Home | History | Annotate | Line # | Download | only in ciphers 
      1 /*
      2  * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
      3  *
      4  * Licensed under the Apache License 2.0 (the "License").  You may not use
      5  * this file except in compliance with the License.  You can obtain a copy
      6  * in the file LICENSE in the source distribution or at
      7  * https://www.openssl.org/source/license.html
      8  */
      9 
     10 /* Dispatch functions for AES GCM mode */
     11 
     12 /*
     13  * This file uses the low level AES functions (which are deprecated for
     14  * non-internal use) in order to implement provider AES ciphers.
     15  */
     16 #include "internal/deprecated.h"
     17 
     18 #include "cipher_aes_gcm.h"
     19 
     20 static int aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
     21                                    size_t keylen)
     22 {
     23     PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
     24     AES_KEY *ks = &actx->ks.ks;
     25 
     26 # ifdef HWAES_CAPABLE
     27     if (HWAES_CAPABLE) {
     28 #  ifdef HWAES_ctr32_encrypt_blocks
     29         GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
     30                               HWAES_ctr32_encrypt_blocks);
     31 #  else
     32         GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
     33 #  endif /* HWAES_ctr32_encrypt_blocks */
     34     } else
     35 # endif /* HWAES_CAPABLE */
     36 
     37 # ifdef BSAES_CAPABLE
     38     if (BSAES_CAPABLE) {
     39         GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
     40                               ossl_bsaes_ctr32_encrypt_blocks);
     41     } else
     42 # endif /* BSAES_CAPABLE */
     43 
     44 # ifdef VPAES_CAPABLE
     45     if (VPAES_CAPABLE) {
     46         GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
     47     } else
     48 # endif /* VPAES_CAPABLE */
     49 
     50     {
     51 # ifdef AES_CTR_ASM
     52         GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
     53                               AES_ctr32_encrypt);
     54 # else
     55         GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
     56 # endif /* AES_CTR_ASM */
     57     }
     58     ctx->key_set = 1;
     59     return 1;
     60 }
     61 
     62 static int generic_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
     63                                          size_t len, unsigned char *out)
     64 {
     65     if (ctx->enc) {
     66         if (ctx->ctr != NULL) {
     67 #if defined(AES_GCM_ASM)
     68             size_t bulk = 0;
     69 
     70             if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM(ctx)) {
     71                 size_t res = (16 - ctx->gcm.mres) % 16;
     72 
     73                 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
     74                     return 0;
     75 
     76                 bulk = AES_gcm_encrypt(in + res, out + res, len - res,
     77                                        ctx->gcm.key,
     78                                        ctx->gcm.Yi.c, ctx->gcm.Xi.u);
     79 
     80                 ctx->gcm.len.u[1] += bulk;
     81                 bulk += res;
     82             }
     83             if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
     84                                             len - bulk, ctx->ctr))
     85                 return 0;
     86 #else
     87             if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
     88                 return 0;
     89 #endif /* AES_GCM_ASM */
     90         } else {
     91             if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
     92                 return 0;
     93         }
     94     } else {
     95         if (ctx->ctr != NULL) {
     96 #if defined(AES_GCM_ASM)
     97             size_t bulk = 0;
     98 
     99             if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM(ctx)) {
    100                 size_t res = (16 - ctx->gcm.mres) % 16;
    101 
    102                 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
    103                     return -1;
    104 
    105                 bulk = AES_gcm_decrypt(in + res, out + res, len - res,
    106                                        ctx->gcm.key,
    107                                        ctx->gcm.Yi.c, ctx->gcm.Xi.u);
    108 
    109                 ctx->gcm.len.u[1] += bulk;
    110                 bulk += res;
    111             }
    112             if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
    113                                             len - bulk, ctx->ctr))
    114                 return 0;
    115 #else
    116             if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
    117                 return 0;
    118 #endif /* AES_GCM_ASM */
    119         } else {
    120             if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
    121                 return 0;
    122         }
    123     }
    124     return 1;
    125 }
    126 
    127 static const PROV_GCM_HW aes_gcm = {
    128     aes_gcm_initkey,
    129     ossl_gcm_setiv,
    130     ossl_gcm_aad_update,
    131     generic_aes_gcm_cipher_update,
    132     ossl_gcm_cipher_final,
    133     ossl_gcm_one_shot
    134 };
    135 
    136 #if defined(S390X_aes_128_CAPABLE)
    137 # include "cipher_aes_gcm_hw_s390x.inc"
    138 #elif defined(AESNI_CAPABLE)
    139 # include "cipher_aes_gcm_hw_aesni.inc"
    140 #elif defined(SPARC_AES_CAPABLE)
    141 # include "cipher_aes_gcm_hw_t4.inc"
    142 #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM)
    143 # include "cipher_aes_gcm_hw_armv8.inc"
    144 #else
    145 const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits)
    146 {
    147     return &aes_gcm;
    148 }
    149 #endif
    150 
    151