cipher_aes_gcm_hw.c 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. /*
  2. * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Dispatch functions for AES GCM mode */
  10. /*
  11. * This file uses the low level AES functions (which are deprecated for
  12. * non-internal use) in order to implement provider AES ciphers.
  13. */
  14. #include "internal/deprecated.h"
  15. #include "cipher_aes_gcm.h"
  16. static int aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
  17. size_t keylen)
  18. {
  19. PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
  20. AES_KEY *ks = &actx->ks.ks;
  21. # ifdef HWAES_CAPABLE
  22. if (HWAES_CAPABLE) {
  23. # ifdef HWAES_ctr32_encrypt_blocks
  24. GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
  25. HWAES_ctr32_encrypt_blocks);
  26. # else
  27. GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
  28. # endif /* HWAES_ctr32_encrypt_blocks */
  29. } else
  30. # endif /* HWAES_CAPABLE */
  31. # ifdef BSAES_CAPABLE
  32. if (BSAES_CAPABLE) {
  33. GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
  34. ossl_bsaes_ctr32_encrypt_blocks);
  35. } else
  36. # endif /* BSAES_CAPABLE */
  37. # ifdef VPAES_CAPABLE
  38. if (VPAES_CAPABLE) {
  39. GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
  40. } else
  41. # endif /* VPAES_CAPABLE */
  42. {
  43. # ifdef AES_CTR_ASM
  44. GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
  45. AES_ctr32_encrypt);
  46. # else
  47. GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
  48. # endif /* AES_CTR_ASM */
  49. }
  50. return 1;
  51. }
  52. static int generic_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
  53. size_t len, unsigned char *out)
  54. {
  55. if (ctx->enc) {
  56. if (ctx->ctr != NULL) {
  57. #if defined(AES_GCM_ASM)
  58. size_t bulk = 0;
  59. if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM(ctx)) {
  60. size_t res = (16 - ctx->gcm.mres) % 16;
  61. if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
  62. return 0;
  63. bulk = AES_gcm_encrypt(in + res, out + res, len - res,
  64. ctx->gcm.key,
  65. ctx->gcm.Yi.c, ctx->gcm.Xi.u);
  66. ctx->gcm.len.u[1] += bulk;
  67. bulk += res;
  68. }
  69. if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
  70. len - bulk, ctx->ctr))
  71. return 0;
  72. #else
  73. if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
  74. return 0;
  75. #endif /* AES_GCM_ASM */
  76. } else {
  77. if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
  78. return 0;
  79. }
  80. } else {
  81. if (ctx->ctr != NULL) {
  82. #if defined(AES_GCM_ASM)
  83. size_t bulk = 0;
  84. if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM(ctx)) {
  85. size_t res = (16 - ctx->gcm.mres) % 16;
  86. if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
  87. return 0;
  88. bulk = AES_gcm_decrypt(in + res, out + res, len - res,
  89. ctx->gcm.key,
  90. ctx->gcm.Yi.c, ctx->gcm.Xi.u);
  91. ctx->gcm.len.u[1] += bulk;
  92. bulk += res;
  93. }
  94. if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
  95. len - bulk, ctx->ctr))
  96. return 0;
  97. #else
  98. if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
  99. return 0;
  100. #endif /* AES_GCM_ASM */
  101. } else {
  102. if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
  103. return 0;
  104. }
  105. }
  106. return 1;
  107. }
  108. static const PROV_GCM_HW aes_gcm = {
  109. aes_gcm_initkey,
  110. ossl_gcm_setiv,
  111. ossl_gcm_aad_update,
  112. generic_aes_gcm_cipher_update,
  113. ossl_gcm_cipher_final,
  114. ossl_gcm_one_shot
  115. };
  116. #if defined(S390X_aes_128_CAPABLE)
  117. # include "cipher_aes_gcm_hw_s390x.inc"
  118. #elif defined(AESNI_CAPABLE)
  119. # include "cipher_aes_gcm_hw_aesni.inc"
  120. #elif defined(SPARC_AES_CAPABLE)
  121. # include "cipher_aes_gcm_hw_t4.inc"
  122. #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM)
  123. # include "cipher_aes_gcm_hw_armv8.inc"
  124. #elif defined(PPC_AES_GCM_CAPABLE) && defined(_ARCH_PPC64)
  125. # include "cipher_aes_gcm_hw_ppc.inc"
  126. #elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
  127. # include "cipher_aes_gcm_hw_rv64i.inc"
  128. #elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
  129. # include "cipher_aes_gcm_hw_rv32i.inc"
  130. #else
  131. const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits)
  132. {
  133. return &aes_gcm;
  134. }
  135. #endif