cipher_aes_gcm_hw.c 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
  1. /*
  2. * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Dispatch functions for AES GCM mode */
  10. /*
  11. * This file uses the low level AES functions (which are deprecated for
  12. * non-internal use) in order to implement provider AES ciphers.
  13. */
  14. #include "internal/deprecated.h"
  15. #include "cipher_aes_gcm.h"
  16. static int aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
  17. size_t keylen)
  18. {
  19. PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
  20. AES_KEY *ks = &actx->ks.ks;
  21. # ifdef HWAES_CAPABLE
  22. if (HWAES_CAPABLE) {
  23. # ifdef HWAES_ctr32_encrypt_blocks
  24. GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
  25. HWAES_ctr32_encrypt_blocks);
  26. # else
  27. GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
  28. # endif /* HWAES_ctr32_encrypt_blocks */
  29. } else
  30. # endif /* HWAES_CAPABLE */
  31. # ifdef BSAES_CAPABLE
  32. if (BSAES_CAPABLE) {
  33. GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
  34. bsaes_ctr32_encrypt_blocks);
  35. } else
  36. # endif /* BSAES_CAPABLE */
  37. # ifdef VPAES_CAPABLE
  38. if (VPAES_CAPABLE) {
  39. GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
  40. } else
  41. # endif /* VPAES_CAPABLE */
  42. {
  43. # ifdef AES_CTR_ASM
  44. GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
  45. AES_ctr32_encrypt);
  46. # else
  47. GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
  48. # endif /* AES_CTR_ASM */
  49. }
  50. ctx->key_set = 1;
  51. return 1;
  52. }
  53. static int generic_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
  54. size_t len, unsigned char *out)
  55. {
  56. if (ctx->enc) {
  57. if (ctx->ctr != NULL) {
  58. #if defined(AES_GCM_ASM)
  59. size_t bulk = 0;
  60. if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM(ctx)) {
  61. size_t res = (16 - ctx->gcm.mres) % 16;
  62. if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
  63. return 0;
  64. bulk = AES_gcm_encrypt(in + res, out + res, len - res,
  65. ctx->gcm.key,
  66. ctx->gcm.Yi.c, ctx->gcm.Xi.u);
  67. ctx->gcm.len.u[1] += bulk;
  68. bulk += res;
  69. }
  70. if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
  71. len - bulk, ctx->ctr))
  72. return 0;
  73. #else
  74. if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
  75. return 0;
  76. #endif /* AES_GCM_ASM */
  77. } else {
  78. if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
  79. return 0;
  80. }
  81. } else {
  82. if (ctx->ctr != NULL) {
  83. #if defined(AES_GCM_ASM)
  84. size_t bulk = 0;
  85. if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM(ctx)) {
  86. size_t res = (16 - ctx->gcm.mres) % 16;
  87. if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
  88. return -1;
  89. bulk = AES_gcm_decrypt(in + res, out + res, len - res,
  90. ctx->gcm.key,
  91. ctx->gcm.Yi.c, ctx->gcm.Xi.u);
  92. ctx->gcm.len.u[1] += bulk;
  93. bulk += res;
  94. }
  95. if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
  96. len - bulk, ctx->ctr))
  97. return 0;
  98. #else
  99. if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
  100. return 0;
  101. #endif /* AES_GCM_ASM */
  102. } else {
  103. if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
  104. return 0;
  105. }
  106. }
  107. return 1;
  108. }
  109. static const PROV_GCM_HW aes_gcm = {
  110. aes_gcm_initkey,
  111. ossl_gcm_setiv,
  112. ossl_gcm_aad_update,
  113. generic_aes_gcm_cipher_update,
  114. ossl_gcm_cipher_final,
  115. ossl_gcm_one_shot
  116. };
  117. #if defined(S390X_aes_128_CAPABLE)
  118. # include "cipher_aes_gcm_hw_s390x.inc"
  119. #elif defined(AESNI_CAPABLE)
  120. # include "cipher_aes_gcm_hw_aesni.inc"
  121. #elif defined(SPARC_AES_CAPABLE)
  122. # include "cipher_aes_gcm_hw_t4.inc"
  123. #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM)
  124. # include "cipher_aes_gcm_hw_armv8.inc"
  125. #else
  126. const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits)
  127. {
  128. return &aes_gcm;
  129. }
  130. #endif