2 * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "cipher_locl.h"
12 static const PROV_GCM_HW aes_gcm;
14 static int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen);
15 static int gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad,
17 static int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag);
18 static int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
19 const unsigned char *in, size_t in_len,
20 unsigned char *out, unsigned char *tag, size_t tag_len);
21 static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
22 size_t len, unsigned char *out);
24 #define SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \
26 fn_set_enc_key(key, keylen * 8, ks); \
27 CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \
28 ctx->ctr = (ctr128_f)fn_ctr; \
31 #if defined(AESNI_CAPABLE)
32 # include "cipher_aes_gcm_hw_aesni.inc"
33 #elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
34 # include "cipher_aes_gcm_hw_t4.inc"
35 #elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
36 # include "cipher_aes_gcm_hw_s390x.inc"
38 const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
44 static int generic_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
47 PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
48 AES_KEY *ks = &actx->ks.ks;
52 # ifdef HWAES_ctr32_encrypt_blocks
53 SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
54 HWAES_ctr32_encrypt_blocks);
56 SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
57 # endif /* HWAES_ctr32_encrypt_blocks */
59 # endif /* HWAES_CAPABLE */
63 SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
64 bsaes_ctr32_encrypt_blocks);
66 # endif /* BSAES_CAPABLE */
70 SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
72 # endif /* VPAES_CAPABLE */
76 SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, AES_ctr32_encrypt);
78 SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
79 # endif /* AES_CTR_ASM */
85 static int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen)
87 CRYPTO_gcm128_setiv(&ctx->gcm, iv, ivlen);
91 static int gcm_aad_update(PROV_GCM_CTX *ctx,
92 const unsigned char *aad, size_t aad_len)
94 return CRYPTO_gcm128_aad(&ctx->gcm, aad, aad_len) == 0;
97 static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
98 size_t len, unsigned char *out)
101 if (ctx->ctr != NULL) {
102 #if defined(AES_GCM_ASM)
105 if (len >= 32 && AES_GCM_ASM(ctx)) {
106 size_t res = (16 - ctx->gcm.mres) % 16;
108 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
110 bulk = aesni_gcm_encrypt(in + res, out + res, len - res,
112 ctx->gcm.Yi.c, ctx->gcm.Xi.u);
113 ctx->gcm.len.u[1] += bulk;
116 if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
117 len - bulk, ctx->ctr))
120 if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
122 #endif /* AES_GCM_ASM */
124 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
128 if (ctx->ctr != NULL) {
129 #if defined(AES_GCM_ASM)
132 if (len >= 16 && AES_GCM_ASM(ctx)) {
133 size_t res = (16 - ctx->gcm.mres) % 16;
135 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
138 bulk = aesni_gcm_decrypt(in + res, out + res, len - res,
140 ctx->gcm.Yi.c, ctx->gcm.Xi.u);
141 ctx->gcm.len.u[1] += bulk;
144 if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
145 len - bulk, ctx->ctr))
148 if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
150 #endif /* AES_GCM_ASM */
152 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
159 static int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag)
162 CRYPTO_gcm128_tag(&ctx->gcm, tag, GCM_TAG_MAX_SIZE);
163 ctx->taglen = GCM_TAG_MAX_SIZE;
166 || CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0)
172 static int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
173 const unsigned char *in, size_t in_len,
174 unsigned char *out, unsigned char *tag, size_t tag_len)
179 if (!ctx->hw->aadupdate(ctx, aad, aad_len))
181 if (!ctx->hw->cipherupdate(ctx, in, in_len, out))
183 ctx->taglen = GCM_TAG_MAX_SIZE;
184 if (!ctx->hw->cipherfinal(ctx, tag))
192 static const PROV_GCM_HW aes_gcm = {
193 generic_aes_gcm_initkey,
201 #include "cipher_aria_gcm_hw.inc"