2
0

eng_aesni.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525
  1. /*
  2. * Support for Intel AES-NI intruction set
  3. * Author: Huang Ying <ying.huang@intel.com>
  4. *
  5. * Intel AES-NI is a new set of Single Instruction Multiple Data
  6. * (SIMD) instructions that are going to be introduced in the next
  7. * generation of Intel processor, as of 2009. These instructions
  8. * enable fast and secure data encryption and decryption, using the
  9. * Advanced Encryption Standard (AES), defined by FIPS Publication
  10. * number 197. The architecture introduces six instructions that
  11. * offer full hardware support for AES. Four of them support high
  12. * performance data encryption and decryption, and the other two
  13. * instructions support the AES key expansion procedure.
  14. *
  15. * The white paper can be downloaded from:
  16. * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
  17. *
  18. * This file is based on engines/e_padlock.c
  19. */
  20. /* ====================================================================
  21. * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. *
  27. * 1. Redistributions of source code must retain the above copyright
  28. * notice, this list of conditions and the following disclaimer.
  29. *
  30. * 2. Redistributions in binary form must reproduce the above copyright
  31. * notice, this list of conditions and the following disclaimer in
  32. * the documentation and/or other materials provided with the
  33. * distribution.
  34. *
  35. * 3. All advertising materials mentioning features or use of this
  36. * software must display the following acknowledgment:
  37. * "This product includes software developed by the OpenSSL Project
  38. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  39. *
  40. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  41. * endorse or promote products derived from this software without
  42. * prior written permission. For written permission, please contact
  43. * licensing@OpenSSL.org.
  44. *
  45. * 5. Products derived from this software may not be called "OpenSSL"
  46. * nor may "OpenSSL" appear in their names without prior written
  47. * permission of the OpenSSL Project.
  48. *
  49. * 6. Redistributions of any form whatsoever must retain the following
  50. * acknowledgment:
  51. * "This product includes software developed by the OpenSSL Project
  52. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  53. *
  54. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  55. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  56. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  57. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  58. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  59. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  60. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  61. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  62. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  63. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  64. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  65. * OF THE POSSIBILITY OF SUCH DAMAGE.
  66. * ====================================================================
  67. *
  68. * This product includes cryptographic software written by Eric Young
  69. * (eay@cryptsoft.com). This product includes software written by Tim
  70. * Hudson (tjh@cryptsoft.com).
  71. *
  72. */
  73. #include <openssl/opensslconf.h>
  74. #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES)
  75. #include <stdio.h>
  76. #include "cryptlib.h"
  77. #include <openssl/dso.h>
  78. #include <openssl/engine.h>
  79. #include <openssl/evp.h>
  80. #include <openssl/aes.h>
  81. #include <openssl/err.h>
  82. #include <openssl/modes.h>
  83. /* AES-NI is available *ONLY* on some x86 CPUs. Not only that it
  84. doesn't exist elsewhere, but it even can't be compiled on other
  85. platforms! */
  86. #undef COMPILE_HW_AESNI
  87. #if (defined(__x86_64) || defined(__x86_64__) || \
  88. defined(_M_AMD64) || defined(_M_X64) || \
  89. defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM)
  90. #define COMPILE_HW_AESNI
  91. static ENGINE *ENGINE_aesni (void);
  92. #endif
  93. void ENGINE_load_aesni (void)
  94. {
  95. /* On non-x86 CPUs it just returns. */
  96. #ifdef COMPILE_HW_AESNI
  97. ENGINE *toadd = ENGINE_aesni();
  98. if (!toadd)
  99. return;
  100. ENGINE_add (toadd);
  101. ENGINE_free (toadd);
  102. ERR_clear_error ();
  103. #endif
  104. }
  105. #ifdef COMPILE_HW_AESNI
  106. typedef unsigned int u32;
  107. typedef unsigned char u8;
  108. #if defined(__GNUC__) && __GNUC__>=2 && !defined(PEDANTIC)
  109. # define BSWAP4(x) ({ u32 ret=(x); \
  110. asm volatile ("bswapl %0" \
  111. : "+r"(ret)); ret; })
  112. #elif defined(_MSC_VER)
  113. # if _MSC_VER>=1300
  114. # pragma intrinsic(_byteswap_ulong)
  115. # define BSWAP4(x) _byteswap_ulong((u32)(x))
  116. # elif defined(_M_IX86)
  117. __inline u32 _bswap4(u32 val) {
  118. _asm mov eax,val
  119. _asm bswap eax
  120. }
  121. # define BSWAP4(x) _bswap4(x)
  122. # endif
  123. #endif
  124. #ifdef BSWAP4
  125. #define GETU32(p) BSWAP4(*(const u32 *)(p))
  126. #define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v)
  127. #else
  128. #define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
  129. #define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
  130. #endif
  131. int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
  132. AES_KEY *key);
  133. int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
  134. AES_KEY *key);
  135. void aesni_encrypt(const unsigned char *in, unsigned char *out,
  136. const AES_KEY *key);
  137. void aesni_decrypt(const unsigned char *in, unsigned char *out,
  138. const AES_KEY *key);
  139. void aesni_ecb_encrypt(const unsigned char *in,
  140. unsigned char *out,
  141. size_t length,
  142. const AES_KEY *key,
  143. int enc);
  144. void aesni_cbc_encrypt(const unsigned char *in,
  145. unsigned char *out,
  146. size_t length,
  147. const AES_KEY *key,
  148. unsigned char *ivec, int enc);
  149. void aesni_ctr32_encrypt_blocks(const unsigned char *in,
  150. unsigned char *out,
  151. size_t blocks,
  152. const void *key,
  153. const unsigned char *ivec);
  154. /* Function for ENGINE detection and control */
  155. static int aesni_init(ENGINE *e);
  156. /* Cipher Stuff */
  157. static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  158. const int **nids, int nid);
  159. #define AESNI_MIN_ALIGN 16
  160. #define AESNI_ALIGN(x) \
  161. ((void *)(((size_t)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
  162. /* Engine names */
  163. static const char aesni_id[] = "aesni",
  164. aesni_name[] = "Intel AES-NI engine",
  165. no_aesni_name[] = "Intel AES-NI engine (no-aesni)";
  166. /* ===== Engine "management" functions ===== */
  167. /* Prepare the ENGINE structure for registration */
  168. static int
  169. aesni_bind_helper(ENGINE *e)
  170. {
  171. int engage = (OPENSSL_ia32cap_P[1] & (1 << (57-32))) != 0;
  172. /* Register everything or return with an error */
  173. if (!ENGINE_set_id(e, aesni_id) ||
  174. !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
  175. !ENGINE_set_init_function(e, aesni_init) ||
  176. (engage && !ENGINE_set_ciphers (e, aesni_ciphers))
  177. )
  178. return 0;
  179. /* Everything looks good */
  180. return 1;
  181. }
  182. /* Constructor */
  183. static ENGINE *
  184. ENGINE_aesni(void)
  185. {
  186. ENGINE *eng = ENGINE_new();
  187. if (!eng) {
  188. return NULL;
  189. }
  190. if (!aesni_bind_helper(eng)) {
  191. ENGINE_free(eng);
  192. return NULL;
  193. }
  194. return eng;
  195. }
  196. /* Check availability of the engine */
  197. static int
  198. aesni_init(ENGINE *e)
  199. {
  200. return 1;
  201. }
  202. #if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
  203. #define NID_aes_128_cfb NID_aes_128_cfb128
  204. #endif
  205. #if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
  206. #define NID_aes_128_ofb NID_aes_128_ofb128
  207. #endif
  208. #if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
  209. #define NID_aes_192_cfb NID_aes_192_cfb128
  210. #endif
  211. #if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
  212. #define NID_aes_192_ofb NID_aes_192_ofb128
  213. #endif
  214. #if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
  215. #define NID_aes_256_cfb NID_aes_256_cfb128
  216. #endif
  217. #if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
  218. #define NID_aes_256_ofb NID_aes_256_ofb128
  219. #endif
  220. /* List of supported ciphers. */
  221. static int aesni_cipher_nids[] = {
  222. NID_aes_128_ecb,
  223. NID_aes_128_cbc,
  224. NID_aes_128_cfb,
  225. NID_aes_128_ofb,
  226. NID_aes_128_ctr,
  227. NID_aes_192_ecb,
  228. NID_aes_192_cbc,
  229. NID_aes_192_cfb,
  230. NID_aes_192_ofb,
  231. NID_aes_192_ctr,
  232. NID_aes_256_ecb,
  233. NID_aes_256_cbc,
  234. NID_aes_256_cfb,
  235. NID_aes_256_ofb,
  236. NID_aes_256_ctr,
  237. };
  238. static int aesni_cipher_nids_num =
  239. (sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0]));
  240. typedef struct
  241. {
  242. AES_KEY ks;
  243. unsigned int _pad1[3];
  244. } AESNI_KEY;
  245. static int
  246. aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
  247. const unsigned char *iv, int enc)
  248. {
  249. int ret;
  250. AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
  251. if (((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_ECB_MODE
  252. || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CBC_MODE)
  253. && !enc)
  254. ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
  255. else
  256. ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key);
  257. if(ret < 0) {
  258. EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
  259. return 0;
  260. }
  261. if (ctx->cipher->flags&EVP_CIPH_CUSTOM_IV)
  262. {
  263. if (iv!=NULL)
  264. memcpy (ctx->iv,iv,ctx->cipher->iv_len);
  265. else {
  266. EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_IV_SETUP_FAILED);
  267. return 0;
  268. }
  269. }
  270. return 1;
  271. }
  272. static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
  273. const unsigned char *in, size_t inl)
  274. { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
  275. aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt);
  276. return 1;
  277. }
  278. static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
  279. const unsigned char *in, size_t inl)
  280. { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
  281. aesni_cbc_encrypt(in, out, inl, key,
  282. ctx->iv, ctx->encrypt);
  283. return 1;
  284. }
  285. static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
  286. const unsigned char *in, size_t inl)
  287. { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
  288. CRYPTO_cfb128_encrypt(in, out, inl, key, ctx->iv,
  289. &ctx->num, ctx->encrypt,
  290. (block128_f)aesni_encrypt);
  291. return 1;
  292. }
  293. static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
  294. const unsigned char *in, size_t inl)
  295. { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
  296. CRYPTO_ofb128_encrypt(in, out, inl, key, ctx->iv,
  297. &ctx->num, (block128_f)aesni_encrypt);
  298. return 1;
  299. }
  300. #define AES_BLOCK_SIZE 16
  301. #define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
  302. #define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
  303. #define EVP_CIPHER_block_size_OFB 1
  304. #define EVP_CIPHER_block_size_CFB 1
  305. /* Declaring so many ciphers by hand would be a pain.
  306. Instead introduce a bit of preprocessor magic :-) */
  307. #define DECLARE_AES_EVP(ksize,lmode,umode) \
  308. static const EVP_CIPHER aesni_##ksize##_##lmode = { \
  309. NID_aes_##ksize##_##lmode, \
  310. EVP_CIPHER_block_size_##umode, \
  311. ksize / 8, \
  312. AES_BLOCK_SIZE, \
  313. 0 | EVP_CIPH_##umode##_MODE, \
  314. aesni_init_key, \
  315. aesni_cipher_##lmode, \
  316. NULL, \
  317. sizeof(AESNI_KEY), \
  318. EVP_CIPHER_set_asn1_iv, \
  319. EVP_CIPHER_get_asn1_iv, \
  320. NULL, \
  321. NULL \
  322. }
  323. DECLARE_AES_EVP(128,ecb,ECB);
  324. DECLARE_AES_EVP(128,cbc,CBC);
  325. DECLARE_AES_EVP(128,cfb,CFB);
  326. DECLARE_AES_EVP(128,ofb,OFB);
  327. DECLARE_AES_EVP(192,ecb,ECB);
  328. DECLARE_AES_EVP(192,cbc,CBC);
  329. DECLARE_AES_EVP(192,cfb,CFB);
  330. DECLARE_AES_EVP(192,ofb,OFB);
  331. DECLARE_AES_EVP(256,ecb,ECB);
  332. DECLARE_AES_EVP(256,cbc,CBC);
  333. DECLARE_AES_EVP(256,cfb,CFB);
  334. DECLARE_AES_EVP(256,ofb,OFB);
  335. #if notused
  336. static void ctr96_inc(unsigned char *counter) {
  337. u32 n=12;
  338. u8 c;
  339. do {
  340. --n;
  341. c = counter[n];
  342. ++c;
  343. counter[n] = c;
  344. if (c) return;
  345. } while (n);
  346. }
  347. #endif
  348. static int aesni_counter(EVP_CIPHER_CTX *ctx, unsigned char *out,
  349. const unsigned char *in, size_t len)
  350. {
  351. AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
  352. CRYPTO_ctr128_encrypt_ctr32(in,out,len,key,
  353. ctx->iv,ctx->buf,(unsigned int *)&ctx->num,
  354. aesni_ctr32_encrypt_blocks);
  355. return 1;
  356. }
  357. static const EVP_CIPHER aesni_128_ctr=
  358. {
  359. NID_aes_128_ctr,1,16,16,
  360. EVP_CIPH_CUSTOM_IV,
  361. aesni_init_key,
  362. aesni_counter,
  363. NULL,
  364. sizeof(AESNI_KEY),
  365. NULL,
  366. NULL,
  367. NULL,
  368. NULL
  369. };
  370. static const EVP_CIPHER aesni_192_ctr=
  371. {
  372. NID_aes_192_ctr,1,24,16,
  373. EVP_CIPH_CUSTOM_IV,
  374. aesni_init_key,
  375. aesni_counter,
  376. NULL,
  377. sizeof(AESNI_KEY),
  378. NULL,
  379. NULL,
  380. NULL,
  381. NULL
  382. };
  383. static const EVP_CIPHER aesni_256_ctr=
  384. {
  385. NID_aes_256_ctr,1,32,16,
  386. EVP_CIPH_CUSTOM_IV,
  387. aesni_init_key,
  388. aesni_counter,
  389. NULL,
  390. sizeof(AESNI_KEY),
  391. NULL,
  392. NULL,
  393. NULL,
  394. NULL
  395. };
  396. static int
  397. aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher,
  398. const int **nids, int nid)
  399. {
  400. /* No specific cipher => return a list of supported nids ... */
  401. if (!cipher) {
  402. *nids = aesni_cipher_nids;
  403. return aesni_cipher_nids_num;
  404. }
  405. /* ... or the requested "cipher" otherwise */
  406. switch (nid) {
  407. case NID_aes_128_ecb:
  408. *cipher = &aesni_128_ecb;
  409. break;
  410. case NID_aes_128_cbc:
  411. *cipher = &aesni_128_cbc;
  412. break;
  413. case NID_aes_128_cfb:
  414. *cipher = &aesni_128_cfb;
  415. break;
  416. case NID_aes_128_ofb:
  417. *cipher = &aesni_128_ofb;
  418. break;
  419. case NID_aes_128_ctr:
  420. *cipher = &aesni_128_ctr;
  421. break;
  422. case NID_aes_192_ecb:
  423. *cipher = &aesni_192_ecb;
  424. break;
  425. case NID_aes_192_cbc:
  426. *cipher = &aesni_192_cbc;
  427. break;
  428. case NID_aes_192_cfb:
  429. *cipher = &aesni_192_cfb;
  430. break;
  431. case NID_aes_192_ofb:
  432. *cipher = &aesni_192_ofb;
  433. break;
  434. case NID_aes_192_ctr:
  435. *cipher = &aesni_192_ctr;
  436. break;
  437. case NID_aes_256_ecb:
  438. *cipher = &aesni_256_ecb;
  439. break;
  440. case NID_aes_256_cbc:
  441. *cipher = &aesni_256_cbc;
  442. break;
  443. case NID_aes_256_cfb:
  444. *cipher = &aesni_256_cfb;
  445. break;
  446. case NID_aes_256_ofb:
  447. *cipher = &aesni_256_ofb;
  448. break;
  449. case NID_aes_256_ctr:
  450. *cipher = &aesni_256_ctr;
  451. break;
  452. default:
  453. /* Sorry, we don't support this NID */
  454. *cipher = NULL;
  455. return 0;
  456. }
  457. return 1;
  458. }
  459. #endif /* COMPILE_HW_AESNI */
  460. #endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */