1 /*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * This file uses the low level AES functions (which are deprecated for
12 * non-internal use) in order to implement provider AES ciphers.
13 */
14 #include "internal/deprecated.h"
15
16 #include "cipher_aes_xts.h"
17
18 #define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \
19 fn_block_enc, fn_block_dec, \
20 fn_stream_enc, fn_stream_dec) { \
21 size_t bytes = keylen / 2; \
22 size_t bits = bytes * 8; \
23 \
24 if (ctx->enc) { \
25 fn_set_enc_key(key, bits, &xctx->ks1.ks); \
26 xctx->xts.block1 = (block128_f)fn_block_enc; \
27 } else { \
28 fn_set_dec_key(key, bits, &xctx->ks1.ks); \
29 xctx->xts.block1 = (block128_f)fn_block_dec; \
30 } \
31 fn_set_enc_key(key + bytes, bits, &xctx->ks2.ks); \
32 xctx->xts.block2 = (block128_f)fn_block_enc; \
33 xctx->xts.key1 = &xctx->ks1; \
34 xctx->xts.key2 = &xctx->ks2; \
35 xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec; \
36 }
37
cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX * ctx,const unsigned char * key,size_t keylen)38 static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
39 const unsigned char *key,
40 size_t keylen)
41 {
42 PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
43 OSSL_xts_stream_fn stream_enc = NULL;
44 OSSL_xts_stream_fn stream_dec = NULL;
45
46 #ifdef AES_XTS_ASM
47 stream_enc = AES_xts_encrypt;
48 stream_dec = AES_xts_decrypt;
49 #endif /* AES_XTS_ASM */
50
51 #ifdef HWAES_CAPABLE
52 if (HWAES_CAPABLE) {
53 # ifdef HWAES_xts_encrypt
54 stream_enc = HWAES_xts_encrypt;
55 # endif /* HWAES_xts_encrypt */
56 # ifdef HWAES_xts_decrypt
57 stream_dec = HWAES_xts_decrypt;
58 # endif /* HWAES_xts_decrypt */
59 XTS_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key,
60 HWAES_encrypt, HWAES_decrypt,
61 stream_enc, stream_dec);
62 return 1;
63 } else
64 #endif /* HWAES_CAPABLE */
65
66 #ifdef BSAES_CAPABLE
67 if (BSAES_CAPABLE) {
68 stream_enc = ossl_bsaes_xts_encrypt;
69 stream_dec = ossl_bsaes_xts_decrypt;
70 } else
71 #endif /* BSAES_CAPABLE */
72 #ifdef VPAES_CAPABLE
73 if (VPAES_CAPABLE) {
74 XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
75 vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec);
76 return 1;
77 } else
78 #endif /* VPAES_CAPABLE */
79 {
80 (void)0;
81 }
82 {
83 XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
84 AES_encrypt, AES_decrypt, stream_enc, stream_dec);
85 }
86 return 1;
87 }
88
cipher_hw_aes_xts_copyctx(PROV_CIPHER_CTX * dst,const PROV_CIPHER_CTX * src)89 static void cipher_hw_aes_xts_copyctx(PROV_CIPHER_CTX *dst,
90 const PROV_CIPHER_CTX *src)
91 {
92 PROV_AES_XTS_CTX *sctx = (PROV_AES_XTS_CTX *)src;
93 PROV_AES_XTS_CTX *dctx = (PROV_AES_XTS_CTX *)dst;
94
95 *dctx = *sctx;
96 dctx->xts.key1 = &dctx->ks1.ks;
97 dctx->xts.key2 = &dctx->ks2.ks;
98 }
99
100 #if defined(AESNI_CAPABLE)
101
cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX * ctx,const unsigned char * key,size_t keylen)102 static int cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX *ctx,
103 const unsigned char *key, size_t keylen)
104 {
105 PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
106
107 XTS_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key,
108 aesni_encrypt, aesni_decrypt,
109 aesni_xts_encrypt, aesni_xts_decrypt);
110 return 1;
111 }
112
113 # define PROV_CIPHER_HW_declare_xts() \
114 static const PROV_CIPHER_HW aesni_xts = { \
115 cipher_hw_aesni_xts_initkey, \
116 NULL, \
117 cipher_hw_aes_xts_copyctx \
118 };
119 # define PROV_CIPHER_HW_select_xts() \
120 if (AESNI_CAPABLE) \
121 return &aesni_xts;
122
123 # elif defined(SPARC_AES_CAPABLE)
124
cipher_hw_aes_xts_t4_initkey(PROV_CIPHER_CTX * ctx,const unsigned char * key,size_t keylen)125 static int cipher_hw_aes_xts_t4_initkey(PROV_CIPHER_CTX *ctx,
126 const unsigned char *key, size_t keylen)
127 {
128 PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
129 OSSL_xts_stream_fn stream_enc = NULL;
130 OSSL_xts_stream_fn stream_dec = NULL;
131
132 /* Note: keylen is the size of 2 keys */
133 switch (keylen) {
134 case 32:
135 stream_enc = aes128_t4_xts_encrypt;
136 stream_dec = aes128_t4_xts_decrypt;
137 break;
138 case 64:
139 stream_enc = aes256_t4_xts_encrypt;
140 stream_dec = aes256_t4_xts_decrypt;
141 break;
142 default:
143 return 0;
144 }
145
146 XTS_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key,
147 aes_t4_encrypt, aes_t4_decrypt,
148 stream_enc, stream_dec);
149 return 1;
150 }
151
152 # define PROV_CIPHER_HW_declare_xts() \
153 static const PROV_CIPHER_HW aes_xts_t4 = { \
154 cipher_hw_aes_xts_t4_initkey, \
155 NULL, \
156 cipher_hw_aes_xts_copyctx \
157 };
158 # define PROV_CIPHER_HW_select_xts() \
159 if (SPARC_AES_CAPABLE) \
160 return &aes_xts_t4;
161 # else
162 /* The generic case */
163 # define PROV_CIPHER_HW_declare_xts()
164 # define PROV_CIPHER_HW_select_xts()
165 #endif
166
167 static const PROV_CIPHER_HW aes_generic_xts = {
168 cipher_hw_aes_xts_generic_initkey,
169 NULL,
170 cipher_hw_aes_xts_copyctx
171 };
PROV_CIPHER_HW_declare_xts()172 PROV_CIPHER_HW_declare_xts()
173 const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts(size_t keybits)
174 {
175 PROV_CIPHER_HW_select_xts()
176 return &aes_generic_xts;
177 }
178