1 /* ====================================================================
2 * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
30 * 6. Redistributions of any form whatsoever must retain the following
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
51 #include <openssl/opensslconf.h>
52 #ifndef OPENSSL_NO_AES
53 #include <openssl/evp.h>
54 #include <openssl/err.h>
57 #include <openssl/aes.h>
58 #include <openssl/modes.h>
68 #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
70 #if defined(AES_ASM) && !defined(I386_ONLY) && ( \
71 ((defined(__i386) || defined(__i386__) || \
72 defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
73 defined(__x86_64) || defined(__x86_64__) || \
74 defined(_M_AMD64) || defined(_M_X64) || \
79 extern unsigned int OPENSSL_ia32cap_P[2];
80 #define AESNI_CAPABLE (1<<(57-32))
82 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
84 int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
87 void aesni_encrypt(const unsigned char *in, unsigned char *out,
89 void aesni_decrypt(const unsigned char *in, unsigned char *out,
92 void aesni_ecb_encrypt(const unsigned char *in,
97 void aesni_cbc_encrypt(const unsigned char *in,
101 unsigned char *ivec, int enc);
103 void aesni_ctr32_encrypt_blocks(const unsigned char *in,
107 const unsigned char *ivec);
109 static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
110 const unsigned char *iv, int enc)
114 if (((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_ECB_MODE
115 || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CBC_MODE)
117 ret = aesni_set_decrypt_key(key, ctx->key_len*8, ctx->cipher_data);
119 ret = aesni_set_encrypt_key(key, ctx->key_len*8, ctx->cipher_data);
123 EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
130 static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
131 const unsigned char *in, size_t len)
133 aesni_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt);
138 static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
139 const unsigned char *in, size_t len)
141 size_t bl = ctx->cipher->block_size;
143 if (len<bl) return 1;
145 aesni_ecb_encrypt(in,out,len,ctx->cipher_data,ctx->encrypt);
150 static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
151 const unsigned char *in,size_t len)
153 CRYPTO_ofb128_encrypt(in,out,len,ctx->cipher_data,
155 (block128_f)aesni_encrypt);
159 static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
160 const unsigned char *in,size_t len)
162 CRYPTO_cfb128_encrypt(in,out,len,ctx->cipher_data,
163 ctx->iv,&ctx->num,ctx->encrypt,
164 (block128_f)aesni_encrypt);
168 static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
169 const unsigned char *in,size_t len)
171 CRYPTO_cfb128_8_encrypt(in,out,len,ctx->cipher_data,
172 ctx->iv,&ctx->num,ctx->encrypt,
173 (block128_f)aesni_encrypt);
177 static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
178 const unsigned char *in,size_t len)
180 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
181 CRYPTO_cfb128_1_encrypt(in,out,len,ctx->cipher_data,
182 ctx->iv,&ctx->num,ctx->encrypt,
183 (block128_f)aesni_encrypt);
187 while (len>=MAXBITCHUNK) {
188 CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,ctx->cipher_data,
189 ctx->iv,&ctx->num,ctx->encrypt,
190 (block128_f)aesni_encrypt);
194 CRYPTO_cfb128_1_encrypt(in,out,len*8,ctx->cipher_data,
195 ctx->iv,&ctx->num,ctx->encrypt,
196 (block128_f)aesni_encrypt);
201 static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
202 const unsigned char *in, size_t len)
207 CRYPTO_ctr128_encrypt_ctr32(in,out,len,
208 ctx->cipher_data,ctx->iv,ctx->buf,&num,
209 (ctr128_f)aesni_ctr32_encrypt_blocks);
211 ctx->num = (size_t)num;
215 #define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
216 static const EVP_CIPHER aesni_##keylen##_##mode = { \
217 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
218 flags|EVP_CIPH_##MODE##_MODE, \
220 aesni_##mode##_cipher, \
222 sizeof(EVP_AES_KEY), \
223 NULL,NULL,NULL,NULL }; \
224 static const EVP_CIPHER aes_##keylen##_##mode = { \
225 nid##_##keylen##_##nmode,blocksize, \
227 flags|EVP_CIPH_##MODE##_MODE, \
229 aes_##mode##_cipher, \
231 sizeof(EVP_AES_KEY), \
232 NULL,NULL,NULL,NULL }; \
233 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
234 { return (OPENSSL_ia32cap_P[1]&AESNI_CAPABLE)? \
235 &aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
239 #define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
240 static const EVP_CIPHER aes_##keylen##_##mode = { \
241 nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
242 flags|EVP_CIPH_##MODE##_MODE, \
244 aes_##mode##_cipher, \
246 sizeof(EVP_AES_KEY), \
247 NULL,NULL,NULL,NULL }; \
248 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
249 { return &aes_##keylen##_##mode; }
252 #define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \
253 BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
254 BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
255 BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
256 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \
257 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \
258 BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \
259 BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
261 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
262 const unsigned char *iv, int enc)
266 if (((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_ECB_MODE
267 || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CBC_MODE)
269 ret = AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
271 ret = AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
275 EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
282 static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
283 const unsigned char *in, size_t len)
285 AES_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt);
290 static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
291 const unsigned char *in, size_t len)
293 size_t bl = ctx->cipher->block_size;
296 if (len<bl) return 1;
299 for (i=0,len-=bl;i<=len;i+=bl)
300 AES_encrypt(in+i,out+i,ctx->cipher_data);
302 for (i=0,len-=bl;i<=len;i+=bl)
303 AES_decrypt(in+i,out+i,ctx->cipher_data);
309 static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
310 const unsigned char *in,size_t len)
312 CRYPTO_ofb128_encrypt(in,out,len,ctx->cipher_data,
314 (block128_f)AES_encrypt);
318 static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
319 const unsigned char *in,size_t len)
321 CRYPTO_cfb128_encrypt(in,out,len,ctx->cipher_data,
322 ctx->iv,&ctx->num,ctx->encrypt,
323 (block128_f)AES_encrypt);
327 static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
328 const unsigned char *in,size_t len)
330 CRYPTO_cfb128_8_encrypt(in,out,len,ctx->cipher_data,
331 ctx->iv,&ctx->num,ctx->encrypt,
332 (block128_f)AES_encrypt);
336 static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
337 const unsigned char *in,size_t len)
339 if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
340 CRYPTO_cfb128_1_encrypt(in,out,len,ctx->cipher_data,
341 ctx->iv,&ctx->num,ctx->encrypt,
342 (block128_f)AES_encrypt);
346 while (len>=MAXBITCHUNK) {
347 CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,ctx->cipher_data,
348 ctx->iv,&ctx->num,ctx->encrypt,
349 (block128_f)AES_encrypt);
353 CRYPTO_cfb128_1_encrypt(in,out,len*8,ctx->cipher_data,
354 ctx->iv,&ctx->num,ctx->encrypt,
355 (block128_f)AES_encrypt);
360 static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out,
361 const unsigned char *in, size_t len)
366 void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
367 size_t blocks, const AES_KEY *key,
368 const unsigned char ivec[AES_BLOCK_SIZE]);
370 CRYPTO_ctr128_encrypt_ctr32(in,out,len,
371 &((EVP_AES_KEY *)ctx->cipher_data)->ks,
372 ctx->iv,ctx->buf,&num,(ctr128_f)AES_ctr32_encrypt);
374 CRYPTO_ctr128_encrypt(in,out,len,
375 &((EVP_AES_KEY *)ctx->cipher_data)->ks,
376 ctx->iv,ctx->buf,&num,(block128_f)AES_encrypt);
378 ctx->num = (size_t)num;
382 BLOCK_CIPHER_generic_pack(NID_aes,128,0)
383 BLOCK_CIPHER_generic_pack(NID_aes,192,0)
384 BLOCK_CIPHER_generic_pack(NID_aes,256,0)