1 /* 2 * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * This file uses the low level AES functions (which are deprecated for 12 * non-internal use) in order to implement provider AES ciphers. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <openssl/proverr.h> 17 #include "cipher_aes.h" 18 19 static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat, 20 const unsigned char *key, size_t keylen) 21 { 22 int ret; 23 PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; 24 AES_KEY *ks = &adat->ks.ks; 25 26 dat->ks = ks; 27 28 if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) 29 && !dat->enc) { 30 #ifdef HWAES_CAPABLE 31 if (HWAES_CAPABLE) { 32 ret = HWAES_set_decrypt_key(key, keylen * 8, ks); 33 dat->block = (block128_f)HWAES_decrypt; 34 dat->stream.cbc = NULL; 35 # ifdef HWAES_cbc_encrypt 36 if (dat->mode == EVP_CIPH_CBC_MODE) 37 dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; 38 # endif 39 # ifdef HWAES_ecb_encrypt 40 if (dat->mode == EVP_CIPH_ECB_MODE) 41 dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt; 42 # endif 43 } else 44 #endif 45 #ifdef BSAES_CAPABLE 46 if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) { 47 ret = AES_set_decrypt_key(key, keylen * 8, ks); 48 dat->block = (block128_f)AES_decrypt; 49 dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt; 50 } else 51 #endif 52 #ifdef VPAES_CAPABLE 53 if (VPAES_CAPABLE) { 54 ret = vpaes_set_decrypt_key(key, keylen * 8, ks); 55 dat->block = (block128_f)vpaes_decrypt; 56 dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) 57 ?(cbc128_f)vpaes_cbc_encrypt : NULL; 58 } else 59 #endif 60 { 61 ret = AES_set_decrypt_key(key, keylen * 8, ks); 62 dat->block = (block128_f)AES_decrypt; 63 dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) 64 ? (cbc128_f)AES_cbc_encrypt : NULL; 65 } 66 } else 67 #ifdef HWAES_CAPABLE 68 if (HWAES_CAPABLE) { 69 ret = HWAES_set_encrypt_key(key, keylen * 8, ks); 70 dat->block = (block128_f)HWAES_encrypt; 71 dat->stream.cbc = NULL; 72 # ifdef HWAES_cbc_encrypt 73 if (dat->mode == EVP_CIPH_CBC_MODE) 74 dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; 75 else 76 # endif 77 # ifdef HWAES_ecb_encrypt 78 if (dat->mode == EVP_CIPH_ECB_MODE) 79 dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt; 80 else 81 # endif 82 # ifdef HWAES_ctr32_encrypt_blocks 83 if (dat->mode == EVP_CIPH_CTR_MODE) 84 dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; 85 else 86 # endif 87 (void)0; /* terminate potentially open 'else' */ 88 } else 89 #endif 90 #ifdef BSAES_CAPABLE 91 if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) { 92 ret = AES_set_encrypt_key(key, keylen * 8, ks); 93 dat->block = (block128_f)AES_encrypt; 94 dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks; 95 } else 96 #endif 97 #ifdef VPAES_CAPABLE 98 if (VPAES_CAPABLE) { 99 ret = vpaes_set_encrypt_key(key, keylen * 8, ks); 100 dat->block = (block128_f)vpaes_encrypt; 101 dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) 102 ? (cbc128_f)vpaes_cbc_encrypt : NULL; 103 } else 104 #endif 105 { 106 ret = AES_set_encrypt_key(key, keylen * 8, ks); 107 dat->block = (block128_f)AES_encrypt; 108 dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE) 109 ? (cbc128_f)AES_cbc_encrypt : NULL; 110 #ifdef AES_CTR_ASM 111 if (dat->mode == EVP_CIPH_CTR_MODE) 112 dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; 113 #endif 114 } 115 116 if (ret < 0) { 117 ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED); 118 return 0; 119 } 120 121 return 1; 122 } 123 124 IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_aes_copyctx, PROV_AES_CTX) 125 126 #define PROV_CIPHER_HW_aes_mode(mode) \ 127 static const PROV_CIPHER_HW aes_##mode = { \ 128 cipher_hw_aes_initkey, \ 129 ossl_cipher_hw_generic_##mode, \ 130 cipher_hw_aes_copyctx \ 131 }; \ 132 PROV_CIPHER_HW_declare(mode) \ 133 const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits) \ 134 { \ 135 PROV_CIPHER_HW_select(mode) \ 136 return &aes_##mode; \ 137 } 138 139 #if defined(AESNI_CAPABLE) 140 # include "cipher_aes_hw_aesni.inc" 141 #elif defined(SPARC_AES_CAPABLE) 142 # include "cipher_aes_hw_t4.inc" 143 #elif defined(S390X_aes_128_CAPABLE) 144 # include "cipher_aes_hw_s390x.inc" 145 #else 146 /* The generic case */ 147 # define PROV_CIPHER_HW_declare(mode) 148 # define PROV_CIPHER_HW_select(mode) 149 #endif 150 151 PROV_CIPHER_HW_aes_mode(cbc) 152 PROV_CIPHER_HW_aes_mode(ecb) 153 PROV_CIPHER_HW_aes_mode(ofb128) 154 PROV_CIPHER_HW_aes_mode(cfb128) 155 PROV_CIPHER_HW_aes_mode(cfb1) 156 PROV_CIPHER_HW_aes_mode(cfb8) 157 PROV_CIPHER_HW_aes_mode(ctr) 158