1 /*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* Dispatch functions for AES GCM mode */
11
12 /*
13 * This file uses the low level AES functions (which are deprecated for
14 * non-internal use) in order to implement provider AES ciphers.
15 */
16 #include "internal/deprecated.h"
17
18 #include "cipher_aes_gcm.h"
19
aes_gcm_initkey(PROV_GCM_CTX * ctx,const unsigned char * key,size_t keylen)20 static int aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
21 size_t keylen)
22 {
23 PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
24 AES_KEY *ks = &actx->ks.ks;
25
26 # ifdef HWAES_CAPABLE
27 if (HWAES_CAPABLE) {
28 # ifdef HWAES_ctr32_encrypt_blocks
29 GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
30 HWAES_ctr32_encrypt_blocks);
31 # else
32 GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
33 # endif /* HWAES_ctr32_encrypt_blocks */
34 } else
35 # endif /* HWAES_CAPABLE */
36
37 # ifdef BSAES_CAPABLE
38 if (BSAES_CAPABLE) {
39 GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
40 ossl_bsaes_ctr32_encrypt_blocks);
41 } else
42 # endif /* BSAES_CAPABLE */
43
44 # ifdef VPAES_CAPABLE
45 if (VPAES_CAPABLE) {
46 GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
47 } else
48 # endif /* VPAES_CAPABLE */
49
50 {
51 # ifdef AES_CTR_ASM
52 GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
53 AES_ctr32_encrypt);
54 # else
55 GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
56 # endif /* AES_CTR_ASM */
57 }
58 ctx->key_set = 1;
59 return 1;
60 }
61
generic_aes_gcm_cipher_update(PROV_GCM_CTX * ctx,const unsigned char * in,size_t len,unsigned char * out)62 static int generic_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
63 size_t len, unsigned char *out)
64 {
65 if (ctx->enc) {
66 if (ctx->ctr != NULL) {
67 #if defined(AES_GCM_ASM)
68 size_t bulk = 0;
69
70 if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM(ctx)) {
71 size_t res = (16 - ctx->gcm.mres) % 16;
72
73 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
74 return 0;
75
76 bulk = AES_gcm_encrypt(in + res, out + res, len - res,
77 ctx->gcm.key,
78 ctx->gcm.Yi.c, ctx->gcm.Xi.u);
79
80 ctx->gcm.len.u[1] += bulk;
81 bulk += res;
82 }
83 if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
84 len - bulk, ctx->ctr))
85 return 0;
86 #else
87 if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
88 return 0;
89 #endif /* AES_GCM_ASM */
90 } else {
91 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
92 return 0;
93 }
94 } else {
95 if (ctx->ctr != NULL) {
96 #if defined(AES_GCM_ASM)
97 size_t bulk = 0;
98
99 if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM(ctx)) {
100 size_t res = (16 - ctx->gcm.mres) % 16;
101
102 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
103 return -1;
104
105 bulk = AES_gcm_decrypt(in + res, out + res, len - res,
106 ctx->gcm.key,
107 ctx->gcm.Yi.c, ctx->gcm.Xi.u);
108
109 ctx->gcm.len.u[1] += bulk;
110 bulk += res;
111 }
112 if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
113 len - bulk, ctx->ctr))
114 return 0;
115 #else
116 if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
117 return 0;
118 #endif /* AES_GCM_ASM */
119 } else {
120 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
121 return 0;
122 }
123 }
124 return 1;
125 }
126
127 static const PROV_GCM_HW aes_gcm = {
128 aes_gcm_initkey,
129 ossl_gcm_setiv,
130 ossl_gcm_aad_update,
131 generic_aes_gcm_cipher_update,
132 ossl_gcm_cipher_final,
133 ossl_gcm_one_shot
134 };
135
136 #if defined(S390X_aes_128_CAPABLE)
137 # include "cipher_aes_gcm_hw_s390x.inc"
138 #elif defined(AESNI_CAPABLE)
139 # include "cipher_aes_gcm_hw_aesni.inc"
140 #elif defined(SPARC_AES_CAPABLE)
141 # include "cipher_aes_gcm_hw_t4.inc"
142 #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM)
143 # include "cipher_aes_gcm_hw_armv8.inc"
144 #else
ossl_prov_aes_hw_gcm(size_t keybits)145 const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits)
146 {
147 return &aes_gcm;
148 }
149 #endif
150
151