crypto/evp/e_aes.c

   1 /* ====================================================================
   2  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions
   6  * are met:
   7  *
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  *
  11  * 2. Redistributions in binary form must reproduce the above copyright
  12  *    notice, this list of conditions and the following disclaimer in
  13  *    the documentation and/or other materials provided with the
  14  *    distribution.
  15  *
  16  * 3. All advertising materials mentioning features or use of this
  17  *    software must display the following acknowledgment:
  18  *    "This product includes software developed by the OpenSSL Project
  19  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  20  *
  21  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  22  *    endorse or promote products derived from this software without
  23  *    prior written permission. For written permission, please contact
  24  *    openssl-core@openssl.org.
  25  *
  26  * 5. Products derived from this software may not be called "OpenSSL"
  27  *    nor may "OpenSSL" appear in their names without prior written
  28  *    permission of the OpenSSL Project.
  29  *
  30  * 6. Redistributions of any form whatsoever must retain the following
  31  *    acknowledgment:
  32  *    "This product includes software developed by the OpenSSL Project
  33  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  34  *
  35  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  36  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  37  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  38  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  41  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  42  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  43  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  44  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  45  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  46  * OF THE POSSIBILITY OF SUCH DAMAGE.
  47  * ====================================================================
  48  *
  49  */
  50
  51 #include <openssl/opensslconf.h>
  52 #ifndef OPENSSL_NO_AES
  53 #include <openssl/evp.h>
  54 #include <openssl/err.h>
  55 #include <string.h>
  56 #include <assert.h>
  57 #include <openssl/aes.h>
  58 #include <openssl/modes.h>
  59 #include "evp_locl.h"
  60
  61 #ifndef OPENSSL_FIPS
  62
  63 typedef struct
  64         {
  65         AES_KEY ks;
  66         } EVP_AES_KEY;
  67
  68 #define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
  69
  70 #if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
  71         ((defined(__i386)       || defined(__i386__)    || \
  72           defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
  73         defined(__x86_64)       || defined(__x86_64__)  || \
  74         defined(_M_AMD64)       || defined(_M_X64)      || \
  75         defined(__INTEL__)                              )
  76 /*
  77  * AES-NI section
  78  */
  79 extern unsigned int OPENSSL_ia32cap_P[2];
  80 #define AESNI_CAPABLE   (1<<(57-32))
  81
  82 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
  83                         AES_KEY *key);
  84 int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
  85                         AES_KEY *key);
  86
  87 void aesni_encrypt(const unsigned char *in, unsigned char *out,
  88                         const AES_KEY *key);
  89 void aesni_decrypt(const unsigned char *in, unsigned char *out,
  90                         const AES_KEY *key);
  91
  92 void aesni_ecb_encrypt(const unsigned char *in,
  93                         unsigned char *out,
  94                         size_t length,
  95                         const AES_KEY *key,
  96                         int enc);
  97 void aesni_cbc_encrypt(const unsigned char *in,
  98                         unsigned char *out,
  99                         size_t length,
 100                         const AES_KEY *key,
 101                         unsigned char *ivec, int enc);
 102
 103 void aesni_ctr32_encrypt_blocks(const unsigned char *in,
 104                         unsigned char *out,
 105                         size_t blocks,
 106                         const void *key,
 107                         const unsigned char *ivec);
 108
 109 static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 110                    const unsigned char *iv, int enc)
 111         {
 112         int ret;
 113
 114         if (((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_ECB_MODE
 115             || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CBC_MODE)
 116             && !enc)
 117                 ret = aesni_set_decrypt_key(key, ctx->key_len*8, ctx->cipher_data);
 118         else
 119                 ret = aesni_set_encrypt_key(key, ctx->key_len*8, ctx->cipher_data);
 120
 121         if(ret < 0)
 122                 {
 123                 EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
 124                 return 0;
 125                 }
 126
 127         return 1;
 128         }
 129
 130 static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 131         const unsigned char *in, size_t len)
 132 {
 133         aesni_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt);
 134
 135         return 1;
 136 }
 137
 138 static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 139         const unsigned char *in, size_t len)
 140 {
 141         size_t  bl = ctx->cipher->block_size;
 142
 143         if (len<bl)     return 1;
 144
 145         aesni_ecb_encrypt(in,out,len,ctx->cipher_data,ctx->encrypt);
 146
 147         return 1;
 148 }
 149
 150 static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 151         const unsigned char *in,size_t len)
 152 {
 153         CRYPTO_ofb128_encrypt(in,out,len,ctx->cipher_data,
 154                         ctx->iv,&ctx->num,
 155                         (block128_f)aesni_encrypt);
 156         return 1;
 157 }
 158
 159 static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 160         const unsigned char *in,size_t len)
 161 {
 162         CRYPTO_cfb128_encrypt(in,out,len,ctx->cipher_data,
 163                         ctx->iv,&ctx->num,ctx->encrypt,
 164                         (block128_f)aesni_encrypt);
 165         return 1;
 166 }
 167
 168 static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 169         const unsigned char *in,size_t len)
 170 {
 171         CRYPTO_cfb128_8_encrypt(in,out,len,ctx->cipher_data,
 172                         ctx->iv,&ctx->num,ctx->encrypt,
 173                         (block128_f)aesni_encrypt);
 174         return 1;
 175 }
 176
 177 static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 178         const unsigned char *in,size_t len)
 179 {
 180         if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
 181                 CRYPTO_cfb128_1_encrypt(in,out,len,ctx->cipher_data,
 182                         ctx->iv,&ctx->num,ctx->encrypt,
 183                         (block128_f)aesni_encrypt);
 184                 return 1;
 185         }
 186
 187         while (len>=MAXBITCHUNK) {
 188                 CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,ctx->cipher_data,
 189                         ctx->iv,&ctx->num,ctx->encrypt,
 190                         (block128_f)aesni_encrypt);
 191                 len-=MAXBITCHUNK;
 192         }
 193         if (len)
 194                 CRYPTO_cfb128_1_encrypt(in,out,len*8,ctx->cipher_data,
 195                         ctx->iv,&ctx->num,ctx->encrypt,
 196                         (block128_f)aesni_encrypt);
 197
 198         return 1;
 199 }
 200
 201 static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 202                 const unsigned char *in, size_t len)
 203 {
 204         unsigned int num;
 205         num = ctx->num;
 206
 207         CRYPTO_ctr128_encrypt_ctr32(in,out,len,
 208                         ctx->cipher_data,ctx->iv,ctx->buf,&num,
 209                         (ctr128_f)aesni_ctr32_encrypt_blocks);
 210
 211         ctx->num = (size_t)num;
 212         return 1;
 213 }
 214
 215 #define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
 216 static const EVP_CIPHER aesni_##keylen##_##mode = { \
 217         nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
 218         flags|EVP_CIPH_##MODE##_MODE,   \
 219         aesni_init_key,                 \
 220         aesni_##mode##_cipher,          \
 221         NULL,                           \
 222         sizeof(EVP_AES_KEY),            \
 223         NULL,NULL,NULL,NULL }; \
 224 static const EVP_CIPHER aes_##keylen##_##mode = { \
 225         nid##_##keylen##_##nmode,blocksize,     \
 226         keylen/8,ivlen, \
 227         flags|EVP_CIPH_##MODE##_MODE,   \
 228         aes_init_key,                   \
 229         aes_##mode##_cipher,            \
 230         NULL,                           \
 231         sizeof(EVP_AES_KEY),            \
 232         NULL,NULL,NULL,NULL }; \
 233 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 234 { return (OPENSSL_ia32cap_P[1]&AESNI_CAPABLE)? \
 235   &aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
 236
 237 #else
 238
 239 #define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
 240 static const EVP_CIPHER aes_##keylen##_##mode = { \
 241         nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
 242         flags|EVP_CIPH_##MODE##_MODE,   \
 243         aes_init_key,                   \
 244         aes_##mode##_cipher,            \
 245         NULL,                           \
 246         sizeof(EVP_AES_KEY),            \
 247         NULL,NULL,NULL,NULL }; \
 248 const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
 249 { return &aes_##keylen##_##mode; }
 250 #endif
 251
 252 #define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
 253         BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
 254         BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
 255         BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
 256         BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
 257         BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)       \
 258         BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)       \
 259         BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
 260
 261 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 262                    const unsigned char *iv, int enc)
 263         {
 264         int ret;
 265
 266         if (((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_ECB_MODE
 267             || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CBC_MODE)
 268             && !enc)
 269                 ret = AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
 270         else
 271                 ret = AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
 272
 273         if(ret < 0)
 274                 {
 275                 EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
 276                 return 0;
 277                 }
 278
 279         return 1;
 280         }
 281
 282 static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 283         const unsigned char *in, size_t len)
 284 {
 285         AES_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt);
 286
 287         return 1;
 288 }
 289
 290 static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 291         const unsigned char *in, size_t len)
 292 {
 293         size_t  bl = ctx->cipher->block_size;
 294         size_t  i;
 295
 296         if (len<bl)     return 1;
 297
 298         if (ctx->encrypt) {
 299                 for (i=0,len-=bl;i<=len;i+=bl)
 300                         AES_encrypt(in+i,out+i,ctx->cipher_data);
 301         } else {
 302                 for (i=0,len-=bl;i<=len;i+=bl)
 303                         AES_decrypt(in+i,out+i,ctx->cipher_data);
 304         }
 305
 306         return 1;
 307 }
 308
 309 static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 310         const unsigned char *in,size_t len)
 311 {
 312         CRYPTO_ofb128_encrypt(in,out,len,ctx->cipher_data,
 313                         ctx->iv,&ctx->num,
 314                         (block128_f)AES_encrypt);
 315         return 1;
 316 }
 317
 318 static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 319         const unsigned char *in,size_t len)
 320 {
 321         CRYPTO_cfb128_encrypt(in,out,len,ctx->cipher_data,
 322                         ctx->iv,&ctx->num,ctx->encrypt,
 323                         (block128_f)AES_encrypt);
 324         return 1;
 325 }
 326
 327 static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 328         const unsigned char *in,size_t len)
 329 {
 330         CRYPTO_cfb128_8_encrypt(in,out,len,ctx->cipher_data,
 331                         ctx->iv,&ctx->num,ctx->encrypt,
 332                         (block128_f)AES_encrypt);
 333         return 1;
 334 }
 335
 336 static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 337         const unsigned char *in,size_t len)
 338 {
 339         if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
 340                 CRYPTO_cfb128_1_encrypt(in,out,len,ctx->cipher_data,
 341                         ctx->iv,&ctx->num,ctx->encrypt,
 342                         (block128_f)AES_encrypt);
 343                 return 1;
 344         }
 345
 346         while (len>=MAXBITCHUNK) {
 347                 CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,ctx->cipher_data,
 348                         ctx->iv,&ctx->num,ctx->encrypt,
 349                         (block128_f)AES_encrypt);
 350                 len-=MAXBITCHUNK;
 351         }
 352         if (len)
 353                 CRYPTO_cfb128_1_encrypt(in,out,len*8,ctx->cipher_data,
 354                         ctx->iv,&ctx->num,ctx->encrypt,
 355                         (block128_f)AES_encrypt);
 356
 357         return 1;
 358 }
 359
 360 static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out,
 361                 const unsigned char *in, size_t len)
 362 {
 363         unsigned int num;
 364         num = ctx->num;
 365 #ifdef AES_CTR_ASM
 366         void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
 367                         size_t blocks, const AES_KEY *key,
 368                         const unsigned char ivec[AES_BLOCK_SIZE]);
 369
 370         CRYPTO_ctr128_encrypt_ctr32(in,out,len,
 371                 &((EVP_AES_KEY *)ctx->cipher_data)->ks,
 372                 ctx->iv,ctx->buf,&num,(ctr128_f)AES_ctr32_encrypt);
 373 #else
 374         CRYPTO_ctr128_encrypt(in,out,len,
 375                 &((EVP_AES_KEY *)ctx->cipher_data)->ks,
 376                 ctx->iv,ctx->buf,&num,(block128_f)AES_encrypt);
 377 #endif
 378         ctx->num = (size_t)num;
 379         return 1;
 380 }
 381
 382 BLOCK_CIPHER_generic_pack(NID_aes,128,0)
 383 BLOCK_CIPHER_generic_pack(NID_aes,192,0)
 384 BLOCK_CIPHER_generic_pack(NID_aes,256,0)
 385
 386 #endif
 387 #endif