1e71b7053SJung-uk Kim /*
28f1ef87aSJung-uk Kim * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
31f13597dSJung-uk Kim *
4*b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use
5e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy
6e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at
7e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html
81f13597dSJung-uk Kim */
91f13597dSJung-uk Kim
10*b077aed3SPierre Pronchery /*
11*b077aed3SPierre Pronchery * This file uses the low level AES and engine functions (which are deprecated
12*b077aed3SPierre Pronchery * for non-internal use) in order to implement the padlock engine AES ciphers.
13*b077aed3SPierre Pronchery */
14*b077aed3SPierre Pronchery #define OPENSSL_SUPPRESS_DEPRECATED
15*b077aed3SPierre Pronchery
161f13597dSJung-uk Kim #include <stdio.h>
171f13597dSJung-uk Kim #include <string.h>
181f13597dSJung-uk Kim
191f13597dSJung-uk Kim #include <openssl/opensslconf.h>
201f13597dSJung-uk Kim #include <openssl/crypto.h>
211f13597dSJung-uk Kim #include <openssl/engine.h>
221f13597dSJung-uk Kim #include <openssl/evp.h>
231f13597dSJung-uk Kim #include <openssl/aes.h>
241f13597dSJung-uk Kim #include <openssl/rand.h>
251f13597dSJung-uk Kim #include <openssl/err.h>
26e71b7053SJung-uk Kim #include <openssl/modes.h>
271f13597dSJung-uk Kim
28*b077aed3SPierre Pronchery #ifndef OPENSSL_NO_PADLOCKENG
291f13597dSJung-uk Kim
306f9291ceSJung-uk Kim /*
316f9291ceSJung-uk Kim * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
326f9291ceSJung-uk Kim * doesn't exist elsewhere, but it even can't be compiled on other platforms!
336f9291ceSJung-uk Kim */
34e71b7053SJung-uk Kim
35*b077aed3SPierre Pronchery # undef COMPILE_PADLOCKENG
36610a21fdSJung-uk Kim # if defined(PADLOCK_ASM)
37*b077aed3SPierre Pronchery # define COMPILE_PADLOCKENG
38e71b7053SJung-uk Kim # ifdef OPENSSL_NO_DYNAMIC_ENGINE
39e71b7053SJung-uk Kim static ENGINE *ENGINE_padlock(void);
401f13597dSJung-uk Kim # endif
411f13597dSJung-uk Kim # endif
421f13597dSJung-uk Kim
431f13597dSJung-uk Kim # ifdef OPENSSL_NO_DYNAMIC_ENGINE
44e71b7053SJung-uk Kim void engine_load_padlock_int(void);
engine_load_padlock_int(void)45e71b7053SJung-uk Kim void engine_load_padlock_int(void)
461f13597dSJung-uk Kim {
471f13597dSJung-uk Kim /* On non-x86 CPUs it just returns. */
48*b077aed3SPierre Pronchery # ifdef COMPILE_PADLOCKENG
491f13597dSJung-uk Kim ENGINE *toadd = ENGINE_padlock();
506f9291ceSJung-uk Kim if (!toadd)
516f9291ceSJung-uk Kim return;
52*b077aed3SPierre Pronchery ERR_set_mark();
531f13597dSJung-uk Kim ENGINE_add(toadd);
54*b077aed3SPierre Pronchery /*
55*b077aed3SPierre Pronchery * If the "add" worked, it gets a structural reference. So either way, we
56*b077aed3SPierre Pronchery * release our just-created reference.
57*b077aed3SPierre Pronchery */
581f13597dSJung-uk Kim ENGINE_free(toadd);
59*b077aed3SPierre Pronchery /*
60*b077aed3SPierre Pronchery * If the "add" didn't work, it was probably a conflict because it was
61*b077aed3SPierre Pronchery * already added (eg. someone calling ENGINE_load_blah then calling
62*b077aed3SPierre Pronchery * ENGINE_load_builtin_engines() perhaps).
63*b077aed3SPierre Pronchery */
64*b077aed3SPierre Pronchery ERR_pop_to_mark();
651f13597dSJung-uk Kim # endif
661f13597dSJung-uk Kim }
671f13597dSJung-uk Kim
681f13597dSJung-uk Kim # endif
691f13597dSJung-uk Kim
70*b077aed3SPierre Pronchery # ifdef COMPILE_PADLOCKENG
711f13597dSJung-uk Kim
721f13597dSJung-uk Kim /* Function for ENGINE detection and control */
731f13597dSJung-uk Kim static int padlock_available(void);
741f13597dSJung-uk Kim static int padlock_init(ENGINE *e);
751f13597dSJung-uk Kim
761f13597dSJung-uk Kim /* RNG Stuff */
771f13597dSJung-uk Kim static RAND_METHOD padlock_rand;
781f13597dSJung-uk Kim
791f13597dSJung-uk Kim /* Cipher Stuff */
806f9291ceSJung-uk Kim static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
816f9291ceSJung-uk Kim const int **nids, int nid);
821f13597dSJung-uk Kim
831f13597dSJung-uk Kim /* Engine names */
841f13597dSJung-uk Kim static const char *padlock_id = "padlock";
851f13597dSJung-uk Kim static char padlock_name[100];
861f13597dSJung-uk Kim
871f13597dSJung-uk Kim /* Available features */
881f13597dSJung-uk Kim static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
891f13597dSJung-uk Kim static int padlock_use_rng = 0; /* Random Number Generator */
901f13597dSJung-uk Kim
911f13597dSJung-uk Kim /* ===== Engine "management" functions ===== */
921f13597dSJung-uk Kim
931f13597dSJung-uk Kim /* Prepare the ENGINE structure for registration */
padlock_bind_helper(ENGINE * e)946f9291ceSJung-uk Kim static int padlock_bind_helper(ENGINE *e)
951f13597dSJung-uk Kim {
961f13597dSJung-uk Kim /* Check available features */
971f13597dSJung-uk Kim padlock_available();
981f13597dSJung-uk Kim
99e71b7053SJung-uk Kim /*
100e71b7053SJung-uk Kim * RNG is currently disabled for reasons discussed in commentary just
101e71b7053SJung-uk Kim * before padlock_rand_bytes function.
102e71b7053SJung-uk Kim */
1031f13597dSJung-uk Kim padlock_use_rng = 0;
1041f13597dSJung-uk Kim
1051f13597dSJung-uk Kim /* Generate a nice engine name with available features */
1061f13597dSJung-uk Kim BIO_snprintf(padlock_name, sizeof(padlock_name),
1071f13597dSJung-uk Kim "VIA PadLock (%s, %s)",
1081f13597dSJung-uk Kim padlock_use_rng ? "RNG" : "no-RNG",
1091f13597dSJung-uk Kim padlock_use_ace ? "ACE" : "no-ACE");
1101f13597dSJung-uk Kim
1111f13597dSJung-uk Kim /* Register everything or return with an error */
1121f13597dSJung-uk Kim if (!ENGINE_set_id(e, padlock_id) ||
1131f13597dSJung-uk Kim !ENGINE_set_name(e, padlock_name) ||
1141f13597dSJung-uk Kim !ENGINE_set_init_function(e, padlock_init) ||
1151f13597dSJung-uk Kim (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
1161f13597dSJung-uk Kim (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
1171f13597dSJung-uk Kim return 0;
1181f13597dSJung-uk Kim }
1191f13597dSJung-uk Kim
1201f13597dSJung-uk Kim /* Everything looks good */
1211f13597dSJung-uk Kim return 1;
1221f13597dSJung-uk Kim }
1231f13597dSJung-uk Kim
1241f13597dSJung-uk Kim # ifdef OPENSSL_NO_DYNAMIC_ENGINE
1251f13597dSJung-uk Kim /* Constructor */
ENGINE_padlock(void)1266f9291ceSJung-uk Kim static ENGINE *ENGINE_padlock(void)
1271f13597dSJung-uk Kim {
1281f13597dSJung-uk Kim ENGINE *eng = ENGINE_new();
1291f13597dSJung-uk Kim
130e71b7053SJung-uk Kim if (eng == NULL) {
1311f13597dSJung-uk Kim return NULL;
1321f13597dSJung-uk Kim }
1331f13597dSJung-uk Kim
1341f13597dSJung-uk Kim if (!padlock_bind_helper(eng)) {
1351f13597dSJung-uk Kim ENGINE_free(eng);
1361f13597dSJung-uk Kim return NULL;
1371f13597dSJung-uk Kim }
1381f13597dSJung-uk Kim
1391f13597dSJung-uk Kim return eng;
1401f13597dSJung-uk Kim }
1411f13597dSJung-uk Kim # endif
1421f13597dSJung-uk Kim
1431f13597dSJung-uk Kim /* Check availability of the engine */
padlock_init(ENGINE * e)1446f9291ceSJung-uk Kim static int padlock_init(ENGINE *e)
1451f13597dSJung-uk Kim {
1461f13597dSJung-uk Kim return (padlock_use_rng || padlock_use_ace);
1471f13597dSJung-uk Kim }
1481f13597dSJung-uk Kim
1498f1ef87aSJung-uk Kim # ifndef AES_ASM
1508f1ef87aSJung-uk Kim static int padlock_aes_set_encrypt_key(const unsigned char *userKey,
1518f1ef87aSJung-uk Kim const int bits,
1528f1ef87aSJung-uk Kim AES_KEY *key);
1538f1ef87aSJung-uk Kim static int padlock_aes_set_decrypt_key(const unsigned char *userKey,
1548f1ef87aSJung-uk Kim const int bits,
1558f1ef87aSJung-uk Kim AES_KEY *key);
1568f1ef87aSJung-uk Kim # define AES_ASM
1578f1ef87aSJung-uk Kim # define AES_set_encrypt_key padlock_aes_set_encrypt_key
1588f1ef87aSJung-uk Kim # define AES_set_decrypt_key padlock_aes_set_decrypt_key
1598f1ef87aSJung-uk Kim # include "../crypto/aes/aes_core.c"
1608f1ef87aSJung-uk Kim # endif
1618f1ef87aSJung-uk Kim
1626f9291ceSJung-uk Kim /*
1636f9291ceSJung-uk Kim * This stuff is needed if this ENGINE is being compiled into a
1646f9291ceSJung-uk Kim * self-contained shared-library.
1651f13597dSJung-uk Kim */
166610a21fdSJung-uk Kim # ifndef OPENSSL_NO_DYNAMIC_ENGINE
padlock_bind_fn(ENGINE * e,const char * id)1676f9291ceSJung-uk Kim static int padlock_bind_fn(ENGINE *e, const char *id)
1681f13597dSJung-uk Kim {
1691f13597dSJung-uk Kim if (id && (strcmp(id, padlock_id) != 0)) {
1701f13597dSJung-uk Kim return 0;
1711f13597dSJung-uk Kim }
1721f13597dSJung-uk Kim
1731f13597dSJung-uk Kim if (!padlock_bind_helper(e)) {
1741f13597dSJung-uk Kim return 0;
1751f13597dSJung-uk Kim }
1761f13597dSJung-uk Kim
1771f13597dSJung-uk Kim return 1;
1781f13597dSJung-uk Kim }
1791f13597dSJung-uk Kim
1801f13597dSJung-uk Kim IMPLEMENT_DYNAMIC_CHECK_FN()
1811f13597dSJung-uk Kim IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
182610a21fdSJung-uk Kim # endif /* !OPENSSL_NO_DYNAMIC_ENGINE */
1831f13597dSJung-uk Kim /* ===== Here comes the "real" engine ===== */
184e71b7053SJung-uk Kim
1851f13597dSJung-uk Kim /* Some AES-related constants */
1861f13597dSJung-uk Kim # define AES_BLOCK_SIZE 16
1871f13597dSJung-uk Kim # define AES_KEY_SIZE_128 16
1881f13597dSJung-uk Kim # define AES_KEY_SIZE_192 24
1891f13597dSJung-uk Kim # define AES_KEY_SIZE_256 32
1906f9291ceSJung-uk Kim /*
1916f9291ceSJung-uk Kim * Here we store the status information relevant to the current context.
1921f13597dSJung-uk Kim */
1936f9291ceSJung-uk Kim /*
1946f9291ceSJung-uk Kim * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on
1956f9291ceSJung-uk Kim * the order of items in this structure. Don't blindly modify, reorder,
1966f9291ceSJung-uk Kim * etc!
1976f9291ceSJung-uk Kim */
1986f9291ceSJung-uk Kim struct padlock_cipher_data {
1991f13597dSJung-uk Kim unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
2006f9291ceSJung-uk Kim union {
2016f9291ceSJung-uk Kim unsigned int pad[4];
2021f13597dSJung-uk Kim struct {
2031f13597dSJung-uk Kim int rounds:4;
2041f13597dSJung-uk Kim int dgst:1; /* n/a in C3 */
2051f13597dSJung-uk Kim int align:1; /* n/a in C3 */
2061f13597dSJung-uk Kim int ciphr:1; /* n/a in C3 */
2071f13597dSJung-uk Kim unsigned int keygen:1;
2081f13597dSJung-uk Kim int interm:1;
2091f13597dSJung-uk Kim unsigned int encdec:1;
2101f13597dSJung-uk Kim int ksize:2;
2111f13597dSJung-uk Kim } b;
2121f13597dSJung-uk Kim } cword; /* Control word */
2131f13597dSJung-uk Kim AES_KEY ks; /* Encryption key */
2141f13597dSJung-uk Kim };
2151f13597dSJung-uk Kim
216e71b7053SJung-uk Kim /* Interface to assembler module */
217e71b7053SJung-uk Kim unsigned int padlock_capability(void);
218e71b7053SJung-uk Kim void padlock_key_bswap(AES_KEY *key);
219e71b7053SJung-uk Kim void padlock_verify_context(struct padlock_cipher_data *ctx);
220e71b7053SJung-uk Kim void padlock_reload_key(void);
221e71b7053SJung-uk Kim void padlock_aes_block(void *out, const void *inp,
222e71b7053SJung-uk Kim struct padlock_cipher_data *ctx);
223e71b7053SJung-uk Kim int padlock_ecb_encrypt(void *out, const void *inp,
224e71b7053SJung-uk Kim struct padlock_cipher_data *ctx, size_t len);
225e71b7053SJung-uk Kim int padlock_cbc_encrypt(void *out, const void *inp,
226e71b7053SJung-uk Kim struct padlock_cipher_data *ctx, size_t len);
227e71b7053SJung-uk Kim int padlock_cfb_encrypt(void *out, const void *inp,
228e71b7053SJung-uk Kim struct padlock_cipher_data *ctx, size_t len);
229e71b7053SJung-uk Kim int padlock_ofb_encrypt(void *out, const void *inp,
230e71b7053SJung-uk Kim struct padlock_cipher_data *ctx, size_t len);
231e71b7053SJung-uk Kim int padlock_ctr32_encrypt(void *out, const void *inp,
232e71b7053SJung-uk Kim struct padlock_cipher_data *ctx, size_t len);
233e71b7053SJung-uk Kim int padlock_xstore(void *out, int edx);
234e71b7053SJung-uk Kim void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
235e71b7053SJung-uk Kim void padlock_sha1(void *ctx, const void *inp, size_t len);
236e71b7053SJung-uk Kim void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
237e71b7053SJung-uk Kim void padlock_sha256(void *ctx, const void *inp, size_t len);
2381f13597dSJung-uk Kim
2396f9291ceSJung-uk Kim /*
2406f9291ceSJung-uk Kim * Load supported features of the CPU to see if the PadLock is available.
2416f9291ceSJung-uk Kim */
padlock_available(void)2426f9291ceSJung-uk Kim static int padlock_available(void)
2431f13597dSJung-uk Kim {
244e71b7053SJung-uk Kim unsigned int edx = padlock_capability();
2451f13597dSJung-uk Kim
2461f13597dSJung-uk Kim /* Fill up some flags */
2471f13597dSJung-uk Kim padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
2481f13597dSJung-uk Kim padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
2491f13597dSJung-uk Kim
2501f13597dSJung-uk Kim return padlock_use_ace + padlock_use_rng;
2511f13597dSJung-uk Kim }
2521f13597dSJung-uk Kim
2531f13597dSJung-uk Kim /* ===== AES encryption/decryption ===== */
254e71b7053SJung-uk Kim
2551f13597dSJung-uk Kim # if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
2561f13597dSJung-uk Kim # define NID_aes_128_cfb NID_aes_128_cfb128
2571f13597dSJung-uk Kim # endif
258e71b7053SJung-uk Kim
2591f13597dSJung-uk Kim # if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
2601f13597dSJung-uk Kim # define NID_aes_128_ofb NID_aes_128_ofb128
2611f13597dSJung-uk Kim # endif
262e71b7053SJung-uk Kim
2631f13597dSJung-uk Kim # if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
2641f13597dSJung-uk Kim # define NID_aes_192_cfb NID_aes_192_cfb128
2651f13597dSJung-uk Kim # endif
266e71b7053SJung-uk Kim
2671f13597dSJung-uk Kim # if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
2681f13597dSJung-uk Kim # define NID_aes_192_ofb NID_aes_192_ofb128
2691f13597dSJung-uk Kim # endif
270e71b7053SJung-uk Kim
2711f13597dSJung-uk Kim # if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
2721f13597dSJung-uk Kim # define NID_aes_256_cfb NID_aes_256_cfb128
2731f13597dSJung-uk Kim # endif
274e71b7053SJung-uk Kim
2751f13597dSJung-uk Kim # if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
2761f13597dSJung-uk Kim # define NID_aes_256_ofb NID_aes_256_ofb128
2771f13597dSJung-uk Kim # endif
278e71b7053SJung-uk Kim
279e71b7053SJung-uk Kim /* List of supported ciphers. */
280e71b7053SJung-uk Kim static const int padlock_cipher_nids[] = {
2811f13597dSJung-uk Kim NID_aes_128_ecb,
2821f13597dSJung-uk Kim NID_aes_128_cbc,
2831f13597dSJung-uk Kim NID_aes_128_cfb,
2841f13597dSJung-uk Kim NID_aes_128_ofb,
285e71b7053SJung-uk Kim NID_aes_128_ctr,
2861f13597dSJung-uk Kim
2871f13597dSJung-uk Kim NID_aes_192_ecb,
2881f13597dSJung-uk Kim NID_aes_192_cbc,
2891f13597dSJung-uk Kim NID_aes_192_cfb,
2901f13597dSJung-uk Kim NID_aes_192_ofb,
291e71b7053SJung-uk Kim NID_aes_192_ctr,
2921f13597dSJung-uk Kim
2931f13597dSJung-uk Kim NID_aes_256_ecb,
2941f13597dSJung-uk Kim NID_aes_256_cbc,
2951f13597dSJung-uk Kim NID_aes_256_cfb,
2961f13597dSJung-uk Kim NID_aes_256_ofb,
297e71b7053SJung-uk Kim NID_aes_256_ctr
2981f13597dSJung-uk Kim };
2996f9291ceSJung-uk Kim
3001f13597dSJung-uk Kim static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
3011f13597dSJung-uk Kim sizeof(padlock_cipher_nids[0]));
3021f13597dSJung-uk Kim
3031f13597dSJung-uk Kim /* Function prototypes ... */
3041f13597dSJung-uk Kim static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
3051f13597dSJung-uk Kim const unsigned char *iv, int enc);
3061f13597dSJung-uk Kim
3071f13597dSJung-uk Kim # define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
3081f13597dSJung-uk Kim ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
3091f13597dSJung-uk Kim # define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
310e71b7053SJung-uk Kim NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
311e71b7053SJung-uk Kim
312e71b7053SJung-uk Kim static int
padlock_ecb_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out_arg,const unsigned char * in_arg,size_t nbytes)313e71b7053SJung-uk Kim padlock_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
314e71b7053SJung-uk Kim const unsigned char *in_arg, size_t nbytes)
315e71b7053SJung-uk Kim {
316e71b7053SJung-uk Kim return padlock_ecb_encrypt(out_arg, in_arg,
317e71b7053SJung-uk Kim ALIGNED_CIPHER_DATA(ctx), nbytes);
318e71b7053SJung-uk Kim }
319e71b7053SJung-uk Kim
320e71b7053SJung-uk Kim static int
padlock_cbc_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out_arg,const unsigned char * in_arg,size_t nbytes)321e71b7053SJung-uk Kim padlock_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
322e71b7053SJung-uk Kim const unsigned char *in_arg, size_t nbytes)
323e71b7053SJung-uk Kim {
324e71b7053SJung-uk Kim struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
325e71b7053SJung-uk Kim int ret;
326e71b7053SJung-uk Kim
327e71b7053SJung-uk Kim memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
328e71b7053SJung-uk Kim if ((ret = padlock_cbc_encrypt(out_arg, in_arg, cdata, nbytes)))
329e71b7053SJung-uk Kim memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
330e71b7053SJung-uk Kim return ret;
331e71b7053SJung-uk Kim }
332e71b7053SJung-uk Kim
333e71b7053SJung-uk Kim static int
padlock_cfb_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out_arg,const unsigned char * in_arg,size_t nbytes)334e71b7053SJung-uk Kim padlock_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
335e71b7053SJung-uk Kim const unsigned char *in_arg, size_t nbytes)
336e71b7053SJung-uk Kim {
337e71b7053SJung-uk Kim struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
338e71b7053SJung-uk Kim size_t chunk;
339e71b7053SJung-uk Kim
340*b077aed3SPierre Pronchery if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */
341e71b7053SJung-uk Kim unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
342e71b7053SJung-uk Kim
343e71b7053SJung-uk Kim if (chunk >= AES_BLOCK_SIZE)
344e71b7053SJung-uk Kim return 0; /* bogus value */
345e71b7053SJung-uk Kim
346*b077aed3SPierre Pronchery if (EVP_CIPHER_CTX_is_encrypting(ctx))
347e71b7053SJung-uk Kim while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
348e71b7053SJung-uk Kim ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
349e71b7053SJung-uk Kim chunk++, nbytes--;
350e71b7053SJung-uk Kim } else
351e71b7053SJung-uk Kim while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
352e71b7053SJung-uk Kim unsigned char c = *(in_arg++);
353e71b7053SJung-uk Kim *(out_arg++) = c ^ ivp[chunk];
354e71b7053SJung-uk Kim ivp[chunk++] = c, nbytes--;
355e71b7053SJung-uk Kim }
356e71b7053SJung-uk Kim
357e71b7053SJung-uk Kim EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
358e71b7053SJung-uk Kim }
359e71b7053SJung-uk Kim
360e71b7053SJung-uk Kim if (nbytes == 0)
361e71b7053SJung-uk Kim return 1;
362e71b7053SJung-uk Kim
363e71b7053SJung-uk Kim memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
364e71b7053SJung-uk Kim
365e71b7053SJung-uk Kim if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
366e71b7053SJung-uk Kim if (!padlock_cfb_encrypt(out_arg, in_arg, cdata, chunk))
367e71b7053SJung-uk Kim return 0;
368e71b7053SJung-uk Kim nbytes -= chunk;
369e71b7053SJung-uk Kim }
370e71b7053SJung-uk Kim
371e71b7053SJung-uk Kim if (nbytes) {
372e71b7053SJung-uk Kim unsigned char *ivp = cdata->iv;
373e71b7053SJung-uk Kim
374e71b7053SJung-uk Kim out_arg += chunk;
375e71b7053SJung-uk Kim in_arg += chunk;
376e71b7053SJung-uk Kim EVP_CIPHER_CTX_set_num(ctx, nbytes);
377e71b7053SJung-uk Kim if (cdata->cword.b.encdec) {
378e71b7053SJung-uk Kim cdata->cword.b.encdec = 0;
379e71b7053SJung-uk Kim padlock_reload_key();
380e71b7053SJung-uk Kim padlock_aes_block(ivp, ivp, cdata);
381e71b7053SJung-uk Kim cdata->cword.b.encdec = 1;
382e71b7053SJung-uk Kim padlock_reload_key();
383e71b7053SJung-uk Kim while (nbytes) {
384e71b7053SJung-uk Kim unsigned char c = *(in_arg++);
385e71b7053SJung-uk Kim *(out_arg++) = c ^ *ivp;
386e71b7053SJung-uk Kim *(ivp++) = c, nbytes--;
387e71b7053SJung-uk Kim }
388e71b7053SJung-uk Kim } else {
389e71b7053SJung-uk Kim padlock_reload_key();
390e71b7053SJung-uk Kim padlock_aes_block(ivp, ivp, cdata);
391e71b7053SJung-uk Kim padlock_reload_key();
392e71b7053SJung-uk Kim while (nbytes) {
393e71b7053SJung-uk Kim *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
394e71b7053SJung-uk Kim ivp++, nbytes--;
395e71b7053SJung-uk Kim }
396e71b7053SJung-uk Kim }
397e71b7053SJung-uk Kim }
398e71b7053SJung-uk Kim
399e71b7053SJung-uk Kim memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
400e71b7053SJung-uk Kim
401e71b7053SJung-uk Kim return 1;
402e71b7053SJung-uk Kim }
403e71b7053SJung-uk Kim
404e71b7053SJung-uk Kim static int
padlock_ofb_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out_arg,const unsigned char * in_arg,size_t nbytes)405e71b7053SJung-uk Kim padlock_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
406e71b7053SJung-uk Kim const unsigned char *in_arg, size_t nbytes)
407e71b7053SJung-uk Kim {
408e71b7053SJung-uk Kim struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
409e71b7053SJung-uk Kim size_t chunk;
410e71b7053SJung-uk Kim
411e71b7053SJung-uk Kim /*
412e71b7053SJung-uk Kim * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
413e71b7053SJung-uk Kim */
414*b077aed3SPierre Pronchery if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */
415e71b7053SJung-uk Kim unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
416e71b7053SJung-uk Kim
417e71b7053SJung-uk Kim if (chunk >= AES_BLOCK_SIZE)
418e71b7053SJung-uk Kim return 0; /* bogus value */
419e71b7053SJung-uk Kim
420e71b7053SJung-uk Kim while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
421e71b7053SJung-uk Kim *(out_arg++) = *(in_arg++) ^ ivp[chunk];
422e71b7053SJung-uk Kim chunk++, nbytes--;
423e71b7053SJung-uk Kim }
424e71b7053SJung-uk Kim
425e71b7053SJung-uk Kim EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
426e71b7053SJung-uk Kim }
427e71b7053SJung-uk Kim
428e71b7053SJung-uk Kim if (nbytes == 0)
429e71b7053SJung-uk Kim return 1;
430e71b7053SJung-uk Kim
431e71b7053SJung-uk Kim memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
432e71b7053SJung-uk Kim
433e71b7053SJung-uk Kim if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
434e71b7053SJung-uk Kim if (!padlock_ofb_encrypt(out_arg, in_arg, cdata, chunk))
435e71b7053SJung-uk Kim return 0;
436e71b7053SJung-uk Kim nbytes -= chunk;
437e71b7053SJung-uk Kim }
438e71b7053SJung-uk Kim
439e71b7053SJung-uk Kim if (nbytes) {
440e71b7053SJung-uk Kim unsigned char *ivp = cdata->iv;
441e71b7053SJung-uk Kim
442e71b7053SJung-uk Kim out_arg += chunk;
443e71b7053SJung-uk Kim in_arg += chunk;
444e71b7053SJung-uk Kim EVP_CIPHER_CTX_set_num(ctx, nbytes);
445e71b7053SJung-uk Kim padlock_reload_key(); /* empirically found */
446e71b7053SJung-uk Kim padlock_aes_block(ivp, ivp, cdata);
447e71b7053SJung-uk Kim padlock_reload_key(); /* empirically found */
448e71b7053SJung-uk Kim while (nbytes) {
449e71b7053SJung-uk Kim *(out_arg++) = *(in_arg++) ^ *ivp;
450e71b7053SJung-uk Kim ivp++, nbytes--;
451e71b7053SJung-uk Kim }
452e71b7053SJung-uk Kim }
453e71b7053SJung-uk Kim
454e71b7053SJung-uk Kim memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
455e71b7053SJung-uk Kim
456e71b7053SJung-uk Kim return 1;
457e71b7053SJung-uk Kim }
458e71b7053SJung-uk Kim
padlock_ctr32_encrypt_glue(const unsigned char * in,unsigned char * out,size_t blocks,struct padlock_cipher_data * ctx,const unsigned char * ivec)459e71b7053SJung-uk Kim static void padlock_ctr32_encrypt_glue(const unsigned char *in,
460e71b7053SJung-uk Kim unsigned char *out, size_t blocks,
461e71b7053SJung-uk Kim struct padlock_cipher_data *ctx,
462e71b7053SJung-uk Kim const unsigned char *ivec)
463e71b7053SJung-uk Kim {
464e71b7053SJung-uk Kim memcpy(ctx->iv, ivec, AES_BLOCK_SIZE);
465e71b7053SJung-uk Kim padlock_ctr32_encrypt(out, in, ctx, AES_BLOCK_SIZE * blocks);
466e71b7053SJung-uk Kim }
467e71b7053SJung-uk Kim
468e71b7053SJung-uk Kim static int
padlock_ctr_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out_arg,const unsigned char * in_arg,size_t nbytes)469e71b7053SJung-uk Kim padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
470e71b7053SJung-uk Kim const unsigned char *in_arg, size_t nbytes)
471e71b7053SJung-uk Kim {
472e71b7053SJung-uk Kim struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
473*b077aed3SPierre Pronchery int n = EVP_CIPHER_CTX_get_num(ctx);
474*b077aed3SPierre Pronchery unsigned int num;
475*b077aed3SPierre Pronchery
476*b077aed3SPierre Pronchery if (n < 0)
477*b077aed3SPierre Pronchery return 0;
478*b077aed3SPierre Pronchery num = (unsigned int)n;
479e71b7053SJung-uk Kim
480e71b7053SJung-uk Kim CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes,
481e71b7053SJung-uk Kim cdata, EVP_CIPHER_CTX_iv_noconst(ctx),
482e71b7053SJung-uk Kim EVP_CIPHER_CTX_buf_noconst(ctx), &num,
483e71b7053SJung-uk Kim (ctr128_f) padlock_ctr32_encrypt_glue);
484e71b7053SJung-uk Kim
485e71b7053SJung-uk Kim EVP_CIPHER_CTX_set_num(ctx, (size_t)num);
486e71b7053SJung-uk Kim return 1;
487e71b7053SJung-uk Kim }
4881f13597dSJung-uk Kim
4891f13597dSJung-uk Kim # define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
4901f13597dSJung-uk Kim # define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
4911f13597dSJung-uk Kim # define EVP_CIPHER_block_size_OFB 1
4921f13597dSJung-uk Kim # define EVP_CIPHER_block_size_CFB 1
493e71b7053SJung-uk Kim # define EVP_CIPHER_block_size_CTR 1
4941f13597dSJung-uk Kim
4956f9291ceSJung-uk Kim /*
4966f9291ceSJung-uk Kim * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
4976f9291ceSJung-uk Kim * of preprocessor magic :-)
4986f9291ceSJung-uk Kim */
4991f13597dSJung-uk Kim # define DECLARE_AES_EVP(ksize,lmode,umode) \
500e71b7053SJung-uk Kim static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
501e71b7053SJung-uk Kim static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
502e71b7053SJung-uk Kim { \
503e71b7053SJung-uk Kim if (_hidden_aes_##ksize##_##lmode == NULL \
504e71b7053SJung-uk Kim && ((_hidden_aes_##ksize##_##lmode = \
505e71b7053SJung-uk Kim EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode, \
5061f13597dSJung-uk Kim EVP_CIPHER_block_size_##umode, \
507e71b7053SJung-uk Kim AES_KEY_SIZE_##ksize)) == NULL \
508e71b7053SJung-uk Kim || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \
509e71b7053SJung-uk Kim AES_BLOCK_SIZE) \
510e71b7053SJung-uk Kim || !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \
511e71b7053SJung-uk Kim 0 | EVP_CIPH_##umode##_MODE) \
512e71b7053SJung-uk Kim || !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \
513e71b7053SJung-uk Kim padlock_aes_init_key) \
514e71b7053SJung-uk Kim || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \
515e71b7053SJung-uk Kim padlock_##lmode##_cipher) \
516e71b7053SJung-uk Kim || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \
517e71b7053SJung-uk Kim sizeof(struct padlock_cipher_data) + 16) \
518e71b7053SJung-uk Kim || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \
519e71b7053SJung-uk Kim EVP_CIPHER_set_asn1_iv) \
520e71b7053SJung-uk Kim || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \
521e71b7053SJung-uk Kim EVP_CIPHER_get_asn1_iv))) { \
522e71b7053SJung-uk Kim EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode); \
523e71b7053SJung-uk Kim _hidden_aes_##ksize##_##lmode = NULL; \
524e71b7053SJung-uk Kim } \
525e71b7053SJung-uk Kim return _hidden_aes_##ksize##_##lmode; \
5261f13597dSJung-uk Kim }
5271f13597dSJung-uk Kim
528e71b7053SJung-uk Kim DECLARE_AES_EVP(128, ecb, ECB)
529e71b7053SJung-uk Kim DECLARE_AES_EVP(128, cbc, CBC)
530e71b7053SJung-uk Kim DECLARE_AES_EVP(128, cfb, CFB)
531e71b7053SJung-uk Kim DECLARE_AES_EVP(128, ofb, OFB)
532e71b7053SJung-uk Kim DECLARE_AES_EVP(128, ctr, CTR)
5331f13597dSJung-uk Kim
534e71b7053SJung-uk Kim DECLARE_AES_EVP(192, ecb, ECB)
535e71b7053SJung-uk Kim DECLARE_AES_EVP(192, cbc, CBC)
536e71b7053SJung-uk Kim DECLARE_AES_EVP(192, cfb, CFB)
537e71b7053SJung-uk Kim DECLARE_AES_EVP(192, ofb, OFB)
538e71b7053SJung-uk Kim DECLARE_AES_EVP(192, ctr, CTR)
5391f13597dSJung-uk Kim
540e71b7053SJung-uk Kim DECLARE_AES_EVP(256, ecb, ECB)
541e71b7053SJung-uk Kim DECLARE_AES_EVP(256, cbc, CBC)
542e71b7053SJung-uk Kim DECLARE_AES_EVP(256, cfb, CFB)
543e71b7053SJung-uk Kim DECLARE_AES_EVP(256, ofb, OFB)
544e71b7053SJung-uk Kim DECLARE_AES_EVP(256, ctr, CTR)
5451f13597dSJung-uk Kim
5461f13597dSJung-uk Kim static int
padlock_ciphers(ENGINE * e,const EVP_CIPHER ** cipher,const int ** nids,int nid)5476f9291ceSJung-uk Kim padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
5486f9291ceSJung-uk Kim int nid)
5491f13597dSJung-uk Kim {
5501f13597dSJung-uk Kim /* No specific cipher => return a list of supported nids ... */
5511f13597dSJung-uk Kim if (!cipher) {
5521f13597dSJung-uk Kim *nids = padlock_cipher_nids;
5531f13597dSJung-uk Kim return padlock_cipher_nids_num;
5541f13597dSJung-uk Kim }
5551f13597dSJung-uk Kim
5561f13597dSJung-uk Kim /* ... or the requested "cipher" otherwise */
5571f13597dSJung-uk Kim switch (nid) {
5581f13597dSJung-uk Kim case NID_aes_128_ecb:
559e71b7053SJung-uk Kim *cipher = padlock_aes_128_ecb();
5601f13597dSJung-uk Kim break;
5611f13597dSJung-uk Kim case NID_aes_128_cbc:
562e71b7053SJung-uk Kim *cipher = padlock_aes_128_cbc();
5631f13597dSJung-uk Kim break;
5641f13597dSJung-uk Kim case NID_aes_128_cfb:
565e71b7053SJung-uk Kim *cipher = padlock_aes_128_cfb();
5661f13597dSJung-uk Kim break;
5671f13597dSJung-uk Kim case NID_aes_128_ofb:
568e71b7053SJung-uk Kim *cipher = padlock_aes_128_ofb();
569e71b7053SJung-uk Kim break;
570e71b7053SJung-uk Kim case NID_aes_128_ctr:
571e71b7053SJung-uk Kim *cipher = padlock_aes_128_ctr();
5721f13597dSJung-uk Kim break;
5731f13597dSJung-uk Kim
5741f13597dSJung-uk Kim case NID_aes_192_ecb:
575e71b7053SJung-uk Kim *cipher = padlock_aes_192_ecb();
5761f13597dSJung-uk Kim break;
5771f13597dSJung-uk Kim case NID_aes_192_cbc:
578e71b7053SJung-uk Kim *cipher = padlock_aes_192_cbc();
5791f13597dSJung-uk Kim break;
5801f13597dSJung-uk Kim case NID_aes_192_cfb:
581e71b7053SJung-uk Kim *cipher = padlock_aes_192_cfb();
5821f13597dSJung-uk Kim break;
5831f13597dSJung-uk Kim case NID_aes_192_ofb:
584e71b7053SJung-uk Kim *cipher = padlock_aes_192_ofb();
585e71b7053SJung-uk Kim break;
586e71b7053SJung-uk Kim case NID_aes_192_ctr:
587e71b7053SJung-uk Kim *cipher = padlock_aes_192_ctr();
5881f13597dSJung-uk Kim break;
5891f13597dSJung-uk Kim
5901f13597dSJung-uk Kim case NID_aes_256_ecb:
591e71b7053SJung-uk Kim *cipher = padlock_aes_256_ecb();
5921f13597dSJung-uk Kim break;
5931f13597dSJung-uk Kim case NID_aes_256_cbc:
594e71b7053SJung-uk Kim *cipher = padlock_aes_256_cbc();
5951f13597dSJung-uk Kim break;
5961f13597dSJung-uk Kim case NID_aes_256_cfb:
597e71b7053SJung-uk Kim *cipher = padlock_aes_256_cfb();
5981f13597dSJung-uk Kim break;
5991f13597dSJung-uk Kim case NID_aes_256_ofb:
600e71b7053SJung-uk Kim *cipher = padlock_aes_256_ofb();
601e71b7053SJung-uk Kim break;
602e71b7053SJung-uk Kim case NID_aes_256_ctr:
603e71b7053SJung-uk Kim *cipher = padlock_aes_256_ctr();
6041f13597dSJung-uk Kim break;
6051f13597dSJung-uk Kim
6061f13597dSJung-uk Kim default:
6071f13597dSJung-uk Kim /* Sorry, we don't support this NID */
6081f13597dSJung-uk Kim *cipher = NULL;
6091f13597dSJung-uk Kim return 0;
6101f13597dSJung-uk Kim }
6111f13597dSJung-uk Kim
6121f13597dSJung-uk Kim return 1;
6131f13597dSJung-uk Kim }
6141f13597dSJung-uk Kim
6151f13597dSJung-uk Kim /* Prepare the encryption key for PadLock usage */
6161f13597dSJung-uk Kim static int
padlock_aes_init_key(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)6171f13597dSJung-uk Kim padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
6181f13597dSJung-uk Kim const unsigned char *iv, int enc)
6191f13597dSJung-uk Kim {
6201f13597dSJung-uk Kim struct padlock_cipher_data *cdata;
621*b077aed3SPierre Pronchery int key_len = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
622*b077aed3SPierre Pronchery unsigned long mode = EVP_CIPHER_CTX_get_mode(ctx);
6231f13597dSJung-uk Kim
6246f9291ceSJung-uk Kim if (key == NULL)
6256f9291ceSJung-uk Kim return 0; /* ERROR */
6261f13597dSJung-uk Kim
6271f13597dSJung-uk Kim cdata = ALIGNED_CIPHER_DATA(ctx);
628e71b7053SJung-uk Kim memset(cdata, 0, sizeof(*cdata));
6291f13597dSJung-uk Kim
6301f13597dSJung-uk Kim /* Prepare Control word. */
631e71b7053SJung-uk Kim if (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CTR_MODE)
6321f13597dSJung-uk Kim cdata->cword.b.encdec = 0;
6331f13597dSJung-uk Kim else
634*b077aed3SPierre Pronchery cdata->cword.b.encdec = (EVP_CIPHER_CTX_is_encrypting(ctx) == 0);
6351f13597dSJung-uk Kim cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
6361f13597dSJung-uk Kim cdata->cword.b.ksize = (key_len - 128) / 64;
6371f13597dSJung-uk Kim
6381f13597dSJung-uk Kim switch (key_len) {
6391f13597dSJung-uk Kim case 128:
6406f9291ceSJung-uk Kim /*
6416f9291ceSJung-uk Kim * PadLock can generate an extended key for AES128 in hardware
6426f9291ceSJung-uk Kim */
6431f13597dSJung-uk Kim memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
6441f13597dSJung-uk Kim cdata->cword.b.keygen = 0;
6451f13597dSJung-uk Kim break;
6461f13597dSJung-uk Kim
6471f13597dSJung-uk Kim case 192:
6481f13597dSJung-uk Kim case 256:
6496f9291ceSJung-uk Kim /*
6506f9291ceSJung-uk Kim * Generate an extended AES key in software. Needed for AES192/AES256
6516f9291ceSJung-uk Kim */
6526f9291ceSJung-uk Kim /*
6536f9291ceSJung-uk Kim * Well, the above applies to Stepping 8 CPUs and is listed as
6546f9291ceSJung-uk Kim * hardware errata. They most likely will fix it at some point and
6556f9291ceSJung-uk Kim * then a check for stepping would be due here.
6566f9291ceSJung-uk Kim */
657e71b7053SJung-uk Kim if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
658e71b7053SJung-uk Kim && !enc)
6591f13597dSJung-uk Kim AES_set_decrypt_key(key, key_len, &cdata->ks);
660e71b7053SJung-uk Kim else
661e71b7053SJung-uk Kim AES_set_encrypt_key(key, key_len, &cdata->ks);
6626f9291ceSJung-uk Kim /*
6636f9291ceSJung-uk Kim * OpenSSL C functions use byte-swapped extended key.
6646f9291ceSJung-uk Kim */
665e71b7053SJung-uk Kim padlock_key_bswap(&cdata->ks);
6661f13597dSJung-uk Kim cdata->cword.b.keygen = 1;
6671f13597dSJung-uk Kim break;
6681f13597dSJung-uk Kim
6691f13597dSJung-uk Kim default:
6701f13597dSJung-uk Kim /* ERROR */
6711f13597dSJung-uk Kim return 0;
6721f13597dSJung-uk Kim }
6731f13597dSJung-uk Kim
6741f13597dSJung-uk Kim /*
6751f13597dSJung-uk Kim * This is done to cover for cases when user reuses the
6761f13597dSJung-uk Kim * context for new key. The catch is that if we don't do
6771f13597dSJung-uk Kim * this, padlock_eas_cipher might proceed with old key...
6781f13597dSJung-uk Kim */
6791f13597dSJung-uk Kim padlock_reload_key();
6801f13597dSJung-uk Kim
6811f13597dSJung-uk Kim return 1;
6821f13597dSJung-uk Kim }
6831f13597dSJung-uk Kim
6841f13597dSJung-uk Kim /* ===== Random Number Generator ===== */
6851f13597dSJung-uk Kim /*
6861f13597dSJung-uk Kim * This code is not engaged. The reason is that it does not comply
6871f13597dSJung-uk Kim * with recommendations for VIA RNG usage for secure applications
6881f13597dSJung-uk Kim * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
6891f13597dSJung-uk Kim * provide meaningful error control...
6901f13597dSJung-uk Kim */
6916f9291ceSJung-uk Kim /*
6926f9291ceSJung-uk Kim * Wrapper that provides an interface between the API and the raw PadLock
6936f9291ceSJung-uk Kim * RNG
6946f9291ceSJung-uk Kim */
padlock_rand_bytes(unsigned char * output,int count)6956f9291ceSJung-uk Kim static int padlock_rand_bytes(unsigned char *output, int count)
6961f13597dSJung-uk Kim {
6971f13597dSJung-uk Kim unsigned int eax, buf;
6981f13597dSJung-uk Kim
6991f13597dSJung-uk Kim while (count >= 8) {
7001f13597dSJung-uk Kim eax = padlock_xstore(output, 0);
7016f9291ceSJung-uk Kim if (!(eax & (1 << 6)))
7026f9291ceSJung-uk Kim return 0; /* RNG disabled */
7031f13597dSJung-uk Kim /* this ---vv--- covers DC bias, Raw Bits and String Filter */
7046f9291ceSJung-uk Kim if (eax & (0x1F << 10))
7056f9291ceSJung-uk Kim return 0;
7066f9291ceSJung-uk Kim if ((eax & 0x1F) == 0)
7076f9291ceSJung-uk Kim continue; /* no data, retry... */
7086f9291ceSJung-uk Kim if ((eax & 0x1F) != 8)
7096f9291ceSJung-uk Kim return 0; /* fatal failure... */
7101f13597dSJung-uk Kim output += 8;
7111f13597dSJung-uk Kim count -= 8;
7121f13597dSJung-uk Kim }
7131f13597dSJung-uk Kim while (count > 0) {
7141f13597dSJung-uk Kim eax = padlock_xstore(&buf, 3);
7156f9291ceSJung-uk Kim if (!(eax & (1 << 6)))
7166f9291ceSJung-uk Kim return 0; /* RNG disabled */
7171f13597dSJung-uk Kim /* this ---vv--- covers DC bias, Raw Bits and String Filter */
7186f9291ceSJung-uk Kim if (eax & (0x1F << 10))
7196f9291ceSJung-uk Kim return 0;
7206f9291ceSJung-uk Kim if ((eax & 0x1F) == 0)
7216f9291ceSJung-uk Kim continue; /* no data, retry... */
7226f9291ceSJung-uk Kim if ((eax & 0x1F) != 1)
7236f9291ceSJung-uk Kim return 0; /* fatal failure... */
7241f13597dSJung-uk Kim *output++ = (unsigned char)buf;
7251f13597dSJung-uk Kim count--;
7261f13597dSJung-uk Kim }
727e71b7053SJung-uk Kim OPENSSL_cleanse(&buf, sizeof(buf));
7281f13597dSJung-uk Kim
7291f13597dSJung-uk Kim return 1;
7301f13597dSJung-uk Kim }
7311f13597dSJung-uk Kim
7321f13597dSJung-uk Kim /* Dummy but necessary function */
padlock_rand_status(void)7336f9291ceSJung-uk Kim static int padlock_rand_status(void)
7341f13597dSJung-uk Kim {
7351f13597dSJung-uk Kim return 1;
7361f13597dSJung-uk Kim }
7371f13597dSJung-uk Kim
7381f13597dSJung-uk Kim /* Prepare structure for registration */
7391f13597dSJung-uk Kim static RAND_METHOD padlock_rand = {
7401f13597dSJung-uk Kim NULL, /* seed */
7411f13597dSJung-uk Kim padlock_rand_bytes, /* bytes */
7421f13597dSJung-uk Kim NULL, /* cleanup */
7431f13597dSJung-uk Kim NULL, /* add */
7441f13597dSJung-uk Kim padlock_rand_bytes, /* pseudorand */
7451f13597dSJung-uk Kim padlock_rand_status, /* rand status */
7461f13597dSJung-uk Kim };
7471f13597dSJung-uk Kim
748*b077aed3SPierre Pronchery # endif /* COMPILE_PADLOCKENG */
749*b077aed3SPierre Pronchery #endif /* !OPENSSL_NO_PADLOCKENG */
750e71b7053SJung-uk Kim
751*b077aed3SPierre Pronchery #if defined(OPENSSL_NO_PADLOCKENG) || !defined(COMPILE_PADLOCKENG)
7521f13597dSJung-uk Kim # ifndef OPENSSL_NO_DYNAMIC_ENGINE
7531f13597dSJung-uk Kim OPENSSL_EXPORT
7541f13597dSJung-uk Kim int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
7551f13597dSJung-uk Kim OPENSSL_EXPORT
bind_engine(ENGINE * e,const char * id,const dynamic_fns * fns)7566f9291ceSJung-uk Kim int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
7576f9291ceSJung-uk Kim {
7586f9291ceSJung-uk Kim return 0;
7596f9291ceSJung-uk Kim }
7606f9291ceSJung-uk Kim
7611f13597dSJung-uk Kim IMPLEMENT_DYNAMIC_CHECK_FN()
7621f13597dSJung-uk Kim # endif
763e71b7053SJung-uk Kim #endif
764