey, const int bits,
  404. AES_KEY *key);
  405. int rv64i_zvkned_set_decrypt_key(const unsigned char *userKey, const int bits,
  406. AES_KEY *key);
  407. void rv64i_zvkned_encrypt(const unsigned char *in, unsigned char *out,
  408. const AES_KEY *key);
  409. void rv64i_zvkned_decrypt(const unsigned char *in, unsigned char *out,
  410. const AES_KEY *key);
  411. void rv64i_zvkned_cbc_encrypt(const unsigned char *in, unsigned char *out,
  412. size_t length, const AES_KEY *key,
  413. unsigned char *ivec, const int enc);
  414. void rv64i_zvkned_cbc_decrypt(const unsigned char *in, unsigned char *out,
  415. size_t length, const AES_KEY *key,
  416. unsigned char *ivec, const int enc);
  417. void rv64i_zvkned_ecb_encrypt(const unsigned char *in, unsigned char *out,
  418. size_t length, const AES_KEY *key,
  419. const int enc);
  420. void rv64i_zvkned_ecb_decrypt(const unsigned char *in, unsigned char *out,
  421. size_t length, const AES_KEY *key,
  422. const int enc);
  423. void rv64i_zvkb_zvkned_ctr32_encrypt_blocks(const unsigned char *in,
  424. unsigned char *out, size_t blocks,
  425. const void *key,
  426. const unsigned char ivec[16]);
  427. size_t rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt(const unsigned char *in,
  428. unsigned char *out, size_t len,
  429. const void *key,
  430. unsigned char ivec[16], u64 *Xi);
  431. size_t rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt(const unsigned char *in,
  432. unsigned char *out, size_t len,
  433. const void *key,
  434. unsigned char ivec[16], u64 *Xi);
  435. void rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt(const unsigned char *in,
  436. unsigned char *out, size_t length,
  437. const AES_KEY *key1,
  438. const AES_KEY *key2,
  439. const unsigned char iv[16]);
  440. void rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt(const unsigned char *in,
  441. unsigned char *out, size_t length,
  442. const AES_KEY *key1,
  443. const AES_KEY *key2,
  444. const unsigned char iv[16]);
  445. void gcm_ghash_rv64i_zvkg(u64 Xi[2], const u128 Htable[16], const u8 *inp,
  446. size_t len);
  447. #define AES_GCM_ENC_BYTES 64
  448. #define AES_GCM_DEC_BYTES 64
  449. #define AES_gcm_encrypt rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt
  450. #define AES_gcm_decrypt rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt
  451. #define AES_GCM_ASM(ctx) \
  452. (ctx->ctr == rv64i_zvkb_zvkned_ctr32_encrypt_blocks && \
  453. ctx->gcm.funcs.ghash == gcm_ghash_rv64i_zvkg)
  454. # elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
  455. /* RISC-V 32 support */
  456. # include "riscv_arch.h"
  457. int rv32i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
  458. AES_KEY *key);
  459. /* set_decrypt_key needs both zknd and zkne */
  460. int rv32i_zknd_zkne_set_decrypt_key(const unsigned char *userKey, const int bits,
  461. AES_KEY *key);
  462. int rv32i_zbkb_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
  463. AES_KEY *key);
  464. int rv32i_zbkb_zknd_zkne_set_decrypt_key(const unsigned char *userKey, const int bits,
  465. AES_KEY *key);
  466. void rv32i_zkne_encrypt(const unsigned char *in, unsigned char *out,
  467. const AES_KEY *key);
  468. void rv32i_zknd_decrypt(const unsigned char *in, unsigned char *out,
  469. const AES_KEY *key);
  470. # endif
  471. # if defined(HWAES_CAPABLE)
  472. int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
  473. AES_KEY *key);
  474. int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
  475. AES_KEY *key);
  476. void HWAES_encrypt(const unsigned char *in, unsigned char *out,
  477. const AES_KEY *key);
  478. void HWAES_decrypt(const unsigned char *in, unsigned char *out,
  479. const AES_KEY *key);
  480. void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
  481. size_t length, const AES_KEY *key,
  482. unsigned char *ivec, const int enc);
  483. void HWAES_ecb_encrypt(const unsigned char *in, unsigned char *out,
  484. size_t length, const AES_KEY *key,
  485. const int enc);
  486. void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
  487. size_t len, const void *key,
  488. const unsigned char ivec[16]);
  489. void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
  490. size_t len, const AES_KEY *key1,
  491. const AES_KEY *key2, const unsigned char iv[16]);
  492. void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
  493. size_t len, const AES_KEY *key1,
  494. const AES_KEY *key2, const unsigned char iv[16]);
  495. # ifndef OPENSSL_NO_OCB
  496. # ifdef HWAES_ocb_encrypt
  497. void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
  498. size_t blocks, const void *key,
  499. size_t start_block_num,
  500. unsigned char offset_i[16],
  501. const unsigned char L_[][16],
  502. unsigned char checksum[16]);
  503. # else
  504. # define HWAES_ocb_encrypt ((ocb128_f)NULL)
  505. # endif
  506. # ifdef HWAES_ocb_decrypt
  507. void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
  508. size_t blocks, const void *key,
  509. size_t start_block_num,
  510. unsigned char offset_i[16],
  511. const unsigned char L_[][16],
  512. unsigned char checksum[16]);
  513. # else
  514. # define HWAES_ocb_decrypt ((ocb128_f)NULL)
  515. # endif
  516. # endif /* OPENSSL_NO_OCB */
  517. # endif /* HWAES_CAPABLE */
  518. #endif /* OSSL_AES_PLATFORM_H */