providers/implementations/ciphers/cipher_aes_gcm_hw.c

   1 /*
   2  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /* Dispatch functions for AES GCM mode */
  11
  12 /*
  13  * This file uses the low level AES functions (which are deprecated for
  14  * non-internal use) in order to implement provider AES ciphers.
  15  */
  16 #include "internal/deprecated.h"
  17
  18 #include "cipher_aes_gcm.h"
  19
  20 static int aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
  21                                    size_t keylen)
  22 {
  23     PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
  24     AES_KEY *ks = &actx->ks.ks;
  25
  26 # ifdef HWAES_CAPABLE
  27     if (HWAES_CAPABLE) {
  28 #  ifdef HWAES_ctr32_encrypt_blocks
  29         GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
  30                               HWAES_ctr32_encrypt_blocks);
  31 #  else
  32         GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
  33 #  endif /* HWAES_ctr32_encrypt_blocks */
  34     } else
  35 # endif /* HWAES_CAPABLE */
  36
  37 # ifdef BSAES_CAPABLE
  38     if (BSAES_CAPABLE) {
  39         GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
  40                               bsaes_ctr32_encrypt_blocks);
  41     } else
  42 # endif /* BSAES_CAPABLE */
  43
  44 # ifdef VPAES_CAPABLE
  45     if (VPAES_CAPABLE) {
  46         GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
  47     } else
  48 # endif /* VPAES_CAPABLE */
  49
  50     {
  51 # ifdef AES_CTR_ASM
  52         GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
  53                               AES_ctr32_encrypt);
  54 # else
  55         GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
  56 # endif /* AES_CTR_ASM */
  57     }
  58     ctx->key_set = 1;
  59     return 1;
  60 }
  61
  62 static int generic_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
  63                                          size_t len, unsigned char *out)
  64 {
  65     if (ctx->enc) {
  66         if (ctx->ctr != NULL) {
  67 #if defined(AES_GCM_ASM)
  68             size_t bulk = 0;
  69
  70             if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM(ctx)) {
  71                 size_t res = (16 - ctx->gcm.mres) % 16;
  72
  73                 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
  74                     return 0;
  75
  76                 bulk = AES_gcm_encrypt(in + res, out + res, len - res,
  77                                        ctx->gcm.key,
  78                                        ctx->gcm.Yi.c, ctx->gcm.Xi.u);
  79
  80                 ctx->gcm.len.u[1] += bulk;
  81                 bulk += res;
  82             }
  83             if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
  84                                             len - bulk, ctx->ctr))
  85                 return 0;
  86 #else
  87             if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
  88                 return 0;
  89 #endif /* AES_GCM_ASM */
  90         } else {
  91             if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
  92                 return 0;
  93         }
  94     } else {
  95         if (ctx->ctr != NULL) {
  96 #if defined(AES_GCM_ASM)
  97             size_t bulk = 0;
  98
  99             if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM(ctx)) {
 100                 size_t res = (16 - ctx->gcm.mres) % 16;
 101
 102                 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
 103                     return -1;
 104
 105                 bulk = AES_gcm_decrypt(in + res, out + res, len - res,
 106                                        ctx->gcm.key,
 107                                        ctx->gcm.Yi.c, ctx->gcm.Xi.u);
 108
 109                 ctx->gcm.len.u[1] += bulk;
 110                 bulk += res;
 111             }
 112             if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
 113                                             len - bulk, ctx->ctr))
 114                 return 0;
 115 #else
 116             if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
 117                 return 0;
 118 #endif /* AES_GCM_ASM */
 119         } else {
 120             if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
 121                 return 0;
 122         }
 123     }
 124     return 1;
 125 }
 126
 127 static const PROV_GCM_HW aes_gcm = {
 128     aes_gcm_initkey,
 129     gcm_setiv,
 130     gcm_aad_update,
 131     generic_aes_gcm_cipher_update,
 132     gcm_cipher_final,
 133     gcm_one_shot
 134 };
 135
 136 #if defined(S390X_aes_128_CAPABLE)
 137 # include "cipher_aes_gcm_hw_s390x.inc"
 138 #elif defined(AESNI_CAPABLE)
 139 # include "cipher_aes_gcm_hw_aesni.inc"
 140 #elif defined(SPARC_AES_CAPABLE)
 141 # include "cipher_aes_gcm_hw_t4.inc"
 142 #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM)
 143 # include "cipher_aes_gcm_hw_armv8.inc"
 144 #else
 145 const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
 146 {
 147     return &aes_gcm;
 148 }
 149 #endif
 150