xref: /illumos-gate/usr/src/common/crypto/aes/aes_modes.c (revision b77a2dc4455ca028e52fdf96385a530a2d168316)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright 2018, Joyent, Inc.
25  */
26 
27 #include <sys/types.h>
28 #include <sys/sysmacros.h>
29 #include <modes/modes.h>
30 #include "aes_impl.h"
31 #ifndef	_KERNEL
32 #include <stdlib.h>
33 #endif	/* !_KERNEL */
34 
35 
36 /* Copy a 16-byte AES block from "in" to "out" */
37 void
38 aes_copy_block(uint8_t *in, uint8_t *out)
39 {
40 	if (IS_P2ALIGNED2(in, out, sizeof (uint32_t))) {
41 		/* LINTED: pointer alignment */
42 		*(uint32_t *)&out[0] = *(uint32_t *)&in[0];
43 		/* LINTED: pointer alignment */
44 		*(uint32_t *)&out[4] = *(uint32_t *)&in[4];
45 		/* LINTED: pointer alignment */
46 		*(uint32_t *)&out[8] = *(uint32_t *)&in[8];
47 		/* LINTED: pointer alignment */
48 		*(uint32_t *)&out[12] = *(uint32_t *)&in[12];
49 	} else {
50 		AES_COPY_BLOCK(in, out);
51 	}
52 }
53 
54 /*
55  * Copy a 16-byte AES block in 64-bit chunks if the input address is aligned
56  * to 64-bits
57  */
58 void
59 aes_copy_block64(uint8_t *in, uint64_t *out)
60 {
61 	if (IS_P2ALIGNED(in, sizeof (uint64_t))) {
62 		/* LINTED: pointer alignment */
63 		out[0] = *(uint64_t *)&in[0];
64 		/* LINTED: pointer alignment */
65 		out[1] = *(uint64_t *)&in[8];
66 	} else {
67 		uint8_t *iv8 = (uint8_t *)&out[0];
68 
69 		AES_COPY_BLOCK(in, iv8);
70 	}
71 }
72 
73 /* XOR a 16-byte AES block of data into dst */
74 void
75 aes_xor_block(uint8_t *data, uint8_t *dst)
76 {
77 	if (IS_P2ALIGNED2(dst, data, sizeof (uint32_t))) {
78 		/* LINTED: pointer alignment */
79 		*(uint32_t *)&dst[0] ^= *(uint32_t *)&data[0];
80 		/* LINTED: pointer alignment */
81 		*(uint32_t *)&dst[4] ^= *(uint32_t *)&data[4];
82 		/* LINTED: pointer alignment */
83 		*(uint32_t *)&dst[8] ^= *(uint32_t *)&data[8];
84 		/* LINTED: pointer alignment */
85 		*(uint32_t *)&dst[12] ^= *(uint32_t *)&data[12];
86 	} else {
87 		AES_XOR_BLOCK(data, dst);
88 	}
89 }
90 
91 
92 /*
93  * Encrypt multiple blocks of data according to mode.
94  */
95 int
96 aes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
97     crypto_data_t *out)
98 {
99 	aes_ctx_t *aes_ctx = ctx;
100 	int rv;
101 
102 	if (aes_ctx->ac_flags & CTR_MODE) {
103 		rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
104 		    AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
105 	} else if (aes_ctx->ac_flags & CCM_MODE) {
106 		rv = ccm_mode_encrypt_contiguous_blocks(ctx, data, length,
107 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
108 		    aes_xor_block);
109 	} else if (aes_ctx->ac_flags & (GCM_MODE|GMAC_MODE)) {
110 		rv = gcm_mode_encrypt_contiguous_blocks(ctx, data, length,
111 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
112 		    aes_xor_block);
113 	} else if (aes_ctx->ac_flags & (CBC_MODE|CMAC_MODE)) {
114 		rv = cbc_encrypt_contiguous_blocks(ctx,
115 		    data, length, out, AES_BLOCK_LEN, aes_encrypt_block,
116 		    aes_copy_block, aes_xor_block);
117 	} else {
118 		rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
119 		    AES_BLOCK_LEN, aes_encrypt_block);
120 	}
121 	return (rv);
122 }
123 
124 
125 /*
126  * Decrypt multiple blocks of data according to mode.
127  */
128 int
129 aes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
130     crypto_data_t *out)
131 {
132 	aes_ctx_t *aes_ctx = ctx;
133 	int rv;
134 
135 	if (aes_ctx->ac_flags & CTR_MODE) {
136 		rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
137 		    AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
138 		if (rv == CRYPTO_DATA_LEN_RANGE)
139 			rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
140 	} else if (aes_ctx->ac_flags & CCM_MODE) {
141 		rv = ccm_mode_decrypt_contiguous_blocks(ctx, data, length,
142 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
143 		    aes_xor_block);
144 	} else if (aes_ctx->ac_flags & (GCM_MODE|GMAC_MODE)) {
145 		rv = gcm_mode_decrypt_contiguous_blocks(ctx, data, length,
146 		    out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
147 		    aes_xor_block);
148 	} else if (aes_ctx->ac_flags & CBC_MODE) {
149 		rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out,
150 		    AES_BLOCK_LEN, aes_decrypt_block, aes_copy_block,
151 		    aes_xor_block);
152 	} else {
153 		rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
154 		    AES_BLOCK_LEN, aes_decrypt_block);
155 		if (rv == CRYPTO_DATA_LEN_RANGE)
156 			rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
157 	}
158 	return (rv);
159 }
160