cipher_aes_xts_hw.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306
  1. /*
  2. * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * This file uses the low level AES functions (which are deprecated for
  11. * non-internal use) in order to implement provider AES ciphers.
  12. */
  13. #include "internal/deprecated.h"
  14. #include "cipher_aes_xts.h"
  15. #define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \
  16. fn_block_enc, fn_block_dec, \
  17. fn_stream_enc, fn_stream_dec) { \
  18. size_t bytes = keylen / 2; \
  19. size_t bits = bytes * 8; \
  20. \
  21. if (ctx->enc) { \
  22. fn_set_enc_key(key, bits, &xctx->ks1.ks); \
  23. xctx->xts.block1 = (block128_f)fn_block_enc; \
  24. } else { \
  25. fn_set_dec_key(key, bits, &xctx->ks1.ks); \
  26. xctx->xts.block1 = (block128_f)fn_block_dec; \
  27. } \
  28. fn_set_enc_key(key + bytes, bits, &xctx->ks2.ks); \
  29. xctx->xts.block2 = (block128_f)fn_block_enc; \
  30. xctx->xts.key1 = &xctx->ks1; \
  31. xctx->xts.key2 = &xctx->ks2; \
  32. xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec; \
  33. }
  34. static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
  35. const unsigned char *key,
  36. size_t keylen)
  37. {
  38. PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
  39. OSSL_xts_stream_fn stream_enc = NULL;
  40. OSSL_xts_stream_fn stream_dec = NULL;
  41. #ifdef AES_XTS_ASM
  42. stream_enc = AES_xts_encrypt;
  43. stream_dec = AES_xts_decrypt;
  44. #endif /* AES_XTS_ASM */
  45. #ifdef HWAES_CAPABLE
  46. if (HWAES_CAPABLE) {
  47. # ifdef HWAES_xts_encrypt
  48. stream_enc = HWAES_xts_encrypt;
  49. # endif /* HWAES_xts_encrypt */
  50. # ifdef HWAES_xts_decrypt
  51. stream_dec = HWAES_xts_decrypt;
  52. # endif /* HWAES_xts_decrypt */
  53. XTS_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key,
  54. HWAES_encrypt, HWAES_decrypt,
  55. stream_enc, stream_dec);
  56. return 1;
  57. } else
  58. #endif /* HWAES_CAPABLE */
  59. #ifdef BSAES_CAPABLE
  60. if (BSAES_CAPABLE) {
  61. stream_enc = ossl_bsaes_xts_encrypt;
  62. stream_dec = ossl_bsaes_xts_decrypt;
  63. } else
  64. #endif /* BSAES_CAPABLE */
  65. #ifdef VPAES_CAPABLE
  66. if (VPAES_CAPABLE) {
  67. XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
  68. vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec);
  69. return 1;
  70. } else
  71. #endif /* VPAES_CAPABLE */
  72. {
  73. (void)0;
  74. }
  75. {
  76. XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
  77. AES_encrypt, AES_decrypt, stream_enc, stream_dec);
  78. }
  79. return 1;
  80. }
  81. static void cipher_hw_aes_xts_copyctx(PROV_CIPHER_CTX *dst,
  82. const PROV_CIPHER_CTX *src)
  83. {
  84. PROV_AES_XTS_CTX *sctx = (PROV_AES_XTS_CTX *)src;
  85. PROV_AES_XTS_CTX *dctx = (PROV_AES_XTS_CTX *)dst;
  86. *dctx = *sctx;
  87. dctx->xts.key1 = &dctx->ks1.ks;
  88. dctx->xts.key2 = &dctx->ks2.ks;
  89. }
  90. #if defined(AESNI_CAPABLE)
  91. static int cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX *ctx,
  92. const unsigned char *key, size_t keylen)
  93. {
  94. PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
  95. XTS_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key,
  96. aesni_encrypt, aesni_decrypt,
  97. aesni_xts_encrypt, aesni_xts_decrypt);
  98. return 1;
  99. }
  100. # define PROV_CIPHER_HW_declare_xts() \
  101. static const PROV_CIPHER_HW aesni_xts = { \
  102. cipher_hw_aesni_xts_initkey, \
  103. NULL, \
  104. cipher_hw_aes_xts_copyctx \
  105. };
  106. # define PROV_CIPHER_HW_select_xts() \
  107. if (AESNI_CAPABLE) \
  108. return &aesni_xts;
  109. # elif defined(SPARC_AES_CAPABLE)
  110. static int cipher_hw_aes_xts_t4_initkey(PROV_CIPHER_CTX *ctx,
  111. const unsigned char *key, size_t keylen)
  112. {
  113. PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
  114. OSSL_xts_stream_fn stream_enc = NULL;
  115. OSSL_xts_stream_fn stream_dec = NULL;
  116. /* Note: keylen is the size of 2 keys */
  117. switch (keylen) {
  118. case 32:
  119. stream_enc = aes128_t4_xts_encrypt;
  120. stream_dec = aes128_t4_xts_decrypt;
  121. break;
  122. case 64:
  123. stream_enc = aes256_t4_xts_encrypt;
  124. stream_dec = aes256_t4_xts_decrypt;
  125. break;
  126. default:
  127. return 0;
  128. }
  129. XTS_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key,
  130. aes_t4_encrypt, aes_t4_decrypt,
  131. stream_enc, stream_dec);
  132. return 1;
  133. }
  134. # define PROV_CIPHER_HW_declare_xts() \
  135. static const PROV_CIPHER_HW aes_xts_t4 = { \
  136. cipher_hw_aes_xts_t4_initkey, \
  137. NULL, \
  138. cipher_hw_aes_xts_copyctx \
  139. };
  140. # define PROV_CIPHER_HW_select_xts() \
  141. if (SPARC_AES_CAPABLE) \
  142. return &aes_xts_t4;
  143. #elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
  144. static int cipher_hw_aes_xts_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
  145. const unsigned char *key,
  146. size_t keylen)
  147. {
  148. PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
  149. OSSL_xts_stream_fn stream_enc = NULL;
  150. OSSL_xts_stream_fn stream_dec = NULL;
  151. XTS_SET_KEY_FN(rv64i_zkne_set_encrypt_key, rv64i_zknd_set_decrypt_key,
  152. rv64i_zkne_encrypt, rv64i_zknd_decrypt,
  153. stream_enc, stream_dec);
  154. return 1;
  155. }
  156. static int cipher_hw_aes_xts_rv64i_zvbb_zvkg_zvkned_initkey(
  157. PROV_CIPHER_CTX *ctx, const unsigned char *key, size_t keylen)
  158. {
  159. PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
  160. OSSL_xts_stream_fn stream_enc = NULL;
  161. OSSL_xts_stream_fn stream_dec = NULL;
  162. /* Zvkned only supports 128 and 256 bit keys. */
  163. if (keylen * 8 == 128 * 2 || keylen * 8 == 256 * 2) {
  164. XTS_SET_KEY_FN(rv64i_zvkned_set_encrypt_key,
  165. rv64i_zvkned_set_decrypt_key, rv64i_zvkned_encrypt,
  166. rv64i_zvkned_decrypt,
  167. rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt,
  168. rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt);
  169. } else {
  170. XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_encrypt_key,
  171. rv64i_zvkned_encrypt, rv64i_zvkned_decrypt,
  172. stream_enc, stream_dec);
  173. }
  174. return 1;
  175. }
  176. static int cipher_hw_aes_xts_rv64i_zvkned_initkey(PROV_CIPHER_CTX *ctx,
  177. const unsigned char *key,
  178. size_t keylen)
  179. {
  180. PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
  181. OSSL_xts_stream_fn stream_enc = NULL;
  182. OSSL_xts_stream_fn stream_dec = NULL;
  183. /* Zvkned only supports 128 and 256 bit keys. */
  184. if (keylen * 8 == 128 * 2 || keylen * 8 == 256 * 2) {
  185. XTS_SET_KEY_FN(rv64i_zvkned_set_encrypt_key,
  186. rv64i_zvkned_set_decrypt_key,
  187. rv64i_zvkned_encrypt, rv64i_zvkned_decrypt,
  188. stream_enc, stream_dec);
  189. } else {
  190. XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_encrypt_key,
  191. rv64i_zvkned_encrypt, rv64i_zvkned_decrypt,
  192. stream_enc, stream_dec);
  193. }
  194. return 1;
  195. }
  196. # define PROV_CIPHER_HW_declare_xts() \
  197. static const PROV_CIPHER_HW aes_xts_rv64i_zknd_zkne = { \
  198. cipher_hw_aes_xts_rv64i_zknd_zkne_initkey, \
  199. NULL, \
  200. cipher_hw_aes_xts_copyctx \
  201. }; \
  202. static const PROV_CIPHER_HW aes_xts_rv64i_zvkned = { \
  203. cipher_hw_aes_xts_rv64i_zvkned_initkey, \
  204. NULL, \
  205. cipher_hw_aes_xts_copyctx \
  206. }; \
  207. static const PROV_CIPHER_HW aes_xts_rv64i_zvbb_zvkg_zvkned = { \
  208. cipher_hw_aes_xts_rv64i_zvbb_zvkg_zvkned_initkey, \
  209. NULL, \
  210. cipher_hw_aes_xts_copyctx \
  211. };
  212. # define PROV_CIPHER_HW_select_xts() \
  213. if (RISCV_HAS_ZVBB() && RISCV_HAS_ZVKG() && RISCV_HAS_ZVKNED() && \
  214. riscv_vlen() >= 128) \
  215. return &aes_xts_rv64i_zvbb_zvkg_zvkned; \
  216. if (RISCV_HAS_ZVKNED() && riscv_vlen() >= 128) \
  217. return &aes_xts_rv64i_zvkned; \
  218. else if (RISCV_HAS_ZKND_AND_ZKNE()) \
  219. return &aes_xts_rv64i_zknd_zkne;
  220. #elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
  221. static int cipher_hw_aes_xts_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
  222. const unsigned char *key,
  223. size_t keylen)
  224. {
  225. PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
  226. XTS_SET_KEY_FN(rv32i_zkne_set_encrypt_key, rv32i_zknd_zkne_set_decrypt_key,
  227. rv32i_zkne_encrypt, rv32i_zknd_decrypt,
  228. NULL, NULL);
  229. return 1;
  230. }
  231. static int cipher_hw_aes_xts_rv32i_zbkb_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
  232. const unsigned char *key,
  233. size_t keylen)
  234. {
  235. PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
  236. XTS_SET_KEY_FN(rv32i_zbkb_zkne_set_encrypt_key, rv32i_zbkb_zknd_zkne_set_decrypt_key,
  237. rv32i_zkne_encrypt, rv32i_zknd_decrypt,
  238. NULL, NULL);
  239. return 1;
  240. }
  241. # define PROV_CIPHER_HW_declare_xts() \
  242. static const PROV_CIPHER_HW aes_xts_rv32i_zknd_zkne = { \
  243. cipher_hw_aes_xts_rv32i_zknd_zkne_initkey, \
  244. NULL, \
  245. cipher_hw_aes_xts_copyctx \
  246. }; \
  247. static const PROV_CIPHER_HW aes_xts_rv32i_zbkb_zknd_zkne = { \
  248. cipher_hw_aes_xts_rv32i_zbkb_zknd_zkne_initkey, \
  249. NULL, \
  250. cipher_hw_aes_xts_copyctx \
  251. };
  252. # define PROV_CIPHER_HW_select_xts() \
  253. if (RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE()) \
  254. return &aes_xts_rv32i_zbkb_zknd_zkne; \
  255. if (RISCV_HAS_ZKND_AND_ZKNE()) \
  256. return &aes_xts_rv32i_zknd_zkne;
  257. # else
  258. /* The generic case */
  259. # define PROV_CIPHER_HW_declare_xts()
  260. # define PROV_CIPHER_HW_select_xts()
  261. #endif
  262. static const PROV_CIPHER_HW aes_generic_xts = {
  263. cipher_hw_aes_xts_generic_initkey,
  264. NULL,
  265. cipher_hw_aes_xts_copyctx
  266. };
  267. PROV_CIPHER_HW_declare_xts()
  268. const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts(size_t keybits)
  269. {
  270. PROV_CIPHER_HW_select_xts()
  271. return &aes_generic_xts;
  272. }